@adobe/helix-config-storage 2.2.6 → 2.2.8

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+## [2.2.8](https://github.com/adobe/helix-config-storage/compare/v2.2.7...v2.2.8) (2025-05-23)
+
+
+### Bug Fixes
+
+* **deps:** update adobe fixes ([#128](https://github.com/adobe/helix-config-storage/issues/128)) ([1b65a25](https://github.com/adobe/helix-config-storage/commit/1b65a2561eee4d340cd200f3d6e9d125eaaca61c))
+
+## [2.2.7](https://github.com/adobe/helix-config-storage/compare/v2.2.6...v2.2.7) (2025-05-16)
+
+
+### Bug Fixes
+
+* stricter apikey handling ([b533b1f](https://github.com/adobe/helix-config-storage/commit/b533b1fccd94cfd02d6cc1462220ac36682e9557))
+
 ## [2.2.6](https://github.com/adobe/helix-config-storage/compare/v2.2.5...v2.2.6) (2025-05-13)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config-storage",
-  "version": "2.2.6",
+  "version": "2.2.8",
   "description": "Helix Config Storage",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -47,11 +47,11 @@
     "json-schema-to-typescript": "15.0.4",
     "junit-report-builder": "5.1.1",
     "lint-staged": "16.0.0",
-    "mocha": "11.2.2",
+    "mocha": "11.4.0",
     "mocha-multi-reporters": "1.5.1",
     "mocha-suppress-logs": "0.5.1",
     "nock": "13.5.6",
-    "semantic-release": "24.2.3",
+    "semantic-release": "24.2.4",
     "xml2js": "0.6.2"
   },
   "lint-staged": {

package/src/config-merge.js

@@ -39,6 +39,7 @@ const ROOT_PROPERTIES = {
   groups: {},
   features: {},
   limits: {},
+  apiKeys: {},
 };
 
 const FORCED_TYPES = {

package/src/config-store.js

@@ -594,32 +594,32 @@ export class ConfigStore {
         delete ret.hash;
       }
       if (frag.type === 'apiKeys') {
-        if (data.jwt) {
-          try {
-            const payload = await decodeJwt(data.jwt);
-            data.id = payload.jti;
-            data.roles = payload.roles;
-            data.subject = payload.sub;
-            data.expiration = new Date(payload.exp * 1000).toISOString();
-            delete data.jwt;
-          } catch (e) {
-            throw new StatusCodeError(400, e.message);
-          }
+        if (!data.jwt) {
+          throw new StatusCodeError(400, 'jwt missing for new keys');
+        }
+        try {
+          const payload = await decodeJwt(data.jwt);
+          data.id = payload.jti;
+          data.roles = payload.roles;
+          data.subject = payload.sub;
+          data.expiration = new Date(payload.exp * 1000).toISOString();
+          delete data.jwt;
+        } catch (e) {
+          throw new StatusCodeError(400, e.message);
         }
+        data.created = new Date().toISOString();
         frag.name = base64ToBase64Url(data.id);
         frag.type = 'apiKey';
         frag.relPath.push(frag.name);
-      }
-      if (frag.type === 'apiKey') {
-        if (data.jwt) {
-          throw new StatusCodeError(400, 'jwt not allowed in existing apiKey');
+      } else if (frag.type === 'apiKey') {
+        if (Object.keys(data).some((key) => key !== 'description')) {
+          throw new StatusCodeError(400, 'not allowed to alter properties other than "description" in apiKey');
         }
-        const oldData = deepGetOrCreate(old, frag.relPath, true);
-        data.created = oldData.created || new Date().toISOString();
-        // ensure that the name is equal to the sanitized id
-        if (frag.name !== base64ToBase64Url(data.id)) {
-          throw new StatusCodeError(400, 'apiKey id mismatch');
+        const oldData = deepGetOrCreate(old, frag.relPath, false);
+        if (!oldData) {
+          throw new StatusCodeError(404, 'object not found.');
         }
+        data = Object.assign(oldData, data);
       }
       if (frag.type === 'secrets') {
         // create new secret with random id