@adobe/helix-config 2.15.0 → 2.16.0

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# [2.16.0](https://github.com/adobe/helix-config/compare/v2.15.1...v2.16.0) (2024-05-07)
+
+
+### Features
+
+* add global token hash if needed ([#76](https://github.com/adobe/helix-config/issues/76)) ([ac4a139](https://github.com/adobe/helix-config/commit/ac4a139497a98302ef9627644f5b9918ee76c282))
+
+## [2.15.1](https://github.com/adobe/helix-config/compare/v2.15.0...v2.15.1) (2024-05-07)
+
+
+### Bug Fixes
+
+* do not load org config in resolveConfig ([ccedbfd](https://github.com/adobe/helix-config/commit/ccedbfd4c7c465b842e25f9021fd5a06021e63d4))
+
 # [2.15.0](https://github.com/adobe/helix-config/compare/v2.14.0...v2.15.0) (2024-05-07)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config",
-  "version": "2.15.0",
+  "version": "2.16.0",
   "description": "Helix Config",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -10,7 +10,7 @@
   },
   "type": "module",
   "scripts": {
-    "test": "c8 mocha",
+    "test": "c8 mocha --spec 'test/**/*.test.js'",
     "lint": "eslint .",
     "docs:types": "node ./test/dev/generate-types.js",
     "semantic-release": "semantic-release",

package/src/config-view.js

@@ -66,7 +66,7 @@ export function canonicalArrayString(root, partition, prop) {
 /**
  * Returns the normalized access configuration for the give partition.
  */
-export function getAccessConfig(config, partition) {
+export function getAccessConfig(ctx, config, partition) {
   const { access, tokens = {} } = config;
   const apiKeyId = toArray(access[partition]?.apiKeyId ?? access.apiKeyId);
   const allow = toArray(access[partition]?.allow ?? access.allow);
@@ -84,11 +84,20 @@ export function getAccessConfig(config, partition) {
   if (allow.length && !cfg.apiKeyId.length) {
     cfg.apiKeyId.push('dummy');
   }
-  // if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still
-  // enforced.
-  if (cfg.apiKeyId.length && !cfg.tokenHash.length) {
-    cfg.tokenHash.push('n/a');
+
+  // if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still enforced.
+  if (cfg.apiKeyId.length) {
+    // add global token hash if defined and needed
+    const globalTokenHash = ctx.env.HLX_GLOBAL_TOKEN_HASH;
+    if (cfg.tokenHash.length && globalTokenHash) {
+      // augment the list of hashes with the global one if exists
+      cfg.tokenHash.push(globalTokenHash);
+    } else if (!cfg.tokenHash.length) {
+      // add a dummy or global hash if no tokens match the apiKeyIds.
+      cfg.tokenHash.push(globalTokenHash || 'n/a');
+    }
   }
+
   // todo: remove after auth rewrite
   if (allow) {
     cfg.allow = allow;
@@ -203,16 +212,6 @@ async function resolveConfig(ctx, rso, scope) {
   if (scope === SCOPE_PIPELINE || scope === SCOPE_DELIVERY) {
     config.head = await loadHeadHtml(ctx, config, rso.ref);
   }
-
-  // check for org config
-  const orgKey = `orgs/${rso.org}/config.json`;
-  res = await ctx.loader.getObject(HELIX_CONFIG_BUS, orgKey);
-  if (res.body) {
-    const orgConfig = res.json();
-    if (orgConfig.tokens) {
-      config.tokens = orgConfig.tokens;
-    }
-  }
   return config;
 }
 
@@ -265,8 +264,8 @@ export async function getConfigResponse(ctx, opts) {
     // normalize access config
     const { admin = {} } = config.access;
     config.access = {
-      preview: getAccessConfig(config, 'preview'),
-      live: getAccessConfig(config, 'live'),
+      preview: getAccessConfig(ctx, config, 'preview'),
+      live: getAccessConfig(ctx, config, 'live'),
       // access.require.repository ?
     };
     if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {