@adobe/helix-config 2.15.1 → 2.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/package.json +9 -2
- package/src/config-view.js +35 -7
- package/src/crypto.node.js +16 -0
- package/src/crypto.worker.js +15 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
## [2.16.1](https://github.com/adobe/helix-config/compare/v2.16.0...v2.16.1) (2024-05-08)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Bug Fixes
|
|
5
|
+
|
|
6
|
+
* properly hash global delivery token ([#78](https://github.com/adobe/helix-config/issues/78)) ([6f352ba](https://github.com/adobe/helix-config/commit/6f352ba9ed481f4d79bfb46750db3de81fb75966))
|
|
7
|
+
|
|
8
|
+
# [2.16.0](https://github.com/adobe/helix-config/compare/v2.15.1...v2.16.0) (2024-05-07)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Features
|
|
12
|
+
|
|
13
|
+
* add global token hash if needed ([#76](https://github.com/adobe/helix-config/issues/76)) ([ac4a139](https://github.com/adobe/helix-config/commit/ac4a139497a98302ef9627644f5b9918ee76c282))
|
|
14
|
+
|
|
1
15
|
## [2.15.1](https://github.com/adobe/helix-config/compare/v2.15.0...v2.15.1) (2024-05-07)
|
|
2
16
|
|
|
3
17
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adobe/helix-config",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.16.1",
|
|
4
4
|
"description": "Helix Config",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"types": "src/index.d.ts",
|
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
},
|
|
11
11
|
"type": "module",
|
|
12
12
|
"scripts": {
|
|
13
|
-
"test": "c8 mocha",
|
|
13
|
+
"test": "c8 mocha --spec 'test/**/*.test.js'",
|
|
14
14
|
"lint": "eslint .",
|
|
15
15
|
"docs:types": "node ./test/dev/generate-types.js",
|
|
16
16
|
"semantic-release": "semantic-release",
|
|
@@ -36,6 +36,13 @@
|
|
|
36
36
|
"reporter": "mocha-multi-reporters",
|
|
37
37
|
"reporter-options": "configFile=.mocha-multi.json"
|
|
38
38
|
},
|
|
39
|
+
"imports": {
|
|
40
|
+
"#crypto": {
|
|
41
|
+
"node": "./src/crypto.node.js",
|
|
42
|
+
"browser": "./src/crypto.worker.js",
|
|
43
|
+
"worker": "./src/crypto.worker.js"
|
|
44
|
+
}
|
|
45
|
+
},
|
|
39
46
|
"devDependencies": {
|
|
40
47
|
"@adobe/eslint-config-helix": "2.0.6",
|
|
41
48
|
"@semantic-release/changelog": "6.0.3",
|
package/src/config-view.js
CHANGED
|
@@ -11,6 +11,8 @@
|
|
|
11
11
|
*/
|
|
12
12
|
import { ModifiersConfig } from '@adobe/helix-shared-config/modifiers';
|
|
13
13
|
import { computeSurrogateKey } from '@adobe/helix-shared-utils';
|
|
14
|
+
// eslint-disable-next-line import/no-unresolved
|
|
15
|
+
import cryptoImpl from '#crypto';
|
|
14
16
|
import { PipelineResponse } from './PipelineResponse.js';
|
|
15
17
|
import {
|
|
16
18
|
SCOPE_ADMIN,
|
|
@@ -63,10 +65,27 @@ export function canonicalArrayString(root, partition, prop) {
|
|
|
63
65
|
return `,${value.join(',')},`;
|
|
64
66
|
}
|
|
65
67
|
|
|
68
|
+
/**
|
|
69
|
+
* Returns the hash of the global delivery token if defined.
|
|
70
|
+
* @param ctx
|
|
71
|
+
* @param rso
|
|
72
|
+
* @returns {string|null}
|
|
73
|
+
*/
|
|
74
|
+
function getGlobalTokenHash(ctx, rso) {
|
|
75
|
+
if (!ctx.env.HLX_GLOBAL_DELIVERY_TOKEN) {
|
|
76
|
+
return null;
|
|
77
|
+
}
|
|
78
|
+
return cryptoImpl
|
|
79
|
+
.createHmac('sha512', rso.org)
|
|
80
|
+
.update(ctx.env.HLX_GLOBAL_DELIVERY_TOKEN, 'utf-8')
|
|
81
|
+
.digest()
|
|
82
|
+
.toString('base64url');
|
|
83
|
+
}
|
|
84
|
+
|
|
66
85
|
/**
|
|
67
86
|
* Returns the normalized access configuration for the give partition.
|
|
68
87
|
*/
|
|
69
|
-
export function getAccessConfig(config, partition) {
|
|
88
|
+
export function getAccessConfig(ctx, config, partition, rso) {
|
|
70
89
|
const { access, tokens = {} } = config;
|
|
71
90
|
const apiKeyId = toArray(access[partition]?.apiKeyId ?? access.apiKeyId);
|
|
72
91
|
const allow = toArray(access[partition]?.allow ?? access.allow);
|
|
@@ -84,11 +103,20 @@ export function getAccessConfig(config, partition) {
|
|
|
84
103
|
if (allow.length && !cfg.apiKeyId.length) {
|
|
85
104
|
cfg.apiKeyId.push('dummy');
|
|
86
105
|
}
|
|
87
|
-
|
|
88
|
-
// enforced.
|
|
89
|
-
if (cfg.apiKeyId.length
|
|
90
|
-
|
|
106
|
+
|
|
107
|
+
// if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still enforced.
|
|
108
|
+
if (cfg.apiKeyId.length) {
|
|
109
|
+
// add global token hash if defined and needed
|
|
110
|
+
const globalTokenHash = getGlobalTokenHash(ctx, rso);
|
|
111
|
+
if (cfg.tokenHash.length && globalTokenHash) {
|
|
112
|
+
// augment the list of hashes with the global one if exists
|
|
113
|
+
cfg.tokenHash.push(globalTokenHash);
|
|
114
|
+
} else if (!cfg.tokenHash.length) {
|
|
115
|
+
// add a dummy or global hash if no tokens match the apiKeyIds.
|
|
116
|
+
cfg.tokenHash.push(globalTokenHash || 'n/a');
|
|
117
|
+
}
|
|
91
118
|
}
|
|
119
|
+
|
|
92
120
|
// todo: remove after auth rewrite
|
|
93
121
|
if (allow) {
|
|
94
122
|
cfg.allow = allow;
|
|
@@ -255,8 +283,8 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
255
283
|
// normalize access config
|
|
256
284
|
const { admin = {} } = config.access;
|
|
257
285
|
config.access = {
|
|
258
|
-
preview: getAccessConfig(config, 'preview'),
|
|
259
|
-
live: getAccessConfig(config, 'live'),
|
|
286
|
+
preview: getAccessConfig(ctx, config, 'preview', rso),
|
|
287
|
+
live: getAccessConfig(ctx, config, 'live', rso),
|
|
260
288
|
// access.require.repository ?
|
|
261
289
|
};
|
|
262
290
|
if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright 2018 Adobe. All rights reserved.
|
|
3
|
+
* This file is licensed to you under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
* you may not use this file except in compliance with the License. You may obtain a copy
|
|
5
|
+
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
|
6
|
+
*
|
|
7
|
+
* Unless required by applicable law or agreed to in writing, software distributed under
|
|
8
|
+
* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
|
|
9
|
+
* OF ANY KIND, either express or implied. See the License for the specific language
|
|
10
|
+
* governing permissions and limitations under the License.
|
|
11
|
+
*/
|
|
12
|
+
|
|
13
|
+
// node runtime
|
|
14
|
+
import cryptoImpl from 'node:crypto';
|
|
15
|
+
|
|
16
|
+
export default cryptoImpl;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright 2018 Adobe. All rights reserved.
|
|
3
|
+
* This file is licensed to you under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
* you may not use this file except in compliance with the License. You may obtain a copy
|
|
5
|
+
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
|
6
|
+
*
|
|
7
|
+
* Unless required by applicable law or agreed to in writing, software distributed under
|
|
8
|
+
* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
|
|
9
|
+
* OF ANY KIND, either express or implied. See the License for the specific language
|
|
10
|
+
* governing permissions and limitations under the License.
|
|
11
|
+
*/
|
|
12
|
+
|
|
13
|
+
// browser/worker runtime
|
|
14
|
+
// eslint-disable-next-line no-undef
|
|
15
|
+
export default crypto;
|