@adobe/helix-config 2.16.0 → 2.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/package.json +8 -1
  3. package/src/config-view.js +23 -4
  4. package/src/crypto.node.js +16 -0
  5. package/src/crypto.worker.js +15 -0
package/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## [2.16.1](https://github.com/adobe/helix-config/compare/v2.16.0...v2.16.1) (2024-05-08)
2
+
3
+
4
+ ### Bug Fixes
5
+
6
+ * properly hash global delivery token ([#78](https://github.com/adobe/helix-config/issues/78)) ([6f352ba](https://github.com/adobe/helix-config/commit/6f352ba9ed481f4d79bfb46750db3de81fb75966))
7
+
1
8
  # [2.16.0](https://github.com/adobe/helix-config/compare/v2.15.1...v2.16.0) (2024-05-07)
2
9
 
3
10
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@adobe/helix-config",
3
- "version": "2.16.0",
3
+ "version": "2.16.1",
4
4
  "description": "Helix Config",
5
5
  "main": "src/index.js",
6
6
  "types": "src/index.d.ts",
@@ -36,6 +36,13 @@
36
36
  "reporter": "mocha-multi-reporters",
37
37
  "reporter-options": "configFile=.mocha-multi.json"
38
38
  },
39
+ "imports": {
40
+ "#crypto": {
41
+ "node": "./src/crypto.node.js",
42
+ "browser": "./src/crypto.worker.js",
43
+ "worker": "./src/crypto.worker.js"
44
+ }
45
+ },
39
46
  "devDependencies": {
40
47
  "@adobe/eslint-config-helix": "2.0.6",
41
48
  "@semantic-release/changelog": "6.0.3",
package/src/config-view.js CHANGED
@@ -11,6 +11,8 @@
11
11
  */
12
12
  import { ModifiersConfig } from '@adobe/helix-shared-config/modifiers';
13
13
  import { computeSurrogateKey } from '@adobe/helix-shared-utils';
14
+ // eslint-disable-next-line import/no-unresolved
15
+ import cryptoImpl from '#crypto';
14
16
  import { PipelineResponse } from './PipelineResponse.js';
15
17
  import {
16
18
  SCOPE_ADMIN,
@@ -63,10 +65,27 @@ export function canonicalArrayString(root, partition, prop) {
63
65
  return `,${value.join(',')},`;
64
66
  }
65
67
 
68
+ /**
69
+ * Returns the hash of the global delivery token if defined.
70
+ * @param ctx
71
+ * @param rso
72
+ * @returns {string|null}
73
+ */
74
+ function getGlobalTokenHash(ctx, rso) {
75
+ if (!ctx.env.HLX_GLOBAL_DELIVERY_TOKEN) {
76
+ return null;
77
+ }
78
+ return cryptoImpl
79
+ .createHmac('sha512', rso.org)
80
+ .update(ctx.env.HLX_GLOBAL_DELIVERY_TOKEN, 'utf-8')
81
+ .digest()
82
+ .toString('base64url');
83
+ }
84
+
66
85
  /**
67
86
  * Returns the normalized access configuration for the give partition.
68
87
  */
69
- export function getAccessConfig(ctx, config, partition) {
88
+ export function getAccessConfig(ctx, config, partition, rso) {
70
89
  const { access, tokens = {} } = config;
71
90
  const apiKeyId = toArray(access[partition]?.apiKeyId ?? access.apiKeyId);
72
91
  const allow = toArray(access[partition]?.allow ?? access.allow);
@@ -88,7 +107,7 @@ export function getAccessConfig(ctx, config, partition) {
88
107
  // if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still enforced.
89
108
  if (cfg.apiKeyId.length) {
90
109
  // add global token hash if defined and needed
91
- const globalTokenHash = ctx.env.HLX_GLOBAL_TOKEN_HASH;
110
+ const globalTokenHash = getGlobalTokenHash(ctx, rso);
92
111
  if (cfg.tokenHash.length && globalTokenHash) {
93
112
  // augment the list of hashes with the global one if exists
94
113
  cfg.tokenHash.push(globalTokenHash);
@@ -264,8 +283,8 @@ export async function getConfigResponse(ctx, opts) {
264
283
  // normalize access config
265
284
  const { admin = {} } = config.access;
266
285
  config.access = {
267
- preview: getAccessConfig(ctx, config, 'preview'),
268
- live: getAccessConfig(ctx, config, 'live'),
286
+ preview: getAccessConfig(ctx, config, 'preview', rso),
287
+ live: getAccessConfig(ctx, config, 'live', rso),
269
288
  // access.require.repository ?
270
289
  };
271
290
  if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {
package/src/crypto.node.js ADDED
@@ -0,0 +1,16 @@
1
+ /*
2
+ * Copyright 2018 Adobe. All rights reserved.
3
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
4
+ * you may not use this file except in compliance with the License. You may obtain a copy
5
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
6
+ *
7
+ * Unless required by applicable law or agreed to in writing, software distributed under
8
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
9
+ * OF ANY KIND, either express or implied. See the License for the specific language
10
+ * governing permissions and limitations under the License.
11
+ */
12
+
13
+ // node runtime
14
+ import cryptoImpl from 'node:crypto';
15
+
16
+ export default cryptoImpl;
package/src/crypto.worker.js ADDED
@@ -0,0 +1,15 @@
1
+ /*
2
+ * Copyright 2018 Adobe. All rights reserved.
3
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
4
+ * you may not use this file except in compliance with the License. You may obtain a copy
5
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
6
+ *
7
+ * Unless required by applicable law or agreed to in writing, software distributed under
8
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
9
+ * OF ANY KIND, either express or implied. See the License for the specific language
10
+ * governing permissions and limitations under the License.
11
+ */
12
+
13
+ // browser/worker runtime
14
+ // eslint-disable-next-line no-undef
15
+ export default crypto;