@adobe/helix-config 2.16.0 → 2.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/package.json +8 -1
- package/src/config-view.js +23 -12
- package/src/crypto.node.js +16 -0
- package/src/crypto.worker.js +15 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
# [2.17.0](https://github.com/adobe/helix-config/compare/v2.16.1...v2.17.0) (2024-05-08)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Features
|
|
5
|
+
|
|
6
|
+
* remove old access config ([#77](https://github.com/adobe/helix-config/issues/77)) ([20d9a25](https://github.com/adobe/helix-config/commit/20d9a252eb5b399f2f6dc324830748cbacbae5c3))
|
|
7
|
+
|
|
8
|
+
## [2.16.1](https://github.com/adobe/helix-config/compare/v2.16.0...v2.16.1) (2024-05-08)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Bug Fixes
|
|
12
|
+
|
|
13
|
+
* properly hash global delivery token ([#78](https://github.com/adobe/helix-config/issues/78)) ([6f352ba](https://github.com/adobe/helix-config/commit/6f352ba9ed481f4d79bfb46750db3de81fb75966))
|
|
14
|
+
|
|
1
15
|
# [2.16.0](https://github.com/adobe/helix-config/compare/v2.15.1...v2.16.0) (2024-05-07)
|
|
2
16
|
|
|
3
17
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adobe/helix-config",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.17.0",
|
|
4
4
|
"description": "Helix Config",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"types": "src/index.d.ts",
|
|
@@ -36,6 +36,13 @@
|
|
|
36
36
|
"reporter": "mocha-multi-reporters",
|
|
37
37
|
"reporter-options": "configFile=.mocha-multi.json"
|
|
38
38
|
},
|
|
39
|
+
"imports": {
|
|
40
|
+
"#crypto": {
|
|
41
|
+
"node": "./src/crypto.node.js",
|
|
42
|
+
"browser": "./src/crypto.worker.js",
|
|
43
|
+
"worker": "./src/crypto.worker.js"
|
|
44
|
+
}
|
|
45
|
+
},
|
|
39
46
|
"devDependencies": {
|
|
40
47
|
"@adobe/eslint-config-helix": "2.0.6",
|
|
41
48
|
"@semantic-release/changelog": "6.0.3",
|
package/src/config-view.js
CHANGED
|
@@ -11,6 +11,8 @@
|
|
|
11
11
|
*/
|
|
12
12
|
import { ModifiersConfig } from '@adobe/helix-shared-config/modifiers';
|
|
13
13
|
import { computeSurrogateKey } from '@adobe/helix-shared-utils';
|
|
14
|
+
// eslint-disable-next-line import/no-unresolved
|
|
15
|
+
import cryptoImpl from '#crypto';
|
|
14
16
|
import { PipelineResponse } from './PipelineResponse.js';
|
|
15
17
|
import {
|
|
16
18
|
SCOPE_ADMIN,
|
|
@@ -63,10 +65,27 @@ export function canonicalArrayString(root, partition, prop) {
|
|
|
63
65
|
return `,${value.join(',')},`;
|
|
64
66
|
}
|
|
65
67
|
|
|
68
|
+
/**
|
|
69
|
+
* Returns the hash of the global delivery token if defined.
|
|
70
|
+
* @param ctx
|
|
71
|
+
* @param rso
|
|
72
|
+
* @returns {string|null}
|
|
73
|
+
*/
|
|
74
|
+
function getGlobalTokenHash(ctx, rso) {
|
|
75
|
+
if (!ctx.env.HLX_GLOBAL_DELIVERY_TOKEN) {
|
|
76
|
+
return null;
|
|
77
|
+
}
|
|
78
|
+
return cryptoImpl
|
|
79
|
+
.createHmac('sha512', rso.org)
|
|
80
|
+
.update(ctx.env.HLX_GLOBAL_DELIVERY_TOKEN, 'utf-8')
|
|
81
|
+
.digest()
|
|
82
|
+
.toString('base64url');
|
|
83
|
+
}
|
|
84
|
+
|
|
66
85
|
/**
|
|
67
86
|
* Returns the normalized access configuration for the give partition.
|
|
68
87
|
*/
|
|
69
|
-
export function getAccessConfig(ctx, config, partition) {
|
|
88
|
+
export function getAccessConfig(ctx, config, partition, rso) {
|
|
70
89
|
const { access, tokens = {} } = config;
|
|
71
90
|
const apiKeyId = toArray(access[partition]?.apiKeyId ?? access.apiKeyId);
|
|
72
91
|
const allow = toArray(access[partition]?.allow ?? access.allow);
|
|
@@ -88,7 +107,7 @@ export function getAccessConfig(ctx, config, partition) {
|
|
|
88
107
|
// if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still enforced.
|
|
89
108
|
if (cfg.apiKeyId.length) {
|
|
90
109
|
// add global token hash if defined and needed
|
|
91
|
-
const globalTokenHash = ctx
|
|
110
|
+
const globalTokenHash = getGlobalTokenHash(ctx, rso);
|
|
92
111
|
if (cfg.tokenHash.length && globalTokenHash) {
|
|
93
112
|
// augment the list of hashes with the global one if exists
|
|
94
113
|
cfg.tokenHash.push(globalTokenHash);
|
|
@@ -98,10 +117,6 @@ export function getAccessConfig(ctx, config, partition) {
|
|
|
98
117
|
}
|
|
99
118
|
}
|
|
100
119
|
|
|
101
|
-
// todo: remove after auth rewrite
|
|
102
|
-
if (allow) {
|
|
103
|
-
cfg.allow = allow;
|
|
104
|
-
}
|
|
105
120
|
return cfg;
|
|
106
121
|
}
|
|
107
122
|
|
|
@@ -264,8 +279,8 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
264
279
|
// normalize access config
|
|
265
280
|
const { admin = {} } = config.access;
|
|
266
281
|
config.access = {
|
|
267
|
-
preview: getAccessConfig(ctx, config, 'preview'),
|
|
268
|
-
live: getAccessConfig(ctx, config, 'live'),
|
|
282
|
+
preview: getAccessConfig(ctx, config, 'preview', rso),
|
|
283
|
+
live: getAccessConfig(ctx, config, 'live', rso),
|
|
269
284
|
// access.require.repository ?
|
|
270
285
|
};
|
|
271
286
|
if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {
|
|
@@ -291,12 +306,8 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
291
306
|
'x-hlx-contentbus-id': config.content.contentBusId,
|
|
292
307
|
'x-hlx-owner': config.code.owner,
|
|
293
308
|
'x-hlx-repo': config.code.repo,
|
|
294
|
-
'x-hlx-auth-allow-preview': canonicalArrayString(config.access, 'preview', 'allow'),
|
|
295
|
-
'x-hlx-auth-apikey-preview': canonicalArrayString(config.access, 'preview', 'apiKeyId'),
|
|
296
309
|
'x-hlx-auth-clientdn-preview': canonicalArrayString(config.access, 'preview', 'clientCertDN'),
|
|
297
310
|
'x-hlx-auth-hash-preview': canonicalArrayString(config.access, 'preview', 'tokenHash'),
|
|
298
|
-
'x-hlx-auth-allow-live': canonicalArrayString(config.access, 'live', 'allow'),
|
|
299
|
-
'x-hlx-auth-apikey-live': canonicalArrayString(config.access, 'live', 'apiKeyId'),
|
|
300
311
|
'x-hlx-auth-clientdn-live': canonicalArrayString(config.access, 'live', 'clientCertDN'),
|
|
301
312
|
'x-hlx-auth-hash-live': canonicalArrayString(config.access, 'live', 'tokenHash'),
|
|
302
313
|
},
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright 2018 Adobe. All rights reserved.
|
|
3
|
+
* This file is licensed to you under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
* you may not use this file except in compliance with the License. You may obtain a copy
|
|
5
|
+
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
|
6
|
+
*
|
|
7
|
+
* Unless required by applicable law or agreed to in writing, software distributed under
|
|
8
|
+
* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
|
|
9
|
+
* OF ANY KIND, either express or implied. See the License for the specific language
|
|
10
|
+
* governing permissions and limitations under the License.
|
|
11
|
+
*/
|
|
12
|
+
|
|
13
|
+
// node runtime
|
|
14
|
+
import cryptoImpl from 'node:crypto';
|
|
15
|
+
|
|
16
|
+
export default cryptoImpl;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright 2018 Adobe. All rights reserved.
|
|
3
|
+
* This file is licensed to you under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
* you may not use this file except in compliance with the License. You may obtain a copy
|
|
5
|
+
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
|
6
|
+
*
|
|
7
|
+
* Unless required by applicable law or agreed to in writing, software distributed under
|
|
8
|
+
* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
|
|
9
|
+
* OF ANY KIND, either express or implied. See the License for the specific language
|
|
10
|
+
* governing permissions and limitations under the License.
|
|
11
|
+
*/
|
|
12
|
+
|
|
13
|
+
// browser/worker runtime
|
|
14
|
+
// eslint-disable-next-line no-undef
|
|
15
|
+
export default crypto;
|