@adobe/helix-config 2.18.0 → 2.18.2

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+## [2.18.2](https://github.com/adobe/helix-config/compare/v2.18.1...v2.18.2) (2024-05-13)
+
+
+### Bug Fixes
+
+* use webcrypto for better support ([#82](https://github.com/adobe/helix-config/issues/82)) ([0eb3a5b](https://github.com/adobe/helix-config/commit/0eb3a5b3ddba9a809c617e09d40f7d6ba98e0663))
+
+## [2.18.1](https://github.com/adobe/helix-config/compare/v2.18.0...v2.18.1) (2024-05-09)
+
+
+### Bug Fixes
+
+* allow to set public configuration ([#80](https://github.com/adobe/helix-config/issues/80)) ([3a5b175](https://github.com/adobe/helix-config/commit/3a5b175f1afc074edd398f5a75a0c271c91ddc72))
+
 # [2.18.0](https://github.com/adobe/helix-config/compare/v2.17.0...v2.18.0) (2024-05-09)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config",
-  "version": "2.18.0",
+  "version": "2.18.2",
   "description": "Helix Config",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -36,18 +36,11 @@
     "reporter": "mocha-multi-reporters",
     "reporter-options": "configFile=.mocha-multi.json"
   },
-  "imports": {
-    "#crypto": {
-      "node": "./src/crypto.node.js",
-      "browser": "./src/crypto.worker.js",
-      "worker": "./src/crypto.worker.js"
-    }
-  },
   "devDependencies": {
     "@adobe/eslint-config-helix": "2.0.6",
     "@semantic-release/changelog": "6.0.3",
     "@semantic-release/git": "10.0.1",
-    "@semantic-release/npm": "12.0.0",
+    "@semantic-release/npm": "12.0.1",
     "c8": "9.1.0",
     "eslint": "8.57.0",
     "husky": "9.0.11",
@@ -58,7 +51,7 @@
     "mocha-multi-reporters": "1.5.1",
     "mocha-suppress-logs": "0.5.1",
     "nock": "13.5.4",
-    "semantic-release": "23.0.8"
+    "semantic-release": "23.1.1"
   },
   "lint-staged": {
     "*.js": "eslint",
@@ -72,6 +65,6 @@
     "@adobe/helix-shared-utils": "3.0.2",
     "ajv": "8.13.0",
     "ajv-formats": "3.0.1",
-    "jose": "5.2.4"
+    "jose": "5.3.0"
   }
 }

package/src/config-merge.js

@@ -32,6 +32,7 @@ const ROOT_PROPERTIES = {
   robots: {},
   extends: {},
   tokens: {},
+  public: {},
 };
 
 const FORCED_TYPES = {

package/src/config-view.js

@@ -12,7 +12,6 @@
 import { ModifiersConfig } from '@adobe/helix-shared-config/modifiers';
 import { computeSurrogateKey } from '@adobe/helix-shared-utils';
 // eslint-disable-next-line import/no-unresolved
-import cryptoImpl from '#crypto';
 import { PipelineResponse } from './PipelineResponse.js';
 import {
   SCOPE_ADMIN,
@@ -69,23 +68,35 @@ export function canonicalArrayString(root, partition, prop) {
  * Returns the hash of the global delivery token if defined.
  * @param ctx
  * @param rso
- * @returns {string|null}
+ * @returns {Promise<string|null>}
  */
-function getGlobalTokenHash(ctx, rso) {
+async function getGlobalTokenHash(ctx, rso) {
   if (!ctx.env.HLX_GLOBAL_DELIVERY_TOKEN) {
     return null;
   }
-  return cryptoImpl
-    .createHmac('sha512', rso.org)
-    .update(ctx.env.HLX_GLOBAL_DELIVERY_TOKEN, 'utf-8')
-    .digest()
-    .toString('base64url');
+  // use webcrypto for better support for cloudflare workers
+  const enc = new TextEncoder('utf-8');
+  const key = await crypto.subtle.importKey(
+    'raw',
+    enc.encode(rso.org),
+    {
+      name: 'HMAC',
+      hash: { name: 'SHA-512' },
+    },
+    false,
+    ['sign', 'verify'],
+  );
+  const buffer = await crypto.subtle.sign('HMAC', key, enc.encode(ctx.env.HLX_GLOBAL_DELIVERY_TOKEN));
+  return btoa(String.fromCharCode(...new Uint8Array(buffer)))
+    .replaceAll('/', '_')
+    .replaceAll('+', '-')
+    .replaceAll('=', '');
 }
 
 /**
  * Returns the normalized access configuration for the give partition.
  */
-export function getAccessConfig(ctx, config, partition, rso) {
+export async function getAccessConfig(ctx, config, partition, rso) {
   const { access, tokens = {} } = config;
   const apiKeyId = toArray(access[partition]?.apiKeyId ?? access.apiKeyId);
   const allow = toArray(access[partition]?.allow ?? access.allow);
@@ -107,7 +118,7 @@ export function getAccessConfig(ctx, config, partition, rso) {
   // if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still enforced.
   if (cfg.apiKeyId.length) {
     // add global token hash if defined and needed
-    const globalTokenHash = getGlobalTokenHash(ctx, rso);
+    const globalTokenHash = await getGlobalTokenHash(ctx, rso);
     if (cfg.tokenHash.length && globalTokenHash) {
       // augment the list of hashes with the global one if exists
       cfg.tokenHash.push(globalTokenHash);
@@ -279,8 +290,8 @@ export async function getConfigResponse(ctx, opts) {
     // normalize access config
     const { admin = {} } = config.access;
     config.access = {
-      preview: getAccessConfig(ctx, config, 'preview', rso),
-      live: getAccessConfig(ctx, config, 'live', rso),
+      preview: await getAccessConfig(ctx, config, 'preview', rso),
+      live: await getAccessConfig(ctx, config, 'live', rso),
       // access.require.repository ?
     };
     if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {

package/src/schemas/profile.schema.json

@@ -49,6 +49,9 @@
     },
     "robots": {
       "$ref": "https://ns.adobe.com/helix/config/robots"
+    },
+    "public": {
+      "$ref": "https://ns.adobe.com/helix/config/public"
     }
   },
   "required": [

package/src/{crypto.node.js → schemas/public.schema.cjs}

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018 Adobe. All rights reserved.
+ * Copyright 2024 Adobe. All rights reserved.
  * This file is licensed to you under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License. You may obtain a copy
  * of the License at http://www.apache.org/licenses/LICENSE-2.0
@@ -9,8 +9,4 @@
  * OF ANY KIND, either express or implied. See the License for the specific language
  * governing permissions and limitations under the License.
  */
-
-// node runtime
-import cryptoImpl from 'node:crypto';
-
-export default cryptoImpl;
+module.exports = require('./public.schema.json');

package/src/schemas/public.schema.json

@@ -0,0 +1,18 @@
+{
+  "meta:license": [
+    "Copyright 2024 Adobe. All rights reserved.",
+    "This file is licensed to you under the Apache License, Version 2.0 (the \"License\");",
+    "you may not use this file except in compliance with the License. You may obtain a copy",
+    "of the License at http://www.apache.org/licenses/LICENSE-2.0",
+    "",
+    "Unless required by applicable law or agreed to in writing, software distributed under",
+    "the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS",
+    "OF ANY KIND, either express or implied. See the License for the specific language",
+    "governing permissions and limitations under the License."
+  ],
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://ns.adobe.com/helix/config/public",
+  "type": "object",
+  "title": "public",
+  "description": "Public configuration"
+}

package/src/schemas/site.schema.json

@@ -55,6 +55,9 @@
     "robots": {
       "$ref": "https://ns.adobe.com/helix/config/robots"
     },
+    "public": {
+      "$ref": "https://ns.adobe.com/helix/config/public"
+    },
     "extends": {
       "profile": {
         "type": "string",

package/src/storage/config-validator.js

@@ -26,6 +26,7 @@ import markupSchema from '../schemas/content-source-markup.schema.cjs';
 import metadataSchema from '../schemas/metadata-source.schema.cjs';
 import orgSchema from '../schemas/org.schema.cjs';
 import onedriveSchema from '../schemas/content-source-onedrive.schema.cjs';
+import publicSchema from '../schemas/public.schema.cjs';
 import profileSchema from '../schemas/profile.schema.cjs';
 import robotsSchema from '../schemas/robots.schema.cjs';
 import sidekickSchema from '../schemas/sidekick.schema.cjs';
@@ -46,6 +47,7 @@ const SCHEMAS = [
   metadataSchema,
   orgSchema,
   onedriveSchema,
+  publicSchema,
   profileSchema,
   robotsSchema,
   sidekickSchema,

package/types/profile-config.d.ts

@@ -31,6 +31,7 @@ export interface HelixProfileConfig {
   sidekick?: SidekickConfig;
   metadata?: Metadata;
   robots?: Robots;
+  public?: Public;
 }
 /**
  * Defines the content bus location and source.
@@ -246,3 +247,9 @@ export interface Metadata {
 export interface Robots {
   txt?: string;
 }
+/**
+ * Public configuration
+ */
+export interface Public {
+  [k: string]: unknown;
+}

package/types/site-config.d.ts

@@ -35,6 +35,7 @@ export interface HelixSiteConfig {
   sidekick?: SidekickConfig;
   metadata?: Metadata;
   robots?: Robots;
+  public?: Public;
   extends?: {
     [k: string]: unknown;
   };
@@ -253,3 +254,9 @@ export interface Metadata {
 export interface Robots {
   txt?: string;
 }
+/**
+ * Public configuration
+ */
+export interface Public {
+  [k: string]: unknown;
+}

package/src/crypto.worker.js

@@ -1,15 +0,0 @@
-/*
- * Copyright 2018 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-
-// browser/worker runtime
-// eslint-disable-next-line no-undef
-export default crypto;