@adobe/helix-config 2.18.1 → 2.18.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/package.json +4 -11
- package/src/config-view.js +23 -12
- package/src/crypto.node.js +0 -16
- package/src/crypto.worker.js +0 -15
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
## [2.18.2](https://github.com/adobe/helix-config/compare/v2.18.1...v2.18.2) (2024-05-13)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Bug Fixes
|
|
5
|
+
|
|
6
|
+
* use webcrypto for better support ([#82](https://github.com/adobe/helix-config/issues/82)) ([0eb3a5b](https://github.com/adobe/helix-config/commit/0eb3a5b3ddba9a809c617e09d40f7d6ba98e0663))
|
|
7
|
+
|
|
1
8
|
## [2.18.1](https://github.com/adobe/helix-config/compare/v2.18.0...v2.18.1) (2024-05-09)
|
|
2
9
|
|
|
3
10
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adobe/helix-config",
|
|
3
|
-
"version": "2.18.
|
|
3
|
+
"version": "2.18.2",
|
|
4
4
|
"description": "Helix Config",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"types": "src/index.d.ts",
|
|
@@ -36,18 +36,11 @@
|
|
|
36
36
|
"reporter": "mocha-multi-reporters",
|
|
37
37
|
"reporter-options": "configFile=.mocha-multi.json"
|
|
38
38
|
},
|
|
39
|
-
"imports": {
|
|
40
|
-
"#crypto": {
|
|
41
|
-
"node": "./src/crypto.node.js",
|
|
42
|
-
"browser": "./src/crypto.worker.js",
|
|
43
|
-
"worker": "./src/crypto.worker.js"
|
|
44
|
-
}
|
|
45
|
-
},
|
|
46
39
|
"devDependencies": {
|
|
47
40
|
"@adobe/eslint-config-helix": "2.0.6",
|
|
48
41
|
"@semantic-release/changelog": "6.0.3",
|
|
49
42
|
"@semantic-release/git": "10.0.1",
|
|
50
|
-
"@semantic-release/npm": "12.0.
|
|
43
|
+
"@semantic-release/npm": "12.0.1",
|
|
51
44
|
"c8": "9.1.0",
|
|
52
45
|
"eslint": "8.57.0",
|
|
53
46
|
"husky": "9.0.11",
|
|
@@ -58,7 +51,7 @@
|
|
|
58
51
|
"mocha-multi-reporters": "1.5.1",
|
|
59
52
|
"mocha-suppress-logs": "0.5.1",
|
|
60
53
|
"nock": "13.5.4",
|
|
61
|
-
"semantic-release": "23.
|
|
54
|
+
"semantic-release": "23.1.1"
|
|
62
55
|
},
|
|
63
56
|
"lint-staged": {
|
|
64
57
|
"*.js": "eslint",
|
|
@@ -72,6 +65,6 @@
|
|
|
72
65
|
"@adobe/helix-shared-utils": "3.0.2",
|
|
73
66
|
"ajv": "8.13.0",
|
|
74
67
|
"ajv-formats": "3.0.1",
|
|
75
|
-
"jose": "5.
|
|
68
|
+
"jose": "5.3.0"
|
|
76
69
|
}
|
|
77
70
|
}
|
package/src/config-view.js
CHANGED
|
@@ -12,7 +12,6 @@
|
|
|
12
12
|
import { ModifiersConfig } from '@adobe/helix-shared-config/modifiers';
|
|
13
13
|
import { computeSurrogateKey } from '@adobe/helix-shared-utils';
|
|
14
14
|
// eslint-disable-next-line import/no-unresolved
|
|
15
|
-
import cryptoImpl from '#crypto';
|
|
16
15
|
import { PipelineResponse } from './PipelineResponse.js';
|
|
17
16
|
import {
|
|
18
17
|
SCOPE_ADMIN,
|
|
@@ -69,23 +68,35 @@ export function canonicalArrayString(root, partition, prop) {
|
|
|
69
68
|
* Returns the hash of the global delivery token if defined.
|
|
70
69
|
* @param ctx
|
|
71
70
|
* @param rso
|
|
72
|
-
* @returns {string|null}
|
|
71
|
+
* @returns {Promise<string|null>}
|
|
73
72
|
*/
|
|
74
|
-
function getGlobalTokenHash(ctx, rso) {
|
|
73
|
+
async function getGlobalTokenHash(ctx, rso) {
|
|
75
74
|
if (!ctx.env.HLX_GLOBAL_DELIVERY_TOKEN) {
|
|
76
75
|
return null;
|
|
77
76
|
}
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
.
|
|
77
|
+
// use webcrypto for better support for cloudflare workers
|
|
78
|
+
const enc = new TextEncoder('utf-8');
|
|
79
|
+
const key = await crypto.subtle.importKey(
|
|
80
|
+
'raw',
|
|
81
|
+
enc.encode(rso.org),
|
|
82
|
+
{
|
|
83
|
+
name: 'HMAC',
|
|
84
|
+
hash: { name: 'SHA-512' },
|
|
85
|
+
},
|
|
86
|
+
false,
|
|
87
|
+
['sign', 'verify'],
|
|
88
|
+
);
|
|
89
|
+
const buffer = await crypto.subtle.sign('HMAC', key, enc.encode(ctx.env.HLX_GLOBAL_DELIVERY_TOKEN));
|
|
90
|
+
return btoa(String.fromCharCode(...new Uint8Array(buffer)))
|
|
91
|
+
.replaceAll('/', '_')
|
|
92
|
+
.replaceAll('+', '-')
|
|
93
|
+
.replaceAll('=', '');
|
|
83
94
|
}
|
|
84
95
|
|
|
85
96
|
/**
|
|
86
97
|
* Returns the normalized access configuration for the give partition.
|
|
87
98
|
*/
|
|
88
|
-
export function getAccessConfig(ctx, config, partition, rso) {
|
|
99
|
+
export async function getAccessConfig(ctx, config, partition, rso) {
|
|
89
100
|
const { access, tokens = {} } = config;
|
|
90
101
|
const apiKeyId = toArray(access[partition]?.apiKeyId ?? access.apiKeyId);
|
|
91
102
|
const allow = toArray(access[partition]?.allow ?? access.allow);
|
|
@@ -107,7 +118,7 @@ export function getAccessConfig(ctx, config, partition, rso) {
|
|
|
107
118
|
// if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still enforced.
|
|
108
119
|
if (cfg.apiKeyId.length) {
|
|
109
120
|
// add global token hash if defined and needed
|
|
110
|
-
const globalTokenHash = getGlobalTokenHash(ctx, rso);
|
|
121
|
+
const globalTokenHash = await getGlobalTokenHash(ctx, rso);
|
|
111
122
|
if (cfg.tokenHash.length && globalTokenHash) {
|
|
112
123
|
// augment the list of hashes with the global one if exists
|
|
113
124
|
cfg.tokenHash.push(globalTokenHash);
|
|
@@ -279,8 +290,8 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
279
290
|
// normalize access config
|
|
280
291
|
const { admin = {} } = config.access;
|
|
281
292
|
config.access = {
|
|
282
|
-
preview: getAccessConfig(ctx, config, 'preview', rso),
|
|
283
|
-
live: getAccessConfig(ctx, config, 'live', rso),
|
|
293
|
+
preview: await getAccessConfig(ctx, config, 'preview', rso),
|
|
294
|
+
live: await getAccessConfig(ctx, config, 'live', rso),
|
|
284
295
|
// access.require.repository ?
|
|
285
296
|
};
|
|
286
297
|
if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {
|
package/src/crypto.node.js
DELETED
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
/*
|
|
2
|
-
* Copyright 2018 Adobe. All rights reserved.
|
|
3
|
-
* This file is licensed to you under the Apache License, Version 2.0 (the "License");
|
|
4
|
-
* you may not use this file except in compliance with the License. You may obtain a copy
|
|
5
|
-
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
|
6
|
-
*
|
|
7
|
-
* Unless required by applicable law or agreed to in writing, software distributed under
|
|
8
|
-
* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
|
|
9
|
-
* OF ANY KIND, either express or implied. See the License for the specific language
|
|
10
|
-
* governing permissions and limitations under the License.
|
|
11
|
-
*/
|
|
12
|
-
|
|
13
|
-
// node runtime
|
|
14
|
-
import cryptoImpl from 'node:crypto';
|
|
15
|
-
|
|
16
|
-
export default cryptoImpl;
|
package/src/crypto.worker.js
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
/*
|
|
2
|
-
* Copyright 2018 Adobe. All rights reserved.
|
|
3
|
-
* This file is licensed to you under the Apache License, Version 2.0 (the "License");
|
|
4
|
-
* you may not use this file except in compliance with the License. You may obtain a copy
|
|
5
|
-
* of the License at http://www.apache.org/licenses/LICENSE-2.0
|
|
6
|
-
*
|
|
7
|
-
* Unless required by applicable law or agreed to in writing, software distributed under
|
|
8
|
-
* the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
|
|
9
|
-
* OF ANY KIND, either express or implied. See the License for the specific language
|
|
10
|
-
* governing permissions and limitations under the License.
|
|
11
|
-
*/
|
|
12
|
-
|
|
13
|
-
// browser/worker runtime
|
|
14
|
-
// eslint-disable-next-line no-undef
|
|
15
|
-
export default crypto;
|