@adobe/helix-config 2.18.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/package.json +5 -12
  3. package/src/ConfigContext.d.ts +0 -3
  4. package/src/ConfigContext.js +0 -6
  5. package/src/config-view.js +41 -13
  6. package/src/crypto.node.js +0 -16
  7. package/src/crypto.worker.js +0 -15
package/CHANGELOG.md CHANGED
@@ -1,3 +1,22 @@
1
+ # [3.0.0](https://github.com/adobe/helix-config/compare/v2.18.2...v3.0.0) (2024-05-16)
2
+
3
+
4
+ ### Features
5
+
6
+ * remove unused option and enforce scope ([#86](https://github.com/adobe/helix-config/issues/86)) ([4c9d26d](https://github.com/adobe/helix-config/commit/4c9d26d5579b289adb593b2ccfeae97d5ff5e3b6))
7
+
8
+
9
+ ### BREAKING CHANGES
10
+
11
+ * ConfigContext.withFetch() was removed
12
+
13
+ ## [2.18.2](https://github.com/adobe/helix-config/compare/v2.18.1...v2.18.2) (2024-05-13)
14
+
15
+
16
+ ### Bug Fixes
17
+
18
+ * use webcrypto for better support ([#82](https://github.com/adobe/helix-config/issues/82)) ([0eb3a5b](https://github.com/adobe/helix-config/commit/0eb3a5b3ddba9a809c617e09d40f7d6ba98e0663))
19
+
1
20
  ## [2.18.1](https://github.com/adobe/helix-config/compare/v2.18.0...v2.18.1) (2024-05-09)
2
21
 
3
22
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@adobe/helix-config",
3
- "version": "2.18.1",
3
+ "version": "3.0.0",
4
4
  "description": "Helix Config",
5
5
  "main": "src/index.js",
6
6
  "types": "src/index.d.ts",
@@ -36,18 +36,11 @@
36
36
  "reporter": "mocha-multi-reporters",
37
37
  "reporter-options": "configFile=.mocha-multi.json"
38
38
  },
39
- "imports": {
40
- "#crypto": {
41
- "node": "./src/crypto.node.js",
42
- "browser": "./src/crypto.worker.js",
43
- "worker": "./src/crypto.worker.js"
44
- }
45
- },
46
39
  "devDependencies": {
47
40
  "@adobe/eslint-config-helix": "2.0.6",
48
41
  "@semantic-release/changelog": "6.0.3",
49
42
  "@semantic-release/git": "10.0.1",
50
- "@semantic-release/npm": "12.0.0",
43
+ "@semantic-release/npm": "12.0.1",
51
44
  "c8": "9.1.0",
52
45
  "eslint": "8.57.0",
53
46
  "husky": "9.0.11",
@@ -58,7 +51,7 @@
58
51
  "mocha-multi-reporters": "1.5.1",
59
52
  "mocha-suppress-logs": "0.5.1",
60
53
  "nock": "13.5.4",
61
- "semantic-release": "23.0.8"
54
+ "semantic-release": "23.1.1"
62
55
  },
63
56
  "lint-staged": {
64
57
  "*.js": "eslint",
@@ -68,10 +61,10 @@
68
61
  "@adobe/fetch": "4.1.2",
69
62
  "@adobe/helix-shared-config": "10.4.4",
70
63
  "@adobe/helix-shared-git": "3.0.9",
71
- "@adobe/helix-shared-storage": "1.0.0",
64
+ "@adobe/helix-shared-storage": "1.0.1",
72
65
  "@adobe/helix-shared-utils": "3.0.2",
73
66
  "ajv": "8.13.0",
74
67
  "ajv-formats": "3.0.1",
75
- "jose": "5.2.4"
68
+ "jose": "5.3.0"
76
69
  }
77
70
  }
package/src/ConfigContext.d.ts CHANGED
@@ -11,8 +11,6 @@
11
11
  */
12
12
  import {S3Loader} from "./S3Loader";
13
13
 
14
- type Fetch = (url: string|Request, options?: RequestOptions) => Promise<Response>;
15
-
16
14
  export declare enum ConfigScope {
17
15
  delivery = 'delivery',
18
16
  pipeline = 'pipeline',
@@ -24,6 +22,5 @@ export declare class ConfigContext {
24
22
  withLog(log: Console): ConfigContext;
25
23
  withEnv(env: object): ConfigContext;
26
24
  withS3Loader(loader: S3Loader): ConfigContext;
27
- withFetch(fetch: Fetch): ConfigContext;
28
25
  }
29
26
 
package/src/ConfigContext.js CHANGED
@@ -39,7 +39,6 @@ export const SCOPE_RAW = 'raw';
39
39
  * Public / Custom Configs: Sidekick, Production Host, Custom Preview Page / Live Host, Custom JSON.
40
40
  * @type {string}
41
41
  */
42
- // eslint-disable-next-line no-unused-vars
43
42
  export const SCOPE_PUBLIC = 'public';
44
43
 
45
44
  /**
@@ -68,9 +67,4 @@ export class ConfigContext {
68
67
  this.loader = loader;
69
68
  return this;
70
69
  }
71
-
72
- withFetch(fetch) {
73
- this.fetch = fetch;
74
- return this;
75
- }
76
70
  }
package/src/config-view.js CHANGED
@@ -12,13 +12,12 @@
12
12
  import { ModifiersConfig } from '@adobe/helix-shared-config/modifiers';
13
13
  import { computeSurrogateKey } from '@adobe/helix-shared-utils';
14
14
  // eslint-disable-next-line import/no-unresolved
15
- import cryptoImpl from '#crypto';
16
15
  import { PipelineResponse } from './PipelineResponse.js';
17
16
  import {
18
17
  SCOPE_ADMIN,
19
18
  SCOPE_PIPELINE,
20
19
  SCOPE_DELIVERY,
21
- SCOPE_RAW,
20
+ SCOPE_RAW, SCOPE_PUBLIC,
22
21
  } from './ConfigContext.js';
23
22
  import { resolveLegacyConfig, fetchRobotsTxt, toArray } from './config-legacy.js';
24
23
  import { getMergedConfig } from './config-merge.js';
@@ -48,6 +47,14 @@ const HELIX_CONFIG_BUS = 'helix-config-bus';
48
47
 
49
48
  const HELIX_CONTENT_BUS = 'helix-content-bus';
50
49
 
50
+ const VALID_SCOPES = [
51
+ SCOPE_ADMIN,
52
+ SCOPE_PIPELINE,
53
+ SCOPE_DELIVERY,
54
+ SCOPE_RAW,
55
+ SCOPE_PUBLIC,
56
+ ];
57
+
51
58
  /**
52
59
  * Creates a string representation of the given array that is suitable for substring matching by
53
60
  * delimiting each entry with `,` eg: ,foo@adobe.com,bar@adobe.com,
@@ -69,23 +76,35 @@ export function canonicalArrayString(root, partition, prop) {
69
76
  * Returns the hash of the global delivery token if defined.
70
77
  * @param ctx
71
78
  * @param rso
72
- * @returns {string|null}
79
+ * @returns {Promise<string|null>}
73
80
  */
74
- function getGlobalTokenHash(ctx, rso) {
81
+ async function getGlobalTokenHash(ctx, rso) {
75
82
  if (!ctx.env.HLX_GLOBAL_DELIVERY_TOKEN) {
76
83
  return null;
77
84
  }
78
- return cryptoImpl
79
- .createHmac('sha512', rso.org)
80
- .update(ctx.env.HLX_GLOBAL_DELIVERY_TOKEN, 'utf-8')
81
- .digest()
82
- .toString('base64url');
85
+ // use webcrypto for better support for cloudflare workers
86
+ const enc = new TextEncoder('utf-8');
87
+ const key = await crypto.subtle.importKey(
88
+ 'raw',
89
+ enc.encode(rso.org),
90
+ {
91
+ name: 'HMAC',
92
+ hash: { name: 'SHA-512' },
93
+ },
94
+ false,
95
+ ['sign', 'verify'],
96
+ );
97
+ const buffer = await crypto.subtle.sign('HMAC', key, enc.encode(ctx.env.HLX_GLOBAL_DELIVERY_TOKEN));
98
+ return btoa(String.fromCharCode(...new Uint8Array(buffer)))
99
+ .replaceAll('/', '_')
100
+ .replaceAll('+', '-')
101
+ .replaceAll('=', '');
83
102
  }
84
103
 
85
104
  /**
86
105
  * Returns the normalized access configuration for the give partition.
87
106
  */
88
- export function getAccessConfig(ctx, config, partition, rso) {
107
+ export async function getAccessConfig(ctx, config, partition, rso) {
89
108
  const { access, tokens = {} } = config;
90
109
  const apiKeyId = toArray(access[partition]?.apiKeyId ?? access.apiKeyId);
91
110
  const allow = toArray(access[partition]?.allow ?? access.allow);
@@ -107,7 +126,7 @@ export function getAccessConfig(ctx, config, partition, rso) {
107
126
  // if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still enforced.
108
127
  if (cfg.apiKeyId.length) {
109
128
  // add global token hash if defined and needed
110
- const globalTokenHash = getGlobalTokenHash(ctx, rso);
129
+ const globalTokenHash = await getGlobalTokenHash(ctx, rso);
111
130
  if (cfg.tokenHash.length && globalTokenHash) {
112
131
  // augment the list of hashes with the global one if exists
113
132
  cfg.tokenHash.push(globalTokenHash);
@@ -252,6 +271,15 @@ export async function getConfigResponse(ctx, opts) {
252
271
  const {
253
272
  ref, site, org, scope,
254
273
  } = opts;
274
+ if (!VALID_SCOPES.includes(scope)) {
275
+ return new PipelineResponse('', {
276
+ status: 400,
277
+ headers: {
278
+ 'x-error': 'invalid scope',
279
+ },
280
+ });
281
+ }
282
+
255
283
  const rso = { ref, site, org };
256
284
  const config = await resolveConfig(ctx, rso, scope);
257
285
  const surrogateHeaders = {
@@ -279,8 +307,8 @@ export async function getConfigResponse(ctx, opts) {
279
307
  // normalize access config
280
308
  const { admin = {} } = config.access;
281
309
  config.access = {
282
- preview: getAccessConfig(ctx, config, 'preview', rso),
283
- live: getAccessConfig(ctx, config, 'live', rso),
310
+ preview: await getAccessConfig(ctx, config, 'preview', rso),
311
+ live: await getAccessConfig(ctx, config, 'live', rso),
284
312
  // access.require.repository ?
285
313
  };
286
314
  if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {
package/src/crypto.node.js DELETED
@@ -1,16 +0,0 @@
1
- /*
2
- * Copyright 2018 Adobe. All rights reserved.
3
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
4
- * you may not use this file except in compliance with the License. You may obtain a copy
5
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
6
- *
7
- * Unless required by applicable law or agreed to in writing, software distributed under
8
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
9
- * OF ANY KIND, either express or implied. See the License for the specific language
10
- * governing permissions and limitations under the License.
11
- */
12
-
13
- // node runtime
14
- import cryptoImpl from 'node:crypto';
15
-
16
- export default cryptoImpl;
package/src/crypto.worker.js DELETED
@@ -1,15 +0,0 @@
1
- /*
2
- * Copyright 2018 Adobe. All rights reserved.
3
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
4
- * you may not use this file except in compliance with the License. You may obtain a copy
5
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
6
- *
7
- * Unless required by applicable law or agreed to in writing, software distributed under
8
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
9
- * OF ANY KIND, either express or implied. See the License for the specific language
10
- * governing permissions and limitations under the License.
11
- */
12
-
13
- // browser/worker runtime
14
- // eslint-disable-next-line no-undef
15
- export default crypto;