@adobe/helix-config 3.1.2 → 3.2.0

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+# [3.2.0](https://github.com/adobe/helix-config/compare/v3.1.2...v3.2.0) (2024-05-29)
+
+
+### Features
+
+* add support for org users storage and view ([0b65a1d](https://github.com/adobe/helix-config/commit/0b65a1df91c4271a6c2ab99fb669381207141a24))
+
 ## [3.1.2](https://github.com/adobe/helix-config/compare/v3.1.1...v3.1.2) (2024-05-22)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config",
-  "version": "3.1.2",
+  "version": "3.2.0",
   "description": "Helix Config",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -46,7 +46,7 @@
     "husky": "9.0.11",
     "json-schema-to-typescript": "14.0.4",
     "junit-report-builder": "3.2.1",
-    "lint-staged": "15.2.2",
+    "lint-staged": "15.2.5",
     "mocha": "10.4.0",
     "mocha-multi-reporters": "1.5.1",
     "mocha-suppress-logs": "0.5.1",

package/src/config-view.js

@@ -21,6 +21,7 @@ import {
 } from './ConfigContext.js';
 import { resolveLegacyConfig, fetchRobotsTxt, toArray } from './config-legacy.js';
 import { getMergedConfig } from './config-merge.js';
+import { deepGetOrCreate } from './storage/utils.js';
 
 /**
  * @typedef Config
@@ -55,6 +56,10 @@ const VALID_SCOPES = [
   SCOPE_PUBLIC,
 ];
 
+const VALID_ORG_SCOPES = [
+  SCOPE_ADMIN,
+];
+
 /**
  * Creates a string representation of the given array that is suitable for substring matching by
  * delimiting each entry with `,` eg: ,foo@adobe.com,bar@adobe.com,
@@ -253,20 +258,39 @@ async function getSurrogateKey(opts, profile) {
   const { site, org } = opts;
   const keys = [
     await computeSurrogateKey(`${org}_config.json`),
-    await computeSurrogateKey(`${site}--${org}_config.json`),
   ];
+  if (site) {
+    keys.push(await computeSurrogateKey(`${site}--${org}_config.json`));
+  }
   if (profile) {
     keys.push(await computeSurrogateKey(`p:${profile}--${org}_config.json`));
   }
   return keys.join(' ');
 }
 
-async function loadOrgConfig(ctx, org) {
+export async function loadOrgConfig(ctx, org) {
   const key = `orgs/${org}/config.json`;
   const res = await ctx.loader.getObject(HELIX_CONFIG_BUS, key);
   return res.body ? res.json() : null;
 }
 
+function computeAdminRoles(adminConfig, orgConfig) {
+  if (orgConfig?.users) {
+    // map users[].roles[] to access.admin.role[].email
+    const rolesObj = deepGetOrCreate(adminConfig, ['access', 'admin', 'role'], true);
+    for (const user of orgConfig.users) {
+      for (const role of user.roles) {
+        if (!(role in rolesObj)) {
+          rolesObj[role] = [];
+        }
+        if (!rolesObj[role].includes(user.email)) {
+          rolesObj[role].push(user.email);
+        }
+      }
+    }
+  }
+}
+
 export async function getConfigResponse(ctx, opts) {
   const {
     ref, site, org, scope,
@@ -361,6 +385,7 @@ export async function getConfigResponse(ctx, opts) {
         ...config.content.source,
       },
     };
+    computeAdminRoles(adminConfig, orgConfig);
     delete adminConfig.public;
     delete adminConfig.robots;
     return new PipelineResponse(JSON.stringify(adminConfig, null, 2), {
@@ -420,3 +445,45 @@ export async function getConfigResponse(ctx, opts) {
     },
   });
 }
+
+export async function getOrgConfigResponse(ctx, opts) {
+  const { org, scope } = opts;
+  if (!VALID_ORG_SCOPES.includes(scope)) {
+    return new PipelineResponse('', {
+      status: 400,
+      headers: {
+        'x-error': 'invalid scope',
+      },
+    });
+  }
+  const surrogateHeaders = {
+    'x-surrogate-key': await getSurrogateKey(opts),
+  };
+
+  const orgConfig = await loadOrgConfig(ctx, org);
+  if (!orgConfig) {
+    return new PipelineResponse('', {
+      status: 404,
+      headers: {
+        'x-error': 'config not found.',
+        ...surrogateHeaders,
+      },
+    });
+  }
+
+  // only admin scope is supported and it only needs the users
+  const adminConfig = {
+    org,
+    ...orgConfig,
+  };
+
+  computeAdminRoles(adminConfig, orgConfig);
+  delete adminConfig.tokens;
+  delete adminConfig.users;
+  return new PipelineResponse(JSON.stringify(adminConfig, null, 2), {
+    headers: {
+      'content-type': 'application/json',
+      ...surrogateHeaders,
+    },
+  });
+}

package/src/schemas/org.schema.json

@@ -24,6 +24,9 @@
     "description": { "$ref": "https://ns.adobe.com/helix/config/common#/$defs/description" },
     "tokens": {
       "$ref": "https://ns.adobe.com/helix/config/tokens"
+    },
+    "users": {
+      "$ref": "https://ns.adobe.com/helix/config/users"
     }
   },
   "required": [

package/src/schemas/users.schema.cjs

@@ -0,0 +1,12 @@
+/*
+ * Copyright 2024 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+module.exports = require('./users.schema.json');

package/src/schemas/users.schema.json

@@ -0,0 +1,52 @@
+{
+  "meta:license": [
+    "Copyright 2024 Adobe. All rights reserved.",
+    "This file is licensed to you under the Apache License, Version 2.0 (the \"License\");",
+    "you may not use this file except in compliance with the License. You may obtain a copy",
+    "of the License at http://www.apache.org/licenses/LICENSE-2.0",
+    "",
+    "Unless required by applicable law or agreed to in writing, software distributed under",
+    "the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS",
+    "OF ANY KIND, either express or implied. See the License for the specific language",
+    "governing permissions and limitations under the License."
+  ],
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://ns.adobe.com/helix/config/users",
+  "title": "users",
+  "type": "array",
+  "items": {
+    "type": "object",
+    "properties": {
+      "id": {
+        "type": "string",
+        "pattern": "^[a-zA-Z0-9-_=]+$"
+      },
+      "email": {
+        "type": "string",
+        "format": "email"
+      },
+      "name": {
+        "type": "string"
+      },
+      "roles": {
+        "type": "array",
+        "items": {
+          "type": "string",
+          "enum": [
+            "admin",
+            "author",
+            "publish",
+            "config"
+          ]
+        }
+      }
+    },
+    "required": [
+      "id",
+      "email",
+      "roles"
+    ],
+    "additionalProperties": false
+  },
+  "additionalProperties": false
+}

package/src/storage/config-store.js

@@ -14,9 +14,9 @@ import { isDeepStrictEqual } from 'util';
 import { HelixStorage } from '@adobe/helix-shared-storage';
 import { StatusCodeError } from './status-code-error.js';
 import {
-  createToken,
-  jsonGet,
-  jsonPut,
+  createToken, createUser,
+  deepGetOrCreate,
+  deepPut,
   migrateToken,
   updateCodeSource,
   updateContentSource,
@@ -60,6 +60,13 @@ const FRAGMENTS = {
         '.': 'token',
       },
     },
+    users: {
+      '.': 'users',
+      '.param': {
+        name: 'id',
+        '.': 'user',
+      },
+    },
   },
 };
 
@@ -168,6 +175,9 @@ export class ConfigStore {
     if (this.type === 'org' && data.tokens) {
       throw new StatusCodeError(400, 'creating org config with tokens not supported yet.');
     }
+    if (this.type === 'org' && data.users) {
+      throw new StatusCodeError(400, 'creating org config with users is not supported yet.');
+    }
     if (this.type !== 'org') {
       updateContentSource(ctx, data.content);
       updateCodeSource(ctx, data.code);
@@ -186,7 +196,7 @@ export class ConfigStore {
     let obj = JSON.parse(buf);
     const frag = getFragmentInfo(this.type, relPath);
     if (frag) {
-      obj = jsonGet(obj, frag.relPath);
+      obj = deepGetOrCreate(obj, frag.relPath);
     }
     return redact(obj, frag);
   }
@@ -241,8 +251,33 @@ export class ConfigStore {
         ret = token;
         // don't expose hash in return value
         delete ret.hash;
+      } else if (frag.type === 'users') {
+        const user = createUser();
+        data = {
+          ...data,
+          ...user,
+        };
+        relPath = ['users', user.id];
+        frag.type = 'user';
+        ret = user;
+        // todo: define via "schema"
+        if (!old.users) {
+          old.users = [];
+        }
+      } else if (frag.type === 'user') {
+        const user = deepGetOrCreate(old, relPath);
+        if (!user) {
+          throw new StatusCodeError(404, 'object not found.');
+        }
+        if (data.id) {
+          if (data.id !== user.id) {
+            throw new StatusCodeError(400, 'object id mismatch.');
+          }
+        } else {
+          data.id = user.id;
+        }
       }
-      config = jsonPut(old, relPath, data);
+      config = deepPut(old, relPath, data);
     } else if (this.type !== 'org') {
       updateContentSource(ctx, config.content);
       updateCodeSource(ctx, config.code);
@@ -261,7 +296,7 @@ export class ConfigStore {
     }
     const frag = getFragmentInfo(this.type, relPath);
     if (frag) {
-      const data = jsonPut(JSON.parse(buf), relPath, null);
+      const data = deepPut(JSON.parse(buf), relPath, null);
       await validate(data, this.type);
       await storage.put(this.key, JSON.stringify(data), 'application/json');
       await this.purge(ctx, JSON.parse(buf), data);

package/src/storage/config-validator.js

@@ -32,6 +32,7 @@ import robotsSchema from '../schemas/robots.schema.cjs';
 import sidekickSchema from '../schemas/sidekick.schema.cjs';
 import siteSchema from '../schemas/site.schema.cjs';
 import tokensSchema from '../schemas/tokens.schema.cjs';
+import usersSchema from '../schemas/users.schema.cjs';
 
 export const SCHEMAS = [
   accessSchema,
@@ -53,6 +54,7 @@ export const SCHEMAS = [
   sidekickSchema,
   siteSchema,
   tokensSchema,
+  usersSchema,
 ];
 
 const SCHEMA_TYPES = {

package/src/storage/utils.js

@@ -15,21 +15,60 @@ import { GitUrl } from '@adobe/helix-shared-git';
 import { decodeJwt } from 'jose';
 import { StatusCodeError } from './status-code-error.js';
 
-export function jsonGet(obj, path) {
-  return path.split('/').reduce((o, p) => o[p], obj);
+/**
+ * Returns the property addressed by the given path in the object.
+ * If {@code create} is {@code true}, intermediate objects will be created if they do not exist.
+ *
+ * @param {object} obj the object to search
+ * @param {string|string[]} path the path or path segments
+ * @param {boolean} create if {@code true} intermediate objects will be created if they do not exist
+ * @returns {*}
+ */
+export function deepGetOrCreate(obj, path, create = false) {
+  const parts = Array.isArray(path) ? path : path.split('/');
+  return parts.reduce((o, prop) => {
+    if (Array.isArray(o)) {
+      // todo: better support for arrays
+      return o.find((e) => e.id === prop);
+    } else {
+      if (create && !(prop in o)) {
+        // eslint-disable-next-line no-param-reassign
+        o[prop] = {};
+      }
+      return o[prop];
+    }
+  }, obj);
 }
 
-export function jsonPut(obj, path, value) {
+/**
+ * Sets the property addressed by the given path in the object.
+ * @param {object} obj the object to search
+ * @param {string|string[]} path the path or path segments
+ * @param {*} value the value to set on the object
+ * @returns {object} the passed in `obj`
+ */
+export function deepPut(obj, path, value) {
   const parts = Array.isArray(path) ? path : path.split('/');
   const last = parts.pop();
-  const parent = parts.reduce((o, p) => {
-    if (!(p in o)) {
+  const parent = parts.reduce((o, prop) => {
+    if (!(prop in o)) {
       // eslint-disable-next-line no-param-reassign
-      o[p] = {};
+      o[prop] = {};
     }
-    return o[p];
+    return o[prop];
   }, obj);
-  if (value === null) {
+
+  if (Array.isArray(parent)) {
+    // todo: better support for non id keys
+    const idx = parent.findIndex((e) => e.id === last);
+    if (idx >= 0 && value === null) {
+      parent.splice(idx, 1);
+    } else if (idx >= 0) {
+      parent[idx] = value;
+    } else if (value !== null) {
+      parent.push(value);
+    }
+  } else if (value === null) {
     delete parent[last];
   } else {
     parent[last] = value;
@@ -137,6 +176,13 @@ export function createToken(key) {
   };
 }
 
+export function createUser() {
+  const id = crypto.randomBytes(16).toString('base64url');
+  return {
+    id,
+  };
+}
+
 /**
  * migrates an existing jwt token
  * @param key