@adobe/helix-config 3.13.2 → 4.1.0

package/src/storage/config-store.js

@@ -1,359 +0,0 @@
-/*
- * Copyright 2023 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-/* eslint-disable no-param-reassign */
-import { isDeepStrictEqual } from 'util';
-import { HelixStorage } from '@adobe/helix-shared-storage';
-import { StatusCodeError } from './status-code-error.js';
-import {
-  createToken, createUser,
-  migrateToken,
-  updateCodeSource,
-  updateContentSource,
-} from './utils.js';
-import { validate as validateSchema } from './config-validator.js';
-import { deepGetOrCreate, deepPut } from '../utils.js';
-
-const FRAGMENTS_COMMON = {
-  content: 'object',
-  code: 'object',
-  folders: 'object',
-  headers: 'object',
-  metadata: 'object',
-  sidekick: 'object',
-  cdn: {
-    '.': 'object',
-    prod: 'object',
-    preview: 'object',
-    live: 'object',
-  },
-  access: {
-    '.': 'object',
-    admin: 'object',
-    preview: 'object',
-    live: 'object',
-  },
-  tokens: {
-    '.': 'tokens',
-    '.param': {
-      name: 'id',
-      '.': 'token',
-    },
-  },
-  groups: {
-    '.': 'object',
-    '.param': {
-      '.': 'object',
-      members: 'object',
-    },
-  },
-  public: 'object',
-  robots: 'object',
-};
-
-const FRAGMENTS = {
-  sites: {
-    ...FRAGMENTS_COMMON,
-    extends: 'object',
-  },
-  profiles: FRAGMENTS_COMMON,
-  org: {
-    users: {
-      '.': 'users',
-      '.param': {
-        name: 'id',
-        '.': 'user',
-      },
-    },
-    groups: {
-      '.': 'object',
-      '.param': {
-        '.': 'object',
-        members: 'object',
-      },
-    },
-  },
-};
-
-export function getFragmentInfo(type, relPath) {
-  if (!relPath) {
-    return null;
-  }
-  const parts = relPath.split('/');
-  let fragment = FRAGMENTS[type];
-  const info = {
-    relPath,
-  };
-  for (const part of parts) {
-    let next = fragment[part];
-    if (!next) {
-      next = fragment['.param'];
-      if (!next) {
-        throw new StatusCodeError(400, 'invalid object path.');
-      }
-      info[next.name] = part;
-    }
-    fragment = next;
-  }
-  if (typeof fragment === 'string') {
-    info.type = fragment;
-  } else {
-    info.type = fragment['.'];
-  }
-  return info;
-}
-
-/**
- * Redact / transform the token config
- * @param token
- */
-function redactToken(token) {
-  return {
-    id: token.id,
-    created: token.created,
-  };
-}
-
-/**
- * Redact / transform the tokens config
- * @param tokens
- */
-function redactTokens(tokens) {
-  return Object.values(tokens).map(redactToken);
-}
-
-/**
- * redact information from the config
- * @param {object} config
- * @param {object} frag
- */
-function redact(config, frag) {
-  if (!config) {
-    return config;
-  }
-  let ret = config;
-  if (frag?.type === 'tokens') {
-    ret = redactTokens(config);
-  }
-  if (frag?.type === 'token') {
-    ret = redactToken(config);
-  }
-  if (ret.tokens) {
-    // eslint-disable-next-line no-param-reassign
-    ret.tokens = redactTokens(ret.tokens);
-  }
-  return ret;
-}
-
-/**
- * General purpose config store.
- */
-export class ConfigStore {
-  /**
-   * @param {string} org the org id
-   * @param {string} type store type (org, sites, profiles, secrets, users)
-   * @param {string} name config name
-   */
-  constructor(org, type = 'org', name = '') {
-    if (!org) {
-      throw new Error('org required');
-    }
-    if (org.includes('/') || type.includes('/') || name.includes('/')) {
-      throw new Error('orgId, type and name must not contain slashes');
-    }
-    this.org = org;
-    this.type = type;
-    this.name = name;
-    this.key = type === 'org'
-      ? `/orgs/${this.org}/${this.name || 'config'}.json`
-      : `/orgs/${this.org}/${this.type}/${this.name}.json`;
-  }
-
-  /**
-   * Validates the config and throws an error if not valid.
-   * @param {AdminContext} ctx
-   * @param {HelixSiteConfig|HelixProfileConfig} data the data of the config to be updated
-   * @returns {Promise<boolean|undefined>}
-   */
-  async validate(ctx, data) {
-    return validateSchema(data, this.type);
-  }
-
-  async create(ctx, data, relPath = '') {
-    if (relPath) {
-      throw new StatusCodeError(409, 'create not supported on substructures.');
-    }
-    const storage = HelixStorage.fromContext(ctx).configBus();
-    if (await storage.head(this.key)) {
-      throw new StatusCodeError(409, 'config already exists.');
-    }
-    if (data.tokens) {
-      throw new StatusCodeError(400, 'creating config with tokens not supported yet.');
-    }
-    if (this.type === 'org' && data.users) {
-      throw new StatusCodeError(400, 'creating org config with users is not supported yet.');
-    }
-    if (this.type !== 'org') {
-      updateContentSource(ctx, data.content);
-      updateCodeSource(ctx, data.code);
-    }
-    await this.validate(ctx, data);
-    await storage.put(this.key, JSON.stringify(data), 'application/json');
-    await this.purge(ctx, null, data);
-  }
-
-  async #list(ctx) {
-    const storage = HelixStorage.fromContext(ctx).configBus();
-    const key = `orgs/${this.org}/${this.type}/`;
-    const list = await storage.list(key);
-    return {
-      [this.type]: list.map((entry) => {
-        const siteKey = entry.key;
-        if (siteKey.endsWith('.json')) {
-          const name = siteKey.split('/').pop();
-          return {
-            path: `/config/${this.org}/${this.type}/${name}`,
-            name: name.substring(0, name.length - 5),
-          };
-        }
-        return null;
-      }).filter((entry) => entry),
-    };
-  }
-
-  async read(ctx, relPath = '') {
-    if (this.name === '' && (this.type === 'sites' || this.type === 'profiles')) {
-      return this.#list(ctx);
-    }
-
-    const storage = HelixStorage.fromContext(ctx).configBus();
-    const buf = await storage.get(this.key);
-    if (!buf) {
-      return null;
-    }
-    let obj = JSON.parse(buf);
-    const frag = getFragmentInfo(this.type, relPath);
-    if (frag) {
-      obj = deepGetOrCreate(obj, frag.relPath);
-    }
-    return redact(obj, frag) ?? null;
-  }
-
-  async update(ctx, data, relPath = '') {
-    const storage = HelixStorage.fromContext(ctx).configBus();
-    const buf = await storage.get(this.key);
-    let old = buf ? JSON.parse(buf) : null;
-    const frag = getFragmentInfo(this.type, relPath);
-    let config = data;
-    // set config to null if empty object
-    if (isDeepStrictEqual(config, {})) {
-      config = null;
-    }
-
-    let ret = null;
-    if (!config && frag?.type !== 'tokens') {
-      throw new StatusCodeError(400, 'no config in body.');
-    }
-    if (frag) {
-      if (!old) {
-        if (this.type === 'profiles' && frag.type === 'tokens') {
-          old = {};
-        } else {
-          throw new StatusCodeError(404, 'config not found.');
-        }
-      }
-      if (relPath === 'code') {
-        updateCodeSource(ctx, data);
-      } else if (relPath === 'content') {
-        updateContentSource(ctx, data);
-      } else if (frag.type === 'token') {
-        // don't allow to update individual token
-        throw new StatusCodeError(400, 'invalid object path.');
-      } else if (frag.type === 'tokens') {
-        // TODO: remove support after all helix4 projects are migrated
-        let token;
-        if (data.jwt) {
-          token = await migrateToken(this.org, data.jwt);
-        } else {
-          // create new token
-          token = createToken(this.org);
-        }
-
-        data = {
-          ...token,
-        };
-        // don't store token value in the config
-        delete data.value;
-        relPath = ['tokens', token.id];
-        frag.type = 'token';
-        ret = token;
-        // don't expose hash in return value
-        delete ret.hash;
-      } else if (frag.type === 'users') {
-        const user = createUser();
-        data = {
-          ...data,
-          ...user,
-        };
-        relPath = ['users', user.id];
-        frag.type = 'user';
-        // todo: define via "schema"
-        if (!old.users) {
-          old.users = [];
-        }
-      } else if (frag.type === 'user') {
-        const user = deepGetOrCreate(old, relPath);
-        if (!user) {
-          throw new StatusCodeError(404, 'object not found.');
-        }
-        if (data.id) {
-          if (data.id !== user.id) {
-            throw new StatusCodeError(400, 'object id mismatch.');
-          }
-        } else {
-          data.id = user.id;
-        }
-      }
-      config = deepPut(old, relPath, data);
-    } else if (this.type !== 'org') {
-      updateContentSource(ctx, config.content);
-      updateCodeSource(ctx, config.code);
-    }
-    await this.validate(ctx, config);
-    await storage.put(this.key, JSON.stringify(config), 'application/json');
-    await this.purge(ctx, buf ? JSON.parse(buf) : null, config);
-    return ret ?? redact(data, frag);
-  }
-
-  async remove(ctx, relPath) {
-    const storage = HelixStorage.fromContext(ctx).configBus();
-    const buf = await storage.get(this.key);
-    if (!buf) {
-      throw new StatusCodeError(404, 'config not found.');
-    }
-    const frag = getFragmentInfo(this.type, relPath);
-    if (frag) {
-      const data = deepPut(JSON.parse(buf), relPath, null);
-      await this.validate(ctx, data);
-      await storage.put(this.key, JSON.stringify(data), 'application/json');
-      await this.purge(ctx, JSON.parse(buf), data);
-      return;
-    }
-
-    await storage.remove(this.key);
-    await this.purge(ctx, JSON.parse(buf), null);
-  }
-
-  // eslint-disable-next-line class-methods-use-this,no-unused-vars
-  async purge(ctx, oldConfig, newConfig) {
-    // override in subclass
-  }
-}

package/src/storage/config-validator.js

@@ -1,112 +0,0 @@
-/*
- * Copyright 2024 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import Ajv2019 from 'ajv/dist/2019.js';
-import ajvFormats from 'ajv-formats';
-import { ValidationError } from './ValidationError.js';
-
-import accessAdminSchema from '../schemas/access-admin.schema.cjs';
-import accessSchema from '../schemas/access.schema.cjs';
-import accessSiteSchema from '../schemas/access-site.schema.cjs';
-import cdnSchema from '../schemas/cdn.schema.cjs';
-import cdnProdFastlySchema from '../schemas/cdn-prod-fastly.schema.cjs';
-import cdnProdCloudflareSchema from '../schemas/cdn-prod-cloudflare.schema.cjs';
-import cdnProdAkamaiSchema from '../schemas/cdn-prod-akamai.schema.cjs';
-import cdnProdManagedSchema from '../schemas/cdn-prod-managed.schema.cjs';
-import cdnProdCloudfrontSchema from '../schemas/cdn-prod-cloudfront.schema.cjs';
-import commonSchema from '../schemas/common.schema.cjs';
-import codeSchema from '../schemas/code.schema.cjs';
-import contentSchema from '../schemas/content.schema.cjs';
-import foldersSchema from '../schemas/folders.schema.cjs';
-import groupsSchema from '../schemas/groups.schema.cjs';
-import googleSchema from '../schemas/content-source-google.schema.cjs';
-import headersSchema from '../schemas/headers.schema.cjs';
-import markupSchema from '../schemas/content-source-markup.schema.cjs';
-import metadataSchema from '../schemas/metadata-source.schema.cjs';
-import orgSchema from '../schemas/org.schema.cjs';
-import onedriveSchema from '../schemas/content-source-onedrive.schema.cjs';
-import publicSchema from '../schemas/public.schema.cjs';
-import profileSchema from '../schemas/profile.schema.cjs';
-import profilesSchema from '../schemas/profiles.schema.cjs';
-import robotsSchema from '../schemas/robots.schema.cjs';
-import sidekickSchema from '../schemas/sidekick.schema.cjs';
-import siteSchema from '../schemas/site.schema.cjs';
-import sitesSchema from '../schemas/sites.schema.cjs';
-import tokensSchema from '../schemas/tokens.schema.cjs';
-import userSchema from '../schemas/user.schema.cjs';
-import usersSchema from '../schemas/users.schema.cjs';
-
-export const SCHEMAS = [
-  accessSchema,
-  accessAdminSchema,
-  accessSiteSchema,
-  cdnSchema,
-  commonSchema,
-  contentSchema,
-  codeSchema,
-  foldersSchema,
-  googleSchema,
-  groupsSchema,
-  headersSchema,
-  markupSchema,
-  metadataSchema,
-  orgSchema,
-  onedriveSchema,
-  publicSchema,
-  profileSchema,
-  profilesSchema,
-  robotsSchema,
-  sidekickSchema,
-  siteSchema,
-  sitesSchema,
-  tokensSchema,
-  userSchema,
-  usersSchema,
-  cdnProdFastlySchema,
-  cdnProdCloudflareSchema,
-  cdnProdAkamaiSchema,
-  cdnProdManagedSchema,
-  cdnProdCloudfrontSchema,
-];
-
-const SCHEMA_TYPES = {
-  profiles: profileSchema,
-  sites: siteSchema,
-  org: orgSchema,
-};
-
-/**
- * Validates the loaded configuration and coerces types and sets defaults
- * @param {object} config The configuration to validate
- * @param {string} type the config type
- * @returns {object} The validated configuration
- */
-export async function validate(config, type) {
-  const schema = SCHEMA_TYPES[type];
-  if (!schema) {
-    throw new Error(`no such type: ${type}`);
-  }
-  const ajv = new Ajv2019({
-    allErrors: true,
-    verbose: true,
-    useDefaults: true,
-    coerceTypes: 'array',
-    strict: false,
-  });
-  ajvFormats(ajv);
-
-  ajv.addSchema(SCHEMAS);
-  const res = ajv.validate(schema, config);
-  if (res) {
-    return res;
-  }
-  throw new ValidationError(ajv.errorsText(), ajv.errors);
-}

package/src/storage/index.js

@@ -1,14 +0,0 @@
-/*
- * Copyright 2024 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-export { ConfigStore } from './config-store.js';
-export { SCHEMAS } from './config-validator.js';
-export * from './ValidationError.js';

package/src/storage/status-code-error.js

@@ -1,22 +0,0 @@
-/*
- * Copyright 2024 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-export class StatusCodeError extends Error {
-  /**
-   * Creates a new StatusCodeError.
-   * @param {number} statusCode The status code.
-   * @param {string} message The error message.
-   */
-  constructor(statusCode, message) {
-    super(message);
-    this.statusCode = statusCode;
-  }
-}

package/src/storage/utils.js

@@ -1,157 +0,0 @@
-/*
- * Copyright 2024 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-/* eslint-disable no-param-reassign */
-import crypto from 'crypto';
-import { GitUrl } from '@adobe/helix-shared-git';
-import { decodeJwt } from 'jose';
-import { StatusCodeError } from './status-code-error.js';
-
-/**
- * Update the contentBusId field of the content object based on the source URL.
- * @param ctx
- * @param content
- * @returns {boolean}
- */
-export function updateContentSource(ctx, content) {
-  if (!content?.source?.url) {
-    return false;
-  }
-  const url = new URL(content.source.url);
-  let modified = false;
-  const sha256 = crypto
-    .createHash('sha256')
-    .update(url.toString())
-    .digest('hex');
-  const contentBusId = `${sha256.substring(0, 59)}`;
-  if (contentBusId === content.contentBusId) {
-    ctx.log.info(`contentBusId is already correct for ${url}: ${contentBusId}`);
-  } else {
-    ctx.log.info(`Updating contentBusId for ${url}: ${contentBusId}`);
-    content.contentBusId = contentBusId;
-    modified = true;
-  }
-
-  // calculate type based on source URL
-  if (!content.source.type) {
-    if (url.hostname === 'drive.google.com') {
-      content.source.type = 'google';
-      content.source.id = url.pathname.split('/').pop();
-      modified = true;
-    } else if (url.protocol === 'gdrive:') {
-      content.source.type = 'google';
-      content.source.id = url.pathname;
-      modified = true;
-    } else if (url.hostname.endsWith('.sharepoint.com') || url.hostname === '1drv.ms') {
-      content.source.type = 'onedrive';
-      modified = true;
-    } else if (url.protocol === 'onedrive:') {
-      content.source.type = 'onedrive';
-      content.source.itemId = url.pathname;
-      modified = true;
-    }
-  }
-  return modified;
-}
-
-/**
- * updates the code source information
- * @param ctx
- * @param code
- * @return {boolean} true if the code source was updated
- */
-export function updateCodeSource(ctx, code) {
-  let modified = false;
-  if (code?.source?.url) {
-    // recompute owner, repo and type
-    code.source.type = 'github';
-    const url = new GitUrl(code.source.url);
-    if (url.owner !== code.owner) {
-      code.owner = url.owner;
-      modified = true;
-    }
-    if (url.repo !== code.repo) {
-      code.repo = url.repo;
-      modified ||= true;
-    }
-  } else if (code?.owner && code?.repo) {
-    code.source = {
-      type: 'github',
-      url: `https://github.com/${code.owner}/${code.repo}`,
-    };
-    modified = true;
-  }
-  return modified;
-}
-
-/**
- * Creates a random token and hashes it with the given key
- * @param {string} key
- * @returns {object} the token
- */
-export function createToken(key) {
-  const secret = crypto.randomBytes(32).toString('base64url');
-  const value = `hlx_${secret}`;
-  const hash = crypto
-    .createHmac('sha512', key)
-    .update(value, 'utf-8')
-    .digest()
-    .toString('base64url');
-  const id = crypto.createHash('sha256').update(hash).digest().toString('base64url');
-  const created = new Date().toISOString();
-  return {
-    id,
-    value,
-    hash,
-    created,
-  };
-}
-
-export function createUser() {
-  const id = crypto.randomBytes(16).toString('base64url');
-  return {
-    id,
-  };
-}
-
-/**
- * migrates an existing jwt token
- * @param key
- * @param jwt
- * @returns {Promise<object>}
- */
-export async function migrateToken(key, jwt) {
-  let payload;
-  try {
-    payload = await decodeJwt(jwt);
-  } catch (e) {
-    throw new StatusCodeError(400, `unable to migrate jwt: ${e.message}`);
-  }
-  const { jti } = payload;
-  if (!jti) {
-    throw new StatusCodeError(400, 'unable to migrate jwt: missing jti claim.');
-  }
-  const id = jti
-    .replaceAll('/', '_')
-    .replaceAll('+', '-');
-  const hash = crypto
-    .createHmac('sha512', key)
-    .update(jwt, 'utf-8')
-    .digest()
-    .toString('base64url');
-  const created = new Date().toISOString();
-  return {
-    id,
-    value: jwt,
-    hash,
-    created,
-  };
-}