@adobe/helix-config 4.11.1 → 4.12.0

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# [4.12.0](https://github.com/adobe/helix-config/compare/v4.11.2...v4.12.0) (2025-01-16)
+
+
+### Features
+
+* respect secretId for site config ([#233](https://github.com/adobe/helix-config/issues/233)) ([00e252c](https://github.com/adobe/helix-config/commit/00e252c25720676259d3d093862db692004e6ecc))
+
+## [4.11.2](https://github.com/adobe/helix-config/compare/v4.11.1...v4.11.2) (2025-01-14)
+
+
+### Bug Fixes
+
+* handle incorrect setup gracefully ([6160923](https://github.com/adobe/helix-config/commit/6160923cf91d1d6aba0ef4a5b4c8af6f308209de))
+
 ## [4.11.1](https://github.com/adobe/helix-config/compare/v4.11.0...v4.11.1) (2025-01-13)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config",
-  "version": "4.11.1",
+  "version": "4.12.0",
   "description": "Helix Config",
   "main": "src/index.js",
   "types": "src/index.d.ts",

package/src/config-legacy.js

@@ -123,8 +123,14 @@ export async function resolveLegacyConfig(ctx, rso, scope) {
     return null;
   }
   const { contentBusId } = helixConfig.content.data['/'];
-  const fstab = helixConfig.fstab.data || helixConfig.fstab;
+  const fstab = helixConfig.fstab?.data || helixConfig.fstab;
+  if (!fstab) {
+    return null;
+  }
   let source = fstab.mountpoints['/'];
+  if (!source) {
+    return null;
+  }
   if (typeof source === 'string') {
     source = {
       type: source.startsWith('https://drive.google.com/')

package/src/config-view.js

@@ -162,31 +162,33 @@ function resolveSecret(object, idProp, dstProp, siteConfig, orgConfig) {
 export async function getAccessConfig(ctx, config, orgConfig, partition, rso) {
   const { access } = config;
   const pAccess = access[partition] ?? {};
-  const apiKeyId = toArray(pAccess.apiKeyId ?? access.site?.apiKeyId);
+  const secretId = toArray(
+    pAccess.apiKeyId ?? pAccess.secretId ?? access.site?.apiKeyId ?? access.site?.secretId,
+  );
   const allow = toArray(pAccess.allow ?? access.site?.allow);
   const cfg = {
-    apiKeyId,
+    secretId,
     allow,
-    tokenHash: apiKeyId
+    tokenHash: secretId
       // token ids are always stored in base64url format, but legacy apiKeyIds are not
       .map((jti) => jti.replaceAll('/', '_').replaceAll('+', '-'))
       .map((id) => lookupSecret(config, orgConfig, id, true))
       .filter((hash) => !!hash),
   };
-  // if an allow is defined but no apiKeyId, create a fake one so that auth is still enforced.
-  if (allow.length && !cfg.apiKeyId.length) {
-    cfg.apiKeyId.push('dummy');
+  // if an allow is defined but no secretId, create a fake one so that auth is still enforced.
+  if (allow.length && !cfg.secretId.length) {
+    cfg.secretId.push('dummy');
   }
 
-  // if an apiKeyId is defined but no tokenHash, create a fake one so that auth is still enforced.
-  if (cfg.apiKeyId.length) {
+  // if an secretId is defined but no tokenHash, create a fake one so that auth is still enforced.
+  if (cfg.secretId.length) {
     // add global token hash if defined and needed
     const globalTokenHash = await getGlobalTokenHash(ctx, rso);
     if (cfg.tokenHash.length && globalTokenHash) {
       // augment the list of hashes with the global one if exists
       cfg.tokenHash.push(globalTokenHash);
     } else if (!cfg.tokenHash.length) {
-      // add a dummy or global hash if no tokens match the apiKeyIds.
+      // add a dummy or global hash if no tokens match the secretIds.
       if (!config.legacy || allow.length) {
         // but only add for non-legacy sites or legacy with allows
         cfg.tokenHash.push(globalTokenHash || 'n/a');
@@ -525,8 +527,8 @@ export async function getConfigResponse(ctx, opts) {
     delete config.access?.preview?.tokenHash;
     delete config.access?.live?.tokenHash;
   } else {
-    delete config.access?.preview?.apiKeyId;
-    delete config.access?.live?.apiKeyId;
+    delete config.access?.preview?.secretId;
+    delete config.access?.live?.secretId;
     delete config.access?.preview?.allow;
     delete config.access?.live?.allow;
   }