@adobe/helix-config 4.3.2 → 4.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/package.json +1 -1
- package/src/config-legacy.js +7 -1
- package/src/config-view.js +21 -3
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
# [4.4.0](https://github.com/adobe/helix-config/compare/v4.3.3...v4.4.0) (2024-09-05)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Features
|
|
5
|
+
|
|
6
|
+
* provide transient site token ([#180](https://github.com/adobe/helix-config/issues/180)) ([ca8161b](https://github.com/adobe/helix-config/commit/ca8161be26f1476af5f2b7c3c3894ae80546dbf7))
|
|
7
|
+
|
|
8
|
+
## [4.3.3](https://github.com/adobe/helix-config/compare/v4.3.2...v4.3.3) (2024-09-03)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Bug Fixes
|
|
12
|
+
|
|
13
|
+
* respect access.allow correctly ([#179](https://github.com/adobe/helix-config/issues/179)) ([398064e](https://github.com/adobe/helix-config/commit/398064e42b338b31d1717aed2f05a47ceae74c7c))
|
|
14
|
+
|
|
1
15
|
## [4.3.2](https://github.com/adobe/helix-config/compare/v4.3.1...v4.3.2) (2024-08-24)
|
|
2
16
|
|
|
3
17
|
|
package/package.json
CHANGED
package/src/config-legacy.js
CHANGED
|
@@ -158,7 +158,13 @@ export async function resolveLegacyConfig(ctx, rso, scope) {
|
|
|
158
158
|
const configAllLive = await fetchConfigAll(ctx, config.content.contentBusId, 'live');
|
|
159
159
|
const { access, admin } = configAllPreview?.config?.data || {};
|
|
160
160
|
if (access) {
|
|
161
|
-
config.access =
|
|
161
|
+
config.access = {
|
|
162
|
+
preview: access.preview,
|
|
163
|
+
live: access.live,
|
|
164
|
+
};
|
|
165
|
+
delete access.preview;
|
|
166
|
+
delete access.live;
|
|
167
|
+
config.access.site = access;
|
|
162
168
|
}
|
|
163
169
|
if (admin) {
|
|
164
170
|
if (!config.access) {
|
package/src/config-view.js
CHANGED
|
@@ -112,10 +112,11 @@ async function getGlobalTokenHash(ctx, rso) {
|
|
|
112
112
|
export async function getAccessConfig(ctx, config, partition, rso) {
|
|
113
113
|
const { access, tokens = {} } = config;
|
|
114
114
|
const pAccess = access[partition] ?? {};
|
|
115
|
-
const apiKeyId = toArray(pAccess.apiKeyId ?? access.site?.apiKeyId
|
|
116
|
-
const allow = toArray(pAccess.allow ?? access.allow);
|
|
115
|
+
const apiKeyId = toArray(pAccess.apiKeyId ?? access.site?.apiKeyId);
|
|
116
|
+
const allow = toArray(pAccess.allow ?? access.site?.allow);
|
|
117
117
|
const cfg = {
|
|
118
118
|
apiKeyId,
|
|
119
|
+
allow,
|
|
119
120
|
tokenHash: apiKeyId
|
|
120
121
|
// token ids are always stored in base64url format, but legacy apiKeyIds are not
|
|
121
122
|
.map((jti) => jti.replaceAll('/', '_').replaceAll('+', '-'))
|
|
@@ -301,6 +302,12 @@ export async function loadOrgConfig(ctx, org) {
|
|
|
301
302
|
return res.body ? res.json() : null;
|
|
302
303
|
}
|
|
303
304
|
|
|
305
|
+
export async function loadTransientSiteToken(ctx, org, site) {
|
|
306
|
+
const key = `orgs/${org}/sites/${site}/transient-site-tokens.json`;
|
|
307
|
+
const res = await ctx.loader.getObject(HELIX_CONFIG_BUS, key);
|
|
308
|
+
return res.body ? res.json() : null;
|
|
309
|
+
}
|
|
310
|
+
|
|
304
311
|
/**
|
|
305
312
|
* Computes the access.admin.role arrays for the org users.
|
|
306
313
|
* @param adminConfig
|
|
@@ -430,6 +437,13 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
430
437
|
if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {
|
|
431
438
|
// eslint-disable-next-line max-len
|
|
432
439
|
config.access.admin = computeSiteAdminRoles(admin, config.groups, orgConfig?.groups, orgConfig?.users);
|
|
440
|
+
} else {
|
|
441
|
+
// for pipeline and delivery, also load the site tokens
|
|
442
|
+
const tst = await loadTransientSiteToken(ctx, rso.org, rso.site);
|
|
443
|
+
if (tst) {
|
|
444
|
+
config.access.preview.transientSiteToken = tst.tokens.preview;
|
|
445
|
+
config.access.live.transientSiteToken = tst.tokens.live;
|
|
446
|
+
}
|
|
433
447
|
}
|
|
434
448
|
}
|
|
435
449
|
|
|
@@ -453,9 +467,11 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
453
467
|
'x-hlx-owner': config.code.owner,
|
|
454
468
|
'x-hlx-repo': config.code.repo,
|
|
455
469
|
'x-hlx-auth-clientdn-preview': canonicalArrayString(config.access, 'preview', 'clientCertDN'),
|
|
456
|
-
'x-hlx-auth-hash-preview': canonicalArrayString(config.access, 'preview', 'tokenHash'),
|
|
457
470
|
'x-hlx-auth-clientdn-live': canonicalArrayString(config.access, 'live', 'clientCertDN'),
|
|
471
|
+
'x-hlx-auth-hash-preview': canonicalArrayString(config.access, 'preview', 'tokenHash'),
|
|
458
472
|
'x-hlx-auth-hash-live': canonicalArrayString(config.access, 'live', 'tokenHash'),
|
|
473
|
+
'x-hlx-auth-tst-preview': config.access?.preview?.transientSiteToken?.value || '',
|
|
474
|
+
'x-hlx-auth-tst-live': config.access?.live?.transientSiteToken?.value || '',
|
|
459
475
|
},
|
|
460
476
|
});
|
|
461
477
|
}
|
|
@@ -468,6 +484,8 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
468
484
|
} else {
|
|
469
485
|
delete config.access?.preview?.apiKeyId;
|
|
470
486
|
delete config.access?.live?.apiKeyId;
|
|
487
|
+
delete config.access?.preview?.allow;
|
|
488
|
+
delete config.access?.live?.allow;
|
|
471
489
|
}
|
|
472
490
|
|
|
473
491
|
if (opts.scope === SCOPE_ADMIN) {
|