@adobe/helix-html-pipeline 5.4.4 → 6.0.1

package/CHANGELOG.md

@@ -1,3 +1,22 @@
+## [6.0.1](https://github.com/adobe/helix-html-pipeline/compare/v6.0.0...v6.0.1) (2024-01-11)
+
+
+### Bug Fixes
+
+* enforce rso ([#488](https://github.com/adobe/helix-html-pipeline/issues/488)) ([4b38e25](https://github.com/adobe/helix-html-pipeline/commit/4b38e2524514a3d64a041d456bf14fe8b2e416cb))
+
+# [6.0.0](https://github.com/adobe/helix-html-pipeline/compare/v5.4.4...v6.0.0) (2024-01-10)
+
+
+### Features
+
+* use config service config ([#487](https://github.com/adobe/helix-html-pipeline/issues/487)) ([f2d9770](https://github.com/adobe/helix-html-pipeline/commit/f2d9770577072691b645c6d30c45358d6606e0a1))
+
+
+### BREAKING CHANGES
+
+* state needs config
+
 ## [5.4.4](https://github.com/adobe/helix-html-pipeline/compare/v5.4.3...v5.4.4) (2023-12-30)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-html-pipeline",
-  "version": "5.4.4",
+  "version": "6.0.1",
   "description": "Helix HTML Pipeline",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -75,7 +75,7 @@
     "@semantic-release/changelog": "6.0.3",
     "@semantic-release/git": "10.0.1",
     "@semantic-release/npm": "11.0.2",
-    "c8": "8.0.1",
+    "c8": "9.0.0",
     "eslint": "8.56.0",
     "eslint-import-resolver-exports": "1.0.0-beta.5",
     "eslint-plugin-header": "3.1.1",
@@ -83,7 +83,7 @@
     "esmock": "2.6.0",
     "husky": "8.0.3",
     "js-yaml": "4.1.0",
-    "jsdom": "23.0.1",
+    "jsdom": "23.1.0",
     "junit-report-builder": "3.1.0",
     "lint-staged": "15.2.0",
     "mocha": "10.2.0",

package/src/PipelineState.d.ts

@@ -11,8 +11,7 @@
  */
 import {PathInfo, S3Loader, FormsMessageDispatcher, PipelineTimer, AuthEnvLoader } from "./index";
 import {PipelineContent} from "./PipelineContent";
-import {Modifiers} from './utils/modifiers';
-import {ProjectConfig} from "./project-config";
+import {PipelineSiteConfig} from "./site-config";
 
 declare enum PipelineType {
   html = 'html',
@@ -37,14 +36,15 @@ declare interface PipelineOptions {
   s3Loader: S3Loader;
   messageDispatcher: FormsMessageDispatcher;
   authEnvLoader: AuthEnvLoader;
+  config: PipelineSiteConfig;
   fetch: Fetch;
-  owner: string;
-  repo: string;
   ref: string;
   partition: string;
   path: string;
   timer: PipelineTimer;
   env: object;
+  site: string;
+  org: string;
 }
 
 declare class PipelineState {
@@ -72,6 +72,16 @@ declare class PipelineState {
    */
   partition: string;
 
+  /**
+   * project site
+   */
+  site: string;
+
+  /**
+   * project org
+   */
+  org: string;
+
   /**
    * Repository owner
    */
@@ -88,24 +98,19 @@ declare class PipelineState {
   ref: string;
 
   /**
-   * helix-config.json once loaded (contains fstab, head.html, etc)
-   */
-  helixConfig?: object;
-
-  /**
-   * the /.helix/config.json in object form
+   * the site config loaded from config-service
    */
-  config?: ProjectConfig;
+  config: PipelineSiteConfig;
 
   /**
    * the metadata.json in modifier form.
    */
-  metadata?: Modifiers;
+  metadata: Modifiers;
 
   /**
    * the headers.json in modifier form.
    */
-  headers?: Modifiers;
+  headers: Modifiers;
 
   /**
    * optional timer that is used to measure the timing
@@ -122,16 +127,19 @@ declare class PipelineState {
    */
   authInfo?: AuthInfo;
 
+  /**
+   * the production host
+   */
+  prodHost: string;
+
   /**
    * the custom preview host if configured via config.cdn.preview.host
-   * this is initialized after the config is loaded.
    */
-  previewHost?: string;
+  previewHost: string;
 
   /**
    * the custom live host if configured via config.cdn.live.host
-   * this is initialized after the config is loaded.
    */
-  liveHost?: string;
+  liveHost: string;
 }
 

package/src/PipelineState.js

@@ -28,23 +28,29 @@ export class PipelineState {
       log: opts.log ?? console,
       env: opts.env,
       info: getPathInfo(opts.path),
+      config: opts.config,
       content: new PipelineContent(),
-      owner: opts.owner,
-      repo: opts.repo,
+      contentBusId: opts.config.contentBusId,
+      site: opts.site,
+      org: opts.org,
+      owner: opts.config.owner,
+      repo: opts.config.repo,
       ref: opts.ref,
       partition: opts.partition,
-      helixConfig: undefined,
       metadata: Modifiers.EMPTY,
       headers: Modifiers.EMPTY,
-      config: {},
       s3Loader: opts.s3Loader,
       messageDispatcher: opts.messageDispatcher,
       authEnvLoader: opts.authEnvLoader ?? { load: () => {} },
       fetch: opts.fetch,
       timer: opts.timer,
       type: 'html',
-      authInfo: undefined,
     });
+    for (const prop of ['org', 'site', 'contentBusId', 'repo', 'owner', 'ref', 'partition']) {
+      if (!this[prop]) {
+        throw new Error(`${prop} required`);
+      }
+    }
   }
 
   // eslint-disable-next-line class-methods-use-this

package/src/html-pipe.js

@@ -10,15 +10,14 @@
  * governing permissions and limitations under the License.
  */
 import { cleanupHeaderValue } from '@adobe/helix-shared-utils';
-import { authenticate, requireProject } from './steps/authenticate.js';
+import { authenticate } from './steps/authenticate.js';
 import addHeadingIds from './steps/add-heading-ids.js';
 import createPageBlocks from './steps/create-page-blocks.js';
 import createPictures from './steps/create-pictures.js';
 import extractMetaData from './steps/extract-metadata.js';
-import fetchConfig from './steps/fetch-config.js';
 import fetchContent from './steps/fetch-content.js';
 import fetch404 from './steps/fetch-404.js';
-import fetchConfigAll from './steps/fetch-config-all.js';
+import initConfig from './steps/init-config.js';
 import fixSections from './steps/fix-sections.js';
 import folderMapping from './steps/folder-mapping.js';
 import getMetadata from './steps/get-metadata.js';
@@ -112,14 +111,8 @@ export async function htmlPipe(state, req) {
     }
   }
 
-  try { // fetch config first, since we need to compute the content-bus-id from the fstab ...
-    state.timer?.update('config-fetch');
-    await fetchConfig(state, req, res);
-    if (!state.contentBusId) {
-      res.status = 400;
-      res.headers.set('x-error', 'contentBusId missing');
-      return res;
-    }
+  try {
+    await initConfig(state, req, res);
 
     // force code-bus for .html files
     if (state.info.originalExtension === '.html' && state.info.selector !== 'plain') {
@@ -147,12 +140,11 @@ export async function htmlPipe(state, req) {
     // load metadata and content in parallel
     state.timer?.update('metadata-fetch');
     await Promise.all([
-      fetchConfigAll(state, req, res),
       contentPromise,
       fetchMappedMetadata(state),
     ]);
 
-    await requireProject(state, req, res);
+    // await requireProject(state, req, res);
     if (res.error !== 401) {
       await authenticate(state, req, res);
     }
@@ -202,6 +194,7 @@ export async function htmlPipe(state, req) {
       res.status = 500;
     }
 
+    /* c8 ignore next */
     const level = res.status >= 500 ? 'error' : 'info';
     log[level](`pipeline status: ${res.status} ${res.error}`, e);
     res.headers.set('x-error', cleanupHeaderValue(res.error));

package/src/index.js

@@ -12,7 +12,6 @@
 export * from './html-pipe.js';
 export * from './json-pipe.js';
 export * from './options-pipe.js';
-export * from './forms-pipe.js';
 export * from './PipelineContent.js';
 export * from './PipelineRequest.js';
 export * from './PipelineResponse.js';

package/src/json-pipe.js

@@ -10,13 +10,12 @@
  * governing permissions and limitations under the License.
  */
 import { cleanupHeaderValue, computeSurrogateKey } from '@adobe/helix-shared-utils';
-import fetchConfigAll from './steps/fetch-config-all.js';
+import initConfig from './steps/init-config.js';
 import setCustomResponseHeaders from './steps/set-custom-response-headers.js';
 import { PipelineResponse } from './PipelineResponse.js';
 import jsonFilter from './utils/json-filter.js';
 import { extractLastModified, updateLastModified } from './utils/last-modified.js';
 import { authenticate } from './steps/authenticate.js';
-import fetchConfig from './steps/fetch-config.js';
 import { getPathInfo } from './utils/path.js';
 import { PipelineStatusError } from './PipelineStatusError.js';
 
@@ -28,7 +27,7 @@ import { PipelineStatusError } from './PipelineStatusError.js';
  * @param {PipelineState} state
  */
 export default function folderMapping(state) {
-  const folders = state.helixConfig?.fstab?.data.folders;
+  const { folders } = state.config;
   if (!folders) {
     return;
   }
@@ -121,39 +120,25 @@ export async function jsonPipe(state, req) {
   }
 
   try {
-    // fetch config and apply the folder mapping
-    await fetchConfig(state, req);
-    if (!state.contentBusId) {
-      return new PipelineResponse('', {
-        status: 400,
-        headers: {
-          'x-error': 'contentBusId missing',
-        },
-      });
-    }
-
     /** @type PipelineResponse */
     const res = new PipelineResponse('', {
       headers: {
         'content-type': 'application/json',
       },
     });
+    await initConfig(state, req, res);
 
     // apply the folder mapping if the current resource doesn't exist
     state.timer?.update('json-fetch');
-    let contentPromise = await fetchJsonContent(state, req, res);
+    await fetchJsonContent(state, req, res);
     if (res.status === 404) {
       folderMapping(state);
       if (state.info.unmappedPath) {
-        contentPromise = fetchJsonContent(state, req, res);
+        await fetchJsonContent(state, req, res);
       }
     }
 
     state.timer?.update('json-metadata-fetch');
-    await Promise.all([
-      fetchConfigAll(state, req, res),
-      contentPromise,
-    ]);
 
     await authenticate(state, req, res);
 

package/src/options-pipe.js

@@ -13,9 +13,8 @@ import { cleanupHeaderValue } from '@adobe/helix-shared-utils';
 // eslint-disable-next-line import/no-unresolved
 import cryptoImpl from '#crypto';
 import { PipelineResponse } from './PipelineResponse.js';
-import fetchConfigAll from './steps/fetch-config-all.js';
+import initConfig from './steps/init-config.js';
 import setCustomResponseHeaders from './steps/set-custom-response-headers.js';
-import fetchConfig from './steps/fetch-config.js';
 import { PipelineStatusError } from './PipelineStatusError.js';
 import { getOriginalHost } from './steps/utils.js';
 
@@ -41,8 +40,8 @@ function hashMe(domain, domainkeys) {
  * the x-forwarded-host and the domainkey. If no domainkey has been set in .helix/config
  * then the `slack` channel will be used instead.
  * @param {object} state current pipeline state
- * @param {Request} request HTTP request
- * @param {Response} response HTTP response
+ * @param {PipelineRequest} request HTTP request
+ * @param {PipelineResponse} response HTTP response
  * @returns {void}
  */
 function setDomainkeyHeader(state, request, response) {
@@ -53,11 +52,11 @@ function setDomainkeyHeader(state, request, response) {
   // get x-forwarded-host
   const originalHost = getOriginalHost(request.headers);
   // get liveHost
-  const { host } = state.config;
+  const { prodHost } = state;
 
-  if (originalHost !== host) {
+  if (originalHost !== prodHost) {
     // these have to match
-    state.log.debug(`x-forwarded-host: ${originalHost} does not match prod host: ${host}`);
+    state.log.debug(`x-forwarded-host: ${originalHost} does not match prod host: ${prodHost}`);
     return;
   }
   // get domainkey from config
@@ -83,16 +82,6 @@ function setDomainkeyHeader(state, request, response) {
  */
 export async function optionsPipe(state, request) {
   try {
-    await fetchConfig(state, request);
-    if (!state.contentBusId) {
-      return new PipelineResponse('', {
-        status: 400,
-        headers: {
-          'x-error': 'contentBusId missing',
-        },
-      });
-    }
-
     // todo: improve
     const res = new PipelineResponse('', {
       status: 204,
@@ -103,15 +92,16 @@ export async function optionsPipe(state, request) {
         'access-control-allow-headers': 'content-type',
       },
     });
-    await fetchConfigAll(state, request, res);
-    await setCustomResponseHeaders(state, request, res);
+    initConfig(state, request, res);
+    setCustomResponseHeaders(state, request, res);
     setDomainkeyHeader(state, request, res);
-
     return res;
   } catch (e) {
     const res = new PipelineResponse('', {
+      /* c8 ignore next */
       status: e instanceof PipelineStatusError ? e.code : 500,
     });
+    /* c8 ignore next */
     const level = res.status >= 500 ? 'error' : 'info';
     state.log[level](`pipeline status: ${res.status} ${e.message}`);
     res.headers.set('x-error', cleanupHeaderValue(e.message));

package/src/{project-config.d.ts → site-config.d.ts}

@@ -9,38 +9,34 @@
  * OF ANY KIND, either express or implied. See the License for the specific language
  * governing permissions and limitations under the License.
  */
+import { Modifiers } from './utils/modifiers';
 
-// NOTE: this file is autogenerated via 'npm run docs:types' in helix-admin-support
-
-export interface ProjectConfig {
-  /**
-   * Name of the project used by the slack bot when reporting.
-   */
-  name?: string;
-  /**
-   * Name of the project used by the sidekick.
-   */
-  project?: string;
-  /**
-   * Timezone to be used by the slack bot when reporting times.
-   */
-  timezone?: string;
-  /**
-   * Production host use by the slack bot to display project information.
-   */
-  host?: string;
-  /**
-   * configuration blueprint repository in the owner/repo format.
-   */
-  blueprint?: string;
-  /**
-   * the slack teamId/channelID(s) where the slack bot is used.
-   */
-  slack?: string | string[];
+/**
+ * Resolved site config from config service. Passed via pipeline state
+ * @todo: generate from schema in config service
+ */
+export interface PipelineSiteConfig {
+  contentBusId: string;
+  owner: string;
+  repo: string;
+  ref: string;
+  org: string;
+  site: string;
+  headers: ModifiersSheet;
+  metadata: {
+    preview: ModifiersSheet;
+    live: ModifiersSheet;
+  }
+  head: {
+    html: string;
+  }
   cdn?: ProjectCDNConfig;
   access?: SiteAccessConfig;
-  admin?: AdminConfig;
 }
+export interface ModifiersSheet {
+  data: Modifiers;
+}
+
 /**
  * The CDN config
  */
@@ -123,35 +119,19 @@ export interface ManagedConfig {
   route: string | string[];
 }
 export interface SiteAccessConfig {
+  preview?: AccessConfig;
+  live?: AccessConfig;
+}
+/**
+ * Access config specific to preview content
+ */
+export interface AccessConfig {
   /**
    * The email glob of the users that are allowed.
    */
-  allow: string | string[];
-  /**
-   * the id of the API key(s). this is used to validate the API KEYS and allows to invalidate them.
-   */
-  apiKeyId?: string | string[];
-  require?: {
-    /**
-     * The list of owner/repo pointers to projects that are allowed to use this content.
-     */
-    repository: string | string[];
-  };
-}
-export interface AdminConfig {
-  role?: Role;
+  allow: string[];
   /**
    * the id of the API key(s). this is used to validate the API KEYS and allows to invalidate them.
    */
-  apiKeyId?: string | string[];
-}
-export interface Role {
-  /**
-   * The email glob of the users with author role.
-   */
-  author?: string | string[];
-  /**
-   * The email glob of the users with publish role.
-   */
-  publish?: string | string[];
+  apiKeyId: string[];
 }

package/src/steps/authenticate.js

@@ -10,7 +10,6 @@
  * governing permissions and limitations under the License.
  */
 import { getAuthInfo, makeAuthError } from '../utils/auth.js';
-import { toArray } from './utils.js';
 
 /**
  * Checks if the given email is allowed.
@@ -28,26 +27,6 @@ export function isAllowed(email = '', allows = []) {
   return allows.findIndex((a) => a === email || a === wild) >= 0;
 }
 
-/**
- * Returns the normalized access configuration for the current partition.
- * @param state
- * @return {{}}
- */
-export function getAccessConfig(state) {
-  const { access } = state.config;
-  if (!access) {
-    return {
-      allow: [],
-      apiKeyId: [],
-    };
-  }
-  const { partition } = state;
-  return {
-    allow: toArray(access[partition]?.allow ?? access.allow),
-    apiKeyId: toArray(access[partition]?.apiKeyId ?? access.apiKeyId),
-  };
-}
-
 /**
  * Handles authentication
  * @type PipelineStep
@@ -65,7 +44,10 @@ export async function authenticate(state, req, res) {
   }
 
   // get partition relative auth info
-  const access = getAccessConfig(state);
+  const access = state.config.access?.[state.partition] || {
+    allow: [],
+    apiKeyId: [],
+  };
 
   // if not protected, do nothing
   if (!access.allow.length) {
@@ -138,17 +120,17 @@ export function isOwnerRepoAllowed(owner, repo, allows = []) {
  * @param {PipelineResponse} res
  * @returns {Promise<void>}
  */
-export async function requireProject(state, req, res) {
-  // if not restricted, do nothing
-  const ownerRepo = state.config?.access?.require?.repository;
-  if (!ownerRepo) {
-    return;
-  }
-  const ownerRepos = Array.isArray(ownerRepo) ? ownerRepo : [ownerRepo];
-  const { log, owner, repo } = state;
-  if (!isOwnerRepoAllowed(owner, repo, ownerRepos)) {
-    log.warn(`${owner}/${repo} not allowed for ${ownerRepos}`);
-    res.status = 403;
-    res.error = 'forbidden.';
-  }
-}
+// export async function requireProject(state, req, res) {
+//   // if not restricted, do nothing
+//   const ownerRepo = state.config?.access?.require?.repository;
+//   if (!ownerRepo) {
+//     return;
+//   }
+//   const ownerRepos = Array.isArray(ownerRepo) ? ownerRepo : [ownerRepo];
+//   const { log, owner, repo } = state;
+//   if (!isOwnerRepoAllowed(owner, repo, ownerRepos)) {
+//     log.warn(`${owner}/${repo} not allowed for ${ownerRepos}`);
+//     res.status = 403;
+//     res.error = 'forbidden.';
+//   }
+// }

package/src/steps/folder-mapping.js

@@ -40,7 +40,7 @@ export function mapPath(folders, path) {
  * @param {PipelineState} state
  */
 export default function folderMapping(state) {
-  const folders = state.helixConfig?.fstab?.data.folders;
+  const { folders } = state.config;
   if (!folders) {
     return;
   }

package/src/steps/init-config.js

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2021 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+import { Modifiers } from '../utils/modifiers.js';
+import { getOriginalHost } from './utils.js';
+import { updateLastModified } from '../utils/last-modified.js';
+
+function replaceParams(str, info) {
+  if (!str) {
+    return '';
+  }
+  return str
+    .replaceAll('$owner', info.owner)
+    .replaceAll('$org', info.org)
+    .replaceAll('$site', info.site)
+    .replaceAll('$repo', info.repo)
+    .replaceAll('$ref', info.ref);
+}
+
+/**
+ * Initializes the pipeline state with the config from the config service
+ * (passed via the `config` parameter during state construction).
+ *
+ * @type PipelineStep
+ * @param {PipelineState} state
+ * @param {PipelineRequest} req
+ * @param {PipelineResponse} res
+ * @returns {Promise<void>}
+ */
+export default function initConfig(state, req, res) {
+  const { config, partition } = state;
+  state.metadata = new Modifiers(config.metadata?.[partition]?.data || {});
+  state.headers = new Modifiers(config.headers || {});
+
+  // set custom preview and live hosts
+  state.previewHost = replaceParams(config.cdn?.preview?.host, state);
+  state.liveHost = replaceParams(config.cdn?.live?.host, state);
+  state.prodHost = config.cdn?.prod?.host || getOriginalHost(req.headers);
+  updateLastModified(state, res, state.config.lastModified);
+}

package/src/steps/render.js

@@ -72,7 +72,7 @@ export default async function render(state, req, res) {
   appendElement($head, createElement('link', 'rel', 'alternate', 'type', 'application/xml+atom', 'href', meta.feed, 'title', `${meta.title} feed`));
 
   // inject head.html
-  const headHtml = state.helixConfig?.head?.data.html;
+  const headHtml = state.config?.head?.html;
   if (headHtml) {
     const $headHtml = await unified()
       .use(rehypeParse, { fragment: true })

package/src/steps/utils.js

@@ -172,7 +172,7 @@ export function getAbsoluteUrl(state, url) {
   if (typeof url !== 'string') {
     return null;
   }
-  return resolveUrl(`https://${state.config.host}/`, url);
+  return resolveUrl(`https://${state.prodHost}/`, url);
 }
 
 /**

package/src/utils/auth.js

@@ -99,7 +99,7 @@ export async function decodeIdToken(state, idToken, lenient = false) {
 
 /**
  * Returns the host of the request; falls back to the configured `host`.
- * Note that this is different from the `config.host` calculation in `fetch-config-all`,
+ * Note that this is different from the `state.prodHost` calculation in `init-config`,
  * as this prefers the xfh over the config.
  *
  * @param {PipelineState} state
@@ -115,7 +115,7 @@ function getRequestHostAndProto(state, req) {
     host = host.split(',')[0].trim();
   }
   if (!host) {
-    host = state.config.host;
+    host = state.prodHost;
   }
   // fastly overrides the x-forwarded-proto, so we use x-forwarded-scheme
   const proto = req.headers.get('x-forwarded-scheme') || req.headers.get('x-forwarded-proto') || 'https';
@@ -239,8 +239,8 @@ export class AuthInfo {
     const url = new URL(idp.discovery.authorization_endpoint);
 
     const tokenState = await signJWT(state, new SignJWT({
-      owner: state.owner,
-      repo: state.repo,
+      org: state.org,
+      site: state.site,
       // this is our own login redirect, i.e. the current document
       requestPath: state.info.path,
       requestHost: host,
@@ -400,8 +400,8 @@ export async function initAuthRoute(state, req, res) {
   }
 
   // fixup pipeline state
-  state.owner = req.params.state.owner;
-  state.repo = req.params.state.repo;
+  state.org = req.params.state.org;
+  state.site = req.params.state.site;
   state.ref = 'main';
   state.partition = 'preview';
   state.info.path = '/.auth';

package/src/forms-pipe.js

@@ -1,189 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import { cleanupHeaderValue } from '@adobe/helix-shared-utils';
-import { PipelineResponse } from './PipelineResponse.js';
-import fetchConfigAll from './steps/fetch-config-all.js';
-import setCustomResponseHeaders from './steps/set-custom-response-headers.js';
-import { authenticate } from './steps/authenticate.js';
-import fetchConfig from './steps/fetch-config.js';
-import validateCaptcha from './steps/validate-captcha.js';
-
-function error(log, msg, status, response) {
-  log.error(msg);
-  response.status = status;
-  response.headers.set('x-error', cleanupHeaderValue(msg));
-  return response;
-}
-
-/**
- * Converts URLSearchParams to an object
- * @param {URLSearchParams} searchParams the search params object
- * @returns {Object} The converted object
- */
-function searchParamsToObject(searchParams) {
-  const result = Object.create(null);
-
-  for (const key of searchParams.keys()) {
-    // get all values association with the key
-    const values = searchParams.getAll(key);
-
-    // if multiple values, convert to array
-    result[key] = (values.length === 1) ? values[0] : values;
-  }
-
-  return result;
-}
-
-/**
- * Extracts and parses the body data from the request
- * @param {PipelineRequest} request the request object (see fetch api)
- * @returns {Object} The body data
- * @throws {Error} If an error occurs parsing the body
- */
-export async function extractBodyData(request) {
-  let { body } = request;
-  if (!body) {
-    throw Error('missing body');
-  }
-  const type = request.headers.get('content-type');
-
-  // if content is form-urlencoded we need place the object in the body
-  // in a "data" property in the body as this is what forms-service expects.
-  if (/^application\/x-www-form-urlencoded/.test(type)) {
-    // did they pass an object in the body when a form-urlencoded body was expected?
-    if (body === '[object Object]') {
-      throw Error('invalid form-urlencoded body');
-    }
-
-    body = {
-      data: searchParamsToObject(new URLSearchParams(body)),
-    };
-
-    // else treat the body as json
-  } else if (/^application\/json/.test(type)) {
-    body = JSON.parse(body);
-    // verify the body data is as expected
-    if (!body.data) {
-      throw Error('missing body.data');
-    }
-  } else {
-    throw Error(`post body content-type not supported: ${type}`);
-  }
-  return body;
-}
-
-/**
- * Handle a pipeline POST request.
- * At this point POST's only apply to json files that are backed by a workbook.
- * @param {PipelineState} state pipeline options
- * @param {PipelineRequest} req
- * @returns {Promise<PipelineResponse>} a response
- */
-export async function formsPipe(state, req) {
-  const { log } = state;
-  state.type = 'form';
-
-  // todo: improve
-  const res = new PipelineResponse('', {
-    headers: {
-      'content-type': 'text/plain; charset=utf-8',
-    },
-  });
-  try {
-    await fetchConfig(state, req, res);
-  } catch (e) {
-    // ignore
-  }
-  if (!state.contentBusId) {
-    res.status = 400;
-    res.headers.set('x-error', 'contentBusId missing');
-    return res;
-  }
-
-  await fetchConfigAll(state, req, res);
-  await authenticate(state, req, res);
-  if (res.error) {
-    return res;
-  }
-  await setCustomResponseHeaders(state, req, res);
-
-  const {
-    owner, repo, ref, contentBusId, partition, s3Loader,
-  } = state;
-  const { path } = state.info;
-  const resourcePath = `${path}.json`;
-
-  // block all POSTs to resources with extensions
-  if (state.info.originalExtension !== '') {
-    return error(log, 'POST to URL with extension not allowed', 405, res);
-  }
-
-  let body;
-  try {
-    body = await extractBodyData(req);
-  } catch (err) {
-    return error(log, err.message, 400, res);
-  }
-
-  // verify captcha if needed
-  try {
-    await validateCaptcha(state, body);
-  } catch (e) {
-    return error(log, e.message, e.code, res);
-  }
-
-  // head workbook in content bus
-  const resourceFetchResponse = await s3Loader.headObject('helix-content-bus', `${contentBusId}/${partition}${resourcePath}`);
-  if (resourceFetchResponse.status !== 200) {
-    return resourceFetchResponse;
-  }
-
-  const sheets = resourceFetchResponse.headers.get('x-amz-meta-x-sheet-names');
-  if (!sheets) {
-    return error(log, `Target workbook at ${resourcePath} missing x-sheet-names header.`, 403, res);
-  }
-
-  const sourceLocation = resourceFetchResponse.headers.get('x-amz-meta-x-source-location');
-  const referer = req.headers.get('referer') || 'unknown';
-  const sheetNames = sheets.split(',').map((s) => s.trim());
-
-  if (!sourceLocation || !sheetNames.includes('incoming')) {
-    return error(log, `Target workbook at ${resourcePath} is not setup to intake data.`, 403, res);
-  }
-
-  // Send message to SQS if workbook contains and incoming
-  // sheet and the source location is not null
-  const { host } = state.config;
-
-  // Forms service expect owner and repo in the message body
-  body.owner = owner;
-  body.repo = repo;
-
-  const message = {
-    url: `https://${ref}--${repo}--${owner}.hlx.live${resourcePath}`,
-    body,
-    host,
-    sourceLocation,
-    referer,
-  };
-
-  try {
-    // Send message to forms queue
-    const { requestId, messageId } = await state.messageDispatcher.dispatch(message);
-    res.status = 201;
-    res.headers.set('x-request-id', requestId);
-    res.headers.set('x-message-id', messageId);
-    return res;
-  } catch (err) {
-    return error(log, `Failed to send message to forms queue: ${err}`, 500, res);
-  }
-}

package/src/steps/fetch-config-all.js

@@ -1,95 +0,0 @@
-/*
- * Copyright 2021 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-
-import { PipelineStatusError } from '../PipelineStatusError.js';
-import { extractLastModified, updateLastModified } from '../utils/last-modified.js';
-import { globToRegExp, Modifiers } from '../utils/modifiers.js';
-import { getOriginalHost } from './utils.js';
-
-/**
- * Computes the routes from the given config value.
- * @param {string|string[]|undefined} value
- * @return {RegExp[]} and array of regexps for route matching
- */
-export function computeRoutes(value) {
-  if (!value) {
-    return [/.*/];
-  }
-  // eslint-disable-next-line no-param-reassign
-  return (Array.isArray(value) ? value : [value]).map((route) => {
-    if (route.indexOf('*') >= 0) {
-      return globToRegExp(route);
-    }
-    if (route.endsWith('/')) {
-      return new RegExp(`^${route}.*$`);
-    }
-    return new RegExp(`^${route}(/.*)?$`);
-  });
-}
-
-function replaceParams(str, info) {
-  if (!str) {
-    return '';
-  }
-  return str
-    .replaceAll('$owner', info.owner)
-    .replaceAll('$repo', info.repo)
-    .replaceAll('$ref', info.ref);
-}
-
-/**
- * Loads the /.helix/config-all.json from the content-bus and stores it in the state. if no
- * such config exists, it will load the metadata.json as fallback and separate out the
- * `state.headers` and `state.metadata`.
- *
- * @type PipelineStep
- * @param {PipelineState} state
- * @param {PipelineRequest} req
- * @param {PipelineResponse} res
- * @returns {Promise<void>}
- */
-export default async function fetchConfigAll(state, req, res) {
-  const { contentBusId, partition } = state;
-  const key = `${contentBusId}/${partition}/.helix/config-all.json`;
-  const ret = await state.s3Loader.getObject('helix-content-bus', key);
-  if (ret.status === 200) {
-    let json;
-    try {
-      json = JSON.parse(ret.body);
-    } catch (e) {
-      throw new PipelineStatusError(400, `failed parsing of /.helix/config-all.json: ${e.message}`);
-    }
-    state.config = json.config?.data || {};
-    state.metadata = new Modifiers(json.metadata?.data || {});
-    state.headers = new Modifiers(json.headers?.data || {});
-
-    if (state.type === 'html' && state.info.selector !== 'plain') {
-      // also update last-modified (only for extensionless html pipeline)
-      updateLastModified(state, res, extractLastModified(ret.headers));
-    }
-    // set custom preview and live hosts
-    state.previewHost = replaceParams(state.config.cdn?.preview?.host, state);
-    state.liveHost = replaceParams(state.config.cdn?.live?.host, state);
-  } else if (ret.status === 404) {
-    state.config = {};
-    state.metadata = new Modifiers({});
-    state.headers = new Modifiers({});
-  } else {
-    throw new PipelineStatusError(502, `failed to load /.helix/config-all.json: ${ret.status}`);
-  }
-
-  // compute host and routes
-  if (!state.config.host) {
-    state.config.host = state.config.cdn?.prod?.host || getOriginalHost(req.headers);
-  }
-  state.config.routes = computeRoutes(state.config.cdn?.prod?.route);
-}

package/src/steps/fetch-config.js

@@ -1,79 +0,0 @@
-/*
- * Copyright 2021 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import { extractLastModified, updateLastModified } from '../utils/last-modified.js';
-import { PipelineStatusError } from '../PipelineStatusError.js';
-
-/**
- * Fetches the helix-config.json from the code-bus and stores it in `state.helixConfig`
- * @type PipelineStep
- * @param {PipelineState} state
- * @param {PipelineRequest} req
- * @param {PipelineResponse} [res]
- * @returns {Promise<void>}
- */
-export default async function fetchConfig(state, req, res) {
-  const {
-    log, owner, repo, ref,
-  } = state;
-
-  const key = `${owner}/${repo}/${ref}/helix-config.json`;
-  const ret = await state.s3Loader.getObject('helix-code-bus', key);
-  if (ret.status !== 200) {
-    throw new PipelineStatusError(ret.status === 404 ? 404 : 502, `unable to load /helix-config.json: ${ret.status}`);
-  }
-  let config;
-  try {
-    config = JSON.parse(ret.body);
-  } catch (e) {
-    log.info('failed to parse helix-config.json', e);
-    throw new PipelineStatusError(400, `Failed parsing of /helix-config.json: ${e.message}`);
-  }
-
-  // upgrade to version 2 if needed
-  if (config.version !== 2) {
-    Object.keys(config).forEach((name) => {
-      config[name] = {
-        data: config[name],
-      };
-    });
-  }
-
-  // set contentbusid from header if missing in config
-  const cbid = ret.headers.get('x-amz-meta-x-contentbus-id');
-  if (!config.content && cbid) {
-    config.content = {
-      data: {
-        '/': {
-          contentBusId: cbid.substring(2),
-        },
-      },
-    };
-  }
-  if (!state.contentBusId) {
-    state.contentBusId = config.content?.data?.['/']?.contentBusId;
-  }
-
-  if (res) {
-    // also update last-modified
-    const configLastModified = extractLastModified(ret.headers);
-
-    // update last modified of fstab
-    updateLastModified(state, res, config.fstab?.lastModified || configLastModified);
-
-    // for html requests, also consider the HEAD config
-    if (state.type === 'html' && state.info.selector !== 'plain' && config.head?.lastModified) {
-      updateLastModified(state, res, config.head.lastModified);
-    }
-  }
-
-  state.helixConfig = config;
-}