@adobe/spacecat-shared-http-utils 1.10.2 → 1.10.4

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# [@adobe/spacecat-shared-http-utils-v1.10.4](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.10.3...@adobe/spacecat-shared-http-utils-v1.10.4) (2025-05-07)
+
+
+### Bug Fixes
+
+* auth handling with ims token ([#678](https://github.com/adobe/spacecat-shared/issues/678)) ([9868748](https://github.com/adobe/spacecat-shared/commit/9868748b6d6d7269d2b598748f26f02dc707b1d6))
+
+# [@adobe/spacecat-shared-http-utils-v1.10.3](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.10.2...@adobe/spacecat-shared-http-utils-v1.10.3) (2025-04-15)
+
+
+### Bug Fixes
+
+* **deps:** update external fixes ([#679](https://github.com/adobe/spacecat-shared/issues/679)) ([a41bf0c](https://github.com/adobe/spacecat-shared/commit/a41bf0cd488efa0f72af0933992edb256302af18))
+
 # [@adobe/spacecat-shared-http-utils-v1.10.2](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.10.1...@adobe/spacecat-shared-http-utils-v1.10.2) (2025-04-02)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/spacecat-shared-http-utils",
-  "version": "1.10.2",
+  "version": "1.10.4",
   "description": "Shared modules of the Spacecat Services - HTTP Utils",
   "type": "module",
   "engines": {
@@ -36,7 +36,7 @@
     "@adobe/fetch": "4.2.0",
     "@adobe/spacecat-shared-utils": "1.26.4",
     "@adobe/spacecat-shared-data-access": "2.0.2",
-    "jose": "6.0.8"
+    "jose": "6.0.10"
   },
   "devDependencies": {
     "@adobe/helix-shared-wrap": "2.0.2",

package/src/auth/auth-info.js

@@ -72,6 +72,8 @@ export default class AuthInfo {
     return this;
   }
 
+  getType() { return this.type; }
+
   getScopes() { return this.scopes; }
 
   getProfile() { return this.profile; }
@@ -79,4 +81,18 @@ export default class AuthInfo {
   getReason() { return this.reason; }
 
   isAuthenticated() { return this.authenticated; }
+
+  isAdmin() { return this.profile?.is_admin; }
+
+  hasOrganization(orgId) {
+    const [id] = orgId.split('@');
+    return this.profile?.tenants?.some(
+      (tenant) => tenant.id === id,
+    );
+  }
+
+  hasScope(name, subScope) {
+    return this.scopes.some((scope) => scope.name === name
+      && (!subScope || scope.subScopes?.includes(subScope)));
+  }
 }

package/src/auth/handlers/ims.js

@@ -40,6 +40,7 @@ const IGNORED_PROFILE_PROPS = [
 const loadConfig = (context) => {
   try {
     const config = JSON.parse(context.env.AUTH_HANDLER_IMS);
+    context.log.info(`Loaded config name: ${config.name}`);
     return config;
   } catch (e) {
     context.log.error(`Failed to load config from context: ${e.message}`);
@@ -122,7 +123,8 @@ export default class AdobeImsHandler extends AbstractHandler {
       return new AuthInfo()
         .withType(this.name)
         .withAuthenticated(true)
-        .withProfile(profile);
+        .withProfile(profile)
+        .withScopes([{ name: 'admin' }]);
     } catch (e) {
       this.log(`Failed to validate token: ${e.message}`, 'error');
     }

package/src/auth/handlers/jwt.js

@@ -26,12 +26,14 @@ export default class JwtHandler extends AbstractHandler {
   }
 
   async #setup(context) {
-    const authPublicKey = context.env?.AUTH_PUBLIC_KEY;
+    const authPublicKeyB64 = context.env?.AUTH_PUBLIC_KEY_B64;
 
-    if (!hasText(authPublicKey)) {
+    if (!hasText(authPublicKeyB64)) {
       throw new Error('No public key provided');
     }
 
+    const authPublicKey = Buffer.from(authPublicKeyB64, 'base64').toString('utf-8');
+
     this.authPublicKey = await importSPKI(authPublicKey, ALGORITHM_ES256);
   }
 
@@ -48,14 +50,12 @@ export default class JwtHandler extends AbstractHandler {
       },
     );
 
+    verifiedToken.payload.tenants = verifiedToken.payload.tenants || [];
+
     return verifiedToken.payload;
   }
 
   async checkAuth(request, context) {
-    const authInfo = new AuthInfo()
-      .withType(this.name)
-      .withAuthenticated(false);
-
     try {
       await this.#setup(context);
 
@@ -63,21 +63,26 @@ export default class JwtHandler extends AbstractHandler {
 
       if (!hasText(token)) {
         this.log('No bearer token provided', 'debug');
-        authInfo.withReason('No bearer token provided');
-        return authInfo;
+        return null;
       }
 
       const payload = await this.#validateToken(token);
 
+      const scopes = payload.is_admin ? [{ name: 'admin' }] : [];
+
+      scopes.push(...payload.tenants.map(
+        (tenant) => ({ name: 'user', domains: [tenant.id], subScopes: tenant.subServices }),
+      ));
+
       return new AuthInfo()
         .withType(this.name)
         .withAuthenticated(true)
-        .withProfile(payload);
+        .withProfile(payload)
+        .withScopes(scopes);
     } catch (e) {
       this.log(`Failed to validate token: ${e.message}`, 'error');
-      authInfo.withReason(e.message);
     }
 
-    return authInfo;
+    return null;
   }
 }

package/src/index.d.ts

@@ -25,6 +25,10 @@ export declare function internalServerError(message?: string, headers?: object):
 
 export declare function found(location: string): Response;
 
+export declare function unauthorized(message?: string, headers?: object): Response;
+
+export declare function forbidden(message?: string, headers?: object): Response;
+
 /**
  * Utility functions
  */

package/src/index.js

@@ -15,6 +15,7 @@ import { Response } from '@adobe/fetch';
 import LegacyApiKeyHandler from './auth/handlers/legacy-api-key.js';
 import AdobeImsHandler from './auth/handlers/ims.js';
 import ScopedApiKeyHandler from './auth/handlers/scoped-api-key.js';
+import JwtHandler from './auth/handlers/jwt.js';
 
 const HEADER_CONTENT_TYPE = 'content-type';
 const HEADER_ERROR = 'x-error';
@@ -106,4 +107,6 @@ export { authWrapper } from './auth/auth-wrapper.js';
 export { enrichPathInfo } from './enrich-path-info-wrapper.js';
 export { hashWithSHA256 } from './auth/generate-hash.js';
 
-export { AdobeImsHandler, ScopedApiKeyHandler, LegacyApiKeyHandler };
+export {
+  AdobeImsHandler, ScopedApiKeyHandler, LegacyApiKeyHandler, JwtHandler,
+};