@adobe/spacecat-shared-http-utils 1.12.1 → 1.13.0

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+# [@adobe/spacecat-shared-http-utils-v1.13.0](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.12.1...@adobe/spacecat-shared-http-utils-v1.13.0) (2025-05-20)
+
+
+### Features
+
+* add cookie auth handler ([#749](https://github.com/adobe/spacecat-shared/issues/749)) ([362184b](https://github.com/adobe/spacecat-shared/commit/362184b1339ccdaa25328228c906917721d86bd1))
+
 # [@adobe/spacecat-shared-http-utils-v1.12.1](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.12.0...@adobe/spacecat-shared-http-utils-v1.12.1) (2025-05-19)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/spacecat-shared-http-utils",
-  "version": "1.12.1",
+  "version": "1.13.0",
   "description": "Shared modules of the Spacecat Services - HTTP Utils",
   "type": "module",
   "engines": {

package/src/auth/handlers/cookie-auth.js

@@ -0,0 +1,88 @@
+/*
+ * Copyright 2025 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+import { hasText } from '@adobe/spacecat-shared-utils';
+import { importSPKI, jwtVerify } from 'jose';
+
+import AbstractHandler from './abstract.js';
+import AuthInfo from '../auth-info.js';
+import { getCookieValue } from './utils/cookie.js';
+
+const ALGORITHM_ES256 = 'ES256';
+export const ISSUER = 'https://spacecat.experiencecloud.live';
+
+export default class CookieAuthHandler extends AbstractHandler {
+  constructor(log) {
+    super('cookieAuth', log);
+  }
+
+  async #setup(context) {
+    const authPublicKeyB64 = context.env?.AUTH_PUBLIC_KEY_B64;
+
+    if (!hasText(authPublicKeyB64)) {
+      throw new Error('No public key provided');
+    }
+
+    const authPublicKey = Buffer.from(authPublicKeyB64, 'base64').toString('utf-8');
+
+    this.authPublicKey = await importSPKI(authPublicKey, ALGORITHM_ES256);
+  }
+
+  async #validateToken(token) {
+    const verifiedToken = await jwtVerify(
+      token,
+      this.authPublicKey,
+      {
+        algorithms: [ALGORITHM_ES256], // force expected algorithm
+        clockTolerance: 5, // number of seconds to tolerate when checking the nbf and exp claims
+        complete: false, // only return the payload and not headers etc.
+        ignoreExpiration: false, // validate expiration
+        issuer: ISSUER, // validate issuer
+      },
+    );
+
+    verifiedToken.payload.tenants = verifiedToken.payload.tenants || [];
+
+    return verifiedToken.payload;
+  }
+
+  async checkAuth(request, context) {
+    try {
+      await this.#setup(context);
+
+      const sessionToken = getCookieValue(context, 'sessionToken');
+
+      if (!hasText(sessionToken)) {
+        this.log('No session token provided', 'debug');
+        return null;
+      }
+
+      const payload = await this.#validateToken(sessionToken);
+
+      const scopes = payload.is_admin ? [{ name: 'admin' }] : [];
+
+      scopes.push(...payload.tenants.map(
+        (tenant) => ({ name: 'user', domains: [tenant.id], subScopes: tenant.subServices }),
+      ));
+
+      return new AuthInfo()
+        .withType(this.name)
+        .withAuthenticated(true)
+        .withProfile(payload)
+        .withScopes(scopes);
+    } catch (e) {
+      this.log(`Failed to validate token: ${e.message}`, 'error');
+    }
+
+    return null;
+  }
+}

package/src/auth/handlers/utils/cookie.js

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2025 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+/**
+ * Gets the raw cookie string from the context
+ * @param {Object} context - The context object containing pathInfo
+ * @returns {string|null} The cookie string or null if not found
+ */
+export const getCookie = (context) => {
+  const cookie = context.pathInfo?.headers?.cookie || '';
+
+  if (!cookie) {
+    return null;
+  }
+
+  return cookie;
+};
+
+/**
+ * Parses and retrieves a specific cookie value by name
+ * @param {Object} context - The context object containing pathInfo
+ * @param {string} name - The name of the cookie to retrieve
+ * @returns {string|null} The cookie value or null if not found
+ */
+export const getCookieValue = (context, name) => {
+  const cookieString = getCookie(context);
+  if (!cookieString) return null;
+
+  const cookies = cookieString.split(';');
+  for (const cookie of cookies) {
+    const [cookieName, cookieValue] = cookie.trim().split('=');
+    if (cookieName === name) {
+      return cookieValue;
+    }
+  }
+  return null;
+};