@adobe/spacecat-shared-http-utils 1.12.1 → 1.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/package.json +1 -1
  3. package/src/auth/handlers/cookie-auth.js +88 -0
  4. package/src/auth/handlers/utils/cookie.js +46 -0
  5. package/src/index.js +2 -1
package/CHANGELOG.md CHANGED
@@ -1,3 +1,17 @@
1
+ # [@adobe/spacecat-shared-http-utils-v1.13.1](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.13.0...@adobe/spacecat-shared-http-utils-v1.13.1) (2025-05-20)
2
+
3
+
4
+ ### Bug Fixes
5
+
6
+ * expose cookie handler ([#750](https://github.com/adobe/spacecat-shared/issues/750)) ([4df4c91](https://github.com/adobe/spacecat-shared/commit/4df4c9117943147fbaf01fa13c6e23d2f330cd3d))
7
+
8
+ # [@adobe/spacecat-shared-http-utils-v1.13.0](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.12.1...@adobe/spacecat-shared-http-utils-v1.13.0) (2025-05-20)
9
+
10
+
11
+ ### Features
12
+
13
+ * add cookie auth handler ([#749](https://github.com/adobe/spacecat-shared/issues/749)) ([362184b](https://github.com/adobe/spacecat-shared/commit/362184b1339ccdaa25328228c906917721d86bd1))
14
+
1
15
  # [@adobe/spacecat-shared-http-utils-v1.12.1](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-http-utils-v1.12.0...@adobe/spacecat-shared-http-utils-v1.12.1) (2025-05-19)
2
16
 
3
17
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@adobe/spacecat-shared-http-utils",
3
- "version": "1.12.1",
3
+ "version": "1.13.1",
4
4
  "description": "Shared modules of the Spacecat Services - HTTP Utils",
5
5
  "type": "module",
6
6
  "engines": {
package/src/auth/handlers/cookie-auth.js ADDED
@@ -0,0 +1,88 @@
1
+ /*
2
+ * Copyright 2025 Adobe. All rights reserved.
3
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
4
+ * you may not use this file except in compliance with the License. You may obtain a copy
5
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
6
+ *
7
+ * Unless required by applicable law or agreed to in writing, software distributed under
8
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
9
+ * OF ANY KIND, either express or implied. See the License for the specific language
10
+ * governing permissions and limitations under the License.
11
+ */
12
+
13
+ import { hasText } from '@adobe/spacecat-shared-utils';
14
+ import { importSPKI, jwtVerify } from 'jose';
15
+
16
+ import AbstractHandler from './abstract.js';
17
+ import AuthInfo from '../auth-info.js';
18
+ import { getCookieValue } from './utils/cookie.js';
19
+
20
+ const ALGORITHM_ES256 = 'ES256';
21
+ export const ISSUER = 'https://spacecat.experiencecloud.live';
22
+
23
+ export default class CookieAuthHandler extends AbstractHandler {
24
+ constructor(log) {
25
+ super('cookieAuth', log);
26
+ }
27
+
28
+ async #setup(context) {
29
+ const authPublicKeyB64 = context.env?.AUTH_PUBLIC_KEY_B64;
30
+
31
+ if (!hasText(authPublicKeyB64)) {
32
+ throw new Error('No public key provided');
33
+ }
34
+
35
+ const authPublicKey = Buffer.from(authPublicKeyB64, 'base64').toString('utf-8');
36
+
37
+ this.authPublicKey = await importSPKI(authPublicKey, ALGORITHM_ES256);
38
+ }
39
+
40
+ async #validateToken(token) {
41
+ const verifiedToken = await jwtVerify(
42
+ token,
43
+ this.authPublicKey,
44
+ {
45
+ algorithms: [ALGORITHM_ES256], // force expected algorithm
46
+ clockTolerance: 5, // number of seconds to tolerate when checking the nbf and exp claims
47
+ complete: false, // only return the payload and not headers etc.
48
+ ignoreExpiration: false, // validate expiration
49
+ issuer: ISSUER, // validate issuer
50
+ },
51
+ );
52
+
53
+ verifiedToken.payload.tenants = verifiedToken.payload.tenants || [];
54
+
55
+ return verifiedToken.payload;
56
+ }
57
+
58
+ async checkAuth(request, context) {
59
+ try {
60
+ await this.#setup(context);
61
+
62
+ const sessionToken = getCookieValue(context, 'sessionToken');
63
+
64
+ if (!hasText(sessionToken)) {
65
+ this.log('No session token provided', 'debug');
66
+ return null;
67
+ }
68
+
69
+ const payload = await this.#validateToken(sessionToken);
70
+
71
+ const scopes = payload.is_admin ? [{ name: 'admin' }] : [];
72
+
73
+ scopes.push(...payload.tenants.map(
74
+ (tenant) => ({ name: 'user', domains: [tenant.id], subScopes: tenant.subServices }),
75
+ ));
76
+
77
+ return new AuthInfo()
78
+ .withType(this.name)
79
+ .withAuthenticated(true)
80
+ .withProfile(payload)
81
+ .withScopes(scopes);
82
+ } catch (e) {
83
+ this.log(`Failed to validate token: ${e.message}`, 'error');
84
+ }
85
+
86
+ return null;
87
+ }
88
+ }
package/src/auth/handlers/utils/cookie.js ADDED
@@ -0,0 +1,46 @@
1
+ /*
2
+ * Copyright 2025 Adobe. All rights reserved.
3
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
4
+ * you may not use this file except in compliance with the License. You may obtain a copy
5
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
6
+ *
7
+ * Unless required by applicable law or agreed to in writing, software distributed under
8
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
9
+ * OF ANY KIND, either express or implied. See the License for the specific language
10
+ * governing permissions and limitations under the License.
11
+ */
12
+
13
+ /**
14
+ * Gets the raw cookie string from the context
15
+ * @param {Object} context - The context object containing pathInfo
16
+ * @returns {string|null} The cookie string or null if not found
17
+ */
18
+ export const getCookie = (context) => {
19
+ const cookie = context.pathInfo?.headers?.cookie || '';
20
+
21
+ if (!cookie) {
22
+ return null;
23
+ }
24
+
25
+ return cookie;
26
+ };
27
+
28
+ /**
29
+ * Parses and retrieves a specific cookie value by name
30
+ * @param {Object} context - The context object containing pathInfo
31
+ * @param {string} name - The name of the cookie to retrieve
32
+ * @returns {string|null} The cookie value or null if not found
33
+ */
34
+ export const getCookieValue = (context, name) => {
35
+ const cookieString = getCookie(context);
36
+ if (!cookieString) return null;
37
+
38
+ const cookies = cookieString.split(';');
39
+ for (const cookie of cookies) {
40
+ const [cookieName, cookieValue] = cookie.trim().split('=');
41
+ if (cookieName === name) {
42
+ return cookieValue;
43
+ }
44
+ }
45
+ return null;
46
+ };
package/src/index.js CHANGED
@@ -16,6 +16,7 @@ import LegacyApiKeyHandler from './auth/handlers/legacy-api-key.js';
16
16
  import AdobeImsHandler from './auth/handlers/ims.js';
17
17
  import ScopedApiKeyHandler from './auth/handlers/scoped-api-key.js';
18
18
  import JwtHandler from './auth/handlers/jwt.js';
19
+ import CookieAuthHandler from './auth/handlers/cookie-auth.js';
19
20
 
20
21
  const HEADER_CONTENT_TYPE = 'content-type';
21
22
  const HEADER_ERROR = 'x-error';
@@ -112,5 +113,5 @@ export { enrichPathInfo } from './enrich-path-info-wrapper.js';
112
113
  export { hashWithSHA256 } from './auth/generate-hash.js';
113
114
 
114
115
  export {
115
- AdobeImsHandler, ScopedApiKeyHandler, LegacyApiKeyHandler, JwtHandler,
116
+ AdobeImsHandler, CookieAuthHandler, ScopedApiKeyHandler, LegacyApiKeyHandler, JwtHandler,
116
117
  };