@isardsat/editorial-server 6.17.0 → 6.18.0

package/dist/app.js

@@ -25,7 +25,7 @@ export async function createEditorialServer({ configDirectory = BASE_EDITORIAL_P
     app.route("/api/v1", createConfigRoutes(config));
     app.route("/api/v1", createDataRoutes(config, storage));
     app.route("/api/v1", await createFilesRoutes(config));
-    app.route("/api/v1", createActionRoutes(storage, hooks));
+    app.route("/api/v1", createActionRoutes(config, storage, hooks));
     app.route("/", createAdminRoutes(config));
     app.doc("/doc", {
         openapi: "3.0.0",
@@ -39,6 +39,12 @@ export async function createEditorialServer({ configDirectory = BASE_EDITORIAL_P
         root: config.publicDir,
         rewriteRequestPath: (path) => path.replace(/^\/public/, ""),
     }));
+    app.openAPIRegistry.registerComponent("securitySchemes", "bearerAuth", {
+        type: "http",
+        scheme: "bearer",
+        bearerFormat: "JWT",
+        description: "Firebase JWT token required in Authorization header",
+    });
     return {
         app,
         config,

package/dist/lib/cache.d.ts

@@ -0,0 +1,11 @@
+import { type EditorialData, type EditorialSchema } from "@isardsat/editorial-common";
+import type { Storage } from "../lib/storage.js";
+export declare function createCache(): {
+    getSchema(storage: Storage): Promise<EditorialSchema>;
+    getContent(storage: Storage, options?: {
+        production?: boolean;
+        lang?: string;
+    }): Promise<EditorialData>;
+    invalidateSchema(): void;
+    invalidateContent(): void;
+};

package/dist/lib/cache.js

@@ -0,0 +1,37 @@
+import {} from "@isardsat/editorial-common";
+export function createCache() {
+    let schemaCache = null;
+    const contentCache = new Map();
+    const ttl = 5 * 60 * 1000; // 5 minutes TTL
+    function isExpired(entry) {
+        return Date.now() - entry.timestamp > ttl;
+    }
+    return {
+        async getSchema(storage) {
+            if (schemaCache && !isExpired(schemaCache)) {
+                return schemaCache.data;
+            }
+            const schema = await storage.getSchema();
+            schemaCache = { data: schema, timestamp: Date.now() };
+            return schema;
+        },
+        async getContent(storage, options = {}) {
+            const mode = options.production ? "production" : "preview";
+            const langSuffix = options.lang ? `-${options.lang}` : "";
+            const cacheKey = `${mode}${langSuffix}`;
+            const cachedEntry = contentCache.get(cacheKey);
+            if (cachedEntry && !isExpired(cachedEntry)) {
+                return cachedEntry.data;
+            }
+            const content = await storage.getContent(options);
+            contentCache.set(cacheKey, { data: content, timestamp: Date.now() });
+            return content;
+        },
+        invalidateSchema() {
+            schemaCache = null;
+        },
+        invalidateContent() {
+            contentCache.clear();
+        },
+    };
+}

package/dist/lib/middleware/auth.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Middleware to verify Firebase ID tokens without firebase-admin
+ * See https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library
+ * https://stackoverflow.com/questions/55594930/getting-jwks-for-firebase-in-rfc7517-format
+ * Requires projectId (public, not secret)
+ */
+export declare const firebaseAuth: (projectId: string) => import("hono").MiddlewareHandler<any, any, {}, Response | (Response & import("hono").TypedResponse<{
+    error: string;
+}, 401, "json">)>;

package/dist/lib/middleware/auth.js

@@ -0,0 +1,33 @@
+import { createMiddleware } from "hono/factory";
+import { createRemoteJWKSet, jwtVerify } from "jose";
+/**
+ * Google public keys for Firebase token verification
+ */
+const JWKS = createRemoteJWKSet(new URL("https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com"));
+/**
+ * Middleware to verify Firebase ID tokens without firebase-admin
+ * See https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library
+ * https://stackoverflow.com/questions/55594930/getting-jwks-for-firebase-in-rfc7517-format
+ * Requires projectId (public, not secret)
+ */
+export const firebaseAuth = (projectId) => createMiddleware(async (c, next) => {
+    const authHeader = c.req.header("Authorization");
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+        return c.json({ error: "Unauthorized: Missing or invalid authorization header" }, 401);
+    }
+    const idToken = authHeader.replace("Bearer ", "");
+    try {
+        const { payload } = await jwtVerify(idToken, JWKS, {
+            issuer: `https://securetoken.google.com/${projectId}`,
+            audience: projectId,
+        });
+        if (!payload || typeof payload !== "object") {
+            throw new Error("Invalid token payload");
+        }
+        await next();
+    }
+    catch (error) {
+        console.error("Firebase auth error:", error);
+        return c.json({ error: "Unauthorized: Invalid token" }, 401);
+    }
+});

package/dist/lib/utils/diff.d.ts

@@ -0,0 +1,10 @@
+import { type EditorialDataItem } from "@isardsat/editorial-common";
+/**
+ * Compares two items and returns the list of fields that have changed.
+ * Excludes metadata fields like 'updatedAt'.
+ */
+export declare function getChangedFields(previewItem: EditorialDataItem, productionItem: EditorialDataItem): string[];
+/**
+ * Deep equality comparison for values.
+ */
+export declare function deepEqual(value1: unknown, value2: unknown): boolean;

package/dist/lib/utils/diff.js

@@ -0,0 +1,50 @@
+import {} from "@isardsat/editorial-common";
+/**
+ * Compares two items and returns the list of fields that have changed.
+ * Excludes metadata fields like 'updatedAt'.
+ */
+export function getChangedFields(previewItem, productionItem) {
+    const changedFields = [];
+    const excludedFields = ["updatedAt", "createdAt"];
+    // Get all unique keys from both items
+    const allKeys = new Set([
+        ...Object.keys(previewItem),
+        ...Object.keys(productionItem),
+    ]);
+    for (const key of allKeys) {
+        if (excludedFields.includes(key))
+            continue;
+        const previewValue = previewItem[key];
+        const productionValue = productionItem[key];
+        if (!deepEqual(previewValue, productionValue)) {
+            changedFields.push(key);
+        }
+    }
+    return changedFields;
+}
+/**
+ * Deep equality comparison for values.
+ */
+export function deepEqual(value1, value2) {
+    if (value1 === value2)
+        return true;
+    if (value1 == null || value2 == null)
+        return false;
+    if (typeof value1 !== typeof value2)
+        return false;
+    if (typeof value1 !== "object") {
+        return value1 === value2;
+    }
+    if (Array.isArray(value1) !== Array.isArray(value2))
+        return false;
+    if (Array.isArray(value1)) {
+        if (value1.length !== value2.length)
+            return false;
+        return value1.every((item, index) => deepEqual(item, value2[index]));
+    }
+    const keys1 = Object.keys(value1);
+    const keys2 = Object.keys(value2);
+    if (keys1.length !== keys2.length)
+        return false;
+    return keys1.every((key) => deepEqual(value1[key], value2[key]));
+}

package/dist/lib/utils/resolve.d.ts

@@ -0,0 +1,10 @@
+import { type EditorialData, type EditorialDataItem, type EditorialSchema } from "@isardsat/editorial-common";
+/**
+ * Resolves referenced fields in an item, replacing IDs with full objects.
+ * Recursively resolves nested references.
+ */
+export declare function resolveReferences(item: EditorialDataItem, schema: EditorialSchema, itemType: string, content: EditorialData, origin: string, resolvedIds?: Set<string>): EditorialDataItem;
+/**
+ * Resolves all references in a collection.
+ */
+export declare function resolveCollectionReferences(collection: Record<string, EditorialDataItem>, schema: EditorialSchema, itemType: string, content: EditorialData, origin: string): Record<string, EditorialDataItem>;

package/dist/lib/utils/resolve.js

@@ -0,0 +1,82 @@
+import {} from "@isardsat/editorial-common";
+import { getOptionsReference } from "@isardsat/editorial-common";
+/**
+ * Resolves uploaded file paths to full URLs for an item.
+ */
+function resolveFileUrls(item, schema, itemType, origin) {
+    const resolvedItem = { ...item };
+    const itemSchema = schema[itemType];
+    if (!itemSchema)
+        return resolvedItem;
+    for (const [key, value] of Object.entries(resolvedItem)) {
+        if (!itemSchema.fields[key]?.isUploadedFile)
+            continue;
+        if (typeof value !== "string")
+            continue;
+        if (value.startsWith("http"))
+            continue;
+        resolvedItem[key] = `${origin}/${value}`;
+    }
+    return resolvedItem;
+}
+/**
+ * Resolves referenced fields in an item, replacing IDs with full objects.
+ * Recursively resolves nested references.
+ */
+export function resolveReferences(item, schema, itemType, content, origin, resolvedIds = new Set()) {
+    const itemIdentifier = `${itemType}:${item.id}`;
+    // Prevent circular references
+    if (resolvedIds.has(itemIdentifier)) {
+        return resolveFileUrls(item, schema, itemType, origin);
+    }
+    resolvedIds.add(itemIdentifier);
+    // First resolve file URLs for the current item
+    let resolvedItem = resolveFileUrls(item, schema, itemType, origin);
+    const itemSchema = schema[itemType];
+    if (!itemSchema)
+        return resolvedItem;
+    for (const [fieldKey, fieldConfig] of Object.entries(itemSchema.fields)) {
+        if (fieldConfig.type !== "select" && fieldConfig.type !== "multiselect") {
+            continue;
+        }
+        const referencedType = getOptionsReference(fieldConfig.options);
+        if (!referencedType)
+            continue;
+        const referencedCollection = content[referencedType];
+        if (!referencedCollection)
+            continue;
+        const fieldValue = item[fieldKey];
+        if (fieldConfig.type === "select" && typeof fieldValue === "string") {
+            // Single reference - replace ID with full object
+            const referencedItem = referencedCollection[fieldValue];
+            if (referencedItem) {
+                // Recursively resolve nested references
+                resolvedItem[fieldKey] = resolveReferences(referencedItem, schema, referencedType, content, origin, new Set(resolvedIds));
+            }
+        }
+        else if (fieldConfig.type === "multiselect" &&
+            Array.isArray(fieldValue)) {
+            // Multiple references - replace IDs with full objects
+            resolvedItem[fieldKey] = fieldValue
+                .map((id) => {
+                const referencedItem = referencedCollection[id];
+                if (!referencedItem)
+                    return null;
+                // Recursively resolve nested references
+                return resolveReferences(referencedItem, schema, referencedType, content, origin, new Set(resolvedIds));
+            })
+                .filter(Boolean);
+        }
+    }
+    return resolvedItem;
+}
+/**
+ * Resolves all references in a collection.
+ */
+export function resolveCollectionReferences(collection, schema, itemType, content, origin) {
+    const resolvedCollection = {};
+    for (const [itemKey, item] of Object.entries(collection)) {
+        resolvedCollection[itemKey] = resolveReferences(item, schema, itemType, content, origin);
+    }
+    return resolvedCollection;
+}

package/dist/lib/utils/resolver.d.ts

@@ -0,0 +1,10 @@
+import { type EditorialData, type EditorialDataItem, type EditorialSchema } from "@isardsat/editorial-common";
+/**
+ * Resolves referenced fields in an item, replacing IDs with full objects.
+ * Recursively resolves nested references.
+ */
+export declare function resolveReferences(item: EditorialDataItem, schema: EditorialSchema, itemType: string, content: EditorialData, origin: string, resolvedIds?: Set<string>): EditorialDataItem;
+/**
+ * Resolves all references in a collection.
+ */
+export declare function resolveCollectionReferences(collection: Record<string, EditorialDataItem>, schema: EditorialSchema, itemType: string, content: EditorialData, origin: string): Record<string, EditorialDataItem>;

package/dist/lib/utils/resolver.js

@@ -0,0 +1,82 @@
+import {} from "@isardsat/editorial-common";
+import { getOptionsReference } from "@isardsat/editorial-common";
+/**
+ * Resolves uploaded file paths to full URLs for an item.
+ */
+function resolveFileUrls(item, schema, itemType, origin) {
+    const resolvedItem = { ...item };
+    const itemSchema = schema[itemType];
+    if (!itemSchema)
+        return resolvedItem;
+    for (const [key, value] of Object.entries(resolvedItem)) {
+        if (!itemSchema.fields[key]?.isUploadedFile)
+            continue;
+        if (typeof value !== "string")
+            continue;
+        if (value.startsWith("http"))
+            continue;
+        resolvedItem[key] = `${origin}/${value}`;
+    }
+    return resolvedItem;
+}
+/**
+ * Resolves referenced fields in an item, replacing IDs with full objects.
+ * Recursively resolves nested references.
+ */
+export function resolveReferences(item, schema, itemType, content, origin, resolvedIds = new Set()) {
+    const itemIdentifier = `${itemType}:${item.id}`;
+    // Prevent circular references
+    if (resolvedIds.has(itemIdentifier)) {
+        return resolveFileUrls(item, schema, itemType, origin);
+    }
+    resolvedIds.add(itemIdentifier);
+    // First resolve file URLs for the current item
+    let resolvedItem = resolveFileUrls(item, schema, itemType, origin);
+    const itemSchema = schema[itemType];
+    if (!itemSchema)
+        return resolvedItem;
+    for (const [fieldKey, fieldConfig] of Object.entries(itemSchema.fields)) {
+        if (fieldConfig.type !== "select" && fieldConfig.type !== "multiselect") {
+            continue;
+        }
+        const referencedType = getOptionsReference(fieldConfig.options);
+        if (!referencedType)
+            continue;
+        const referencedCollection = content[referencedType];
+        if (!referencedCollection)
+            continue;
+        const fieldValue = item[fieldKey];
+        if (fieldConfig.type === "select" && typeof fieldValue === "string") {
+            // Single reference - replace ID with full object
+            const referencedItem = referencedCollection[fieldValue];
+            if (referencedItem) {
+                // Recursively resolve nested references
+                resolvedItem[fieldKey] = resolveReferences(referencedItem, schema, referencedType, content, origin, new Set(resolvedIds));
+            }
+        }
+        else if (fieldConfig.type === "multiselect" &&
+            Array.isArray(fieldValue)) {
+            // Multiple references - replace IDs with full objects
+            resolvedItem[fieldKey] = fieldValue
+                .map((id) => {
+                const referencedItem = referencedCollection[id];
+                if (!referencedItem)
+                    return null;
+                // Recursively resolve nested references
+                return resolveReferences(referencedItem, schema, referencedType, content, origin, new Set(resolvedIds));
+            })
+                .filter(Boolean);
+        }
+    }
+    return resolvedItem;
+}
+/**
+ * Resolves all references in a collection.
+ */
+export function resolveCollectionReferences(collection, schema, itemType, content, origin) {
+    const resolvedCollection = {};
+    for (const [itemKey, item] of Object.entries(collection)) {
+        resolvedCollection[itemKey] = resolveReferences(item, schema, itemType, content, origin);
+    }
+    return resolvedCollection;
+}

package/dist/routes/actions.d.ts

@@ -1,4 +1,5 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
+import type { EditorialConfig } from "@isardsat/editorial-common";
 import type { Hooks } from "../lib/hooks.js";
 import type { Storage } from "../lib/storage.js";
-export declare function createActionRoutes(storage: Storage, hooks: Hooks): OpenAPIHono<import("hono").Env, {}, "/">;
+export declare function createActionRoutes(config: EditorialConfig, storage: Storage, hooks: Hooks): OpenAPIHono<import("hono").Env, {}, "/">;

package/dist/routes/actions.js

@@ -1,8 +1,9 @@
 import { createRoute, OpenAPIHono, z } from "@hono/zod-openapi";
+import { firebaseAuth } from "../lib/middleware/auth.js";
 const ActionRequestSchema = z.object({
     author: z.string(),
 });
-export function createActionRoutes(storage, hooks) {
+export function createActionRoutes(config, storage, hooks) {
     const app = new OpenAPIHono();
     app.openapi(createRoute({
         method: "post",
@@ -28,6 +29,8 @@ export function createActionRoutes(storage, hooks) {
             },
         },
         tags: ["Actions"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), 
     // TODO: Don't async, let the promises run in the background.
     async (c) => {
@@ -80,6 +83,8 @@ export function createActionRoutes(storage, hooks) {
             },
         },
         tags: ["Actions"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), async (c) => {
         const { author } = c.req.valid("json");
         await hooks.onPull(author);
@@ -104,6 +109,8 @@ export function createActionRoutes(storage, hooks) {
             },
         },
         tags: ["Actions"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), async (c) => {
         const { author } = c.req.valid("json");
         await hooks.onPush(author);

package/dist/routes/data.js

@@ -1,171 +1,10 @@
 import { createRoute, OpenAPIHono, z } from "@hono/zod-openapi";
-import { EditorialDataItemSchema, EditorialDataSchema, EditorialDiffResponseSchema, EditorialSchemaSchema, getOptionsReference, } from "@isardsat/editorial-common";
+import { EditorialDataItemSchema, EditorialDataSchema, EditorialDiffResponseSchema, EditorialSchemaSchema, } from "@isardsat/editorial-common";
+import { createCache } from "../lib/cache.js";
+import { firebaseAuth } from "../lib/middleware/auth.js";
+import { getChangedFields } from "../lib/utils/diff.js";
+import { resolveCollectionReferences, resolveReferences, } from "../lib/utils/resolve.js";
 import { generateMetaSchema } from "../lib/utils/schema.js";
-function createCache() {
-    let schemaCache = null;
-    const contentCache = new Map();
-    const ttl = 5 * 60 * 1000; // 5 minutes TTL
-    function isExpired(entry) {
-        return Date.now() - entry.timestamp > ttl;
-    }
-    return {
-        async getSchema(storage) {
-            if (schemaCache && !isExpired(schemaCache)) {
-                return schemaCache.data;
-            }
-            const schema = await storage.getSchema();
-            schemaCache = { data: schema, timestamp: Date.now() };
-            return schema;
-        },
-        async getContent(storage, options = {}) {
-            const mode = options.production ? "production" : "preview";
-            const langSuffix = options.lang ? `-${options.lang}` : "";
-            const cacheKey = `${mode}${langSuffix}`;
-            const cachedEntry = contentCache.get(cacheKey);
-            if (cachedEntry && !isExpired(cachedEntry)) {
-                return cachedEntry.data;
-            }
-            const content = await storage.getContent(options);
-            contentCache.set(cacheKey, { data: content, timestamp: Date.now() });
-            return content;
-        },
-        invalidateSchema() {
-            schemaCache = null;
-        },
-        invalidateContent() {
-            contentCache.clear();
-        },
-    };
-}
-/**
- * Resolves uploaded file paths to full URLs for an item.
- */
-function resolveFileUrls(item, schema, itemType, origin) {
-    const resolvedItem = { ...item };
-    const itemSchema = schema[itemType];
-    if (!itemSchema)
-        return resolvedItem;
-    for (const [key, value] of Object.entries(resolvedItem)) {
-        if (!itemSchema.fields[key]?.isUploadedFile)
-            continue;
-        if (typeof value !== "string")
-            continue;
-        if (value.startsWith("http"))
-            continue;
-        resolvedItem[key] = `${origin}/${value}`;
-    }
-    return resolvedItem;
-}
-/**
- * Resolves referenced fields in an item, replacing IDs with full objects.
- * Recursively resolves nested references.
- */
-function resolveReferences(item, schema, itemType, content, origin, resolvedIds = new Set()) {
-    const itemIdentifier = `${itemType}:${item.id}`;
-    // Prevent circular references
-    if (resolvedIds.has(itemIdentifier)) {
-        return resolveFileUrls(item, schema, itemType, origin);
-    }
-    resolvedIds.add(itemIdentifier);
-    // First resolve file URLs for the current item
-    let resolvedItem = resolveFileUrls(item, schema, itemType, origin);
-    const itemSchema = schema[itemType];
-    if (!itemSchema)
-        return resolvedItem;
-    for (const [fieldKey, fieldConfig] of Object.entries(itemSchema.fields)) {
-        if (fieldConfig.type !== "select" && fieldConfig.type !== "multiselect") {
-            continue;
-        }
-        const referencedType = getOptionsReference(fieldConfig.options);
-        if (!referencedType)
-            continue;
-        const referencedCollection = content[referencedType];
-        if (!referencedCollection)
-            continue;
-        const fieldValue = item[fieldKey];
-        if (fieldConfig.type === "select" && typeof fieldValue === "string") {
-            // Single reference - replace ID with full object
-            const referencedItem = referencedCollection[fieldValue];
-            if (referencedItem) {
-                // Recursively resolve nested references
-                resolvedItem[fieldKey] = resolveReferences(referencedItem, schema, referencedType, content, origin, new Set(resolvedIds));
-            }
-        }
-        else if (fieldConfig.type === "multiselect" &&
-            Array.isArray(fieldValue)) {
-            // Multiple references - replace IDs with full objects
-            resolvedItem[fieldKey] = fieldValue
-                .map((id) => {
-                const referencedItem = referencedCollection[id];
-                if (!referencedItem)
-                    return null;
-                // Recursively resolve nested references
-                return resolveReferences(referencedItem, schema, referencedType, content, origin, new Set(resolvedIds));
-            })
-                .filter(Boolean);
-        }
-    }
-    return resolvedItem;
-}
-/**
- * Resolves all references in a collection.
- */
-function resolveCollectionReferences(collection, schema, itemType, content, origin) {
-    const resolvedCollection = {};
-    for (const [itemKey, item] of Object.entries(collection)) {
-        resolvedCollection[itemKey] = resolveReferences(item, schema, itemType, content, origin);
-    }
-    return resolvedCollection;
-}
-/**
- * Compares two items and returns the list of fields that have changed.
- * Excludes metadata fields like 'updatedAt'.
- */
-function getChangedFields(previewItem, productionItem) {
-    const changedFields = [];
-    const excludedFields = ["updatedAt", "createdAt"];
-    // Get all unique keys from both items
-    const allKeys = new Set([
-        ...Object.keys(previewItem),
-        ...Object.keys(productionItem),
-    ]);
-    for (const key of allKeys) {
-        if (excludedFields.includes(key))
-            continue;
-        const previewValue = previewItem[key];
-        const productionValue = productionItem[key];
-        if (!deepEqual(previewValue, productionValue)) {
-            changedFields.push(key);
-        }
-    }
-    return changedFields;
-}
-/**
- * Deep equality comparison for values.
- */
-function deepEqual(value1, value2) {
-    if (value1 === value2)
-        return true;
-    if (value1 == null || value2 == null)
-        return false;
-    if (typeof value1 !== typeof value2)
-        return false;
-    if (typeof value1 !== "object") {
-        return value1 === value2;
-    }
-    if (Array.isArray(value1) !== Array.isArray(value2))
-        return false;
-    if (Array.isArray(value1)) {
-        if (value1.length !== value2.length)
-            return false;
-        return value1.every((item, index) => deepEqual(item, value2[index]));
-    }
-    const keys1 = Object.keys(value1);
-    const keys2 = Object.keys(value2);
-    if (keys1.length !== keys2.length)
-        return false;
-    return keys1.every((key) => deepEqual(value1[key], value2[key]));
-}
 export function createDataRoutes(config, storage) {
     const app = new OpenAPIHono();
     const cache = createCache();
@@ -487,6 +326,8 @@ export function createDataRoutes(config, storage) {
             },
         },
         tags: ["Data"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), async (c) => {
         const itemAtts = await c.req.json();
         const newItem = await storage.createItem(itemAtts);
@@ -528,6 +369,8 @@ export function createDataRoutes(config, storage) {
             },
         },
         tags: ["Data"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), async (c) => {
         const itemAtts = await c.req.json();
         const newItem = await storage.updateItem(itemAtts);
@@ -561,6 +404,8 @@ export function createDataRoutes(config, storage) {
             },
         },
         tags: ["Data"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), async (c) => {
         const { itemType, id } = c.req.valid("param");
         await storage.deleteItem({ type: itemType, id });
@@ -604,7 +449,7 @@ export function createDataRoutes(config, storage) {
     });
     app.openapi(createRoute({
         method: "get",
-        path: "/diff",
+        path: "/environments/diff",
         summary: "Get differences between preview and production data",
         responses: {
             200: {

package/dist/routes/files.js

@@ -3,6 +3,7 @@ import { EditorialFilesResponseSchema, } from "@isardsat/editorial-common";
 import { readdirSync, statSync } from "node:fs";
 import { access, constants, mkdir, rename, writeFile } from "node:fs/promises";
 import { basename, dirname, join, normalize, relative } from "node:path";
+import { firebaseAuth } from "../lib/middleware/auth.js";
 export async function createFilesRoutes(config) {
     const app = new OpenAPIHono();
     // Dynamically import the ES module and call its init function
@@ -31,6 +32,8 @@ export async function createFilesRoutes(config) {
             },
         },
         tags: ["Files"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), 
     // TODO: Index large files from bucket.
     async (c) => {
@@ -150,6 +153,8 @@ export async function createFilesRoutes(config) {
             },
         },
         tags: ["Files"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), async (c) => {
         const { path: relativePathInput } = c.req.valid("json");
         try {
@@ -223,6 +228,8 @@ export async function createFilesRoutes(config) {
             },
         },
         tags: ["Files"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), async (c) => {
         try {
             const body = await c.req.parseBody();
@@ -322,6 +329,8 @@ export async function createFilesRoutes(config) {
             },
         },
         tags: ["Files"],
+        middleware: [firebaseAuth(config.firebase?.projectId || "")],
+        security: [{ bearerAuth: [] }],
     }), async (c) => {
         try {
             const { path, name } = c.req.valid("json");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@isardsat/editorial-server",
-  "version": "6.17.0",
+  "version": "6.18.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -12,10 +12,11 @@
     "@hono/swagger-ui": "^0.5.0",
     "@hono/zod-openapi": "^1.1.3",
     "hono": "^4.9.8",
+    "jose": "^6.1.3",
     "yaml": "^2.8.1",
     "zod": "^4.1.11",
-    "@isardsat/editorial-common": "^6.17.0",
-    "@isardsat/editorial-admin": "^6.17.0"
+    "@isardsat/editorial-admin": "^6.18.0",
+    "@isardsat/editorial-common": "^6.18.0"
   },
   "devDependencies": {
     "@tsconfig/node22": "^22.0.0",