npm - configuration-management - Versions diffs - 0.1.2 → 0.1.3 - Mend

configuration-management 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/package.json +4 -2
package/README.md +0 -199
package/actions/configurations/ext.config.yaml +0 -151
package/src/abdb-config.js +0 -241
package/src/abdb-helper.js +0 -476
package/src/index.js +0 -20
package/src/oauth1a.js +0 -135
package/src/system-config-crypto.js +0 -113
package/src/system-config-shared.js +0 -89
package/web/styles.css +0 -1

package/src/system-config-crypto.js DELETED Viewed

@@ -1,113 +0,0 @@
-/*
-Copyright 2025 Adobe. All rights reserved.
-This file is licensed to you under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License. You may obtain a copy
-of the License at http://www.apache.org/licenses/LICENSE-2.0
-*/
-// Equivalent of Magento's env.php `crypt.key`: a project-wide secret used to
-// derive an AES-256-GCM key that protects sensitive system_config values at
-// rest in App Builder DB (aio-lib-state).
-//
-// Key material is taken from action params/env (never from request payload):
-//   SYSTEM_CONFIG_CRYPT_KEY   – preferred, dedicated secret
-//   OAUTH_CLIENT_SECRET       – fallback, the workspace's client secret
-//
-// Wire format for ciphertext (string):
-//   enc:v1:<base64url(salt)>:<base64url(iv)>:<base64url(tag)>:<base64url(ct)>
-// `v1` lets us rotate the algorithm later without breaking previously stored
-// values. `salt` is per-record so the derived key changes even if the same
-// master secret is reused across records.
-const crypto = require('crypto')
-const ENC_PREFIX = 'enc:v1:'
-const KEY_BYTES = 32
-const IV_BYTES = 12
-const SALT_BYTES = 16
-const SCRYPT_PARAMS = { N: 16384, r: 8, p: 1 }
-function b64uEncode (buf) {
-  return Buffer.from(buf).toString('base64url')
-}
-function b64uDecode (str) {
-  return Buffer.from(str, 'base64url')
-}
-function resolveMasterSecret (params = {}) {
-  const secret =
-    params.SYSTEM_CONFIG_CRYPT_KEY ||
-    params.OAUTH_CLIENT_SECRET ||
-    process.env.SYSTEM_CONFIG_CRYPT_KEY ||
-    process.env.OAUTH_CLIENT_SECRET ||
-    ''
-  if (!secret || typeof secret !== 'string' || secret.length < 8) {
-    throw new Error(
-      'Encryption key not configured: set SYSTEM_CONFIG_CRYPT_KEY or OAUTH_CLIENT_SECRET'
-    )
-  }
-  return secret
-}
-function deriveKey (masterSecret, salt) {
-  return crypto.scryptSync(masterSecret, salt, KEY_BYTES, SCRYPT_PARAMS)
-}
-function isEncrypted (value) {
-  return typeof value === 'string' && value.startsWith(ENC_PREFIX)
-}
-function encrypt (plaintext, params) {
-  if (plaintext == null || plaintext === '') {
-    return plaintext
-  }
-  const text = typeof plaintext === 'string' ? plaintext : String(plaintext)
-  const secret = resolveMasterSecret(params)
-  const salt = crypto.randomBytes(SALT_BYTES)
-  const iv = crypto.randomBytes(IV_BYTES)
-  const key = deriveKey(secret, salt)
-  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv)
-  const ct = Buffer.concat([cipher.update(text, 'utf8'), cipher.final()])
-  const tag = cipher.getAuthTag()
-  return [
-    ENC_PREFIX,
-    b64uEncode(salt),
-    ':',
-    b64uEncode(iv),
-    ':',
-    b64uEncode(tag),
-    ':',
-    b64uEncode(ct)
-  ].join('')
-}
-function decrypt (encrypted, params) {
-  if (!isEncrypted(encrypted)) {
-    return encrypted
-  }
-  const body = encrypted.slice(ENC_PREFIX.length)
-  const parts = body.split(':')
-  if (parts.length !== 4) {
-    throw new Error('Malformed encrypted value')
-  }
-  const [saltB64, ivB64, tagB64, ctB64] = parts
-  const secret = resolveMasterSecret(params)
-  const salt = b64uDecode(saltB64)
-  const iv = b64uDecode(ivB64)
-  const tag = b64uDecode(tagB64)
-  const ct = b64uDecode(ctB64)
-  const key = deriveKey(secret, salt)
-  const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv)
-  decipher.setAuthTag(tag)
-  const pt = Buffer.concat([decipher.update(ct), decipher.final()])
-  return pt.toString('utf8')
-}
-module.exports = {
-  ENC_PREFIX,
-  isEncrypted,
-  encrypt,
-  decrypt,
-  resolveMasterSecret
-}

package/src/system-config-shared.js DELETED Viewed

@@ -1,89 +0,0 @@
-/*
-Copyright 2025 Adobe. All rights reserved.
-This file is licensed to you under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License. You may obtain a copy
-of the License at http://www.apache.org/licenses/LICENSE-2.0
-*/
-// Mirrors Magento's core_config_data: (scope, scope_id, path, value).
-// aio-lib-state keys allow [a-zA-Z0-9_-] only, so we encode
-//   scope=`default` scopeId=0  path=`web/secure/base_url`
-// as the state key
-//   sysconfig__default__0__web__secure__base_url
-const STATE_KEY_PREFIX = 'sysconfig__'
-const SCOPES = ['default', 'websites', 'stores']
-const PATH_SEGMENT = /^[a-zA-Z0-9_-]+$/
-const SCOPE_ID_RE = /^[a-zA-Z0-9_-]+$/
-const SENSITIVE_PLACEHOLDER = '__SENSITIVE_UNCHANGED__'
-const USE_DEFAULT_SENTINEL = '__USE_DEFAULT__'
-function isValidPath (path) {
-  if (typeof path !== 'string') return false
-  const parts = path.split('/')
-  if (parts.length !== 3) return false
-  return parts.every((p) => PATH_SEGMENT.test(p))
-}
-function normalizeScope (scope) {
-  if (!scope) return 'default'
-  if (!SCOPES.includes(scope)) {
-    throw new Error(`Invalid scope "${scope}". Expected one of: ${SCOPES.join(', ')}`)
-  }
-  return scope
-}
-function normalizeScopeId (scope, scopeId) {
-  if (scope === 'default') return '0'
-  const id = String(scopeId ?? '').trim()
-  if (!id || !SCOPE_ID_RE.test(id)) {
-    throw new Error(`Invalid scopeId "${scopeId}" for scope "${scope}"`)
-  }
-  return id
-}
-function toStateKey (scope, scopeId, path) {
-  if (!isValidPath(path)) {
-    throw new Error(`Invalid config path: ${path}`)
-  }
-  const s = normalizeScope(scope)
-  const sid = normalizeScopeId(s, scopeId)
-  return [STATE_KEY_PREFIX, s, '__', sid, '__', path.split('/').join('__')].join('')
-}
-/**
- * Magento-style fallback chain. When reading at store scope we look up:
- *   stores:<storeId>  →  websites:<websiteId>  →  default:0
- * `parentWebsiteId` is supplied by the caller (resolved from /rest/V1/store/storeViews).
- */
-function buildInheritanceChain (scope, scopeId, parentWebsiteId) {
-  const s = normalizeScope(scope)
-  if (s === 'default') {
-    return [{ scope: 'default', scopeId: '0' }]
-  }
-  if (s === 'websites') {
-    return [
-      { scope: 'websites', scopeId: normalizeScopeId('websites', scopeId) },
-      { scope: 'default', scopeId: '0' }
-    ]
-  }
-  // stores
-  const chain = [{ scope: 'stores', scopeId: normalizeScopeId('stores', scopeId) }]
-  if (parentWebsiteId !== undefined && parentWebsiteId !== null && String(parentWebsiteId) !== '') {
-    chain.push({ scope: 'websites', scopeId: normalizeScopeId('websites', parentWebsiteId) })
-  }
-  chain.push({ scope: 'default', scopeId: '0' })
-  return chain
-}
-module.exports = {
-  STATE_KEY_PREFIX,
-  SCOPES,
-  SENSITIVE_PLACEHOLDER,
-  USE_DEFAULT_SENTINEL,
-  isValidPath,
-  normalizeScope,
-  normalizeScopeId,
-  toStateKey,
-  buildInheritanceChain
-}

package/web/styles.css DELETED Viewed

	@@ -1 +0,0 @@
1	- @import './src/styles/index.css';