- auth
Frontegg authentication and authorization library for Asset Catalog (contentlake).
Features:
- Frontegg Bearer access token validation (authentication)
- Tenant membership validation for Asset Catalog based on
x-space-host
header - Custom
permissions
androles
authorization - Provides user information to application code in context.user (token, payload)
- Provides tenant information to application code in context.tenant (spaceId, companyId)
This requires @adobe/helix-universal 4.2.0 or newer.
There are two ways to use this library:
- simply plug in
auth()
as wrapper function to run as middleware for all requests - explicitly call
handleAuth()
inside your own routing logic for only the requests that require the frontegg authentication and authorization
If the entire function and all its requests should be guarded by the authentication and authorization middleware, add the wrapper function
auth
:import wrap from '@adobe/helix-shared-wrap'; import { auth } from '@adobe/asset-compute-auth';
async function run(request, context) { // your main function }
export const main = wrap(run) .with(auth({ permissions: 'some-permission' })) .with(helixStatus);
Invoke
await handleAuth()
inside your own routing logic for the authentication check at the start of request handling:import { handleAuth } from '@adobe/asset-compute-auth';
// your main function async function main(request, context) { if (context.pathInfo === '/api-one') { // this api path should use the authentication middleware await handleAuth(request, context, { permissions: 'some-permission', });
// your code
} else if (context.pathInfo === '/api-two') { // this api path should NOT use the authentication middleware
// your code
} }
- BatchExecutor
This class supports processing items in batches while limiting concurrency to avoid denial requests from downstream systems supporting both cursor-based and tree-based traversals as well as direct batch processing.
It utilizes two queues to control the processing. The traversal queue manages the items which should be checked for additional derived batches or if they should be processed. The processing queue manages the items which should be processed.
This library uses async's eachLimit to execute the functions asynchronously while limiting concurrency.
- BaseBatchProvider
A BatchProvider provides batches and items to process to the BatchExecutor. This implementation will do nothing. Implementations should implement this class, implementing the required methods for the use case.
- IngestorClient
The ingestor client sends asset data to the Content Lake ingestion service to be ingested
- IngestorClient.(data, keys, toMerge)
Filters the data to the specified keys and then merges with the toMerge object.
- OauthCredentials
- OauthConfig :
Object
- BatchResult
- ErrorItem
- BatchConfig
- ExecutionState
- IngestionRequest :
Object
- IngestionResponse :
Object
- SourceData :
Object
The data extracted from the source
- BinaryRequest :
Object
A description of a HTTP request to make to retrieve a binary
- IngestorConfig
Frontegg authentication and authorization library for Asset Catalog (contentlake).
Features:
- Frontegg Bearer access token validation (authentication)
- Tenant membership validation for Asset Catalog based on
x-space-host
header - Custom
permissions
androles
authorization - Provides user information to application code in context.user (token, payload)
- Provides tenant information to application code in context.tenant (spaceId, companyId)
This requires @adobe/helix-universal 4.2.0 or newer.
There are two ways to use this library:
- simply plug in
auth()
as wrapper function to run as middleware for all requests - explicitly call
handleAuth()
inside your own routing logic for only the requests that require the frontegg authentication and authorization
If the entire function and all its requests should be guarded
by the authentication and authorization middleware, add the
wrapper function auth
:
import wrap from '@adobe/helix-shared-wrap';
import { auth } from '@adobe/asset-compute-auth';
async function run(request, context) {
// your main function
}
export const main = wrap(run)
.with(auth({ permissions: 'some-permission' }))
.with(helixStatus);
Invoke await handleAuth()
inside your own routing logic for the authentication check
at the start of request handling:
import { handleAuth } from '@adobe/asset-compute-auth';
// your main function
async function main(request, context) {
if (context.pathInfo === '/api-one') {
// this api path should use the authentication middleware
await handleAuth(request, context, {
permissions: 'some-permission',
});
// your code
} else if (context.pathInfo === '/api-two') {
// this api path should NOT use the authentication middleware
// your code
}
}
Summary: Frontegg authentication and authorization library for Asset Catalog
- auth
- static
- inner
- ~AuthOptions :
object
- ~AuthOptions :
Authentication and authorization handler for Asset Catalog using Frontegg tokens and space tenants.
This will throw an error if authentication or authorization fails which will result in a 401 or 403 response (with @adobe/helix-universal). If it succeeds, it will simply return. It provides no return value.
On success, user and tenant information is added to context
:
context.user
context.tenant
Kind: static method of auth
Param | Type | Description |
---|---|---|
request | Request |
the request |
context | UniversalContext |
the universal context |
[opts] | AuthOptions |
Authentication and authorization options |
A helix-shared-wrap middleware (wrapper function) that handles authentication & authorization for all requests by calling handleAuth.
Note that this must be invoked before being passed to wrap().with(fn)
, unlike
other wrapper functions, in order to support passing of custom options:
export const main = wrap(run)
// minimal
.with(auth());
// alternatively with options
.with(auth({ permissions: 'some-permission' }));
Kind: static method of auth
Returns: function
- wrapper for use with @adobe/helix-shared-wrap
Param | Type | Description |
---|---|---|
[opts] | AuthOptions |
Options |
Authentication and authorization configuration object.
Kind: inner typedef of auth
Properties
Name | Type | Description |
---|---|---|
permissions | string | Array.<string> |
Frontegg permission(s) the user is required to have |
roles | string | Array.<string> |
Frontegg role(s) the user is required to have. Warning: it is highly preferred to use permissions instead of roles in code, as that allows for more flexibility in defining and changing roles. |
skip | boolean |
If true , skip all authentication and authorization checks. Only intended for development & testing. |
skipAuthorization | boolean |
If true , skip any authorization checks. A valid access token in the request is still required. Only intended for development & testing. |
A BatchProvider provides batches and items to process to the BatchExecutor. This implementation will do nothing. Implementations should implement this class, implementing the required methods for the use case.
Kind: global class
- BaseBatchProvider
- .formatForLog(item) ⇒
any
- .getBatch(item) ⇒
Promise.<any>
- .hasMore(item) ⇒
Promise.<boolean>
- .process(item) ⇒
Promise.<void>
- .shouldProcess(item) ⇒
Promise.<boolean>
- .formatForLog(item) ⇒
Formats the item for logging
Kind: instance method of BaseBatchProvider
Returns: any
- the formatted item to log
Param | Type | Description |
---|---|---|
item | any |
the item to format |
Returns the next batch of items
Kind: instance method of BaseBatchProvider
Param | Type | Description |
---|---|---|
item | any |
the item from which to get the next batch |
Checks whether or not there are more items which can be retrieved from the current item
Kind: instance method of BaseBatchProvider
Param | Type | Description |
---|---|---|
item | any |
the item to check if there are more items |
Processes the specified item. This is a terminal operation for the item. Examples could include sending the item to the ingestion service or logging the item for a report.
Kind: instance method of BaseBatchProvider
Param | Type | Description |
---|---|---|
item | any |
the item to process |
Checks if the item should be processed.
Kind: instance method of BaseBatchProvider
Returns: Promise.<boolean>
- true if the item should be processed
Param | Type | Description |
---|---|---|
item | any |
the item to evaluate if it should be processed |
Filters the data to the specified keys and then merges with the toMerge object.
Kind: global function
Param | Type |
---|---|
data | Record.<string, any> |
keys | Array.<string> |
toMerge | Record.<string, any> |
Kind: global typedef
Properties
Name | Type | Description |
---|---|---|
accessToken | string | undefined |
The current access token or undefined if no token is available |
expiration | Date | undefined |
The date at which the access token will expire |
refreshToken | string | undefined |
The current, long lived refresh token or undefined if no token is available |
Kind: global typedef
Properties
Name | Type | Description |
---|---|---|
redirectUri | string |
the URI to which to redirect the user after they authenticate with the OAuth server |
sourceId | string |
the identifer for the current source |
[refreshToken] | string |
the refresh token to use if one is already available |
Kind: global typedef
Properties
Name | Type |
---|---|
duration | number |
errors | Array.<ErrorItem> |
processed | number |
[traversed] | number |
Kind: global typedef
Properties
Name | Type |
---|---|
method | string |
node | any |
error | Error | Object |
Kind: global typedef
Properties
Name | Type | Description |
---|---|---|
log | any |
|
[processLimit] | number |
the concurrency limit for process executions |
[traversalLimit] | number |
the concurrency limit for traversal executions |
[waitDuration] | number |
the duration to wait if the processing queue is empty |
Kind: global typedef
Properties
Name | Type | Description |
---|---|---|
[errors] | Array.<ErrorItem> |
errors during processing and traversing |
[processed] | number |
the number of items already processed |
[processingBatch] | Array.<any> |
the items which are currently being processed |
[processingQueue] | Array.<any> |
the queue of items to process |
[traversed] | number |
the items already traversed |
[traversalBatch] | Array.<any> |
the items currently being traversed |
[traversalQueue] | Array.<any> |
the items which are queued to be traversed |
Kind: global typedef
Properties
Name | Type | Description |
---|---|---|
data | SourceData |
the data extracted from the source |
binary | BinaryRequest |
a description of the request to retrieve the binary for the asset |
batchId | string | undefined |
an identifier for the current batch |
Kind: global typedef
Properties
Name | Type | Description |
---|---|---|
accepted | boolean |
true if the asset was accepted by the ingestion service |
[reason] | any |
the reason the asset was not accepted |
The data extracted from the source
Kind: global typedef
Properties
Name | Type | Description |
---|---|---|
sourceAssetId | string |
the ID of this asset as interpreted by the source system |
sourceType | string |
the source from which this asset was retrieved |
sourceId | string |
the source from which this asset was retrieved |
name | string | undefined |
the name of the asset as interpreted by the source repository |
size | number | undefined |
the size of the original asset in bytes |
created | Date | undefined |
the time at which the asset was created in the source |
createdBy | string | undefined |
an identifier for the principal which created the asset |
lastModified | Date | undefined |
the last time the asset was modified |
lastModifiedBy | string | undefined |
an identifier for the principal which last modified the asset |
path | string | undefined |
the path to the asset |
[binary] | BinaryRequest | undefined |
If provided, information about the request that can be sent to retrieve the asset's binary data. If missing, the ingestion process will make a second call to the extractor to retrieve this information. |
A description of a HTTP request to make to retrieve a binary
Kind: global typedef
Properties
Name | Type | Description |
---|---|---|
url | string |
the url to connect to in order to retrieve the binary |
[headers] | Record.<string, string> | undefined |
headers to send with the request to retrieve the binary |
Kind: global typedef
Properties
Name | Type | Description |
---|---|---|
apiKey | string |
the API Key used to call the ingestor |
companyId | string |
the id of the company for which this should be ingested |
jobId | string |
the id of the current job |
[log] | any |
the logger |
spaceId | string |
the id of the space into which this should be ingested |
url | string |
the URL for calling the ingestor |