API.md

Modules

auth

Frontegg authentication and authorization library for Asset Catalog (contentlake).

Features:

• Frontegg Bearer access token validation (authentication)
• Tenant membership validation for Asset Catalog based on x-space-host header
• Custom permissions and roles authorization
• Provides user information to application code in context.user (token, payload)
• Provides tenant information to application code in context.tenant (spaceId, companyId)

This requires @adobe/helix-universal 4.2.0 or newer.

Usage

There are two ways to use this library:

1. simply plug in auth() as wrapper function to run as middleware for all requests
2. explicitly call handleAuth() inside your own routing logic for only the requests that require the frontegg authentication and authorization

auth() middleware

If the entire function and all its requests should be guarded by the authentication and authorization middleware, add the wrapper function auth:

import wrap from '@adobe/helix-shared-wrap';
import { auth } from '@adobe/asset-compute-auth';
async function run(request, context) {
// your main function
}
export const main = wrap(run)
.with(auth({ permissions: 'some-permission' }))
.with(helixStatus);

handleAuth()

Invoke await handleAuth() inside your own routing logic for the authentication check at the start of request handling:

import { handleAuth } from '@adobe/asset-compute-auth';
// your main function
async function main(request, context) {
if (context.pathInfo === '/api-one') {
// this api path should use the authentication middleware
await handleAuth(request, context, {
permissions: 'some-permission',
});
// your code

} else if (context.pathInfo === '/api-two') {
// this api path should NOT use the authentication middleware
// your code

}
}

Classes

BatchExecutor

This class supports processing items in batches while limiting concurrency to avoid denial requests from downstream systems supporting both cursor-based and tree-based traversals as well as direct batch processing.

It utilizes two queues to control the processing. The traversal queue manages the items which should be checked for additional derived batches or if they should be processed. The processing queue manages the items which should be processed.

This library uses async's eachLimit to execute the functions asynchronously while limiting concurrency.

BaseBatchProvider

A BatchProvider provides batches and items to process to the BatchExecutor. This implementation will do nothing. Implementations should implement this class, implementing the required methods for the use case.

IngestorClient

The ingestor client sends asset data to the Content Lake ingestion service to be ingested

Functions

IngestorClient.(data, keys, toMerge)

Filters the data to the specified keys and then merges with the toMerge object.

Typedefs

OauthCredentials

OauthConfig : Object

BatchResult

ErrorItem

BatchConfig

ExecutionState

IngestionRequest : Object

IngestionResponse : Object

SourceData : Object

The data extracted from the source

BinaryRequest : Object

A description of a HTTP request to make to retrieve a binary

IngestorConfig

auth

Frontegg authentication and authorization library for Asset Catalog (contentlake).

Features:

• Frontegg Bearer access token validation (authentication)
• Tenant membership validation for Asset Catalog based on x-space-host header
• Custom permissions and roles authorization
• Provides user information to application code in context.user (token, payload)
• Provides tenant information to application code in context.tenant (spaceId, companyId)

This requires @adobe/helix-universal 4.2.0 or newer.

Usage

There are two ways to use this library:

1. simply plug in auth() as wrapper function to run as middleware for all requests
2. explicitly call handleAuth() inside your own routing logic for only the requests that require the frontegg authentication and authorization

auth() middleware

If the entire function and all its requests should be guarded by the authentication and authorization middleware, add the wrapper function auth:

import wrap from '@adobe/helix-shared-wrap';
import { auth } from '@adobe/asset-compute-auth';

async function run(request, context) {
  // your main function
}

export const main = wrap(run)
  .with(auth({ permissions: 'some-permission' }))
  .with(helixStatus);

handleAuth()

Invoke await handleAuth() inside your own routing logic for the authentication check at the start of request handling:

import { handleAuth } from '@adobe/asset-compute-auth';

// your main function
async function main(request, context) {
  if (context.pathInfo === '/api-one') {
     // this api path should use the authentication middleware
     await handleAuth(request, context, {
       permissions: 'some-permission',
     });

    // your code

  } else if (context.pathInfo === '/api-two') {
     // this api path should NOT use the authentication middleware

    // your code
  }
}

Summary: Frontegg authentication and authorization library for Asset Catalog

• auth
  • static
    • .handleAuth(request, context, [opts])
    • .auth([opts]) ⇒ function
  • inner
    • ~AuthOptions : object

auth.handleAuth(request, context, [opts])

Authentication and authorization handler for Asset Catalog using Frontegg tokens and space tenants.

This will throw an error if authentication or authorization fails which will result in a 401 or 403 response (with @adobe/helix-universal). If it succeeds, it will simply return. It provides no return value.

On success, user and tenant information is added to context:

• context.user
• context.tenant

Kind: static method of auth

Param	Type	Description
request	Request	the request
context	UniversalContext	the universal context
[opts]	AuthOptions	Authentication and authorization options

auth.auth([opts]) ⇒ function

A helix-shared-wrap middleware (wrapper function) that handles authentication & authorization for all requests by calling handleAuth.

Note that this must be invoked before being passed to wrap().with(fn), unlike other wrapper functions, in order to support passing of custom options:

export const main = wrap(run)
   // minimal
  .with(auth());

   // alternatively with options
  .with(auth({ permissions: 'some-permission' }));

Kind: static method of auth
Returns: function - wrapper for use with @adobe/helix-shared-wrap

Param	Type	Description
[opts]	AuthOptions	Options

auth~AuthOptions : object

Authentication and authorization configuration object.

Kind: inner typedef of auth
Properties

Name	Type	Description
permissions	string | Array.<string>	Frontegg permission(s) the user is required to have
roles	string | Array.<string>	Frontegg role(s) the user is required to have. Warning: it is highly preferred to use permissions instead of roles in code, as that allows for more flexibility in defining and changing roles.
skip	boolean	If true, skip all authentication and authorization checks. Only intended for development & testing.
skipAuthorization	boolean	If true, skip any authorization checks. A valid access token in the request is still required. Only intended for development & testing.

BaseBatchProvider

A BatchProvider provides batches and items to process to the BatchExecutor. This implementation will do nothing. Implementations should implement this class, implementing the required methods for the use case.

Kind: global class

• BaseBatchProvider
  • .formatForLog(item) ⇒ any
  • .getBatch(item) ⇒ Promise.<any>
  • .hasMore(item) ⇒ Promise.<boolean>
  • .process(item) ⇒ Promise.<void>
  • .shouldProcess(item) ⇒ Promise.<boolean>

baseBatchProvider.formatForLog(item) ⇒ any

Formats the item for logging

Kind: instance method of BaseBatchProvider
Returns: any - the formatted item to log

Param	Type	Description
item	any	the item to format

baseBatchProvider.getBatch(item) ⇒ Promise.<any>

Returns the next batch of items

Kind: instance method of BaseBatchProvider

Param	Type	Description
item	any	the item from which to get the next batch

baseBatchProvider.hasMore(item) ⇒ Promise.<boolean>

Checks whether or not there are more items which can be retrieved from the current item

Kind: instance method of BaseBatchProvider

Param	Type	Description
item	any	the item to check if there are more items

baseBatchProvider.process(item) ⇒ Promise.<void>

Processes the specified item. This is a terminal operation for the item. Examples could include sending the item to the ingestion service or logging the item for a report.

Kind: instance method of BaseBatchProvider

Param	Type	Description
item	any	the item to process

baseBatchProvider.shouldProcess(item) ⇒ Promise.<boolean>

Checks if the item should be processed.

Kind: instance method of BaseBatchProvider
Returns: Promise.<boolean> - true if the item should be processed

Param	Type	Description
item	any	the item to evaluate if it should be processed

IngestorClient.(data, keys, toMerge)

Filters the data to the specified keys and then merges with the toMerge object.

Kind: global function

Param	Type
data	Record.<string, any>
keys	Array.<string>
toMerge	Record.<string, any>

OauthCredentials

Kind: global typedef
Properties

Name	Type	Description
accessToken	string | undefined	The current access token or undefined if no token is available
expiration	Date | undefined	The date at which the access token will expire
refreshToken	string | undefined	The current, long lived refresh token or undefined if no token is available

OauthConfig : Object

Kind: global typedef
Properties

Name	Type	Description
redirectUri	string	the URI to which to redirect the user after they authenticate with the OAuth server
sourceId	string	the identifer for the current source
[refreshToken]	string	the refresh token to use if one is already available

BatchResult

Kind: global typedef
Properties

Name	Type
duration	number
errors	Array.<ErrorItem>
processed	number
[traversed]	number

ErrorItem

Kind: global typedef
Properties

Name	Type
method	string
node	any
error	Error | Object

BatchConfig

Kind: global typedef
Properties

Name	Type	Description
log	any
[processLimit]	number	the concurrency limit for process executions
[traversalLimit]	number	the concurrency limit for traversal executions
[waitDuration]	number	the duration to wait if the processing queue is empty

ExecutionState

Kind: global typedef
Properties

Name	Type	Description
[errors]	Array.<ErrorItem>	errors during processing and traversing
[processed]	number	the number of items already processed
[processingBatch]	Array.<any>	the items which are currently being processed
[processingQueue]	Array.<any>	the queue of items to process
[traversed]	number	the items already traversed
[traversalBatch]	Array.<any>	the items currently being traversed
[traversalQueue]	Array.<any>	the items which are queued to be traversed

IngestionRequest : Object

Kind: global typedef
Properties

Name	Type	Description
data	SourceData	the data extracted from the source
binary	BinaryRequest	a description of the request to retrieve the binary for the asset
batchId	string | undefined	an identifier for the current batch

IngestionResponse : Object

Kind: global typedef
Properties

Name	Type	Description
accepted	boolean	true if the asset was accepted by the ingestion service
[reason]	any	the reason the asset was not accepted

SourceData : Object

The data extracted from the source

Kind: global typedef
Properties

Name	Type	Description
sourceAssetId	string	the ID of this asset as interpreted by the source system
sourceType	string	the source from which this asset was retrieved
sourceId	string	the source from which this asset was retrieved
name	string | undefined	the name of the asset as interpreted by the source repository
size	number | undefined	the size of the original asset in bytes
created	Date | undefined	the time at which the asset was created in the source
createdBy	string | undefined	an identifier for the principal which created the asset
lastModified	Date | undefined	the last time the asset was modified
lastModifiedBy	string | undefined	an identifier for the principal which last modified the asset
path	string | undefined	the path to the asset
[binary]	BinaryRequest | undefined	If provided, information about the request that can be sent to retrieve the asset's binary data. If missing, the ingestion process will make a second call to the extractor to retrieve this information.

BinaryRequest : Object

A description of a HTTP request to make to retrieve a binary

Kind: global typedef
Properties

Name	Type	Description
url	string	the url to connect to in order to retrieve the binary
[headers]	Record.<string, string> | undefined	headers to send with the request to retrieve the binary

IngestorConfig

Kind: global typedef
Properties

Name	Type	Description
apiKey	string	the API Key used to call the ingestor
companyId	string	the id of the company for which this should be ingested
jobId	string	the id of the current job
[log]	any	the logger
spaceId	string	the id of the space into which this should be ingested
url	string	the URL for calling the ingestor