Remove space code from VA integrations (#568)

* Remove space code from VA integrations

* Add changeset

* prettier fix

* review

* format

* Add target

Author: vibhanshub

.changeset/thick-dodos-film.md

@@ -0,0 +1,9 @@
+---
+'@gitbook/integration-va-auth0': patch
+'@gitbook/integration-va-azure': patch
+'@gitbook/integration-cognito': patch
+'@gitbook/integration-va-okta': patch
+'@gitbook/integration-oidc': patch
+---
+
+Remove space code from VA integrations

integrations/cognito/gitbook-manifest.yaml

@@ -8,11 +8,8 @@ description: Control who has access to your published documentation with AWS Cog
 visibility: public
 script: ./src/index.tsx
 scopes:
-    - space:metadata:read
-    - space:visitor:auth
     - site:metadata:read
     - site:visitor:auth
-    - space:content:read
 organization: gitbook
 summary: |
     # Overview
@@ -28,8 +25,6 @@ summary: |
 categories:
     - visitor-auth
 configurations:
-    space:
-        componentId: config
     site:
         componentId: config
 target: site

integrations/cognito/src/index.tsx

@@ -1,7 +1,10 @@
 import { sign } from '@tsndr/cloudflare-worker-jwt';
 import { Router } from 'itty-router';
 
-import { IntegrationInstallationConfiguration } from '@gitbook/api';
+import {
+    FetchVisitorAuthenticationEvent,
+    IntegrationInstallationConfiguration,
+} from '@gitbook/api';
 import {
     createIntegration,
     FetchEventCallback,
@@ -317,7 +320,10 @@ const handleFetchEvent: FetchEventCallback<CognitoRuntimeContext> = async (reque
 export default createIntegration({
     fetch: handleFetchEvent,
     components: [configBlock],
-    fetch_visitor_authentication: async (event, context) => {
+    fetch_visitor_authentication: async (
+        event: FetchVisitorAuthenticationEvent,
+        context: CognitoRuntimeContext,
+    ) => {
         const { environment } = context;
         const siteInstallation = assertInstallation(environment);
 

integrations/oidc/gitbook-manifest.yaml

@@ -7,11 +7,8 @@ description: Control who has access to your published documentation with your au
 visibility: public
 script: ./src/index.tsx
 scopes:
-    - space:metadata:read
-    - space:visitor:auth
     - site:metadata:read
     - site:visitor:auth
-    - space:content:read
 organization: gitbook
 summary: |
     # Overview
@@ -27,8 +24,6 @@ summary: |
 categories:
     - visitor-auth
 configurations:
-    space:
-        componentId: config
     site:
         componentId: config
-target: all
+target: site

integrations/oidc/package.json

@@ -13,6 +13,7 @@
         "@gitbook/tsconfig": "workspace:*"
     },
     "scripts": {
+        "typecheck": "tsc --noEmit",
         "publish-integrations-staging": "gitbook publish .",
         "check": "gitbook check",
         "publish-integrations": "gitbook publish ."

integrations/oidc/src/index.tsx

@@ -9,33 +9,31 @@ import {
     RuntimeContext,
     RuntimeEnvironment,
     createComponent,
+    ExposableError,
 } from '@gitbook/runtime';
 
 const logger = Logger('oidc.visitor-auth');
 
-type OIDCRuntimeEnvironment = RuntimeEnvironment<{}, OIDCSiteOrSpaceInstallationConfiguration>;
+type OIDCRuntimeEnvironment = RuntimeEnvironment<{}, OIDCSiteInstallationConfiguration>;
 
 type OIDCRuntimeContext = RuntimeContext<OIDCRuntimeEnvironment>;
 
-type OIDCSiteOrSpaceInstallationConfiguration = {
+type OIDCSiteInstallationConfiguration = {
     client_id?: string;
     authorization_endpoint?: string;
     access_token_endpoint?: string;
     client_secret?: string;
     scope?: string;
 };
 
-type OIDCState = OIDCSiteOrSpaceInstallationConfiguration;
+type OIDCState = OIDCSiteInstallationConfiguration;
 
 type OIDCProps = {
     installation: {
         configuration?: IntegrationInstallationConfiguration;
     };
-    spaceInstallation: {
-        configuration?: OIDCSiteOrSpaceInstallationConfiguration;
-    };
     siteInstallation: {
-        configuration?: OIDCSiteOrSpaceInstallationConfiguration;
+        configuration?: OIDCSiteInstallationConfiguration;
     };
 };
 
@@ -55,64 +53,50 @@ const getDomainWithHttps = (url: string): string => {
 const configBlock = createComponent<OIDCProps, OIDCState, OIDCAction, OIDCRuntimeContext>({
     componentId: 'config',
     initialState: (props) => {
-        const siteOrSpaceInstallation = props.siteInstallation ?? props.spaceInstallation;
+        const siteInstallation = props.siteInstallation;
         return {
-            client_id: siteOrSpaceInstallation.configuration?.client_id?.toString() || '',
-            authorization_endpoint:
-                siteOrSpaceInstallation.configuration?.authorization_endpoint?.toString() || '',
-            access_token_endpoint:
-                siteOrSpaceInstallation.configuration?.access_token_endpoint?.toString() || '',
-            client_secret: siteOrSpaceInstallation.configuration?.client_secret?.toString() || '',
-            scope: siteOrSpaceInstallation.configuration?.scope?.toString() || '',
+            client_id: siteInstallation.configuration?.client_id || '',
+            authorization_endpoint: siteInstallation.configuration?.authorization_endpoint || '',
+            access_token_endpoint: siteInstallation.configuration?.access_token_endpoint || '',
+            client_secret: siteInstallation.configuration?.client_secret || '',
+            scope: siteInstallation.configuration?.scope || '',
         };
     },
     action: async (element, action, context) => {
         switch (action.action) {
             case 'save.config':
                 const { api, environment } = context;
-                const siteOrSpaceInstallation =
-                    environment.siteInstallation ?? environment.spaceInstallation;
+
+                const siteInstallation = assertSiteInstallation(environment);
 
                 const configurationBody = {
-                    ...siteOrSpaceInstallation.configuration,
+                    ...siteInstallation.configuration,
                     client_id: element.state.client_id,
                     client_secret: element.state.client_secret,
                     authorization_endpoint: getDomainWithHttps(
-                        element.state.authorization_endpoint,
+                        element.state.authorization_endpoint ?? '',
+                    ),
+                    access_token_endpoint: getDomainWithHttps(
+                        element.state.access_token_endpoint ?? '',
                     ),
-                    access_token_endpoint: getDomainWithHttps(element.state.access_token_endpoint),
                     scope: element.state.scope,
                 };
-                if ('site' in siteOrSpaceInstallation) {
-                    await api.integrations.updateIntegrationSiteInstallation(
-                        siteOrSpaceInstallation.integration,
-                        siteOrSpaceInstallation.installation,
-                        siteOrSpaceInstallation.site,
-                        {
-                            configuration: {
-                                ...configurationBody,
-                            },
-                        },
-                    );
-                } else {
-                    await api.integrations.updateIntegrationSpaceInstallation(
-                        siteOrSpaceInstallation.integration,
-                        siteOrSpaceInstallation.installation,
-                        siteOrSpaceInstallation.space,
-                        {
-                            configuration: {
-                                ...configurationBody,
-                            },
+                await api.integrations.updateIntegrationSiteInstallation(
+                    siteInstallation.integration,
+                    siteInstallation.installation,
+                    siteInstallation.site,
+                    {
+                        configuration: {
+                            ...configurationBody,
                         },
-                    );
-                }
+                    },
+                );
                 return element;
         }
     },
     render: async (element, context) => {
-        const siteOrSpaceInstallation =
-            context.environment.siteInstallation ?? context.environment.spaceInstallation;
-        const VACallbackURL = `${siteOrSpaceInstallation?.urls?.publicEndpoint}/visitor-auth/response`;
+        const siteInstallation = context.environment.siteInstallation;
+        const VACallbackURL = `${siteInstallation?.urls?.publicEndpoint}/visitor-auth/response`;
         return (
             <block>
                 <input
@@ -243,38 +227,50 @@ const configBlock = createComponent<OIDCProps, OIDCState, OIDCAction, OIDCRuntim
 });
 
 /**
- * Get the published content (site or space) related urls.
+ * Get the published content related urls.
  */
 async function getPublishedContentUrls(context: OIDCRuntimeContext) {
-    const organizationId = context.environment.installation?.target?.organization;
-    const siteOrSpaceInstallation =
-        context.environment.siteInstallation ?? context.environment.spaceInstallation;
-    const publishedContentData =
-        'site' in siteOrSpaceInstallation
-            ? await context.api.orgs.getSiteById(organizationId, siteOrSpaceInstallation.site)
-            : await context.api.spaces.getSpaceById(siteOrSpaceInstallation.space);
+    const organizationId = assertOrgId(context.environment);
+    const siteInstallation = assertSiteInstallation(context.environment);
+    const publishedContentData = await context.api.orgs.getSiteById(
+        organizationId,
+        siteInstallation.site,
+    );
 
     return publishedContentData.data.urls;
 }
 
+function assertSiteInstallation(environment: OIDCRuntimeEnvironment) {
+    const siteInstallation = environment.siteInstallation;
+    if (!siteInstallation) {
+        throw new Error('No site installation found');
+    }
+
+    return siteInstallation;
+}
+
+function assertOrgId(environment: OIDCRuntimeEnvironment) {
+    const orgId = environment.installation?.target?.organization!;
+    if (!orgId) {
+        throw new Error('No org ID found');
+    }
+
+    return orgId;
+}
+
 const handleFetchEvent: FetchEventCallback<OIDCRuntimeContext> = async (request, context) => {
     const { environment } = context;
-    const siteOrSpaceInstallation = environment.siteInstallation ?? environment.spaceInstallation;
-    const installationURL = siteOrSpaceInstallation?.urls?.publicEndpoint;
+    const siteInstallation = assertSiteInstallation(environment);
+    const installationURL = siteInstallation.urls?.publicEndpoint;
     if (installationURL) {
         const router = Router({
             base: new URL(installationURL).pathname,
         });
 
         router.get('/visitor-auth/response', async (request) => {
-            if (
-                ('site' in siteOrSpaceInstallation && siteOrSpaceInstallation.site) ||
-                ('space' in siteOrSpaceInstallation && siteOrSpaceInstallation.space)
-            ) {
+            if ('site' in siteInstallation && siteInstallation.site) {
                 const publishedContentUrls = await getPublishedContentUrls(context);
-                const privateKey =
-                    context.environment.signingSecrets.siteInstallation ??
-                    context.environment.signingSecrets.spaceInstallation;
+                const privateKey = context.environment.signingSecrets.siteInstallation!;
                 let token;
                 try {
                     token = await sign(
@@ -287,11 +283,10 @@ const handleFetchEvent: FetchEventCallback<OIDCRuntimeContext> = async (request,
                     });
                 }
 
-                const accessTokenEndpoint =
-                    siteOrSpaceInstallation.configuration.access_token_endpoint;
-                const clientId = siteOrSpaceInstallation.configuration.client_id;
-                const clientSecret = siteOrSpaceInstallation.configuration.client_secret;
-                if (clientId && clientSecret) {
+                const accessTokenEndpoint = siteInstallation.configuration.access_token_endpoint;
+                const clientId = siteInstallation.configuration.client_id;
+                const clientSecret = siteInstallation.configuration.client_secret;
+                if (clientId && clientSecret && accessTokenEndpoint) {
                     const searchParams = new URLSearchParams({
                         grant_type: 'authorization_code',
                         client_id: clientId,
@@ -317,13 +312,13 @@ const handleFetchEvent: FetchEventCallback<OIDCRuntimeContext> = async (request,
 
                     if ('access_token' in resp) {
                         let url;
-                        const state = request.query.state.toString();
+                        const state = request.query.state!.toString();
                         const location = state.substring(state.indexOf('-') + 1);
                         if (location) {
                             url = new URL(`${publishedContentUrls?.published}${location}`);
                             url.searchParams.append('jwt_token', token);
                         } else {
-                            url = new URL(publishedContentUrls?.published);
+                            url = new URL(publishedContentUrls?.published!);
                             url.searchParams.append('jwt_token', token);
                         }
                         if (publishedContentUrls?.published && token) {
@@ -351,9 +346,12 @@ const handleFetchEvent: FetchEventCallback<OIDCRuntimeContext> = async (request,
                         );
                     }
                 } else {
-                    return new Response('Error: Either ClientId or Client Secret is missing', {
-                        status: 400,
-                    });
+                    return new Response(
+                        'Error: Either ClientId or Client Secret or Access Token Endpoint is missing',
+                        {
+                            status: 400,
+                        },
+                    );
                 }
             }
         });
@@ -383,14 +381,17 @@ export default createIntegration({
     components: [configBlock],
     fetch_visitor_authentication: async (event, context) => {
         const { environment } = context;
-        const siteOrSpaceInstallation =
-            environment.siteInstallation ?? environment.spaceInstallation;
+        const siteInstallation = assertSiteInstallation(environment);
 
-        const installationURL = siteOrSpaceInstallation?.urls?.publicEndpoint;
+        const installationURL = siteInstallation.urls.publicEndpoint;
+        const configuration = siteInstallation.configuration;
 
-        const authorizationEndpoint = siteOrSpaceInstallation?.configuration.authorization_endpoint;
-        const clientId = siteOrSpaceInstallation?.configuration.client_id;
-        const scope = siteOrSpaceInstallation?.configuration.scope;
+        const authorizationEndpoint = configuration.authorization_endpoint;
+        const clientId = configuration.client_id;
+        const scope = configuration.scope;
+        if (!clientId || !authorizationEndpoint || !scope) {
+            throw new ExposableError('OIDC configuration is missing');
+        }
 
         const location = event.location ? event.location : '';
 
@@ -401,12 +402,6 @@ export default createIntegration({
         url.searchParams.append('scope', scope.toLowerCase());
         url.searchParams.append('state', `state-${location}`);
 
-        try {
-            return Response.redirect(url.toString());
-        } catch (e) {
-            return new Response(e.message, {
-                status: e.status || 500,
-            });
-        }
+        return Response.redirect(url.toString());
     },
 });

integrations/va-auth0/gitbook-manifest.yaml

@@ -7,11 +7,8 @@ description: Control who has access to your published documentation with Auth0
 visibility: public
 script: ./src/index.tsx
 scopes:
-    - space:metadata:read
-    - space:visitor:auth
     - site:metadata:read
     - site:visitor:auth
-    - space:content:read
 organization: gitbook
 summary: |
     # Overview
@@ -28,8 +25,6 @@ summary: |
 categories:
     - visitor-auth
 configurations:
-    space:
-        componentId: config
     site:
         componentId: config
 target: site

integrations/va-auth0/package.json

@@ -13,6 +13,7 @@
         "@gitbook/tsconfig": "workspace:*"
     },
     "scripts": {
+        "typecheck": "tsc --noEmit",
         "publish-integrations-staging": "gitbook publish .",
         "check": "gitbook check",
         "publish-integrations": "gitbook publish ."