@assetlab/mcp-server 1.19.5 → 1.19.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client.js +21 -4
- package/dist/client.js.map +1 -1
- package/dist/oauth.d.ts +52 -15
- package/dist/oauth.js +538 -204
- package/dist/oauth.js.map +1 -1
- package/dist/tools-write.js +41 -2
- package/dist/tools-write.js.map +1 -1
- package/dist/tools.d.ts +1 -1
- package/dist/tools.js +28 -0
- package/dist/tools.js.map +1 -1
- package/dist/worker.d.ts +11 -0
- package/dist/worker.js +70 -27
- package/dist/worker.js.map +1 -1
- package/package.json +6 -1
package/dist/client.js
CHANGED
|
@@ -12,6 +12,23 @@ export class AssetLabClientError extends Error {
|
|
|
12
12
|
this.status = status;
|
|
13
13
|
}
|
|
14
14
|
}
|
|
15
|
+
// F-016 — Identity-defining keys must come from the gateway's JWT-derived
|
|
16
|
+
// context, never from the caller. Stripping here is defense-in-depth: the
|
|
17
|
+
// gateway already overrides these from the verified Clerk claims, but a
|
|
18
|
+
// future endpoint or gateway misconfig shouldn't immediately turn into a
|
|
19
|
+
// tenant-isolation bypass.
|
|
20
|
+
const STRIP_KEYS = ['tenant_id', 'organization_id', 'org_id'];
|
|
21
|
+
function stripIdentityKeys(payload) {
|
|
22
|
+
let cleaned;
|
|
23
|
+
for (const k of STRIP_KEYS) {
|
|
24
|
+
if (k in payload) {
|
|
25
|
+
if (!cleaned)
|
|
26
|
+
cleaned = { ...payload };
|
|
27
|
+
delete cleaned[k];
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
return cleaned ?? payload;
|
|
31
|
+
}
|
|
15
32
|
export class AssetLabClient {
|
|
16
33
|
baseUrl;
|
|
17
34
|
apiKey;
|
|
@@ -120,7 +137,7 @@ export class AssetLabClient {
|
|
|
120
137
|
return res.json();
|
|
121
138
|
}
|
|
122
139
|
async create(resource, body) {
|
|
123
|
-
return this.post(`/${resource}`, body);
|
|
140
|
+
return this.post(`/${resource}`, stripIdentityKeys(body));
|
|
124
141
|
}
|
|
125
142
|
async patch(path, body) {
|
|
126
143
|
const url = `${this.baseUrl}${path}`;
|
|
@@ -157,7 +174,7 @@ export class AssetLabClient {
|
|
|
157
174
|
return res.json();
|
|
158
175
|
}
|
|
159
176
|
async update(resource, id, body) {
|
|
160
|
-
return this.patch(`/${resource}/${id}`, body);
|
|
177
|
+
return this.patch(`/${resource}/${id}`, stripIdentityKeys(body));
|
|
161
178
|
}
|
|
162
179
|
async fetchBulk(method, path, items) {
|
|
163
180
|
const url = `${this.baseUrl}${path}`;
|
|
@@ -190,10 +207,10 @@ export class AssetLabClient {
|
|
|
190
207
|
}
|
|
191
208
|
}
|
|
192
209
|
async bulkCreate(resource, items) {
|
|
193
|
-
return this.fetchBulk('POST', `/${resource}/bulk`, items);
|
|
210
|
+
return this.fetchBulk('POST', `/${resource}/bulk`, items.map(stripIdentityKeys));
|
|
194
211
|
}
|
|
195
212
|
async bulkUpdate(resource, items) {
|
|
196
|
-
return this.fetchBulk('PATCH', `/${resource}/bulk`, items);
|
|
213
|
+
return this.fetchBulk('PATCH', `/${resource}/bulk`, items.map(stripIdentityKeys));
|
|
197
214
|
}
|
|
198
215
|
async del(path) {
|
|
199
216
|
const url = `${this.baseUrl}${path}`;
|
package/dist/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAkCH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,MAAM,CAAQ;IACd,YAAY,MAAc,EAAE,OAAe;QACzC,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAA;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;CACF;AAED,MAAM,OAAO,cAAc;IACjB,OAAO,CAAQ;IACf,MAAM,CAAQ;IAEtB,YAAY,MAAsB;QAChC,+DAA+D;QAC/D,IAAI,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;QAC3C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,GAAG,IAAI,KAAK,CAAA;QACd,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,GAAG,CAAA;QAClB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;IAC7B,CAAC;IAED,KAAK,CAAC,GAAG,CACP,IAAY,EACZ,MAAoD;QAEpD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC,CAAA;QAC7C,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5C,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;oBAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACtC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACxC,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,gCAAgC;YAChC,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC1D,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CAAC,CAAA;gBAChB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,IAAI,CACR,QAAgB,EAChB,MAAoD;QAEpD,OAAO,IAAI,CAAC,GAAG,CAAuB,IAAI,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAA;IAC/D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CACX,QAAgB,EAChB,MAAoD;QAEpD,MAAM,OAAO,GAAQ,EAAE,CAAA;QACvB,IAAI,IAAI,GAAG,CAAC,CAAA;QACZ,MAAM,OAAO,GAAG,IAAI,CAAA;QAEpB,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAI,QAAQ,EAAE,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAA;YACnF,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAA;YAE5B,IAAI,IAAI,IAAI,MAAM,CAAC,UAAU,CAAC,WAAW;gBAAE,MAAK;YAChD,IAAI,EAAE,CAAA;QACR,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,CAAA;IACjD,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,EAAU;QAEV,OAAO,IAAI,CAAC,GAAG,CAAoB,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,CAAC,IAAI,CACR,IAAY,EACZ,IAA6B;QAE7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACxC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC1D,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CAAC,CAAA;gBAChB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,IAA6B;QAE7B,OAAO,IAAI,CAAC,IAAI,CAAoB,IAAI,QAAQ,EAAE,EAAE,IAAI,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAkCH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,MAAM,CAAQ;IACd,YAAY,MAAc,EAAE,OAAe;QACzC,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAA;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;CACF;AAED,0EAA0E;AAC1E,0EAA0E;AAC1E,wEAAwE;AACxE,yEAAyE;AACzE,2BAA2B;AAC3B,MAAM,UAAU,GAAG,CAAC,WAAW,EAAE,iBAAiB,EAAE,QAAQ,CAAU,CAAA;AAEtE,SAAS,iBAAiB,CAAoC,OAAU;IACtE,IAAI,OAAsB,CAAA;IAC1B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO;gBAAE,OAAO,GAAG,EAAE,GAAG,OAAO,EAAE,CAAA;YACtC,OAAO,OAAO,CAAC,CAAC,CAAC,CAAA;QACnB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,IAAI,OAAO,CAAA;AAC3B,CAAC;AAED,MAAM,OAAO,cAAc;IACjB,OAAO,CAAQ;IACf,MAAM,CAAQ;IAEtB,YAAY,MAAsB;QAChC,+DAA+D;QAC/D,IAAI,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;QAC3C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,GAAG,IAAI,KAAK,CAAA;QACd,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,GAAG,CAAA;QAClB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;IAC7B,CAAC;IAED,KAAK,CAAC,GAAG,CACP,IAAY,EACZ,MAAoD;QAEpD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC,CAAA;QAC7C,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5C,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;oBAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACtC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACxC,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,gCAAgC;YAChC,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC1D,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CAAC,CAAA;gBAChB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,IAAI,CACR,QAAgB,EAChB,MAAoD;QAEpD,OAAO,IAAI,CAAC,GAAG,CAAuB,IAAI,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAA;IAC/D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CACX,QAAgB,EAChB,MAAoD;QAEpD,MAAM,OAAO,GAAQ,EAAE,CAAA;QACvB,IAAI,IAAI,GAAG,CAAC,CAAA;QACZ,MAAM,OAAO,GAAG,IAAI,CAAA;QAEpB,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAI,QAAQ,EAAE,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAA;YACnF,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAA;YAE5B,IAAI,IAAI,IAAI,MAAM,CAAC,UAAU,CAAC,WAAW;gBAAE,MAAK;YAChD,IAAI,EAAE,CAAA;QACR,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,CAAA;IACjD,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,EAAU;QAEV,OAAO,IAAI,CAAC,GAAG,CAAoB,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,CAAC,IAAI,CACR,IAAY,EACZ,IAA6B;QAE7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACxC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC1D,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CAAC,CAAA;gBAChB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,IAA6B;QAE7B,OAAO,IAAI,CAAC,IAAI,CAAoB,IAAI,QAAQ,EAAE,EAAE,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAA;IAC9E,CAAC;IAED,KAAK,CAAC,KAAK,CACT,IAAY,EACZ,IAA6B;QAE7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,OAAO;YACf,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACxC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC1D,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CAAC,CAAA;gBAChB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,QAAgB,EAChB,EAAU,EACV,IAA6B;QAE7B,OAAO,IAAI,CAAC,KAAK,CAAoB,IAAI,QAAQ,IAAI,EAAE,EAAE,EAAE,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAA;IACrF,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,MAAwB,EAAE,IAAY,EAAE,KAAgC;QAC9F,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM;YACN,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACxC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAA;QAEF,sFAAsF;QACtF,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACnE,OAAO,GAAG,CAAC,IAAI,EAA2B,CAAA;QAC5C,CAAC;QAED,oFAAoF;QACpF,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,IAAK,IAA8B,CAAC,OAAO;gBAAE,OAAO,IAAoB,CAAA;YACxE,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAG,IAA2B,CAAC,KAAK,IAAI,aAAa,CAAC,CAAA;QACzF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;QAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;QAC1E,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,GAAG,CAAC,CAAC,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;YACnG,KAAK,GAAG,CAAC,CAAC,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YACrD,KAAK,GAAG,CAAC,CAAC,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;YACjG,OAAO,CAAC,CAAC,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,KAAgC;QACjE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,QAAQ,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAA;IAClF,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAgB,EAAE,KAAgC;QACjE,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,QAAQ,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAA;IACnF,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAY;QACpB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAA;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE;gBACP,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;gBACxC,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAA;YAC5E,MAAM,OAAO,GAAI,IAA2B,CAAC,KAAK,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAA;YAE1E,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;gBACnB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,qDAAqD,CAAC,CAAA;gBAC3F,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC1D,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC3B,CAAC,CAAC,0EAA0E;4BAC5E,CAAC,CAAC,OAAO,CAAC,CAAA;gBAChB,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,mDAAmD,CAAC,CAAA;gBACzF,KAAK,GAAG;oBACN,MAAM,IAAI,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBAC7C;oBACE,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAoD,CAAA;IACrE,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,EAAU;QACvC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,IAAI,EAAE,EAAE,CAAC,CAAA;IACvC,CAAC;CACF;AAED,MAAM,UAAU,UAAU;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,qDAAqD;YACrD,oDAAoD,CACrD,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,qDAAqD;YACrD,iEAAiE,CAClE,CAAA;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;AAC3B,CAAC"}
|
package/dist/oauth.d.ts
CHANGED
|
@@ -1,20 +1,57 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* OAuth 2.0 Authorization Server for AssetLab MCP.
|
|
3
3
|
*
|
|
4
|
-
* Implements
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
4
|
+
* Implements the subset of OAuth 2.0 + PKCE + RFC 7591/7592 needed to satisfy
|
|
5
|
+
* MCP connectors (Claude.ai, ChatGPT):
|
|
6
|
+
* - /oauth/register POST — dynamic client registration with KV-backed allow-list
|
|
7
|
+
* - /oauth/register/{id} DELETE — authenticated client deletion
|
|
8
|
+
* - /authorize GET — consent page (validates client + redirect_uri)
|
|
9
|
+
* - /authorize POST — issues an encrypted authorization code
|
|
10
|
+
* - /token POST — code/refresh exchange (PKCE S256 mandatory)
|
|
8
11
|
*
|
|
9
|
-
* The user's AssetLab API key
|
|
10
|
-
*
|
|
12
|
+
* The user's AssetLab API key is still returned as the OAuth access_token
|
|
13
|
+
* (P0 hardening keeps this; the opaque-token swap is tracked as P1).
|
|
14
|
+
*/
|
|
15
|
+
import type { KVNamespace } from './worker.js';
|
|
16
|
+
/**
|
|
17
|
+
* Resolve a Bearer token presented to the MCP transport. Called once per
|
|
18
|
+
* incoming request from the Worker.
|
|
19
|
+
*
|
|
20
|
+
* - `mcp_at_*` tokens are looked up in KV. Miss → `null` (Worker returns 401).
|
|
21
|
+
* - Legacy `al_live_*` / `al_test_*` tokens (issued before opaque-token swap
|
|
22
|
+
* or used by direct CLI integrations) pass through unchanged so the API
|
|
23
|
+
* gateway can validate them.
|
|
24
|
+
* - Anything else is rejected (`null`) — the API gateway shouldn't see garbage.
|
|
25
|
+
*/
|
|
26
|
+
export declare function resolveAccessToken(kv: KVNamespace, token: string): Promise<{
|
|
27
|
+
apiKey: string;
|
|
28
|
+
scope?: string;
|
|
29
|
+
clientId?: string;
|
|
30
|
+
} | null>;
|
|
31
|
+
export declare function corsHeaders(request: Request): Record<string, string>;
|
|
32
|
+
export declare function protectedResourceMetadata(origin: string, request: Request): Response;
|
|
33
|
+
export declare function authServerMetadata(origin: string, request: Request): Response;
|
|
34
|
+
export declare function handleRegister(request: Request, kv: KVNamespace): Promise<Response>;
|
|
35
|
+
export declare function handleDelete(request: Request, kv: KVNamespace, clientId: string): Promise<Response>;
|
|
36
|
+
export declare function handleAuthorizeGet(request: Request, kv: KVNamespace): Promise<Response>;
|
|
37
|
+
export declare function handleAuthorizePost(request: Request, env: {
|
|
38
|
+
OAUTH_SECRET: string;
|
|
39
|
+
OAUTH_CLIENTS: KVNamespace;
|
|
40
|
+
}): Promise<Response>;
|
|
41
|
+
export declare function handleToken(request: Request, env: {
|
|
42
|
+
OAUTH_SECRET: string;
|
|
43
|
+
OAUTH_CLIENTS: KVNamespace;
|
|
44
|
+
}): Promise<Response>;
|
|
45
|
+
/**
|
|
46
|
+
* POST /oauth/revoke — revoke an opaque access token.
|
|
47
|
+
*
|
|
48
|
+
* Refresh tokens are encrypted blobs (not KV-backed), so per-token refresh
|
|
49
|
+
* revocation is not supported in this iteration; rotating the underlying
|
|
50
|
+
* AssetLab API key in Settings is the way to fully terminate a session.
|
|
11
51
|
*
|
|
12
|
-
*
|
|
13
|
-
*
|
|
52
|
+
* Per RFC 7009 §2.2 we return 200 for unknown tokens too — clients shouldn't
|
|
53
|
+
* be able to probe token validity via this endpoint.
|
|
14
54
|
*/
|
|
15
|
-
export declare function
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
export declare function handleAuthorizeGet(request: Request): Response;
|
|
19
|
-
export declare function handleAuthorizePost(request: Request, secret: string): Promise<Response>;
|
|
20
|
-
export declare function handleToken(request: Request, secret: string): Promise<Response>;
|
|
55
|
+
export declare function handleRevoke(request: Request, env: {
|
|
56
|
+
OAUTH_CLIENTS: KVNamespace;
|
|
57
|
+
}): Promise<Response>;
|