@baref00t/mcp-server 0.5.3 → 0.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +23 -5
- package/dist/auth.js.map +1 -1
- package/package.json +1 -1
package/dist/auth.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAKhD,MAAM,MAAM,KAAK,GAAG,SAAS,GAAG,aAAa,CAAA;AAE7C,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,KAAK,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,oEAAoE;IACpE,UAAU,CAAC,EAAE;QACX,OAAO,EAAE,MAAM,CAAA;QACf,eAAe,EAAE,MAAM,CAAA;QACvB,QAAQ,EAAE,MAAM,CAAA;KACjB,CAAA;CACF;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE;QAAE,KAAK,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAA;CACnD;AA+BD,wBAAsB,UAAU,CAC9B,GAAG,EAAE,eAAe,GACnB,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAKhD,MAAM,MAAM,KAAK,GAAG,SAAS,GAAG,aAAa,CAAA;AAE7C,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,KAAK,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,oEAAoE;IACpE,UAAU,CAAC,EAAE;QACX,OAAO,EAAE,MAAM,CAAA;QACf,eAAe,EAAE,MAAM,CAAA;QACvB,QAAQ,EAAE,MAAM,CAAA;KACjB,CAAA;CACF;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE;QAAE,KAAK,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAA;CACnD;AA+BD,wBAAsB,UAAU,CAC9B,GAAG,EAAE,eAAe,GACnB,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CA+GnC"}
|
package/dist/auth.js
CHANGED
|
@@ -82,13 +82,31 @@ export async function extractKey(req) {
|
|
|
82
82
|
if (oauth) {
|
|
83
83
|
try {
|
|
84
84
|
const claims = await oauth.verifyMcpJwt(raw, `${env().MCP_OAUTH_ISSUER}/mcp`);
|
|
85
|
-
|
|
85
|
+
// Prefer partner when both scopes are granted. Defense-in-depth:
|
|
86
|
+
// the consent flow narrows to a single resolved-entity scope
|
|
87
|
+
// (handlers.ts handleConsentSubmit), but if a future code path
|
|
88
|
+
// grants both, partner has the larger tool surface (~48) and
|
|
89
|
+
// should win over distributor (~2). Use exact-token check, not
|
|
90
|
+
// .includes(), to avoid 'mcp:distributor-foo' false matches.
|
|
91
|
+
const tokens = claims.scope.split(/\s+/).filter(Boolean);
|
|
92
|
+
const scope = tokens.includes('mcp:partner')
|
|
93
|
+
? 'partner'
|
|
94
|
+
: tokens.includes('mcp:distributor')
|
|
95
|
+
? 'distributor'
|
|
96
|
+
: 'partner';
|
|
86
97
|
return {
|
|
87
98
|
scope,
|
|
88
|
-
//
|
|
89
|
-
//
|
|
90
|
-
//
|
|
91
|
-
|
|
99
|
+
// Pass the raw JWT through to downstream SDK calls so the
|
|
100
|
+
// Partner API's validatePartnerApiKey (#379) sees it as a
|
|
101
|
+
// valid Bearer and takes its JWT-trust branch. Earlier we
|
|
102
|
+
// built a synthetic `__oauth__<partnerId>__<grantId>` string
|
|
103
|
+
// for audit-friendly logging — but the SDK ships the apiKey
|
|
104
|
+
// as the Bearer header verbatim, and a synthetic key without
|
|
105
|
+
// dots fails `looksLikeJwt()` on the Partner API side and
|
|
106
|
+
// falls through to the HMAC lookup, which 401s. Use the
|
|
107
|
+
// raw JWT instead; per-grant audit attribution still flows
|
|
108
|
+
// via the oauthGrant field below.
|
|
109
|
+
apiKey: raw,
|
|
92
110
|
oauthGrant: {
|
|
93
111
|
grantId: claims.grantId,
|
|
94
112
|
memberEmailHash: claims.memberEmailHash,
|
package/dist/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AACvC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAC9B,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAoBpC,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE,CAAA;AACvD,CAAC;AAGD,IAAI,kBAAkB,GAAoC,IAAI,CAAA;AAE9D,KAAK,UAAU,YAAY;IACzB,IAAI,kBAAkB,KAAK,aAAa;QAAE,OAAO,IAAI,CAAA;IACrD,IAAI,kBAAkB;QAAE,OAAO,kBAAkB,CAAA;IACjD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAA;QAC/C,oEAAoE;QACpE,iEAAiE;QACjE,GAAG,CAAC,eAAe,CAAC;YAClB,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB;YAC9B,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,IAAI,IAAI;YAC7B,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;YAChD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;YACxD,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,QAAQ;SACnE,CAAC,CAAA;QACF,kBAAkB,GAAG,GAAG,CAAA;QACxB,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,kBAAkB,GAAG,aAAa,CAAA;QAClC,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAoB;IAEpB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IACzC,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IAC/C,MAAM,cAAc,GAAG,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;IAEvD,IAAI,GAAuB,CAAA;IAC3B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACzE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IAC5B,CAAC;SAAM,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC1C,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,CAAA;IACzB,CAAC;SAAM,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;QAC9C,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,CAAA;IAC7B,CAAC;IAED,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO;YACL,MAAM,EAAE,GAAG;YACX,IAAI,EAAE;gBACJ,KAAK,EAAE;oBACL,IAAI,EAAE,cAAc;oBACpB,OAAO,EACL,8GAA8G;iBACjH;aACF;SACF,CAAA;IACH,CAAC;IAED,yEAAyE;IACzE,uEAAuE;IACvE,qEAAqE;IACrE,sEAAsE;IACtE,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;QAChC,IAAI,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC;YACpD,MAAM,KAAK,GAAG,MAAM,YAAY,EAAE,CAAA;YAClC,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,gBAAgB,MAAM,CAAC,CAAA;oBAC7E,MAAM,KAAK,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AACvC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAC9B,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAoBpC,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE,CAAA;AACvD,CAAC;AAGD,IAAI,kBAAkB,GAAoC,IAAI,CAAA;AAE9D,KAAK,UAAU,YAAY;IACzB,IAAI,kBAAkB,KAAK,aAAa;QAAE,OAAO,IAAI,CAAA;IACrD,IAAI,kBAAkB;QAAE,OAAO,kBAAkB,CAAA;IACjD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAA;QAC/C,oEAAoE;QACpE,iEAAiE;QACjE,GAAG,CAAC,eAAe,CAAC;YAClB,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB;YAC9B,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,IAAI,IAAI;YAC7B,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;YAChD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;YACxD,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,QAAQ;SACnE,CAAC,CAAA;QACF,kBAAkB,GAAG,GAAG,CAAA;QACxB,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,kBAAkB,GAAG,aAAa,CAAA;QAClC,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAoB;IAEpB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IACzC,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IAC/C,MAAM,cAAc,GAAG,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;IAEvD,IAAI,GAAuB,CAAA;IAC3B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACzE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IAC5B,CAAC;SAAM,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC1C,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,CAAA;IACzB,CAAC;SAAM,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;QAC9C,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,CAAA;IAC7B,CAAC;IAED,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO;YACL,MAAM,EAAE,GAAG;YACX,IAAI,EAAE;gBACJ,KAAK,EAAE;oBACL,IAAI,EAAE,cAAc;oBACpB,OAAO,EACL,8GAA8G;iBACjH;aACF;SACF,CAAA;IACH,CAAC;IAED,yEAAyE;IACzE,uEAAuE;IACvE,qEAAqE;IACrE,sEAAsE;IACtE,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;QAChC,IAAI,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC;YACpD,MAAM,KAAK,GAAG,MAAM,YAAY,EAAE,CAAA;YAClC,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,gBAAgB,MAAM,CAAC,CAAA;oBAC7E,iEAAiE;oBACjE,6DAA6D;oBAC7D,+DAA+D;oBAC/D,6DAA6D;oBAC7D,+DAA+D;oBAC/D,6DAA6D;oBAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;oBACxD,MAAM,KAAK,GAAU,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;wBACjD,CAAC,CAAC,SAAS;wBACX,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC;4BAClC,CAAC,CAAC,aAAa;4BACf,CAAC,CAAC,SAAS,CAAA;oBACf,OAAO;wBACL,KAAK;wBACL,0DAA0D;wBAC1D,0DAA0D;wBAC1D,0DAA0D;wBAC1D,6DAA6D;wBAC7D,4DAA4D;wBAC5D,6DAA6D;wBAC7D,0DAA0D;wBAC1D,wDAAwD;wBACxD,2DAA2D;wBAC3D,kCAAkC;wBAClC,MAAM,EAAE,GAAG;wBACX,UAAU,EAAE;4BACV,OAAO,EAAE,MAAM,CAAC,OAAO;4BACvB,eAAe,EAAE,MAAM,CAAC,eAAe;4BACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ;yBAC1B;qBACF,CAAA;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,EAAE,CAAC,KAAK,CACZ,EAAE,GAAG,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACzD,qCAAqC,CACtC,CAAA;oBACD,OAAO;wBACL,MAAM,EAAE,GAAG;wBACX,IAAI,EAAE;4BACJ,KAAK,EAAE;gCACL,IAAI,EAAE,eAAe;gCACrB,OAAO,EAAE,qFAAqF;6BAC/F;yBACF;qBACF,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,iEAAiE;QACjE,0DAA0D;IAC5D,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAA;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAA;IAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAA;IAC1E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,IAAI,EAAE;gBACJ,KAAK,EAAE;oBACL,IAAI,EAAE,yBAAyB;oBAC/B,OAAO,EACL,4DAA4D;wBAC5D,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;iBACvC;aACF;SACF,CAAA;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,KAAK,GAAU,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,CAAA;IAC1E,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAA;AAC/B,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@baref00t/mcp-server",
|
|
3
|
-
"version": "0.5.
|
|
3
|
+
"version": "0.5.4",
|
|
4
4
|
"description": "Hosted multi-tenant MCP (Model Context Protocol) server for the baref00t Partner + Distributor APIs",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"homepage": "https://github.com/becloudsmart-com/baref00t/tree/main/packages/mcp-server",
|