@datanimbus/dnio-mcp 1.0.0

package/src/services/auth-manager.js

@@ -0,0 +1,277 @@
+'use strict';
+
+const logger = require('../utils/logger');
+
+const MCP_USER_EMAIL = process.env.MCP_USER_EMAIL;
+const MCP_USER_PASSWORD = process.env.MCP_USER_PASSWORD;
+
+if (!MCP_USER_EMAIL || !MCP_USER_PASSWORD) {
+    logger.error(`No DNIO MCP User Found, plz create the user in dnio and set env MCP_USER_EMAIL & MCP_USER_PASSWORD`);
+    process.exit(1);
+} else {
+    logger.info(`User found ${MCP_USER_EMAIL}`);
+}
+
+// Refresh 2 minutes before expiry
+const REFRESH_BUFFER_MS = 2 * 60 * 1000;
+
+class AuthManager {
+
+    // Constructor
+    constructor(dnioClient, config) {
+        this.client = dnioClient;
+        this.config = config;
+
+        this.adminToken = null;
+        this.adminExpiresAt = 0;
+
+        this.userToken = null;
+        this.userExpiresAt = 0;
+
+        this._adminRefreshTimer = null;
+        this._userRefreshTimer = null;
+    }
+
+    // Initialize full auth flow
+    async initialize() {
+        logger.info('AuthManager: Starting initialization...');
+
+        await this.refreshAdminToken();
+        logger.info('AuthManager: Admin authenticated');
+
+        await this._ensureMCPUser();
+        logger.info('AuthManager: MCP user ready');
+
+        await this._addUserToAllApps();
+        logger.info('AuthManager: MCP user added to all apps');
+
+        await this.refreshUserToken();
+        logger.info('AuthManager: MCP user authenticated');
+
+        this._scheduleRefresh();
+    }
+
+    // Get valid admin token
+    async getAdminToken() {
+        if (this._isExpired(this.adminExpiresAt)) {
+            await this.refreshAdminToken();
+        }
+        return this.adminToken;
+    }
+
+    // Get valid MCP user token
+    async getUserToken() {
+        if (this._isExpired(this.userExpiresAt)) {
+            await this.refreshUserToken();
+        }
+        return this.userToken;
+    }
+
+    // Get MCP user credentials
+    getMcpUserCredentials() {
+        return {
+            email: MCP_USER_EMAIL,
+            password: MCP_USER_PASSWORD,
+        };
+    }
+
+    // Refresh admin token
+    async refreshAdminToken() {
+        try {
+            const result = await this._login(this.config.username, this.config.password);
+            this.adminToken = result.token;
+            this.adminExpiresAt = result.expiresAt;
+
+            logger.info('AuthManager: Admin token refreshed', {
+                expiresAt: new Date(this.adminExpiresAt).toISOString()
+            });
+        } catch (error) {
+            logger.error('AuthManager: Admin token refresh failed', {error: error.message});
+            throw new Error(`Admin authentication failed: ${error.message}`);
+        }
+    }
+
+    // Refresh MCP user token
+    async refreshUserToken() {
+        try {
+            const result = await this._login(MCP_USER_EMAIL, MCP_USER_PASSWORD);
+            this.userToken = result.token;
+            this.userExpiresAt = result.expiresAt;
+
+            logger.info('AuthManager: User token refreshed', {
+                expiresAt: new Date(this.userExpiresAt).toISOString()
+            });
+        } catch (error) {
+            logger.error('AuthManager: User token refresh failed', {error: error.message});
+            throw new Error(`MCP user authentication failed: ${error.message}`);
+        }
+    }
+
+    // Ensure MCP user has access to app
+    async ensureUserAppAccess(appName) {
+        try {
+            const token = await this.getAdminToken();
+            this.client.setToken(token);
+
+            await this.client.put(
+                `api/a/rbac/admin/user/utils/addToApps/${MCP_USER_EMAIL}`,
+                {apps: [appName]}
+            );
+
+            logger.info(`AuthManager: MCP user added to app '${appName}'`);
+
+            await this.refreshUserToken();
+        } catch (error) {
+            logger.warn(`AuthManager: addToApps for '${appName}': ${error.message}`);
+        }
+    }
+
+    // Cleanup timers
+    destroy() {
+        if (this._adminRefreshTimer) clearInterval(this._adminRefreshTimer);
+        if (this._userRefreshTimer) clearInterval(this._userRefreshTimer);
+    }
+
+    // Internal login
+    async _login(username, password) {
+        const prevToken = this.client.token;
+        this.client.setToken(null);
+
+        try {
+            const response = await this.client.post('api/a/rbac/auth/login', {
+                username,
+                password
+            });
+
+            const token = response.token;
+
+            let expiresAt;
+            if (response.expiresIn) {
+                const parsed = new Date(response.expiresIn).getTime();
+                expiresAt = isNaN(parsed)
+                    ? Date.now() + (this.config.tokenTTL || 1800) * 1000
+                    : parsed;
+            } else {
+                expiresAt = Date.now() + (this.config.tokenTTL || 1800) * 1000;
+            }
+
+            return {token, expiresAt};
+        } finally {
+            if (prevToken) this.client.setToken(prevToken);
+        }
+    }
+
+    // Ensure MCP user exists
+    async _ensureMCPUser() {
+        this.client.setToken(this.adminToken);
+
+        const filter = JSON.stringify({_id: MCP_USER_EMAIL});
+        const users = await this.client.get(
+            `api/a/rbac/admin/user?filter=${encodeURIComponent(filter)}`
+        );
+
+        if (users && users.length > 0) {
+            logger.info('AuthManager: MCP user already exists');
+            return users[0];
+        }
+
+        logger.info('AuthManager: Creating MCP user...');
+
+        const namespace = this.config.namespace || 'DNIO';
+
+        const userData = {
+            user: {
+                auth: {authType: 'local'},
+                _id: MCP_USER_EMAIL,
+                username: MCP_USER_EMAIL,
+                password: MCP_USER_PASSWORD,
+                cpassword: MCP_USER_PASSWORD,
+                isSuperAdmin: false,
+                attributes: {},
+                basicDetails: {
+                    name: 'MCP User',
+                    phone: null,
+                    alternateEmail: null,
+                    description: 'Auto-created service account for DNIO MCP Server'
+                },
+                accessControl: {
+                    accessLevel: 'Selected',
+                    apps: [{_id: namespace, type: 'Management'}]
+                },
+                roles: null
+            },
+            groups: []
+        };
+
+        const created = await this.client.post(
+            `api/a/rbac/${namespace}/user`,
+            userData
+        );
+
+        logger.info('AuthManager: MCP user created');
+        return created;
+    }
+
+    // Add MCP user to all apps
+    async _addUserToAllApps() {
+        this.client.setToken(this.adminToken);
+
+        try {
+            const apps = await this.client.get(
+                'api/a/rbac/admin/app?count=-1&select=_id'
+            );
+
+            if (!apps || !Array.isArray(apps)) {
+                logger.warn('AuthManager: No apps found');
+                return;
+            }
+
+            const appIds = apps.map(a => a._id);
+            if (appIds.length === 0) return;
+
+            await this.client.put(
+                `api/a/rbac/admin/user/utils/addToApps/${MCP_USER_EMAIL}`,
+                {apps: appIds}
+            );
+
+            logger.info(`AuthManager: MCP user added to ${appIds.length} apps`);
+        } catch (error) {
+            logger.warn('AuthManager: Failed to add user to all apps', {
+                error: error.message
+            });
+        }
+    }
+
+    // Check expiry
+    _isExpired(expiresAt) {
+        return Date.now() >= (expiresAt - REFRESH_BUFFER_MS);
+    }
+
+    // Schedule periodic refresh
+    _scheduleRefresh() {
+        const ttlMs = (this.config.tokenTTL || 1800) * 1000;
+        const interval = Math.max(ttlMs * 0.75, 60000);
+
+        this._adminRefreshTimer = setInterval(async () => {
+            try {
+                await this.refreshAdminToken();
+            } catch (err) {
+                logger.error('Scheduled admin refresh failed', {error: err.message});
+            }
+        }, interval);
+
+        this._userRefreshTimer = setInterval(async () => {
+            try {
+                await this.refreshUserToken();
+            } catch (err) {
+                logger.error('Scheduled user refresh failed', {error: err.message});
+            }
+        }, interval);
+
+        logger.info(
+            `AuthManager: Token refresh scheduled every ${Math.round(interval / 1000)}s`
+        );
+    }
+}
+
+module.exports = AuthManager;

package/src/services/dnio-client.js

@@ -0,0 +1,40 @@
+'use strict';
+
+const BaseClient = require('../clients/base-client');
+
+const AppsClient        = require('../clients/apps');
+const ServicesClient    = require('../clients/services');
+const RecordsClient     = require('../clients/records');
+const ConnectorsClient  = require('../clients/connectors');
+const DataPipesClient   = require('../clients/data-pipes');
+const PluginsClient     = require('../clients/plugins');
+const FunctionsClient   = require('../clients/functions');
+const DataFormatsClient = require('../clients/data-formats');
+const FormulasClient    = require('../clients/formulas');
+const UsersClient       = require('../clients/users');
+const UserGroupsClient  = require('../clients/user-groups');
+const ApiKeysClient     = require('../clients/api-keys');
+const BotsClient        = require('../clients/bots');
+const DeploymentGroupsClient = require('../clients/deployment-groups');
+
+class DNIOClient extends BaseClient {
+    constructor(opts) {
+        super(opts);
+        this.apps        = new AppsClient(this);
+        this.services    = new ServicesClient(this);
+        this.records     = new RecordsClient(this);
+        this.connectors  = new ConnectorsClient(this);
+        this.dataPipes   = new DataPipesClient(this);
+        this.plugins     = new PluginsClient(this);
+        this.functions   = new FunctionsClient(this);
+        this.dataFormats = new DataFormatsClient(this);
+        this.formulas    = new FormulasClient(this);
+        this.users       = new UsersClient(this);
+        this.userGroups  = new UserGroupsClient(this);
+        this.apiKeys     = new ApiKeysClient(this);
+        this.bots        = new BotsClient(this);
+        this.deploymentGroups = new DeploymentGroupsClient(this);
+    }
+}
+
+module.exports = DNIOClient;

package/src/services/service-registry.js

@@ -0,0 +1,150 @@
+'use strict';
+
+const logger = require('../utils/logger');
+const {schemaToDescription} = require('../schemas/schema-converter');
+
+class ServiceRegistry {
+
+    // Constructor
+    constructor(dnioClient) {
+        this.client = dnioClient;
+
+        // Currently selected app
+        this.selectedApp = null;
+
+        // Map<serviceId, ServiceEntry>
+        this.services = new Map();
+
+        // Quick lookup: toolPrefix → serviceId
+        this.prefixToServiceId = new Map();
+
+        // Quick lookup: serviceName (lowercase) → serviceId
+        this.nameToServiceId = new Map();
+    }
+
+    // Load all active services for an app
+    async loadApp(appName, adminToken, userToken) {
+
+        // Clear previous state
+        this.services.clear();
+        this.prefixToServiceId.clear();
+        this.nameToServiceId.clear();
+        this.selectedApp = appName;
+
+        // List services with admin token
+        this.client.setToken(adminToken);
+        const services = await this.client.services.list(appName, {
+            filter: {status: 'Active'},
+            select: 'name,api,_id,attributeCount,status,definition,description'
+        });
+        const serviceList = Array.isArray(services) ? services : [];
+        logger.info(`Found ${serviceList.length} active data services for app '${appName}'`);
+
+        const loaded = [];
+        const skipped = [];
+
+        for (const svc of serviceList) {
+            const {_id: serviceId, name, api, definition, description: svcDescription} = svc;
+            const servicePath = (api || `/${name}`).replace(/^\//, '');
+
+            if (!servicePath) {
+                skipped.push({name, serviceId, reason: 'no API path defined'});
+                continue;
+            }
+
+            // Switch to user token for pod verification
+            this.client.setToken(userToken);
+
+            // Fetch full schema using admin token
+            this.client.setToken(adminToken);
+            let fullDefinition = definition;
+
+            if (!fullDefinition || fullDefinition.length === 0) {
+                try {
+                    const fullSchema = await this.client.services.getSchema(appName, serviceId);
+                    fullDefinition = fullSchema.definition || [];
+                } catch (err) {
+                    logger.warn(`Failed to fetch schema for ${name} (${serviceId}): ${err.message}`);
+                    fullDefinition = [];
+                }
+            }
+
+            const schemaDesc = fullDefinition.length > 0
+                ? schemaToDescription(fullDefinition)
+                : 'Schema not available';
+
+            const toolPrefix = this._sanitizeToolName(name);
+
+            const entry = {
+                serviceId,
+                name,
+                servicePath,
+                toolPrefix,
+                description: svcDescription || `Data service '${name}'`,
+                definition: fullDefinition,
+                schemaDesc,
+            };
+
+            this.services.set(serviceId, entry);
+            this.prefixToServiceId.set(toolPrefix, serviceId);
+            this.nameToServiceId.set(name.toLowerCase(), serviceId);
+
+            loaded.push({name, serviceId, toolPrefix, apiPath: `/${servicePath}`});
+            logger.info(`Loaded service: ${name} (${serviceId}) → ${toolPrefix}`);
+        }
+
+        // Restore user token
+        this.client.setToken(userToken);
+
+        logger.info(`Loaded ${loaded.length} services, skipped ${skipped.length}`);
+        return {loaded, skipped};
+    }
+
+    // Resolve service by name, prefix, or id
+    resolveService(identifier) {
+        if (!identifier) return null;
+
+        const id = identifier.trim();
+
+        if (this.services.has(id)) return this.services.get(id);
+
+        const byPrefix = this.prefixToServiceId.get(id.toLowerCase());
+        if (byPrefix) return this.services.get(byPrefix);
+
+        const byName = this.nameToServiceId.get(id.toLowerCase());
+        if (byName) return this.services.get(byName);
+
+        const sanitized = this._sanitizeToolName(id);
+        const byFuzzy = this.prefixToServiceId.get(sanitized);
+        if (byFuzzy) return this.services.get(byFuzzy);
+
+        return null;
+    }
+
+    // Get list of loaded services
+    getServiceList() {
+        const result = [];
+
+        for (const [, entry] of this.services) {
+            result.push({
+                serviceId: entry.serviceId,
+                name: entry.name,
+                toolPrefix: entry.toolPrefix,
+                apiPath: `/${entry.servicePath}`,
+                schemaDesc: entry.schemaDesc,
+            });
+        }
+
+        return result;
+    }
+
+    // Sanitize tool name
+    _sanitizeToolName(name) {
+        return name
+            .toLowerCase()
+            .replace(/[^a-z0-9]+/g, '_')
+            .replace(/^_|_$/g, '');
+    }
+}
+
+module.exports = ServiceRegistry;

package/src/services/session-manager.js

@@ -0,0 +1,161 @@
+'use strict';
+
+const crypto = require('crypto');
+const logger = require('../utils/logger');
+
+// Default session TTL: 2 hours
+const SESSION_TTL_MS = parseInt(process.env.SESSION_TTL || '7200', 10) * 1000;
+
+// Cleanup interval: every 5 minutes
+const CLEANUP_INTERVAL_MS = 5 * 60 * 1000;
+
+class SessionManager {
+
+    // Constructor
+    constructor() {
+        // Map<sessionId, UserSession>
+        this.sessions = new Map();
+
+        // userEmail → sessionId (for reuse)
+        this.userSessionMap = new Map();
+
+        // Periodic cleanup of expired sessions
+        this._cleanupTimer = setInterval(() => this._cleanup(), CLEANUP_INTERVAL_MS);
+    }
+
+    // Get session by ID
+    getSession(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session) return null;
+
+        if (this._isExpired(session)) {
+            this.destroySession(sessionId);
+            return null;
+        }
+
+        session.lastActivity = Date.now();
+        return session;
+    }
+
+    // Get session by user email
+    getSessionByUser(email) {
+        const sessionId = this.userSessionMap.get(email);
+        if (!sessionId) return null;
+        return this.getSession(sessionId);
+    }
+
+    // Create new session
+    createSession({email, dnioToken, tokenExpiresAt}) {
+
+        // Destroy existing session for same user
+        const existingId = this.userSessionMap.get(email);
+        if (existingId) {
+            this.destroySession(existingId);
+        }
+
+        const sessionId = crypto.randomUUID();
+
+        const session = {
+            sessionId,
+            email,
+            dnioToken,
+            tokenExpiresAt,
+            selectedApp: null,
+            createdAt: Date.now(),
+            lastActivity: Date.now(),
+            transport: null,
+            server: null,
+            registry: null,
+        };
+
+        this.sessions.set(sessionId, session);
+        this.userSessionMap.set(email, sessionId);
+
+        logger.info(`Session created for ${email} (${sessionId})`);
+        return session;
+    }
+
+    // Update session token
+    updateToken(sessionId, dnioToken, tokenExpiresAt) {
+        const session = this.sessions.get(sessionId);
+        if (session) {
+            session.dnioToken = dnioToken;
+            session.tokenExpiresAt = tokenExpiresAt;
+        }
+    }
+
+    // Destroy session
+    destroySession(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session) return;
+
+        // Remove from maps first
+        this.userSessionMap.delete(session.email);
+        this.sessions.delete(sessionId);
+
+        // Close transport safely
+        const transport = session.transport;
+        session.transport = null;
+        if (transport && typeof transport.close === 'function') {
+            try {
+                transport.close();
+            } catch (_) {
+            }
+        }
+
+        logger.info(`Session destroyed for ${session.email} (${sessionId})`);
+    }
+
+    // Active session count
+    get activeCount() {
+        return this.sessions.size;
+    }
+
+    // Summary for debug/health
+    getSummary() {
+        const summaries = [];
+
+        for (const [id, session] of this.sessions) {
+            summaries.push({
+                sessionId: id,
+                email: session.email,
+                selectedApp: session.selectedApp || 'none',
+                lastActivity: new Date(session.lastActivity).toISOString(),
+                createdAt: new Date(session.createdAt).toISOString(),
+            });
+        }
+
+        return summaries;
+    }
+
+    // Shutdown manager
+    shutdown() {
+        if (this._cleanupTimer) clearInterval(this._cleanupTimer);
+        for (const [sessionId] of this.sessions) {
+            this.destroySession(sessionId);
+        }
+    }
+
+    // Check if session expired
+    _isExpired(session) {
+        return Date.now() - session.lastActivity > SESSION_TTL_MS;
+    }
+
+    // Cleanup expired sessions
+    _cleanup() {
+        let cleaned = 0;
+
+        for (const [sessionId, session] of this.sessions) {
+            if (this._isExpired(session)) {
+                this.destroySession(sessionId);
+                cleaned++;
+            }
+        }
+
+        if (cleaned > 0) {
+            logger.info(`Session cleanup: removed ${cleaned} expired sessions, ${this.sessions.size} active`);
+        }
+    }
+}
+
+module.exports = SessionManager;