@flutchai/flutch-sdk 0.2.9 → 0.2.10

package/dist/index.cjs

@@ -53,6 +53,7 @@ var path2__namespace = /*#__PURE__*/_interopNamespace(path2);
 var os__namespace = /*#__PURE__*/_interopNamespace(os);
 var net__namespace = /*#__PURE__*/_interopNamespace(net);
 var mongoose__default = /*#__PURE__*/_interopDefault(mongoose);
+var crypto__namespace = /*#__PURE__*/_interopNamespace(crypto);
 var LangGraph__namespace = /*#__PURE__*/_interopNamespace(LangGraph);
 var axios2__default = /*#__PURE__*/_interopDefault(axios2);
 
@@ -1365,10 +1366,10 @@ exports.AbstractGraphBuilder = class AbstractGraphBuilder {
       return null;
     }
     try {
-      const fs2 = await import('fs/promises');
-      const path3 = await import('path');
-      const manifestFullPath = path3.resolve(this.manifestPath);
-      const manifestContent = await fs2.readFile(manifestFullPath, "utf-8");
+      const fs3 = await import('fs/promises');
+      const path4 = await import('path');
+      const manifestFullPath = path4.resolve(this.manifestPath);
+      const manifestContent = await fs3.readFile(manifestFullPath, "utf-8");
       const manifest = JSON.parse(manifestContent);
       this.manifest = manifest;
       return manifest;
@@ -1387,10 +1388,10 @@ exports.AbstractGraphBuilder = class AbstractGraphBuilder {
       return null;
     }
     try {
-      const fs2 = __require("fs");
-      const path3 = __require("path");
-      const manifestFullPath = path3.resolve(this.manifestPath);
-      const manifestContent = fs2.readFileSync(manifestFullPath, "utf-8");
+      const fs3 = __require("fs");
+      const path4 = __require("path");
+      const manifestFullPath = path4.resolve(this.manifestPath);
+      const manifestContent = fs3.readFileSync(manifestFullPath, "utf-8");
       const manifest = JSON.parse(manifestContent);
       this.manifest = manifest;
       return manifest;
@@ -1430,12 +1431,12 @@ exports.AbstractGraphBuilder = class AbstractGraphBuilder {
     let configSchema = null;
     if (versionConfig.configSchemaPath) {
       try {
-        const fs2 = await import('fs/promises');
+        const fs3 = await import('fs/promises');
         const schemaPath = path2__namespace.resolve(
           process.cwd(),
           versionConfig.configSchemaPath
         );
-        const schemaContent = await fs2.readFile(schemaPath, "utf-8");
+        const schemaContent = await fs3.readFile(schemaPath, "utf-8");
         const schemaData = JSON.parse(schemaContent);
         configSchema = schemaData.schema;
       } catch (error) {
@@ -7325,6 +7326,205 @@ exports.StaticDiscovery = class StaticDiscovery {
 exports.StaticDiscovery = __decorateClass([
   common.Injectable()
 ], exports.StaticDiscovery);
+var ALGORITHM = "aes-256-cbc";
+var IV_LENGTH = 16;
+function encryptTokens(tokens, key) {
+  const iv = crypto__namespace.randomBytes(IV_LENGTH);
+  const cipher = crypto__namespace.createCipheriv(
+    ALGORITHM,
+    Buffer.from(key),
+    iv
+  );
+  const json = JSON.stringify(tokens);
+  let encrypted = cipher.update(json, "utf8", "hex");
+  encrypted += cipher.final("hex");
+  return iv.toString("hex") + ":" + encrypted;
+}
+function decryptTokens(encrypted, key) {
+  const separatorIndex = encrypted.indexOf(":");
+  if (separatorIndex === -1) {
+    throw new Error("Invalid encrypted token format");
+  }
+  const ivHex = encrypted.substring(0, separatorIndex);
+  const encryptedData = encrypted.substring(separatorIndex + 1);
+  const iv = Buffer.from(ivHex, "hex");
+  const decipher = crypto__namespace.createDecipheriv(
+    ALGORITHM,
+    Buffer.from(key),
+    iv
+  );
+  let decrypted = decipher.update(encryptedData, "hex", "utf8");
+  decrypted += decipher.final("utf8");
+  return JSON.parse(decrypted);
+}
+
+// src/oauth/oauth-token.manager.ts
+var EXPIRY_BUFFER_MS = 6e4;
+var OAuthTokenManager = class {
+  store;
+  encryptionKey;
+  cache = /* @__PURE__ */ new Map();
+  constructor(options) {
+    if (!options.encryptionKey || options.encryptionKey.length < 32) {
+      throw new Error(
+        "OAUTH_ENCRYPTION_KEY must be at least 32 characters for AES-256-CBC"
+      );
+    }
+    this.store = options.store;
+    this.encryptionKey = options.encryptionKey;
+  }
+  /**
+   * Get a fresh access token for the given provider.
+   * Returns from cache → store → refresh flow (in that order).
+   */
+  async getAccessToken(config) {
+    const cached = this.cache.get(config.provider);
+    if (cached && cached.expiresAt > Date.now() + EXPIRY_BUFFER_MS) {
+      return cached.token;
+    }
+    const encrypted = await this.store.get(config.provider);
+    if (!encrypted) {
+      throw new Error(
+        `No OAuth tokens found for "${config.provider}". Complete the OAuth consent flow first and call saveTokens().`
+      );
+    }
+    const tokens = decryptTokens(encrypted, this.encryptionKey);
+    if (tokens.expiresAt > Date.now() + EXPIRY_BUFFER_MS) {
+      this.setCache(config.provider, tokens.accessToken, tokens.expiresAt);
+      return tokens.accessToken;
+    }
+    const refreshed = await this.refreshAccessToken(config, tokens.refreshToken);
+    await this.persistTokens(config.provider, refreshed);
+    return refreshed.accessToken;
+  }
+  /**
+   * Store tokens after the initial OAuth consent flow.
+   * Call this once after the user completes the OAuth redirect.
+   */
+  async saveTokens(provider, tokens) {
+    await this.persistTokens(provider, tokens);
+  }
+  /**
+   * Remove all tokens for a provider.
+   */
+  async revokeTokens(provider) {
+    await this.store.delete(provider);
+    this.cache.delete(provider);
+  }
+  /**
+   * Check if tokens exist for a provider (without decrypting).
+   */
+  async hasTokens(provider) {
+    const encrypted = await this.store.get(provider);
+    return encrypted !== null;
+  }
+  async refreshAccessToken(config, refreshToken) {
+    try {
+      const response = await axios2__default.default.post(
+        config.tokenUrl,
+        new URLSearchParams({
+          grant_type: "refresh_token",
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          refresh_token: refreshToken
+        }).toString(),
+        {
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          timeout: 1e4
+        }
+      );
+      const data = response.data;
+      return {
+        accessToken: data.access_token,
+        // Some providers rotate refresh tokens; keep the old one if not rotated
+        refreshToken: data.refresh_token || refreshToken,
+        expiresAt: Date.now() + (data.expires_in || 3600) * 1e3
+      };
+    } catch (error) {
+      const status = error?.response?.status;
+      const body = error?.response?.data;
+      throw new Error(
+        `OAuth refresh failed for "${config.provider}": ${status || "network error"} ${JSON.stringify(body) || error.message}`
+      );
+    }
+  }
+  async persistTokens(provider, tokens) {
+    const encrypted = encryptTokens(tokens, this.encryptionKey);
+    await this.store.save(provider, encrypted);
+    this.setCache(provider, tokens.accessToken, tokens.expiresAt);
+  }
+  setCache(provider, token, expiresAt) {
+    this.cache.set(provider, { token, expiresAt });
+  }
+};
+var FileTokenStore = class {
+  constructor(filePath) {
+    this.filePath = filePath;
+  }
+  async get(provider) {
+    const data = this.readFile();
+    return data[provider] ?? null;
+  }
+  async save(provider, encrypted) {
+    const data = this.readFile();
+    data[provider] = encrypted;
+    this.writeFile(data);
+  }
+  async delete(provider) {
+    const data = this.readFile();
+    delete data[provider];
+    this.writeFile(data);
+  }
+  readFile() {
+    try {
+      if (fs__namespace.existsSync(this.filePath)) {
+        const content = fs__namespace.readFileSync(this.filePath, "utf8");
+        return JSON.parse(content);
+      }
+    } catch {
+    }
+    return {};
+  }
+  writeFile(data) {
+    const dir = path2__namespace.dirname(this.filePath);
+    if (!fs__namespace.existsSync(dir)) {
+      fs__namespace.mkdirSync(dir, { recursive: true });
+    }
+    fs__namespace.writeFileSync(this.filePath, JSON.stringify(data, null, 2), "utf8");
+  }
+};
+
+// src/oauth/stores/mongo-token.store.ts
+var DEFAULT_COLLECTION = "oauth_tokens";
+var MongoTokenStore = class {
+  constructor(db, collectionName) {
+    this.db = db;
+    this.collectionName = collectionName ?? DEFAULT_COLLECTION;
+  }
+  collectionName;
+  initialized = false;
+  async get(provider) {
+    await this.ensureIndex();
+    const doc = await this.db.collection(this.collectionName).findOne({ provider });
+    return doc?.encrypted ?? null;
+  }
+  async save(provider, encrypted) {
+    await this.ensureIndex();
+    await this.db.collection(this.collectionName).updateOne(
+      { provider },
+      { $set: { provider, encrypted, updatedAt: /* @__PURE__ */ new Date() } },
+      { upsert: true }
+    );
+  }
+  async delete(provider) {
+    await this.db.collection(this.collectionName).deleteOne({ provider });
+  }
+  async ensureIndex() {
+    if (this.initialized) return;
+    await this.db.collection(this.collectionName).createIndex({ provider: 1 }, { unique: true });
+    this.initialized = true;
+  }
+};
 
 exports.AttachmentType = AttachmentType;
 exports.BaseGraphServiceController = exports.GraphController;
@@ -7337,6 +7537,7 @@ exports.ChatFeature = ChatFeature;
 exports.DEFAULT_ATTACHMENT_THRESHOLD = DEFAULT_ATTACHMENT_THRESHOLD;
 exports.DEFAULT_TRACER_OPTIONS = DEFAULT_TRACER_OPTIONS;
 exports.Endpoint = Endpoint;
+exports.FileTokenStore = FileTokenStore;
 exports.GraphEngineType = GraphEngineType;
 exports.GraphManifestSchema = GraphManifestSchema;
 exports.GraphManifestValidator = GraphManifestValidator;
@@ -7347,6 +7548,8 @@ exports.McpToolFilter = McpToolFilter;
 exports.ModelInitializer = ModelInitializer;
 exports.ModelProvider = ModelProvider;
 exports.ModelType = ModelType;
+exports.MongoTokenStore = MongoTokenStore;
+exports.OAuthTokenManager = OAuthTokenManager;
 exports.RetrieverSearchType = RetrieverSearchType;
 exports.StreamChannel = StreamChannel;
 exports.UIEndpoint = UIEndpoint;
@@ -7362,7 +7565,9 @@ exports.createEndpointDescriptors = createEndpointDescriptors;
 exports.createGraphAttachment = createGraphAttachment;
 exports.createMongoClientAdapter = createMongoClientAdapter;
 exports.createStaticMessage = createStaticMessage;
+exports.decryptTokens = decryptTokens;
 exports.dispatchAttachments = dispatchAttachments;
+exports.encryptTokens = encryptTokens;
 exports.executeToolWithAttachments = executeToolWithAttachments;
 exports.findCallbackMethod = findCallbackMethod;
 exports.findEndpointMethod = findEndpointMethod;