@frontmcp/sdk 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/auth/auth.registry.d.ts +2 -2
- package/src/auth/auth.registry.js +3 -3
- package/src/auth/auth.registry.js.map +1 -1
- package/src/auth/instances/instance.local-primary-auth.d.ts +3 -2
- package/src/auth/instances/instance.local-primary-auth.js +4 -2
- package/src/auth/instances/instance.local-primary-auth.js.map +1 -1
- package/src/auth/instances/instance.remote-primary-auth.d.ts +3 -2
- package/src/auth/instances/instance.remote-primary-auth.js +3 -1
- package/src/auth/instances/instance.remote-primary-auth.js.map +1 -1
- package/src/auth/jwks/jwks.service.js +0 -1
- package/src/auth/jwks/jwks.service.js.map +1 -1
- package/src/common/entries/scope.entry.d.ts +1 -0
- package/src/common/entries/scope.entry.js +6 -0
- package/src/common/entries/scope.entry.js.map +1 -1
- package/src/common/records/scope.record.d.ts +2 -2
- package/src/common/records/scope.record.js.map +1 -1
- package/src/scope/scope.instance.js +8 -2
- package/src/scope/scope.instance.js.map +1 -1
- package/src/scope/scope.registry.js +2 -1
- package/src/scope/scope.registry.js.map +1 -1
- package/src/scope/scope.utils.js +6 -4
- package/src/scope/scope.utils.js.map +1 -1
- package/src/transport/adapters/transport.sse.adapter.js +2 -1
- package/src/transport/adapters/transport.sse.adapter.js.map +1 -1
package/package.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import 'reflect-metadata';
|
|
2
2
|
import { RegistryAbstract, RegistryBuildMapResult } from '../regsitry';
|
|
3
3
|
import ProviderRegistry from '../provider/provider.registry';
|
|
4
|
-
import { AuthOptions, FrontMcpAuth, AuthProviderType, AuthProviderEntry, AuthRegistryInterface, AuthProviderRecord, EntryOwnerRef } from '../common';
|
|
4
|
+
import { AuthOptions, FrontMcpAuth, AuthProviderType, AuthProviderEntry, AuthRegistryInterface, AuthProviderRecord, EntryOwnerRef, ScopeEntry } from '../common';
|
|
5
5
|
export declare class AuthRegistry extends RegistryAbstract<AuthProviderEntry, AuthProviderRecord, AuthProviderType[]> implements AuthRegistryInterface {
|
|
6
6
|
private readonly primary?;
|
|
7
|
-
constructor(providers: ProviderRegistry, metadata: AuthProviderType[], owner: EntryOwnerRef, primary?: AuthOptions);
|
|
7
|
+
constructor(scope: ScopeEntry, providers: ProviderRegistry, metadata: AuthProviderType[], owner: EntryOwnerRef, primary?: AuthOptions);
|
|
8
8
|
protected buildMap(list: AuthProviderType[]): RegistryBuildMapResult<AuthProviderRecord>;
|
|
9
9
|
protected buildGraph(): void;
|
|
10
10
|
protected initialize(): Promise<void>;
|
|
@@ -11,11 +11,11 @@ const instance_remote_primary_auth_1 = require("./instances/instance.remote-prim
|
|
|
11
11
|
const instance_local_primary_auth_1 = require("./instances/instance.local-primary-auth");
|
|
12
12
|
class AuthRegistry extends regsitry_1.RegistryAbstract {
|
|
13
13
|
primary;
|
|
14
|
-
constructor(providers, metadata, owner, primary) {
|
|
14
|
+
constructor(scope, providers, metadata, owner, primary) {
|
|
15
15
|
super('AuthRegistry', providers, metadata, false);
|
|
16
16
|
let primaryRecord;
|
|
17
17
|
if (primary) {
|
|
18
|
-
this.primary = primary.type === 'remote' ? new instance_remote_primary_auth_1.RemotePrimaryAuth(providers, primary) : new instance_local_primary_auth_1.LocalPrimaryAuth(providers, primary);
|
|
18
|
+
this.primary = primary.type === 'remote' ? new instance_remote_primary_auth_1.RemotePrimaryAuth(scope, providers, primary) : new instance_local_primary_auth_1.LocalPrimaryAuth(scope, providers, primary);
|
|
19
19
|
primaryRecord = {
|
|
20
20
|
kind: common_1.AuthProviderKind.PRIMARY,
|
|
21
21
|
provide: common_1.FrontMcpAuth,
|
|
@@ -25,7 +25,7 @@ class AuthRegistry extends regsitry_1.RegistryAbstract {
|
|
|
25
25
|
}
|
|
26
26
|
else {
|
|
27
27
|
const defaultMetadata = { type: 'local', id: 'local', name: 'default-auth', allowAnonymous: true };
|
|
28
|
-
this.primary = new instance_local_primary_auth_1.LocalPrimaryAuth(providers, defaultMetadata);
|
|
28
|
+
this.primary = new instance_local_primary_auth_1.LocalPrimaryAuth(scope, providers, defaultMetadata);
|
|
29
29
|
primaryRecord = {
|
|
30
30
|
kind: common_1.AuthProviderKind.PRIMARY,
|
|
31
31
|
provide: common_1.FrontMcpAuth,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.registry.js","sourceRoot":"","sources":["../../../src/auth/auth.registry.ts"],"names":[],"mappings":";;;AAAA,wBAAwB;AACxB,4BAA0B;AAC1B,0CAAqE;AAErE,sCAMmB;AACnB,6CAA8D;AAC9D,sDAA+C;AAC/C,2FAA2E;AAC3E,yFAAyE;AAEzE,MAAa,YAAa,SAAQ,2BAA2E;IAC1F,OAAO,CAAgB;IAExC,YAAY,SAA2B,EAAE,QAA4B,EAAE,KAAoB,EAAE,OAAqB;
|
|
1
|
+
{"version":3,"file":"auth.registry.js","sourceRoot":"","sources":["../../../src/auth/auth.registry.ts"],"names":[],"mappings":";;;AAAA,wBAAwB;AACxB,4BAA0B;AAC1B,0CAAqE;AAErE,sCAMmB;AACnB,6CAA8D;AAC9D,sDAA+C;AAC/C,2FAA2E;AAC3E,yFAAyE;AAEzE,MAAa,YAAa,SAAQ,2BAA2E;IAC1F,OAAO,CAAgB;IAExC,YAAY,KAAiB,EAAE,SAA2B,EAAE,QAA4B,EAAE,KAAoB,EAAE,OAAqB;QACnI,KAAK,CAAC,cAAc,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAElD,IAAI,aAAgC,CAAC;QACrC,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,gDAAiB,CAAC,KAAK,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,8CAAgB,CAAC,KAAK,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC5I,aAAa,GAAG;gBACd,IAAI,EAAE,yBAAgB,CAAC,OAAO;gBAC9B,OAAO,EAAE,qBAAY;gBACrB,QAAQ,EAAE,IAAI,CAAC,OAAO;gBACtB,QAAQ,EAAE,OAAO;aAClB,CAAA;QACH,CAAC;aAAM,CAAC;YACN,MAAM,eAAe,GAAgB,EAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,cAAc,EAAE,IAAI,EAAC,CAAA;YAC7G,IAAI,CAAC,OAAO,GAAG,IAAI,8CAAgB,CAAC,KAAK,EAAC,SAAS,EAAE,eAAe,CAAC,CAAC;YACtE,aAAa,GAAG;gBACd,IAAI,EAAE,yBAAgB,CAAC,OAAO;gBAC9B,OAAO,EAAE,qBAAY;gBACrB,QAAQ,EAAE,IAAI,CAAC,OAAO;gBACtB,QAAQ,EAAE,eAAe;aAC1B,CAAA;QACH,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAY,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,qBAAY,EAAE,aAAa,CAAC,CAAA;QAC1C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,qBAAY,EAAE,IAAI,GAAG,EAAE,CAAC,CAAA;QAEvC,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC;IAEkB,QAAQ,CAAC,IAAwB;QAClD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAS,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,GAAG,EAA6B,CAAC;QAClD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAqB,CAAC;QAE3C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,IAAA,0BAAa,EAAC,GAAG,CAAC,CAAC;YAC/B,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;YAC5B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACpB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvB,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,EAAC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAC,CAAC;IAC/B,CAAC;IAES,UAAU;QAClB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC;YAClC,MAAM,IAAI,GAAG,IAAA,8BAAiB,EAAC,GAAG,CAAC,CAAC;YAEpC,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC3B,MAAM,IAAI,KAAK,CAAC,gBAAgB,IAAA,uBAAS,EAAC,KAAK,CAAC,eAAe,IAAA,uBAAS,EAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC;gBAC3G,CAAC;gBACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IAES,KAAK,CAAC,UAAU;QACxB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;QAC3B,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAGD,UAAU;QACR,OAAO,IAAI,CAAC,OAAQ,CAAC;IACvB,CAAC;IAED,gBAAgB;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IACtC,CAAC;CACF;AA9ED,oCA8EC","sourcesContent":["// auth/auth.registry.ts\nimport 'reflect-metadata';\nimport {RegistryAbstract, RegistryBuildMapResult} from '../regsitry';\nimport ProviderRegistry from '../provider/provider.registry';\nimport {\n AuthOptions,\n FrontMcpAuth,\n AuthProviderType,\n Token, AuthProviderEntry, AuthRegistryInterface, AuthProviderRecord, AuthProviderKind, EntryOwnerRef,\n PrimaryAuthRecord, ScopeEntry,\n} from '../common';\nimport {authDiscoveryDeps, normalizeAuth} from './auth.utils';\nimport {tokenName} from '../utils/token.utils';\nimport {RemotePrimaryAuth} from './instances/instance.remote-primary-auth';\nimport {LocalPrimaryAuth} from './instances/instance.local-primary-auth';\n\nexport class AuthRegistry extends RegistryAbstract<AuthProviderEntry, AuthProviderRecord, AuthProviderType[]> implements AuthRegistryInterface {\n private readonly primary?: FrontMcpAuth;\n\n constructor(scope: ScopeEntry, providers: ProviderRegistry, metadata: AuthProviderType[], owner: EntryOwnerRef, primary?: AuthOptions) {\n super('AuthRegistry', providers, metadata, false);\n\n let primaryRecord: PrimaryAuthRecord;\n if (primary) {\n this.primary = primary.type === 'remote' ? new RemotePrimaryAuth(scope,providers, primary) : new LocalPrimaryAuth(scope,providers, primary);\n primaryRecord = {\n kind: AuthProviderKind.PRIMARY,\n provide: FrontMcpAuth,\n useValue: this.primary,\n metadata: primary,\n }\n } else {\n const defaultMetadata: AuthOptions = {type: 'local', id: 'local', name: 'default-auth', allowAnonymous: true}\n this.primary = new LocalPrimaryAuth(scope,providers, defaultMetadata);\n primaryRecord = {\n kind: AuthProviderKind.PRIMARY,\n provide: FrontMcpAuth,\n useValue: this.primary,\n metadata: defaultMetadata,\n }\n }\n this.tokens.add(FrontMcpAuth);\n this.defs.set(FrontMcpAuth, primaryRecord)\n this.graph.set(FrontMcpAuth, new Set())\n\n this.buildGraph();\n this.ready = this.initialize();\n }\n\n protected override buildMap(list: AuthProviderType[]): RegistryBuildMapResult<AuthProviderRecord> {\n const tokens = new Set<Token>();\n const defs = new Map<Token, AuthProviderRecord>();\n const graph = new Map<Token, Set<Token>>();\n\n for (const raw of list) {\n const rec = normalizeAuth(raw);\n const provide = rec.provide;\n tokens.add(provide);\n defs.set(provide, rec);\n graph.set(provide, new Set());\n }\n\n return {tokens, defs, graph};\n }\n\n protected buildGraph() {\n for (const token of this.tokens) {\n const rec = this.defs.get(token)!;\n const deps = authDiscoveryDeps(rec);\n\n for (const d of deps) {\n if (!this.providers.get(d)) {\n throw new Error(`AuthProvider ${tokenName(token)} depends on ${tokenName(d)}, which is not registered.`);\n }\n this.graph.get(token)!.add(d);\n }\n }\n }\n\n protected async initialize(): Promise<void> {\n if (this.primary) {\n await this.primary.ready;\n }\n return Promise.resolve();\n }\n\n\n getPrimary(): FrontMcpAuth {\n return this.primary!;\n }\n\n getAuthProviders(): AuthProviderEntry[] {\n return [...this.instances.values()];\n }\n}\n"]}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { URL } from 'url';
|
|
2
|
-
import { FrontMcpAuth, FrontMcpLogger, LocalAuthOptions, ServerRequest } from '../../common';
|
|
2
|
+
import { FrontMcpAuth, FrontMcpLogger, LocalAuthOptions, ScopeEntry, ServerRequest } from '../../common';
|
|
3
3
|
import ProviderRegistry from '../../provider/provider.registry';
|
|
4
4
|
export declare class LocalPrimaryAuth extends FrontMcpAuth {
|
|
5
|
+
private scope;
|
|
5
6
|
private providers;
|
|
6
7
|
readonly host: string;
|
|
7
8
|
readonly port: number;
|
|
@@ -10,7 +11,7 @@ export declare class LocalPrimaryAuth extends FrontMcpAuth {
|
|
|
10
11
|
readonly secret: Uint8Array;
|
|
11
12
|
readonly logger: FrontMcpLogger;
|
|
12
13
|
private jwks;
|
|
13
|
-
constructor(providers: ProviderRegistry, metadata: LocalAuthOptions);
|
|
14
|
+
constructor(scope: ScopeEntry, providers: ProviderRegistry, metadata: LocalAuthOptions);
|
|
14
15
|
signAnonymousJwt(): Promise<string>;
|
|
15
16
|
protected initialize(): Promise<void>;
|
|
16
17
|
fetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
|
|
@@ -15,6 +15,7 @@ const oauth_token_flow_1 = tslib_1.__importDefault(require("../flows/oauth.token
|
|
|
15
15
|
const jwks_1 = require("../jwks");
|
|
16
16
|
const DEFAULT_NO_AUTH_SECRET = (0, crypto_1.randomBytes)(32);
|
|
17
17
|
class LocalPrimaryAuth extends common_1.FrontMcpAuth {
|
|
18
|
+
scope;
|
|
18
19
|
providers;
|
|
19
20
|
host;
|
|
20
21
|
port;
|
|
@@ -23,13 +24,14 @@ class LocalPrimaryAuth extends common_1.FrontMcpAuth {
|
|
|
23
24
|
secret;
|
|
24
25
|
logger;
|
|
25
26
|
jwks = new jwks_1.JwksService();
|
|
26
|
-
constructor(providers, metadata) {
|
|
27
|
+
constructor(scope, providers, metadata) {
|
|
27
28
|
super(metadata);
|
|
29
|
+
this.scope = scope;
|
|
28
30
|
this.providers = providers;
|
|
29
31
|
this.logger = this.providers.getActiveScope().logger.child('LocalPrimaryAuth');
|
|
30
32
|
this.port = this.providers.getActiveScope().metadata.http?.port ?? 3001;
|
|
31
33
|
this.host = 'localhost';
|
|
32
|
-
this.issuer = `http://${this.host}:${this.port}`;
|
|
34
|
+
this.issuer = `http://${this.host}:${this.port}${scope.fullPath}`;
|
|
33
35
|
if (process.env["JWT_SECRET"]) {
|
|
34
36
|
this.secret = new TextEncoder().encode(process.env["JWT_SECRET"]);
|
|
35
37
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"instance.local-primary-auth.js","sourceRoot":"","sources":["../../../../src/auth/instances/instance.local-primary-auth.ts"],"names":[],"mappings":";;;;AAAA,+BAA6B;AAE7B,mCAA+C;AAC/C,
|
|
1
|
+
{"version":3,"file":"instance.local-primary-auth.js","sourceRoot":"","sources":["../../../../src/auth/instances/instance.local-primary-auth.ts"],"names":[],"mappings":";;;;AAAA,+BAA6B;AAE7B,mCAA+C;AAC/C,yCAAsH;AAEtH,+FAA4D;AAC5D,6IAAkF;AAClF,iGAA8D;AAC9D,+FAA6D;AAC7D,iGAA+D;AAC/D,+FAA6D;AAC7D,yFAAuD;AACvD,kCAAoC;AAGpC,MAAM,sBAAsB,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAA;AAE9C,MAAa,gBAAiB,SAAQ,qBAAY;IAS5B;IAAyB;IARpC,IAAI,CAAS;IACb,IAAI,CAAS;IACb,MAAM,CAAS;IACf,IAAI,GAAU,EAAE,CAAC;IACjB,MAAM,CAAa;IACnB,MAAM,CAAiB;IACxB,IAAI,GAAG,IAAI,kBAAW,EAAE,CAAC;IAEjC,YAAoB,KAAgB,EAAS,SAA2B,EAAE,QAA0B;QAClG,KAAK,CAAC,QAAQ,CAAC,CAAC;QADE,UAAK,GAAL,KAAK,CAAW;QAAS,cAAS,GAAT,SAAS,CAAkB;QAEtE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC/E,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QACxE,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,UAAU,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAA;QAEjE,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAA;QACnE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAA;YAC/D,IAAI,CAAC,MAAM,GAAG,sBAAsB,CAAC;QACvC,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC;IAGD,KAAK,CAAC,gBAAgB;QACpB,MAAM,GAAG,GAAG,IAAA,mBAAU,GAAE,CAAA;QACxB,OAAO,IAAI,cAAO,CAAC,EAAC,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAC,CAAC;aACrD,kBAAkB,CAAC,EAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAC,CAAC;aAC9C,WAAW,EAAE;aACb,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;aACtB,iBAAiB,CAAC,IAAI,CAAC;aACvB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACtB,CAAC;IAES,KAAK,CAAC,UAAU;QACxB,mEAAmE;QACnE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;YAC5B,KAAK,EAAE,IAAI,CAAC,IAAI;YAChB,QAAQ,EAAE;gBACR,KAAK,EAAE,sBAAa,CAAC,MAAM;gBAC3B,IAAI,EAAE,kBAAkB;aACzB;YACD,OAAO,EAAE,kBAAW;SACrB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAG/B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAEQ,KAAK,CAAC,KAAwB,EAAE,IAAkB;QACzD,OAAO,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;IAEQ,QAAQ,CAAC,OAAsB;QACtC,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAGO,KAAK,CAAC,iBAAiB;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;QAC9C,MAAM,KAAK,CAAC,aAAa,CACvB,6BAAgB,EAAE,4CAA4C,CAC9D,oDAAe,EAAE,8CAA8C,CAC/D,8BAAiB,EAAE,6BAA6B,CAChD,6BAAiB,EAAE,gCAAgC,CAEnD,8BAAkB,EAClB,0BAAc,EACd,6BAAiB,CAClB,CAAC;IACJ,CAAC;CACF;AA3ED,4CA2EC","sourcesContent":["import {SignJWT} from \"jose\";\nimport {URL} from 'url';\nimport {randomBytes, randomUUID} from \"crypto\";\nimport {FrontMcpAuth, FrontMcpLogger, LocalAuthOptions, ProviderScope, ScopeEntry, ServerRequest} from '../../common';\nimport ProviderRegistry from '../../provider/provider.registry';\nimport WellKnownPrmFlow from '../flows/well-known.prm.flow';\nimport WellKnownAsFlow from '../flows/well-known.oauth-authorization-server.flow';\nimport WellKnownJwksFlow from '../flows/well-known.jwks.flow';\nimport SessionVerifyFlow from '../flows/session.verify.flow';\nimport OauthAuthorizeFlow from \"../flows/oauth.authorize.flow\";\nimport OauthRegisterFlow from \"../flows/oauth.register.flow\";\nimport OauthTokenFlow from \"../flows/oauth.token.flow\";\nimport {JwksService} from \"../jwks\";\n\n\nconst DEFAULT_NO_AUTH_SECRET = randomBytes(32)\n\nexport class LocalPrimaryAuth extends FrontMcpAuth {\n readonly host: string;\n readonly port: number;\n readonly issuer: string;\n readonly keys: any[] = [];\n readonly secret: Uint8Array;\n readonly logger: FrontMcpLogger;\n private jwks = new JwksService();\n\n constructor(private scope:ScopeEntry,private providers: ProviderRegistry, metadata: LocalAuthOptions) {\n super(metadata);\n this.logger = this.providers.getActiveScope().logger.child('LocalPrimaryAuth');\n this.port = this.providers.getActiveScope().metadata.http?.port ?? 3001;\n this.host = 'localhost';\n this.issuer = `http://${this.host}:${this.port}${scope.fullPath}`\n\n if (process.env[\"JWT_SECRET\"]) {\n this.secret = new TextEncoder().encode(process.env[\"JWT_SECRET\"])\n } else {\n this.logger.warn('JWT_SECRET is not set, using default secret')\n this.secret = DEFAULT_NO_AUTH_SECRET;\n }\n this.ready = this.initialize();\n }\n\n\n async signAnonymousJwt() {\n const sub = randomUUID()\n return new SignJWT({sub, role: 'user', anonymous: true})\n .setProtectedHeader({alg: 'HS256', typ: 'JWT'})\n .setIssuedAt()\n .setIssuer(this.issuer)\n .setExpirationTime('1d')\n .sign(this.secret)\n }\n\n protected async initialize(): Promise<void> {\n // TODO: create separated jwk service for local/remote auth options\n this.providers.injectProvider({\n value: this.jwks,\n metadata: {\n scope: ProviderScope.GLOBAL,\n name: 'auth:jwk-service',\n },\n provide: JwksService,\n });\n\n await this.registerAuthFlows();\n\n\n return Promise.resolve();\n }\n\n override fetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response> {\n return fetch(input, init);\n }\n\n override validate(request: ServerRequest): Promise<void> {\n return Promise.resolve();\n }\n\n\n private async registerAuthFlows() {\n const scope = this.providers.getActiveScope();\n await scope.registryFlows(\n WellKnownPrmFlow, /** /.well-known/oauth-protected-resource */\n WellKnownAsFlow, /** /.well-known/oauth-authorization-server */\n WellKnownJwksFlow, /** /.well-known/jwks.json */\n SessionVerifyFlow, /** Session verification flow */\n\n OauthAuthorizeFlow,\n OauthTokenFlow,\n OauthRegisterFlow\n );\n }\n}"]}
|
|
@@ -1,11 +1,12 @@
|
|
|
1
|
-
import { FrontMcpAuth, RemoteAuthOptions, ServerRequest } from '../../common';
|
|
1
|
+
import { FrontMcpAuth, RemoteAuthOptions, ScopeEntry, ServerRequest } from '../../common';
|
|
2
2
|
import { URL } from 'url';
|
|
3
3
|
import ProviderRegistry from '../../provider/provider.registry';
|
|
4
4
|
export declare class RemotePrimaryAuth extends FrontMcpAuth<RemoteAuthOptions> {
|
|
5
|
+
private readonly scope;
|
|
5
6
|
private readonly providers;
|
|
6
7
|
ready: Promise<void>;
|
|
7
8
|
private jwks;
|
|
8
|
-
constructor(providers: ProviderRegistry, options: RemoteAuthOptions);
|
|
9
|
+
constructor(scope: ScopeEntry, providers: ProviderRegistry, options: RemoteAuthOptions);
|
|
9
10
|
fetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
|
|
10
11
|
validate(request: ServerRequest): Promise<void>;
|
|
11
12
|
get issuer(): string;
|
|
@@ -9,11 +9,13 @@ const well_known_oauth_authorization_server_flow_1 = tslib_1.__importDefault(req
|
|
|
9
9
|
const well_known_jwks_flow_1 = tslib_1.__importDefault(require("../flows/well-known.jwks.flow"));
|
|
10
10
|
const session_verify_flow_1 = tslib_1.__importDefault(require("../flows/session.verify.flow"));
|
|
11
11
|
class RemotePrimaryAuth extends common_1.FrontMcpAuth {
|
|
12
|
+
scope;
|
|
12
13
|
providers;
|
|
13
14
|
ready;
|
|
14
15
|
jwks = new jwks_1.JwksService();
|
|
15
|
-
constructor(providers, options) {
|
|
16
|
+
constructor(scope, providers, options) {
|
|
16
17
|
super(options);
|
|
18
|
+
this.scope = scope;
|
|
17
19
|
this.providers = providers;
|
|
18
20
|
this.ready = this.initialize();
|
|
19
21
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"instance.remote-primary-auth.js","sourceRoot":"","sources":["../../../../src/auth/instances/instance.remote-primary-auth.ts"],"names":[],"mappings":";;;;AAAA,
|
|
1
|
+
{"version":3,"file":"instance.remote-primary-auth.js","sourceRoot":"","sources":["../../../../src/auth/instances/instance.remote-primary-auth.ts"],"names":[],"mappings":";;;;AAAA,yCAAuG;AAGvG,kCAAoC;AACpC,+FAA4D;AAC5D,6IAAkF;AAClF,iGAA8D;AAC9D,+FAA6D;AAI7D,MAAa,iBAAkB,SAAQ,qBAA+B;IAIvC;IAAoC;IAHxD,KAAK,CAAgB;IACtB,IAAI,GAAG,IAAI,kBAAW,EAAE,CAAC;IAEjC,YAA6B,KAAiB,EAAmB,SAA2B,EAAE,OAA0B;QACtH,KAAK,CAAC,OAAO,CAAC,CAAC;QADY,UAAK,GAAL,KAAK,CAAY;QAAmB,cAAS,GAAT,SAAS,CAAkB;QAE1F,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC;IAEQ,KAAK,CAAC,KAAwB,EAAE,IAAkB;QACzD,OAAO,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;IAEQ,QAAQ,CAAC,OAAsB;QACtC,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAGD,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;IAC9B,CAAC;IAES,KAAK,CAAC,UAAU;QACxB,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;QAE9C,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;YAC5B,KAAK,EAAE,IAAI,CAAC,IAAI;YAChB,QAAQ,EAAE;gBACR,KAAK,EAAE,sBAAa,CAAC,MAAM;gBAC3B,IAAI,EAAE,kBAAkB;aACzB;YACD,OAAO,EAAE,kBAAW;SACrB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACpC,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAGO,KAAK,CAAC,iBAAiB,CAAC,KAAY;QAC1C,MAAM,KAAK,CAAC,aAAa,CACvB,6BAAgB,EAAE,4CAA4C,CAC9D,oDAAe,EAAE,8CAA8C,CAC/D,8BAAiB,EAAE,6BAA6B,CAChD,6BAAiB,CAClB,CAAC;IACJ,CAAC;CACF;AA/CD,8CA+CC","sourcesContent":["import {FrontMcpAuth, ProviderScope, RemoteAuthOptions, ScopeEntry, ServerRequest} from '../../common';\nimport {URL} from 'url';\nimport ProviderRegistry from '../../provider/provider.registry';\nimport {JwksService} from '../jwks';\nimport WellKnownPrmFlow from '../flows/well-known.prm.flow';\nimport WellKnownAsFlow from '../flows/well-known.oauth-authorization-server.flow';\nimport WellKnownJwksFlow from '../flows/well-known.jwks.flow';\nimport SessionVerifyFlow from '../flows/session.verify.flow';\nimport {Scope} from '../../scope';\n\n\nexport class RemotePrimaryAuth extends FrontMcpAuth<RemoteAuthOptions> {\n override ready: Promise<void>;\n private jwks = new JwksService();\n\n constructor(private readonly scope: ScopeEntry, private readonly providers: ProviderRegistry, options: RemoteAuthOptions) {\n super(options);\n this.ready = this.initialize();\n }\n\n override fetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response> {\n return fetch(input, init);\n }\n\n override validate(request: ServerRequest): Promise<void> {\n return Promise.resolve();\n }\n\n\n get issuer(): string {\n return this.options.baseUrl;\n }\n\n protected async initialize() {\n const scope = this.providers.getActiveScope();\n\n this.providers.injectProvider({\n value: this.jwks,\n metadata: {\n scope: ProviderScope.GLOBAL,\n name: 'auth:jwk-service',\n },\n provide: JwksService,\n });\n\n await this.registerAuthFlows(scope);\n return Promise.resolve();\n }\n\n\n private async registerAuthFlows(scope: Scope) {\n await scope.registryFlows(\n WellKnownPrmFlow, /** /.well-known/oauth-protected-resource */\n WellKnownAsFlow, /** /.well-known/oauth-authorization-server */\n WellKnownJwksFlow, /** /.well-known/jwks.json */\n SessionVerifyFlow, /** Session verification flow */\n );\n }\n}"]}
|
|
@@ -92,7 +92,6 @@ class JwksService {
|
|
|
92
92
|
const { payload, protectedHeader } = await (0, jose_1.jwtVerify)(token, JWKS, {
|
|
93
93
|
issuer: [
|
|
94
94
|
(0, jwks_utils_1.normalizeIssuer)(p.issuerUrl),
|
|
95
|
-
// ]
|
|
96
95
|
].concat((draftPayload?.['iss'] ? [draftPayload['iss']] : [])), // used because current cloud gateway have invalid issuer
|
|
97
96
|
});
|
|
98
97
|
return {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwks.service.js","sourceRoot":"","sources":["../../../../src/auth/jwks/jwks.service.ts"],"names":[],"mappings":";;;;AAAA,4BAA4B;AAC5B,sEAAiC;AACjC,+BAAwF;AAExF,6CAA8E;AAE9E,MAAa,WAAW;IACL,IAAI,CAA+B;IAEpD,gCAAgC;IACxB,eAAe,CAKrB;IAEF,uDAAuD;IAC/C,YAAY,GAAG,IAAI,GAAG,EAAsD,CAAC;IAErF,YAAY,IAAyB;QACnC,IAAI,CAAC,IAAI,GAAG;YACV,eAAe,EAAE,IAAI,EAAE,eAAe,IAAI,OAAO;YACjD,UAAU,EAAE,IAAI,EAAE,UAAU,IAAI,EAAE;YAClC,iBAAiB,EAAE,IAAI,EAAE,iBAAiB,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,KAAK;YACvE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,IAAI,IAAI,EAAE,KAAK;SACxD,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,mDAAmD;IACnD,8EAA8E;IAE9E,mFAAmF;IACnF,aAAa;QACX,OAAO,IAAI,CAAC,mBAAmB,EAAE,CAAC;IACpC,CAAC;IAED,8EAA8E;IAC9E,+BAA+B;IAC/B,8EAA8E;IAE9E,uEAAuE;IACvE,KAAK,CAAC,kBAAkB,CAAC,KAAa,EAAE,cAAsB;QAC5D,IAAI,CAAC;YACH,gDAAgD;YAChD,uDAAuD;YAEvD,qCAAqC;YACrC,wCAAwC;YACxC,oEAAoE;YACpE,6CAA6C;YAC7C,MAAM;YACN,WAAW;YACX,cAAc;YACd,gDAAgD;YAChD,6CAA6C;YAC7C,6BAA6B;YAC7B,aAAa;YACb,KAAK;YAEL,MAAM,OAAO,GAAG,IAAA,iCAAoB,EAAC,KAAK,CAAC,CAAC;YAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,sBAAsB;iBAC9B,CAAA;YACH,CAAC;YACD,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,cAAc;gBACtB,GAAG,EAAE,OAAO,CAAC,KAAK,CAAW;gBAC7B,OAAO;gBACP,MAAM,EAAE,IAAA,4BAAqB,EAAC,KAAK,CAAC;aACrC,CAAA;QACH,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,EAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,IAAI,qBAAqB,EAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB,CAAC,KAAa,EAAE,UAA+B;QACzE,IAAI,CAAC,UAAU,EAAE,MAAM;YAAE,OAAO,EAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAC,CAAC;QAEnE,kCAAkC;QAClC,IAAI,GAAuB,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAA,4BAAqB,EAAC,KAAK,CAAC,CAAC;YAE5C,GAAG,GAAG,OAAO,MAAM,EAAE,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACjE,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;gBAC9C,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM;oBAAE,SAAS;gBAClC,MAAM,YAAY,GAAG,IAAA,iCAAoB,EAAC,KAAK,CAAC,CAAC;gBACjD,MAAM,IAAI,GAAG,IAAA,wBAAiB,EAAC,IAAI,CAAC,CAAC;gBACrC,MAAM,EAAC,OAAO,EAAE,eAAe,EAAC,GAAG,MAAM,IAAA,gBAAS,EAAC,KAAK,EAAE,IAAI,EAAE;oBAC9D,MAAM,EAAE;wBACN,IAAA,4BAAe,EAAC,CAAC,CAAC,SAAS,CAAC;wBAE5B,IAAI;qBACL,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAa,CAAC,EAAE,yDAAyD;iBACtI,CAAC,CAAC;gBAEH,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,OAAO,EAAE,GAAyB;oBAC1C,GAAG,EAAE,OAAO,EAAE,GAAyB;oBACvC,UAAU,EAAE,CAAC,CAAC,EAAE;oBAChB,MAAM,EAAE,eAAe;oBACvB,OAAO;iBACR,CAAC;YACJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;gBAC9D,oBAAoB;YACtB,CAAC;QACH,CAAC;QAED,OAAO,EAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,EAAC,CAAC;IACjF,CAAC;IAED,8EAA8E;IAC9E,8CAA8C;IAC9C,8EAA8E;IAE9E,kEAAkE;IAClE,eAAe,CAAC,UAAkB,EAAE,IAAmB;QACrD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,EAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAC,CAAC,CAAC;IACnE,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,kBAAkB,CAAC,GAAsB;QAC7C,kBAAkB;QAClB,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;YAC3B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACvC,OAAO,GAAG,CAAC,IAAI,CAAC;QAClB,CAAC;QAED,uBAAuB;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC1E,OAAO,MAAM,CAAC,IAAI,CAAC;QACrB,CAAC;QAED,+BAA+B;QAC/B,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7D,IAAI,OAAO,EAAE,IAAI,EAAE,MAAM;gBAAE,OAAO,OAAO,CAAC;QAC5C,CAAC;QAED,8BAA8B;QAC9B,MAAM,MAAM,GAAG,IAAA,sBAAS,EAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,MAAM,yCAAyC,CAAC,CAAC;QAC3F,MAAM,GAAG,GAAG,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAClG,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YACtD,IAAI,QAAQ,EAAE,IAAI,EAAE,MAAM;gBAAE,OAAO,QAAQ,CAAC;QAC9C,CAAC;QAED,OAAO,MAAM,EAAE,IAAI,CAAC,CAAC,kDAAkD;IACzE,CAAC;IAED,8EAA8E;IAC9E,0CAA0C;IAC1C,8EAA8E;IAE9E,yEAAyE;IACzE,mBAAmB;QACjB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC;IACxC,CAAC;IAED,wEAAwE;IACxE,yBAAyB;QACvB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC7B,OAAO,EAAC,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAC,CAAC;IAC/G,CAAC;IAED,8EAA8E;IAC9E,uCAAuC;IACvC,8EAA8E;IAEtE,KAAK,CAAC,YAAY,CAAC,UAAkB,EAAE,GAAW;QACxD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAgB,GAAG,CAAC,CAAC;YACtD,IAAI,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;gBACvB,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACvC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,GAAW;QACtC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,SAAS,CAAU,GAAW;QAC1C,MAAM,GAAG,GAAG,OAAO,eAAe,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QACvF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACzE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAC3B,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,EAAC,MAAM,EAAE,kBAAkB,EAAC;gBACrC,MAAM,EAAE,GAAG,EAAE,MAAM;aACpB,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;QACjC,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAEO,qBAAqB;QAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC1D,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,GAAG,MAAM,EAAE,CAAC;YAC3E,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,GAAsB;QACxC,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;YACpB,MAAM,EAAC,UAAU,EAAE,SAAS,EAAC,GAAG,qBAAM,CAAC,mBAAmB,CAAC,KAAK,EAAE,EAAC,aAAa,EAAE,IAAI,EAAC,CAAC,CAAC;YACzF,MAAM,GAAG,GAAG,qBAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,EAAC,MAAM,EAAE,KAAK,EAAC,CAAC,CAAC;YACpD,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,EAAC,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAC,CAAC,CAAC;YACtE,OAAO,EAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,EAAC,IAAI,EAAE,CAAC,SAAS,CAAC,EAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAC,CAAC;QAClF,CAAC;aAAM,CAAC;YACN,MAAM,EAAC,UAAU,EAAE,SAAS,EAAC,GAAG,qBAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,EAAC,UAAU,EAAE,OAAO,EAAC,CAAC,CAAC;YACxF,MAAM,GAAG,GAAG,qBAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,EAAC,MAAM,EAAE,KAAK,EAAC,CAAC,CAAC;YACpD,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,EAAC,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAC,CAAC,CAAC;YACrE,OAAO,EAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,EAAC,IAAI,EAAE,CAAC,SAAS,CAAC,EAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAC,CAAC;QAClF,CAAC;IACH,CAAC;CACF;AAzPD,kCAyPC","sourcesContent":["// auth/jwks/jwks.service.ts\nimport crypto from 'node:crypto';\nimport {jwtVerify, createLocalJWKSet, decodeProtectedHeader, JSONWebKeySet} from 'jose';\nimport {JwksServiceOptions, ProviderVerifyRef, VerifyResult} from './jwks.types';\nimport {normalizeIssuer, trimSlash, decodeJwtPayloadSafe} from './jwks.utils';\n\nexport class JwksService {\n private readonly opts: Required<JwksServiceOptions>;\n\n // Orchestrator signing material\n private orchestratorKey!: {\n kid: string;\n privateKey: crypto.KeyObject;\n publicJwk: JSONWebKeySet;\n createdAt: number;\n };\n\n // Provider JWKS cache (providerId -> jwks + fetchedAt)\n private providerJwks = new Map<string, { jwks: JSONWebKeySet; fetchedAt: number }>();\n\n constructor(opts?: JwksServiceOptions) {\n this.opts = {\n orchestratorAlg: opts?.orchestratorAlg ?? 'RS256',\n rotateDays: opts?.rotateDays ?? 30,\n providerJwksTtlMs: opts?.providerJwksTtlMs ?? 6 * 60 * 60 * 1000, // 6h\n networkTimeoutMs: opts?.networkTimeoutMs ?? 5000, // 5s\n };\n }\n\n // ===========================================================================\n // Public JWKS (what /.well-known/jwks.json serves)\n // ===========================================================================\n\n /** Gateway's public JWKS (publish at /.well-known/jwks.json when orchestrated). */\n getPublicJwks(): JSONWebKeySet {\n return this.getOrchestratorJwks();\n }\n\n // ===========================================================================\n // Scope-aware verification API\n // ===========================================================================\n\n /** Verify a token issued by the gateway itself (orchestrated mode). */\n async verifyGatewayToken(token: string, expectedIssuer: string): Promise<VerifyResult> {\n try {\n // TODO: add support for local/remote proxy mode\n // current implementation for anonymous mode only\n\n // const jwks = this.getPublicJwks();\n // const JWKS = createLocalJWKSet(jwks);\n // const {payload, protectedHeader} = await jwtVerify(token, JWKS, {\n // issuer: normalizeIssuer(expectedIssuer),\n // });\n // return {\n // ok: true,\n // issuer: payload?.iss as string | undefined,\n // sub: payload?.sub as string | undefined,\n // header: protectedHeader,\n // payload,\n // };\n\n const payload = decodeJwtPayloadSafe(token);\n if (!payload) {\n return {\n ok: false,\n error: 'invalid bearer token'\n }\n }\n return {\n ok: true,\n issuer: expectedIssuer,\n sub: payload['sub'] as string,\n payload,\n header: decodeProtectedHeader(token),\n }\n } catch (err: any) {\n return {ok: false, error: err?.message ?? 'verification_failed'};\n }\n }\n\n /**\n * Verify a token against candidate transparent providers.\n * Ensures JWKS are available (cached/TTL/AS discovery) per provider.\n */\n async verifyTransparentToken(token: string, candidates: ProviderVerifyRef[]): Promise<VerifyResult> {\n if (!candidates?.length) return {ok: false, error: 'no_providers'};\n\n // Helpful only for error messages\n let kid: string | undefined;\n try {\n const header = decodeProtectedHeader(token);\n\n kid = typeof header?.kid === 'string' ? header.kid : undefined;\n } catch {\n /* empty */\n }\n\n for (const p of candidates) {\n try {\n const jwks = await this.getJwksForProvider(p);\n if (!jwks?.keys?.length) continue;\n const draftPayload = decodeJwtPayloadSafe(token);\n const JWKS = createLocalJWKSet(jwks);\n const {payload, protectedHeader} = await jwtVerify(token, JWKS, {\n issuer: [\n normalizeIssuer(p.issuerUrl),\n\n // ]\n ].concat((draftPayload?.['iss'] ? [draftPayload['iss']] : []) as string[]), // used because current cloud gateway have invalid issuer\n });\n\n return {\n ok: true,\n issuer: payload?.iss as string | undefined,\n sub: payload?.sub as string | undefined,\n providerId: p.id,\n header: protectedHeader,\n payload,\n };\n } catch (e) {\n console.log('failed to verify token for provider: ', p.id, e);\n // try next provider\n }\n }\n\n return {ok: false, error: `no_provider_verified${kid ? ` (kid=${kid})` : ''}`};\n }\n\n // ===========================================================================\n // Provider JWKS (cache + preload + discovery)\n // ===========================================================================\n\n /** Directly set provider JWKS (e.g., inline keys from config). */\n setProviderJwks(providerId: string, jwks: JSONWebKeySet) {\n this.providerJwks.set(providerId, {jwks, fetchedAt: Date.now()});\n }\n\n /**\n * Ensure JWKS for a provider:\n * 1) inline jwks (if provided) → cache & return\n * 2) cached & fresh (TTL) → return\n * 3) explicit jwksUri → fetch, cache, return\n * 4) discover jwks_uri via AS → fetch AS metadata, then jwks_uri, cache, return\n */\n async getJwksForProvider(ref: ProviderVerifyRef): Promise<JSONWebKeySet | undefined> {\n // Inline keys win\n if (ref.jwks?.keys?.length) {\n this.setProviderJwks(ref.id, ref.jwks);\n return ref.jwks;\n }\n\n // Cache hit and fresh?\n const cached = this.providerJwks.get(ref.id);\n if (cached && Date.now() - cached.fetchedAt < this.opts.providerJwksTtlMs) {\n return cached.jwks;\n }\n\n // If we have a jwksUri, try it\n if (ref.jwksUri) {\n const fromUri = await this.tryFetchJwks(ref.id, ref.jwksUri);\n if (fromUri?.keys?.length) return fromUri;\n }\n\n // Discover via AS .well-known\n const issuer = trimSlash(ref.issuerUrl);\n const meta = await this.tryFetchAsMeta(`${issuer}/.well-known/oauth-authorization-server`);\n const uri = meta && typeof meta === 'object' && meta.jwks_uri ? String(meta.jwks_uri) : undefined;\n if (uri) {\n const fromMeta = await this.tryFetchJwks(ref.id, uri);\n if (fromMeta?.keys?.length) return fromMeta;\n }\n\n return cached?.jwks; // return stale if we had anything, else undefined\n }\n\n // ===========================================================================\n // Orchestrator keys (generation/rotation)\n // ===========================================================================\n\n /** Return the orchestrator public JWKS (generates/rotates as needed). */\n getOrchestratorJwks(): JSONWebKeySet {\n this.ensureOrchestratorKey();\n return this.orchestratorKey.publicJwk;\n }\n\n /** Return private signing key + kid for issuing orchestrator tokens. */\n getOrchestratorSigningKey(): { kid: string; key: crypto.KeyObject; alg: string } {\n this.ensureOrchestratorKey();\n return {kid: this.orchestratorKey.kid, key: this.orchestratorKey.privateKey, alg: this.opts.orchestratorAlg};\n }\n\n // ===========================================================================\n // Internals (fetch, rotation, helpers)\n // ===========================================================================\n\n private async tryFetchJwks(providerId: string, uri: string): Promise<JSONWebKeySet | undefined> {\n try {\n const jwks = await this.fetchJson<JSONWebKeySet>(uri);\n if (jwks?.keys?.length) {\n this.setProviderJwks(providerId, jwks);\n return jwks;\n }\n } catch {\n /* empty */\n }\n return undefined;\n }\n\n private async tryFetchAsMeta(url: string): Promise<any | undefined> {\n try {\n return await this.fetchJson(url);\n } catch {\n return undefined;\n }\n }\n\n private async fetchJson<T = any>(url: string): Promise<T> {\n const ctl = typeof AbortController !== 'undefined' ? new AbortController() : undefined;\n const timer = setTimeout(() => ctl?.abort(), this.opts.networkTimeoutMs);\n try {\n const res = await fetch(url, {\n method: 'GET',\n headers: {accept: 'application/json'},\n signal: ctl?.signal,\n });\n if (!res.ok) throw new Error(`HTTP ${res.status}`);\n return (await res.json()) as T;\n } finally {\n clearTimeout(timer);\n }\n }\n\n private ensureOrchestratorKey() {\n const now = Date.now();\n const maxAge = this.opts.rotateDays * 24 * 60 * 60 * 1000;\n if (!this.orchestratorKey || now - this.orchestratorKey.createdAt > maxAge) {\n this.orchestratorKey = this.generateKey(this.opts.orchestratorAlg);\n }\n }\n\n private generateKey(alg: 'RS256' | 'ES256') {\n if (alg === 'RS256') {\n const {privateKey, publicKey} = crypto.generateKeyPairSync('rsa', {modulusLength: 2048});\n const kid = crypto.randomBytes(8).toString('hex');\n const publicJwk = publicKey.export({format: 'jwk'});\n Object.assign(publicJwk, {kid, alg: 'RS256', use: 'sig', kty: 'RSA'});\n return {kid, privateKey, publicJwk: {keys: [publicJwk]}, createdAt: Date.now()};\n } else {\n const {privateKey, publicKey} = crypto.generateKeyPairSync('ec', {namedCurve: 'P-256'});\n const kid = crypto.randomBytes(8).toString('hex');\n const publicJwk = publicKey.export({format: 'jwk'});\n Object.assign(publicJwk, {kid, alg: 'ES256', use: 'sig', kty: 'EC'});\n return {kid, privateKey, publicJwk: {keys: [publicJwk]}, createdAt: Date.now()};\n }\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"jwks.service.js","sourceRoot":"","sources":["../../../../src/auth/jwks/jwks.service.ts"],"names":[],"mappings":";;;;AAAA,4BAA4B;AAC5B,sEAAiC;AACjC,+BAAwF;AAExF,6CAA8E;AAE9E,MAAa,WAAW;IACL,IAAI,CAA+B;IAEpD,gCAAgC;IACxB,eAAe,CAKrB;IAEF,uDAAuD;IAC/C,YAAY,GAAG,IAAI,GAAG,EAAsD,CAAC;IAErF,YAAY,IAAyB;QACnC,IAAI,CAAC,IAAI,GAAG;YACV,eAAe,EAAE,IAAI,EAAE,eAAe,IAAI,OAAO;YACjD,UAAU,EAAE,IAAI,EAAE,UAAU,IAAI,EAAE;YAClC,iBAAiB,EAAE,IAAI,EAAE,iBAAiB,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,KAAK;YACvE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,IAAI,IAAI,EAAE,KAAK;SACxD,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,mDAAmD;IACnD,8EAA8E;IAE9E,mFAAmF;IACnF,aAAa;QACX,OAAO,IAAI,CAAC,mBAAmB,EAAE,CAAC;IACpC,CAAC;IAED,8EAA8E;IAC9E,+BAA+B;IAC/B,8EAA8E;IAE9E,uEAAuE;IACvE,KAAK,CAAC,kBAAkB,CAAC,KAAa,EAAE,cAAsB;QAC5D,IAAI,CAAC;YACH,gDAAgD;YAChD,uDAAuD;YAEvD,qCAAqC;YACrC,wCAAwC;YACxC,oEAAoE;YACpE,6CAA6C;YAC7C,MAAM;YACN,WAAW;YACX,cAAc;YACd,gDAAgD;YAChD,6CAA6C;YAC7C,6BAA6B;YAC7B,aAAa;YACb,KAAK;YAEL,MAAM,OAAO,GAAG,IAAA,iCAAoB,EAAC,KAAK,CAAC,CAAC;YAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,sBAAsB;iBAC9B,CAAA;YACH,CAAC;YACD,OAAO;gBACL,EAAE,EAAE,IAAI;gBACR,MAAM,EAAE,cAAc;gBACtB,GAAG,EAAE,OAAO,CAAC,KAAK,CAAW;gBAC7B,OAAO;gBACP,MAAM,EAAE,IAAA,4BAAqB,EAAC,KAAK,CAAC;aACrC,CAAA;QACH,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,EAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,IAAI,qBAAqB,EAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB,CAAC,KAAa,EAAE,UAA+B;QACzE,IAAI,CAAC,UAAU,EAAE,MAAM;YAAE,OAAO,EAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAC,CAAC;QAEnE,kCAAkC;QAClC,IAAI,GAAuB,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAA,4BAAqB,EAAC,KAAK,CAAC,CAAC;YAE5C,GAAG,GAAG,OAAO,MAAM,EAAE,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACjE,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;gBAC9C,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM;oBAAE,SAAS;gBAClC,MAAM,YAAY,GAAG,IAAA,iCAAoB,EAAC,KAAK,CAAC,CAAC;gBACjD,MAAM,IAAI,GAAG,IAAA,wBAAiB,EAAC,IAAI,CAAC,CAAC;gBACrC,MAAM,EAAC,OAAO,EAAE,eAAe,EAAC,GAAG,MAAM,IAAA,gBAAS,EAAC,KAAK,EAAE,IAAI,EAAE;oBAC9D,MAAM,EAAE;wBACN,IAAA,4BAAe,EAAC,CAAC,CAAC,SAAS,CAAC;qBAC7B,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAa,CAAC,EAAE,yDAAyD;iBACtI,CAAC,CAAC;gBAEH,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,OAAO,EAAE,GAAyB;oBAC1C,GAAG,EAAE,OAAO,EAAE,GAAyB;oBACvC,UAAU,EAAE,CAAC,CAAC,EAAE;oBAChB,MAAM,EAAE,eAAe;oBACvB,OAAO;iBACR,CAAC;YACJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;gBAC9D,oBAAoB;YACtB,CAAC;QACH,CAAC;QAED,OAAO,EAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,EAAC,CAAC;IACjF,CAAC;IAED,8EAA8E;IAC9E,8CAA8C;IAC9C,8EAA8E;IAE9E,kEAAkE;IAClE,eAAe,CAAC,UAAkB,EAAE,IAAmB;QACrD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,EAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAC,CAAC,CAAC;IACnE,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,kBAAkB,CAAC,GAAsB;QAC7C,kBAAkB;QAClB,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;YAC3B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACvC,OAAO,GAAG,CAAC,IAAI,CAAC;QAClB,CAAC;QAED,uBAAuB;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC1E,OAAO,MAAM,CAAC,IAAI,CAAC;QACrB,CAAC;QAED,+BAA+B;QAC/B,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7D,IAAI,OAAO,EAAE,IAAI,EAAE,MAAM;gBAAE,OAAO,OAAO,CAAC;QAC5C,CAAC;QAED,8BAA8B;QAC9B,MAAM,MAAM,GAAG,IAAA,sBAAS,EAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,MAAM,yCAAyC,CAAC,CAAC;QAC3F,MAAM,GAAG,GAAG,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAClG,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YACtD,IAAI,QAAQ,EAAE,IAAI,EAAE,MAAM;gBAAE,OAAO,QAAQ,CAAC;QAC9C,CAAC;QAED,OAAO,MAAM,EAAE,IAAI,CAAC,CAAC,kDAAkD;IACzE,CAAC;IAED,8EAA8E;IAC9E,0CAA0C;IAC1C,8EAA8E;IAE9E,yEAAyE;IACzE,mBAAmB;QACjB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC;IACxC,CAAC;IAED,wEAAwE;IACxE,yBAAyB;QACvB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC7B,OAAO,EAAC,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAC,CAAC;IAC/G,CAAC;IAED,8EAA8E;IAC9E,uCAAuC;IACvC,8EAA8E;IAEtE,KAAK,CAAC,YAAY,CAAC,UAAkB,EAAE,GAAW;QACxD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAgB,GAAG,CAAC,CAAC;YACtD,IAAI,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;gBACvB,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACvC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,GAAW;QACtC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,SAAS,CAAU,GAAW;QAC1C,MAAM,GAAG,GAAG,OAAO,eAAe,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QACvF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QACzE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAC3B,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,EAAC,MAAM,EAAE,kBAAkB,EAAC;gBACrC,MAAM,EAAE,GAAG,EAAE,MAAM;aACpB,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;QACjC,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAEO,qBAAqB;QAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC1D,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,GAAG,MAAM,EAAE,CAAC;YAC3E,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,GAAsB;QACxC,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;YACpB,MAAM,EAAC,UAAU,EAAE,SAAS,EAAC,GAAG,qBAAM,CAAC,mBAAmB,CAAC,KAAK,EAAE,EAAC,aAAa,EAAE,IAAI,EAAC,CAAC,CAAC;YACzF,MAAM,GAAG,GAAG,qBAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,EAAC,MAAM,EAAE,KAAK,EAAC,CAAC,CAAC;YACpD,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,EAAC,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAC,CAAC,CAAC;YACtE,OAAO,EAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,EAAC,IAAI,EAAE,CAAC,SAAS,CAAC,EAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAC,CAAC;QAClF,CAAC;aAAM,CAAC;YACN,MAAM,EAAC,UAAU,EAAE,SAAS,EAAC,GAAG,qBAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,EAAC,UAAU,EAAE,OAAO,EAAC,CAAC,CAAC;YACxF,MAAM,GAAG,GAAG,qBAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,EAAC,MAAM,EAAE,KAAK,EAAC,CAAC,CAAC;YACpD,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,EAAC,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAC,CAAC,CAAC;YACrE,OAAO,EAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,EAAC,IAAI,EAAE,CAAC,SAAS,CAAC,EAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAC,CAAC;QAClF,CAAC;IACH,CAAC;CACF;AAvPD,kCAuPC","sourcesContent":["// auth/jwks/jwks.service.ts\nimport crypto from 'node:crypto';\nimport {jwtVerify, createLocalJWKSet, decodeProtectedHeader, JSONWebKeySet} from 'jose';\nimport {JwksServiceOptions, ProviderVerifyRef, VerifyResult} from './jwks.types';\nimport {normalizeIssuer, trimSlash, decodeJwtPayloadSafe} from './jwks.utils';\n\nexport class JwksService {\n private readonly opts: Required<JwksServiceOptions>;\n\n // Orchestrator signing material\n private orchestratorKey!: {\n kid: string;\n privateKey: crypto.KeyObject;\n publicJwk: JSONWebKeySet;\n createdAt: number;\n };\n\n // Provider JWKS cache (providerId -> jwks + fetchedAt)\n private providerJwks = new Map<string, { jwks: JSONWebKeySet; fetchedAt: number }>();\n\n constructor(opts?: JwksServiceOptions) {\n this.opts = {\n orchestratorAlg: opts?.orchestratorAlg ?? 'RS256',\n rotateDays: opts?.rotateDays ?? 30,\n providerJwksTtlMs: opts?.providerJwksTtlMs ?? 6 * 60 * 60 * 1000, // 6h\n networkTimeoutMs: opts?.networkTimeoutMs ?? 5000, // 5s\n };\n }\n\n // ===========================================================================\n // Public JWKS (what /.well-known/jwks.json serves)\n // ===========================================================================\n\n /** Gateway's public JWKS (publish at /.well-known/jwks.json when orchestrated). */\n getPublicJwks(): JSONWebKeySet {\n return this.getOrchestratorJwks();\n }\n\n // ===========================================================================\n // Scope-aware verification API\n // ===========================================================================\n\n /** Verify a token issued by the gateway itself (orchestrated mode). */\n async verifyGatewayToken(token: string, expectedIssuer: string): Promise<VerifyResult> {\n try {\n // TODO: add support for local/remote proxy mode\n // current implementation for anonymous mode only\n\n // const jwks = this.getPublicJwks();\n // const JWKS = createLocalJWKSet(jwks);\n // const {payload, protectedHeader} = await jwtVerify(token, JWKS, {\n // issuer: normalizeIssuer(expectedIssuer),\n // });\n // return {\n // ok: true,\n // issuer: payload?.iss as string | undefined,\n // sub: payload?.sub as string | undefined,\n // header: protectedHeader,\n // payload,\n // };\n\n const payload = decodeJwtPayloadSafe(token);\n if (!payload) {\n return {\n ok: false,\n error: 'invalid bearer token'\n }\n }\n return {\n ok: true,\n issuer: expectedIssuer,\n sub: payload['sub'] as string,\n payload,\n header: decodeProtectedHeader(token),\n }\n } catch (err: any) {\n return {ok: false, error: err?.message ?? 'verification_failed'};\n }\n }\n\n /**\n * Verify a token against candidate transparent providers.\n * Ensures JWKS are available (cached/TTL/AS discovery) per provider.\n */\n async verifyTransparentToken(token: string, candidates: ProviderVerifyRef[]): Promise<VerifyResult> {\n if (!candidates?.length) return {ok: false, error: 'no_providers'};\n\n // Helpful only for error messages\n let kid: string | undefined;\n try {\n const header = decodeProtectedHeader(token);\n\n kid = typeof header?.kid === 'string' ? header.kid : undefined;\n } catch {\n /* empty */\n }\n\n for (const p of candidates) {\n try {\n const jwks = await this.getJwksForProvider(p);\n if (!jwks?.keys?.length) continue;\n const draftPayload = decodeJwtPayloadSafe(token);\n const JWKS = createLocalJWKSet(jwks);\n const {payload, protectedHeader} = await jwtVerify(token, JWKS, {\n issuer: [\n normalizeIssuer(p.issuerUrl),\n ].concat((draftPayload?.['iss'] ? [draftPayload['iss']] : []) as string[]), // used because current cloud gateway have invalid issuer\n });\n\n return {\n ok: true,\n issuer: payload?.iss as string | undefined,\n sub: payload?.sub as string | undefined,\n providerId: p.id,\n header: protectedHeader,\n payload,\n };\n } catch (e) {\n console.log('failed to verify token for provider: ', p.id, e);\n // try next provider\n }\n }\n\n return {ok: false, error: `no_provider_verified${kid ? ` (kid=${kid})` : ''}`};\n }\n\n // ===========================================================================\n // Provider JWKS (cache + preload + discovery)\n // ===========================================================================\n\n /** Directly set provider JWKS (e.g., inline keys from config). */\n setProviderJwks(providerId: string, jwks: JSONWebKeySet) {\n this.providerJwks.set(providerId, {jwks, fetchedAt: Date.now()});\n }\n\n /**\n * Ensure JWKS for a provider:\n * 1) inline jwks (if provided) → cache & return\n * 2) cached & fresh (TTL) → return\n * 3) explicit jwksUri → fetch, cache, return\n * 4) discover jwks_uri via AS → fetch AS metadata, then jwks_uri, cache, return\n */\n async getJwksForProvider(ref: ProviderVerifyRef): Promise<JSONWebKeySet | undefined> {\n // Inline keys win\n if (ref.jwks?.keys?.length) {\n this.setProviderJwks(ref.id, ref.jwks);\n return ref.jwks;\n }\n\n // Cache hit and fresh?\n const cached = this.providerJwks.get(ref.id);\n if (cached && Date.now() - cached.fetchedAt < this.opts.providerJwksTtlMs) {\n return cached.jwks;\n }\n\n // If we have a jwksUri, try it\n if (ref.jwksUri) {\n const fromUri = await this.tryFetchJwks(ref.id, ref.jwksUri);\n if (fromUri?.keys?.length) return fromUri;\n }\n\n // Discover via AS .well-known\n const issuer = trimSlash(ref.issuerUrl);\n const meta = await this.tryFetchAsMeta(`${issuer}/.well-known/oauth-authorization-server`);\n const uri = meta && typeof meta === 'object' && meta.jwks_uri ? String(meta.jwks_uri) : undefined;\n if (uri) {\n const fromMeta = await this.tryFetchJwks(ref.id, uri);\n if (fromMeta?.keys?.length) return fromMeta;\n }\n\n return cached?.jwks; // return stale if we had anything, else undefined\n }\n\n // ===========================================================================\n // Orchestrator keys (generation/rotation)\n // ===========================================================================\n\n /** Return the orchestrator public JWKS (generates/rotates as needed). */\n getOrchestratorJwks(): JSONWebKeySet {\n this.ensureOrchestratorKey();\n return this.orchestratorKey.publicJwk;\n }\n\n /** Return private signing key + kid for issuing orchestrator tokens. */\n getOrchestratorSigningKey(): { kid: string; key: crypto.KeyObject; alg: string } {\n this.ensureOrchestratorKey();\n return {kid: this.orchestratorKey.kid, key: this.orchestratorKey.privateKey, alg: this.opts.orchestratorAlg};\n }\n\n // ===========================================================================\n // Internals (fetch, rotation, helpers)\n // ===========================================================================\n\n private async tryFetchJwks(providerId: string, uri: string): Promise<JSONWebKeySet | undefined> {\n try {\n const jwks = await this.fetchJson<JSONWebKeySet>(uri);\n if (jwks?.keys?.length) {\n this.setProviderJwks(providerId, jwks);\n return jwks;\n }\n } catch {\n /* empty */\n }\n return undefined;\n }\n\n private async tryFetchAsMeta(url: string): Promise<any | undefined> {\n try {\n return await this.fetchJson(url);\n } catch {\n return undefined;\n }\n }\n\n private async fetchJson<T = any>(url: string): Promise<T> {\n const ctl = typeof AbortController !== 'undefined' ? new AbortController() : undefined;\n const timer = setTimeout(() => ctl?.abort(), this.opts.networkTimeoutMs);\n try {\n const res = await fetch(url, {\n method: 'GET',\n headers: {accept: 'application/json'},\n signal: ctl?.signal,\n });\n if (!res.ok) throw new Error(`HTTP ${res.status}`);\n return (await res.json()) as T;\n } finally {\n clearTimeout(timer);\n }\n }\n\n private ensureOrchestratorKey() {\n const now = Date.now();\n const maxAge = this.opts.rotateDays * 24 * 60 * 60 * 1000;\n if (!this.orchestratorKey || now - this.orchestratorKey.createdAt > maxAge) {\n this.orchestratorKey = this.generateKey(this.opts.orchestratorAlg);\n }\n }\n\n private generateKey(alg: 'RS256' | 'ES256') {\n if (alg === 'RS256') {\n const {privateKey, publicKey} = crypto.generateKeyPairSync('rsa', {modulusLength: 2048});\n const kid = crypto.randomBytes(8).toString('hex');\n const publicJwk = publicKey.export({format: 'jwk'});\n Object.assign(publicJwk, {kid, alg: 'RS256', use: 'sig', kty: 'RSA'});\n return {kid, privateKey, publicJwk: {keys: [publicJwk]}, createdAt: Date.now()};\n } else {\n const {privateKey, publicKey} = crypto.generateKeyPairSync('ec', {namedCurve: 'P-256'});\n const kid = crypto.randomBytes(8).toString('hex');\n const publicJwk = publicKey.export({format: 'jwk'});\n Object.assign(publicJwk, {kid, alg: 'ES256', use: 'sig', kty: 'EC'});\n return {kid, privateKey, publicJwk: {keys: [publicJwk]}, createdAt: Date.now()};\n }\n }\n}\n"]}
|
|
@@ -7,6 +7,7 @@ export declare abstract class ScopeEntry extends BaseEntry<ScopeRecord, ScopeInt
|
|
|
7
7
|
abstract readonly entryPath: string;
|
|
8
8
|
abstract readonly routeBase: string;
|
|
9
9
|
abstract readonly logger: FrontMcpLogger;
|
|
10
|
+
get fullPath(): string;
|
|
10
11
|
abstract get auth(): FrontMcpAuth;
|
|
11
12
|
abstract get hooks(): HookRegistryInterface;
|
|
12
13
|
abstract get authProviders(): AuthRegistryInterface;
|
|
@@ -2,7 +2,13 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.ScopeEntry = void 0;
|
|
4
4
|
const base_entry_1 = require("./base.entry");
|
|
5
|
+
const path_utils_1 = require("../../auth/path.utils");
|
|
5
6
|
class ScopeEntry extends base_entry_1.BaseEntry {
|
|
7
|
+
get fullPath() {
|
|
8
|
+
const prefix = (0, path_utils_1.normalizeEntryPrefix)(this.entryPath ?? '');
|
|
9
|
+
const scope = (0, path_utils_1.normalizeScopeBase)(this.routeBase ?? '');
|
|
10
|
+
return `${prefix}${scope}`;
|
|
11
|
+
}
|
|
6
12
|
}
|
|
7
13
|
exports.ScopeEntry = ScopeEntry;
|
|
8
14
|
//# sourceMappingURL=scope.entry.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope.entry.js","sourceRoot":"","sources":["../../../../src/common/entries/scope.entry.ts"],"names":[],"mappings":";;;AAAA,6CAAuC;
|
|
1
|
+
{"version":3,"file":"scope.entry.js","sourceRoot":"","sources":["../../../../src/common/entries/scope.entry.ts"],"names":[],"mappings":";;;AAAA,6CAAuC;AAWvC,sDAA+E;AAE/E,MAAsB,UAAW,SAAQ,sBAAqD;IAM5F,IAAI,QAAQ;QACV,MAAM,MAAM,GAAG,IAAA,iCAAoB,EAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,IAAA,+BAAkB,EAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;QACvD,OAAO,GAAG,MAAM,GAAG,KAAK,EAAE,CAAC;IAC7B,CAAC;CAiBF;AA3BD,gCA2BC","sourcesContent":["import {BaseEntry} from './base.entry';\nimport {ScopeRecord} from '../records';\nimport {\n ScopeInterface,\n ProviderRegistryInterface,\n AppRegistryInterface,\n AuthRegistryInterface,\n FrontMcpAuth,\n Token, FlowInputOf, FlowOutputOf, Type, FlowType, FrontMcpLogger, ToolRegistryInterface, HookRegistryInterface,\n} from '../interfaces';\nimport {FlowName, ScopeMetadata} from '../metadata';\nimport {normalizeEntryPrefix, normalizeScopeBase} from \"../../auth/path.utils\";\n\nexport abstract class ScopeEntry extends BaseEntry<ScopeRecord, ScopeInterface, ScopeMetadata> {\n abstract readonly id: string;\n abstract readonly entryPath: string;\n abstract readonly routeBase: string;\n abstract readonly logger: FrontMcpLogger;\n\n get fullPath(): string {\n const prefix = normalizeEntryPrefix(this.entryPath ?? '');\n const scope = normalizeScopeBase(this.routeBase ?? '');\n return `${prefix}${scope}`;\n }\n\n abstract get auth(): FrontMcpAuth;\n\n abstract get hooks(): HookRegistryInterface;\n\n abstract get authProviders(): AuthRegistryInterface;\n\n abstract get providers(): ProviderRegistryInterface;\n\n abstract get apps(): AppRegistryInterface;\n\n abstract get tools(): ToolRegistryInterface;\n\n abstract registryFlows(...flows: FlowType[]): Promise<void>;\n\n abstract runFlow<Name extends FlowName>(name: Name, input: FlowInputOf<Name>, additionalDeps?: Map<Token, Type>): Promise<FlowOutputOf<Name> | undefined>;\n}\n"]}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { Type } from '../interfaces';
|
|
1
|
+
import { Token, Type } from '../interfaces';
|
|
2
2
|
import { AppScopeMetadata, MultiAppScopeMetadata } from '../metadata';
|
|
3
3
|
import { ScopeEntry } from '../entries';
|
|
4
4
|
export declare enum ScopeKind {
|
|
@@ -7,7 +7,7 @@ export declare enum ScopeKind {
|
|
|
7
7
|
}
|
|
8
8
|
export type SplitByAppScope = {
|
|
9
9
|
kind: ScopeKind.SPLIT_BY_APP;
|
|
10
|
-
provide:
|
|
10
|
+
provide: Token;
|
|
11
11
|
metadata: AppScopeMetadata;
|
|
12
12
|
};
|
|
13
13
|
export type MultiAppScope = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope.record.js","sourceRoot":"","sources":["../../../../src/common/records/scope.record.ts"],"names":[],"mappings":";;;AAIA,IAAY,SAGX;AAHD,WAAY,SAAS;IACnB,0CAA6B,CAAA;IAC7B,oCAAuB,CAAA;AACzB,CAAC,EAHW,SAAS,yBAAT,SAAS,QAGpB","sourcesContent":["import { Type
|
|
1
|
+
{"version":3,"file":"scope.record.js","sourceRoot":"","sources":["../../../../src/common/records/scope.record.ts"],"names":[],"mappings":";;;AAIA,IAAY,SAGX;AAHD,WAAY,SAAS;IACnB,0CAA6B,CAAA;IAC7B,oCAAuB,CAAA;AACzB,CAAC,EAHW,SAAS,yBAAT,SAAS,QAGpB","sourcesContent":["import {Token, Type} from '../interfaces';\nimport { AppScopeMetadata, MultiAppScopeMetadata } from '../metadata';\nimport { ScopeEntry } from '../entries';\n\nexport enum ScopeKind {\n SPLIT_BY_APP = 'SPLIT_BY_APP',\n MULTI_APP = 'MULTI_APP',\n}\n\nexport type SplitByAppScope = {\n kind: ScopeKind.SPLIT_BY_APP;\n provide: Token;\n metadata: AppScopeMetadata;\n};\n\nexport type MultiAppScope = {\n kind: ScopeKind.MULTI_APP;\n provide: Type<ScopeEntry>;\n metadata: MultiAppScopeMetadata;\n};\n\n\nexport type ScopeRecord =\n | SplitByAppScope\n | MultiAppScope\n"]}
|
|
@@ -24,7 +24,7 @@ class Scope extends common_1.ScopeEntry {
|
|
|
24
24
|
scopeTools;
|
|
25
25
|
transportService; // TODO: migrate transport service to transport.registry
|
|
26
26
|
entryPath;
|
|
27
|
-
routeBase
|
|
27
|
+
routeBase;
|
|
28
28
|
orchestrated = false;
|
|
29
29
|
server;
|
|
30
30
|
constructor(rec, globalProviders) {
|
|
@@ -34,6 +34,12 @@ class Scope extends common_1.ScopeEntry {
|
|
|
34
34
|
this.globalProviders = globalProviders;
|
|
35
35
|
this.server = this.globalProviders.get(common_1.FrontMcpServer);
|
|
36
36
|
this.entryPath = rec.metadata.http?.entryPath ?? '';
|
|
37
|
+
if (rec.kind === 'SPLIT_BY_APP') {
|
|
38
|
+
this.routeBase = `/${rec.metadata.id}`;
|
|
39
|
+
}
|
|
40
|
+
else {
|
|
41
|
+
this.routeBase = '';
|
|
42
|
+
}
|
|
37
43
|
this.scopeProviders = new provider_registry_1.default(this.defaultScopeProviders, globalProviders);
|
|
38
44
|
this.ready = this.initialize();
|
|
39
45
|
}
|
|
@@ -44,7 +50,7 @@ class Scope extends common_1.ScopeEntry {
|
|
|
44
50
|
this.scopeFlows = new flow_registry_1.default(this.scopeProviders, [http_request_flow_1.default]);
|
|
45
51
|
await this.scopeFlows.ready;
|
|
46
52
|
this.transportService = new transport_registry_1.TransportService(this);
|
|
47
|
-
this.scopeAuth = new auth_registry_1.AuthRegistry(this.scopeProviders, [], {
|
|
53
|
+
this.scopeAuth = new auth_registry_1.AuthRegistry(this, this.scopeProviders, [], {
|
|
48
54
|
kind: 'scope',
|
|
49
55
|
id: this.id,
|
|
50
56
|
ref: common_1.ScopeEntry,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope.instance.js","sourceRoot":"","sources":["../../../src/scope/scope.instance.ts"],"names":[],"mappings":";;;;AAAA,4BAA0B;AAC1B,sCAamB;AACnB,+EAA8C;AAC9C,8FAA6D;AAC7D,yDAAmD;AACnD,mFAAkD;AAClD,0FAAwD;AACxD,wEAAiE;AACjE,kFAAiD;AACjD,mFAAkD;AAGlD,MAAa,KAAM,SAAQ,mBAAU;IAC1B,EAAE,CAAS;IACH,eAAe,CAAmB;IAC1C,MAAM,CAAiB;IAEf,cAAc,CAAmB;IAC1C,SAAS,CAAe;IACxB,UAAU,CAAe;IACzB,SAAS,CAAc;IACvB,UAAU,CAAe;IACzB,UAAU,CAAe;IAEjC,gBAAgB,CAAmB,CAAC,wDAAwD;IACnF,SAAS,CAAS;IAClB,SAAS,
|
|
1
|
+
{"version":3,"file":"scope.instance.js","sourceRoot":"","sources":["../../../src/scope/scope.instance.ts"],"names":[],"mappings":";;;;AAAA,4BAA0B;AAC1B,sCAamB;AACnB,+EAA8C;AAC9C,8FAA6D;AAC7D,yDAAmD;AACnD,mFAAkD;AAClD,0FAAwD;AACxD,wEAAiE;AACjE,kFAAiD;AACjD,mFAAkD;AAGlD,MAAa,KAAM,SAAQ,mBAAU;IAC1B,EAAE,CAAS;IACH,eAAe,CAAmB;IAC1C,MAAM,CAAiB;IAEf,cAAc,CAAmB;IAC1C,SAAS,CAAe;IACxB,UAAU,CAAe;IACzB,SAAS,CAAc;IACvB,UAAU,CAAe;IACzB,UAAU,CAAe;IAEjC,gBAAgB,CAAmB,CAAC,wDAAwD;IACnF,SAAS,CAAS;IAClB,SAAS,CAAS;IAClB,YAAY,GAAY,KAAK,CAAC;IAE9B,MAAM,CAAiB;IAEhC,YAAY,GAAgB,EAAE,eAAiC;QAC7D,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,uBAAc,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAClF,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,uBAAc,CAAC,CAAC;QACvD,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,SAAS,IAAI,EAAE,CAAC;QAEpD,IAAG,GAAG,CAAC,IAAI,KAAK,cAAc,EAAC,CAAC;YAC9B,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAA;QACxC,CAAC;aAAK,CAAC;YACL,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QACtB,CAAC;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,2BAAgB,CAAC,IAAI,CAAC,qBAAqB,EAAE,eAAe,CAAC,CAAC;QACxF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC;IAES,KAAK,CAAC,UAAU;QACxB,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;QAEhC,IAAI,CAAC,UAAU,GAAG,IAAI,uBAAY,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAC5D,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAE5B,IAAI,CAAC,UAAU,GAAG,IAAI,uBAAY,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,2BAAe,CAAC,CAAC,CAAC;QAC3E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAE5B,IAAI,CAAC,gBAAgB,GAAG,IAAI,qCAAgB,CAAC,IAAI,CAAC,CAAC;QAEnD,IAAI,CAAC,SAAS,GAAG,IAAI,4BAAY,CAAC,IAAI,EAAE,IAAI,CAAC,cAAc,EAAE,EAAE,EAAE;YAC/D,IAAI,EAAE,OAAO;YACb,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,GAAG,EAAE,mBAAU;SAChB,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACvB,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAA;QAE1B,IAAI,CAAC,SAAS,GAAG,IAAI,sBAAW,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC1E,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QAE3B,IAAI,CAAC,UAAU,GAAG,IAAI,uBAAY,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,EAAE,EAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,KAAK,EAAC,CAAC,CAAC;QACtG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAG5B,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxB,gEAAgE;YAChE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oNAAoN,CAAC,CAAC;QACzO,CAAC;IACH,CAAC;IAED,IAAY,qBAAqB;QAC/B,OAAO,CAAC;gBACN,KAAK,EAAE,sBAAa,CAAC,MAAM;gBAC3B,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,mBAAU;gBACnB,QAAQ,EAAE,IAAI;aACf,EAAE;gBACD,KAAK,EAAE,sBAAa,CAAC,MAAM;gBAC3B,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,IAAI;aACf,EAAE;gBACD,KAAK,EAAE,sBAAa,CAAC,MAAM;gBAC3B,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,uBAAc;gBACvB,QAAQ,EAAE,IAAI,CAAC,MAAM;aACtB,EAAE;gBACD,KAAK,EAAE,sBAAa,CAAC,OAAO;gBAC5B,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,wBAAe;gBACxB,QAAQ,EAAE,wBAAe;aAC1B,CAAC,CAAC;IACL,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;IACrC,CAAC;IAED,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAGD,aAAa,CAAC,GAAG,KAAiB;QAChC,OAAO,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,CAAwB,IAAU,EAAE,KAAwB,EAAE,IAAuB;QAC1F,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAwB,IAAU,EAAE,KAAwB,EAAE,IAAuB;QACzG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAChE,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;CACF;AAtID,sBAsIC","sourcesContent":["import 'reflect-metadata';\nimport {\n FlowInputOf,\n FlowName, FlowOutputOf,\n FlowType,\n FrontMcpAuth,\n FrontMcpLogger,\n FrontMcpServer, HookRegistryInterface,\n ProviderScope,\n ScopeEntry,\n ScopeRecord,\n SessionProvider,\n Token,\n Type,\n} from '../common';\nimport AppRegistry from '../app/app.registry';\nimport ProviderRegistry from '../provider/provider.registry';\nimport {AuthRegistry} from '../auth/auth.registry';\nimport FlowRegistry from '../flows/flow.registry';\nimport HttpRequestFlow from './flows/http.request.flow';\nimport {TransportService} from '../transport/transport.registry';\nimport ToolRegistry from '../tool/tool.registry';\nimport HookRegistry from \"../hooks/hook.registry\";\n\n\nexport class Scope extends ScopeEntry {\n readonly id: string;\n private readonly globalProviders: ProviderRegistry;\n readonly logger: FrontMcpLogger;\n\n private readonly scopeProviders: ProviderRegistry;\n private scopeAuth: AuthRegistry;\n private scopeFlows: FlowRegistry;\n private scopeApps: AppRegistry;\n private scopeHooks: HookRegistry;\n private scopeTools: ToolRegistry;\n\n transportService: TransportService; // TODO: migrate transport service to transport.registry\n readonly entryPath: string;\n readonly routeBase: string;\n readonly orchestrated: boolean = false;\n\n readonly server: FrontMcpServer;\n\n constructor(rec: ScopeRecord, globalProviders: ProviderRegistry) {\n super(rec, rec.provide);\n this.id = rec.metadata.id;\n this.logger = globalProviders.get(FrontMcpLogger).child('FrontMcp.MultiAppScope');\n this.globalProviders = globalProviders;\n this.server = this.globalProviders.get(FrontMcpServer);\n this.entryPath = rec.metadata.http?.entryPath ?? '';\n\n if(rec.kind === 'SPLIT_BY_APP'){\n this.routeBase = `/${rec.metadata.id}`\n }else {\n this.routeBase = '';\n }\n\n this.scopeProviders = new ProviderRegistry(this.defaultScopeProviders, globalProviders);\n this.ready = this.initialize();\n }\n\n protected async initialize(): Promise<void> {\n await this.scopeProviders.ready;\n\n this.scopeHooks = new HookRegistry(this.scopeProviders, []);\n await this.scopeHooks.ready;\n\n this.scopeFlows = new FlowRegistry(this.scopeProviders, [HttpRequestFlow]);\n await this.scopeFlows.ready;\n\n this.transportService = new TransportService(this);\n\n this.scopeAuth = new AuthRegistry(this, this.scopeProviders, [], {\n kind: 'scope',\n id: this.id,\n ref: ScopeEntry,\n }, this.metadata.auth);\n await this.scopeAuth.ready\n\n this.scopeApps = new AppRegistry(this.scopeProviders, this.metadata.apps);\n await this.scopeApps.ready;\n\n this.scopeTools = new ToolRegistry(this.scopeProviders, [], {kind: 'scope', id: this.id, ref: Scope});\n await this.scopeTools.ready;\n\n\n await this.auth.ready;\n this.logger.info('Initializing multi-app scope', this.metadata);\n if (!this.metadata.auth) {\n // log large warning about using FrontMcp without authentication\n this.logger.warn(`\\n\\n*******************************\\n WARNING: FrontMcp is running without authentication. \\n This is a security risk and should only be used in development environments. \\n*******************************\\n\\n`);\n }\n }\n\n private get defaultScopeProviders() {\n return [{\n scope: ProviderScope.GLOBAL,\n name: 'ScopeEntry',\n provide: ScopeEntry,\n useValue: this,\n }, {\n scope: ProviderScope.GLOBAL,\n name: 'Scope',\n provide: Scope,\n useValue: this,\n }, {\n scope: ProviderScope.GLOBAL,\n name: 'FrontMcpLogger',\n provide: FrontMcpLogger,\n useValue: this.logger,\n }, {\n scope: ProviderScope.SESSION,\n name: 'SessionProvider',\n provide: SessionProvider,\n useClass: SessionProvider,\n }];\n }\n\n get auth(): FrontMcpAuth {\n return this.scopeAuth.getPrimary();\n }\n\n get hooks(): HookRegistryInterface {\n return this.scopeHooks;\n }\n\n get authProviders(): AuthRegistry {\n return this.scopeAuth;\n }\n\n get providers() {\n return this.scopeProviders;\n }\n\n get apps(): AppRegistry {\n return this.scopeApps;\n }\n\n get tools(): ToolRegistry {\n return this.scopeTools;\n }\n\n\n registryFlows(...flows: FlowType[]) {\n return this.scopeFlows.registryFlows(flows);\n }\n\n runFlow<Name extends FlowName>(name: Name, input: FlowInputOf<Name>, deps?: Map<Token, Type>): Promise<FlowOutputOf<Name> | undefined> {\n return this.scopeFlows.runFlow(name, input, deps);\n }\n\n async runFlowForOutput<Name extends FlowName>(name: Name, input: FlowInputOf<Name>, deps?: Map<Token, Type>): Promise<FlowOutputOf<Name>> {\n const result = await this.scopeFlows.runFlow(name, input, deps);\n if (result) {\n return result;\n }\n throw new Error(`flow exist without output`);\n }\n}\n"]}
|
|
@@ -8,6 +8,7 @@ const front_mcp_tokens_1 = require("../front-mcp/front-mcp.tokens");
|
|
|
8
8
|
const app_utils_1 = require("../app/app.utils");
|
|
9
9
|
const scope_utils_1 = require("./scope.utils");
|
|
10
10
|
const token_utils_1 = require("../utils/token.utils");
|
|
11
|
+
const scope_instance_1 = require("./scope.instance");
|
|
11
12
|
class ScopeRegistry extends regsitry_1.RegistryAbstract {
|
|
12
13
|
constructor(globalProviders) {
|
|
13
14
|
const metadata = globalProviders.get(front_mcp_tokens_1.FrontMcpConfig);
|
|
@@ -76,7 +77,7 @@ class ScopeRegistry extends regsitry_1.RegistryAbstract {
|
|
|
76
77
|
let scope;
|
|
77
78
|
switch (rec.kind) {
|
|
78
79
|
case common_1.ScopeKind.SPLIT_BY_APP:
|
|
79
|
-
scope = new
|
|
80
|
+
scope = new scope_instance_1.Scope(rec, this.providers);
|
|
80
81
|
break;
|
|
81
82
|
case common_1.ScopeKind.MULTI_APP:
|
|
82
83
|
scope = new rec.provide(rec, this.providers);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope.registry.js","sourceRoot":"","sources":["../../../src/scope/scope.registry.ts"],"names":[],"mappings":";;;AAAA,4BAA0B;AAC1B,sCAOmB;AACnB,0CAAqE;AAErE,oEAA6D;AAC7D,gDAA8C;AAC9C,+CAA4F;AAC5F,sDAA+C;
|
|
1
|
+
{"version":3,"file":"scope.registry.js","sourceRoot":"","sources":["../../../src/scope/scope.registry.ts"],"names":[],"mappings":";;;AAAA,4BAA0B;AAC1B,sCAOmB;AACnB,0CAAqE;AAErE,oEAA6D;AAC7D,gDAA8C;AAC9C,+CAA4F;AAC5F,sDAA+C;AAC/C,qDAAuC;AAEvC,MAAa,aAAc,SAAQ,2BAA6D;IAE9F,YAAY,eAAiC;QAC3C,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,iCAAc,CAAC,CAAC;QACrD,KAAK,CAAC,eAAe,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;IACpD,CAAC;IAEkB,QAAQ,CAAC,QAA4B;QACtD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAS,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAsB,CAAC;QAC3C,MAAM,KAAK,GAAG,IAAI,GAAG,EAAqB,CAAC;QAE3C,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAChC,MAAM,GAAG,GAAG,IAAA,+BAAiB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gBAC7C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;gBAC5B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBACvB,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,eAAe,GAAc,EAAE,CAAC;YAEtC,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAChC,MAAM,GAAG,GAAG,IAAA,wBAAY,EAAC,GAAG,CAAC,CAAC;gBAC9B,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC;gBACjC,IAAI,WAAW,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;oBACrC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC1B,kCAAkC;oBAClC,SAAS;gBACX,CAAC;gBAED,IAAI,WAAW,CAAC,UAAU,KAAK,iBAAiB,EAAE,CAAC;oBACjD,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC1B,4EAA4E;gBAC9E,CAAC;gBAED,MAAM,WAAW,GAAG,IAAA,+BAAiB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gBACrD,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC;gBACpC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;gBAC/B,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;YAChC,CAAC;YAED,MAAM,GAAG,GAAG,IAAA,oCAAsB,EAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;YAC9D,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;YAC5B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACpB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvB,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;QAChC,CAAC;QAED,OAAO;YACL,MAAM;YACN,IAAI;YACJ,KAAK;SACN,CAAC;IACJ,CAAC;IAEkB,UAAU;QAC3B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC;YAClC,MAAM,IAAI,GAAG,IAAA,gCAAkB,EAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAE9C,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC3B,MAAM,IAAI,KAAK,CAAC,WAAW,IAAA,uBAAS,EAAC,KAAK,CAAC,eAAe,IAAA,uBAAS,EAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC;gBACtG,CAAC;gBACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IAES,KAAK,CAAC,UAAU;QAExB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC;YAElC,IAAI,KAAiB,CAAC;YACtB,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;gBACjB,KAAK,kBAAS,CAAC,YAAY;oBACzB,KAAK,GAAG,IAAI,sBAAK,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;oBACvC,MAAM;gBACR,KAAK,kBAAS,CAAC,SAAS;oBACtB,KAAK,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;oBAC7C,MAAM;gBACR;oBACE,MAAM,IAAI,KAAK,CAAC,sBAAsB,GAAG,EAAE,CAAC,CAAC;YACjD,CAAC;YAED,MAAM,KAAK,CAAC,KAAK,CAAC;YAClB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CAEF;AA9FD,sCA8FC","sourcesContent":["import 'reflect-metadata';\nimport {\n AppType,\n FrontMcpConfigType,\n ScopeEntry,\n ScopeRecord,\n ScopeKind,\n Token,\n} from '../common';\nimport {RegistryAbstract, RegistryBuildMapResult} from '../regsitry';\nimport ProviderRegistry from '../provider/provider.registry';\nimport {FrontMcpConfig} from '../front-mcp/front-mcp.tokens';\nimport {normalizeApp} from '../app/app.utils';\nimport {normalizeAppScope, normalizeMultiAppScope, scopeDiscoveryDeps} from './scope.utils';\nimport {tokenName} from '../utils/token.utils';\nimport {Scope} from \"./scope.instance\";\n\nexport class ScopeRegistry extends RegistryAbstract<ScopeEntry, ScopeRecord, FrontMcpConfigType> {\n\n constructor(globalProviders: ProviderRegistry) {\n const metadata = globalProviders.get(FrontMcpConfig);\n super('ScopeRegistry', globalProviders, metadata);\n }\n\n protected override buildMap(metadata: FrontMcpConfigType): RegistryBuildMapResult<ScopeRecord> {\n const tokens = new Set<Token>();\n const defs = new Map<Token, ScopeRecord>();\n const graph = new Map<Token, Set<Token>>();\n\n if (metadata.splitByApp) {\n for (const raw of metadata.apps) {\n const rec = normalizeAppScope(raw, metadata);\n const provide = rec.provide;\n tokens.add(provide);\n defs.set(provide, rec);\n graph.set(provide, new Set());\n }\n } else {\n const includeInParent: AppType[] = [];\n\n for (const raw of metadata.apps) {\n const app = normalizeApp(raw);\n const appMetadata = app.metadata;\n if (appMetadata.standalone === false) {\n includeInParent.push(raw);\n // default include in parent scope\n continue;\n }\n\n if (appMetadata.standalone === 'includeInParent') {\n includeInParent.push(raw);\n // include in the parent scope and continue to create a standalone app scope\n }\n\n const appScopeRec = normalizeAppScope(raw, metadata);\n const provide = appScopeRec.provide;\n tokens.add(provide);\n defs.set(provide, appScopeRec);\n graph.set(provide, new Set());\n }\n\n const rec = normalizeMultiAppScope(includeInParent, metadata);\n const provide = rec.provide;\n tokens.add(provide);\n defs.set(provide, rec);\n graph.set(provide, new Set());\n }\n\n return {\n tokens,\n defs,\n graph,\n };\n }\n\n protected override buildGraph() {\n for (const token of this.tokens) {\n const rec = this.defs.get(token)!;\n const deps = scopeDiscoveryDeps(rec).slice(1);\n\n for (const d of deps) {\n if (!this.providers.get(d)) {\n throw new Error(`Adapter ${tokenName(token)} depends on ${tokenName(d)}, which is not registered.`);\n }\n this.graph.get(token)!.add(d);\n }\n }\n }\n\n protected async initialize() {\n\n for (const token of this.tokens) {\n const rec = this.defs.get(token)!;\n\n let scope: ScopeEntry;\n switch (rec.kind) {\n case ScopeKind.SPLIT_BY_APP:\n scope = new Scope(rec, this.providers);\n break;\n case ScopeKind.MULTI_APP:\n scope = new rec.provide(rec, this.providers);\n break;\n default:\n throw new Error(`Invalid scope kind ${rec}`);\n }\n\n await scope.ready;\n this.instances.set(token, scope);\n }\n }\n\n}\n"]}
|
package/src/scope/scope.utils.js
CHANGED
|
@@ -23,14 +23,16 @@ function normalizeAppScope(appItem, metadata) {
|
|
|
23
23
|
if (metadata.splitByApp === true && appMetadata.standalone === 'includeInParent') {
|
|
24
24
|
throw new Error('standalone: includeInParent is not supported for splitByApp scope');
|
|
25
25
|
}
|
|
26
|
+
const scopeId = appMetadata.id ?? appMetadata.name;
|
|
27
|
+
const token = Symbol(scopeId);
|
|
26
28
|
return {
|
|
27
29
|
kind: common_1.ScopeKind.SPLIT_BY_APP,
|
|
28
|
-
provide:
|
|
30
|
+
provide: token,
|
|
29
31
|
metadata: {
|
|
30
32
|
...metadata,
|
|
31
|
-
id:
|
|
33
|
+
id: scopeId,
|
|
32
34
|
apps: [appItem],
|
|
33
|
-
auth: appMetadata.auth
|
|
35
|
+
auth: appMetadata.auth,
|
|
34
36
|
},
|
|
35
37
|
};
|
|
36
38
|
}
|
|
@@ -53,7 +55,7 @@ function scopeDiscoveryDeps(rec) {
|
|
|
53
55
|
case common_1.ScopeKind.MULTI_APP:
|
|
54
56
|
return (0, token_utils_1.depsOfClass)(rec.provide, 'discovery').slice(1);
|
|
55
57
|
case common_1.ScopeKind.SPLIT_BY_APP:
|
|
56
|
-
return
|
|
58
|
+
return []; // no deps for splitByApp scope;
|
|
57
59
|
}
|
|
58
60
|
}
|
|
59
61
|
//# sourceMappingURL=scope.utils.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope.utils.js","sourceRoot":"","sources":["../../../src/scope/scope.utils.ts"],"names":[],"mappings":";;AAqBA,
|
|
1
|
+
{"version":3,"file":"scope.utils.js","sourceRoot":"","sources":["../../../src/scope/scope.utils.ts"],"names":[],"mappings":";;AAqBA,8CAuBC;AAED,wDAUC;AAKD,gDAOC;AApED,sCASmB;AACnB,gDAA8C;AAC9C,sDAAiD;AACjD,qDAAuC;AAEvC;;;;;GAKG;AAEH,SAAgB,iBAAiB,CAAC,OAAgB,EAAE,QAA2D;IAC7G,MAAM,GAAG,GAAG,IAAA,wBAAY,EAAC,OAAO,CAAC,CAAC;IAClC,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC;IAEjC;;OAEG;IACH,4CAA4C;IAC5C,IAAI,QAAQ,CAAC,UAAU,KAAK,IAAI,IAAI,WAAW,CAAC,UAAU,KAAK,iBAAiB,EAAE,CAAC;QACjF,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;IACD,MAAM,OAAO,GAAG,WAAW,CAAC,EAAE,IAAI,WAAW,CAAC,IAAI,CAAA;IAClD,MAAM,KAAK,GAAkB,MAAM,CAAC,OAAO,CAAC,CAAA;IAC5C,OAAO;QACL,IAAI,EAAE,kBAAS,CAAC,YAAY;QAC5B,OAAO,EAAE,KAAK;QACd,QAAQ,EAAE;YACR,GAAG,QAAQ;YACX,EAAE,EAAC,OAAO;YACV,IAAI,EAAE,CAAC,OAAO,CAAC;YACf,IAAI,EAAE,WAAW,CAAC,IAAI;SACH;KACtB,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CAAC,YAAuB,EAAE,QAAgC;IAC9F,OAAO;QACL,IAAI,EAAE,kBAAS,CAAC,SAAS;QACzB,OAAO,EAAE,sBAAK;QACd,QAAQ,EAAE;YACR,GAAG,QAAQ;YACX,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,YAAY;SACM;KAC3B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,GAAgB;IACjD,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,kBAAS,CAAC,SAAS;YACtB,OAAO,IAAA,yBAAW,EAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACxD,KAAK,kBAAS,CAAC,YAAY;YACzB,OAAO,EAAE,CAAA,CAAC,gCAAgC;IAC9C,CAAC;AACH,CAAC","sourcesContent":["import {\n AppScopeMetadata,\n AppType,\n FrontMcpMultiAppConfig,\n FrontMcpSplitByAppConfig,\n MultiAppScopeMetadata,\n Token,\n ScopeRecord,\n ScopeKind,\n} from '../common';\nimport {normalizeApp} from '../app/app.utils';\nimport {depsOfClass} from '../utils/token.utils';\nimport {Scope} from './scope.instance';\n\n/**\n * Normalize a raw scope metadata list into useful maps/sets.\n * - tokens: all provided tokens\n * - defs: AdapterRecord by token\n * - graph: initialized adjacency map (empty sets)\n */\n\nexport function normalizeAppScope(appItem: AppType, metadata: FrontMcpMultiAppConfig | FrontMcpSplitByAppConfig): ScopeRecord {\n const app = normalizeApp(appItem);\n const appMetadata = app.metadata;\n\n /**\n * Explicitly check for true for splitByApp scope.\n */\n // noinspection PointlessBooleanExpressionJS\n if (metadata.splitByApp === true && appMetadata.standalone === 'includeInParent') {\n throw new Error('standalone: includeInParent is not supported for splitByApp scope');\n }\n const scopeId = appMetadata.id ?? appMetadata.name\n const token:Token<AppType> = Symbol(scopeId)\n return {\n kind: ScopeKind.SPLIT_BY_APP,\n provide: token,\n metadata: {\n ...metadata,\n id:scopeId,\n apps: [appItem],\n auth: appMetadata.auth,\n } as AppScopeMetadata,\n };\n}\n\nexport function normalizeMultiAppScope(includedApps: AppType[], metadata: FrontMcpMultiAppConfig): ScopeRecord {\n return {\n kind: ScopeKind.MULTI_APP,\n provide: Scope,\n metadata: {\n ...metadata,\n id: 'root',\n apps: includedApps,\n } as MultiAppScopeMetadata,\n };\n}\n\n/**\n * For graph/cycle detection. Returns dependency tokens that should be graphed.\n */\nexport function scopeDiscoveryDeps(rec: ScopeRecord): Token[] {\n switch (rec.kind) {\n case ScopeKind.MULTI_APP:\n return depsOfClass(rec.provide, 'discovery').slice(1);\n case ScopeKind.SPLIT_BY_APP:\n return [] // no deps for splitByApp scope;\n }\n}"]}
|
|
@@ -10,7 +10,8 @@ class TransportSSEAdapter extends transport_local_adapter_1.LocalTransportAdapte
|
|
|
10
10
|
createTransport(sessionId, res) {
|
|
11
11
|
this.sessionId = sessionId;
|
|
12
12
|
this.logger.info(`new transport session: ${sessionId.slice(0, 40)}`);
|
|
13
|
-
const
|
|
13
|
+
const scopePath = this.scope.fullPath;
|
|
14
|
+
const transport = new legacy_sse_tranporter_1.SSEServerTransport(`${scopePath}/message`, res, {
|
|
14
15
|
sessionId: sessionId,
|
|
15
16
|
});
|
|
16
17
|
transport.onerror = (error) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"transport.sse.adapter.js","sourceRoot":"","sources":["../../../../src/transport/adapters/transport.sse.adapter.ts"],"names":[],"mappings":";;;AAEA,2EAAqE;AACrE,uEAAkE;AAGlE,wDAAgD;AAChD,2DAAqD;AAGrD,MAAa,mBAAoB,SAAQ,+CAAyC;IAChF,SAAS,CAAS;IAET,eAAe,CAAC,SAAiB,EAAE,GAAmB;QAC7D,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,0CAAkB,CAAC,UAAU,EAAE,GAAG,EAAE;
|
|
1
|
+
{"version":3,"file":"transport.sse.adapter.js","sourceRoot":"","sources":["../../../../src/transport/adapters/transport.sse.adapter.ts"],"names":[],"mappings":";;;AAEA,2EAAqE;AACrE,uEAAkE;AAGlE,wDAAgD;AAChD,2DAAqD;AAGrD,MAAa,mBAAoB,SAAQ,+CAAyC;IAChF,SAAS,CAAS;IAET,eAAe,CAAC,SAAiB,EAAE,GAAmB;QAC7D,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QACtC,MAAM,SAAS,GAAG,IAAI,0CAAkB,CAAC,GAAG,SAAS,UAAU,EAAE,GAAG,EAAE;YACpE,SAAS,EAAE,SAAS;SACrB,CAAC,CAAC;QACH,SAAS,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;YAC5B,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC,CAAC;QACF,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,UAAU,CAAC,GAA+B,EAAE,GAAmB;QAC7D,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,6BAA6B,CAAC,CAAC;QACrE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC/B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAA+B,EAAE,GAAmB;QAEtE,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAEhD,IAAI,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,sBAAsB,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,sBAAsB,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,uBAAuB,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,gBAA2B,EAC3B,OAAe,EACf,eAAkB;QAGlB,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACvD,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CACvB,IAAA,4BAAU,EAAC,IAAI,CAAC,YAAY,EAAE,oBAAoB,EAAE;YAClD,OAAO;YACP,eAAe,EAAE,IAAA,oCAAe,EAAC,eAAe,CAAC;SAClD,CAAC,CACH,CAAC;QAEF,OAAO,IAAI,OAAO,CAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3D,IAAI,CAAC,aAAa,GAAG;gBACnB,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE;oBAClB,OAAO,CAAC,MAA8B,CAAC,CAAC;oBACxC,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;gBACD,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;oBACd,MAAM,CAAC,GAAG,CAAC,CAAC;oBACZ,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;aACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAnED,kDAmEC","sourcesContent":["import { AuthenticatedServerRequest } from '../../server/server.types';\nimport { TypedElicitResult } from '../transport.types';\nimport { SSEServerTransport } from '../legacy/legacy.sse.tranporter';\nimport { LocalTransportAdapter } from './transport.local.adapter';\nimport { RequestId } from '@modelcontextprotocol/sdk/types.js';\nimport { ZodObject } from 'node_modules/zod/v3/types.cjs';\nimport { rpcRequest } from '../transport.error';\nimport { zodToJsonSchema } from 'zod-to-json-schema';\nimport { ServerResponse } from '../../common';\n\nexport class TransportSSEAdapter extends LocalTransportAdapter<SSEServerTransport> {\n sessionId: string;\n\n override createTransport(sessionId: string, res: ServerResponse): SSEServerTransport {\n this.sessionId = sessionId;\n this.logger.info(`new transport session: ${sessionId.slice(0, 40)}`);\n const scopePath = this.scope.fullPath;\n const transport = new SSEServerTransport(`${scopePath}/message`, res, {\n sessionId: sessionId,\n });\n transport.onerror = (error) => {\n console.error('SSE error:', error);\n };\n transport.onclose = this.destroy.bind(this);\n return transport;\n }\n\n initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n this.logger.verbose(`[${this.sessionId}] handle initialize request`);\n this.ensureAuthInfo(req, this);\n return Promise.resolve();\n }\n\n async handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n\n const authInfo = this.ensureAuthInfo(req, this);\n\n if (this.handleIfElicitResult(req)) {\n this.logger.verbose(`[${this.sessionId}] handle get request`);\n return;\n }\n if (req.method === 'GET') {\n this.logger.verbose(`[${this.sessionId}] handle get request`);\n return this.transport.handleMessage(req.body, { requestInfo: req, authInfo });\n } else {\n this.logger.verbose(`[${this.sessionId}] handle post request`);\n return this.transport.handlePostMessage(req, res, req.body);\n }\n }\n\n async sendElicitRequest<T extends ZodObject<any>>(\n relatedRequestId: RequestId,\n message: string,\n requestedSchema: T,\n ): Promise<TypedElicitResult<T>> {\n\n console.log('sendElicitRequest', { relatedRequestId });\n await this.transport.send(\n rpcRequest(this.newRequestId, 'elicitation/create', {\n message,\n requestedSchema: zodToJsonSchema(requestedSchema),\n }),\n );\n\n return new Promise<TypedElicitResult<T>>((resolve, reject) => {\n this.elicitHandler = {\n resolve: (result) => {\n resolve(result as TypedElicitResult<T>);\n this.elicitHandler = undefined;\n },\n reject: (err) => {\n reject(err);\n this.elicitHandler = undefined;\n },\n };\n });\n }\n}\n"]}
|