npm - @hapticpaper/mcp-server - Versions diffs - 1.0.22 → 1.0.24 - Mend

@hapticpaper/mcp-server 1.0.22 → 1.0.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -310,43 +310,52 @@ ${widgetJs}
             verifyAccessToken: async (token) => {
                 const publicKey = process.env.JWT_PUBLIC_KEY ? process.env.JWT_PUBLIC_KEY.replace(/\\n/g, '\n') : undefined;
                 const secret = process.env.JWT_SECRET;
-                let decoded;
-                if (publicKey) {
-                    try {
-                        decoded = jwt.verify(token, publicKey, { algorithms: ['ES256'] });
-                    }
-                    catch (e) {
-                        // If ES256 fails, and we have a secret, try HS256 (migration path)
-                        if (secret && e.message === 'invalid signature') {
-                            decoded = jwt.verify(token, secret, { algorithms: ['HS256'] });
+                // Debug log (redacted)
+                console.error(`[MCP-Auth-Debug] Verifying token. HasPublicKey=${!!publicKey}, HasSecret=${!!secret}`);
+                try {
+                    let decoded;
+                    if (publicKey) {
+                        try {
+                            decoded = jwt.verify(token, publicKey, { algorithms: ['ES256'] });
                         }
-                        else {
-                            throw e;
+                        catch (e) {
+                            // If ES256 fails, and we have a secret, try HS256 (migration path)
+                            if (secret && e.message === 'invalid signature') {
+                                decoded = jwt.verify(token, secret, { algorithms: ['HS256'] });
+                            }
+                            else {
+                                throw e;
+                            }
                         }
                     }
+                    else if (secret) {
+                        decoded = jwt.verify(token, secret, { algorithms: ['HS256'] });
+                    }
+                    else {
+                        console.error('[MCP-Auth-Error] No keys configured');
+                        throw new Error('Server misconfigured: Neither JWT_PUBLIC_KEY nor JWT_SECRET is set');
+                    }
+                    if (!decoded || typeof decoded !== 'object') {
+                        throw new Error('Invalid token');
+                    }
+                    const scopeStr = typeof decoded.scope === 'string' ? decoded.scope : '';
+                    const permissions = Array.isArray(decoded.permissions) ? decoded.permissions : [];
+                    const scopes = [
+                        ...scopeStr.split(/\s+/).map((s) => s.trim()).filter(Boolean),
+                        ...permissions.map((s) => (typeof s === 'string' ? s.trim() : '')).filter(Boolean),
+                    ];
+                    const exp = decoded.exp;
+                    return {
+                        token,
+                        clientId: decoded.client_id || 'unknown',
+                        scopes: Array.from(new Set(scopes)),
+                        expiresAt: typeof exp === 'number' ? exp : Math.floor(Date.now() / 1000) + 3600,
+                    };
                 }
-                else if (secret) {
-                    decoded = jwt.verify(token, secret, { algorithms: ['HS256'] });
-                }
-                else {
-                    throw new Error('Server misconfigured: Neither JWT_PUBLIC_KEY nor JWT_SECRET is set');
-                }
-                if (!decoded || typeof decoded !== 'object') {
-                    throw new Error('Invalid token');
+                catch (err) {
+                    console.error('[MCP-Auth-Error] Token verification failed:', err.message, err.stack);
+                    throw err;
                 }
-                const scopeStr = typeof decoded.scope === 'string' ? decoded.scope : '';
-                const permissions = Array.isArray(decoded.permissions) ? decoded.permissions : [];
-                const scopes = [
-                    ...scopeStr.split(/\s+/).map((s) => s.trim()).filter(Boolean),
-                    ...permissions.map((s) => (typeof s === 'string' ? s.trim() : '')).filter(Boolean),
-                ];
-                const exp = decoded.exp;
-                return {
-                    token,
-                    clientId: decoded.client_id || 'unknown',
-                    scopes: Array.from(new Set(scopes)),
-                    expiresAt: typeof exp === 'number' ? exp : Math.floor(Date.now() / 1000) + 3600,
-                };
             },
         };
         const authMiddleware = requireBearerAuth({

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@hapticpaper/mcp-server",
   "mcpName": "com.hapticpaper/mcp",
-  "version": "1.0.22",
+  "version": "1.0.24",
   "description": "Official MCP Server for Haptic Paper - Connect your account to create human tasks from agentic pipelines.",
   "type": "module",
   "main": "dist/index.js",

package/server.json CHANGED Viewed

@@ -25,7 +25,7 @@
     "subfolder": "packages/mcp-server"
   },
   "websiteUrl": "https://hapticpaper.com/developer",
-  "version": "1.0.22",
+  "version": "1.0.24",
   "remotes": [
     {
       "type": "streamable-http",
@@ -37,7 +37,7 @@
       "registryType": "npm",
       "registryBaseUrl": "https://registry.npmjs.org",
       "identifier": "@hapticpaper/mcp-server",
-      "version": "1.0.22",
+      "version": "1.0.24",
       "transport": {
         "type": "stdio"
       },