@hapticpaper/mcp-server 1.0.32 → 1.0.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +6 -29
- package/package.json +1 -1
- package/server.json +2 -2
package/dist/index.js
CHANGED
|
@@ -308,36 +308,13 @@ ${widgetJs}
|
|
|
308
308
|
}
|
|
309
309
|
const tokenVerifier = {
|
|
310
310
|
verifyAccessToken: async (token) => {
|
|
311
|
-
const publicKey = process.env.JWT_PUBLIC_KEY ? process.env.JWT_PUBLIC_KEY.replace(/\\n/g, '\n') : undefined;
|
|
312
|
-
const secret = process.env.JWT_SECRET;
|
|
313
|
-
// Debug log (redacted)
|
|
314
|
-
console.error(`[MCP-Auth-Debug] Verifying token. HasPublicKey=${!!publicKey}, HasSecret=${!!secret}`);
|
|
315
311
|
try {
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
}
|
|
321
|
-
catch (e) {
|
|
322
|
-
// If ES256 fails, and we have a secret, try HS256 (migration path)
|
|
323
|
-
// We catch 'invalid signature' (wrong key) AND 'invalid algorithm' (token is HS256 but we asked for ES256)
|
|
324
|
-
if (secret && (e.message === 'invalid signature' || e.message.includes('invalid algorithm'))) {
|
|
325
|
-
decoded = jwt.verify(token, secret, { algorithms: ['HS256'] });
|
|
326
|
-
}
|
|
327
|
-
else {
|
|
328
|
-
throw e;
|
|
329
|
-
}
|
|
330
|
-
}
|
|
331
|
-
}
|
|
332
|
-
else if (secret) {
|
|
333
|
-
decoded = jwt.verify(token, secret, { algorithms: ['HS256'] });
|
|
334
|
-
}
|
|
335
|
-
else {
|
|
336
|
-
console.error('[MCP-Auth-Error] No keys configured');
|
|
337
|
-
throw new Error('Server misconfigured: Neither JWT_PUBLIC_KEY nor JWT_SECRET is set');
|
|
338
|
-
}
|
|
312
|
+
// MCP server is just a thin proxy - decode the token without verifying signature.
|
|
313
|
+
// The backend will do full verification when we forward the token.
|
|
314
|
+
// This avoids duplicating verification logic and makes debugging easier.
|
|
315
|
+
const decoded = jwt.decode(token);
|
|
339
316
|
if (!decoded || typeof decoded !== 'object') {
|
|
340
|
-
throw new Error('Invalid token');
|
|
317
|
+
throw new Error('Invalid token format');
|
|
341
318
|
}
|
|
342
319
|
const scopeStr = typeof decoded.scope === 'string' ? decoded.scope : '';
|
|
343
320
|
const permissions = Array.isArray(decoded.permissions) ? decoded.permissions : [];
|
|
@@ -354,7 +331,7 @@ ${widgetJs}
|
|
|
354
331
|
};
|
|
355
332
|
}
|
|
356
333
|
catch (err) {
|
|
357
|
-
console.error('[MCP-Auth-Error] Token
|
|
334
|
+
console.error('[MCP-Auth-Error] Token decode failed:', err.message);
|
|
358
335
|
throw err;
|
|
359
336
|
}
|
|
360
337
|
},
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hapticpaper/mcp-server",
|
|
3
3
|
"mcpName": "com.hapticpaper/mcp",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.34",
|
|
5
5
|
"description": "Official MCP Server for Haptic Paper - Connect your account to create human tasks from agentic pipelines.",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"main": "dist/index.js",
|
package/server.json
CHANGED
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
"subfolder": "packages/mcp-server"
|
|
26
26
|
},
|
|
27
27
|
"websiteUrl": "https://hapticpaper.com/developer",
|
|
28
|
-
"version": "1.0.
|
|
28
|
+
"version": "1.0.34",
|
|
29
29
|
"remotes": [
|
|
30
30
|
{
|
|
31
31
|
"type": "streamable-http",
|
|
@@ -37,7 +37,7 @@
|
|
|
37
37
|
"registryType": "npm",
|
|
38
38
|
"registryBaseUrl": "https://registry.npmjs.org",
|
|
39
39
|
"identifier": "@hapticpaper/mcp-server",
|
|
40
|
-
"version": "1.0.
|
|
40
|
+
"version": "1.0.34",
|
|
41
41
|
"transport": {
|
|
42
42
|
"type": "stdio"
|
|
43
43
|
},
|