@hapticpaper/mcp-server 1.0.33 → 1.0.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/hapticPaperClient.js +14 -3
- package/dist/index.js +10 -29
- package/package.json +1 -1
- package/server.json +2 -2
|
@@ -13,10 +13,21 @@ export class HapticPaperClient {
|
|
|
13
13
|
this.tokenProvider = config.tokenProvider;
|
|
14
14
|
// Request interceptor to add auth token
|
|
15
15
|
this.client.interceptors.request.use(async (config) => {
|
|
16
|
+
console.error('[HapticPaperClient] Request interceptor called for:', config.url);
|
|
16
17
|
if (this.tokenProvider) {
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
18
|
+
try {
|
|
19
|
+
const token = await this.tokenProvider();
|
|
20
|
+
if (token) {
|
|
21
|
+
config.headers.Authorization = `Bearer ${token}`;
|
|
22
|
+
console.error('[HapticPaperClient] Token added to request');
|
|
23
|
+
}
|
|
24
|
+
else {
|
|
25
|
+
console.error('[HapticPaperClient] Token provider returned empty token');
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
catch (err) {
|
|
29
|
+
console.error('[HapticPaperClient] Token provider failed:', err.message, err.stack);
|
|
30
|
+
throw err;
|
|
20
31
|
}
|
|
21
32
|
}
|
|
22
33
|
return config;
|
package/dist/index.js
CHANGED
|
@@ -308,36 +308,16 @@ ${widgetJs}
|
|
|
308
308
|
}
|
|
309
309
|
const tokenVerifier = {
|
|
310
310
|
verifyAccessToken: async (token) => {
|
|
311
|
-
const publicKey = process.env.JWT_PUBLIC_KEY ? process.env.JWT_PUBLIC_KEY.replace(/\\n/g, '\n') : undefined;
|
|
312
|
-
const secret = process.env.JWT_SECRET;
|
|
313
|
-
// Debug log (redacted)
|
|
314
|
-
console.error(`[MCP-Auth-Debug] Verifying token. HasPublicKey=${!!publicKey}, HasSecret=${!!secret}`);
|
|
315
311
|
try {
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
// If ES256 fails, and we have a secret, try HS256 (migration path)
|
|
323
|
-
// We catch 'invalid signature' (wrong key) AND 'invalid algorithm' (token is HS256 but we asked for ES256)
|
|
324
|
-
if (secret && (e.message === 'invalid signature' || e.message.includes('invalid algorithm'))) {
|
|
325
|
-
decoded = jwt.verify(token, secret, { algorithms: ['HS256'] });
|
|
326
|
-
}
|
|
327
|
-
else {
|
|
328
|
-
throw e;
|
|
329
|
-
}
|
|
330
|
-
}
|
|
331
|
-
}
|
|
332
|
-
else if (secret) {
|
|
333
|
-
decoded = jwt.verify(token, secret, { algorithms: ['HS256'] });
|
|
334
|
-
}
|
|
335
|
-
else {
|
|
336
|
-
console.error('[MCP-Auth-Error] No keys configured');
|
|
337
|
-
throw new Error('Server misconfigured: Neither JWT_PUBLIC_KEY nor JWT_SECRET is set');
|
|
338
|
-
}
|
|
312
|
+
// MCP server is just a thin proxy - decode the token without verifying signature.
|
|
313
|
+
// The backend will do full verification when we forward the token.
|
|
314
|
+
// This avoids duplicating verification logic and makes debugging easier.
|
|
315
|
+
console.error('[MCP-Token-Debug] Decoding token...');
|
|
316
|
+
const decoded = jwt.decode(token);
|
|
317
|
+
console.error('[MCP-Token-Debug] Token decoded successfully');
|
|
339
318
|
if (!decoded || typeof decoded !== 'object') {
|
|
340
|
-
|
|
319
|
+
console.error('[MCP-Token-Debug] Token decode returned invalid format:', typeof decoded);
|
|
320
|
+
throw new Error('Invalid token format');
|
|
341
321
|
}
|
|
342
322
|
const scopeStr = typeof decoded.scope === 'string' ? decoded.scope : '';
|
|
343
323
|
const permissions = Array.isArray(decoded.permissions) ? decoded.permissions : [];
|
|
@@ -346,6 +326,7 @@ ${widgetJs}
|
|
|
346
326
|
...permissions.map((s) => (typeof s === 'string' ? s.trim() : '')).filter(Boolean),
|
|
347
327
|
];
|
|
348
328
|
const exp = decoded.exp;
|
|
329
|
+
console.error('[MCP-Token-Debug] Returning auth result');
|
|
349
330
|
return {
|
|
350
331
|
token,
|
|
351
332
|
clientId: decoded.client_id || 'unknown',
|
|
@@ -354,7 +335,7 @@ ${widgetJs}
|
|
|
354
335
|
};
|
|
355
336
|
}
|
|
356
337
|
catch (err) {
|
|
357
|
-
console.error('[MCP-Auth-Error] Token
|
|
338
|
+
console.error('[MCP-Auth-Error] Token decode failed:', err.message, err.stack);
|
|
358
339
|
throw err;
|
|
359
340
|
}
|
|
360
341
|
},
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hapticpaper/mcp-server",
|
|
3
3
|
"mcpName": "com.hapticpaper/mcp",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.35",
|
|
5
5
|
"description": "Official MCP Server for Haptic Paper - Connect your account to create human tasks from agentic pipelines.",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"main": "dist/index.js",
|
package/server.json
CHANGED
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
"subfolder": "packages/mcp-server"
|
|
26
26
|
},
|
|
27
27
|
"websiteUrl": "https://hapticpaper.com/developer",
|
|
28
|
-
"version": "1.0.
|
|
28
|
+
"version": "1.0.35",
|
|
29
29
|
"remotes": [
|
|
30
30
|
{
|
|
31
31
|
"type": "streamable-http",
|
|
@@ -37,7 +37,7 @@
|
|
|
37
37
|
"registryType": "npm",
|
|
38
38
|
"registryBaseUrl": "https://registry.npmjs.org",
|
|
39
39
|
"identifier": "@hapticpaper/mcp-server",
|
|
40
|
-
"version": "1.0.
|
|
40
|
+
"version": "1.0.35",
|
|
41
41
|
"transport": {
|
|
42
42
|
"type": "stdio"
|
|
43
43
|
},
|