@honeyfield/rent2b-mcp 1.2.1 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api-client.js +25 -9
- package/dist/api-client.js.map +1 -1
- package/dist/auth/api-auth.d.ts +29 -0
- package/dist/auth/api-auth.js +88 -0
- package/dist/auth/api-auth.js.map +1 -0
- package/dist/auth/authorize-page.d.ts +24 -3
- package/dist/auth/authorize-page.js +111 -23
- package/dist/auth/authorize-page.js.map +1 -1
- package/dist/auth/authorize-page.test.js +72 -18
- package/dist/auth/authorize-page.test.js.map +1 -1
- package/dist/auth/http-oauth.d.ts +13 -8
- package/dist/auth/http-oauth.js +87 -18
- package/dist/auth/http-oauth.js.map +1 -1
- package/dist/auth/provider.d.ts +8 -2
- package/dist/auth/provider.js +60 -9
- package/dist/auth/provider.js.map +1 -1
- package/dist/auth/provider.test.js +69 -37
- package/dist/auth/provider.test.js.map +1 -1
- package/dist/auth/stores.d.ts +18 -2
- package/dist/auth/stores.js +44 -1
- package/dist/auth/stores.js.map +1 -1
- package/dist/auth/stores.test.js +2 -2
- package/dist/auth/stores.test.js.map +1 -1
- package/dist/auth/token-crypto.d.ts +15 -1
- package/dist/auth/token-crypto.js +13 -0
- package/dist/auth/token-crypto.js.map +1 -1
- package/dist/config.d.ts +11 -4
- package/dist/config.js.map +1 -1
- package/dist/index.js +29 -10
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/auth/stores.test.js
CHANGED
|
@@ -18,7 +18,7 @@ describe('InMemoryClientsStore', () => {
|
|
|
18
18
|
});
|
|
19
19
|
describe('AuthCodeStore', () => {
|
|
20
20
|
const rec = {
|
|
21
|
-
|
|
21
|
+
session: { access_token: 'AT', refresh_token: 'RT' },
|
|
22
22
|
orgId: 7,
|
|
23
23
|
codeChallenge: 'chal',
|
|
24
24
|
redirectUri: 'https://claude.ai/cb',
|
|
@@ -29,7 +29,7 @@ describe('AuthCodeStore', () => {
|
|
|
29
29
|
const code = store.create(rec);
|
|
30
30
|
expect(typeof code).toBe('string');
|
|
31
31
|
const first = store.take(code);
|
|
32
|
-
expect(first?.
|
|
32
|
+
expect(first?.session.access_token).toBe('AT');
|
|
33
33
|
expect(store.take(code)).toBeUndefined(); // one-time
|
|
34
34
|
});
|
|
35
35
|
it('does not return an expired code', () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"stores.test.js","sourceRoot":"","sources":["../../src/auth/stores.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAElE,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,KAAK,GAAG,IAAI,oBAAoB,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC;YACrC,SAAS,EAAE,IAAI;YACf,aAAa,EAAE,CAAC,4BAA4B,CAAC;SACvC,CAAC,CAAC;QACV,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,KAAK,GAAG,IAAI,oBAAoB,EAAE,CAAC;QACzC,MAAM,CAAC,MAAM,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,MAAM,GAAG,GAAG;QACV,
|
|
1
|
+
{"version":3,"file":"stores.test.js","sourceRoot":"","sources":["../../src/auth/stores.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAElE,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,KAAK,GAAG,IAAI,oBAAoB,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC;YACrC,SAAS,EAAE,IAAI;YACf,aAAa,EAAE,CAAC,4BAA4B,CAAC;SACvC,CAAC,CAAC;QACV,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,KAAK,GAAG,IAAI,oBAAoB,EAAE,CAAC;QACzC,MAAM,CAAC,MAAM,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,MAAM,GAAG,GAAG;QACV,OAAO,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE;QACpD,KAAK,EAAE,CAAC;QACR,aAAa,EAAE,MAAM;QACrB,WAAW,EAAE,sBAAsB;QACnC,QAAQ,EAAE,IAAI;KACf,CAAC;IAEF,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,KAAK,GAAG,IAAI,aAAa,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,WAAW;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,KAAK,GAAG,IAAI,aAAa,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB;QACtD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -1,10 +1,24 @@
|
|
|
1
1
|
export interface TokenPayload {
|
|
2
|
-
apiKey: string;
|
|
3
2
|
orgId: number;
|
|
4
3
|
type: 'access' | 'refresh';
|
|
5
4
|
exp: number;
|
|
6
5
|
jti: string;
|
|
6
|
+
/**
|
|
7
|
+
* Exactly one identity is carried, depending on the login method:
|
|
8
|
+
* - `apiKey` — legacy BYO-key OAuth tokens (still honoured until expiry).
|
|
9
|
+
* - `sbAccess` — Supabase access JWT, embedded in OUR access tokens. Its own
|
|
10
|
+
* expiry always sits AFTER ours (see provider.mintSessionTokens), so it is
|
|
11
|
+
* guaranteed valid for the whole life of our access token — no mid-request
|
|
12
|
+
* refresh, no server-side session state.
|
|
13
|
+
* - `sbRefresh` — Supabase (rotating) refresh token, embedded in OUR refresh
|
|
14
|
+
* tokens; spent once per refresh to mint the next session.
|
|
15
|
+
*/
|
|
16
|
+
apiKey?: string;
|
|
17
|
+
sbAccess?: string;
|
|
18
|
+
sbRefresh?: string;
|
|
7
19
|
}
|
|
20
|
+
/** Decode a JWT's `exp` (epoch seconds) without verifying the signature. */
|
|
21
|
+
export declare function jwtExp(token: string): number | null;
|
|
8
22
|
export declare class TokenError extends Error {
|
|
9
23
|
}
|
|
10
24
|
export interface TokenCodec {
|
|
@@ -1,4 +1,17 @@
|
|
|
1
1
|
import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';
|
|
2
|
+
/** Decode a JWT's `exp` (epoch seconds) without verifying the signature. */
|
|
3
|
+
export function jwtExp(token) {
|
|
4
|
+
const parts = token.split('.');
|
|
5
|
+
if (parts.length !== 3)
|
|
6
|
+
return null;
|
|
7
|
+
try {
|
|
8
|
+
const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf8'));
|
|
9
|
+
return typeof payload.exp === 'number' ? payload.exp : null;
|
|
10
|
+
}
|
|
11
|
+
catch {
|
|
12
|
+
return null;
|
|
13
|
+
}
|
|
14
|
+
}
|
|
2
15
|
export class TokenError extends Error {
|
|
3
16
|
}
|
|
4
17
|
const IV_LEN = 12;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-crypto.js","sourceRoot":"","sources":["../../src/auth/token-crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"token-crypto.js","sourceRoot":"","sources":["../../src/auth/token-crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAsB5E,4EAA4E;AAC5E,MAAM,UAAU,MAAM,CAAC,KAAa;IAClC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAC/B,CAAC;QACvB,OAAO,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,OAAO,UAAW,SAAQ,KAAK;CAAG;AAOxC,MAAM,MAAM,GAAG,EAAE,CAAC;AAClB,MAAM,OAAO,GAAG,EAAE,CAAC;AAEnB,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO;QACL,OAAO,CAAC,OAAqB;YAC3B,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;YAC/B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACtD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;YAC/D,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YACtE,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO,CAAC,KAAa;YACnB,IAAI,GAAW,CAAC;YAChB,IAAI,CAAC;gBACH,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;YACxC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;YAC1C,CAAC;YACD,IAAI,GAAG,CAAC,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC;gBACtC,MAAM,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;YAC1C,CAAC;YACD,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACnC,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC;YACnD,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YAC1D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACzB,IAAI,OAAqB,CAAC;YAC1B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBACpE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;YAC7D,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,UAAU,CAAC,2BAA2B,CAAC,CAAC;YACpD,CAAC;YACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;gBACnF,MAAM,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC;YACxC,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/config.d.ts
CHANGED
|
@@ -1,10 +1,17 @@
|
|
|
1
1
|
export interface Config {
|
|
2
|
-
|
|
2
|
+
/** Raw `r2b_` API key (X-API-Key). Used by stdio mode and the legacy path. */
|
|
3
|
+
apiKey?: string;
|
|
4
|
+
/**
|
|
5
|
+
* Supabase access JWT (Authorization: Bearer). Used by the HTTP OAuth path
|
|
6
|
+
* after a user logs in with their rent2b account. Mutually exclusive with
|
|
7
|
+
* `apiKey`; when set, requests authenticate as the user (RLS applies).
|
|
8
|
+
*/
|
|
9
|
+
accessToken?: string;
|
|
3
10
|
apiUrl: string;
|
|
4
11
|
/**
|
|
5
|
-
* Pre-resolved organization id
|
|
6
|
-
*
|
|
7
|
-
*
|
|
12
|
+
* Pre-resolved organization id. When provided, the client skips the org
|
|
13
|
+
* lookup — used in HTTP mode where the auth layer already resolved the org
|
|
14
|
+
* and set it on req.auth.
|
|
8
15
|
*/
|
|
9
16
|
organizationId?: number;
|
|
10
17
|
}
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAkBA,MAAM,eAAe,GAAG,6CAA6C,CAAC;AAEtE,MAAM,UAAU,UAAU;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IACD,cAAc,CAAC,MAAM,CAAC,CAAC;IACvB,OAAO;QACL,MAAM;QACN,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,eAAe;KACtD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,eAAe;KACtD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAsD;IAClF,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAuB,CAAC;IAClE,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,CAAuB,CAAC;IAC3D,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAC;AACnG,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -8,6 +8,7 @@ import { createTokenCodec } from './auth/token-crypto.js';
|
|
|
8
8
|
import { InMemoryClientsStore, AuthCodeStore } from './auth/stores.js';
|
|
9
9
|
import { Rent2bOAuthProvider } from './auth/provider.js';
|
|
10
10
|
import { registerOAuth, xApiKeyToBearer } from './auth/http-oauth.js';
|
|
11
|
+
import { ApiAuthClient } from './auth/api-auth.js';
|
|
11
12
|
async function main() {
|
|
12
13
|
const args = process.argv.slice(2);
|
|
13
14
|
const useSSE = args.includes('--sse');
|
|
@@ -30,22 +31,37 @@ async function main() {
|
|
|
30
31
|
app.get('/health', (_req, res) => {
|
|
31
32
|
res.json({ status: 'ok' });
|
|
32
33
|
});
|
|
33
|
-
// OAuth 2.1 + Dynamic Client Registration. The "login" is the user
|
|
34
|
-
//
|
|
35
|
-
//
|
|
34
|
+
// OAuth 2.1 + Dynamic Client Registration. The "login" is the user signing
|
|
35
|
+
// in with their rent2b account (email/password or Google/Apple, delegated
|
|
36
|
+
// to the rent2b-api auth endpoints); the issued token carries the resulting
|
|
37
|
+
// Supabase session. Raw r2b_ bearer tokens (and X-API-Key via the shim)
|
|
38
|
+
// keep working unchanged.
|
|
36
39
|
const oauthCfg = loadOAuthConfig();
|
|
40
|
+
const apiAuth = new ApiAuthClient(httpConfig.apiUrl);
|
|
37
41
|
const validateKey = async (apiKey) => {
|
|
38
42
|
validateApiKey(apiKey);
|
|
39
43
|
const client = new Rent2bApiClient({ apiKey, apiUrl: httpConfig.apiUrl });
|
|
40
44
|
return client.resolveOrganization();
|
|
41
45
|
};
|
|
46
|
+
// Persist DCR client registrations so they survive restarts/redeploys.
|
|
47
|
+
// Without this, every restart wiped the in-memory map and existing Claude
|
|
48
|
+
// connectors failed their refresh-token exchange (`invalid_client`) once
|
|
49
|
+
// their 1h access token expired. Mount a volume at /data on the gateway;
|
|
50
|
+
// if it's absent the store silently falls back to memory.
|
|
51
|
+
const clientsPath = process.env.OAUTH_CLIENTS_PATH || '/data/oauth-clients.json';
|
|
52
|
+
// Social login (Google/Apple) is gated off until the API returns a
|
|
53
|
+
// fragment-based session — the default PKCE flow returns `?code=` which the
|
|
54
|
+
// stateless callback page can't complete. Email/password works regardless.
|
|
55
|
+
const socialLogin = process.env.RENT2B_MCP_SOCIAL_LOGIN === 'true';
|
|
42
56
|
const provider = new Rent2bOAuthProvider({
|
|
43
57
|
codec: createTokenCodec(oauthCfg.encryptionKey),
|
|
44
|
-
clientsStore: new InMemoryClientsStore(),
|
|
58
|
+
clientsStore: new InMemoryClientsStore(clientsPath),
|
|
45
59
|
codeStore: new AuthCodeStore(),
|
|
60
|
+
apiAuth,
|
|
46
61
|
validateKey,
|
|
62
|
+
socialLogin,
|
|
47
63
|
});
|
|
48
|
-
const bearer = registerOAuth(app, { oauthCfg, provider,
|
|
64
|
+
const bearer = registerOAuth(app, { oauthCfg, provider, apiAuth, socialLogin });
|
|
49
65
|
// Stateless Streamable HTTP: a fresh MCP server + transport per request, with
|
|
50
66
|
// NO server-side session affinity. tools/list and tool calls work on any
|
|
51
67
|
// request without a prior session, so the client can refresh the tool list
|
|
@@ -54,17 +70,20 @@ async function main() {
|
|
|
54
70
|
// the previous stateful mode left clients stuck on a dead session after a
|
|
55
71
|
// restart, requiring a manual reconnect.)
|
|
56
72
|
app.post('/mcp', xApiKeyToBearer, bearer, async (req, res) => {
|
|
57
|
-
// The bearer auth layer (verifyAccessToken) already resolved
|
|
58
|
-
//
|
|
59
|
-
//
|
|
73
|
+
// The bearer auth layer (verifyAccessToken) already resolved the caller's
|
|
74
|
+
// credential and organization. The credential is either a Supabase access
|
|
75
|
+
// token (user logged in via OAuth) or a raw r2b_ key (legacy/direct);
|
|
76
|
+
// reuse the org instead of looking it up again.
|
|
60
77
|
const apiKey = req.auth?.extra?.apiKey;
|
|
78
|
+
const accessToken = req.auth?.extra?.supabaseAccessToken;
|
|
61
79
|
const organizationId = req.auth?.extra?.orgId;
|
|
62
|
-
if (!apiKey) {
|
|
63
|
-
res.status(401).json({ error: 'No
|
|
80
|
+
if (!apiKey && !accessToken) {
|
|
81
|
+
res.status(401).json({ error: 'No credential associated with token' });
|
|
64
82
|
return;
|
|
65
83
|
}
|
|
66
84
|
const apiClient = new Rent2bApiClient({
|
|
67
85
|
apiKey,
|
|
86
|
+
accessToken,
|
|
68
87
|
apiUrl: httpConfig.apiUrl,
|
|
69
88
|
organizationId,
|
|
70
89
|
});
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACxF,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACxF,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAOnD,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,QAAQ,CACnB,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,EAClE,EAAE,CACH,CAAC;IAEF,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;QAEpC,MAAM,EAAE,6BAA6B,EAAE,GAAG,MAAM,MAAM,CACpD,oDAAoD,CACrD,CAAC;QACF,MAAM,OAAO,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;QAClD,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,wEAAwE;QACxE,4EAA4E;QAC5E,sEAAsE;QACtE,4EAA4E;QAC5E,yEAAyE;QACzE,2EAA2E;QAC3E,uEAAuE;QACvE,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QAC1B,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAExB,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,2EAA2E;QAC3E,0EAA0E;QAC1E,4EAA4E;QAC5E,wEAAwE;QACxE,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,WAAW,GAAG,KAAK,EAAE,MAAc,EAAmB,EAAE;YAC5D,cAAc,CAAC,MAAM,CAAC,CAAC;YACvB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1E,OAAO,MAAM,CAAC,mBAAmB,EAAE,CAAC;QACtC,CAAC,CAAC;QACF,uEAAuE;QACvE,0EAA0E;QAC1E,yEAAyE;QACzE,yEAAyE;QACzE,0DAA0D;QAC1D,MAAM,WAAW,GACf,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,0BAA0B,CAAC;QAC/D,mEAAmE;QACnE,4EAA4E;QAC5E,2EAA2E;QAC3E,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,MAAM,CAAC;QACnE,MAAM,QAAQ,GAAG,IAAI,mBAAmB,CAAC;YACvC,KAAK,EAAE,gBAAgB,CAAC,QAAQ,CAAC,aAAa,CAAC;YAC/C,YAAY,EAAE,IAAI,oBAAoB,CAAC,WAAW,CAAC;YACnD,SAAS,EAAE,IAAI,aAAa,EAAE;YAC9B,OAAO;YACP,WAAW;YACX,WAAW;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;QAEhF,8EAA8E;QAC9E,yEAAyE;QACzE,2EAA2E;QAC3E,4EAA4E;QAC5E,6EAA6E;QAC7E,0EAA0E;QAC1E,0CAA0C;QAC1C,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAC3D,0EAA0E;YAC1E,0EAA0E;YAC1E,sEAAsE;YACtE,gDAAgD;YAChD,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,MAA4B,CAAC;YAC7D,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,mBAAyC,CAAC;YAC/E,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,KAA2B,CAAC;YACpE,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;gBACvE,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC;gBACpC,MAAM;gBACN,WAAW;gBACX,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,cAAc;aACf,CAAC,CAAC;YACH,8EAA8E;YAC9E,IAAI,cAAc,IAAI,IAAI,EAAE,CAAC;gBAC3B,IAAI,CAAC;oBACH,MAAM,SAAS,CAAC,mBAAmB,EAAE,CAAC;gBACxC,CAAC;gBAAC,OAAO,GAAY,EAAE,CAAC;oBACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK;wBAClC,CAAC,CAAC,GAAG,CAAC,OAAO;wBACb,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,IAAI,SAAS,IAAI,GAAG;4BAC3D,CAAC,CAAC,MAAM,CAAE,GAA4B,CAAC,OAAO,CAAC;4BAC/C,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,OAAO,EAAE,EAAE,CAAC,CAAC;oBAC/D,OAAO;gBACT,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;YACvC,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAClD,kBAAkB,EAAE,SAAS,EAAE,kCAAkC;aAClE,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACnB,SAAS,CAAC,KAAK,EAAE,CAAC;gBAClB,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,CAAC,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,sEAAsE;QACtE,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,CACvB,IAA+B,EAC/B,GAA+B,EACzB,EAAE;YACR,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,uCAAuC,EAAE;gBACzE,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;QACL,CAAC,CAAC;QACF,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;QAClC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;QAErC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACpB,OAAO,CAAC,KAAK,CAAC,yDAAyD,IAAI,EAAE,CAAC,CAAC;YAC/E,OAAO,CAAC,KAAK,CAAC,iBAAiB,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1D,OAAO,CAAC,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC1F,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,MAAM,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;QAEpC,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CACzC,yCAAyC,CAC1C,CAAC;QACF,MAAM,OAAO,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;QAClD,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QAEtB,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA2B,CAAC;QAEpD,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACjC,IAAI,MAAc,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACpC,cAAc,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;gBACzC,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YAE7E,IAAI,CAAC;gBACH,MAAM,SAAS,CAAC,mBAAmB,EAAE,CAAC;YACxC,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK;oBAClC,CAAC,CAAC,GAAG,CAAC,OAAO;oBACb,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,IAAI,SAAS,IAAI,GAAG;wBAC3D,CAAC,CAAC,MAAM,CAAE,GAA4B,CAAC,OAAO,CAAC;wBAC/C,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,OAAO,EAAE,EAAE,CAAC,CAAC;gBAC/D,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;YACvC,MAAM,SAAS,GAAG,IAAI,kBAAkB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAC3D,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;YAE5D,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACnB,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACvC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,SAAmB,CAAC;YAChD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACxC,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,OAAO,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACpB,OAAO,CAAC,KAAK,CAAC,6CAA6C,IAAI,EAAE,CAAC,CAAC;YACnE,OAAO,CAAC,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACtF,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,0CAA0C;QAC1C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;QAE9C,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,mBAAmB,EAAE,CAAC;YACpD,OAAO,CAAC,KAAK,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GACX,GAAG,YAAY,KAAK;gBAClB,CAAC,CAAC,GAAG,CAAC,OAAO;gBACb,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,IAAI,SAAS,IAAI,GAAG;oBAC3D,CAAC,CAAC,MAAM,CAAE,GAA4B,CAAC,OAAO,CAAC;oBAC/C,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,mCAAmC,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|