@kya-os/mcp-i-cloudflare 1.7.76 → 1.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter.d.ts +5 -0
- package/dist/adapter.d.ts.map +1 -1
- package/dist/adapter.js +34 -4
- package/dist/adapter.js.map +1 -1
- package/dist/agent.d.ts +14 -0
- package/dist/agent.d.ts.map +1 -1
- package/dist/agent.js +788 -36
- package/dist/agent.js.map +1 -1
- package/dist/app.d.ts.map +1 -1
- package/dist/app.js +35 -0
- package/dist/app.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/proof-generator.d.ts.map +1 -1
- package/dist/proof-generator.js +12 -10
- package/dist/proof-generator.js.map +1 -1
- package/dist/providers/crypto.d.ts +1 -1
- package/dist/providers/crypto.d.ts.map +1 -1
- package/dist/providers/crypto.js +5 -1
- package/dist/providers/crypto.js.map +1 -1
- package/dist/services/consent.service.d.ts +18 -0
- package/dist/services/consent.service.d.ts.map +1 -1
- package/dist/services/consent.service.js +155 -39
- package/dist/services/consent.service.js.map +1 -1
- package/dist/services/vault-resolver.d.ts +55 -0
- package/dist/services/vault-resolver.d.ts.map +1 -0
- package/dist/services/vault-resolver.js +144 -0
- package/dist/services/vault-resolver.js.map +1 -0
- package/dist/types.d.ts +2 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +18 -9
package/dist/proof-generator.js
CHANGED
|
@@ -132,19 +132,21 @@ export class CloudflareProofGenerator {
|
|
|
132
132
|
};
|
|
133
133
|
const headerBase64url = this.base64urlEncode(JSON.stringify(header));
|
|
134
134
|
// JWS Payload (JWT claims + proof metadata)
|
|
135
|
+
// CRITICAL: Must match the canonical payload structure in verifiers
|
|
136
|
+
// (see packages/verifier/src/core.ts createCanonicalPayload and
|
|
137
|
+
// packages/mcp-i-core/src/services/proof-verifier.ts buildCanonicalPayload)
|
|
135
138
|
const payload = {
|
|
136
|
-
// Standard JWT claims
|
|
137
|
-
|
|
138
|
-
sub: meta.did,
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
ts: meta.ts, // AgentShield requires 'ts' claim
|
|
142
|
-
// Proof-specific claims
|
|
143
|
-
nonce: meta.nonce,
|
|
144
|
-
sessionId: meta.sessionId,
|
|
139
|
+
// Standard JWT claims (RFC 7519)
|
|
140
|
+
aud: meta.audience, // Audience (who the token is for)
|
|
141
|
+
sub: meta.did, // Subject (agent DID)
|
|
142
|
+
iss: meta.did, // Issuer (agent DID - self-issued)
|
|
143
|
+
// Custom MCP-I proof claims
|
|
145
144
|
requestHash: meta.requestHash,
|
|
146
145
|
responseHash: meta.responseHash,
|
|
147
|
-
|
|
146
|
+
ts: meta.ts,
|
|
147
|
+
nonce: meta.nonce,
|
|
148
|
+
sessionId: meta.sessionId,
|
|
149
|
+
// Optional claims (only include if present)
|
|
148
150
|
...(meta.scopeId && { scopeId: meta.scopeId }),
|
|
149
151
|
...(meta.delegationRef && { delegationRef: meta.delegationRef }),
|
|
150
152
|
...(meta.clientDid && { clientDid: meta.clientDid }),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proof-generator.js","sourceRoot":"","sources":["../src/proof-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA4DH;;;;;GAKG;AACH,MAAM,OAAO,wBAAwB;IAC3B,QAAQ,CAAgB;IAEhC,YAAY,QAAuB;QACjC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,OAAoB,EACpB,QAAsB,EACtB,OAAuB,EACvB,UAAwB,EAAE;QAE1B,4BAA4B;QAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAErE,wBAAwB;QACxB,MAAM,IAAI,GAAc;YACtB,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;YACtB,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;YACtB,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACjC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,GAAG,OAAO;SACX,CAAC;QAEF,gCAAgC;QAChC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEzC,OAAO;YACL,GAAG;YACH,IAAI;SACL,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CACnC,OAAoB,EACpB,QAAsB;QAEtB,oDAAoD;QACpD,MAAM,gBAAgB,GAAG;YACvB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;SAClD,CAAC;QAEF,kDAAkD;QAClD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,IAAI,CAAC;QAExC,qDAAqD;QACrD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;QACpE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,CAAC;QAEtE,OAAO;YACL,WAAW;YACX,YAAY;SACb,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,kBAAkB,CAAC,IAAS;QACxC,kCAAkC;QAClC,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAElD,oCAAoC;QACpC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAErE,wBAAwB;QACxB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAE7E,OAAO,UAAU,OAAO,EAAE,CAAC;IAC7B,CAAC;IAED;;;;;;;;OAQG;IACK,gBAAgB,CAAC,GAAQ;QAC/B,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC;QAChC,IAAI,OAAO,GAAG,KAAK,WAAW;YAAE,OAAO,MAAM,CAAC;QAC9C,IAAI,OAAO,GAAG,KAAK,SAAS;YAAE,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;QACpD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,iDAAiD;YACjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC7E,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC9D,OAAO,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACxC,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC9C,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,KAAK,CAAC;YAC3C,CAAC,CAAC,CAAC;YACH,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACrC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,GAAG,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,WAAW,CAAC,IAAe;QACvC,uEAAuE;QACvE,MAAM,MAAM,GAAG;YACb,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,IAAI,CAAC,GAAG,EAAG,wCAAwC;SACzD,CAAC;QACF,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAErE,4CAA4C;QAC5C,MAAM,OAAO,GAAG;YACd,
|
|
1
|
+
{"version":3,"file":"proof-generator.js","sourceRoot":"","sources":["../src/proof-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA4DH;;;;;GAKG;AACH,MAAM,OAAO,wBAAwB;IAC3B,QAAQ,CAAgB;IAEhC,YAAY,QAAuB;QACjC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,OAAoB,EACpB,QAAsB,EACtB,OAAuB,EACvB,UAAwB,EAAE;QAE1B,4BAA4B;QAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAErE,wBAAwB;QACxB,MAAM,IAAI,GAAc;YACtB,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;YACtB,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;YACtB,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACjC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,GAAG,OAAO;SACX,CAAC;QAEF,gCAAgC;QAChC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEzC,OAAO;YACL,GAAG;YACH,IAAI;SACL,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CACnC,OAAoB,EACpB,QAAsB;QAEtB,oDAAoD;QACpD,MAAM,gBAAgB,GAAG;YACvB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;SAClD,CAAC;QAEF,kDAAkD;QAClD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,IAAI,CAAC;QAExC,qDAAqD;QACrD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;QACpE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,CAAC;QAEtE,OAAO;YACL,WAAW;YACX,YAAY;SACb,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,kBAAkB,CAAC,IAAS;QACxC,kCAAkC;QAClC,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAElD,oCAAoC;QACpC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAErE,wBAAwB;QACxB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAE7E,OAAO,UAAU,OAAO,EAAE,CAAC;IAC7B,CAAC;IAED;;;;;;;;OAQG;IACK,gBAAgB,CAAC,GAAQ;QAC/B,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC;QAChC,IAAI,OAAO,GAAG,KAAK,WAAW;YAAE,OAAO,MAAM,CAAC;QAC9C,IAAI,OAAO,GAAG,KAAK,SAAS;YAAE,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;QACpD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,iDAAiD;YACjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC7E,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACxD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC9D,OAAO,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACxC,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC9C,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,KAAK,CAAC;YAC3C,CAAC,CAAC,CAAC;YACH,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACrC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,GAAG,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,WAAW,CAAC,IAAe;QACvC,uEAAuE;QACvE,MAAM,MAAM,GAAG;YACb,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,IAAI,CAAC,GAAG,EAAG,wCAAwC;SACzD,CAAC;QACF,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAErE,4CAA4C;QAC5C,oEAAoE;QACpE,gEAAgE;QAChE,6EAA6E;QAC7E,MAAM,OAAO,GAAG;YACd,iCAAiC;YACjC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAI,kCAAkC;YACxD,GAAG,EAAE,IAAI,CAAC,GAAG,EAAS,sBAAsB;YAC5C,GAAG,EAAE,IAAI,CAAC,GAAG,EAAS,mCAAmC;YAEzD,4BAA4B;YAC5B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,IAAI,CAAC,SAAS;YAEzB,4CAA4C;YAC5C,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;YAC9C,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC;YAChE,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;SACrD,CAAC;QACF,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAEvE,iCAAiC;QACjC,MAAM,YAAY,GAAG,GAAG,eAAe,IAAI,gBAAgB,EAAE,CAAC;QAE9D,qBAAqB;QACrB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QACvD,MAAM,kBAAkB,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAE3D,4BAA4B;QAC5B,OAAO,GAAG,eAAe,IAAI,gBAAgB,IAAI,kBAAkB,EAAE,CAAC;IACxE,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,WAAW,CAAC,IAAY;QACpC,wCAAwC;QACxC,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAEpE,2CAA2C;QAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;QAExD,sCAAsC;QACtC,2EAA2E;QAC3E,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC9C,OAAO,EAAG,gCAAgC;QAC1C,KAAK,CAAC,MAAqB,EAC3B;YACE,IAAI,EAAE,SAAS;SAChB,EACD,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;QAEF,gBAAgB;QAChB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,wDAAwD;QACxD,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAC9C,SAAS,EACT,UAAU,EACV,UAAU,CACX,CAAC;QAEF,OAAO,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC;IACzC,CAAC;IAED;;;OAGG;IACK,mBAAmB,CAAC,MAAkB;QAC5C,yCAAyC;QACzC,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC;YACjC,IAAI,EAAE,IAAI,EAAE,sBAAsB;YAClC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,oBAAoB;YACtC,IAAI,EAAE,IAAI,EAAE,iCAAiC;YAC7C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,kBAAkB;YAChD,IAAI,EAAE,IAAI,EAAE,0BAA0B;YACtC,IAAI,EAAE,IAAI,CAAE,2CAA2C;SACxD,CAAC,CAAC;QAEH,qEAAqE;QACrE,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAErE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACxB,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,IAAyB;QAC/C,IAAI,MAAc,CAAC;QAEnB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,2BAA2B;YAC3B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACnC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,+BAA+B;YAC/B,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;QAC9C,CAAC;QAED,6CAA6C;QAC7C,OAAO,MAAM;aACV,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACvB,CAAC;IAED;;;OAGG;IACK,YAAY,CAAC,MAAc;QACjC,iDAAiD;QACjD,mDAAmD;QACnD,IAAI,cAAc,GAAG,MAAM;aACxB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;aAClB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAEtB,wDAAwD;QACxD,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC5D,cAAc,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE5C,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,KAAK,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/providers/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,qBAAa,iBAAkB,SAAQ,cAAc;IACnD;;OAEG;IACG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAkC3E;;OAEG;IACG,MAAM,CACV,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,OAAO,CAAC;IA6BnB;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAwB3E;;OAEG;IACG,IAAI,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/providers/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,qBAAa,iBAAkB,SAAQ,cAAc;IACnD;;OAEG;IACG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAkC3E;;OAEG;IACG,MAAM,CACV,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,OAAO,CAAC;IA6BnB;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAwB3E;;OAEG;IACG,IAAI,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAY7C;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAQtD,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,iBAAiB;IAgBzB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAM3B;;;OAGG;IACH,OAAO,CAAC,aAAa;IAmBrB,OAAO,CAAC,aAAa;CAOtB"}
|
package/dist/providers/crypto.js
CHANGED
|
@@ -68,7 +68,11 @@ export class WebCryptoProvider extends CryptoProvider {
|
|
|
68
68
|
*/
|
|
69
69
|
async hash(data) {
|
|
70
70
|
const hashBuffer = await crypto.subtle.digest('SHA-256', data.buffer.slice(data.byteOffset, data.byteOffset + data.byteLength));
|
|
71
|
-
|
|
71
|
+
const hashBytes = new Uint8Array(hashBuffer);
|
|
72
|
+
const hex = Array.from(hashBytes)
|
|
73
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
74
|
+
.join('');
|
|
75
|
+
return `sha256:${hex}`;
|
|
72
76
|
}
|
|
73
77
|
/**
|
|
74
78
|
* Generate random bytes
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/providers/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,MAAM,OAAO,iBAAkB,SAAQ,cAAc;IACnD;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,IAAgB,EAAE,gBAAwB;QACnD,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;QAE7D,0BAA0B;QAC1B,8DAA8D;QAC9D,gCAAgC;QAChC,0DAA0D;QAC1D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,KAAK,EAAE,IAAI,eAAe,CAAC,CAAC,CAAC,KAAK,IAAI;YACzE,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC;YAC5C,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,KAAK,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;QAErF,yDAAyD;QACzD,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAE/C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,OAAO,EACP,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAA2B,EACnG;YACE,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,SAAS;SACtB,EACD,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACxC,SAAS,EACT,SAAS,EACT,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAA2B,CAChG,CAAC;QAEF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,IAAgB,EAChB,SAAqB,EACrB,eAAuB;QAEvB,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;YAE3D,yDAAyD;YACzD,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;YAEpD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,MAAM,EACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAA2B,EAC/F;gBACE,IAAI,EAAE,SAAS;gBACf,UAAU,EAAE,SAAS;aACtB,EACD,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;YAEF,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAC/B,SAAS,EACT,SAAS,EACT,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAA2B,EACnH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAA2B,CAChG,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAC7C;YACE,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,SAAS;SACtB,EACD,IAAI,EACJ,CAAC,MAAM,EAAE,QAAQ,CAAC,CACnB,CAAC;QAEF,8BAA8B;QAC9B,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;QACnF,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;QAEnF,4BAA4B;QAC5B,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/E,MAAM,cAAc,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;QAE/E,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC;YAC/C,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;SAC9C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,IAAgB;QACzB,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,
|
|
1
|
+
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/providers/crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,MAAM,OAAO,iBAAkB,SAAQ,cAAc;IACnD;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,IAAgB,EAAE,gBAAwB;QACnD,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;QAE7D,0BAA0B;QAC1B,8DAA8D;QAC9D,gCAAgC;QAChC,0DAA0D;QAC1D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,KAAK,EAAE,IAAI,eAAe,CAAC,CAAC,CAAC,KAAK,IAAI;YACzE,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC;YAC5C,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,KAAK,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;QAErF,yDAAyD;QACzD,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAE/C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,OAAO,EACP,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAA2B,EACnG;YACE,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,SAAS;SACtB,EACD,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACxC,SAAS,EACT,SAAS,EACT,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAA2B,CAChG,CAAC;QAEF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,IAAgB,EAChB,SAAqB,EACrB,eAAuB;QAEvB,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC;YAE3D,yDAAyD;YACzD,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;YAEpD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,MAAM,EACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAA2B,EAC/F;gBACE,IAAI,EAAE,SAAS;gBACf,UAAU,EAAE,SAAS;aACtB,EACD,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;YAEF,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAC/B,SAAS,EACT,SAAS,EACT,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,CAA2B,EACnH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAA2B,CAChG,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAC7C;YACE,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,SAAS;SACtB,EACD,IAAI,EACJ,CAAC,MAAM,EAAE,QAAQ,CAAC,CACnB,CAAC;QAEF,8BAA8B;QAC9B,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;QACnF,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;QAEnF,4BAA4B;QAC5B,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/E,MAAM,cAAc,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;QAE/E,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC;YAC/C,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;SAC9C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,IAAgB;QACzB,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAC3C,SAAS,EACT,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAA2B,CAChG,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;QAC7C,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;aAC9B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;QACZ,OAAO,UAAU,GAAG,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,MAAc;QAC9B,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,2CAA2C;IAEnC,mBAAmB,CAAC,MAAkB;QAC5C,wCAAwC;QACxC,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC;YACjC,IAAI,EAAE,IAAI,EAAE,sBAAsB;YAClC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,oBAAoB;YACtC,IAAI,EAAE,IAAI,EAAE,iCAAiC;YAC7C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,kBAAkB;YAChD,IAAI,EAAE,IAAI,EAAE,0BAA0B;YACtC,IAAI,EAAE,IAAI,CAAE,2CAA2C;SACxD,CAAC,CAAC;QAEH,uCAAuC;QACvC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAErE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACxB,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,iBAAiB,CAAC,MAAkB;QAC1C,sDAAsD;QACtD,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;YAChC,IAAI,EAAE,IAAI,EAAE,sBAAsB;YAClC,IAAI,EAAE,IAAI,EAAE,iCAAiC;YAC7C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,kBAAkB;YAChD,IAAI,EAAE,IAAI,EAAE,wBAAwB;YACpC,IAAI,CAAC,iBAAiB;SACvB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QACjE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACvB,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,oBAAoB,CAAC,KAAiB;QAC5C,gDAAgD;QAChD,8CAA8C;QAC9C,OAAO,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7B,CAAC;IAEO,mBAAmB,CAAC,IAAgB;QAC1C,+CAA+C;QAC/C,8CAA8C;QAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACK,aAAa,CAAC,MAAc;QAClC,iDAAiD;QACjD,mDAAmD;QACnD,IAAI,cAAc,GAAG,MAAM;aACxB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;aAClB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAEtB,wDAAwD;QACxD,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC5D,cAAc,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE5C,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,KAAK,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,aAAa,CAAC,KAAiB;QACrC,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5B,CAAC;CACF"}
|
|
@@ -326,6 +326,24 @@ export declare class ConsentService {
|
|
|
326
326
|
* @returns JavaScript response with aggressive caching
|
|
327
327
|
*/
|
|
328
328
|
private serveConsentBundle;
|
|
329
|
+
/**
|
|
330
|
+
* Handle CORS preflight for /consent/approve.
|
|
331
|
+
*
|
|
332
|
+
* When the consent UI runs inside an MCP Apps sandboxed iframe, the
|
|
333
|
+
* browser sends an OPTIONS preflight before the actual POST. The
|
|
334
|
+
* sandbox creates an opaque origin so we allow any origin.
|
|
335
|
+
*
|
|
336
|
+
* Security: The approve endpoint validates all required fields
|
|
337
|
+
* (tool, scopes, session_id, project_id) via Zod schema, so
|
|
338
|
+
* permissive CORS does not weaken the security boundary.
|
|
339
|
+
*/
|
|
340
|
+
private handleCorsPreflightForApproval;
|
|
341
|
+
/**
|
|
342
|
+
* Append CORS headers to an existing response.
|
|
343
|
+
* Used for POST /consent/approve responses so the MCP Apps
|
|
344
|
+
* sandboxed iframe can read the JSON body.
|
|
345
|
+
*/
|
|
346
|
+
private addCorsHeaders;
|
|
329
347
|
/**
|
|
330
348
|
* Render consent page
|
|
331
349
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"consent.service.d.ts","sourceRoot":"","sources":["../../src/services/consent.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAapD,OAAO,KAAK,EAIV,aAAa,EACd,MAAM,2BAA2B,CAAC;AAYnC,OAAO,EAcL,KAAK,WAAW,EAChB,KAAK,8BAA8B,EACpC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAsB,KAAK,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"consent.service.d.ts","sourceRoot":"","sources":["../../src/services/consent.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAapD,OAAO,KAAK,EAIV,aAAa,EACd,MAAM,2BAA2B,CAAC;AAYnC,OAAO,EAcL,KAAK,WAAW,EAChB,KAAK,8BAA8B,EACpC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAsB,KAAK,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAkB9E,qBAAa,cAAc;IACzB,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,GAAG,CAAgB;IAC3B,OAAO,CAAC,OAAO,CAAC,CAAoB;IACpC,OAAO,CAAC,cAAc,CAAC,CAAiB;IAGxC,OAAO,CAAC,YAAY,CAAC,CAAsB;IAC3C,OAAO,CAAC,gBAAgB,CAAC,CAAgB;IAGzC,OAAO,CAAC,gBAAgB,CAAC,CAAgD;IACzE,OAAO,CAAC,gBAAgB,CAAC,CAAqD;IAE9E;;;OAGG;gBAED,GAAG,EAAE,aAAa,EAClB,OAAO,CAAC,EAAE,iBAAiB,EAC3B,gBAAgB,CAAC,EAAE,OAAO,oBAAoB,EAAE,gBAAgB,EAChE,gBAAgB,CAAC,EAAE,OAAO,oBAAoB,EAAE,qBAAqB;IAWvE;;;;;;;OAOG;YACW,eAAe;IAmC7B;;;;;;;OAOG;IACG,mBAAmB,CAAC,KAAK,EAAE;QAC/B,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,UAAU,EAAE,MAAM,CAAA;SAAE,CAAC;KACzD,GAAG,OAAO,CAAC,IAAI,CAAC;IAMX,kBAAkB,CAAC,KAAK,EAAE;QAC9B,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,IAAI,CAAC;IAMjB;;;;;;;;;;;;OAYG;IACG,uBAAuB,CAAC,MAAM,EAAE;QACpC,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,eAAe,EAAE,MAAM,CAAC;QACxB,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW3C;;;;;OAKG;YACW,sBAAsB;IA8CpC;;;;;;;;;;OAUG;YACW,sBAAsB;IAqEpC;;;;;;;;;;;;;;OAcG;IACU,oBAAoB,CAC/B,SAAS,EAAE,MAAM,EACjB,aAAa,CAAC,EAAE,aAAa,GAAG,IAAI,GACnC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAkFzB;;;;;;;;;;;OAWG;YACW,iCAAiC;IA0D/C;;;;;;;;;OASG;IACU,yBAAyB,CACpC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,aAAa,CAAC,EAAE,aAAa,GAAG,IAAI,GACnC,OAAO,CAAC,IAAI,CAAC;IAuIhB;;;;;;;;;OASG;IACU,oBAAoB,CAC/B,SAAS,EAAE,MAAM,EACjB,aAAa,CAAC,EAAE,aAAa,GAAG,IAAI,GACnC,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAsE9B;;;;;;;;;;;;;;OAcG;IACU,yBAAyB,CACpC,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,aAAa,GAC3B,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IA0F9B;;;;OAIG;IACH,OAAO,CAAC,2BAA2B;IAInC;;;;;;;;;;;;;OAaG;IACU,kCAAkC,CAC7C,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAmGzB;;;;;;;;;;;;;OAaG;IACU,iBAAiB,CAC5B,UAAU,EAAE,gBAAgB,EAC5B,SAAS,EAAE,MAAM,EACjB,aAAa,CAAC,EAAE,aAAa,GAAG,IAAI,EACpC,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,GACnC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA4DzB;;;;;;;;;;;;;;;;OAgBG;IACU,kBAAkB,CAC7B,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;QACR,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,UAAU,CAAC,EAAE,OAAO,CAAC;KACtB,GACA,OAAO,CAAC,8BAA8B,GAAG,IAAI,CAAC;IA+HjD;;;;;;;;;;;;OAYG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,aAAa,CAAC,EAAE,aAAa,EAC7B,iBAAiB,CAAC,EAAE,MAAM,EAC1B,cAAc,CAAC,EAAE,OAAO,mCAAmC,EAAE,cAAc,GAC1E,OAAO,CAAC,OAAO,CAAC;IA+HnB;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,aAAa,CACjB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EAAE,EAChB,SAAS,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,6DAA6D;IAChF,oBAAoB,CAAC,EAAE,OAAO,0BAA0B,EAAE,oBAAoB,EAC9E,SAAS,CAAC,EAAE,MAAM,EAAE,sDAAsD;IAC1E,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,CAAC;IAkQlB;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,mBAAmB;IAmE3B;;;;;;;;;;;OAWG;IACG,kBAAkB,CACtB,aAAa,EAAE,aAAa,EAC5B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;IAyElB;;;;;;;;;;OAUG;IACG,oBAAoB,CACxB,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC;IAgFhB;;;;;;;;;;OAUG;IACG,MAAM,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAgCjD;;;;;;;OAOG;IACH,OAAO,CAAC,kBAAkB;IAe1B;;;;;;;;;;OAUG;IACH,OAAO,CAAC,8BAA8B;IAYtC;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAetB;;;;;;;;;;;;;OAaG;YACW,iBAAiB;IAioB/B;;;;;;;;OAQG;YACW,gBAAgB;IA2lC9B;;;;;;;;OAQG;YACW,cAAc;IAqd5B;;;;;OAKG;YACW,gBAAgB;IA4S9B;;;;;;;;OAQG;IACH,OAAO,CAAC,qBAAqB;IAQ7B;;;;;;;;;OASG;YACW,oBAAoB;IA+DlC;;;;;;;;;;;;OAYG;YACW,oBAAoB;IA2ElC;;;;;OAKG;YACW,iBAAiB;IAmC/B;;;;OAIG;YACW,sBAAsB;IA4FpC;;;;;;;;;OASG;YACW,wBAAwB;IAsetC;;;;;;;;;OASG;IACH,OAAO,CAAC,WAAW;IA2BnB;;;;;;;OAOG;YACW,2BAA2B;IAkGzC;;;;;;;;;OASG;IACH,OAAO,CAAC,2BAA2B;IA4GnC;;OAEG;YACW,yBAAyB;IAsDvC;;OAEG;YACW,oBAAoB;IAmDlC;;;;;;;;;;;OAWG;YACW,2BAA2B;IAmDzC;;;;;;;;;OASG;IACU,wBAAwB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuBzE;;;;;OAKG;YACW,eAAe;IAgB7B;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAO7B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAK7B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAY3B;;OAEG;YACW,sBAAsB;IAmJpC;;;;;;;;;OASG;IACH,OAAO,CAAC,WAAW;IAMnB;;;;;;;;;OASG;IACH,OAAO,CAAC,4BAA4B;IAqLpC;;OAEG;YACW,UAAU;IAqDxB;;;;;OAKG;YACW,WAAW;IA0GzB;;OAEG;YACW,qBAAqB;CAsBpC"}
|
|
@@ -22,6 +22,7 @@ import { ProofService } from "./proof.service";
|
|
|
22
22
|
import { createCredentialAuthHandler } from "./credential-auth.handler";
|
|
23
23
|
import { IdpTokenStorage } from "./idp-token-storage";
|
|
24
24
|
import { OAuthSecurityService } from "./oauth-security.service";
|
|
25
|
+
import { didKeyFragment } from "@kya-os/mcp-i-core/utils/did-helpers";
|
|
25
26
|
import { CONSENT_BUNDLE, CONSENT_BUNDLE_SIZE } from "@kya-os/consent";
|
|
26
27
|
import { calculateDOInstanceId, parseDORoutingStrategy, parseDOShardCount, } from "../utils/do-routing";
|
|
27
28
|
export class ConsentService {
|
|
@@ -315,7 +316,7 @@ export class ConsentService {
|
|
|
315
316
|
const rawKeyPair = await crypto.generateKeyPair();
|
|
316
317
|
// Generate proper did:key from Ed25519 public key
|
|
317
318
|
const userDid = generateDidKeyFromBase64(rawKeyPair.publicKey);
|
|
318
|
-
const keyId = `${userDid}
|
|
319
|
+
const keyId = `${userDid}#${didKeyFragment(userDid)}`;
|
|
319
320
|
// Store identity data in same format as session init
|
|
320
321
|
const identityData = {
|
|
321
322
|
userDid,
|
|
@@ -549,7 +550,7 @@ export class ConsentService {
|
|
|
549
550
|
const rawKeyPair = await crypto.generateKeyPair();
|
|
550
551
|
// Generate did:key from public key
|
|
551
552
|
const did = this.generateDidKeyFromPublicKey(rawKeyPair.publicKey);
|
|
552
|
-
const keyId = `${did}
|
|
553
|
+
const keyId = `${did}#${didKeyFragment(did)}`;
|
|
553
554
|
const keyPair = {
|
|
554
555
|
did,
|
|
555
556
|
publicKey: rawKeyPair.publicKey,
|
|
@@ -631,7 +632,7 @@ export class ConsentService {
|
|
|
631
632
|
const rawKeyPair = await crypto.generateKeyPair();
|
|
632
633
|
// Generate did:key from public key
|
|
633
634
|
const ephemeralUserDid = this.generateDidKeyFromPublicKey(rawKeyPair.publicKey);
|
|
634
|
-
const keyId = `${ephemeralUserDid}
|
|
635
|
+
const keyId = `${ephemeralUserDid}#${didKeyFragment(ephemeralUserDid)}`;
|
|
635
636
|
// Create full UserKeyPair for VC signing
|
|
636
637
|
const keyPair = {
|
|
637
638
|
did: ephemeralUserDid,
|
|
@@ -1373,6 +1374,10 @@ export class ConsentService {
|
|
|
1373
1374
|
*/
|
|
1374
1375
|
async handle(request) {
|
|
1375
1376
|
const url = new URL(request.url);
|
|
1377
|
+
// OPTIONS preflight for /consent/approve (MCP Apps iframe CORS)
|
|
1378
|
+
if (request.method === "OPTIONS" && url.pathname === "/consent/approve") {
|
|
1379
|
+
return this.handleCorsPreflightForApproval(request);
|
|
1380
|
+
}
|
|
1376
1381
|
// GET /consent.js - Serve consent bundle for CSR mode
|
|
1377
1382
|
if (request.method === "GET" && url.pathname === "/consent.js") {
|
|
1378
1383
|
return this.serveConsentBundle();
|
|
@@ -1383,7 +1388,8 @@ export class ConsentService {
|
|
|
1383
1388
|
}
|
|
1384
1389
|
// POST /consent/approve - Handle approval
|
|
1385
1390
|
if (request.method === "POST" && url.pathname === "/consent/approve") {
|
|
1386
|
-
|
|
1391
|
+
const response = await this.handleApproval(request);
|
|
1392
|
+
return this.addCorsHeaders(response, request);
|
|
1387
1393
|
}
|
|
1388
1394
|
// GET /consent/success - Success page
|
|
1389
1395
|
if (request.method === "GET" && url.pathname === "/consent/success") {
|
|
@@ -1413,6 +1419,44 @@ export class ConsentService {
|
|
|
1413
1419
|
},
|
|
1414
1420
|
});
|
|
1415
1421
|
}
|
|
1422
|
+
/**
|
|
1423
|
+
* Handle CORS preflight for /consent/approve.
|
|
1424
|
+
*
|
|
1425
|
+
* When the consent UI runs inside an MCP Apps sandboxed iframe, the
|
|
1426
|
+
* browser sends an OPTIONS preflight before the actual POST. The
|
|
1427
|
+
* sandbox creates an opaque origin so we allow any origin.
|
|
1428
|
+
*
|
|
1429
|
+
* Security: The approve endpoint validates all required fields
|
|
1430
|
+
* (tool, scopes, session_id, project_id) via Zod schema, so
|
|
1431
|
+
* permissive CORS does not weaken the security boundary.
|
|
1432
|
+
*/
|
|
1433
|
+
handleCorsPreflightForApproval(request) {
|
|
1434
|
+
return new Response(null, {
|
|
1435
|
+
status: 204,
|
|
1436
|
+
headers: {
|
|
1437
|
+
"Access-Control-Allow-Origin": request.headers.get("Origin") || "*",
|
|
1438
|
+
"Access-Control-Allow-Methods": "POST, OPTIONS",
|
|
1439
|
+
"Access-Control-Allow-Headers": "Content-Type",
|
|
1440
|
+
"Access-Control-Max-Age": "86400",
|
|
1441
|
+
},
|
|
1442
|
+
});
|
|
1443
|
+
}
|
|
1444
|
+
/**
|
|
1445
|
+
* Append CORS headers to an existing response.
|
|
1446
|
+
* Used for POST /consent/approve responses so the MCP Apps
|
|
1447
|
+
* sandboxed iframe can read the JSON body.
|
|
1448
|
+
*/
|
|
1449
|
+
addCorsHeaders(response, request) {
|
|
1450
|
+
const headers = new Headers(response.headers);
|
|
1451
|
+
headers.set("Access-Control-Allow-Origin", request.headers.get("Origin") || "*");
|
|
1452
|
+
headers.set("Access-Control-Allow-Methods", "POST, OPTIONS");
|
|
1453
|
+
headers.set("Access-Control-Allow-Headers", "Content-Type");
|
|
1454
|
+
return new Response(response.body, {
|
|
1455
|
+
status: response.status,
|
|
1456
|
+
statusText: response.statusText,
|
|
1457
|
+
headers,
|
|
1458
|
+
});
|
|
1459
|
+
}
|
|
1416
1460
|
/**
|
|
1417
1461
|
* Render consent page
|
|
1418
1462
|
*
|
|
@@ -3785,22 +3829,13 @@ export class ConsentService {
|
|
|
3785
3829
|
*/
|
|
3786
3830
|
async handleCredentialApproval(body, request) {
|
|
3787
3831
|
logger.debug("[ConsentService] Processing credential approval");
|
|
3788
|
-
// Extract standard fields
|
|
3789
|
-
|
|
3790
|
-
//
|
|
3791
|
-
|
|
3792
|
-
|
|
3793
|
-
logger.debug("[ConsentService] DEBUG: Credential values received", {
|
|
3832
|
+
// Extract standard fields.
|
|
3833
|
+
// inline_mode and approved are destructured to keep them out of the
|
|
3834
|
+
// ...credentials rest object (which is sent to the external credential provider).
|
|
3835
|
+
const { tool, scopes: rawScopes, agent_did, session_id, project_id, provider, provider_type, csrf_token, inline_mode: _inlineMode, approved: _approved, termsAccepted: _termsAccepted, ...credentials } = body;
|
|
3836
|
+
logger.debug("[ConsentService] Credential submission received", {
|
|
3794
3837
|
hasUsername: !!credentials.username,
|
|
3795
|
-
usernameLength: (credentials.username || "").length,
|
|
3796
|
-
usernameValue: credentials.username, // Safe to log email
|
|
3797
3838
|
hasPassword: !!credentials.password,
|
|
3798
|
-
passwordLength: pwd.length,
|
|
3799
|
-
passwordFirstChar: pwd.length > 0 ? pwd[0] : "",
|
|
3800
|
-
passwordLastChar: pwd.length > 0 ? pwd[pwd.length - 1] : "",
|
|
3801
|
-
// Check for special chars that might be escaped
|
|
3802
|
-
passwordContainsDollar: pwd.includes("$"),
|
|
3803
|
-
passwordContainsDoubleD: pwd.includes("$$"),
|
|
3804
3839
|
});
|
|
3805
3840
|
// Parse scopes - handles double JSON encoding from form submission
|
|
3806
3841
|
// The form stores scopes as JSON string, then JS submits it as JSON again
|
|
@@ -3820,26 +3855,33 @@ export class ConsentService {
|
|
|
3820
3855
|
error_code: "validation_error",
|
|
3821
3856
|
}), { status: 400, headers: { "Content-Type": "application/json" } });
|
|
3822
3857
|
}
|
|
3823
|
-
//
|
|
3824
|
-
|
|
3825
|
-
|
|
3826
|
-
|
|
3827
|
-
|
|
3828
|
-
|
|
3829
|
-
|
|
3830
|
-
|
|
3831
|
-
|
|
3832
|
-
|
|
3833
|
-
|
|
3834
|
-
|
|
3835
|
-
|
|
3836
|
-
|
|
3837
|
-
}
|
|
3838
|
-
|
|
3839
|
-
|
|
3840
|
-
|
|
3841
|
-
|
|
3842
|
-
|
|
3858
|
+
// Skip CSRF validation for inline mode.
|
|
3859
|
+
// CSRF protects against cross-site browser form submissions — the inline
|
|
3860
|
+
// tool handler runs server-side through the MCP tools/call proxy, so
|
|
3861
|
+
// CSRF is not applicable.
|
|
3862
|
+
const isInlineMode = body.inline_mode === true;
|
|
3863
|
+
if (!isInlineMode) {
|
|
3864
|
+
// Validate CSRF token
|
|
3865
|
+
if (!csrf_token || typeof csrf_token !== "string") {
|
|
3866
|
+
logger.warn("[ConsentService] Missing or invalid CSRF token");
|
|
3867
|
+
return new Response(JSON.stringify({
|
|
3868
|
+
success: false,
|
|
3869
|
+
error: "Invalid or missing CSRF token",
|
|
3870
|
+
error_code: "csrf_error",
|
|
3871
|
+
}), { status: 403, headers: { "Content-Type": "application/json" } });
|
|
3872
|
+
}
|
|
3873
|
+
// Validate CSRF token against stored value
|
|
3874
|
+
const csrfValid = await this.validateCredentialCsrfToken(csrf_token, session_id);
|
|
3875
|
+
if (!csrfValid) {
|
|
3876
|
+
logger.warn("[ConsentService] CSRF token validation failed", {
|
|
3877
|
+
sessionId: session_id.substring(0, 20) + "...",
|
|
3878
|
+
});
|
|
3879
|
+
return new Response(JSON.stringify({
|
|
3880
|
+
success: false,
|
|
3881
|
+
error: "CSRF token validation failed",
|
|
3882
|
+
error_code: "csrf_error",
|
|
3883
|
+
}), { status: 403, headers: { "Content-Type": "application/json" } });
|
|
3884
|
+
}
|
|
3843
3885
|
}
|
|
3844
3886
|
try {
|
|
3845
3887
|
// 1. Fetch credential provider config from AgentShield
|
|
@@ -3946,7 +3988,81 @@ export class ConsentService {
|
|
|
3946
3988
|
});
|
|
3947
3989
|
logger.info("[ConsentService] ✅ Token stored");
|
|
3948
3990
|
// ================================================================================
|
|
3949
|
-
//
|
|
3991
|
+
// 5a. INLINE MODE: Create delegation directly (single-step)
|
|
3992
|
+
// ================================================================================
|
|
3993
|
+
// When called from the MCP Apps inline consent iframe via tools/call proxy,
|
|
3994
|
+
// skip the browser redirect and create the delegation in one step.
|
|
3995
|
+
// The user already submitted credentials + accepted terms in the iframe form.
|
|
3996
|
+
// ================================================================================
|
|
3997
|
+
if (isInlineMode) {
|
|
3998
|
+
logger.info("[ConsentService] Inline mode - creating delegation directly");
|
|
3999
|
+
// Build an approval request for createDelegation
|
|
4000
|
+
const approvalBody = {
|
|
4001
|
+
tool: tool,
|
|
4002
|
+
scopes: scopes,
|
|
4003
|
+
agent_did: agent_did,
|
|
4004
|
+
session_id: session_id,
|
|
4005
|
+
project_id: project_id,
|
|
4006
|
+
termsAccepted: true,
|
|
4007
|
+
approved: true,
|
|
4008
|
+
user_did: identityResult.userDid,
|
|
4009
|
+
provider_type: CONSENT_PROVIDER_TYPES.PASSWORD,
|
|
4010
|
+
customFields: {
|
|
4011
|
+
provider: provider,
|
|
4012
|
+
provider_type: CONSENT_PROVIDER_TYPES.PASSWORD,
|
|
4013
|
+
},
|
|
4014
|
+
};
|
|
4015
|
+
// Include user info if available from credential auth
|
|
4016
|
+
if (authResult.userEmail) {
|
|
4017
|
+
approvalBody.credential_user_email = authResult.userEmail;
|
|
4018
|
+
}
|
|
4019
|
+
if (authResult.userId) {
|
|
4020
|
+
approvalBody.credential_provider_user_id = authResult.userId;
|
|
4021
|
+
}
|
|
4022
|
+
const validation = validateConsentApprovalRequest(approvalBody);
|
|
4023
|
+
if (!validation.success) {
|
|
4024
|
+
logger.error("[ConsentService] Inline approval request validation failed:", { errors: validation.error.errors });
|
|
4025
|
+
return new Response(JSON.stringify({
|
|
4026
|
+
success: false,
|
|
4027
|
+
error: "Inline approval validation failed",
|
|
4028
|
+
error_code: "validation_error",
|
|
4029
|
+
}), { status: 400, headers: { "Content-Type": "application/json" } });
|
|
4030
|
+
}
|
|
4031
|
+
const approvalRequest = validation.data;
|
|
4032
|
+
// Inject provider_type at root level for buildDelegationRequest
|
|
4033
|
+
approvalRequest.provider_type =
|
|
4034
|
+
CONSENT_PROVIDER_TYPES.PASSWORD;
|
|
4035
|
+
const delegationResult = await this.createDelegation(approvalRequest);
|
|
4036
|
+
if (!delegationResult.success) {
|
|
4037
|
+
return new Response(JSON.stringify({
|
|
4038
|
+
success: false,
|
|
4039
|
+
error: delegationResult.error || "Failed to create delegation",
|
|
4040
|
+
error_code: delegationResult.error_code || "delegation_creation_failed",
|
|
4041
|
+
}), { status: 500, headers: { "Content-Type": "application/json" } });
|
|
4042
|
+
}
|
|
4043
|
+
// Guard: ensure token and id are present before storing
|
|
4044
|
+
if (!delegationResult.delegation_token ||
|
|
4045
|
+
!delegationResult.delegation_id) {
|
|
4046
|
+
return new Response(JSON.stringify({
|
|
4047
|
+
success: false,
|
|
4048
|
+
error: "Delegation created but missing token or id",
|
|
4049
|
+
error_code: "delegation_incomplete",
|
|
4050
|
+
}), { status: 500, headers: { "Content-Type": "application/json" } });
|
|
4051
|
+
}
|
|
4052
|
+
// Store delegation token (DO + KV)
|
|
4053
|
+
const serverUrl = this.env.MCP_SERVER_URL || new URL(request.url).origin;
|
|
4054
|
+
await this.storeDelegationToken(session_id, agent_did, delegationResult.delegation_token, delegationResult.delegation_id, identityResult.userDid, serverUrl);
|
|
4055
|
+
logger.info("[ConsentService] ✅ Inline credential auth + delegation complete", {
|
|
4056
|
+
delegationId: delegationResult.delegation_id?.substring(0, 20) + "...",
|
|
4057
|
+
});
|
|
4058
|
+
return new Response(JSON.stringify({
|
|
4059
|
+
success: true,
|
|
4060
|
+
delegation_id: delegationResult.delegation_id,
|
|
4061
|
+
delegation_token: delegationResult.delegation_token,
|
|
4062
|
+
}), { status: 200, headers: { "Content-Type": "application/json" } });
|
|
4063
|
+
}
|
|
4064
|
+
// ================================================================================
|
|
4065
|
+
// 5b. REDIRECT TO CLICKWRAP PAGE (3-screen flow)
|
|
3950
4066
|
// ================================================================================
|
|
3951
4067
|
// Flow: Credential Auth → Clickwrap (consent-only UI) → Success
|
|
3952
4068
|
//
|