@leanmcp/auth 0.3.1 → 0.4.0

package/dist/storage/index.d.mts

@@ -0,0 +1,181 @@
+import { T as TokenStorage, O as OAuthTokens, C as ClientRegistration, S as StoredSession } from '../types-DMpGN530.mjs';
+export { i as isTokenExpired, w as withExpiresAt } from '../types-DMpGN530.mjs';
+
+/**
+ * In-memory token storage
+ *
+ * Fast, simple storage for development and short-lived sessions.
+ * Tokens are lost when the process exits.
+ */
+
+/**
+ * In-memory token storage implementation
+ *
+ * @example
+ * ```typescript
+ * const storage = new MemoryStorage();
+ * await storage.setTokens('https://mcp.example.com', tokens);
+ * ```
+ */
+declare class MemoryStorage implements TokenStorage {
+    private tokens;
+    private clients;
+    /**
+     * Normalize server URL for consistent key lookup
+     */
+    private normalizeUrl;
+    /**
+     * Check if an entry is expired
+     */
+    private isExpired;
+    getTokens(serverUrl: string): Promise<OAuthTokens | null>;
+    setTokens(serverUrl: string, tokens: OAuthTokens): Promise<void>;
+    clearTokens(serverUrl: string): Promise<void>;
+    getClientInfo(serverUrl: string): Promise<ClientRegistration | null>;
+    setClientInfo(serverUrl: string, info: ClientRegistration): Promise<void>;
+    clearClientInfo(serverUrl: string): Promise<void>;
+    clearAll(): Promise<void>;
+    getAllSessions(): Promise<StoredSession[]>;
+}
+
+/**
+ * File-based token storage
+ *
+ * Persists tokens to a JSON file for survival across restarts.
+ * Optionally encrypts tokens for security.
+ */
+
+interface FileStorageOptions {
+    /** Path to the storage file */
+    filePath: string;
+    /** Optional encryption key (if omitted, data stored in plaintext) */
+    encryptionKey?: string;
+    /** Whether to pretty-print JSON (default: false) */
+    prettyPrint?: boolean;
+}
+/**
+ * File-based token storage with optional encryption
+ *
+ * @example
+ * ```typescript
+ * // Plaintext storage
+ * const storage = new FileStorage({ filePath: '~/.leanmcp/tokens.json' });
+ *
+ * // Encrypted storage
+ * const storage = new FileStorage({
+ *   filePath: '~/.leanmcp/tokens.enc',
+ *   encryptionKey: process.env.TOKEN_ENCRYPTION_KEY
+ * });
+ * ```
+ */
+declare class FileStorage implements TokenStorage {
+    private filePath;
+    private encryptionKey?;
+    private prettyPrint;
+    private cache;
+    private writePromise;
+    constructor(options: FileStorageOptions | string);
+    /**
+     * Expand ~ to home directory
+     */
+    private expandPath;
+    /**
+     * Normalize server URL for consistent key lookup
+     */
+    private normalizeUrl;
+    /**
+     * Encrypt data
+     */
+    private encrypt;
+    /**
+     * Decrypt data
+     */
+    private decrypt;
+    /**
+     * Read data from file
+     */
+    private readFile;
+    /**
+     * Write data to file (coalesced to avoid race conditions)
+     */
+    private writeFile;
+    getTokens(serverUrl: string): Promise<OAuthTokens | null>;
+    setTokens(serverUrl: string, tokens: OAuthTokens): Promise<void>;
+    clearTokens(serverUrl: string): Promise<void>;
+    getClientInfo(serverUrl: string): Promise<ClientRegistration | null>;
+    setClientInfo(serverUrl: string, info: ClientRegistration): Promise<void>;
+    clearClientInfo(serverUrl: string): Promise<void>;
+    clearAll(): Promise<void>;
+    getAllSessions(): Promise<StoredSession[]>;
+}
+
+/**
+ * OS Keychain Token Storage
+ *
+ * Secure storage using the operating system's credential manager:
+ * - macOS: Keychain
+ * - Windows: Credential Vault
+ * - Linux: libsecret (GNOME Keyring, KWallet, etc.)
+ *
+ * Requires the optional 'keytar' peer dependency.
+ */
+
+/**
+ * Keychain storage options
+ */
+interface KeychainStorageOptions {
+    /** Custom service name (default: 'leanmcp-auth') */
+    serviceName?: string;
+}
+/**
+ * OS Keychain-based token storage
+ *
+ * Uses the operating system's secure credential storage for maximum security.
+ * Tokens are encrypted at rest by the OS.
+ *
+ * @example
+ * ```typescript
+ * import { KeychainStorage } from '@leanmcp/auth/storage';
+ *
+ * // Requires 'keytar' to be installed
+ * const storage = new KeychainStorage();
+ *
+ * await storage.setTokens('https://mcp.example.com', tokens);
+ * ```
+ */
+declare class KeychainStorage implements TokenStorage {
+    private serviceName;
+    private keytar;
+    private initPromise;
+    constructor(options?: KeychainStorageOptions);
+    /**
+     * Initialize keytar (lazy load)
+     */
+    private init;
+    /**
+     * Normalize server URL for consistent key lookup
+     */
+    private normalizeUrl;
+    /**
+     * Get account key for tokens
+     */
+    private getTokensAccount;
+    /**
+     * Get account key for client info
+     */
+    private getClientAccount;
+    getTokens(serverUrl: string): Promise<OAuthTokens | null>;
+    setTokens(serverUrl: string, tokens: OAuthTokens): Promise<void>;
+    clearTokens(serverUrl: string): Promise<void>;
+    getClientInfo(serverUrl: string): Promise<ClientRegistration | null>;
+    setClientInfo(serverUrl: string, info: ClientRegistration): Promise<void>;
+    clearClientInfo(serverUrl: string): Promise<void>;
+    clearAll(): Promise<void>;
+    getAllSessions(): Promise<StoredSession[]>;
+}
+/**
+ * Check if keychain storage is available
+ */
+declare function isKeychainAvailable(): Promise<boolean>;
+
+export { ClientRegistration, FileStorage, KeychainStorage, type KeychainStorageOptions, MemoryStorage, OAuthTokens, StoredSession, TokenStorage, isKeychainAvailable };

package/dist/storage/index.d.ts

@@ -0,0 +1,181 @@
+import { T as TokenStorage, O as OAuthTokens, C as ClientRegistration, S as StoredSession } from '../types-DMpGN530.js';
+export { i as isTokenExpired, w as withExpiresAt } from '../types-DMpGN530.js';
+
+/**
+ * In-memory token storage
+ *
+ * Fast, simple storage for development and short-lived sessions.
+ * Tokens are lost when the process exits.
+ */
+
+/**
+ * In-memory token storage implementation
+ *
+ * @example
+ * ```typescript
+ * const storage = new MemoryStorage();
+ * await storage.setTokens('https://mcp.example.com', tokens);
+ * ```
+ */
+declare class MemoryStorage implements TokenStorage {
+    private tokens;
+    private clients;
+    /**
+     * Normalize server URL for consistent key lookup
+     */
+    private normalizeUrl;
+    /**
+     * Check if an entry is expired
+     */
+    private isExpired;
+    getTokens(serverUrl: string): Promise<OAuthTokens | null>;
+    setTokens(serverUrl: string, tokens: OAuthTokens): Promise<void>;
+    clearTokens(serverUrl: string): Promise<void>;
+    getClientInfo(serverUrl: string): Promise<ClientRegistration | null>;
+    setClientInfo(serverUrl: string, info: ClientRegistration): Promise<void>;
+    clearClientInfo(serverUrl: string): Promise<void>;
+    clearAll(): Promise<void>;
+    getAllSessions(): Promise<StoredSession[]>;
+}
+
+/**
+ * File-based token storage
+ *
+ * Persists tokens to a JSON file for survival across restarts.
+ * Optionally encrypts tokens for security.
+ */
+
+interface FileStorageOptions {
+    /** Path to the storage file */
+    filePath: string;
+    /** Optional encryption key (if omitted, data stored in plaintext) */
+    encryptionKey?: string;
+    /** Whether to pretty-print JSON (default: false) */
+    prettyPrint?: boolean;
+}
+/**
+ * File-based token storage with optional encryption
+ *
+ * @example
+ * ```typescript
+ * // Plaintext storage
+ * const storage = new FileStorage({ filePath: '~/.leanmcp/tokens.json' });
+ *
+ * // Encrypted storage
+ * const storage = new FileStorage({
+ *   filePath: '~/.leanmcp/tokens.enc',
+ *   encryptionKey: process.env.TOKEN_ENCRYPTION_KEY
+ * });
+ * ```
+ */
+declare class FileStorage implements TokenStorage {
+    private filePath;
+    private encryptionKey?;
+    private prettyPrint;
+    private cache;
+    private writePromise;
+    constructor(options: FileStorageOptions | string);
+    /**
+     * Expand ~ to home directory
+     */
+    private expandPath;
+    /**
+     * Normalize server URL for consistent key lookup
+     */
+    private normalizeUrl;
+    /**
+     * Encrypt data
+     */
+    private encrypt;
+    /**
+     * Decrypt data
+     */
+    private decrypt;
+    /**
+     * Read data from file
+     */
+    private readFile;
+    /**
+     * Write data to file (coalesced to avoid race conditions)
+     */
+    private writeFile;
+    getTokens(serverUrl: string): Promise<OAuthTokens | null>;
+    setTokens(serverUrl: string, tokens: OAuthTokens): Promise<void>;
+    clearTokens(serverUrl: string): Promise<void>;
+    getClientInfo(serverUrl: string): Promise<ClientRegistration | null>;
+    setClientInfo(serverUrl: string, info: ClientRegistration): Promise<void>;
+    clearClientInfo(serverUrl: string): Promise<void>;
+    clearAll(): Promise<void>;
+    getAllSessions(): Promise<StoredSession[]>;
+}
+
+/**
+ * OS Keychain Token Storage
+ *
+ * Secure storage using the operating system's credential manager:
+ * - macOS: Keychain
+ * - Windows: Credential Vault
+ * - Linux: libsecret (GNOME Keyring, KWallet, etc.)
+ *
+ * Requires the optional 'keytar' peer dependency.
+ */
+
+/**
+ * Keychain storage options
+ */
+interface KeychainStorageOptions {
+    /** Custom service name (default: 'leanmcp-auth') */
+    serviceName?: string;
+}
+/**
+ * OS Keychain-based token storage
+ *
+ * Uses the operating system's secure credential storage for maximum security.
+ * Tokens are encrypted at rest by the OS.
+ *
+ * @example
+ * ```typescript
+ * import { KeychainStorage } from '@leanmcp/auth/storage';
+ *
+ * // Requires 'keytar' to be installed
+ * const storage = new KeychainStorage();
+ *
+ * await storage.setTokens('https://mcp.example.com', tokens);
+ * ```
+ */
+declare class KeychainStorage implements TokenStorage {
+    private serviceName;
+    private keytar;
+    private initPromise;
+    constructor(options?: KeychainStorageOptions);
+    /**
+     * Initialize keytar (lazy load)
+     */
+    private init;
+    /**
+     * Normalize server URL for consistent key lookup
+     */
+    private normalizeUrl;
+    /**
+     * Get account key for tokens
+     */
+    private getTokensAccount;
+    /**
+     * Get account key for client info
+     */
+    private getClientAccount;
+    getTokens(serverUrl: string): Promise<OAuthTokens | null>;
+    setTokens(serverUrl: string, tokens: OAuthTokens): Promise<void>;
+    clearTokens(serverUrl: string): Promise<void>;
+    getClientInfo(serverUrl: string): Promise<ClientRegistration | null>;
+    setClientInfo(serverUrl: string, info: ClientRegistration): Promise<void>;
+    clearClientInfo(serverUrl: string): Promise<void>;
+    clearAll(): Promise<void>;
+    getAllSessions(): Promise<StoredSession[]>;
+}
+/**
+ * Check if keychain storage is available
+ */
+declare function isKeychainAvailable(): Promise<boolean>;
+
+export { ClientRegistration, FileStorage, KeychainStorage, type KeychainStorageOptions, MemoryStorage, OAuthTokens, StoredSession, TokenStorage, isKeychainAvailable };