@leanmcp/auth 0.3.1 → 0.4.0

package/dist/storage/index.js

@@ -0,0 +1,499 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/storage/index.ts
+var storage_exports = {};
+__export(storage_exports, {
+  FileStorage: () => FileStorage,
+  KeychainStorage: () => KeychainStorage,
+  MemoryStorage: () => MemoryStorage,
+  isKeychainAvailable: () => isKeychainAvailable,
+  isTokenExpired: () => isTokenExpired,
+  withExpiresAt: () => withExpiresAt
+});
+module.exports = __toCommonJS(storage_exports);
+
+// src/storage/types.ts
+function isTokenExpired(tokens, bufferSeconds = 60) {
+  if (!tokens.expires_at && !tokens.expires_in) {
+    return false;
+  }
+  const expiresAt = tokens.expires_at ?? Date.now() / 1e3 + (tokens.expires_in ?? 0);
+  const now = Date.now() / 1e3;
+  return expiresAt <= now + bufferSeconds;
+}
+__name(isTokenExpired, "isTokenExpired");
+function withExpiresAt(tokens) {
+  if (tokens.expires_at || !tokens.expires_in) {
+    return tokens;
+  }
+  return {
+    ...tokens,
+    expires_at: Math.floor(Date.now() / 1e3) + tokens.expires_in
+  };
+}
+__name(withExpiresAt, "withExpiresAt");
+
+// src/storage/memory.ts
+var MemoryStorage = class {
+  static {
+    __name(this, "MemoryStorage");
+  }
+  tokens = /* @__PURE__ */ new Map();
+  clients = /* @__PURE__ */ new Map();
+  /**
+   * Normalize server URL for consistent key lookup
+   */
+  normalizeUrl(serverUrl) {
+    return serverUrl.replace(/\/+$/, "").toLowerCase();
+  }
+  /**
+   * Check if an entry is expired
+   */
+  isExpired(entry) {
+    if (!entry) return true;
+    if (!entry.expiresAt) return false;
+    return Date.now() / 1e3 >= entry.expiresAt;
+  }
+  async getTokens(serverUrl) {
+    const key = this.normalizeUrl(serverUrl);
+    const entry = this.tokens.get(key);
+    if (this.isExpired(entry)) {
+      this.tokens.delete(key);
+      return null;
+    }
+    return entry?.value ?? null;
+  }
+  async setTokens(serverUrl, tokens) {
+    const key = this.normalizeUrl(serverUrl);
+    const enrichedTokens = withExpiresAt(tokens);
+    this.tokens.set(key, {
+      value: enrichedTokens,
+      expiresAt: enrichedTokens.expires_at
+    });
+  }
+  async clearTokens(serverUrl) {
+    const key = this.normalizeUrl(serverUrl);
+    this.tokens.delete(key);
+  }
+  async getClientInfo(serverUrl) {
+    const key = this.normalizeUrl(serverUrl);
+    const entry = this.clients.get(key);
+    if (this.isExpired(entry)) {
+      this.clients.delete(key);
+      return null;
+    }
+    return entry?.value ?? null;
+  }
+  async setClientInfo(serverUrl, info) {
+    const key = this.normalizeUrl(serverUrl);
+    this.clients.set(key, {
+      value: info,
+      expiresAt: info.client_secret_expires_at
+    });
+  }
+  async clearClientInfo(serverUrl) {
+    const key = this.normalizeUrl(serverUrl);
+    this.clients.delete(key);
+  }
+  async clearAll() {
+    this.tokens.clear();
+    this.clients.clear();
+  }
+  async getAllSessions() {
+    const sessions = [];
+    for (const [url, entry] of this.tokens.entries()) {
+      if (!this.isExpired(entry)) {
+        sessions.push({
+          serverUrl: url,
+          tokens: entry.value,
+          clientInfo: this.clients.get(url)?.value,
+          createdAt: Date.now(),
+          updatedAt: Date.now()
+        });
+      }
+    }
+    return sessions;
+  }
+};
+
+// src/storage/file.ts
+var import_fs = require("fs");
+var import_path = require("path");
+var import_crypto = require("crypto");
+var CURRENT_VERSION = 1;
+var ALGORITHM = "aes-256-gcm";
+var FileStorage = class {
+  static {
+    __name(this, "FileStorage");
+  }
+  filePath;
+  encryptionKey;
+  prettyPrint;
+  cache = null;
+  writePromise = null;
+  constructor(options) {
+    if (typeof options === "string") {
+      this.filePath = this.expandPath(options);
+      this.prettyPrint = false;
+    } else {
+      this.filePath = this.expandPath(options.filePath);
+      this.prettyPrint = options.prettyPrint ?? false;
+      if (options.encryptionKey) {
+        this.encryptionKey = (0, import_crypto.scryptSync)(options.encryptionKey, "leanmcp-salt", 32);
+      }
+    }
+  }
+  /**
+   * Expand ~ to home directory
+   */
+  expandPath(filePath) {
+    if (filePath.startsWith("~")) {
+      const home = process.env.HOME || process.env.USERPROFILE || "";
+      return filePath.replace("~", home);
+    }
+    return filePath;
+  }
+  /**
+   * Normalize server URL for consistent key lookup
+   */
+  normalizeUrl(serverUrl) {
+    return serverUrl.replace(/\/+$/, "").toLowerCase();
+  }
+  /**
+   * Encrypt data
+   */
+  encrypt(data) {
+    if (!this.encryptionKey) return data;
+    const iv = (0, import_crypto.randomBytes)(16);
+    const cipher = (0, import_crypto.createCipheriv)(ALGORITHM, this.encryptionKey, iv);
+    let encrypted = cipher.update(data, "utf8", "hex");
+    encrypted += cipher.final("hex");
+    const authTag = cipher.getAuthTag();
+    return `${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted}`;
+  }
+  /**
+   * Decrypt data
+   */
+  decrypt(data) {
+    if (!this.encryptionKey) return data;
+    const [ivHex, authTagHex, encrypted] = data.split(":");
+    const iv = Buffer.from(ivHex, "hex");
+    const authTag = Buffer.from(authTagHex, "hex");
+    const decipher = (0, import_crypto.createDecipheriv)(ALGORITHM, this.encryptionKey, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(encrypted, "hex", "utf8");
+    decrypted += decipher.final("utf8");
+    return decrypted;
+  }
+  /**
+   * Read data from file
+   */
+  async readFile() {
+    if (this.cache) return this.cache;
+    try {
+      const raw = await import_fs.promises.readFile(this.filePath, "utf8");
+      const decrypted = this.decrypt(raw);
+      this.cache = JSON.parse(decrypted);
+      return this.cache;
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        this.cache = {
+          version: CURRENT_VERSION,
+          sessions: {}
+        };
+        return this.cache;
+      }
+      throw error;
+    }
+  }
+  /**
+   * Write data to file (coalesced to avoid race conditions)
+   */
+  async writeFile(data) {
+    this.cache = data;
+    if (this.writePromise) {
+      return this.writePromise;
+    }
+    this.writePromise = (async () => {
+      try {
+        await import_fs.promises.mkdir((0, import_path.dirname)(this.filePath), {
+          recursive: true
+        });
+        const json = this.prettyPrint ? JSON.stringify(data, null, 2) : JSON.stringify(data);
+        const encrypted = this.encrypt(json);
+        await import_fs.promises.writeFile(this.filePath, encrypted, "utf8");
+      } finally {
+        this.writePromise = null;
+      }
+    })();
+    return this.writePromise;
+  }
+  async getTokens(serverUrl) {
+    const key = this.normalizeUrl(serverUrl);
+    const data = await this.readFile();
+    const session = data.sessions[key];
+    if (!session) return null;
+    if (isTokenExpired(session.tokens)) {
+      return session.tokens;
+    }
+    return session.tokens;
+  }
+  async setTokens(serverUrl, tokens) {
+    const key = this.normalizeUrl(serverUrl);
+    const data = await this.readFile();
+    const now = Date.now();
+    const existing = data.sessions[key];
+    data.sessions[key] = {
+      tokens: withExpiresAt(tokens),
+      clientInfo: existing?.clientInfo,
+      createdAt: existing?.createdAt ?? now,
+      updatedAt: now
+    };
+    await this.writeFile(data);
+  }
+  async clearTokens(serverUrl) {
+    const key = this.normalizeUrl(serverUrl);
+    const data = await this.readFile();
+    const session = data.sessions[key];
+    if (session) {
+      if (session.clientInfo) {
+        data.sessions[key] = {
+          tokens: {
+            access_token: "",
+            token_type: "bearer"
+          },
+          clientInfo: session.clientInfo,
+          createdAt: session.createdAt,
+          updatedAt: Date.now()
+        };
+      } else {
+        const { [key]: _, ...remaining } = data.sessions;
+        data.sessions = remaining;
+      }
+    }
+    await this.writeFile(data);
+  }
+  async getClientInfo(serverUrl) {
+    const key = this.normalizeUrl(serverUrl);
+    const data = await this.readFile();
+    return data.sessions[key]?.clientInfo ?? null;
+  }
+  async setClientInfo(serverUrl, info) {
+    const key = this.normalizeUrl(serverUrl);
+    const data = await this.readFile();
+    const now = Date.now();
+    const existing = data.sessions[key];
+    data.sessions[key] = {
+      tokens: existing?.tokens ?? {
+        access_token: "",
+        token_type: "bearer"
+      },
+      clientInfo: info,
+      createdAt: existing?.createdAt ?? now,
+      updatedAt: now
+    };
+    await this.writeFile(data);
+  }
+  async clearClientInfo(serverUrl) {
+    const key = this.normalizeUrl(serverUrl);
+    const data = await this.readFile();
+    const session = data.sessions[key];
+    if (session) {
+      if (session.tokens?.access_token) {
+        data.sessions[key] = {
+          tokens: session.tokens,
+          createdAt: session.createdAt,
+          updatedAt: Date.now()
+        };
+      } else {
+        const { [key]: _, ...remaining } = data.sessions;
+        data.sessions = remaining;
+      }
+    }
+    await this.writeFile(data);
+  }
+  async clearAll() {
+    await this.writeFile({
+      version: CURRENT_VERSION,
+      sessions: {}
+    });
+  }
+  async getAllSessions() {
+    const data = await this.readFile();
+    return Object.entries(data.sessions).map(([url, session]) => ({
+      serverUrl: url,
+      tokens: session.tokens,
+      clientInfo: session.clientInfo,
+      createdAt: session.createdAt,
+      updatedAt: session.updatedAt
+    }));
+  }
+};
+
+// src/storage/keychain.ts
+var SERVICE_NAME = "leanmcp-auth";
+var KeychainStorage = class {
+  static {
+    __name(this, "KeychainStorage");
+  }
+  serviceName;
+  keytar = null;
+  initPromise = null;
+  constructor(options = {}) {
+    this.serviceName = options.serviceName ?? SERVICE_NAME;
+  }
+  /**
+   * Initialize keytar (lazy load)
+   */
+  async init() {
+    if (this.keytar) return;
+    if (this.initPromise) {
+      await this.initPromise;
+      return;
+    }
+    this.initPromise = (async () => {
+      try {
+        this.keytar = require("keytar");
+      } catch (error) {
+        throw new Error('KeychainStorage requires the "keytar" package. Install it with: npm install keytar');
+      }
+    })();
+    await this.initPromise;
+  }
+  /**
+   * Normalize server URL for consistent key lookup
+   */
+  normalizeUrl(serverUrl) {
+    return serverUrl.replace(/\/+$/, "").toLowerCase();
+  }
+  /**
+   * Get account key for tokens
+   */
+  getTokensAccount(serverUrl) {
+    return `tokens:${this.normalizeUrl(serverUrl)}`;
+  }
+  /**
+   * Get account key for client info
+   */
+  getClientAccount(serverUrl) {
+    return `client:${this.normalizeUrl(serverUrl)}`;
+  }
+  async getTokens(serverUrl) {
+    await this.init();
+    const account = this.getTokensAccount(serverUrl);
+    const stored = await this.keytar.getPassword(this.serviceName, account);
+    if (!stored) return null;
+    try {
+      return JSON.parse(stored);
+    } catch {
+      return null;
+    }
+  }
+  async setTokens(serverUrl, tokens) {
+    await this.init();
+    const account = this.getTokensAccount(serverUrl);
+    const enrichedTokens = withExpiresAt(tokens);
+    await this.keytar.setPassword(this.serviceName, account, JSON.stringify(enrichedTokens));
+  }
+  async clearTokens(serverUrl) {
+    await this.init();
+    const account = this.getTokensAccount(serverUrl);
+    await this.keytar.deletePassword(this.serviceName, account);
+  }
+  async getClientInfo(serverUrl) {
+    await this.init();
+    const account = this.getClientAccount(serverUrl);
+    const stored = await this.keytar.getPassword(this.serviceName, account);
+    if (!stored) return null;
+    try {
+      return JSON.parse(stored);
+    } catch {
+      return null;
+    }
+  }
+  async setClientInfo(serverUrl, info) {
+    await this.init();
+    const account = this.getClientAccount(serverUrl);
+    await this.keytar.setPassword(this.serviceName, account, JSON.stringify(info));
+  }
+  async clearClientInfo(serverUrl) {
+    await this.init();
+    const account = this.getClientAccount(serverUrl);
+    await this.keytar.deletePassword(this.serviceName, account);
+  }
+  async clearAll() {
+    await this.init();
+    const credentials = await this.keytar.findCredentials(this.serviceName);
+    for (const cred of credentials) {
+      await this.keytar.deletePassword(this.serviceName, cred.account);
+    }
+  }
+  async getAllSessions() {
+    await this.init();
+    const credentials = await this.keytar.findCredentials(this.serviceName);
+    const sessions = [];
+    const tokensMap = /* @__PURE__ */ new Map();
+    const clientMap = /* @__PURE__ */ new Map();
+    for (const cred of credentials) {
+      if (cred.account.startsWith("tokens:")) {
+        const url = cred.account.replace("tokens:", "");
+        try {
+          tokensMap.set(url, JSON.parse(cred.password));
+        } catch {
+        }
+      } else if (cred.account.startsWith("client:")) {
+        const url = cred.account.replace("client:", "");
+        try {
+          clientMap.set(url, JSON.parse(cred.password));
+        } catch {
+        }
+      }
+    }
+    for (const [url, tokens] of tokensMap) {
+      sessions.push({
+        serverUrl: url,
+        tokens,
+        clientInfo: clientMap.get(url),
+        createdAt: Date.now(),
+        updatedAt: Date.now()
+      });
+    }
+    return sessions;
+  }
+};
+async function isKeychainAvailable() {
+  try {
+    require("keytar");
+    return true;
+  } catch {
+    return false;
+  }
+}
+__name(isKeychainAvailable, "isKeychainAvailable");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  FileStorage,
+  KeychainStorage,
+  MemoryStorage,
+  isKeychainAvailable,
+  isTokenExpired,
+  withExpiresAt
+});