@lifeaitools/clauth 1.5.11 → 1.5.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/cli/commands/serve.js
CHANGED
|
@@ -2472,7 +2472,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
2472
2472
|
const CORS = {
|
|
2473
2473
|
"Access-Control-Allow-Origin": "*",
|
|
2474
2474
|
"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
|
|
2475
|
-
"Access-Control-Allow-Headers": "Content-Type, Authorization, Mcp-Session-Id",
|
|
2475
|
+
"Access-Control-Allow-Headers": "Content-Type, Authorization, Mcp-Session-Id, mcp-protocol-version, mcp-session-id",
|
|
2476
2476
|
};
|
|
2477
2477
|
|
|
2478
2478
|
// ── MCP SSE session tracking ──────────────────────────────
|
|
@@ -3033,6 +3033,16 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3033
3033
|
// POST /mcp|/gws|/clauth — requires Bearer token; returns 401 to trigger OAuth flow
|
|
3034
3034
|
if (method === "POST" && isMcpPath) {
|
|
3035
3035
|
const authHeader = req.headers.authorization;
|
|
3036
|
+
// Detailed auth logging — helps diagnose claude.ai post-token failures
|
|
3037
|
+
const authLogMsg = [
|
|
3038
|
+
`[${new Date().toISOString()}] MCP POST ${reqPath}`,
|
|
3039
|
+
` Authorization: ${authHeader ? (authHeader.startsWith("Bearer ") ? `Bearer ${authHeader.slice(7, 15)}… (known=${oauthTokens.has(authHeader.slice(7))})` : authHeader.slice(0, 30) + "…") : "(none)"}`,
|
|
3040
|
+
` mcp-protocol-version: ${req.headers["mcp-protocol-version"] || "(not set)"}`,
|
|
3041
|
+
` accept: ${req.headers["accept"] || "(not set)"}`,
|
|
3042
|
+
` x-forwarded-for: ${req.headers["x-forwarded-for"] || "(not set)"}`,
|
|
3043
|
+
].join("\n") + "\n";
|
|
3044
|
+
try { fs.appendFileSync(LOG_FILE, authLogMsg); } catch {}
|
|
3045
|
+
|
|
3036
3046
|
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
3037
3047
|
const base = oauthBase();
|
|
3038
3048
|
// Path-specific resource metadata URL so claude.ai gets the right resource URI
|
|
@@ -3046,6 +3056,8 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3046
3056
|
}
|
|
3047
3057
|
const token = authHeader.slice(7);
|
|
3048
3058
|
if (!oauthTokens.has(token)) {
|
|
3059
|
+
const badTokenLog = `[${new Date().toISOString()}] OAuth: REJECTED token ${token.slice(0,8)}… (pool size=${oauthTokens.size})\n`;
|
|
3060
|
+
try { fs.appendFileSync(LOG_FILE, badTokenLog); } catch {}
|
|
3049
3061
|
res.writeHead(401, { "Content-Type": "application/json", ...CORS });
|
|
3050
3062
|
return res.end(JSON.stringify({ error: "invalid_token" }));
|
|
3051
3063
|
}
|
package/package.json
CHANGED
|
@@ -169,7 +169,7 @@ async function handleRevoke(sb: any, body: any, mh: string) {
|
|
|
169
169
|
|
|
170
170
|
async function handleStatus(sb: any, body: any, mh: string) {
|
|
171
171
|
let q = sb.from("clauth_services")
|
|
172
|
-
.select("name, label, key_type, enabled, vault_key, last_retrieved, last_rotated, created_at, project")
|
|
172
|
+
.select("name, label, key_type, enabled, vault_key, last_retrieved, last_rotated, created_at, project, description")
|
|
173
173
|
.order("project", { ascending: true, nullsFirst: true })
|
|
174
174
|
.order("name");
|
|
175
175
|
if (body.project) q = q.eq("project", body.project);
|