@lifeaitools/clauth 1.5.18 → 1.5.20

package/cli/commands/serve.js

@@ -2878,19 +2878,136 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return res.end();
     }
 
-    // ── OAuth Discovery — disabled (causes claude.ai OAuth loop) ──────────────
-    if (reqPath.startsWith("/.well-known/oauth-protected-resource") ||
-        reqPath === "/.well-known/oauth-authorization-server") {
-      res.writeHead(404, { "Content-Type": "application/json", ...CORS });
-      return res.end(JSON.stringify({ error: "not_found" }));
+    // ── OAuth Discovery (RFC 9728 + RFC 8414) ──────────────
+    // claude.ai probes these for ALL remote MCP connections.
+    // resource MUST match the connector URL configured in claude.ai (/sse).
+    if (reqPath.startsWith("/.well-known/oauth-protected-resource")) {
+      const base = oauthBase();
+      res.writeHead(200, { "Content-Type": "application/json", ...CORS });
+      return res.end(JSON.stringify({
+        resource: `${base}/sse`,
+        authorization_servers: [base],
+        scopes_supported: ["mcp:tools"],
+        bearer_methods_supported: ["header"],
+      }));
     }
 
-    // ── OAuth endpoints — disabled (well-known removed, these are dead paths) ──
-    if ((method === "POST" && reqPath === "/register") ||
-        (method === "GET"  && reqPath === "/authorize") ||
-        (method === "POST" && reqPath === "/token")) {
-      res.writeHead(404, { "Content-Type": "application/json", ...CORS });
-      return res.end(JSON.stringify({ error: "not_found" }));
+    if (reqPath === "/.well-known/oauth-authorization-server") {
+      const base = oauthBase();
+      res.writeHead(200, { "Content-Type": "application/json", ...CORS });
+      return res.end(JSON.stringify({
+        issuer: base,
+        authorization_endpoint: `${base}/authorize`,
+        token_endpoint: `${base}/token`,
+        registration_endpoint: `${base}/register`,
+        response_types_supported: ["code"],
+        grant_types_supported: ["authorization_code"],
+        code_challenge_methods_supported: ["S256"],
+        scopes_supported: ["mcp:tools"],
+      }));
+    }
+
+    // ── Dynamic Client Registration (RFC 7591) ──────────────
+    if (method === "POST" && reqPath === "/register") {
+      let body;
+      try { body = await readBody(req); } catch {
+        res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+        return res.end(JSON.stringify({ error: "invalid_request" }));
+      }
+      const clientId = crypto.randomBytes(16).toString("hex");
+      const clientSecret = crypto.randomBytes(32).toString("hex");
+      const client = {
+        client_id: clientId, client_secret: clientSecret,
+        client_name: body.client_name || "unknown",
+        redirect_uris: body.redirect_uris || [],
+        grant_types: body.grant_types || ["authorization_code"],
+        response_types: body.response_types || ["code"],
+        token_endpoint_auth_method: body.token_endpoint_auth_method || "client_secret_post",
+      };
+      oauthClients.set(clientId, client);
+      const logMsg = `[${new Date().toISOString()}] OAuth: registered client ${clientId} (${client.client_name})\n`;
+      try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
+      res.writeHead(201, { "Content-Type": "application/json", ...CORS });
+      return res.end(JSON.stringify(client));
+    }
+
+    // ── Authorization endpoint — auto-approve ──────────────
+    if (method === "GET" && reqPath === "/authorize") {
+      const clientId = url.searchParams.get("client_id");
+      const redirectUri = url.searchParams.get("redirect_uri");
+      const state = url.searchParams.get("state");
+      const codeChallenge = url.searchParams.get("code_challenge");
+      const codeChallengeMethod = url.searchParams.get("code_challenge_method");
+
+      if (!clientId || !redirectUri) {
+        res.writeHead(400, { "Content-Type": "text/plain", ...CORS });
+        return res.end("Missing client_id or redirect_uri");
+      }
+
+      const code = crypto.randomBytes(32).toString("hex");
+      oauthCodes.set(code, {
+        client_id: clientId, redirect_uri: redirectUri,
+        code_challenge: codeChallenge, code_challenge_method: codeChallengeMethod,
+        expires: Date.now() + 300_000,
+      });
+
+      const redirect = new URL(redirectUri);
+      redirect.searchParams.set("code", code);
+      if (state) redirect.searchParams.set("state", state);
+
+      const logMsg = `[${new Date().toISOString()}] OAuth: authorize → code issued for ${clientId}, redirecting to ${redirect.origin}\n`;
+      try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
+      res.writeHead(302, { Location: redirect.toString(), ...CORS });
+      return res.end();
+    }
+
+    // ── Token endpoint ──────────────────────────────────────
+    if (method === "POST" && reqPath === "/token") {
+      let body;
+      const ct = req.headers["content-type"] || "";
+      try {
+        if (ct.includes("application/json")) {
+          body = await readBody(req);
+        } else {
+          const raw = await readRawBody(req);
+          body = Object.fromEntries(new URLSearchParams(raw));
+        }
+      } catch {
+        res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+        return res.end(JSON.stringify({ error: "invalid_request" }));
+      }
+
+      if (body.grant_type !== "authorization_code") {
+        res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+        return res.end(JSON.stringify({ error: "unsupported_grant_type" }));
+      }
+
+      const stored = oauthCodes.get(body.code);
+      if (!stored || stored.expires < Date.now()) {
+        oauthCodes.delete(body.code);
+        res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+        return res.end(JSON.stringify({ error: "invalid_grant" }));
+      }
+
+      // PKCE verification
+      if (stored.code_challenge && body.code_verifier) {
+        const computed = sha256base64url(body.code_verifier);
+        if (computed !== stored.code_challenge) {
+          oauthCodes.delete(body.code);
+          res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+          return res.end(JSON.stringify({ error: "invalid_grant", error_description: "PKCE verification failed" }));
+        }
+      }
+
+      oauthCodes.delete(body.code);
+      const accessToken = crypto.randomBytes(32).toString("hex");
+      oauthTokens.add(accessToken);
+      saveTokens(oauthTokens);
+
+      const logMsg = `[${new Date().toISOString()}] OAuth: token issued for client ${stored.client_id} (token=${accessToken.slice(0,8)}…)\n`;
+      try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
+      res.writeHead(200, { "Content-Type": "application/json", ...CORS });
+      return res.end(JSON.stringify({ access_token: accessToken, token_type: "Bearer", expires_in: 86400 }));
     }
 
     // ── MCP path helpers ──
@@ -2907,23 +3024,46 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return "clauth";
     }
 
-    // ── MCP endpoint auth — log all incoming POSTs, accept with or without token ──
-    // /gws and /clauth are open (no OAuth gate) — tunnel URL is the shared secret.
-    // OAuth flow is still supported (tokens accepted when present) but not required.
-    if (method === "POST" && isMcpPath) {
+    // ── MCP endpoint auth ──
+    // Tunnel requests (Host = tunnel hostname) MUST have Bearer token → 401 triggers OAuth.
+    // Local requests (Host = 127.0.0.1) pass through without auth.
+    if (method === "POST" && (reqPath === "/sse" || isMcpPath)) {
       const authHeader = req.headers.authorization;
+      const host = (req.headers.host || "").split(":")[0];
+      const isTunnelReq = tunnelUrl && host !== "127.0.0.1" && host !== "localhost" && host !== "::1";
       const authLogMsg = [
         `[${new Date().toISOString()}] MCP POST ${reqPath}`,
+        `  Host: ${req.headers.host || "(none)"} (tunnel=${isTunnelReq})`,
         `  Authorization: ${authHeader ? (authHeader.startsWith("Bearer ") ? `Bearer ${authHeader.slice(7, 15)}… (known=${oauthTokens.has(authHeader.slice(7))})` : authHeader.slice(0, 30) + "…") : "(none)"}`,
         `  mcp-protocol-version: ${req.headers["mcp-protocol-version"] || "(not set)"}`,
         `  accept: ${req.headers["accept"] || "(not set)"}`,
       ].join("\n") + "\n";
       try { fs.appendFileSync(LOG_FILE, authLogMsg); } catch {}
-      // Mark as remote if a valid token is present (for vault access scoping)
-      if (authHeader?.startsWith("Bearer ") && oauthTokens.has(authHeader.slice(7))) {
+
+      if (isTunnelReq) {
+        if (!authHeader || !authHeader.startsWith("Bearer ")) {
+          const base = oauthBase();
+          const logMsg = `[${new Date().toISOString()}] OAuth: 401 → requiring auth for tunnel POST ${reqPath}\n`;
+          try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
+          res.writeHead(401, {
+            "Content-Type": "application/json",
+            "WWW-Authenticate": `Bearer resource_metadata="${base}/.well-known/oauth-protected-resource"`,
+            ...CORS,
+          });
+          return res.end(JSON.stringify({ error: "unauthorized" }));
+        }
+        const token = authHeader.slice(7);
+        if (!oauthTokens.has(token)) {
+          const logMsg = `[${new Date().toISOString()}] OAuth: REJECTED token ${token.slice(0,8)}… (pool=${oauthTokens.size})\n`;
+          try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
+          res.writeHead(401, { "Content-Type": "application/json", ...CORS });
+          return res.end(JSON.stringify({ error: "invalid_token" }));
+        }
+        req._clauthRemote = true;
+      } else if (authHeader?.startsWith("Bearer ") && oauthTokens.has(authHeader.slice(7))) {
         req._clauthRemote = true;
       }
-      // fall through to MCP handling — no 401 gate on these paths
+      // fall through to MCP handling
     }
 
     // ── MCP Streamable HTTP transport (2025-03-26 spec) ──
@@ -2984,7 +3124,27 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
 
     // ── MCP SSE transport — /sse and namespaced paths ────
     // GET /sse|/gws|/clauth — open SSE stream, receive endpoint event
+    // Tunnel requests require Bearer token (same as POST above)
     if (method === "GET" && (reqPath === "/sse" || isMcpPath)) {
+      const authHeader = req.headers.authorization;
+      const host = (req.headers.host || "").split(":")[0];
+      const isTunnelReq = tunnelUrl && host !== "127.0.0.1" && host !== "localhost" && host !== "::1";
+      if (isTunnelReq) {
+        if (!authHeader || !authHeader.startsWith("Bearer ")) {
+          const base = oauthBase();
+          res.writeHead(401, {
+            "Content-Type": "application/json",
+            "WWW-Authenticate": `Bearer resource_metadata="${base}/.well-known/oauth-protected-resource"`,
+            ...CORS,
+          });
+          return res.end(JSON.stringify({ error: "unauthorized" }));
+        }
+        if (!oauthTokens.has(authHeader.slice(7))) {
+          res.writeHead(401, { "Content-Type": "application/json", ...CORS });
+          return res.end(JSON.stringify({ error: "invalid_token" }));
+        }
+        // Token valid — mark as remote
+      }
       const sessionId = `ses_${++sseCounter}_${Date.now()}`;
 
       res.writeHead(200, {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lifeaitools/clauth",
-  "version": "1.5.18",
+  "version": "1.5.20",
   "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
   "type": "module",
   "bin": {