npm - @lifeaitools/clauth - Versions diffs - 1.5.19 → 1.5.20 - Mend

@lifeaitools/clauth 1.5.19 → 1.5.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/cli/commands/serve.js +50 -7
package/package.json +1 -1

package/cli/commands/serve.js CHANGED Viewed

@@ -3024,23 +3024,46 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return "clauth";
     }
-    // ── MCP endpoint auth — log all incoming POSTs, accept with or without token ──
-    // /gws and /clauth are open (no OAuth gate) — tunnel URL is the shared secret.
-    // OAuth flow is still supported (tokens accepted when present) but not required.
-    if (method === "POST" && isMcpPath) {
+    // ── MCP endpoint auth ──
+    // Tunnel requests (Host = tunnel hostname) MUST have Bearer token → 401 triggers OAuth.
+    // Local requests (Host = 127.0.0.1) pass through without auth.
+    if (method === "POST" && (reqPath === "/sse" || isMcpPath)) {
       const authHeader = req.headers.authorization;
+      const host = (req.headers.host || "").split(":")[0];
+      const isTunnelReq = tunnelUrl && host !== "127.0.0.1" && host !== "localhost" && host !== "::1";
       const authLogMsg = [
         `[${new Date().toISOString()}] MCP POST ${reqPath}`,
+        `  Host: ${req.headers.host || "(none)"} (tunnel=${isTunnelReq})`,
         `  Authorization: ${authHeader ? (authHeader.startsWith("Bearer ") ? `Bearer ${authHeader.slice(7, 15)}… (known=${oauthTokens.has(authHeader.slice(7))})` : authHeader.slice(0, 30) + "…") : "(none)"}`,
         `  mcp-protocol-version: ${req.headers["mcp-protocol-version"] || "(not set)"}`,
         `  accept: ${req.headers["accept"] || "(not set)"}`,
       ].join("\n") + "\n";
       try { fs.appendFileSync(LOG_FILE, authLogMsg); } catch {}
-      // Mark as remote if a valid token is present (for vault access scoping)
-      if (authHeader?.startsWith("Bearer ") && oauthTokens.has(authHeader.slice(7))) {
+      if (isTunnelReq) {
+        if (!authHeader || !authHeader.startsWith("Bearer ")) {
+          const base = oauthBase();
+          const logMsg = `[${new Date().toISOString()}] OAuth: 401 → requiring auth for tunnel POST ${reqPath}\n`;
+          try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
+          res.writeHead(401, {
+            "Content-Type": "application/json",
+            "WWW-Authenticate": `Bearer resource_metadata="${base}/.well-known/oauth-protected-resource"`,
+            ...CORS,
+          });
+          return res.end(JSON.stringify({ error: "unauthorized" }));
+        }
+        const token = authHeader.slice(7);
+        if (!oauthTokens.has(token)) {
+          const logMsg = `[${new Date().toISOString()}] OAuth: REJECTED token ${token.slice(0,8)}… (pool=${oauthTokens.size})\n`;
+          try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
+          res.writeHead(401, { "Content-Type": "application/json", ...CORS });
+          return res.end(JSON.stringify({ error: "invalid_token" }));
+        }
+        req._clauthRemote = true;
+      } else if (authHeader?.startsWith("Bearer ") && oauthTokens.has(authHeader.slice(7))) {
         req._clauthRemote = true;
       }
-      // fall through to MCP handling — no 401 gate on these paths
+      // fall through to MCP handling
     }
     // ── MCP Streamable HTTP transport (2025-03-26 spec) ──
@@ -3101,7 +3124,27 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     // ── MCP SSE transport — /sse and namespaced paths ────
     // GET /sse|/gws|/clauth — open SSE stream, receive endpoint event
+    // Tunnel requests require Bearer token (same as POST above)
     if (method === "GET" && (reqPath === "/sse" || isMcpPath)) {
+      const authHeader = req.headers.authorization;
+      const host = (req.headers.host || "").split(":")[0];
+      const isTunnelReq = tunnelUrl && host !== "127.0.0.1" && host !== "localhost" && host !== "::1";
+      if (isTunnelReq) {
+        if (!authHeader || !authHeader.startsWith("Bearer ")) {
+          const base = oauthBase();
+          res.writeHead(401, {
+            "Content-Type": "application/json",
+            "WWW-Authenticate": `Bearer resource_metadata="${base}/.well-known/oauth-protected-resource"`,
+            ...CORS,
+          });
+          return res.end(JSON.stringify({ error: "unauthorized" }));
+        }
+        if (!oauthTokens.has(authHeader.slice(7))) {
+          res.writeHead(401, { "Content-Type": "application/json", ...CORS });
+          return res.end(JSON.stringify({ error: "invalid_token" }));
+        }
+        // Token valid — mark as remote
+      }
       const sessionId = `ses_${++sseCounter}_${Date.now()}`;
       res.writeHead(200, {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lifeaitools/clauth",
-  "version": "1.5.19",
+  "version": "1.5.20",
   "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
   "type": "module",
   "bin": {