@lifeaitools/clauth 1.5.63 → 1.5.64

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli/commands/serve.js +15 -4
  2. package/package.json +1 -1
package/cli/commands/serve.js CHANGED
@@ -2560,18 +2560,27 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
2560
2560
  let tunnelStatus = "not_started"; // "not_started" | "not_configured" | "starting" | "live" | "error" | "missing_cloudflared"
2561
2561
 
2562
2562
  // ── OAuth provider (self-contained for claude.ai MCP) ──────
2563
- const oauthClients = new Map(); // client_id → { redirect_uris, client_name, token_endpoint_auth_method }
2564
2563
  const oauthCodes = new Map(); // code → { client_id, redirect_uri, code_challenge, expires }
2565
2564
 
2566
- // Persist tokens + credentials to disk so daemon restarts don't invalidate sessions
2567
- const TOKENS_FILE = path.join(os.tmpdir(), "clauth-oauth-tokens.json");
2565
+ // Persist tokens + clients to disk so daemon restarts don't invalidate sessions
2566
+ const TOKENS_FILE = path.join(os.tmpdir(), "clauth-oauth-tokens.json");
2567
+ const CLIENTS_FILE = path.join(os.tmpdir(), "clauth-oauth-clients.json");
2568
+
2568
2569
  function loadTokens() {
2569
2570
  try { return new Set(JSON.parse(fs.readFileSync(TOKENS_FILE, "utf8"))); } catch { return new Set(); }
2570
2571
  }
2571
2572
  function saveTokens(set) {
2572
2573
  try { fs.writeFileSync(TOKENS_FILE, JSON.stringify([...set])); } catch {}
2573
2574
  }
2574
- const oauthTokens = loadTokens(); // active access tokens — persisted across restarts
2575
+ function loadClients() {
2576
+ try { return new Map(JSON.parse(fs.readFileSync(CLIENTS_FILE, "utf8"))); } catch { return new Map(); }
2577
+ }
2578
+ function saveClients(map) {
2579
+ try { fs.writeFileSync(CLIENTS_FILE, JSON.stringify([...map])); } catch {}
2580
+ }
2581
+
2582
+ const oauthTokens = loadTokens(); // active access tokens — persisted across restarts
2583
+ const oauthClients = loadClients(); // registered OAuth clients — persisted across restarts
2575
2584
 
2576
2585
  function oauthBase() { return tunnelUrl || `http://127.0.0.1:${port}`; }
2577
2586
  function sha256base64url(str) { return crypto.createHash("sha256").update(str).digest("base64url"); }
@@ -2993,6 +3002,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
2993
3002
  token_endpoint_auth_method: "none", // PUBLIC CLIENT
2994
3003
  };
2995
3004
  oauthClients.set(clientId, client);
3005
+ saveClients(oauthClients);
2996
3006
  const logMsg = `[${new Date().toISOString()}] OAuth: registered public client ${clientId} (${client.client_name})\n`;
2997
3007
  try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
2998
3008
  res.writeHead(201, { "Content-Type": "application/json", "Cache-Control": "no-store", ...CORS });
@@ -3578,6 +3588,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
3578
3588
  if (lockedGuard(res)) return;
3579
3589
  // Clear all dynamic clients and tokens
3580
3590
  oauthClients.clear();
3591
+ saveClients(oauthClients);
3581
3592
  oauthTokens.clear();
3582
3593
  saveTokens(oauthTokens);
3583
3594
  const logMsg = `[${new Date().toISOString()}] OAuth: rolled credentials — all clients and tokens invalidated\n`;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lifeaitools/clauth",
3
- "version": "1.5.63",
3
+ "version": "1.5.64",
4
4
  "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
5
5
  "type": "module",
6
6
  "bin": {