@lifeaitools/clauth 1.5.7 → 1.5.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/serve.js +22 -8
- package/package.json +1 -1
package/cli/commands/serve.js
CHANGED
|
@@ -3000,9 +3000,23 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3000
3000
|
return res.end(JSON.stringify({ access_token: accessToken, token_type: "Bearer", expires_in: 86400 }));
|
|
3001
3001
|
}
|
|
3002
3002
|
|
|
3003
|
+
// ── MCP path helpers ──
|
|
3004
|
+
const MCP_PATHS = ["/mcp", "/gws", "/clauth"];
|
|
3005
|
+
const isMcpPath = MCP_PATHS.includes(reqPath);
|
|
3006
|
+
function toolsForPath(p) {
|
|
3007
|
+
if (p === "/gws") return MCP_TOOLS.filter(t => t.name.startsWith("gws_"));
|
|
3008
|
+
if (p === "/clauth") return MCP_TOOLS.filter(t => t.name.startsWith("clauth_"));
|
|
3009
|
+
return MCP_TOOLS; // /mcp — all tools
|
|
3010
|
+
}
|
|
3011
|
+
function serverNameForPath(p) {
|
|
3012
|
+
if (p === "/gws") return "gws";
|
|
3013
|
+
if (p === "/clauth") return "clauth";
|
|
3014
|
+
return "clauth";
|
|
3015
|
+
}
|
|
3016
|
+
|
|
3003
3017
|
// ── MCP OAuth-protected endpoint (for claude.ai web) ──
|
|
3004
|
-
// POST /mcp — requires Bearer token; returns 401 to trigger OAuth flow
|
|
3005
|
-
if (method === "POST" &&
|
|
3018
|
+
// POST /mcp|/gws|/clauth — requires Bearer token; returns 401 to trigger OAuth flow
|
|
3019
|
+
if (method === "POST" && isMcpPath) {
|
|
3006
3020
|
const authHeader = req.headers.authorization;
|
|
3007
3021
|
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
3008
3022
|
const base = oauthBase();
|
|
@@ -3024,8 +3038,8 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3024
3038
|
}
|
|
3025
3039
|
|
|
3026
3040
|
// ── MCP Streamable HTTP transport (2025-03-26 spec) ──
|
|
3027
|
-
// POST /sse
|
|
3028
|
-
if (method === "POST" && (reqPath === "/sse" ||
|
|
3041
|
+
// POST /sse, /mcp, /gws, /clauth — JSON-RPC over HTTP
|
|
3042
|
+
if (method === "POST" && (reqPath === "/sse" || isMcpPath)) {
|
|
3029
3043
|
let body;
|
|
3030
3044
|
try { body = await readBody(req); } catch {
|
|
3031
3045
|
res.writeHead(400, { "Content-Type": "application/json", ...CORS });
|
|
@@ -3034,7 +3048,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3034
3048
|
|
|
3035
3049
|
const id = body.id;
|
|
3036
3050
|
const rpcMethod = body.method;
|
|
3037
|
-
const logMsg = `[${new Date().toISOString()}] Streamable HTTP: ${rpcMethod} id=${id}\n`;
|
|
3051
|
+
const logMsg = `[${new Date().toISOString()}] Streamable HTTP [${reqPath}]: ${rpcMethod} id=${id}\n`;
|
|
3038
3052
|
try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
|
|
3039
3053
|
|
|
3040
3054
|
// Notifications — no response needed
|
|
@@ -3046,7 +3060,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3046
3060
|
if (rpcMethod === "initialize") {
|
|
3047
3061
|
const result = {
|
|
3048
3062
|
protocolVersion: "2025-03-26",
|
|
3049
|
-
serverInfo: { name:
|
|
3063
|
+
serverInfo: { name: serverNameForPath(reqPath), version: VERSION },
|
|
3050
3064
|
capabilities: { tools: {} }
|
|
3051
3065
|
};
|
|
3052
3066
|
res.writeHead(200, { "Content-Type": "application/json", ...CORS });
|
|
@@ -3055,7 +3069,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3055
3069
|
|
|
3056
3070
|
if (rpcMethod === "tools/list") {
|
|
3057
3071
|
res.writeHead(200, { "Content-Type": "application/json", ...CORS });
|
|
3058
|
-
return res.end(JSON.stringify({ jsonrpc: "2.0", id, result: { tools:
|
|
3072
|
+
return res.end(JSON.stringify({ jsonrpc: "2.0", id, result: { tools: toolsForPath(reqPath) } }));
|
|
3059
3073
|
}
|
|
3060
3074
|
|
|
3061
3075
|
if (rpcMethod === "tools/call") {
|
|
@@ -4321,7 +4335,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
4321
4335
|
// Don't count browser noise, MCP discovery probes, or OAuth probes as auth failures
|
|
4322
4336
|
const isBenign = reqPath.startsWith("/.well-known/") || [
|
|
4323
4337
|
"/favicon.ico", "/robots.txt", "/apple-touch-icon.png", "/apple-touch-icon-precomposed.png",
|
|
4324
|
-
"/sse", "/mcp", "/message", "/register", "/authorize", "/token", "/shutdown", "/restart",
|
|
4338
|
+
"/sse", "/mcp", "/gws", "/clauth", "/message", "/register", "/authorize", "/token", "/shutdown", "/restart",
|
|
4325
4339
|
].includes(reqPath);
|
|
4326
4340
|
if (isBenign) {
|
|
4327
4341
|
res.writeHead(404, { "Content-Type": "application/json", ...CORS });
|