@lifeaitools/clauth 1.5.9 → 1.5.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/serve.js +3 -16
- package/package.json +1 -1
package/cli/commands/serve.js
CHANGED
|
@@ -3025,9 +3025,11 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3025
3025
|
const authHeader = req.headers.authorization;
|
|
3026
3026
|
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
3027
3027
|
const base = oauthBase();
|
|
3028
|
+
// Path-specific resource metadata URL so claude.ai gets the right resource URI
|
|
3029
|
+
const pathName = reqPath === "/mcp" ? "mcp" : reqPath.slice(1);
|
|
3028
3030
|
res.writeHead(401, {
|
|
3029
3031
|
"Content-Type": "application/json",
|
|
3030
|
-
"WWW-Authenticate": `Bearer resource_metadata="${base}/.well-known/oauth-protected-resource"`,
|
|
3032
|
+
"WWW-Authenticate": `Bearer resource_metadata="${base}/.well-known/oauth-protected-resource/${pathName}"`,
|
|
3031
3033
|
...CORS,
|
|
3032
3034
|
});
|
|
3033
3035
|
return res.end(JSON.stringify({ error: "unauthorized" }));
|
|
@@ -3042,21 +3044,6 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3042
3044
|
// fall through to MCP handling below
|
|
3043
3045
|
}
|
|
3044
3046
|
|
|
3045
|
-
// For namespaced paths, send path-specific 401 so claude.ai fetches the right resource metadata
|
|
3046
|
-
if (method === "POST" && (reqPath === "/gws" || reqPath === "/clauth")) {
|
|
3047
|
-
const authHeader = req.headers.authorization;
|
|
3048
|
-
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
3049
|
-
const base = oauthBase();
|
|
3050
|
-
const pathName = reqPath.slice(1); // "gws" or "clauth"
|
|
3051
|
-
res.writeHead(401, {
|
|
3052
|
-
"Content-Type": "application/json",
|
|
3053
|
-
"WWW-Authenticate": `Bearer resource_metadata="${base}/.well-known/oauth-protected-resource/${pathName}"`,
|
|
3054
|
-
...CORS,
|
|
3055
|
-
});
|
|
3056
|
-
return res.end(JSON.stringify({ error: "unauthorized" }));
|
|
3057
|
-
}
|
|
3058
|
-
}
|
|
3059
|
-
|
|
3060
3047
|
// ── MCP Streamable HTTP transport (2025-03-26 spec) ──
|
|
3061
3048
|
// POST /sse, /mcp, /gws, /clauth — JSON-RPC over HTTP
|
|
3062
3049
|
if (method === "POST" && (reqPath === "/sse" || isMcpPath)) {
|