@liselvins/lark-mcp 0.1.0

package/dist/auth/store.js

@@ -0,0 +1,213 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authStore = exports.AuthStore = void 0;
+const fs_1 = __importDefault(require("fs"));
+const storage_manager_1 = require("./utils/storage-manager");
+const logger_1 = require("../utils/logger");
+class AuthStore {
+    constructor() {
+        this.storageDataCache = { tokens: {}, clients: {} };
+        this.codeVerifiers = new Map();
+        this.isReloading = false;
+        this.isInitializedStorageSuccess = false;
+        this.initialize();
+    }
+    async initialize() {
+        if (this.initializePromise) {
+            return this.initializePromise;
+        }
+        this.initializePromise = this.performInitialization();
+        await this.initializePromise;
+    }
+    async performInitialization() {
+        try {
+            await this.loadFromStorage();
+            logger_1.logger.info(`[AuthStore] Initialized storage successfully with ${Object.keys(this.storageDataCache.tokens).length} tokens`);
+            await this.clearExpiredTokens();
+            this.setupFileWatcher();
+            this.isInitializedStorageSuccess = true;
+        }
+        catch (error) {
+            logger_1.logger.error(`[AuthStore] Failed to initialize: ${error}`);
+            this.isInitializedStorageSuccess = false;
+        }
+    }
+    setupFileWatcher() {
+        try {
+            if (fs_1.default.existsSync(storage_manager_1.storageManager.storageFile)) {
+                logger_1.logger.info(`[AuthStore] Setup file watcher for ${storage_manager_1.storageManager.storageFile}`);
+                this.fileWatcher = fs_1.default.watch(storage_manager_1.storageManager.storageFile, () => {
+                    this.handleFileChange();
+                });
+            }
+        }
+        catch (error) {
+            logger_1.logger.error(`[AuthStore] Failed to setup file watcher: ${error}`);
+        }
+    }
+    async handleFileChange() {
+        if (this.isReloading) {
+            return;
+        }
+        this.isReloading = true;
+        try {
+            logger_1.logger.info(`[AuthStore] Reloading storage from ${storage_manager_1.storageManager.storageFile}`);
+            await new Promise((resolve) => setTimeout(resolve, 100));
+            await this.loadFromStorage();
+        }
+        catch (error) {
+            logger_1.logger.error(`[AuthStore] Failed to reload storage: ${error}`);
+        }
+        finally {
+            this.isReloading = false;
+        }
+    }
+    async loadFromStorage() {
+        const storageData = await storage_manager_1.storageManager.loadStorageData();
+        this.storageDataCache = storageData;
+    }
+    async saveToStorage() {
+        if (!this.isInitializedStorageSuccess) {
+            return;
+        }
+        await storage_manager_1.storageManager.saveStorageData(this.storageDataCache);
+    }
+    async clearExpiredTokens() {
+        if (!this.storageDataCache || !this.storageDataCache.tokens) {
+            return;
+        }
+        const now = Date.now() / 1000;
+        let hasExpiredTokens = false;
+        const expiredTokenKeys = [];
+        for (const [tokenKey, token] of Object.entries(this.storageDataCache.tokens)) {
+            // 7 days after expires clear the token
+            if (token.expiresAt && token.expiresAt + 7 * 24 * 60 * 60 < now) {
+                expiredTokenKeys.push(tokenKey);
+            }
+        }
+        if (expiredTokenKeys.length > 0) {
+            for (const tokenKey of expiredTokenKeys) {
+                delete this.storageDataCache.tokens[tokenKey];
+            }
+            hasExpiredTokens = true;
+        }
+        if (this.storageDataCache.localTokens) {
+            const orphanedLocalTokenKeys = [];
+            for (const [appId, tokenKey] of Object.entries(this.storageDataCache.localTokens)) {
+                if (!this.storageDataCache.tokens[tokenKey]) {
+                    orphanedLocalTokenKeys.push(appId);
+                }
+            }
+            if (orphanedLocalTokenKeys.length > 0) {
+                for (const appId of orphanedLocalTokenKeys) {
+                    delete this.storageDataCache.localTokens[appId];
+                }
+                hasExpiredTokens = true;
+            }
+        }
+        if (hasExpiredTokens) {
+            logger_1.logger.info(`[AuthStore] Cleared expired tokens`);
+            await this.saveToStorage();
+        }
+    }
+    async storeToken(token) {
+        await this.initialize();
+        this.storageDataCache.tokens[token.token] = token;
+        await this.saveToStorage();
+        return token;
+    }
+    async removeToken(accessToken) {
+        await this.initialize();
+        delete this.storageDataCache.tokens[accessToken];
+        await this.saveToStorage();
+    }
+    async getToken(accessToken) {
+        await this.initialize();
+        return this.storageDataCache.tokens[accessToken];
+    }
+    async getTokenByRefreshToken(refreshToken) {
+        await this.initialize();
+        return Object.values(this.storageDataCache.tokens).find((token) => { var _a; return ((_a = token.extra) === null || _a === void 0 ? void 0 : _a.refreshToken) === refreshToken; });
+    }
+    async getLocalAccessToken(appId) {
+        var _a;
+        await this.initialize();
+        return (_a = this.storageDataCache.localTokens) === null || _a === void 0 ? void 0 : _a[appId];
+    }
+    async storeLocalAccessToken(accessToken, appId) {
+        await this.initialize();
+        if (!this.storageDataCache.localTokens) {
+            this.storageDataCache.localTokens = {};
+        }
+        this.storageDataCache.localTokens[appId] = accessToken;
+        await this.saveToStorage();
+        return accessToken;
+    }
+    async removeLocalAccessToken(appId) {
+        var _a;
+        await this.initialize();
+        if ((_a = this.storageDataCache.localTokens) === null || _a === void 0 ? void 0 : _a[appId]) {
+            logger_1.logger.info(`[AuthStore] Removing local access token for app: ${appId}`);
+            const tokenToRemove = this.storageDataCache.localTokens[appId];
+            delete this.storageDataCache.tokens[tokenToRemove];
+            delete this.storageDataCache.localTokens[appId];
+            await this.saveToStorage();
+        }
+    }
+    async removeAllLocalAccessTokens() {
+        await this.initialize();
+        logger_1.logger.info('[AuthStore] Removing all local access tokens');
+        if (this.storageDataCache.localTokens) {
+            const tokens = Object.values(this.storageDataCache.localTokens);
+            for (const token of tokens) {
+                if (this.storageDataCache.tokens[token]) {
+                    delete this.storageDataCache.tokens[token];
+                }
+            }
+        }
+        this.storageDataCache.localTokens = {};
+        await this.saveToStorage();
+    }
+    async getAllLocalAccessTokens() {
+        await this.initialize();
+        return this.storageDataCache.localTokens || {};
+    }
+    async registerClient(client) {
+        await this.initialize();
+        this.storageDataCache.clients[client.client_id] = client;
+        await this.saveToStorage();
+        return client;
+    }
+    async getClient(id) {
+        await this.initialize();
+        return this.storageDataCache.clients[id];
+    }
+    async removeClient(clientId) {
+        await this.initialize();
+        delete this.storageDataCache.clients[clientId];
+        await this.saveToStorage();
+    }
+    storeCodeVerifier(key, codeVerifier) {
+        this.codeVerifiers.set(key, codeVerifier);
+    }
+    getCodeVerifier(key) {
+        return this.codeVerifiers.get(key);
+    }
+    removeCodeVerifier(key) {
+        this.codeVerifiers.delete(key);
+    }
+    clearExpiredCodeVerifiers() {
+        this.codeVerifiers.clear();
+    }
+    destroy() {
+        if (this.fileWatcher) {
+            this.fileWatcher.close();
+            this.fileWatcher = undefined;
+        }
+    }
+}
+exports.AuthStore = AuthStore;
+exports.authStore = new AuthStore();

package/dist/auth/types.d.ts

@@ -0,0 +1,13 @@
+import { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
+import { OAuthClientInformationFull } from '@modelcontextprotocol/sdk/shared/auth.js';
+export interface StorageData {
+    localTokens?: {
+        [appId: string]: string;
+    };
+    tokens: {
+        [key: string]: AuthInfo;
+    };
+    clients: {
+        [key: string]: OAuthClientInformationFull;
+    };
+}

package/dist/auth/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/auth/utils/encryption.d.ts

@@ -0,0 +1,7 @@
+export declare class EncryptionUtil {
+    private aesKey;
+    constructor(aesKey: string);
+    encrypt(data: string): string;
+    decrypt(encryptedData: string): string;
+    static generateKey(): string;
+}

package/dist/auth/utils/encryption.js

@@ -0,0 +1,40 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptionUtil = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const config_1 = require("../config");
+const logger_1 = require("../../utils/logger");
+class EncryptionUtil {
+    constructor(aesKey) {
+        this.aesKey = aesKey;
+    }
+    encrypt(data) {
+        const iv = crypto_1.default.randomBytes(config_1.AUTH_CONFIG.ENCRYPTION.IV_LENGTH);
+        const key = Buffer.from(this.aesKey, 'hex');
+        const cipher = crypto_1.default.createCipheriv(config_1.AUTH_CONFIG.ENCRYPTION.ALGORITHM, key, iv);
+        let encrypted = cipher.update(data, 'utf8', 'hex');
+        encrypted += cipher.final('hex');
+        return iv.toString('hex') + ':' + encrypted;
+    }
+    decrypt(encryptedData) {
+        const parts = encryptedData.split(':');
+        if (parts.length !== 2) {
+            logger_1.logger.error(`[EncryptionUtil] decrypt: Invalid encrypted data format`);
+            throw new Error('Invalid encrypted data format');
+        }
+        const iv = Buffer.from(parts[0], 'hex');
+        const encrypted = parts[1];
+        const key = Buffer.from(this.aesKey, 'hex');
+        const decipher = crypto_1.default.createDecipheriv(config_1.AUTH_CONFIG.ENCRYPTION.ALGORITHM, key, iv);
+        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+        return decrypted;
+    }
+    static generateKey() {
+        return crypto_1.default.randomBytes(config_1.AUTH_CONFIG.ENCRYPTION.KEY_LENGTH).toString('hex');
+    }
+}
+exports.EncryptionUtil = EncryptionUtil;

package/dist/auth/utils/index.d.ts

@@ -0,0 +1,3 @@
+export * from './is-token-valid';
+export * from './pkce';
+export * from './storage-manager';

package/dist/auth/utils/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./is-token-valid"), exports);
+__exportStar(require("./pkce"), exports);
+__exportStar(require("./storage-manager"), exports);

package/dist/auth/utils/is-token-valid.d.ts

@@ -0,0 +1,7 @@
+import { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
+export declare function isTokenValid(accessToken?: string): Promise<{
+    valid: boolean;
+    isExpired: boolean;
+    token: AuthInfo | undefined;
+}>;
+export declare function isTokenExpired(token?: AuthInfo): boolean;

package/dist/auth/utils/is-token-valid.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isTokenValid = isTokenValid;
+exports.isTokenExpired = isTokenExpired;
+const store_1 = require("../store");
+async function isTokenValid(accessToken) {
+    if (!accessToken) {
+        return { valid: false, isExpired: false, token: undefined };
+    }
+    const token = await store_1.authStore.getToken(accessToken);
+    if (!token) {
+        return { valid: false, isExpired: false, token: undefined };
+    }
+    const isExpired = isTokenExpired(token);
+    if (isExpired) {
+        return { valid: false, isExpired: true, token };
+    }
+    return { valid: true, isExpired: false, token };
+}
+function isTokenExpired(token) {
+    if (!token) {
+        return false;
+    }
+    if (token.expiresAt && token.expiresAt < Date.now() / 1000) {
+        return true;
+    }
+    return false;
+}

package/dist/auth/utils/pkce.d.ts

@@ -0,0 +1,6 @@
+export declare function generateCodeVerifier(): string;
+export declare function generateCodeChallenge(codeVerifier: string): string;
+export declare function generatePKCEPair(): {
+    codeVerifier: string;
+    codeChallenge: string;
+};

package/dist/auth/utils/pkce.js

@@ -0,0 +1,20 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateCodeVerifier = generateCodeVerifier;
+exports.generateCodeChallenge = generateCodeChallenge;
+exports.generatePKCEPair = generatePKCEPair;
+const crypto_1 = __importDefault(require("crypto"));
+function generateCodeVerifier() {
+    return crypto_1.default.randomBytes(32).toString('base64url');
+}
+function generateCodeChallenge(codeVerifier) {
+    return crypto_1.default.createHash('sha256').update(codeVerifier).digest('base64url');
+}
+function generatePKCEPair() {
+    const codeVerifier = generateCodeVerifier();
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    return { codeVerifier, codeChallenge };
+}

package/dist/auth/utils/storage-manager.d.ts

@@ -0,0 +1,17 @@
+import { StorageData } from '../types';
+export declare class StorageManager {
+    private encryptionUtil;
+    private initializePromise;
+    private isInitializedStorageSuccess;
+    constructor();
+    get storageFile(): string;
+    private initialize;
+    private performInitialization;
+    private initializeEncryption;
+    private ensureStorageDir;
+    encrypt(data: string): string;
+    decrypt(encryptedData: string): string;
+    loadStorageData(): Promise<StorageData>;
+    saveStorageData(data: StorageData): Promise<void>;
+}
+export declare const storageManager: StorageManager;

package/dist/auth/utils/storage-manager.js

@@ -0,0 +1,159 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.storageManager = exports.StorageManager = void 0;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const encryption_1 = require("./encryption");
+const config_1 = require("../config");
+const logger_1 = require("../../utils/logger");
+class StorageManager {
+    constructor() {
+        this.isInitializedStorageSuccess = false;
+        this.initialize();
+    }
+    get storageFile() {
+        return path_1.default.join(config_1.AUTH_CONFIG.STORAGE_DIR, config_1.AUTH_CONFIG.STORAGE_FILE);
+    }
+    async initialize() {
+        if (this.initializePromise) {
+            return this.initializePromise;
+        }
+        this.initializePromise = this.performInitialization();
+        await this.initializePromise;
+    }
+    async performInitialization() {
+        try {
+            await this.initializeEncryption();
+            this.ensureStorageDir();
+            this.isInitializedStorageSuccess = true;
+        }
+        catch (error) {
+            logger_1.logger.warn(`[StorageManager] Failed to initialize: ${error}`);
+            logger_1.logger.warn('[StorageManager] ⚠️ Builtin User Access Token Store will be disabled. but you can still use it with memory store');
+            this.isInitializedStorageSuccess = false;
+        }
+    }
+    async initializeEncryption() {
+        // Try environment variable first (works in Docker/headless environments)
+        const envKey = process.env.LARK_MCP_AES_KEY;
+        if (envKey) {
+            this.encryptionUtil = new encryption_1.EncryptionUtil(envKey);
+            return;
+        }
+        // Fall back to system keyring via keytar
+        try {
+            const keytar = await Promise.resolve().then(() => __importStar(require('keytar')));
+            let key = await keytar.getPassword(config_1.AUTH_CONFIG.SERVER_NAME, config_1.AUTH_CONFIG.AES_KEY_NAME);
+            if (!key) {
+                key = encryption_1.EncryptionUtil.generateKey();
+                await keytar.setPassword(config_1.AUTH_CONFIG.SERVER_NAME, config_1.AUTH_CONFIG.AES_KEY_NAME, key);
+            }
+            this.encryptionUtil = new encryption_1.EncryptionUtil(key);
+        }
+        catch (keytarError) {
+            // keytar unavailable (no X11/D-Bus), generate a file-based key
+            const keyFile = path_1.default.join(config_1.AUTH_CONFIG.STORAGE_DIR, '.aes-key');
+            try {
+                this.ensureStorageDir();
+                let key;
+                if (fs_1.default.existsSync(keyFile)) {
+                    key = fs_1.default.readFileSync(keyFile, 'utf8').trim();
+                }
+                else {
+                    key = encryption_1.EncryptionUtil.generateKey();
+                    fs_1.default.writeFileSync(keyFile, key, { mode: 0o600 });
+                }
+                this.encryptionUtil = new encryption_1.EncryptionUtil(key);
+                logger_1.logger.info('[StorageManager] Using file-based encryption key (keytar unavailable)');
+            }
+            catch (fileError) {
+                logger_1.logger.warn(`[StorageManager] Failed to initialize encryption: ${keytarError}`);
+                throw keytarError;
+            }
+        }
+    }
+    ensureStorageDir() {
+        if (!fs_1.default.existsSync(config_1.AUTH_CONFIG.STORAGE_DIR)) {
+            fs_1.default.mkdirSync(config_1.AUTH_CONFIG.STORAGE_DIR, { recursive: true });
+        }
+    }
+    encrypt(data) {
+        if (!this.isInitializedStorageSuccess || !this.encryptionUtil) {
+            throw new Error('StorageManager not initialized - call initialize() first');
+        }
+        return this.encryptionUtil.encrypt(data);
+    }
+    decrypt(encryptedData) {
+        if (!this.isInitializedStorageSuccess || !this.encryptionUtil) {
+            throw new Error('StorageManager not initialized - call initialize() first');
+        }
+        return this.encryptionUtil.decrypt(encryptedData);
+    }
+    async loadStorageData() {
+        await this.initialize();
+        if (!this.isInitializedStorageSuccess || !fs_1.default.existsSync(this.storageFile)) {
+            return { tokens: {}, clients: {} };
+        }
+        try {
+            const data = fs_1.default.readFileSync(this.storageFile, 'utf8');
+            return data ? JSON.parse(this.decrypt(data)) : { tokens: {}, clients: {} };
+        }
+        catch (error) {
+            logger_1.logger.error(`[StorageManager] Failed to load storage data: ${error}`);
+            logger_1.logger.error('[StorageManager] ⚠️ Builtin User Access Token Store will be disabled. but you can still use it with memory store');
+            return { tokens: {}, clients: {} };
+        }
+    }
+    async saveStorageData(data) {
+        if (!this.isInitializedStorageSuccess) {
+            return;
+        }
+        await this.initialize();
+        try {
+            const encryptedData = this.encrypt(JSON.stringify(data, null, 2));
+            fs_1.default.writeFileSync(this.storageFile, encryptedData);
+        }
+        catch (error) {
+            logger_1.logger.error(`[StorageManager] Failed to save storage data: ${error}`);
+            throw error;
+        }
+    }
+}
+exports.StorageManager = StorageManager;
+exports.storageManager = new StorageManager();

package/dist/cli/index.d.ts

@@ -0,0 +1 @@
+export { LoginHandler, LoginOptions } from './login-handler';

package/dist/cli/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoginHandler = void 0;
+var login_handler_1 = require("./login-handler");
+Object.defineProperty(exports, "LoginHandler", { enumerable: true, get: function () { return login_handler_1.LoginHandler; } });

package/dist/cli/login-handler.d.ts

@@ -0,0 +1,19 @@
+export interface LoginOptions {
+    appId: string;
+    appSecret: string;
+    domain: string;
+    host: string;
+    port: string;
+    scope?: string[];
+    timeout?: number;
+    externalUrl?: string;
+    headless?: boolean;
+}
+export declare class LoginHandler {
+    static checkTokenWithTimeout(timeout: number, appId: string): Promise<boolean>;
+    static handleLogin(options: LoginOptions): Promise<void>;
+    private static handleHeadlessLogin;
+    static handleLogout(appId?: string): Promise<void>;
+    private static simpleMask;
+    static handleWhoAmI(): Promise<void>;
+}