@mastra/express 0.0.0-main-test-2-20251127211532 → 0.0.0-mastra-auto-detect-server-20260108233416

package/dist/index.js

@@ -1,27 +1,333 @@
-import { InMemoryTaskStore } from '@mastra/server/a2a/store';
-import { MastraServerAdapter } from '@mastra/server/server-adapter';
+import { Busboy } from '@fastify/busboy';
+import { formatZodError } from '@mastra/server/handlers/error';
+import { MastraServer as MastraServer$1, redactStreamChunk, normalizeQueryParams } from '@mastra/server/server-adapter';
+import { isDevPlaygroundRequest, isProtectedPath, canAccessPublicly, checkRules, defaultAuthConfig } from '@mastra/server/auth';
 
 // src/index.ts
-var ExpressServerAdapter = class extends MastraServerAdapter {
-  taskStore;
-  customRouteAuthConfig;
-  playground;
-  isDev;
-  constructor({
-    mastra,
-    tools,
-    taskStore,
-    customRouteAuthConfig,
-    playground,
-    isDev,
-    bodyLimitOptions
-  }) {
-    super({ mastra, bodyLimitOptions, tools });
-    this.taskStore = taskStore || new InMemoryTaskStore();
-    this.customRouteAuthConfig = customRouteAuthConfig;
-    this.playground = playground;
-    this.isDev = isDev;
+
+// ../../node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/helpers/util.js
+var util;
+(function(util2) {
+  util2.assertEqual = (_) => {
+  };
+  function assertIs(_arg) {
+  }
+  util2.assertIs = assertIs;
+  function assertNever(_x) {
+    throw new Error();
+  }
+  util2.assertNever = assertNever;
+  util2.arrayToEnum = (items) => {
+    const obj = {};
+    for (const item of items) {
+      obj[item] = item;
+    }
+    return obj;
+  };
+  util2.getValidEnumValues = (obj) => {
+    const validKeys = util2.objectKeys(obj).filter((k) => typeof obj[obj[k]] !== "number");
+    const filtered = {};
+    for (const k of validKeys) {
+      filtered[k] = obj[k];
+    }
+    return util2.objectValues(filtered);
+  };
+  util2.objectValues = (obj) => {
+    return util2.objectKeys(obj).map(function(e) {
+      return obj[e];
+    });
+  };
+  util2.objectKeys = typeof Object.keys === "function" ? (obj) => Object.keys(obj) : (object) => {
+    const keys = [];
+    for (const key in object) {
+      if (Object.prototype.hasOwnProperty.call(object, key)) {
+        keys.push(key);
+      }
+    }
+    return keys;
+  };
+  util2.find = (arr, checker) => {
+    for (const item of arr) {
+      if (checker(item))
+        return item;
+    }
+    return void 0;
+  };
+  util2.isInteger = typeof Number.isInteger === "function" ? (val) => Number.isInteger(val) : (val) => typeof val === "number" && Number.isFinite(val) && Math.floor(val) === val;
+  function joinValues(array, separator = " | ") {
+    return array.map((val) => typeof val === "string" ? `'${val}'` : val).join(separator);
+  }
+  util2.joinValues = joinValues;
+  util2.jsonStringifyReplacer = (_, value) => {
+    if (typeof value === "bigint") {
+      return value.toString();
+    }
+    return value;
+  };
+})(util || (util = {}));
+var objectUtil;
+(function(objectUtil2) {
+  objectUtil2.mergeShapes = (first, second) => {
+    return {
+      ...first,
+      ...second
+      // second overwrites first
+    };
+  };
+})(objectUtil || (objectUtil = {}));
+util.arrayToEnum([
+  "string",
+  "nan",
+  "number",
+  "integer",
+  "float",
+  "boolean",
+  "date",
+  "bigint",
+  "symbol",
+  "function",
+  "undefined",
+  "null",
+  "array",
+  "object",
+  "unknown",
+  "promise",
+  "void",
+  "never",
+  "map",
+  "set"
+]);
+
+// ../../node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/ZodError.js
+util.arrayToEnum([
+  "invalid_type",
+  "invalid_literal",
+  "custom",
+  "invalid_union",
+  "invalid_union_discriminator",
+  "invalid_enum_value",
+  "unrecognized_keys",
+  "invalid_arguments",
+  "invalid_return_type",
+  "invalid_date",
+  "invalid_string",
+  "too_small",
+  "too_big",
+  "invalid_intersection_types",
+  "not_multiple_of",
+  "not_finite"
+]);
+var ZodError = class _ZodError extends Error {
+  get errors() {
+    return this.issues;
+  }
+  constructor(issues) {
+    super();
+    this.issues = [];
+    this.addIssue = (sub) => {
+      this.issues = [...this.issues, sub];
+    };
+    this.addIssues = (subs = []) => {
+      this.issues = [...this.issues, ...subs];
+    };
+    const actualProto = new.target.prototype;
+    if (Object.setPrototypeOf) {
+      Object.setPrototypeOf(this, actualProto);
+    } else {
+      this.__proto__ = actualProto;
+    }
+    this.name = "ZodError";
+    this.issues = issues;
+  }
+  format(_mapper) {
+    const mapper = _mapper || function(issue) {
+      return issue.message;
+    };
+    const fieldErrors = { _errors: [] };
+    const processError = (error) => {
+      for (const issue of error.issues) {
+        if (issue.code === "invalid_union") {
+          issue.unionErrors.map(processError);
+        } else if (issue.code === "invalid_return_type") {
+          processError(issue.returnTypeError);
+        } else if (issue.code === "invalid_arguments") {
+          processError(issue.argumentsError);
+        } else if (issue.path.length === 0) {
+          fieldErrors._errors.push(mapper(issue));
+        } else {
+          let curr = fieldErrors;
+          let i = 0;
+          while (i < issue.path.length) {
+            const el = issue.path[i];
+            const terminal = i === issue.path.length - 1;
+            if (!terminal) {
+              curr[el] = curr[el] || { _errors: [] };
+            } else {
+              curr[el] = curr[el] || { _errors: [] };
+              curr[el]._errors.push(mapper(issue));
+            }
+            curr = curr[el];
+            i++;
+          }
+        }
+      }
+    };
+    processError(this);
+    return fieldErrors;
+  }
+  static assert(value) {
+    if (!(value instanceof _ZodError)) {
+      throw new Error(`Not a ZodError: ${value}`);
+    }
+  }
+  toString() {
+    return this.message;
+  }
+  get message() {
+    return JSON.stringify(this.issues, util.jsonStringifyReplacer, 2);
+  }
+  get isEmpty() {
+    return this.issues.length === 0;
+  }
+  flatten(mapper = (issue) => issue.message) {
+    const fieldErrors = {};
+    const formErrors = [];
+    for (const sub of this.issues) {
+      if (sub.path.length > 0) {
+        const firstEl = sub.path[0];
+        fieldErrors[firstEl] = fieldErrors[firstEl] || [];
+        fieldErrors[firstEl].push(mapper(sub));
+      } else {
+        formErrors.push(mapper(sub));
+      }
+    }
+    return { formErrors, fieldErrors };
+  }
+  get formErrors() {
+    return this.flatten();
+  }
+};
+ZodError.create = (issues) => {
+  const error = new ZodError(issues);
+  return error;
+};
+var authenticationMiddleware = async (req, res, next) => {
+  const mastra = res.locals.mastra;
+  const authConfig = mastra.getServer()?.auth;
+  const customRouteAuthConfig = res.locals.customRouteAuthConfig;
+  if (!authConfig) {
+    return next();
+  }
+  const path = req.path;
+  const method = req.method;
+  const getHeader = (name) => req.headers[name.toLowerCase()];
+  if (isDevPlaygroundRequest(path, method, getHeader, authConfig)) {
+    return next();
+  }
+  if (!isProtectedPath(req.path, req.method, authConfig, customRouteAuthConfig)) {
+    return next();
+  }
+  if (canAccessPublicly(req.path, req.method, authConfig)) {
+    return next();
+  }
+  const authHeader = req.headers.authorization;
+  let token = authHeader ? authHeader.replace("Bearer ", "") : null;
+  if (!token && req.query.apiKey) {
+    token = req.query.apiKey || null;
+  }
+  if (!token) {
+    return res.status(401).json({ error: "Authentication required" });
+  }
+  try {
+    let user;
+    if (typeof authConfig.authenticateToken === "function") {
+      user = await authConfig.authenticateToken(token, req);
+    } else {
+      throw new Error("No token verification method configured");
+    }
+    if (!user) {
+      return res.status(401).json({ error: "Invalid or expired token" });
+    }
+    res.locals.requestContext.set("user", user);
+    return next();
+  } catch (err) {
+    console.error(err);
+    return res.status(401).json({ error: "Invalid or expired token" });
+  }
+};
+var authorizationMiddleware = async (req, res, next) => {
+  const mastra = res.locals.mastra;
+  const authConfig = mastra.getServer()?.auth;
+  const customRouteAuthConfig = res.locals.customRouteAuthConfig;
+  if (!authConfig) {
+    return next();
   }
+  const path = req.path;
+  const method = req.method;
+  const getHeader = (name) => req.headers[name.toLowerCase()];
+  if (isDevPlaygroundRequest(path, method, getHeader, authConfig)) {
+    return next();
+  }
+  if (!isProtectedPath(req.path, req.method, authConfig, customRouteAuthConfig)) {
+    return next();
+  }
+  if (canAccessPublicly(path, method, authConfig)) {
+    return next();
+  }
+  const user = res.locals.requestContext.get("user");
+  if ("authorizeUser" in authConfig && typeof authConfig.authorizeUser === "function") {
+    try {
+      const isAuthorized = await authConfig.authorizeUser(user, req);
+      if (isAuthorized) {
+        return next();
+      }
+      return res.status(403).json({ error: "Access denied" });
+    } catch (err) {
+      console.error(err);
+      return res.status(500).json({ error: "Authorization error" });
+    }
+  }
+  if ("authorize" in authConfig && typeof authConfig.authorize === "function") {
+    try {
+      const context = {
+        get: (key) => {
+          if (key === "mastra") return res.locals.mastra;
+          if (key === "requestContext") return res.locals.requestContext;
+          if (key === "tools") return res.locals.tools;
+          if (key === "taskStore") return res.locals.taskStore;
+          if (key === "customRouteAuthConfig") return res.locals.customRouteAuthConfig;
+          return void 0;
+        },
+        req
+      };
+      const isAuthorized = await authConfig.authorize(path, method, user, context);
+      if (isAuthorized) {
+        return next();
+      }
+      return res.status(403).json({ error: "Access denied" });
+    } catch (err) {
+      console.error(err);
+      return res.status(500).json({ error: "Authorization error" });
+    }
+  }
+  if ("rules" in authConfig && authConfig.rules && authConfig.rules.length > 0) {
+    const isAuthorized = await checkRules(authConfig.rules, path, method, user);
+    if (isAuthorized) {
+      return next();
+    }
+    return res.status(403).json({ error: "Access denied" });
+  }
+  if (defaultAuthConfig.rules && defaultAuthConfig.rules.length > 0) {
+    const isAuthorized = await checkRules(defaultAuthConfig.rules, path, method, user);
+    if (isAuthorized) {
+      return next();
+    }
+  }
+  return res.status(403).json({ error: "Access denied" });
+};
+
+// src/index.ts
+var MastraServer = class extends MastraServer$1 {
   createContextMiddleware() {
     return async (req, res, next) => {
       let bodyRequestContext;
@@ -55,13 +361,15 @@ var ExpressServerAdapter = class extends MastraServerAdapter {
       res.locals.requestContext = requestContext;
       res.locals.mastra = this.mastra;
       res.locals.tools = this.tools || {};
-      res.locals.taskStore = this.taskStore;
-      res.locals.playground = this.playground === true;
-      res.locals.isDev = this.isDev === true;
+      if (this.taskStore) {
+        res.locals.taskStore = this.taskStore;
+      }
       res.locals.customRouteAuthConfig = this.customRouteAuthConfig;
       const controller = new AbortController();
-      req.on("close", () => {
-        controller.abort();
+      res.on("close", () => {
+        if (!res.writableFinished) {
+          controller.abort();
+        }
       });
       res.locals.abortSignal = controller.signal;
       next();
@@ -78,12 +386,14 @@ var ExpressServerAdapter = class extends MastraServerAdapter {
         const { done, value } = await reader.read();
         if (done) break;
         if (value) {
+          const shouldRedact = this.streamOptions?.redact ?? true;
+          const outputValue = shouldRedact ? redactStreamChunk(value) : value;
           if (streamFormat === "sse") {
-            res.write(`data: ${JSON.stringify(value)}
+            res.write(`data: ${JSON.stringify(outputValue)}
 
 `);
           } else {
-            res.write(JSON.stringify(value) + "");
+            res.write(JSON.stringify(outputValue) + "");
           }
         }
       }
@@ -95,11 +405,75 @@ var ExpressServerAdapter = class extends MastraServerAdapter {
   }
   async getParams(route, request) {
     const urlParams = request.params;
-    const queryParams = request.query;
-    const body = await request.body;
+    const queryParams = normalizeQueryParams(request.query);
+    let body;
+    if (route.method === "POST" || route.method === "PUT" || route.method === "PATCH") {
+      const contentType = request.headers["content-type"] || "";
+      if (contentType.includes("multipart/form-data")) {
+        try {
+          const maxFileSize = route.maxBodySize ?? this.bodyLimitOptions?.maxSize;
+          body = await this.parseMultipartFormData(request, maxFileSize);
+        } catch (error) {
+          console.error("Failed to parse multipart form data:", error);
+          if (error instanceof Error && error.message.toLowerCase().includes("size")) {
+            throw error;
+          }
+        }
+      } else {
+        body = request.body;
+      }
+    }
     return { urlParams, queryParams, body };
   }
-  async sendResponse(route, response, result) {
+  /**
+   * Parse multipart/form-data using @fastify/busboy.
+   * Converts file uploads to Buffers and parses JSON field values.
+   *
+   * @param request - The Express request object
+   * @param maxFileSize - Optional maximum file size in bytes
+   */
+  parseMultipartFormData(request, maxFileSize) {
+    return new Promise((resolve, reject) => {
+      const result = {};
+      const busboy = new Busboy({
+        headers: {
+          "content-type": request.headers["content-type"]
+        },
+        limits: maxFileSize ? { fileSize: maxFileSize } : void 0
+      });
+      busboy.on("file", (fieldname, file) => {
+        const chunks = [];
+        let limitExceeded = false;
+        file.on("data", (chunk) => {
+          chunks.push(chunk);
+        });
+        file.on("limit", () => {
+          limitExceeded = true;
+          reject(new Error(`File size limit exceeded${maxFileSize ? ` (max: ${maxFileSize} bytes)` : ""}`));
+        });
+        file.on("end", () => {
+          if (!limitExceeded) {
+            result[fieldname] = Buffer.concat(chunks);
+          }
+        });
+      });
+      busboy.on("field", (fieldname, value) => {
+        try {
+          result[fieldname] = JSON.parse(value);
+        } catch {
+          result[fieldname] = value;
+        }
+      });
+      busboy.on("finish", () => {
+        resolve(result);
+      });
+      busboy.on("error", (error) => {
+        reject(error);
+      });
+      request.pipe(busboy);
+    });
+  }
+  async sendResponse(route, response, result, request) {
     if (route.responseType === "json") {
       response.json(result);
     } else if (route.responseType === "stream") {
@@ -122,6 +496,47 @@ var ExpressServerAdapter = class extends MastraServerAdapter {
       } else {
         response.end();
       }
+    } else if (route.responseType === "mcp-http") {
+      if (!request) {
+        response.status(500).json({ error: "Request object required for MCP transport" });
+        return;
+      }
+      const { server, httpPath } = result;
+      try {
+        await server.startHTTP({
+          url: new URL(request.url, `http://${request.headers.host}`),
+          httpPath,
+          req: request,
+          res: response
+        });
+      } catch {
+        if (!response.headersSent) {
+          response.status(500).json({
+            jsonrpc: "2.0",
+            error: { code: -32603, message: "Internal server error" },
+            id: null
+          });
+        }
+      }
+    } else if (route.responseType === "mcp-sse") {
+      if (!request) {
+        response.status(500).json({ error: "Request object required for MCP transport" });
+        return;
+      }
+      const { server, ssePath, messagePath } = result;
+      try {
+        await server.startSSE({
+          url: new URL(request.url, `http://${request.headers.host}`),
+          ssePath,
+          messagePath,
+          req: request,
+          res: response
+        });
+      } catch {
+        if (!response.headersSent) {
+          response.status(500).json({ error: "Error handling MCP SSE request" });
+        }
+      }
     } else {
       response.sendStatus(500);
     }
@@ -155,9 +570,12 @@ var ExpressServerAdapter = class extends MastraServerAdapter {
             params.queryParams = await this.parseQueryParams(route, params.queryParams);
           } catch (error) {
             console.error("Error parsing query params", error);
+            if (error instanceof ZodError) {
+              return res.status(400).json(formatZodError(error, "query parameters"));
+            }
             return res.status(400).json({
               error: "Invalid query parameters",
-              details: error instanceof Error ? error.message : "Unknown error"
+              issues: [{ field: "unknown", message: error instanceof Error ? error.message : "Unknown error" }]
             });
           }
         }
@@ -165,10 +583,13 @@ var ExpressServerAdapter = class extends MastraServerAdapter {
           try {
             params.body = await this.parseBody(route, params.body);
           } catch (error) {
-            console.error("Error parsing body", error);
+            console.error("Error parsing body:", error instanceof Error ? error.message : String(error));
+            if (error instanceof ZodError) {
+              return res.status(400).json(formatZodError(error, "request body"));
+            }
             return res.status(400).json({
               error: "Invalid request body",
-              details: error instanceof Error ? error.message : "Unknown error"
+              issues: [{ field: "unknown", message: error instanceof Error ? error.message : "Unknown error" }]
             });
           }
         }
@@ -184,7 +605,7 @@ var ExpressServerAdapter = class extends MastraServerAdapter {
         };
         try {
           const result = await route.handler(handlerParams);
-          await this.sendResponse(route, res, result);
+          await this.sendResponse(route, res, result, req);
         } catch (error) {
           console.error("Error calling handler", error);
           let status = 500;
@@ -200,14 +621,19 @@ var ExpressServerAdapter = class extends MastraServerAdapter {
       }
     );
   }
-  registerContextMiddleware(app) {
-    app.use(this.createContextMiddleware());
+  registerContextMiddleware() {
+    this.app.use(this.createContextMiddleware());
   }
-  async registerRoutes(app, { prefix, openapiPath }) {
-    await super.registerRoutes(app, { prefix, openapiPath });
+  registerAuthMiddleware() {
+    const authConfig = this.mastra.getServer()?.auth;
+    if (!authConfig) {
+      return;
+    }
+    this.app.use(authenticationMiddleware);
+    this.app.use(authorizationMiddleware);
   }
 };
 
-export { ExpressServerAdapter };
+export { MastraServer };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map