@mastra/express 0.0.0-span-scorring-test-20251124132129 → 0.0.0-top-level-fix-20251211111608

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/CHANGELOG.md +135 -2800
  2. package/README.md +38 -432
  3. package/dist/auth-middleware.d.ts +4 -0
  4. package/dist/auth-middleware.d.ts.map +1 -0
  5. package/dist/index.cjs +182 -35
  6. package/dist/index.cjs.map +1 -1
  7. package/dist/index.d.ts +7 -25
  8. package/dist/index.d.ts.map +1 -1
  9. package/dist/index.js +183 -36
  10. package/dist/index.js.map +1 -1
  11. package/package.json +11 -11
package/dist/index.cjs CHANGED
@@ -1,29 +1,126 @@
1
1
  'use strict';
2
2
 
3
- var store = require('@mastra/server/a2a/store');
4
3
  var serverAdapter = require('@mastra/server/server-adapter');
4
+ var auth = require('@mastra/server/auth');
5
5
 
6
6
  // src/index.ts
7
- var ExpressServerAdapter = class extends serverAdapter.MastraServerAdapter {
8
- taskStore;
9
- customRouteAuthConfig;
10
- playground;
11
- isDev;
12
- constructor({
13
- mastra,
14
- tools,
15
- taskStore,
16
- customRouteAuthConfig,
17
- playground,
18
- isDev,
19
- bodyLimitOptions
20
- }) {
21
- super({ mastra, bodyLimitOptions, tools });
22
- this.taskStore = taskStore || new store.InMemoryTaskStore();
23
- this.customRouteAuthConfig = customRouteAuthConfig;
24
- this.playground = playground;
25
- this.isDev = isDev;
7
+ var authenticationMiddleware = async (req, res, next) => {
8
+ const mastra = res.locals.mastra;
9
+ const authConfig = mastra.getServer()?.auth;
10
+ const customRouteAuthConfig = res.locals.customRouteAuthConfig;
11
+ if (!authConfig) {
12
+ return next();
26
13
  }
14
+ const path = req.path;
15
+ const method = req.method;
16
+ const getHeader = (name) => req.headers[name.toLowerCase()];
17
+ if (auth.isDevPlaygroundRequest(path, method, getHeader, authConfig)) {
18
+ return next();
19
+ }
20
+ if (!auth.isProtectedPath(req.path, req.method, authConfig, customRouteAuthConfig)) {
21
+ return next();
22
+ }
23
+ if (auth.canAccessPublicly(req.path, req.method, authConfig)) {
24
+ return next();
25
+ }
26
+ const authHeader = req.headers.authorization;
27
+ let token = authHeader ? authHeader.replace("Bearer ", "") : null;
28
+ if (!token && req.query.apiKey) {
29
+ token = req.query.apiKey || null;
30
+ }
31
+ if (!token) {
32
+ return res.status(401).json({ error: "Authentication required" });
33
+ }
34
+ try {
35
+ let user;
36
+ if (typeof authConfig.authenticateToken === "function") {
37
+ user = await authConfig.authenticateToken(token, req);
38
+ } else {
39
+ throw new Error("No token verification method configured");
40
+ }
41
+ if (!user) {
42
+ return res.status(401).json({ error: "Invalid or expired token" });
43
+ }
44
+ res.locals.requestContext.set("user", user);
45
+ return next();
46
+ } catch (err) {
47
+ console.error(err);
48
+ return res.status(401).json({ error: "Invalid or expired token" });
49
+ }
50
+ };
51
+ var authorizationMiddleware = async (req, res, next) => {
52
+ const mastra = res.locals.mastra;
53
+ const authConfig = mastra.getServer()?.auth;
54
+ const customRouteAuthConfig = res.locals.customRouteAuthConfig;
55
+ if (!authConfig) {
56
+ return next();
57
+ }
58
+ const path = req.path;
59
+ const method = req.method;
60
+ const getHeader = (name) => req.headers[name.toLowerCase()];
61
+ if (auth.isDevPlaygroundRequest(path, method, getHeader, authConfig)) {
62
+ return next();
63
+ }
64
+ if (!auth.isProtectedPath(req.path, req.method, authConfig, customRouteAuthConfig)) {
65
+ return next();
66
+ }
67
+ if (auth.canAccessPublicly(path, method, authConfig)) {
68
+ return next();
69
+ }
70
+ const user = res.locals.requestContext.get("user");
71
+ if ("authorizeUser" in authConfig && typeof authConfig.authorizeUser === "function") {
72
+ try {
73
+ const isAuthorized = await authConfig.authorizeUser(user, req);
74
+ if (isAuthorized) {
75
+ return next();
76
+ }
77
+ return res.status(403).json({ error: "Access denied" });
78
+ } catch (err) {
79
+ console.error(err);
80
+ return res.status(500).json({ error: "Authorization error" });
81
+ }
82
+ }
83
+ if ("authorize" in authConfig && typeof authConfig.authorize === "function") {
84
+ try {
85
+ const context = {
86
+ get: (key) => {
87
+ if (key === "mastra") return res.locals.mastra;
88
+ if (key === "requestContext") return res.locals.requestContext;
89
+ if (key === "tools") return res.locals.tools;
90
+ if (key === "taskStore") return res.locals.taskStore;
91
+ if (key === "customRouteAuthConfig") return res.locals.customRouteAuthConfig;
92
+ return void 0;
93
+ },
94
+ req
95
+ };
96
+ const isAuthorized = await authConfig.authorize(path, method, user, context);
97
+ if (isAuthorized) {
98
+ return next();
99
+ }
100
+ return res.status(403).json({ error: "Access denied" });
101
+ } catch (err) {
102
+ console.error(err);
103
+ return res.status(500).json({ error: "Authorization error" });
104
+ }
105
+ }
106
+ if ("rules" in authConfig && authConfig.rules && authConfig.rules.length > 0) {
107
+ const isAuthorized = await auth.checkRules(authConfig.rules, path, method, user);
108
+ if (isAuthorized) {
109
+ return next();
110
+ }
111
+ return res.status(403).json({ error: "Access denied" });
112
+ }
113
+ if (auth.defaultAuthConfig.rules && auth.defaultAuthConfig.rules.length > 0) {
114
+ const isAuthorized = await auth.checkRules(auth.defaultAuthConfig.rules, path, method, user);
115
+ if (isAuthorized) {
116
+ return next();
117
+ }
118
+ }
119
+ return res.status(403).json({ error: "Access denied" });
120
+ };
121
+
122
+ // src/index.ts
123
+ var MastraServer = class extends serverAdapter.MastraServer {
27
124
  createContextMiddleware() {
28
125
  return async (req, res, next) => {
29
126
  let bodyRequestContext;
@@ -57,13 +154,15 @@ var ExpressServerAdapter = class extends serverAdapter.MastraServerAdapter {
57
154
  res.locals.requestContext = requestContext;
58
155
  res.locals.mastra = this.mastra;
59
156
  res.locals.tools = this.tools || {};
60
- res.locals.taskStore = this.taskStore;
61
- res.locals.playground = this.playground === true;
62
- res.locals.isDev = this.isDev === true;
157
+ if (this.taskStore) {
158
+ res.locals.taskStore = this.taskStore;
159
+ }
63
160
  res.locals.customRouteAuthConfig = this.customRouteAuthConfig;
64
161
  const controller = new AbortController();
65
- req.on("close", () => {
66
- controller.abort();
162
+ res.on("close", () => {
163
+ if (!res.writableFinished) {
164
+ controller.abort();
165
+ }
67
166
  });
68
167
  res.locals.abortSignal = controller.signal;
69
168
  next();
@@ -80,12 +179,14 @@ var ExpressServerAdapter = class extends serverAdapter.MastraServerAdapter {
80
179
  const { done, value } = await reader.read();
81
180
  if (done) break;
82
181
  if (value) {
182
+ const shouldRedact = this.streamOptions?.redact ?? true;
183
+ const outputValue = shouldRedact ? serverAdapter.redactStreamChunk(value) : value;
83
184
  if (streamFormat === "sse") {
84
- res.write(`data: ${JSON.stringify(value)}
185
+ res.write(`data: ${JSON.stringify(outputValue)}
85
186
 
86
187
  `);
87
188
  } else {
88
- res.write(JSON.stringify(value) + "");
189
+ res.write(JSON.stringify(outputValue) + "");
89
190
  }
90
191
  }
91
192
  }
@@ -101,7 +202,7 @@ var ExpressServerAdapter = class extends serverAdapter.MastraServerAdapter {
101
202
  const body = await request.body;
102
203
  return { urlParams, queryParams, body };
103
204
  }
104
- async sendResponse(route, response, result) {
205
+ async sendResponse(route, response, result, request) {
105
206
  if (route.responseType === "json") {
106
207
  response.json(result);
107
208
  } else if (route.responseType === "stream") {
@@ -124,6 +225,47 @@ var ExpressServerAdapter = class extends serverAdapter.MastraServerAdapter {
124
225
  } else {
125
226
  response.end();
126
227
  }
228
+ } else if (route.responseType === "mcp-http") {
229
+ if (!request) {
230
+ response.status(500).json({ error: "Request object required for MCP transport" });
231
+ return;
232
+ }
233
+ const { server, httpPath } = result;
234
+ try {
235
+ await server.startHTTP({
236
+ url: new URL(request.url, `http://${request.headers.host}`),
237
+ httpPath,
238
+ req: request,
239
+ res: response
240
+ });
241
+ } catch {
242
+ if (!response.headersSent) {
243
+ response.status(500).json({
244
+ jsonrpc: "2.0",
245
+ error: { code: -32603, message: "Internal server error" },
246
+ id: null
247
+ });
248
+ }
249
+ }
250
+ } else if (route.responseType === "mcp-sse") {
251
+ if (!request) {
252
+ response.status(500).json({ error: "Request object required for MCP transport" });
253
+ return;
254
+ }
255
+ const { server, ssePath, messagePath } = result;
256
+ try {
257
+ await server.startSSE({
258
+ url: new URL(request.url, `http://${request.headers.host}`),
259
+ ssePath,
260
+ messagePath,
261
+ req: request,
262
+ res: response
263
+ });
264
+ } catch {
265
+ if (!response.headersSent) {
266
+ response.status(500).json({ error: "Error handling MCP SSE request" });
267
+ }
268
+ }
127
269
  } else {
128
270
  response.sendStatus(500);
129
271
  }
@@ -167,7 +309,7 @@ var ExpressServerAdapter = class extends serverAdapter.MastraServerAdapter {
167
309
  try {
168
310
  params.body = await this.parseBody(route, params.body);
169
311
  } catch (error) {
170
- console.error("Error parsing body", error);
312
+ console.error("Error parsing body:", error instanceof Error ? error.message : String(error));
171
313
  return res.status(400).json({
172
314
  error: "Invalid request body",
173
315
  details: error instanceof Error ? error.message : "Unknown error"
@@ -186,7 +328,7 @@ var ExpressServerAdapter = class extends serverAdapter.MastraServerAdapter {
186
328
  };
187
329
  try {
188
330
  const result = await route.handler(handlerParams);
189
- await this.sendResponse(route, res, result);
331
+ await this.sendResponse(route, res, result, req);
190
332
  } catch (error) {
191
333
  console.error("Error calling handler", error);
192
334
  let status = 500;
@@ -202,14 +344,19 @@ var ExpressServerAdapter = class extends serverAdapter.MastraServerAdapter {
202
344
  }
203
345
  );
204
346
  }
205
- registerContextMiddleware(app) {
206
- app.use(this.createContextMiddleware());
347
+ registerContextMiddleware() {
348
+ this.app.use(this.createContextMiddleware());
207
349
  }
208
- async registerRoutes(app, { prefix, openapiPath }) {
209
- await super.registerRoutes(app, { prefix, openapiPath });
350
+ registerAuthMiddleware() {
351
+ const authConfig = this.mastra.getServer()?.auth;
352
+ if (!authConfig) {
353
+ return;
354
+ }
355
+ this.app.use(authenticationMiddleware);
356
+ this.app.use(authorizationMiddleware);
210
357
  }
211
358
  };
212
359
 
213
- exports.ExpressServerAdapter = ExpressServerAdapter;
360
+ exports.MastraServer = MastraServer;
214
361
  //# sourceMappingURL=index.cjs.map
215
362
  //# sourceMappingURL=index.cjs.map
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"names":["MastraServerAdapter","InMemoryTaskStore"],"mappings":";;;;;;AAwBO,IAAM,oBAAA,GAAN,cAAmCA,iCAAA,CAAoD;AAAA,EACpF,SAAA;AAAA,EACA,qBAAA;AAAA,EACA,UAAA;AAAA,EACA,KAAA;AAAA,EAER,WAAA,CAAY;AAAA,IACV,MAAA;AAAA,IACA,KAAA;AAAA,IACA,SAAA;AAAA,IACA,qBAAA;AAAA,IACA,UAAA;AAAA,IACA,KAAA;AAAA,IACA;AAAA,GACF,EAQG;AACD,IAAA,KAAA,CAAM,EAAE,MAAA,EAAQ,gBAAA,EAAkB,KAAA,EAAO,CAAA;AACzC,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA,IAAa,IAAIC,uBAAA,EAAkB;AACpD,IAAA,IAAA,CAAK,qBAAA,GAAwB,qBAAA;AAC7B,IAAA,IAAA,CAAK,UAAA,GAAa,UAAA;AAClB,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AAAA,EACf;AAAA,EAEA,uBAAA,GAA8F;AAC5F,IAAA,OAAO,OAAO,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAEhE,MAAA,IAAI,kBAAA;AACJ,MAAA,IAAI,oBAAA;AAGJ,MAAA,IAAI,GAAA,CAAI,MAAA,KAAW,MAAA,IAAU,GAAA,CAAI,WAAW,KAAA,EAAO;AACjD,QAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,cAAc,CAAA;AAC9C,QAAA,IAAI,WAAA,EAAa,QAAA,CAAS,kBAAkB,CAAA,IAAK,IAAI,IAAA,EAAM;AACzD,UAAA,IAAI,GAAA,CAAI,KAAK,cAAA,EAAgB;AAC3B,YAAA,kBAAA,GAAqB,IAAI,IAAA,CAAK,cAAA;AAAA,UAChC;AAAA,QACF;AAAA,MACF;AAGA,MAAA,IAAI,GAAA,CAAI,WAAW,KAAA,EAAO;AACxB,QAAA,IAAI;AACF,UAAA,MAAM,qBAAA,GAAwB,IAAI,KAAA,CAAM,cAAA;AACxC,UAAA,IAAI,OAAO,0BAA0B,QAAA,EAAU;AAE7C,YAAA,IAAI;AACF,cAAA,oBAAA,GAAuB,IAAA,CAAK,MAAM,qBAAqB,CAAA;AAAA,YACzD,CAAA,CAAA,MAAQ;AAEN,cAAA,IAAI;AACF,gBAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,uBAAuB,QAAQ,CAAA,CAAE,SAAS,OAAO,CAAA;AAC1E,gBAAA,oBAAA,GAAuB,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,cACxC,CAAA,CAAA,MAAQ;AAAA,cAER;AAAA,YACF;AAAA,UACF;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,MAAM,iBAAiB,IAAA,CAAK,mBAAA,CAAoB,EAAE,oBAAA,EAAsB,oBAAoB,CAAA;AAG5F,MAAA,GAAA,CAAI,OAAO,cAAA,GAAiB,cAAA;AAC5B,MAAA,GAAA,CAAI,MAAA,CAAO,SAAS,IAAA,CAAK,MAAA;AACzB,MAAA,GAAA,CAAI,MAAA,CAAO,KAAA,GAAQ,IAAA,CAAK,KAAA,IAAS,EAAC;AAClC,MAAA,GAAA,CAAI,MAAA,CAAO,YAAY,IAAA,CAAK,SAAA;AAC5B,MAAA,GAAA,CAAI,MAAA,CAAO,UAAA,GAAa,IAAA,CAAK,UAAA,KAAe,IAAA;AAC5C,MAAA,GAAA,CAAI,MAAA,CAAO,KAAA,GAAQ,IAAA,CAAK,KAAA,KAAU,IAAA;AAClC,MAAA,GAAA,CAAI,MAAA,CAAO,wBAAwB,IAAA,CAAK,qBAAA;AACxC,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,MAAA,GAAA,CAAI,EAAA,CAAG,SAAS,MAAM;AACpB,QAAA,UAAA,CAAW,KAAA,EAAM;AAAA,MACnB,CAAC,CAAA;AACD,MAAA,GAAA,CAAI,MAAA,CAAO,cAAc,UAAA,CAAW,MAAA;AACpC,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EACA,MAAM,MAAA,CAAO,KAAA,EAAoB,GAAA,EAAe,MAAA,EAAuD;AACrG,IAAA,GAAA,CAAI,SAAA,CAAU,gBAAgB,YAAY,CAAA;AAC1C,IAAA,GAAA,CAAI,SAAA,CAAU,qBAAqB,SAAS,CAAA;AAE5C,IAAA,MAAM,YAAA,GAAe,MAAM,YAAA,IAAgB,QAAA;AAE3C,IAAA,MAAM,cAAA,GAAiB,MAAA,YAAkB,cAAA,GAAiB,MAAA,GAAS,MAAA,CAAO,UAAA;AAC1E,IAAA,MAAM,MAAA,GAAS,eAAe,SAAA,EAAU;AAExC,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,EAAM;AACX,QAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,OAAO,IAAA,EAAK;AAC1C,QAAA,IAAI,IAAA,EAAM;AAEV,QAAA,IAAI,KAAA,EAAO;AACT,UAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,YAAA,GAAA,CAAI,KAAA,CAAM,CAAA,MAAA,EAAS,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC;;AAAA,CAAM,CAAA;AAAA,UAChD,CAAA,MAAO;AACL,YAAA,GAAA,CAAI,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,KAAK,IAAI,GAAM,CAAA;AAAA,UAC1C;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,MAAM,KAAK,CAAA;AAAA,IACrB,CAAA,SAAE;AACA,MAAA,GAAA,CAAI,GAAA,EAAI;AAAA,IACV;AAAA,EACF;AAAA,EAEA,MAAM,SAAA,CACJ,KAAA,EACA,OAAA,EACoG;AACpG,IAAA,MAAM,YAAY,OAAA,CAAQ,MAAA;AAC1B,IAAA,MAAM,cAAc,OAAA,CAAQ,KAAA;AAC5B,IAAA,MAAM,IAAA,GAAO,MAAM,OAAA,CAAQ,IAAA;AAC3B,IAAA,OAAO,EAAE,SAAA,EAAW,WAAA,EAAoD,IAAA,EAAK;AAAA,EAC/E;AAAA,EAEA,MAAM,YAAA,CAAa,KAAA,EAAoB,QAAA,EAAoB,MAAA,EAAgC;AACzF,IAAA,IAAI,KAAA,CAAM,iBAAiB,MAAA,EAAQ;AACjC,MAAA,QAAA,CAAS,KAAK,MAAM,CAAA;AAAA,IACtB,CAAA,MAAA,IAAW,KAAA,CAAM,YAAA,KAAiB,QAAA,EAAU;AAC1C,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,QAAA,EAAU,MAAwC,CAAA;AAAA,IAC7E,CAAA,MAAA,IAAW,KAAA,CAAM,YAAA,KAAiB,qBAAA,EAAuB;AAEvD,MAAA,MAAM,aAAA,GAAgB,MAAA;AACtB,MAAA,aAAA,CAAc,OAAA,CAAQ,QAAQ,CAAC,KAAA,EAAO,QAAQ,QAAA,CAAS,SAAA,CAAU,GAAA,EAAK,KAAK,CAAC,CAAA;AAC5E,MAAA,QAAA,CAAS,MAAA,CAAO,cAAc,MAAM,CAAA;AACpC,MAAA,IAAI,cAAc,IAAA,EAAM;AACtB,QAAA,MAAM,MAAA,GAAS,aAAA,CAAc,IAAA,CAAK,SAAA,EAAU;AAC5C,QAAA,IAAI;AACF,UAAA,OAAO,IAAA,EAAM;AACX,YAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,OAAO,IAAA,EAAK;AAC1C,YAAA,IAAI,IAAA,EAAM;AACV,YAAA,QAAA,CAAS,MAAM,KAAK,CAAA;AAAA,UACtB;AAAA,QACF,CAAA,SAAE;AACA,UAAA,QAAA,CAAS,GAAA,EAAI;AAAA,QACf;AAAA,MACF,CAAA,MAAO;AACL,QAAA,QAAA,CAAS,GAAA,EAAI;AAAA,MACf;AAAA,IACF,CAAA,MAAO;AACL,MAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAM,aAAA,CAAc,GAAA,EAAkB,KAAA,EAAoB,EAAE,QAAO,EAAuC;AAExG,IAAA,MAAM,oBAAA,GAAuB,IAAA,CAAK,gBAAA,IAAoB,CAAC,MAAA,EAAQ,KAAA,EAAO,OAAO,CAAA,CAAE,QAAA,CAAS,KAAA,CAAM,MAAA,CAAO,WAAA,EAAa,CAAA;AAGlH,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,WAAA,IAAe,IAAA,CAAK,gBAAA,EAAkB,OAAA;AAG5D,IAAA,MAAM,cAAgF,EAAC;AAGvF,IAAA,IAAI,oBAAA,IAAwB,OAAA,IAAW,IAAA,CAAK,gBAAA,EAAkB;AAC5D,MAAA,MAAM,mBAAA,GAAsB,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC/E,QAAA,MAAM,aAAA,GAAgB,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA;AAClD,QAAA,IAAI,aAAA,IAAiB,QAAA,CAAS,aAAA,EAAe,EAAE,IAAI,OAAA,EAAS;AAC1D,UAAA,IAAI;AACF,YAAA,MAAM,gBAAgB,IAAA,CAAK,gBAAA,CAAkB,QAAQ,EAAE,KAAA,EAAO,0BAA0B,CAAA;AACxF,YAAA,OAAO,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,aAAa,CAAA;AAAA,UAC3C,CAAA,CAAA,MAAQ;AACN,YAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,0BAA0B,CAAA;AAAA,UACjE;AAAA,QACF;AACA,QAAA,IAAA,EAAK;AAAA,MACP,CAAA;AACA,MAAA,WAAA,CAAY,KAAK,mBAAmB,CAAA;AAAA,IACtC;AAEA,IAAA,GAAA,CAAI,KAAA,CAAM,MAAA,CAAO,WAAA,EAAkC,CAAA;AAAA,MACjD,CAAA,EAAG,MAAM,CAAA,EAAG,KAAA,CAAM,IAAI,CAAA,CAAA;AAAA,MACtB,GAAG,WAAA;AAAA,MACH,OAAO,KAAc,GAAA,KAAkB;AACrC,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAE9C,QAAA,IAAI,OAAO,WAAA,EAAa;AACtB,UAAA,IAAI;AACF,YAAA,MAAA,CAAO,cAAc,MAAM,IAAA,CAAK,gBAAA,CAAiB,KAAA,EAAO,OAAO,WAAqC,CAAA;AAAA,UACtG,SAAS,KAAA,EAAO;AACd,YAAA,OAAA,CAAQ,KAAA,CAAM,8BAA8B,KAAK,CAAA;AAEjD,YAAA,OAAO,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,cAC1B,KAAA,EAAO,0BAAA;AAAA,cACP,OAAA,EAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,aACnD,CAAA;AAAA,UACH;AAAA,QACF;AAEA,QAAA,IAAI,OAAO,IAAA,EAAM;AACf,UAAA,IAAI;AACF,YAAA,MAAA,CAAO,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,UACvD,SAAS,KAAA,EAAO;AACd,YAAA,OAAA,CAAQ,KAAA,CAAM,sBAAsB,KAAK,CAAA;AAEzC,YAAA,OAAO,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,cAC1B,KAAA,EAAO,sBAAA;AAAA,cACP,OAAA,EAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,aACnD,CAAA;AAAA,UACH;AAAA,QACF;AAEA,QAAA,MAAM,aAAA,GAAgB;AAAA,UACpB,GAAG,MAAA,CAAO,SAAA;AAAA,UACV,GAAG,MAAA,CAAO,WAAA;AAAA,UACV,GAAI,OAAO,MAAA,CAAO,SAAS,QAAA,GAAW,MAAA,CAAO,OAAO,EAAC;AAAA,UACrD,cAAA,EAAgB,IAAI,MAAA,CAAO,cAAA;AAAA,UAC3B,QAAQ,IAAA,CAAK,MAAA;AAAA,UACb,KAAA,EAAO,IAAI,MAAA,CAAO,KAAA;AAAA,UAClB,SAAA,EAAW,IAAI,MAAA,CAAO,SAAA;AAAA,UACtB,WAAA,EAAa,IAAI,MAAA,CAAO;AAAA,SAC1B;AAEA,QAAA,IAAI;AACF,UAAA,MAAM,MAAA,GAAS,MAAM,KAAA,CAAM,OAAA,CAAQ,aAAa,CAAA;AAChD,UAAA,MAAM,IAAA,CAAK,YAAA,CAAa,KAAA,EAAO,GAAA,EAAK,MAAM,CAAA;AAAA,QAC5C,SAAS,KAAA,EAAO;AACd,UAAA,OAAA,CAAQ,KAAA,CAAM,yBAAyB,KAAK,CAAA;AAE5C,UAAA,IAAI,MAAA,GAAS,GAAA;AACb,UAAA,IAAI,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AAEtC,YAAA,IAAI,YAAY,KAAA,EAAO;AACrB,cAAA,MAAA,GAAU,KAAA,CAAc,MAAA;AAAA,YAC1B,CAAA,MAAA,IAGE,SAAA,IAAa,KAAA,IACb,KAAA,CAAM,OAAA,IACN,OAAO,KAAA,CAAM,OAAA,KAAY,QAAA,IACzB,QAAA,IAAY,KAAA,CAAM,OAAA,EAClB;AACA,cAAA,MAAA,GAAU,MAAM,OAAA,CAAgB,MAAA;AAAA,YAClC;AAAA,UACF;AACA,UAAA,GAAA,CAAI,MAAA,CAAO,MAAM,CAAA,CAAE,IAAA,CAAK,EAAE,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,eAAA,EAAiB,CAAA;AAAA,QAC7F;AAAA,MACF;AAAA,KACF;AAAA,EACF;AAAA,EAEA,0BAA0B,GAAA,EAAwB;AAChD,IAAA,GAAA,CAAI,GAAA,CAAI,IAAA,CAAK,uBAAA,EAAyB,CAAA;AAAA,EACxC;AAAA,EAEA,MAAM,cAAA,CACJ,GAAA,EACA,EAAE,MAAA,EAAQ,aAAY,EACP;AACf,IAAA,MAAM,MAAM,cAAA,CAAe,GAAA,EAAK,EAAE,MAAA,EAAQ,aAAa,CAAA;AAAA,EACzD;AACF","file":"index.cjs","sourcesContent":["import type { Mastra } from '@mastra/core/mastra';\nimport type { RequestContext } from '@mastra/core/request-context';\nimport type { Tool } from '@mastra/core/tools';\nimport { InMemoryTaskStore } from '@mastra/server/a2a/store';\nimport type { ServerRoute, BodyLimitOptions } from '@mastra/server/server-adapter';\nimport { MastraServerAdapter } from '@mastra/server/server-adapter';\nimport type { Application, NextFunction, Request, Response } from 'express';\n\n// Extend Express types to include Mastra context\ndeclare global {\n namespace Express {\n interface Locals {\n mastra: Mastra;\n requestContext: RequestContext;\n abortSignal: AbortSignal;\n tools: Record<string, Tool>;\n taskStore: InMemoryTaskStore;\n customRouteAuthConfig?: Map<string, boolean>;\n playground?: boolean;\n isDev?: boolean;\n }\n }\n}\n\nexport class ExpressServerAdapter extends MastraServerAdapter<Application, Request, Response> {\n private taskStore: InMemoryTaskStore;\n private customRouteAuthConfig?: Map<string, boolean>;\n private playground?: boolean;\n private isDev?: boolean;\n\n constructor({\n mastra,\n tools,\n taskStore,\n customRouteAuthConfig,\n playground,\n isDev,\n bodyLimitOptions,\n }: {\n mastra: Mastra;\n tools?: Record<string, Tool>;\n taskStore?: InMemoryTaskStore;\n customRouteAuthConfig?: Map<string, boolean>;\n playground?: boolean;\n isDev?: boolean;\n bodyLimitOptions?: BodyLimitOptions;\n }) {\n super({ mastra, bodyLimitOptions, tools });\n this.taskStore = taskStore || new InMemoryTaskStore();\n this.customRouteAuthConfig = customRouteAuthConfig;\n this.playground = playground;\n this.isDev = isDev;\n }\n\n createContextMiddleware(): (req: Request, res: Response, next: NextFunction) => Promise<void> {\n return async (req: Request, res: Response, next: NextFunction) => {\n // Parse request context from request body and add to context\n let bodyRequestContext: Record<string, any> | undefined;\n let paramsRequestContext: Record<string, any> | undefined;\n\n // Parse request context from request body (POST/PUT)\n if (req.method === 'POST' || req.method === 'PUT') {\n const contentType = req.headers['content-type'];\n if (contentType?.includes('application/json') && req.body) {\n if (req.body.requestContext) {\n bodyRequestContext = req.body.requestContext;\n }\n }\n }\n\n // Parse request context from query params (GET)\n if (req.method === 'GET') {\n try {\n const encodedRequestContext = req.query.requestContext;\n if (typeof encodedRequestContext === 'string') {\n // Try JSON first\n try {\n paramsRequestContext = JSON.parse(encodedRequestContext);\n } catch {\n // Fallback to base64(JSON)\n try {\n const json = Buffer.from(encodedRequestContext, 'base64').toString('utf-8');\n paramsRequestContext = JSON.parse(json);\n } catch {\n // ignore if still invalid\n }\n }\n }\n } catch {\n // ignore query parsing errors\n }\n }\n\n const requestContext = this.mergeRequestContext({ paramsRequestContext, bodyRequestContext });\n\n // Set context in res.locals\n res.locals.requestContext = requestContext;\n res.locals.mastra = this.mastra;\n res.locals.tools = this.tools || {};\n res.locals.taskStore = this.taskStore;\n res.locals.playground = this.playground === true;\n res.locals.isDev = this.isDev === true;\n res.locals.customRouteAuthConfig = this.customRouteAuthConfig;\n const controller = new AbortController();\n req.on('close', () => {\n controller.abort();\n });\n res.locals.abortSignal = controller.signal;\n next();\n };\n }\n async stream(route: ServerRoute, res: Response, result: { fullStream: ReadableStream }): Promise<void> {\n res.setHeader('Content-Type', 'text/plain');\n res.setHeader('Transfer-Encoding', 'chunked');\n\n const streamFormat = route.streamFormat || 'stream';\n\n const readableStream = result instanceof ReadableStream ? result : result.fullStream;\n const reader = readableStream.getReader();\n\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n\n if (value) {\n if (streamFormat === 'sse') {\n res.write(`data: ${JSON.stringify(value)}\\n\\n`);\n } else {\n res.write(JSON.stringify(value) + '\\x1E');\n }\n }\n }\n } catch (error) {\n console.error(error);\n } finally {\n res.end();\n }\n }\n\n async getParams(\n route: ServerRoute,\n request: Request,\n ): Promise<{ urlParams: Record<string, string>; queryParams: Record<string, string>; body: unknown }> {\n const urlParams = request.params;\n const queryParams = request.query;\n const body = await request.body;\n return { urlParams, queryParams: queryParams as Record<string, string>, body };\n }\n\n async sendResponse(route: ServerRoute, response: Response, result: unknown): Promise<void> {\n if (route.responseType === 'json') {\n response.json(result);\n } else if (route.responseType === 'stream') {\n await this.stream(route, response, result as { fullStream: ReadableStream });\n } else if (route.responseType === 'datastream-response') {\n // Handle AI SDK Response objects - pipe Response.body to Express response\n const fetchResponse = result as globalThis.Response;\n fetchResponse.headers.forEach((value, key) => response.setHeader(key, value));\n response.status(fetchResponse.status);\n if (fetchResponse.body) {\n const reader = fetchResponse.body.getReader();\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n response.write(value);\n }\n } finally {\n response.end();\n }\n } else {\n response.end();\n }\n } else {\n response.sendStatus(500);\n }\n }\n\n async registerRoute(app: Application, route: ServerRoute, { prefix }: { prefix?: string }): Promise<void> {\n // Determine if body limits should be applied\n const shouldApplyBodyLimit = this.bodyLimitOptions && ['POST', 'PUT', 'PATCH'].includes(route.method.toUpperCase());\n\n // Get the body size limit for this route (route-specific or default)\n const maxSize = route.maxBodySize ?? this.bodyLimitOptions?.maxSize;\n\n // Create middleware array\n const middlewares: Array<(req: Request, res: Response, next: NextFunction) => void> = [];\n\n // Add body limit middleware if needed\n if (shouldApplyBodyLimit && maxSize && this.bodyLimitOptions) {\n const bodyLimitMiddleware = (req: Request, res: Response, next: NextFunction) => {\n const contentLength = req.headers['content-length'];\n if (contentLength && parseInt(contentLength, 10) > maxSize) {\n try {\n const errorResponse = this.bodyLimitOptions!.onError({ error: 'Request body too large' });\n return res.status(413).json(errorResponse);\n } catch {\n return res.status(413).json({ error: 'Request body too large' });\n }\n }\n next();\n };\n middlewares.push(bodyLimitMiddleware);\n }\n\n app[route.method.toLowerCase() as keyof Application](\n `${prefix}${route.path}`,\n ...middlewares,\n async (req: Request, res: Response) => {\n const params = await this.getParams(route, req);\n\n if (params.queryParams) {\n try {\n params.queryParams = await this.parseQueryParams(route, params.queryParams as Record<string, string>);\n } catch (error) {\n console.error('Error parsing query params', error);\n // Zod validation errors should return 400 Bad Request, not 500\n return res.status(400).json({\n error: 'Invalid query parameters',\n details: error instanceof Error ? error.message : 'Unknown error',\n });\n }\n }\n\n if (params.body) {\n try {\n params.body = await this.parseBody(route, params.body);\n } catch (error) {\n console.error('Error parsing body', error);\n // Zod validation errors should return 400 Bad Request, not 500\n return res.status(400).json({\n error: 'Invalid request body',\n details: error instanceof Error ? error.message : 'Unknown error',\n });\n }\n }\n\n const handlerParams = {\n ...params.urlParams,\n ...params.queryParams,\n ...(typeof params.body === 'object' ? params.body : {}),\n requestContext: res.locals.requestContext,\n mastra: this.mastra,\n tools: res.locals.tools,\n taskStore: res.locals.taskStore,\n abortSignal: res.locals.abortSignal,\n };\n\n try {\n const result = await route.handler(handlerParams);\n await this.sendResponse(route, res, result);\n } catch (error) {\n console.error('Error calling handler', error);\n // Check if it's an HTTPException or MastraError with a status code\n let status = 500;\n if (error && typeof error === 'object') {\n // Check for direct status property (HTTPException)\n if ('status' in error) {\n status = (error as any).status;\n }\n // Check for MastraError with status in details\n else if (\n 'details' in error &&\n error.details &&\n typeof error.details === 'object' &&\n 'status' in error.details\n ) {\n status = (error.details as any).status;\n }\n }\n res.status(status).json({ error: error instanceof Error ? error.message : 'Unknown error' });\n }\n },\n );\n }\n\n registerContextMiddleware(app: Application): void {\n app.use(this.createContextMiddleware());\n }\n\n async registerRoutes(\n app: Application,\n { prefix, openapiPath }: { prefix?: string; openapiPath?: string },\n ): Promise<void> {\n await super.registerRoutes(app, { prefix, openapiPath });\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/auth-middleware.ts","../src/index.ts"],"names":["isDevPlaygroundRequest","isProtectedPath","canAccessPublicly","checkRules","defaultAuthConfig","MastraServerBase","redactStreamChunk"],"mappings":";;;;;;AASO,IAAM,wBAAA,GAA2B,OAAO,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AACjG,EAAA,MAAM,MAAA,GAAS,IAAI,MAAA,CAAO,MAAA;AAC1B,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AACvC,EAAA,MAAM,qBAAA,GAAwB,IAAI,MAAA,CAAO,qBAAA;AAEzC,EAAA,IAAI,CAAC,UAAA,EAAY;AAEf,IAAA,OAAO,IAAA,EAAK;AAAA,EACd;AAEA,EAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,EAAA,MAAM,SAAS,GAAA,CAAI,MAAA;AACnB,EAAA,MAAM,YAAY,CAAC,IAAA,KAAiB,IAAI,OAAA,CAAQ,IAAA,CAAK,aAAa,CAAA;AAElE,EAAA,IAAIA,2BAAA,CAAuB,IAAA,EAAM,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAA,EAAG;AAE/D,IAAA,OAAO,IAAA,EAAK;AAAA,EACd;AAEA,EAAA,IAAI,CAACC,qBAAgB,GAAA,CAAI,IAAA,EAAM,IAAI,MAAA,EAAQ,UAAA,EAAY,qBAAqB,CAAA,EAAG;AAC7E,IAAA,OAAO,IAAA,EAAK;AAAA,EACd;AAGA,EAAA,IAAIC,uBAAkB,GAAA,CAAI,IAAA,EAAM,GAAA,CAAI,MAAA,EAAQ,UAAU,CAAA,EAAG;AACvD,IAAA,OAAO,IAAA,EAAK;AAAA,EACd;AAGA,EAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,aAAA;AAC/B,EAAA,IAAI,QAAuB,UAAA,GAAa,UAAA,CAAW,OAAA,CAAQ,SAAA,EAAW,EAAE,CAAA,GAAI,IAAA;AAE5E,EAAA,IAAI,CAAC,KAAA,IAAS,GAAA,CAAI,KAAA,CAAM,MAAA,EAAQ;AAC9B,IAAA,KAAA,GAAS,GAAA,CAAI,MAAM,MAAA,IAAqB,IAAA;AAAA,EAC1C;AAGA,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA;AAAA,EAClE;AAEA,EAAA,IAAI;AAEF,IAAA,IAAI,IAAA;AAGJ,IAAA,IAAI,OAAO,UAAA,CAAW,iBAAA,KAAsB,UAAA,EAAY;AAItD,MAAA,IAAA,GAAO,MAAM,UAAA,CAAW,iBAAA,CAAkB,KAAA,EAAO,GAAU,CAAA;AAAA,IAC7D,CAAA,MAAO;AACL,MAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,IAC3D;AAEA,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,IACnE;AAGA,IAAA,GAAA,CAAI,MAAA,CAAO,cAAA,CAAe,GAAA,CAAI,MAAA,EAAQ,IAAI,CAAA;AAE1C,IAAA,OAAO,IAAA,EAAK;AAAA,EACd,SAAS,GAAA,EAAK;AACZ,IAAA,OAAA,CAAQ,MAAM,GAAG,CAAA;AACjB,IAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,4BAA4B,CAAA;AAAA,EACnE;AACF,CAAA;AAEO,IAAM,uBAAA,GAA0B,OAAO,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAChG,EAAA,MAAM,MAAA,GAAS,IAAI,MAAA,CAAO,MAAA;AAC1B,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AACvC,EAAA,MAAM,qBAAA,GAAwB,IAAI,MAAA,CAAO,qBAAA;AAEzC,EAAA,IAAI,CAAC,UAAA,EAAY;AAEf,IAAA,OAAO,IAAA,EAAK;AAAA,EACd;AAEA,EAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,EAAA,MAAM,SAAS,GAAA,CAAI,MAAA;AACnB,EAAA,MAAM,YAAY,CAAC,IAAA,KAAiB,IAAI,OAAA,CAAQ,IAAA,CAAK,aAAa,CAAA;AAElE,EAAA,IAAIF,2BAAA,CAAuB,IAAA,EAAM,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAA,EAAG;AAE/D,IAAA,OAAO,IAAA,EAAK;AAAA,EACd;AAEA,EAAA,IAAI,CAACC,qBAAgB,GAAA,CAAI,IAAA,EAAM,IAAI,MAAA,EAAQ,UAAA,EAAY,qBAAqB,CAAA,EAAG;AAC7E,IAAA,OAAO,IAAA,EAAK;AAAA,EACd;AAGA,EAAA,IAAIC,sBAAA,CAAkB,IAAA,EAAM,MAAA,EAAQ,UAAU,CAAA,EAAG;AAC/C,IAAA,OAAO,IAAA,EAAK;AAAA,EACd;AAEA,EAAA,MAAM,IAAA,GAAO,GAAA,CAAI,MAAA,CAAO,cAAA,CAAe,IAAI,MAAM,CAAA;AAEjD,EAAA,IAAI,eAAA,IAAmB,UAAA,IAAc,OAAO,UAAA,CAAW,kBAAkB,UAAA,EAAY;AACnF,IAAA,IAAI;AACF,MAAA,MAAM,YAAA,GAAe,MAAM,UAAA,CAAW,aAAA,CAAc,MAAM,GAAU,CAAA;AAEpE,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,OAAO,IAAA,EAAK;AAAA,MACd;AAEA,MAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,IACxD,SAAS,GAAA,EAAK;AACZ,MAAA,OAAA,CAAQ,MAAM,GAAG,CAAA;AACjB,MAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,uBAAuB,CAAA;AAAA,IAC9D;AAAA,EACF;AAGA,EAAA,IAAI,WAAA,IAAe,UAAA,IAAc,OAAO,UAAA,CAAW,cAAc,UAAA,EAAY;AAC3E,IAAA,IAAI;AAGF,MAAA,MAAM,OAAA,GAAU;AAAA,QACd,GAAA,EAAK,CAAC,GAAA,KAAgB;AACpB,UAAA,IAAI,GAAA,KAAQ,QAAA,EAAU,OAAO,GAAA,CAAI,MAAA,CAAO,MAAA;AACxC,UAAA,IAAI,GAAA,KAAQ,gBAAA,EAAkB,OAAO,GAAA,CAAI,MAAA,CAAO,cAAA;AAChD,UAAA,IAAI,GAAA,KAAQ,OAAA,EAAS,OAAO,GAAA,CAAI,MAAA,CAAO,KAAA;AACvC,UAAA,IAAI,GAAA,KAAQ,WAAA,EAAa,OAAO,GAAA,CAAI,MAAA,CAAO,SAAA;AAC3C,UAAA,IAAI,GAAA,KAAQ,uBAAA,EAAyB,OAAO,GAAA,CAAI,MAAA,CAAO,qBAAA;AACvD,UAAA,OAAO,MAAA;AAAA,QACT,CAAA;AAAA,QACA;AAAA,OACF;AAEA,MAAA,MAAM,eAAe,MAAM,UAAA,CAAW,UAAU,IAAA,EAAM,MAAA,EAAQ,MAAM,OAAO,CAAA;AAE3E,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,OAAO,IAAA,EAAK;AAAA,MACd;AAEA,MAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,IACxD,SAAS,GAAA,EAAK;AACZ,MAAA,OAAA,CAAQ,MAAM,GAAG,CAAA;AACjB,MAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,uBAAuB,CAAA;AAAA,IAC9D;AAAA,EACF;AAGA,EAAA,IAAI,WAAW,UAAA,IAAc,UAAA,CAAW,SAAS,UAAA,CAAW,KAAA,CAAM,SAAS,CAAA,EAAG;AAC5E,IAAA,MAAM,eAAe,MAAMC,eAAA,CAAW,WAAW,KAAA,EAAO,IAAA,EAAM,QAAQ,IAAI,CAAA;AAE1E,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO,IAAA,EAAK;AAAA,IACd;AAEA,IAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACxD;AAGA,EAAA,IAAIC,sBAAA,CAAkB,KAAA,IAASA,sBAAA,CAAkB,KAAA,CAAM,SAAS,CAAA,EAAG;AACjE,IAAA,MAAM,eAAe,MAAMD,eAAA,CAAWC,uBAAkB,KAAA,EAAO,IAAA,EAAM,QAAQ,IAAI,CAAA;AAEjF,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO,IAAA,EAAK;AAAA,IACd;AAAA,EACF;AAEA,EAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,iBAAiB,CAAA;AACxD,CAAA;;;ACrJO,IAAM,YAAA,GAAN,cAA2BC,0BAAA,CAAiD;AAAA,EACjF,uBAAA,GAA8F;AAC5F,IAAA,OAAO,OAAO,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAEhE,MAAA,IAAI,kBAAA;AACJ,MAAA,IAAI,oBAAA;AAGJ,MAAA,IAAI,GAAA,CAAI,MAAA,KAAW,MAAA,IAAU,GAAA,CAAI,WAAW,KAAA,EAAO;AACjD,QAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,cAAc,CAAA;AAC9C,QAAA,IAAI,WAAA,EAAa,QAAA,CAAS,kBAAkB,CAAA,IAAK,IAAI,IAAA,EAAM;AACzD,UAAA,IAAI,GAAA,CAAI,KAAK,cAAA,EAAgB;AAC3B,YAAA,kBAAA,GAAqB,IAAI,IAAA,CAAK,cAAA;AAAA,UAChC;AAAA,QACF;AAAA,MACF;AAGA,MAAA,IAAI,GAAA,CAAI,WAAW,KAAA,EAAO;AACxB,QAAA,IAAI;AACF,UAAA,MAAM,qBAAA,GAAwB,IAAI,KAAA,CAAM,cAAA;AACxC,UAAA,IAAI,OAAO,0BAA0B,QAAA,EAAU;AAE7C,YAAA,IAAI;AACF,cAAA,oBAAA,GAAuB,IAAA,CAAK,MAAM,qBAAqB,CAAA;AAAA,YACzD,CAAA,CAAA,MAAQ;AAEN,cAAA,IAAI;AACF,gBAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,uBAAuB,QAAQ,CAAA,CAAE,SAAS,OAAO,CAAA;AAC1E,gBAAA,oBAAA,GAAuB,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,cACxC,CAAA,CAAA,MAAQ;AAAA,cAER;AAAA,YACF;AAAA,UACF;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,MAAM,iBAAiB,IAAA,CAAK,mBAAA,CAAoB,EAAE,oBAAA,EAAsB,oBAAoB,CAAA;AAG5F,MAAA,GAAA,CAAI,OAAO,cAAA,GAAiB,cAAA;AAC5B,MAAA,GAAA,CAAI,MAAA,CAAO,SAAS,IAAA,CAAK,MAAA;AACzB,MAAA,GAAA,CAAI,MAAA,CAAO,KAAA,GAAQ,IAAA,CAAK,KAAA,IAAS,EAAC;AAClC,MAAA,IAAI,KAAK,SAAA,EAAW;AAClB,QAAA,GAAA,CAAI,MAAA,CAAO,YAAY,IAAA,CAAK,SAAA;AAAA,MAC9B;AACA,MAAA,GAAA,CAAI,MAAA,CAAO,wBAAwB,IAAA,CAAK,qBAAA;AACxC,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AAKvC,MAAA,GAAA,CAAI,EAAA,CAAG,SAAS,MAAM;AAEpB,QAAA,IAAI,CAAC,IAAI,gBAAA,EAAkB;AACzB,UAAA,UAAA,CAAW,KAAA,EAAM;AAAA,QACnB;AAAA,MACF,CAAC,CAAA;AACD,MAAA,GAAA,CAAI,MAAA,CAAO,cAAc,UAAA,CAAW,MAAA;AACpC,MAAA,IAAA,EAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EACA,MAAM,MAAA,CAAO,KAAA,EAAoB,GAAA,EAAe,MAAA,EAAuD;AACrG,IAAA,GAAA,CAAI,SAAA,CAAU,gBAAgB,YAAY,CAAA;AAC1C,IAAA,GAAA,CAAI,SAAA,CAAU,qBAAqB,SAAS,CAAA;AAE5C,IAAA,MAAM,YAAA,GAAe,MAAM,YAAA,IAAgB,QAAA;AAE3C,IAAA,MAAM,cAAA,GAAiB,MAAA,YAAkB,cAAA,GAAiB,MAAA,GAAS,MAAA,CAAO,UAAA;AAC1E,IAAA,MAAM,MAAA,GAAS,eAAe,SAAA,EAAU;AAExC,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,EAAM;AACX,QAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,OAAO,IAAA,EAAK;AAC1C,QAAA,IAAI,IAAA,EAAM;AAEV,QAAA,IAAI,KAAA,EAAO;AAET,UAAA,MAAM,YAAA,GAAe,IAAA,CAAK,aAAA,EAAe,MAAA,IAAU,IAAA;AACnD,UAAA,MAAM,WAAA,GAAc,YAAA,GAAeC,+BAAA,CAAkB,KAAK,CAAA,GAAI,KAAA;AAC9D,UAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,YAAA,GAAA,CAAI,KAAA,CAAM,CAAA,MAAA,EAAS,IAAA,CAAK,SAAA,CAAU,WAAW,CAAC;;AAAA,CAAM,CAAA;AAAA,UACtD,CAAA,MAAO;AACL,YAAA,GAAA,CAAI,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,WAAW,IAAI,GAAM,CAAA;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,MAAM,KAAK,CAAA;AAAA,IACrB,CAAA,SAAE;AACA,MAAA,GAAA,CAAI,GAAA,EAAI;AAAA,IACV;AAAA,EACF;AAAA,EAEA,MAAM,SAAA,CACJ,KAAA,EACA,OAAA,EACoG;AACpG,IAAA,MAAM,YAAY,OAAA,CAAQ,MAAA;AAC1B,IAAA,MAAM,cAAc,OAAA,CAAQ,KAAA;AAC5B,IAAA,MAAM,IAAA,GAAO,MAAM,OAAA,CAAQ,IAAA;AAC3B,IAAA,OAAO,EAAE,SAAA,EAAW,WAAA,EAAoD,IAAA,EAAK;AAAA,EAC/E;AAAA,EAEA,MAAM,YAAA,CAAa,KAAA,EAAoB,QAAA,EAAoB,QAAiB,OAAA,EAAkC;AAC5G,IAAA,IAAI,KAAA,CAAM,iBAAiB,MAAA,EAAQ;AACjC,MAAA,QAAA,CAAS,KAAK,MAAM,CAAA;AAAA,IACtB,CAAA,MAAA,IAAW,KAAA,CAAM,YAAA,KAAiB,QAAA,EAAU;AAC1C,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,QAAA,EAAU,MAAwC,CAAA;AAAA,IAC7E,CAAA,MAAA,IAAW,KAAA,CAAM,YAAA,KAAiB,qBAAA,EAAuB;AAEvD,MAAA,MAAM,aAAA,GAAgB,MAAA;AACtB,MAAA,aAAA,CAAc,OAAA,CAAQ,QAAQ,CAAC,KAAA,EAAO,QAAQ,QAAA,CAAS,SAAA,CAAU,GAAA,EAAK,KAAK,CAAC,CAAA;AAC5E,MAAA,QAAA,CAAS,MAAA,CAAO,cAAc,MAAM,CAAA;AACpC,MAAA,IAAI,cAAc,IAAA,EAAM;AACtB,QAAA,MAAM,MAAA,GAAS,aAAA,CAAc,IAAA,CAAK,SAAA,EAAU;AAC5C,QAAA,IAAI;AACF,UAAA,OAAO,IAAA,EAAM;AACX,YAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,OAAO,IAAA,EAAK;AAC1C,YAAA,IAAI,IAAA,EAAM;AACV,YAAA,QAAA,CAAS,MAAM,KAAK,CAAA;AAAA,UACtB;AAAA,QACF,CAAA,SAAE;AACA,UAAA,QAAA,CAAS,GAAA,EAAI;AAAA,QACf;AAAA,MACF,CAAA,MAAO;AACL,QAAA,QAAA,CAAS,GAAA,EAAI;AAAA,MACf;AAAA,IACF,CAAA,MAAA,IAAW,KAAA,CAAM,YAAA,KAAiB,UAAA,EAAY;AAE5C,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,QAAA,CAAS,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,6CAA6C,CAAA;AAChF,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,EAAE,MAAA,EAAQ,QAAA,EAAS,GAAI,MAAA;AAE7B,MAAA,IAAI;AACF,QAAA,MAAM,OAAO,SAAA,CAAU;AAAA,UACrB,GAAA,EAAK,IAAI,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA,OAAA,EAAU,OAAA,CAAQ,OAAA,CAAQ,IAAI,CAAA,CAAE,CAAA;AAAA,UAC1D,QAAA;AAAA,UACA,GAAA,EAAK,OAAA;AAAA,UACL,GAAA,EAAK;AAAA,SACN,CAAA;AAAA,MAEH,CAAA,CAAA,MAAQ;AACN,QAAA,IAAI,CAAC,SAAS,WAAA,EAAa;AACzB,UAAA,QAAA,CAAS,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,YACxB,OAAA,EAAS,KAAA;AAAA,YACT,KAAA,EAAO,EAAE,IAAA,EAAM,MAAA,EAAQ,SAAS,uBAAA,EAAwB;AAAA,YACxD,EAAA,EAAI;AAAA,WACL,CAAA;AAAA,QACH;AAAA,MACF;AAAA,IACF,CAAA,MAAA,IAAW,KAAA,CAAM,YAAA,KAAiB,SAAA,EAAW;AAE3C,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,QAAA,CAAS,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,6CAA6C,CAAA;AAChF,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAA,EAAY,GAAI,MAAA;AAEzC,MAAA,IAAI;AACF,QAAA,MAAM,OAAO,QAAA,CAAS;AAAA,UACpB,GAAA,EAAK,IAAI,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA,OAAA,EAAU,OAAA,CAAQ,OAAA,CAAQ,IAAI,CAAA,CAAE,CAAA;AAAA,UAC1D,OAAA;AAAA,UACA,WAAA;AAAA,UACA,GAAA,EAAK,OAAA;AAAA,UACL,GAAA,EAAK;AAAA,SACN,CAAA;AAAA,MAEH,CAAA,CAAA,MAAQ;AACN,QAAA,IAAI,CAAC,SAAS,WAAA,EAAa;AACzB,UAAA,QAAA,CAAS,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,kCAAkC,CAAA;AAAA,QACvE;AAAA,MACF;AAAA,IACF,CAAA,MAAO;AACL,MAAA,QAAA,CAAS,WAAW,GAAG,CAAA;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAM,aAAA,CAAc,GAAA,EAAkB,KAAA,EAAoB,EAAE,QAAO,EAAuC;AAExG,IAAA,MAAM,oBAAA,GAAuB,IAAA,CAAK,gBAAA,IAAoB,CAAC,MAAA,EAAQ,KAAA,EAAO,OAAO,CAAA,CAAE,QAAA,CAAS,KAAA,CAAM,MAAA,CAAO,WAAA,EAAa,CAAA;AAGlH,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,WAAA,IAAe,IAAA,CAAK,gBAAA,EAAkB,OAAA;AAG5D,IAAA,MAAM,cAAgF,EAAC;AAGvF,IAAA,IAAI,oBAAA,IAAwB,OAAA,IAAW,IAAA,CAAK,gBAAA,EAAkB;AAC5D,MAAA,MAAM,mBAAA,GAAsB,CAAC,GAAA,EAAc,GAAA,EAAe,IAAA,KAAuB;AAC/E,QAAA,MAAM,aAAA,GAAgB,GAAA,CAAI,OAAA,CAAQ,gBAAgB,CAAA;AAClD,QAAA,IAAI,aAAA,IAAiB,QAAA,CAAS,aAAA,EAAe,EAAE,IAAI,OAAA,EAAS;AAC1D,UAAA,IAAI;AACF,YAAA,MAAM,gBAAgB,IAAA,CAAK,gBAAA,CAAkB,QAAQ,EAAE,KAAA,EAAO,0BAA0B,CAAA;AACxF,YAAA,OAAO,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,KAAK,aAAa,CAAA;AAAA,UAC3C,CAAA,CAAA,MAAQ;AACN,YAAA,OAAO,GAAA,CAAI,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,0BAA0B,CAAA;AAAA,UACjE;AAAA,QACF;AACA,QAAA,IAAA,EAAK;AAAA,MACP,CAAA;AACA,MAAA,WAAA,CAAY,KAAK,mBAAmB,CAAA;AAAA,IACtC;AAEA,IAAA,GAAA,CAAI,KAAA,CAAM,MAAA,CAAO,WAAA,EAAkC,CAAA;AAAA,MACjD,CAAA,EAAG,MAAM,CAAA,EAAG,KAAA,CAAM,IAAI,CAAA,CAAA;AAAA,MACtB,GAAG,WAAA;AAAA,MACH,OAAO,KAAc,GAAA,KAAkB;AACrC,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAE9C,QAAA,IAAI,OAAO,WAAA,EAAa;AACtB,UAAA,IAAI;AACF,YAAA,MAAA,CAAO,cAAc,MAAM,IAAA,CAAK,gBAAA,CAAiB,KAAA,EAAO,OAAO,WAAqC,CAAA;AAAA,UACtG,SAAS,KAAA,EAAO;AACd,YAAA,OAAA,CAAQ,KAAA,CAAM,8BAA8B,KAAK,CAAA;AAEjD,YAAA,OAAO,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,cAC1B,KAAA,EAAO,0BAAA;AAAA,cACP,OAAA,EAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,aACnD,CAAA;AAAA,UACH;AAAA,QACF;AAEA,QAAA,IAAI,OAAO,IAAA,EAAM;AACf,UAAA,IAAI;AACF,YAAA,MAAA,CAAO,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,KAAA,EAAO,OAAO,IAAI,CAAA;AAAA,UACvD,SAAS,KAAA,EAAO;AACd,YAAA,OAAA,CAAQ,KAAA,CAAM,uBAAuB,KAAA,YAAiB,KAAA,GAAQ,MAAM,OAAA,GAAU,MAAA,CAAO,KAAK,CAAC,CAAA;AAE3F,YAAA,OAAO,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,cAC1B,KAAA,EAAO,sBAAA;AAAA,cACP,OAAA,EAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,aACnD,CAAA;AAAA,UACH;AAAA,QACF;AAEA,QAAA,MAAM,aAAA,GAAgB;AAAA,UACpB,GAAG,MAAA,CAAO,SAAA;AAAA,UACV,GAAG,MAAA,CAAO,WAAA;AAAA,UACV,GAAI,OAAO,MAAA,CAAO,SAAS,QAAA,GAAW,MAAA,CAAO,OAAO,EAAC;AAAA,UACrD,cAAA,EAAgB,IAAI,MAAA,CAAO,cAAA;AAAA,UAC3B,QAAQ,IAAA,CAAK,MAAA;AAAA,UACb,KAAA,EAAO,IAAI,MAAA,CAAO,KAAA;AAAA,UAClB,SAAA,EAAW,IAAI,MAAA,CAAO,SAAA;AAAA,UACtB,WAAA,EAAa,IAAI,MAAA,CAAO;AAAA,SAC1B;AAEA,QAAA,IAAI;AACF,UAAA,MAAM,MAAA,GAAS,MAAM,KAAA,CAAM,OAAA,CAAQ,aAAa,CAAA;AAChD,UAAA,MAAM,IAAA,CAAK,YAAA,CAAa,KAAA,EAAO,GAAA,EAAK,QAAQ,GAAG,CAAA;AAAA,QACjD,SAAS,KAAA,EAAO;AACd,UAAA,OAAA,CAAQ,KAAA,CAAM,yBAAyB,KAAK,CAAA;AAE5C,UAAA,IAAI,MAAA,GAAS,GAAA;AACb,UAAA,IAAI,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AAEtC,YAAA,IAAI,YAAY,KAAA,EAAO;AACrB,cAAA,MAAA,GAAU,KAAA,CAAc,MAAA;AAAA,YAC1B,CAAA,MAAA,IAGE,SAAA,IAAa,KAAA,IACb,KAAA,CAAM,OAAA,IACN,OAAO,KAAA,CAAM,OAAA,KAAY,QAAA,IACzB,QAAA,IAAY,KAAA,CAAM,OAAA,EAClB;AACA,cAAA,MAAA,GAAU,MAAM,OAAA,CAAgB,MAAA;AAAA,YAClC;AAAA,UACF;AACA,UAAA,GAAA,CAAI,MAAA,CAAO,MAAM,CAAA,CAAE,IAAA,CAAK,EAAE,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,eAAA,EAAiB,CAAA;AAAA,QAC7F;AAAA,MACF;AAAA,KACF;AAAA,EACF;AAAA,EAEA,yBAAA,GAAkC;AAChC,IAAA,IAAA,CAAK,GAAA,CAAI,GAAA,CAAI,IAAA,CAAK,uBAAA,EAAyB,CAAA;AAAA,EAC7C;AAAA,EAEA,sBAAA,GAA+B;AAC7B,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,MAAA,CAAO,SAAA,EAAU,EAAG,IAAA;AAC5C,IAAA,IAAI,CAAC,UAAA,EAAY;AAEf,MAAA;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,GAAA,CAAI,IAAI,wBAAwB,CAAA;AACrC,IAAA,IAAA,CAAK,GAAA,CAAI,IAAI,uBAAuB,CAAA;AAAA,EACtC;AACF","file":"index.cjs","sourcesContent":["import {\n canAccessPublicly,\n checkRules,\n defaultAuthConfig,\n isDevPlaygroundRequest,\n isProtectedPath,\n} from '@mastra/server/auth';\nimport type { NextFunction, Request, Response } from 'express';\n\nexport const authenticationMiddleware = async (req: Request, res: Response, next: NextFunction) => {\n const mastra = res.locals.mastra;\n const authConfig = mastra.getServer()?.auth;\n const customRouteAuthConfig = res.locals.customRouteAuthConfig;\n\n if (!authConfig) {\n // No auth config, skip authentication\n return next();\n }\n\n const path = req.path;\n const method = req.method;\n const getHeader = (name: string) => req.headers[name.toLowerCase()] as string | undefined;\n\n if (isDevPlaygroundRequest(path, method, getHeader, authConfig)) {\n // Skip authentication for dev playground requests\n return next();\n }\n\n if (!isProtectedPath(req.path, req.method, authConfig, customRouteAuthConfig)) {\n return next();\n }\n\n // Skip authentication for public routes\n if (canAccessPublicly(req.path, req.method, authConfig)) {\n return next();\n }\n\n // Get token from header or query\n const authHeader = req.headers.authorization;\n let token: string | null = authHeader ? authHeader.replace('Bearer ', '') : null;\n\n if (!token && req.query.apiKey) {\n token = (req.query.apiKey as string) || null;\n }\n\n // Handle missing token\n if (!token) {\n return res.status(401).json({ error: 'Authentication required' });\n }\n\n try {\n // Verify token and get user data\n let user: unknown;\n\n // Client provided verify function\n if (typeof authConfig.authenticateToken === 'function') {\n // Note: Express doesn't have HonoRequest, so we pass the Express Request\n // The auth config function signature accepts HonoRequest, but in practice\n // it should work with any request object that has the necessary properties\n user = await authConfig.authenticateToken(token, req as any);\n } else {\n throw new Error('No token verification method configured');\n }\n\n if (!user) {\n return res.status(401).json({ error: 'Invalid or expired token' });\n }\n\n // Store user in context\n res.locals.requestContext.set('user', user);\n\n return next();\n } catch (err) {\n console.error(err);\n return res.status(401).json({ error: 'Invalid or expired token' });\n }\n};\n\nexport const authorizationMiddleware = async (req: Request, res: Response, next: NextFunction) => {\n const mastra = res.locals.mastra;\n const authConfig = mastra.getServer()?.auth;\n const customRouteAuthConfig = res.locals.customRouteAuthConfig;\n\n if (!authConfig) {\n // No auth config, skip authorization\n return next();\n }\n\n const path = req.path;\n const method = req.method;\n const getHeader = (name: string) => req.headers[name.toLowerCase()] as string | undefined;\n\n if (isDevPlaygroundRequest(path, method, getHeader, authConfig)) {\n // Skip authorization for dev playground requests\n return next();\n }\n\n if (!isProtectedPath(req.path, req.method, authConfig, customRouteAuthConfig)) {\n return next();\n }\n\n // Skip for public routes\n if (canAccessPublicly(path, method, authConfig)) {\n return next();\n }\n\n const user = res.locals.requestContext.get('user');\n\n if ('authorizeUser' in authConfig && typeof authConfig.authorizeUser === 'function') {\n try {\n const isAuthorized = await authConfig.authorizeUser(user, req as any);\n\n if (isAuthorized) {\n return next();\n }\n\n return res.status(403).json({ error: 'Access denied' });\n } catch (err) {\n console.error(err);\n return res.status(500).json({ error: 'Authorization error' });\n }\n }\n\n // Client-provided authorization function\n if ('authorize' in authConfig && typeof authConfig.authorize === 'function') {\n try {\n // Note: The authorize function signature expects ContextWithMastra as 4th param\n // For Express, we pass a compatible object with similar structure\n const context = {\n get: (key: string) => {\n if (key === 'mastra') return res.locals.mastra;\n if (key === 'requestContext') return res.locals.requestContext;\n if (key === 'tools') return res.locals.tools;\n if (key === 'taskStore') return res.locals.taskStore;\n if (key === 'customRouteAuthConfig') return res.locals.customRouteAuthConfig;\n return undefined;\n },\n req: req as any,\n } as any;\n\n const isAuthorized = await authConfig.authorize(path, method, user, context);\n\n if (isAuthorized) {\n return next();\n }\n\n return res.status(403).json({ error: 'Access denied' });\n } catch (err) {\n console.error(err);\n return res.status(500).json({ error: 'Authorization error' });\n }\n }\n\n // Custom rule-based authorization\n if ('rules' in authConfig && authConfig.rules && authConfig.rules.length > 0) {\n const isAuthorized = await checkRules(authConfig.rules, path, method, user);\n\n if (isAuthorized) {\n return next();\n }\n\n return res.status(403).json({ error: 'Access denied' });\n }\n\n // Default rule-based authorization\n if (defaultAuthConfig.rules && defaultAuthConfig.rules.length > 0) {\n const isAuthorized = await checkRules(defaultAuthConfig.rules, path, method, user);\n\n if (isAuthorized) {\n return next();\n }\n }\n\n return res.status(403).json({ error: 'Access denied' });\n};\n","import type { Mastra } from '@mastra/core/mastra';\nimport type { RequestContext } from '@mastra/core/request-context';\nimport type { Tool } from '@mastra/core/tools';\nimport type { InMemoryTaskStore } from '@mastra/server/a2a/store';\nimport type { MCPHttpTransportResult, MCPSseTransportResult } from '@mastra/server/handlers/mcp';\nimport type { ServerRoute } from '@mastra/server/server-adapter';\nimport { MastraServer as MastraServerBase, redactStreamChunk } from '@mastra/server/server-adapter';\nimport type { Application, NextFunction, Request, Response } from 'express';\n\nimport { authenticationMiddleware, authorizationMiddleware } from './auth-middleware';\n\n// Extend Express types to include Mastra context\ndeclare global {\n namespace Express {\n interface Locals {\n mastra: Mastra;\n requestContext: RequestContext;\n abortSignal: AbortSignal;\n tools: Record<string, Tool>;\n taskStore: InMemoryTaskStore;\n customRouteAuthConfig?: Map<string, boolean>;\n }\n }\n}\n\nexport class MastraServer extends MastraServerBase<Application, Request, Response> {\n createContextMiddleware(): (req: Request, res: Response, next: NextFunction) => Promise<void> {\n return async (req: Request, res: Response, next: NextFunction) => {\n // Parse request context from request body and add to context\n let bodyRequestContext: Record<string, any> | undefined;\n let paramsRequestContext: Record<string, any> | undefined;\n\n // Parse request context from request body (POST/PUT)\n if (req.method === 'POST' || req.method === 'PUT') {\n const contentType = req.headers['content-type'];\n if (contentType?.includes('application/json') && req.body) {\n if (req.body.requestContext) {\n bodyRequestContext = req.body.requestContext;\n }\n }\n }\n\n // Parse request context from query params (GET)\n if (req.method === 'GET') {\n try {\n const encodedRequestContext = req.query.requestContext;\n if (typeof encodedRequestContext === 'string') {\n // Try JSON first\n try {\n paramsRequestContext = JSON.parse(encodedRequestContext);\n } catch {\n // Fallback to base64(JSON)\n try {\n const json = Buffer.from(encodedRequestContext, 'base64').toString('utf-8');\n paramsRequestContext = JSON.parse(json);\n } catch {\n // ignore if still invalid\n }\n }\n }\n } catch {\n // ignore query parsing errors\n }\n }\n\n const requestContext = this.mergeRequestContext({ paramsRequestContext, bodyRequestContext });\n\n // Set context in res.locals\n res.locals.requestContext = requestContext;\n res.locals.mastra = this.mastra;\n res.locals.tools = this.tools || {};\n if (this.taskStore) {\n res.locals.taskStore = this.taskStore;\n }\n res.locals.customRouteAuthConfig = this.customRouteAuthConfig;\n const controller = new AbortController();\n // Use res.on('close') instead of req.on('close') because the request's 'close' event\n // fires when the request body is fully consumed (e.g., after express.json() parses it),\n // NOT when the client disconnects. The response's 'close' event fires when the underlying\n // connection is actually closed, which is the correct signal for client disconnection.\n res.on('close', () => {\n // Only abort if the response wasn't successfully completed\n if (!res.writableFinished) {\n controller.abort();\n }\n });\n res.locals.abortSignal = controller.signal;\n next();\n };\n }\n async stream(route: ServerRoute, res: Response, result: { fullStream: ReadableStream }): Promise<void> {\n res.setHeader('Content-Type', 'text/plain');\n res.setHeader('Transfer-Encoding', 'chunked');\n\n const streamFormat = route.streamFormat || 'stream';\n\n const readableStream = result instanceof ReadableStream ? result : result.fullStream;\n const reader = readableStream.getReader();\n\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n\n if (value) {\n // Optionally redact sensitive data (system prompts, tool definitions, API keys) before sending to the client\n const shouldRedact = this.streamOptions?.redact ?? true;\n const outputValue = shouldRedact ? redactStreamChunk(value) : value;\n if (streamFormat === 'sse') {\n res.write(`data: ${JSON.stringify(outputValue)}\\n\\n`);\n } else {\n res.write(JSON.stringify(outputValue) + '\\x1E');\n }\n }\n }\n } catch (error) {\n console.error(error);\n } finally {\n res.end();\n }\n }\n\n async getParams(\n route: ServerRoute,\n request: Request,\n ): Promise<{ urlParams: Record<string, string>; queryParams: Record<string, string>; body: unknown }> {\n const urlParams = request.params;\n const queryParams = request.query;\n const body = await request.body;\n return { urlParams, queryParams: queryParams as Record<string, string>, body };\n }\n\n async sendResponse(route: ServerRoute, response: Response, result: unknown, request?: Request): Promise<void> {\n if (route.responseType === 'json') {\n response.json(result);\n } else if (route.responseType === 'stream') {\n await this.stream(route, response, result as { fullStream: ReadableStream });\n } else if (route.responseType === 'datastream-response') {\n // Handle AI SDK Response objects - pipe Response.body to Express response\n const fetchResponse = result as globalThis.Response;\n fetchResponse.headers.forEach((value, key) => response.setHeader(key, value));\n response.status(fetchResponse.status);\n if (fetchResponse.body) {\n const reader = fetchResponse.body.getReader();\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n response.write(value);\n }\n } finally {\n response.end();\n }\n } else {\n response.end();\n }\n } else if (route.responseType === 'mcp-http') {\n // MCP Streamable HTTP transport - request is required\n if (!request) {\n response.status(500).json({ error: 'Request object required for MCP transport' });\n return;\n }\n\n const { server, httpPath } = result as MCPHttpTransportResult;\n\n try {\n await server.startHTTP({\n url: new URL(request.url, `http://${request.headers.host}`),\n httpPath,\n req: request,\n res: response,\n });\n // Response handled by startHTTP\n } catch {\n if (!response.headersSent) {\n response.status(500).json({\n jsonrpc: '2.0',\n error: { code: -32603, message: 'Internal server error' },\n id: null,\n });\n }\n }\n } else if (route.responseType === 'mcp-sse') {\n // MCP SSE transport - request is required\n if (!request) {\n response.status(500).json({ error: 'Request object required for MCP transport' });\n return;\n }\n\n const { server, ssePath, messagePath } = result as MCPSseTransportResult;\n\n try {\n await server.startSSE({\n url: new URL(request.url, `http://${request.headers.host}`),\n ssePath,\n messagePath,\n req: request,\n res: response,\n });\n // Response handled by startSSE\n } catch {\n if (!response.headersSent) {\n response.status(500).json({ error: 'Error handling MCP SSE request' });\n }\n }\n } else {\n response.sendStatus(500);\n }\n }\n\n async registerRoute(app: Application, route: ServerRoute, { prefix }: { prefix?: string }): Promise<void> {\n // Determine if body limits should be applied\n const shouldApplyBodyLimit = this.bodyLimitOptions && ['POST', 'PUT', 'PATCH'].includes(route.method.toUpperCase());\n\n // Get the body size limit for this route (route-specific or default)\n const maxSize = route.maxBodySize ?? this.bodyLimitOptions?.maxSize;\n\n // Create middleware array\n const middlewares: Array<(req: Request, res: Response, next: NextFunction) => void> = [];\n\n // Add body limit middleware if needed\n if (shouldApplyBodyLimit && maxSize && this.bodyLimitOptions) {\n const bodyLimitMiddleware = (req: Request, res: Response, next: NextFunction) => {\n const contentLength = req.headers['content-length'];\n if (contentLength && parseInt(contentLength, 10) > maxSize) {\n try {\n const errorResponse = this.bodyLimitOptions!.onError({ error: 'Request body too large' });\n return res.status(413).json(errorResponse);\n } catch {\n return res.status(413).json({ error: 'Request body too large' });\n }\n }\n next();\n };\n middlewares.push(bodyLimitMiddleware);\n }\n\n app[route.method.toLowerCase() as keyof Application](\n `${prefix}${route.path}`,\n ...middlewares,\n async (req: Request, res: Response) => {\n const params = await this.getParams(route, req);\n\n if (params.queryParams) {\n try {\n params.queryParams = await this.parseQueryParams(route, params.queryParams as Record<string, string>);\n } catch (error) {\n console.error('Error parsing query params', error);\n // Zod validation errors should return 400 Bad Request, not 500\n return res.status(400).json({\n error: 'Invalid query parameters',\n details: error instanceof Error ? error.message : 'Unknown error',\n });\n }\n }\n\n if (params.body) {\n try {\n params.body = await this.parseBody(route, params.body);\n } catch (error) {\n console.error('Error parsing body:', error instanceof Error ? error.message : String(error));\n // Zod validation errors should return 400 Bad Request, not 500\n return res.status(400).json({\n error: 'Invalid request body',\n details: error instanceof Error ? error.message : 'Unknown error',\n });\n }\n }\n\n const handlerParams = {\n ...params.urlParams,\n ...params.queryParams,\n ...(typeof params.body === 'object' ? params.body : {}),\n requestContext: res.locals.requestContext,\n mastra: this.mastra,\n tools: res.locals.tools,\n taskStore: res.locals.taskStore,\n abortSignal: res.locals.abortSignal,\n };\n\n try {\n const result = await route.handler(handlerParams);\n await this.sendResponse(route, res, result, req);\n } catch (error) {\n console.error('Error calling handler', error);\n // Check if it's an HTTPException or MastraError with a status code\n let status = 500;\n if (error && typeof error === 'object') {\n // Check for direct status property (HTTPException)\n if ('status' in error) {\n status = (error as any).status;\n }\n // Check for MastraError with status in details\n else if (\n 'details' in error &&\n error.details &&\n typeof error.details === 'object' &&\n 'status' in error.details\n ) {\n status = (error.details as any).status;\n }\n }\n res.status(status).json({ error: error instanceof Error ? error.message : 'Unknown error' });\n }\n },\n );\n }\n\n registerContextMiddleware(): void {\n this.app.use(this.createContextMiddleware());\n }\n\n registerAuthMiddleware(): void {\n const authConfig = this.mastra.getServer()?.auth;\n if (!authConfig) {\n // No auth config, skip registration\n return;\n }\n\n this.app.use(authenticationMiddleware);\n this.app.use(authorizationMiddleware);\n }\n}\n"]}
package/dist/index.d.ts CHANGED
@@ -1,9 +1,9 @@
1
1
  import type { Mastra } from '@mastra/core/mastra';
2
2
  import type { RequestContext } from '@mastra/core/request-context';
3
3
  import type { Tool } from '@mastra/core/tools';
4
- import { InMemoryTaskStore } from '@mastra/server/a2a/store';
5
- import type { ServerRoute, BodyLimitOptions } from '@mastra/server/server-adapter';
6
- import { MastraServerAdapter } from '@mastra/server/server-adapter';
4
+ import type { InMemoryTaskStore } from '@mastra/server/a2a/store';
5
+ import type { ServerRoute } from '@mastra/server/server-adapter';
6
+ import { MastraServer as MastraServerBase } from '@mastra/server/server-adapter';
7
7
  import type { Application, NextFunction, Request, Response } from 'express';
8
8
  declare global {
9
9
  namespace Express {
@@ -14,25 +14,10 @@ declare global {
14
14
  tools: Record<string, Tool>;
15
15
  taskStore: InMemoryTaskStore;
16
16
  customRouteAuthConfig?: Map<string, boolean>;
17
- playground?: boolean;
18
- isDev?: boolean;
19
17
  }
20
18
  }
21
19
  }
22
- export declare class ExpressServerAdapter extends MastraServerAdapter<Application, Request, Response> {
23
- private taskStore;
24
- private customRouteAuthConfig?;
25
- private playground?;
26
- private isDev?;
27
- constructor({ mastra, tools, taskStore, customRouteAuthConfig, playground, isDev, bodyLimitOptions, }: {
28
- mastra: Mastra;
29
- tools?: Record<string, Tool>;
30
- taskStore?: InMemoryTaskStore;
31
- customRouteAuthConfig?: Map<string, boolean>;
32
- playground?: boolean;
33
- isDev?: boolean;
34
- bodyLimitOptions?: BodyLimitOptions;
35
- });
20
+ export declare class MastraServer extends MastraServerBase<Application, Request, Response> {
36
21
  createContextMiddleware(): (req: Request, res: Response, next: NextFunction) => Promise<void>;
37
22
  stream(route: ServerRoute, res: Response, result: {
38
23
  fullStream: ReadableStream;
@@ -42,14 +27,11 @@ export declare class ExpressServerAdapter extends MastraServerAdapter<Applicatio
42
27
  queryParams: Record<string, string>;
43
28
  body: unknown;
44
29
  }>;
45
- sendResponse(route: ServerRoute, response: Response, result: unknown): Promise<void>;
30
+ sendResponse(route: ServerRoute, response: Response, result: unknown, request?: Request): Promise<void>;
46
31
  registerRoute(app: Application, route: ServerRoute, { prefix }: {
47
32
  prefix?: string;
48
33
  }): Promise<void>;
49
- registerContextMiddleware(app: Application): void;
50
- registerRoutes(app: Application, { prefix, openapiPath }: {
51
- prefix?: string;
52
- openapiPath?: string;
53
- }): Promise<void>;
34
+ registerContextMiddleware(): void;
35
+ registerAuthMiddleware(): void;
54
36
  }
55
37
  //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACnF,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG5E,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,MAAM;YACd,MAAM,EAAE,MAAM,CAAC;YACf,cAAc,EAAE,cAAc,CAAC;YAC/B,WAAW,EAAE,WAAW,CAAC;YACzB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC5B,SAAS,EAAE,iBAAiB,CAAC;YAC7B,qBAAqB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC7C,UAAU,CAAC,EAAE,OAAO,CAAC;YACrB,KAAK,CAAC,EAAE,OAAO,CAAC;SACjB;KACF;CACF;AAED,qBAAa,oBAAqB,SAAQ,mBAAmB,CAAC,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC;IAC3F,OAAO,CAAC,SAAS,CAAoB;IACrC,OAAO,CAAC,qBAAqB,CAAC,CAAuB;IACrD,OAAO,CAAC,UAAU,CAAC,CAAU;IAC7B,OAAO,CAAC,KAAK,CAAC,CAAU;gBAEZ,EACV,MAAM,EACN,KAAK,EACL,SAAS,EACT,qBAAqB,EACrB,UAAU,EACV,KAAK,EACL,gBAAgB,GACjB,EAAE;QACD,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7B,SAAS,CAAC,EAAE,iBAAiB,CAAC;QAC9B,qBAAqB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC7C,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,KAAK,CAAC,EAAE,OAAO,CAAC;QAChB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;KACrC;IAQD,uBAAuB,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC;IAyDvF,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE;QAAE,UAAU,EAAE,cAAc,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA6BhG,SAAS,CACb,KAAK,EAAE,WAAW,EAClB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC;IAO/F,YAAY,CAAC,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IA6BpF,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAkGzG,yBAAyB,CAAC,GAAG,EAAE,WAAW,GAAG,IAAI;IAI3C,cAAc,CAClB,GAAG,EAAE,WAAW,EAChB,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,GACjE,OAAO,CAAC,IAAI,CAAC;CAGjB"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAElE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,YAAY,IAAI,gBAAgB,EAAqB,MAAM,+BAA+B,CAAC;AACpG,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAK5E,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,MAAM;YACd,MAAM,EAAE,MAAM,CAAC;YACf,cAAc,EAAE,cAAc,CAAC;YAC/B,WAAW,EAAE,WAAW,CAAC;YACzB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC5B,SAAS,EAAE,iBAAiB,CAAC;YAC7B,qBAAqB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SAC9C;KACF;CACF;AAED,qBAAa,YAAa,SAAQ,gBAAgB,CAAC,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC;IAChF,uBAAuB,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC;IAgEvF,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE;QAAE,UAAU,EAAE,cAAc,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAgChG,SAAS,CACb,KAAK,EAAE,WAAW,EAClB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC;IAO/F,YAAY,CAAC,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IA8EvG,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAkGzG,yBAAyB,IAAI,IAAI;IAIjC,sBAAsB,IAAI,IAAI;CAU/B"}