@mcp-abap-adt/auth-broker 0.1.0

package/dist/tokenStorage.js

@@ -0,0 +1,107 @@
+"use strict";
+/**
+ * Token storage - saves tokens to .env files
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.saveTokenToEnv = saveTokenToEnv;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/**
+ * Save token to {destination}.env file
+ * @param destination Destination name
+ * @param savePath Path where to save the file
+ * @param config Configuration to save
+ */
+async function saveTokenToEnv(destination, savePath, config) {
+    // Ensure directory exists
+    if (!fs.existsSync(savePath)) {
+        fs.mkdirSync(savePath, { recursive: true });
+    }
+    const envFilePath = path.join(savePath, `${destination}.env`);
+    const tempFilePath = `${envFilePath}.tmp`;
+    // Read existing .env file if it exists
+    let existingContent = '';
+    if (fs.existsSync(envFilePath)) {
+        existingContent = fs.readFileSync(envFilePath, 'utf8');
+    }
+    // Parse existing content to preserve other values
+    const lines = existingContent.split('\n');
+    const existingVars = new Map();
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#')) {
+            continue;
+        }
+        const match = trimmed.match(/^([^=]+)=(.*)$/);
+        if (match) {
+            const key = match[1].trim();
+            const value = match[2].trim().replace(/^["']|["']$/g, ''); // Remove quotes
+            existingVars.set(key, value);
+        }
+    }
+    // Update with new values
+    existingVars.set('SAP_URL', config.sapUrl);
+    existingVars.set('SAP_JWT_TOKEN', config.jwtToken);
+    if (config.sapClient) {
+        existingVars.set('SAP_CLIENT', config.sapClient);
+    }
+    if (config.refreshToken) {
+        existingVars.set('SAP_REFRESH_TOKEN', config.refreshToken);
+    }
+    if (config.uaaUrl) {
+        existingVars.set('SAP_UAA_URL', config.uaaUrl);
+    }
+    if (config.uaaClientId) {
+        existingVars.set('SAP_UAA_CLIENT_ID', config.uaaClientId);
+    }
+    if (config.uaaClientSecret) {
+        existingVars.set('SAP_UAA_CLIENT_SECRET', config.uaaClientSecret);
+    }
+    // Write to temporary file first (atomic write)
+    const envLines = [];
+    for (const [key, value] of existingVars.entries()) {
+        // Escape value if it contains spaces or special characters
+        const escapedValue = value.includes(' ') || value.includes('=') || value.includes('#')
+            ? `"${value.replace(/"/g, '\\"')}"`
+            : value;
+        envLines.push(`${key}=${escapedValue}`);
+    }
+    const envContent = envLines.join('\n') + '\n';
+    // Write to temp file
+    fs.writeFileSync(tempFilePath, envContent, 'utf8');
+    // Atomic rename
+    fs.renameSync(tempFilePath, envFilePath);
+}

package/dist/tokenValidator.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Token validator - validates JWT tokens by testing connection
+ */
+/**
+ * Validate JWT token by making a test request to SAP system
+ * @param token JWT token to validate
+ * @param sapUrl SAP system URL
+ * @returns true if token is valid, false if expired/invalid
+ */
+export declare function validateToken(token: string, sapUrl: string): Promise<boolean>;
+//# sourceMappingURL=tokenValidator.d.ts.map

package/dist/tokenValidator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenValidator.d.ts","sourceRoot":"","sources":["../src/tokenValidator.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CA0EnF"}

package/dist/tokenValidator.js

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * Token validator - validates JWT tokens by testing connection
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateToken = validateToken;
+const axios_1 = __importStar(require("axios"));
+/**
+ * Validate JWT token by making a test request to SAP system
+ * @param token JWT token to validate
+ * @param sapUrl SAP system URL
+ * @returns true if token is valid, false if expired/invalid
+ */
+async function validateToken(token, sapUrl) {
+    try {
+        // Make a lightweight request to test token validity
+        // Using /sap/bc/adt/core/discovery as it's a simple endpoint
+        const testUrl = `${sapUrl}/sap/bc/adt/core/discovery`;
+        const response = await axios_1.default.get(testUrl, {
+            headers: {
+                'Authorization': `Bearer ${token}`,
+                'Accept': 'application/xml',
+            },
+            timeout: 10000, // 10 second timeout
+            validateStatus: (status) => status < 500, // Don't throw on 4xx errors
+        });
+        // 200-299: Token is valid
+        if (response.status >= 200 && response.status < 300) {
+            return true;
+        }
+        // 401/403: Token expired or invalid (but distinguish from permission errors)
+        if (response.status === 401 || response.status === 403) {
+            const responseText = typeof response.data === 'string'
+                ? response.data
+                : JSON.stringify(response.data || '');
+            // Check if it's a permission error (not auth error)
+            if (responseText.includes('ExceptionResourceNoAccess') ||
+                responseText.includes('No authorization') ||
+                responseText.includes('Missing authorization')) {
+                // Permission error - token is valid but user doesn't have access
+                // We consider this as valid token
+                return true;
+            }
+            // Auth error - token expired or invalid
+            return false;
+        }
+        // Other errors - assume token is valid (might be network issues, etc.)
+        return true;
+    }
+    catch (error) {
+        if (error instanceof axios_1.AxiosError) {
+            // Network errors or timeouts - assume token might be valid
+            // (we don't want to invalidate tokens due to network issues)
+            if (error.code === 'ECONNABORTED' || error.code === 'ENOTFOUND' || error.code === 'ECONNREFUSED') {
+                // Network issue - assume token is valid
+                return true;
+            }
+            // 401/403 errors
+            if (error.response?.status === 401 || error.response?.status === 403) {
+                const responseText = typeof error.response.data === 'string'
+                    ? error.response.data
+                    : JSON.stringify(error.response.data || '');
+                // Check if it's a permission error
+                if (responseText.includes('ExceptionResourceNoAccess') ||
+                    responseText.includes('No authorization') ||
+                    responseText.includes('Missing authorization')) {
+                    return true;
+                }
+                return false;
+            }
+        }
+        // Unknown error - assume token is valid to avoid false negatives
+        return true;
+    }
+}

package/dist/types.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Type definitions for auth-broker package
+ */
+/**
+ * Environment configuration loaded from .env file
+ */
+export interface EnvConfig {
+    sapUrl: string;
+    sapClient?: string;
+    jwtToken: string;
+    refreshToken?: string;
+    uaaUrl?: string;
+    uaaClientId?: string;
+    uaaClientSecret?: string;
+    language?: string;
+}
+/**
+ * Service key structure from JSON file
+ */
+export interface ServiceKey {
+    url?: string;
+    abap?: {
+        url?: string;
+        client?: string;
+        language?: string;
+    };
+    sap_url?: string;
+    client?: string;
+    sap_client?: string;
+    language?: string;
+    uaa: {
+        url: string;
+        clientid: string;
+        clientsecret: string;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE;QACL,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE;QACH,GAAG,EAAE,MAAM,CAAC;QACZ,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH"}

package/dist/types.js

@@ -0,0 +1,5 @@
+"use strict";
+/**
+ * Type definitions for auth-broker package
+ */
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -0,0 +1,64 @@
+{
+  "name": "@mcp-abap-adt/auth-broker",
+  "version": "0.1.0",
+  "description": "JWT authentication broker for MCP ABAP ADT - manages tokens based on destination headers",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md",
+    "CHANGELOG.md",
+    "CONTRIBUTORS.md",
+    "LICENSE"
+  ],
+  "keywords": [
+    "abap",
+    "sap",
+    "adt",
+    "jwt",
+    "authentication",
+    "token",
+    "broker",
+    "mcp",
+    "abap-adt"
+  ],
+  "author": "Oleksii Kyslytsia <oleksij.kyslytsja@gmail.com>",
+  "license": "MIT",
+  "homepage": "https://github.com/fr0ster/mcp-abap-adt-auth-broker#readme",
+  "bugs": {
+    "url": "https://github.com/fr0ster/mcp-abap-adt-auth-broker/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/fr0ster/mcp-abap-adt-auth-broker.git"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "clean": "rm -rf dist tsconfig.tsbuildinfo",
+    "build": "npm run clean --silent && npx tsc -p tsconfig.json",
+    "build:fast": "npx tsc -p tsconfig.json",
+    "test": "NODE_OPTIONS=--experimental-vm-modules jest",
+    "test:check": "npx tsc --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "@mcp-abap-adt/connection": "^0.1.12",
+    "axios": "^1.11.0",
+    "dotenv": "^17.2.1",
+    "express": "^5.1.0",
+    "open": "^11.0.0"
+  },
+  "devDependencies": {
+    "@types/express": "^5.0.5",
+    "@types/jest": "^30.0.0",
+    "@types/node": "^24.2.1",
+    "jest": "^30.2.0",
+    "ts-jest": "^29.2.5",
+    "typescript": "^5.9.2"
+  }
+}