@mcp-abap-adt/auth-broker 0.1.4 → 0.1.6

package/dist/stores/FileSessionStore.js

@@ -1,116 +0,0 @@
-"use strict";
-/**
- * File-based implementation of SessionStore
- *
- * Reads/writes session data from/to {destination}.env files in search paths.
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.FileSessionStore = void 0;
-const envLoader_1 = require("../envLoader");
-const tokenStorage_1 = require("../tokenStorage");
-const pathResolver_1 = require("../pathResolver");
-/**
- * File-based session store implementation
- *
- * Searches for {destination}.env files in configured search paths.
- * Writes to first search path (highest priority).
- * Search paths priority:
- * 1. Constructor parameter (highest)
- * 2. AUTH_BROKER_PATH environment variable
- * 3. Current working directory (lowest)
- */
-class FileSessionStore {
-    searchPaths;
-    /**
-     * Create a new FileSessionStore instance
-     * @param searchPaths Optional search paths for .env files.
-     *                    Can be a single path (string) or array of paths.
-     *                    If not provided, uses AUTH_BROKER_PATH env var or current working directory.
-     */
-    constructor(searchPaths) {
-        this.searchPaths = (0, pathResolver_1.resolveSearchPaths)(searchPaths);
-    }
-    /**
-     * Load session configuration for destination
-     * @param destination Destination name (e.g., "TRIAL")
-     * @returns EnvConfig object or null if not found
-     */
-    async loadSession(destination) {
-        return (0, envLoader_1.loadEnvFile)(destination, this.searchPaths);
-    }
-    /**
-     * Save session configuration for destination
-     * @param destination Destination name (e.g., "TRIAL")
-     * @param config Session configuration to save
-     */
-    async saveSession(destination, config) {
-        // Save to first search path (highest priority)
-        const savePath = this.searchPaths[0];
-        // Convert EnvConfig to format expected by saveTokenToEnv
-        await (0, tokenStorage_1.saveTokenToEnv)(destination, savePath, {
-            sapUrl: config.sapUrl,
-            jwtToken: config.jwtToken,
-            refreshToken: config.refreshToken,
-            uaaUrl: config.uaaUrl,
-            uaaClientId: config.uaaClientId,
-            uaaClientSecret: config.uaaClientSecret,
-            sapClient: config.sapClient,
-            language: config.language,
-        });
-    }
-    /**
-     * Delete session for destination
-     * @param destination Destination name (e.g., "TRIAL")
-     */
-    async deleteSession(destination) {
-        // Find .env file in search paths
-        const fileName = `${destination}.env`;
-        const { findFileInPaths } = await Promise.resolve().then(() => __importStar(require('../pathResolver')));
-        const fs = await Promise.resolve().then(() => __importStar(require('fs')));
-        const envFilePath = findFileInPaths(fileName, this.searchPaths);
-        if (envFilePath && fs.existsSync(envFilePath)) {
-            fs.unlinkSync(envFilePath);
-        }
-    }
-    /**
-     * Get search paths (for error messages)
-     * @returns Array of search paths
-     */
-    getSearchPaths() {
-        return [...this.searchPaths];
-    }
-}
-exports.FileSessionStore = FileSessionStore;

package/dist/tokenRefresher.d.ts

@@ -1,17 +0,0 @@
-/**
- * Token refresher - refreshes JWT tokens using refresh token
- */
-export interface TokenRefreshResult {
-    accessToken: string;
-    refreshToken?: string;
-}
-/**
- * Refreshes the access token using refresh token
- * @param refreshToken Refresh token
- * @param uaaUrl UAA URL (e.g., https://your-account.authentication.eu10.hana.ondemand.com)
- * @param clientId UAA client ID
- * @param clientSecret UAA client secret
- * @returns Promise that resolves to new tokens
- */
-export declare function refreshJwtToken(refreshToken: string, uaaUrl: string, clientId: string, clientSecret: string): Promise<TokenRefreshResult>;
-//# sourceMappingURL=tokenRefresher.d.ts.map

package/dist/tokenRefresher.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tokenRefresher.d.ts","sourceRoot":"","sources":["../src/tokenRefresher.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;GAOG;AACH,wBAAsB,eAAe,CACnC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC,CAqC7B"}

package/dist/tokenRefresher.js

@@ -1,53 +0,0 @@
-"use strict";
-/**
- * Token refresher - refreshes JWT tokens using refresh token
- */
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.refreshJwtToken = refreshJwtToken;
-const axios_1 = __importDefault(require("axios"));
-/**
- * Refreshes the access token using refresh token
- * @param refreshToken Refresh token
- * @param uaaUrl UAA URL (e.g., https://your-account.authentication.eu10.hana.ondemand.com)
- * @param clientId UAA client ID
- * @param clientSecret UAA client secret
- * @returns Promise that resolves to new tokens
- */
-async function refreshJwtToken(refreshToken, uaaUrl, clientId, clientSecret) {
-    try {
-        const tokenUrl = `${uaaUrl}/oauth/token`;
-        const params = new URLSearchParams();
-        params.append('grant_type', 'refresh_token');
-        params.append('refresh_token', refreshToken);
-        const authString = Buffer.from(`${clientId}:${clientSecret}`).toString('base64');
-        const response = await (0, axios_1.default)({
-            method: 'post',
-            url: tokenUrl,
-            headers: {
-                Authorization: `Basic ${authString}`,
-                'Content-Type': 'application/x-www-form-urlencoded',
-            },
-            data: params.toString(),
-        });
-        if (response.data && response.data.access_token) {
-            return {
-                accessToken: response.data.access_token,
-                refreshToken: response.data.refresh_token || refreshToken, // Use new refresh token if provided, otherwise keep old one
-            };
-        }
-        else {
-            throw new Error('Response does not contain access_token');
-        }
-    }
-    catch (error) {
-        if (error.response) {
-            throw new Error(`Token refresh failed (${error.response.status}): ${JSON.stringify(error.response.data)}`);
-        }
-        else {
-            throw new Error(`Token refresh failed: ${error.message}`);
-        }
-    }
-}

package/dist/tokenStorage.d.ts

@@ -1,15 +0,0 @@
-/**
- * Token storage - saves tokens to .env files
- */
-import { EnvConfig } from './types';
-/**
- * Save token to {destination}.env file
- * @param destination Destination name
- * @param savePath Path where to save the file
- * @param config Configuration to save
- */
-export declare function saveTokenToEnv(destination: string, savePath: string, config: Partial<EnvConfig> & {
-    sapUrl: string;
-    jwtToken: string;
-}): Promise<void>;
-//# sourceMappingURL=tokenStorage.d.ts.map

package/dist/tokenStorage.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tokenStorage.d.ts","sourceRoot":"","sources":["../src/tokenStorage.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEpC;;;;;GAKG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAChE,OAAO,CAAC,IAAI,CAAC,CA0Ef"}

package/dist/tokenStorage.js

@@ -1,107 +0,0 @@
-"use strict";
-/**
- * Token storage - saves tokens to .env files
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.saveTokenToEnv = saveTokenToEnv;
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-/**
- * Save token to {destination}.env file
- * @param destination Destination name
- * @param savePath Path where to save the file
- * @param config Configuration to save
- */
-async function saveTokenToEnv(destination, savePath, config) {
-    // Ensure directory exists
-    if (!fs.existsSync(savePath)) {
-        fs.mkdirSync(savePath, { recursive: true });
-    }
-    const envFilePath = path.join(savePath, `${destination}.env`);
-    const tempFilePath = `${envFilePath}.tmp`;
-    // Read existing .env file if it exists
-    let existingContent = '';
-    if (fs.existsSync(envFilePath)) {
-        existingContent = fs.readFileSync(envFilePath, 'utf8');
-    }
-    // Parse existing content to preserve other values
-    const lines = existingContent.split('\n');
-    const existingVars = new Map();
-    for (const line of lines) {
-        const trimmed = line.trim();
-        if (!trimmed || trimmed.startsWith('#')) {
-            continue;
-        }
-        const match = trimmed.match(/^([^=]+)=(.*)$/);
-        if (match) {
-            const key = match[1].trim();
-            const value = match[2].trim().replace(/^["']|["']$/g, ''); // Remove quotes
-            existingVars.set(key, value);
-        }
-    }
-    // Update with new values
-    existingVars.set('SAP_URL', config.sapUrl);
-    existingVars.set('SAP_JWT_TOKEN', config.jwtToken);
-    if (config.sapClient) {
-        existingVars.set('SAP_CLIENT', config.sapClient);
-    }
-    if (config.refreshToken) {
-        existingVars.set('SAP_REFRESH_TOKEN', config.refreshToken);
-    }
-    if (config.uaaUrl) {
-        existingVars.set('SAP_UAA_URL', config.uaaUrl);
-    }
-    if (config.uaaClientId) {
-        existingVars.set('SAP_UAA_CLIENT_ID', config.uaaClientId);
-    }
-    if (config.uaaClientSecret) {
-        existingVars.set('SAP_UAA_CLIENT_SECRET', config.uaaClientSecret);
-    }
-    // Write to temporary file first (atomic write)
-    const envLines = [];
-    for (const [key, value] of existingVars.entries()) {
-        // Escape value if it contains spaces or special characters
-        const escapedValue = value.includes(' ') || value.includes('=') || value.includes('#')
-            ? `"${value.replace(/"/g, '\\"')}"`
-            : value;
-        envLines.push(`${key}=${escapedValue}`);
-    }
-    const envContent = envLines.join('\n') + '\n';
-    // Write to temp file
-    fs.writeFileSync(tempFilePath, envContent, 'utf8');
-    // Atomic rename
-    fs.renameSync(tempFilePath, envFilePath);
-}

package/dist/tokenValidator.d.ts

@@ -1,11 +0,0 @@
-/**
- * Token validator - validates JWT tokens by testing connection
- */
-/**
- * Validate JWT token by making a test request to SAP system
- * @param token JWT token to validate
- * @param sapUrl SAP system URL
- * @returns true if token is valid, false if expired/invalid
- */
-export declare function validateToken(token: string, sapUrl: string): Promise<boolean>;
-//# sourceMappingURL=tokenValidator.d.ts.map

package/dist/tokenValidator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tokenValidator.d.ts","sourceRoot":"","sources":["../src/tokenValidator.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CA0EnF"}

package/dist/tokenValidator.js

@@ -1,108 +0,0 @@
-"use strict";
-/**
- * Token validator - validates JWT tokens by testing connection
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateToken = validateToken;
-const axios_1 = __importStar(require("axios"));
-/**
- * Validate JWT token by making a test request to SAP system
- * @param token JWT token to validate
- * @param sapUrl SAP system URL
- * @returns true if token is valid, false if expired/invalid
- */
-async function validateToken(token, sapUrl) {
-    try {
-        // Make a lightweight request to test token validity
-        // Using /sap/bc/adt/core/discovery as it's a simple endpoint
-        const testUrl = `${sapUrl}/sap/bc/adt/core/discovery`;
-        const response = await axios_1.default.get(testUrl, {
-            headers: {
-                'Authorization': `Bearer ${token}`,
-                'Accept': 'application/xml',
-            },
-            timeout: 10000, // 10 second timeout
-            validateStatus: (status) => status < 500, // Don't throw on 4xx errors
-        });
-        // 200-299: Token is valid
-        if (response.status >= 200 && response.status < 300) {
-            return true;
-        }
-        // 401/403: Token expired or invalid (but distinguish from permission errors)
-        if (response.status === 401 || response.status === 403) {
-            const responseText = typeof response.data === 'string'
-                ? response.data
-                : JSON.stringify(response.data || '');
-            // Check if it's a permission error (not auth error)
-            if (responseText.includes('ExceptionResourceNoAccess') ||
-                responseText.includes('No authorization') ||
-                responseText.includes('Missing authorization')) {
-                // Permission error - token is valid but user doesn't have access
-                // We consider this as valid token
-                return true;
-            }
-            // Auth error - token expired or invalid
-            return false;
-        }
-        // Other errors - assume token is valid (might be network issues, etc.)
-        return true;
-    }
-    catch (error) {
-        if (error instanceof axios_1.AxiosError) {
-            // Network errors or timeouts - assume token might be valid
-            // (we don't want to invalidate tokens due to network issues)
-            if (error.code === 'ECONNABORTED' || error.code === 'ENOTFOUND' || error.code === 'ECONNREFUSED') {
-                // Network issue - assume token is valid
-                return true;
-            }
-            // 401/403 errors
-            if (error.response?.status === 401 || error.response?.status === 403) {
-                const responseText = typeof error.response.data === 'string'
-                    ? error.response.data
-                    : JSON.stringify(error.response.data || '');
-                // Check if it's a permission error
-                if (responseText.includes('ExceptionResourceNoAccess') ||
-                    responseText.includes('No authorization') ||
-                    responseText.includes('Missing authorization')) {
-                    return true;
-                }
-                return false;
-            }
-        }
-        // Unknown error - assume token is valid to avoid false negatives
-        return true;
-    }
-}