npm - @mcp-abap-adt/connection - Versions diffs - 0.1.8 → 0.1.10 - Mend

@mcp-abap-adt/connection 0.1.8 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +18 -1
package/bin/sap-abap-auth.js +65 -0
package/dist/connection/JwtAbapConnection.d.ts +5 -0
package/dist/connection/JwtAbapConnection.d.ts.map +1 -1
package/dist/connection/JwtAbapConnection.js +60 -7
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -320,9 +320,15 @@ interface AbapConnection {
   enableStatefulSession(sessionId: string, storage: ISessionStorage): Promise<void>;
   disableStatefulSession(): void;
   getSessionMode(): "stateless" | "stateful";
+  getSessionId(): string | undefined; // Get current session ID
+  setSessionType(type: "stateless" | "stateful"): void; // Switch session type
 }
 ```
+**New in 0.1.6+:**
+- `getSessionId()`: Returns the current session ID if stateful session is enabled, otherwise `undefined`
+- `setSessionType(type)`: Programmatically switch between stateful and stateless modes without recreating connection
 #### `ILogger`
 Logger interface for custom logging implementations.
@@ -370,10 +376,21 @@ function createAbapConnection(
 - Node.js >= 18.0.0
 - Access to SAP ABAP system (on-premise or BTP)
+## Changelog
+See [CHANGELOG.md](./CHANGELOG.md) for detailed version history and breaking changes.
+**Latest version: 0.1.9**
+- Comprehensive documentation updates
+- Enhanced README with new API methods documentation
+- Complete version history in CHANGELOG
+- Fixed documentation structure and links
 ## Documentation
-- [Custom Session Storage](./CUSTOM_SESSION_STORAGE.md) - How to implement custom session persistence (database, Redis, etc.)
+- [Custom Session Storage](./docs/CUSTOM_SESSION_STORAGE.md) - How to implement custom session persistence (database, Redis, etc.)
 - [Examples](./examples/README.md) - Working code examples
+- [Changelog](./CHANGELOG.md) - Version history and release notes
 ## License

package/bin/sap-abap-auth.js CHANGED Viewed

@@ -122,6 +122,48 @@ async function tryRefreshToken(refreshToken, uaaUrl, clientId, clientSecret) {
   }
 }
+/**
+ * Decodes JWT token and extracts expiration time
+ * @param {string} token JWT token string
+ * @returns {Object|null} Object with expiration date and timestamp, or null if decoding fails
+ */
+function getTokenExpiry(token) {
+  try {
+    if (!token) return null;
+    // JWT format: header.payload.signature
+    const parts = token.split('.');
+    if (parts.length !== 3) return null;
+    // Decode payload (base64url)
+    const payload = parts[1];
+    // Add padding if needed
+    const paddedPayload = payload + '='.repeat((4 - payload.length % 4) % 4);
+    const decodedPayload = Buffer.from(paddedPayload, 'base64').toString('utf8');
+    const payloadObj = JSON.parse(decodedPayload);
+    if (!payloadObj.exp) return null;
+    // exp is Unix timestamp in seconds
+    const expiryTimestamp = payloadObj.exp * 1000; // Convert to milliseconds
+    const expiryDate = new Date(expiryTimestamp);
+    return {
+      timestamp: expiryTimestamp,
+      date: expiryDate,
+      dateString: expiryDate.toISOString(),
+      readableDate: expiryDate.toLocaleString('en-US', {
+        timeZone: 'UTC',
+        dateStyle: 'full',
+        timeStyle: 'long'
+      })
+    };
+  } catch (error) {
+    // Silently fail - token might not be a valid JWT or might be in different format
+    return null;
+  }
+}
 /**
  * Updates the .env file with new values
  * @param {Object} updates Object with updated values
@@ -134,6 +176,29 @@ function updateEnvFile(updates, envFilePath) {
       fs.unlinkSync(envFilePath);
     }
     let lines = [];
+    // Get token expiry information
+    const jwtTokenExpiry = getTokenExpiry(updates.SAP_JWT_TOKEN);
+    const refreshTokenExpiry = getTokenExpiry(updates.SAP_REFRESH_TOKEN);
+    // Add token expiry comments at the beginning if JWT auth
+    if (updates.SAP_AUTH_TYPE === "jwt") {
+      lines.push("# Token Expiry Information (auto-generated)");
+      if (jwtTokenExpiry) {
+        lines.push(`# JWT Token expires: ${jwtTokenExpiry.readableDate} (UTC)`);
+        lines.push(`# JWT Token expires at: ${jwtTokenExpiry.dateString}`);
+      } else {
+        lines.push("# JWT Token expiry: Unable to determine (token may not be a standard JWT)");
+      }
+      if (refreshTokenExpiry) {
+        lines.push(`# Refresh Token expires: ${refreshTokenExpiry.readableDate} (UTC)`);
+        lines.push(`# Refresh Token expires at: ${refreshTokenExpiry.dateString}`);
+      } else if (updates.SAP_REFRESH_TOKEN) {
+        lines.push("# Refresh Token expiry: Unable to determine (token may not be a standard JWT)");
+      }
+      lines.push("");
+    }
     if (updates.SAP_AUTH_TYPE === "jwt") {
       // jwt: write only relevant params
       const jwtAllowed = [

package/dist/connection/JwtAbapConnection.d.ts CHANGED Viewed

@@ -28,6 +28,11 @@ export declare class JwtAbapConnection extends AbstractAbapConnection {
      * Override makeAdtRequest to handle JWT token refresh on 401/403
      */
     makeAdtRequest(options: AbapRequestOptions): Promise<AxiosResponse>;
+    /**
+     * Override fetchCsrfToken to handle JWT token refresh on 401/403 errors
+     * This ensures that token refresh works even when CSRF token is fetched during makeAdtRequest
+     */
+    protected fetchCsrfToken(url: string, retryCount?: number, retryDelay?: number): Promise<string>;
     private static validateConfig;
 }
 //# sourceMappingURL=JwtAbapConnection.d.ts.map

package/dist/connection/JwtAbapConnection.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"JwtAbapConnection.d.ts","sourceRoot":"","sources":["../../src/connection/JwtAbapConnection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,eAAe,EAAgB,MAAM,cAAc,CAAC;AAEtE,OAAO,EAAc,aAAa,EAAE,MAAM,OAAO,CAAC;AAElD;;;GAGG;AACH,qBAAa,iBAAkB,SAAQ,sBAAsB;IAC3D,OAAO,CAAC,sBAAsB,CAAkB;gBAG9C,MAAM,EAAE,SAAS,EACjB,MAAM,EAAE,OAAO,EACf,cAAc,CAAC,EAAE,eAAe,EAChC,SAAS,CAAC,EAAE,MAAM;IAMpB,SAAS,CAAC,wBAAwB,IAAI,MAAM;IAS5C;;;OAGG;IACG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IA6EnC;;OAEG;IACH,eAAe,IAAI,OAAO;IAU1B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;~~IA2G9B~~;;OAEG;IACG,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;~~IAgGzE~~,OAAO,CAAC,MAAM,CAAC,cAAc;CAS9B"}
1	+ {"version":3,"file":"JwtAbapConnection.d.ts","sourceRoot":"","sources":["../../src/connection/JwtAbapConnection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,eAAe,EAAgB,MAAM,cAAc,CAAC;AAEtE,OAAO,EAAc,aAAa,EAAE,MAAM,OAAO,CAAC;AAElD;;;GAGG;AACH,qBAAa,iBAAkB,SAAQ,sBAAsB;IAC3D,OAAO,CAAC,sBAAsB,CAAkB;gBAG9C,MAAM,EAAE,SAAS,EACjB,MAAM,EAAE,OAAO,EACf,cAAc,CAAC,EAAE,eAAe,EAChC,SAAS,CAAC,EAAE,MAAM;IAMpB,SAAS,CAAC,wBAAwB,IAAI,MAAM;IAS5C;;;OAGG;IACG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IA6EnC;;OAEG;IACH,eAAe,IAAI,OAAO;IAU1B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IA4G9B;;OAEG;IACG,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;IAuGzE;;;OAGG;cACa,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,SAAI,EAAE,UAAU,SAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IA4C/F,OAAO,CAAC,MAAM,CAAC,cAAc;CAS9B"}

package/dist/connection/JwtAbapConnection.js CHANGED Viewed

@@ -188,11 +188,12 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
                     }
                     catch (refreshError) {
                         this.logger.error(`❌ Token refresh failed during connect: ${refreshError.message}`);
-                        throw new Error("JWT token has expired and refresh failed. Please re-authenticate.");
+                        throw new Error("Refresh token has expired. Please re-authenticate.");
                     }
                 }
                 else {
-                    throw new Error("JWT token has expired. Please refresh your authentication token.");
+                    // No refresh token available - JWT token expired, need to re-authenticate
+                    throw new Error("JWT token has expired. Please re-authenticate.");
                 }
             }
             // Re-throw other errors
@@ -243,7 +244,7 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
                     catch (refreshError) {
                         // Only catch errors from refreshToken()
                         this.logger.error(`❌ Token refresh failed: ${refreshError.message}`);
-                        throw new Error("JWT token has expired and refresh failed. Please re-authenticate.");
+                        throw new Error("Refresh token has expired. Please re-authenticate.");
                     }
                     // Step 2: Reconnect to get new CSRF token and cookies
                     try {
@@ -262,10 +263,16 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
                         }
                     }
                     catch (connectError) {
+                        // If connect() fails after token refresh, it means the refresh token was invalid
+                        // Check if it's an auth error (401/403)
+                        if (connectError instanceof axios_1.AxiosError &&
+                            (connectError.response?.status === 401 || connectError.response?.status === 403)) {
+                            this.logger.error(`❌ Failed to reconnect after token refresh: ${connectError.message}`);
+                            throw new Error("Refresh token has expired. Please re-authenticate.");
+                        }
+                        // For other errors, log but continue - ensureFreshCsrfToken will try to get CSRF token during request retry
                         this.logger.error(`❌ Failed to reconnect after token refresh: ${connectError.message}`);
                         this.logger.error(`❌ This means CSRF token will not be available for POST/PUT/DELETE requests`);
-                        // Continue anyway - ensureFreshCsrfToken will try to get CSRF token during request retry
-                        // But this is likely to fail if connect() failed
                     }
                     // Step 3: Retry the request with new token
                     // ensureFreshCsrfToken will be called automatically if CSRF token is missing
@@ -278,7 +285,7 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
                         if (retryError instanceof axios_1.AxiosError &&
                             (retryError.response?.status === 401 || retryError.response?.status === 403)) {
                             this.logger.error(`❌ Token refresh didn't help - still getting ${retryError.response.status}`);
-                            throw new Error("JWT token has expired and refresh failed. Please re-authenticate.");
+                            throw new Error("Refresh token has expired. Please re-authenticate.");
                         }
                         // For other errors (400, 500, etc.), re-throw the original error
                         // These are not auth errors, so they should be handled by the caller
@@ -287,12 +294,58 @@ class JwtAbapConnection extends AbstractAbapConnection_js_1.AbstractAbapConnecti
                     }
                 }
                 else {
-                    throw new Error("JWT token has expired. Please refresh your authentication token.");
+                    // No refresh token available - JWT token expired, need to re-authenticate
+                    throw new Error("JWT token has expired. Please re-authenticate.");
                 }
             }
             throw error;
         }
     }
+    /**
+     * Override fetchCsrfToken to handle JWT token refresh on 401/403 errors
+     * This ensures that token refresh works even when CSRF token is fetched during makeAdtRequest
+     */
+    async fetchCsrfToken(url, retryCount = 3, retryDelay = 1000) {
+        try {
+            // Try to fetch CSRF token using parent implementation
+            return await super.fetchCsrfToken(url, retryCount, retryDelay);
+        }
+        catch (error) {
+            // Handle JWT auth errors (401/403) during CSRF token fetch
+            if (error instanceof axios_1.AxiosError &&
+                (error.response?.status === 401 || error.response?.status === 403)) {
+                // Check if this is really an auth error, not a permissions error
+                const responseData = error.response?.data;
+                const responseText = typeof responseData === "string" ? responseData : JSON.stringify(responseData || "");
+                // Don't retry on "No Access" errors
+                if (responseText.includes("ExceptionResourceNoAccess") ||
+                    responseText.includes("No authorization") ||
+                    responseText.includes("Missing authorization")) {
+                    throw error;
+                }
+                // Try token refresh if possible
+                if (this.canRefreshToken()) {
+                    try {
+                        this.logger.debug(`Received ${error.response.status} during CSRF token fetch, attempting JWT token refresh...`);
+                        await this.refreshToken();
+                        this.logger.debug(`✓ Token refreshed successfully, retrying CSRF token fetch...`);
+                        // Retry CSRF token fetch with new JWT token
+                        return await super.fetchCsrfToken(url, retryCount, retryDelay);
+                    }
+                    catch (refreshError) {
+                        this.logger.error(`❌ Token refresh failed during CSRF token fetch: ${refreshError.message}`);
+                        throw new Error("Refresh token has expired. Please re-authenticate.");
+                    }
+                }
+                else {
+                    // No refresh token available - JWT token expired, need to re-authenticate
+                    throw new Error("JWT token has expired. Please re-authenticate.");
+                }
+            }
+            // Re-throw other errors
+            throw error;
+        }
+    }
     static validateConfig(config) {
         if (config.authType !== "jwt") {
             throw new Error(`JWT connection expects authType "jwt", got "${config.authType}"`);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/connection",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "ABAP connection layer for MCP ABAP ADT server",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",