npm - @mcp-weave/nestjs - Versions diffs - 0.1.1 → 0.3.0 - Mend

@mcp-weave/nestjs 0.1.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js CHANGED Viewed

@@ -2,9 +2,16 @@
 require('reflect-metadata');
 var core = require('@mcp-weave/core');
+var crypto = require('crypto');
+var http = require('http');
 var index_js = require('@modelcontextprotocol/sdk/server/index.js');
+var sse_js = require('@modelcontextprotocol/sdk/server/sse.js');
 var stdio_js = require('@modelcontextprotocol/sdk/server/stdio.js');
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+var crypto__default = /*#__PURE__*/_interopDefault(crypto);
 // src/index.ts
 function McpServer(options) {
   return (target) => {
@@ -126,16 +133,161 @@ function getParamsMetadata(target) {
   return Reflect.getMetadata(core.METADATA_KEYS.PARAMS, target) ?? [];
 }
+// src/auth/index.ts
+function normalizeApiKeys(keys) {
+  if (!keys) return [];
+  if (typeof keys === "string") {
+    return [{ key: keys, name: "default" }];
+  }
+  return keys.map((k, index) => {
+    if (typeof k === "string") {
+      return { key: k, name: `key-${index + 1}` };
+    }
+    return k;
+  });
+}
+function extractApiKey(req, headerName = "x-api-key", queryParamName = "api_key") {
+  const headerKey = req.headers[headerName.toLowerCase()];
+  if (headerKey) {
+    return Array.isArray(headerKey) ? headerKey[0] : headerKey;
+  }
+  const authHeader = req.headers["authorization"];
+  if (authHeader && authHeader.startsWith("Bearer ")) {
+    return authHeader.slice(7);
+  }
+  const url = req.url ?? "";
+  const queryIndex = url.indexOf("?");
+  if (queryIndex !== -1) {
+    const searchParams = new URLSearchParams(url.slice(queryIndex + 1));
+    const queryKey = searchParams.get(queryParamName);
+    if (queryKey) return queryKey;
+  }
+  return void 0;
+}
+function validateApiKey(token, apiKeys) {
+  if (!token) {
+    return {
+      success: false,
+      error: "No API key provided"
+    };
+  }
+  const matchedKey = apiKeys.find((k) => k.key === token);
+  if (!matchedKey) {
+    return {
+      success: false,
+      error: "Invalid API key"
+    };
+  }
+  return {
+    success: true,
+    clientId: hashToken(token),
+    clientName: matchedKey.name,
+    scopes: matchedKey.scopes,
+    metadata: matchedKey.metadata
+  };
+}
+function hashToken(token) {
+  if (token.length <= 8) {
+    return "****";
+  }
+  return `${token.slice(0, 4)}...${token.slice(-4)}`;
+}
+function generateRequestId() {
+  return `req_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+}
+function createAuthMiddleware(options = {}) {
+  const {
+    enabled = false,
+    apiKeys,
+    headerName = "x-api-key",
+    queryParamName = "api_key",
+    authenticate,
+    onAuthFailure,
+    onAuthSuccess
+  } = options;
+  const normalizedKeys = normalizeApiKeys(apiKeys);
+  return async (req, res) => {
+    const requestId = generateRequestId();
+    const timestamp = /* @__PURE__ */ new Date();
+    if (!enabled) {
+      return {
+        request: req,
+        auth: { success: true, clientId: "anonymous" },
+        requestId,
+        timestamp
+      };
+    }
+    const token = extractApiKey(req, headerName, queryParamName);
+    let result;
+    if (authenticate) {
+      const authResult = await authenticate(token, req);
+      if (typeof authResult === "boolean") {
+        result = {
+          success: authResult,
+          clientId: authResult ? hashToken(token ?? "unknown") : void 0,
+          error: authResult ? void 0 : "Authentication failed"
+        };
+      } else {
+        result = authResult;
+      }
+    } else {
+      result = validateApiKey(token, normalizedKeys);
+    }
+    if (!result.success) {
+      onAuthFailure?.(req, result.error ?? "Unknown error");
+      res.writeHead(401, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "Unauthorized",
+          message: result.error ?? "Authentication required",
+          requestId
+        })
+      );
+      return null;
+    }
+    const authRequest = {
+      request: req,
+      auth: result,
+      requestId,
+      timestamp
+    };
+    onAuthSuccess?.(req, result);
+    return authRequest;
+  };
+}
+function sendUnauthorized(res, message = "Unauthorized", requestId) {
+  res.writeHead(401, { "Content-Type": "application/json" });
+  res.end(
+    JSON.stringify({
+      error: "Unauthorized",
+      message,
+      requestId
+    })
+  );
+}
+function generateApiKey(prefix = "mcp") {
+  const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  let key = "";
+  for (let i = 0; i < 32; i++) {
+    key += chars.charAt(Math.floor(Math.random() * chars.length));
+  }
+  return `${prefix}_${key}`;
+}
 // src/runtime/server.ts
 var McpRuntimeServer = class {
   server;
   instance;
   metadata;
-  constructor(target, _options = {}) {
+  authOptions;
+  authMiddleware;
+  constructor(target, options = {}) {
     this.metadata = core.extractMetadata(target);
     if (!this.metadata.server) {
       throw new Error(`Class ${target.name} is not decorated with @McpServer`);
     }
+    this.authOptions = options.auth ?? {};
+    this.authMiddleware = createAuthMiddleware(this.authOptions);
     this.server = new index_js.Server(
       {
         name: this.metadata.server.name,
@@ -326,23 +478,455 @@ var McpRuntimeServer = class {
     return params;
   }
   /**
-   * Start the MCP server
+   * Start the MCP server with stdio transport
    */
   async start() {
     const transport = new stdio_js.StdioServerTransport();
     await this.server.connect(transport);
     console.error(`MCP server '${this.metadata.server?.name}' started on stdio`);
   }
+  /**
+   * Start the MCP server with SSE transport
+   */
+  async startSSE(options = {}) {
+    const port = options.port ?? 3e3;
+    const endpoint = options.endpoint ?? "/sse";
+    const httpServer = http.createServer(async (req, res) => {
+      res.setHeader("Access-Control-Allow-Origin", "*");
+      res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Api-Key");
+      if (req.method === "OPTIONS") {
+        res.writeHead(200);
+        res.end();
+        return;
+      }
+      const authResult = await this.authMiddleware(req, res);
+      if (!authResult) return;
+      const url = new URL(req.url ?? "/", `http://localhost:${port}`);
+      if (this.authOptions.enabled) {
+        console.error(
+          `[${authResult.requestId}] ${authResult.auth.clientName ?? authResult.auth.clientId} - ${req.method} ${url.pathname}`
+        );
+      }
+      if (url.pathname === endpoint && req.method === "GET") {
+        const transport = new sse_js.SSEServerTransport(endpoint, res);
+        await this.server.connect(transport);
+        return;
+      }
+      if (url.pathname === `${endpoint}/message` && req.method === "POST") {
+        let _body = "";
+        req.on("data", (chunk) => {
+          _body += chunk.toString();
+        });
+        req.on("end", () => {
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ received: true }));
+        });
+        return;
+      }
+      if (url.pathname === "/health") {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            status: "ok",
+            server: this.metadata.server?.name,
+            version: this.metadata.server?.version
+          })
+        );
+        return;
+      }
+      res.writeHead(404, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "Not found" }));
+    });
+    return new Promise((resolve, reject) => {
+      httpServer.on("error", reject);
+      httpServer.listen(port, () => {
+        console.error(
+          `MCP server '${this.metadata.server?.name}' started on http://localhost:${port}${endpoint}`
+        );
+        resolve(httpServer);
+      });
+    });
+  }
   /**
    * Get the underlying MCP server instance
    */
   getServer() {
     return this.server;
   }
+  /**
+   * Start the MCP server with WebSocket transport
+   */
+  async startWebSocket(options = {}) {
+    const port = options.port ?? 8080;
+    const endpoint = options.endpoint ?? "/ws";
+    const httpServer = http.createServer(async (req, res) => {
+      res.setHeader("Access-Control-Allow-Origin", "*");
+      res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+      res.setHeader(
+        "Access-Control-Allow-Headers",
+        "Content-Type, Upgrade, Connection, Authorization, X-Api-Key"
+      );
+      if (req.method === "OPTIONS") {
+        res.writeHead(200);
+        res.end();
+        return;
+      }
+      if (req.url === "/health") {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            status: "ok",
+            server: this.metadata.server?.name,
+            version: this.metadata.server?.version,
+            transport: "websocket",
+            authEnabled: this.authOptions.enabled ?? false
+          })
+        );
+        return;
+      }
+      const authResult = await this.authMiddleware(req, res);
+      if (!authResult) return;
+      if (req.url === "/" || req.url?.startsWith("/?")) {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            name: this.metadata.server?.name,
+            version: this.metadata.server?.version,
+            websocket: `ws://localhost:${port}${endpoint}`,
+            tools: this.metadata.tools.length,
+            resources: this.metadata.resources.length,
+            prompts: this.metadata.prompts.length,
+            client: authResult.auth.clientName,
+            requestId: authResult.requestId
+          })
+        );
+        return;
+      }
+      res.writeHead(426, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          error: "Upgrade Required",
+          message: `Connect via WebSocket at ${endpoint}`
+        })
+      );
+    });
+    httpServer.on("upgrade", async (req, socket, _head) => {
+      const url = new URL(req.url ?? "/", `http://localhost:${port}`);
+      if (url.pathname !== endpoint) {
+        socket.write("HTTP/1.1 404 Not Found\r\n\r\n");
+        socket.destroy();
+        return;
+      }
+      if (this.authOptions.enabled) {
+        const apiKeys = normalizeApiKeys(this.authOptions.apiKeys);
+        const token = extractApiKey(
+          req,
+          this.authOptions.headerName,
+          this.authOptions.queryParamName
+        );
+        const authResult = validateApiKey(token, apiKeys);
+        if (!authResult.success) {
+          socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
+          socket.destroy();
+          this.authOptions.onAuthFailure?.(req, authResult.error ?? "Auth failed");
+          return;
+        }
+        console.error(
+          `[WebSocket] Client connected: ${authResult.clientName ?? authResult.clientId}`
+        );
+      }
+      const key = req.headers["sec-websocket-key"];
+      if (!key) {
+        socket.write("HTTP/1.1 400 Bad Request\r\n\r\n");
+        socket.destroy();
+        return;
+      }
+      const acceptKey = crypto__default.default.createHash("sha1").update(key + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11").digest("base64");
+      socket.write(
+        `HTTP/1.1 101 Switching Protocols\r
+Upgrade: websocket\r
+Connection: Upgrade\r
+Sec-WebSocket-Accept: ${acceptKey}\r
+\r
+`
+      );
+      const sessions = /* @__PURE__ */ new Map();
+      const sessionId = crypto__default.default.randomUUID();
+      const encodeFrame = (data) => {
+        const payload = Buffer.from(data, "utf8");
+        const length = payload.length;
+        let frame;
+        if (length < 126) {
+          frame = Buffer.alloc(2 + length);
+          frame[0] = 129;
+          frame[1] = length;
+          payload.copy(frame, 2);
+        } else if (length < 65536) {
+          frame = Buffer.alloc(4 + length);
+          frame[0] = 129;
+          frame[1] = 126;
+          frame.writeUInt16BE(length, 2);
+          payload.copy(frame, 4);
+        } else {
+          frame = Buffer.alloc(10 + length);
+          frame[0] = 129;
+          frame[1] = 127;
+          frame.writeBigUInt64BE(BigInt(length), 2);
+          payload.copy(frame, 10);
+        }
+        return frame;
+      };
+      const decodeFrame = (buffer) => {
+        if (buffer.length < 2) return null;
+        const byte0 = buffer[0];
+        const byte1 = buffer[1];
+        const opcode = byte0 & 15;
+        const masked = (byte1 & 128) !== 0;
+        let payloadLength = byte1 & 127;
+        let offset = 2;
+        if (payloadLength === 126) {
+          if (buffer.length < 4) return null;
+          payloadLength = buffer.readUInt16BE(2);
+          offset = 4;
+        } else if (payloadLength === 127) {
+          if (buffer.length < 10) return null;
+          payloadLength = Number(buffer.readBigUInt64BE(2));
+          offset = 10;
+        }
+        if (masked) {
+          if (buffer.length < offset + 4 + payloadLength) return null;
+          const mask = buffer.slice(offset, offset + 4);
+          offset += 4;
+          const payload = buffer.slice(offset, offset + payloadLength);
+          for (let i = 0; i < payload.length; i++) {
+            const maskByte = mask[i % 4] ?? 0;
+            payload[i] = (payload[i] ?? 0) ^ maskByte;
+          }
+          return { opcode, payload: payload.toString("utf8") };
+        } else {
+          if (buffer.length < offset + payloadLength) return null;
+          return { opcode, payload: buffer.slice(offset, offset + payloadLength).toString("utf8") };
+        }
+      };
+      const send = (data) => {
+        try {
+          socket.write(encodeFrame(data));
+        } catch {
+        }
+      };
+      sessions.set(sessionId, { send });
+      send(
+        JSON.stringify({
+          jsonrpc: "2.0",
+          method: "connection/established",
+          params: { sessionId, server: this.metadata.server?.name }
+        })
+      );
+      let messageBuffer = Buffer.alloc(0);
+      socket.on("data", async (chunk) => {
+        messageBuffer = Buffer.concat([messageBuffer, chunk]);
+        while (messageBuffer.length > 0) {
+          const frame = decodeFrame(messageBuffer);
+          if (!frame) break;
+          let frameSize = 2;
+          const byte1 = messageBuffer[1] ?? 0;
+          const payloadLength = byte1 & 127;
+          if (payloadLength === 126) frameSize = 4;
+          else if (payloadLength === 127) frameSize = 10;
+          if ((byte1 & 128) !== 0) frameSize += 4;
+          frameSize += frame.payload.length;
+          messageBuffer = messageBuffer.slice(frameSize);
+          if (frame.opcode === 8) {
+            socket.end();
+            return;
+          }
+          if (frame.opcode === 9) {
+            socket.write(Buffer.from([138, 0]));
+            continue;
+          }
+          if (frame.opcode === 1) {
+            try {
+              const message = JSON.parse(frame.payload);
+              const response = await this.handleWebSocketMessage(message);
+              if (response) {
+                send(JSON.stringify(response));
+              }
+            } catch (error) {
+              send(
+                JSON.stringify({
+                  jsonrpc: "2.0",
+                  error: { code: -32700, message: "Parse error" },
+                  id: null
+                })
+              );
+            }
+          }
+        }
+      });
+      socket.on("close", () => {
+        sessions.delete(sessionId);
+      });
+      socket.on("error", () => {
+        sessions.delete(sessionId);
+      });
+    });
+    return new Promise((resolve, reject) => {
+      httpServer.on("error", reject);
+      httpServer.listen(port, () => {
+        console.error(
+          `MCP server '${this.metadata.server?.name}' started on ws://localhost:${port}${endpoint}`
+        );
+        resolve(httpServer);
+      });
+    });
+  }
+  /**
+   * Handle WebSocket JSON-RPC messages
+   */
+  async handleWebSocketMessage(message) {
+    if (!message || typeof message !== "object") {
+      return { jsonrpc: "2.0", error: { code: -32600, message: "Invalid Request" }, id: null };
+    }
+    const req = message;
+    if (req.jsonrpc !== "2.0" || !req.method) {
+      return {
+        jsonrpc: "2.0",
+        error: { code: -32600, message: "Invalid Request" },
+        id: req.id ?? null
+      };
+    }
+    try {
+      let result;
+      switch (req.method) {
+        case "initialize":
+          result = {
+            protocolVersion: "2024-11-05",
+            serverInfo: {
+              name: this.metadata.server?.name,
+              version: this.metadata.server?.version ?? "1.0.0"
+            },
+            capabilities: {
+              tools: this.metadata.tools.length > 0 ? {} : void 0,
+              resources: this.metadata.resources.length > 0 ? {} : void 0,
+              prompts: this.metadata.prompts.length > 0 ? {} : void 0
+            }
+          };
+          break;
+        case "tools/list":
+          result = {
+            tools: this.metadata.tools.map((t) => ({
+              name: t.name,
+              description: t.description,
+              inputSchema: t.inputSchema ?? { type: "object", properties: {} }
+            }))
+          };
+          break;
+        case "tools/call": {
+          const toolParams = req.params;
+          const tool = this.metadata.tools.find((t) => t.name === toolParams.name);
+          if (!tool) {
+            return {
+              jsonrpc: "2.0",
+              error: { code: -32602, message: `Unknown tool: ${toolParams.name}` },
+              id: req.id
+            };
+          }
+          const method = Reflect.get(this.instance, tool.propertyKey);
+          const toolResult = await method.apply(this.instance, [toolParams.arguments ?? {}]);
+          result = {
+            content: [
+              {
+                type: "text",
+                text: typeof toolResult === "string" ? toolResult : JSON.stringify(toolResult)
+              }
+            ]
+          };
+          break;
+        }
+        case "resources/list":
+          result = {
+            resources: this.metadata.resources.map((r) => ({
+              uri: r.uri,
+              name: r.name,
+              description: r.description,
+              mimeType: r.mimeType
+            }))
+          };
+          break;
+        case "resources/read": {
+          const resParams = req.params;
+          for (const resource of this.metadata.resources) {
+            const uriParams = this.extractUriParams(resource.uri, resParams.uri);
+            if (uriParams) {
+              const resMethod = Reflect.get(this.instance, resource.propertyKey);
+              const args = this.resolveResourceArgs(resource.propertyKey, uriParams);
+              result = await resMethod.apply(this.instance, args);
+              break;
+            }
+          }
+          if (!result) {
+            return {
+              jsonrpc: "2.0",
+              error: { code: -32602, message: `Resource not found: ${resParams.uri}` },
+              id: req.id
+            };
+          }
+          break;
+        }
+        case "prompts/list":
+          result = {
+            prompts: this.metadata.prompts.map((p) => ({
+              name: p.name,
+              description: p.description,
+              arguments: p.arguments ?? []
+            }))
+          };
+          break;
+        case "prompts/get": {
+          const promptParams = req.params;
+          const prompt = this.metadata.prompts.find((p) => p.name === promptParams.name);
+          if (!prompt) {
+            return {
+              jsonrpc: "2.0",
+              error: { code: -32602, message: `Unknown prompt: ${promptParams.name}` },
+              id: req.id
+            };
+          }
+          const promptMethod = Reflect.get(this.instance, prompt.propertyKey);
+          const promptArgs = this.resolvePromptArgs(
+            prompt.propertyKey,
+            promptParams.arguments ?? {}
+          );
+          result = await promptMethod.apply(this.instance, promptArgs);
+          break;
+        }
+        default:
+          return {
+            jsonrpc: "2.0",
+            error: { code: -32601, message: `Method not found: ${req.method}` },
+            id: req.id
+          };
+      }
+      return { jsonrpc: "2.0", result, id: req.id };
+    } catch (error) {
+      return {
+        jsonrpc: "2.0",
+        error: { code: -32e3, message: error instanceof Error ? error.message : "Internal error" },
+        id: req.id
+      };
+    }
+  }
 };
-async function createMcpServer(target, options) {
+async function createMcpServer(target, options = {}) {
   const server = new McpRuntimeServer(target, options);
-  await server.start();
+  if (options.transport === "sse") {
+    await server.startSSE({ port: options.port, endpoint: options.endpoint });
+  } else if (options.transport === "websocket") {
+    await server.startWebSocket({ port: options.port, endpoint: options.endpoint });
+  } else {
+    await server.start();
+  }
   return server;
 }
@@ -366,13 +950,21 @@ exports.McpRuntimeServer = McpRuntimeServer;
 exports.McpServer = McpServer;
 exports.McpTool = McpTool;
 exports.VERSION = VERSION;
+exports.createAuthMiddleware = createAuthMiddleware;
 exports.createMcpServer = createMcpServer;
+exports.extractApiKey = extractApiKey;
+exports.generateApiKey = generateApiKey;
+exports.generateRequestId = generateRequestId;
 exports.getMcpServers = getMcpServers;
 exports.getParamsMetadata = getParamsMetadata;
 exports.getPromptsMetadata = getPromptsMetadata;
 exports.getResourcesMetadata = getResourcesMetadata;
 exports.getServerMetadata = getServerMetadata;
 exports.getToolsMetadata = getToolsMetadata;
+exports.hashToken = hashToken;
 exports.isMcpServer = isMcpServer;
+exports.normalizeApiKeys = normalizeApiKeys;
+exports.sendUnauthorized = sendUnauthorized;
+exports.validateApiKey = validateApiKey;
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map