@modelcontextprotocol/sdk 1.18.2 → 1.19.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +766 -738
- package/dist/cjs/cli.js +35 -37
- package/dist/cjs/cli.js.map +1 -1
- package/dist/cjs/client/auth.d.ts +12 -12
- package/dist/cjs/client/auth.d.ts.map +1 -1
- package/dist/cjs/client/auth.js +76 -83
- package/dist/cjs/client/auth.js.map +1 -1
- package/dist/cjs/client/index.d.ts +186 -123
- package/dist/cjs/client/index.d.ts.map +1 -1
- package/dist/cjs/client/index.js +40 -41
- package/dist/cjs/client/index.js.map +1 -1
- package/dist/cjs/client/middleware.d.ts +2 -2
- package/dist/cjs/client/middleware.d.ts.map +1 -1
- package/dist/cjs/client/middleware.js +22 -27
- package/dist/cjs/client/middleware.js.map +1 -1
- package/dist/cjs/client/sse.d.ts +4 -4
- package/dist/cjs/client/sse.d.ts.map +1 -1
- package/dist/cjs/client/sse.js +34 -21
- package/dist/cjs/client/sse.js.map +1 -1
- package/dist/cjs/client/stdio.d.ts +4 -4
- package/dist/cjs/client/stdio.d.ts.map +1 -1
- package/dist/cjs/client/stdio.js +32 -32
- package/dist/cjs/client/stdio.js.map +1 -1
- package/dist/cjs/client/streamableHttp.d.ts +7 -6
- package/dist/cjs/client/streamableHttp.d.ts.map +1 -1
- package/dist/cjs/client/streamableHttp.js +55 -38
- package/dist/cjs/client/streamableHttp.js.map +1 -1
- package/dist/cjs/client/websocket.d.ts +2 -2
- package/dist/cjs/client/websocket.d.ts.map +1 -1
- package/dist/cjs/client/websocket.js +5 -7
- package/dist/cjs/client/websocket.js.map +1 -1
- package/dist/cjs/examples/client/multipleClientsParallel.js +2 -2
- package/dist/cjs/examples/client/multipleClientsParallel.js.map +1 -1
- package/dist/cjs/examples/client/parallelToolCallsClient.js +6 -5
- package/dist/cjs/examples/client/parallelToolCallsClient.js.map +1 -1
- package/dist/cjs/examples/client/simpleOAuthClient.js +15 -13
- package/dist/cjs/examples/client/simpleOAuthClient.js.map +1 -1
- package/dist/cjs/examples/client/simpleStreamableHttp.js +15 -11
- package/dist/cjs/examples/client/simpleStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/client/streamableHttpWithSseFallbackClient.js +2 -2
- package/dist/cjs/examples/client/streamableHttpWithSseFallbackClient.js.map +1 -1
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.d.ts +1 -1
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.d.ts.map +1 -1
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.js +18 -16
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.js.map +1 -1
- package/dist/cjs/examples/server/jsonResponseStreamableHttp.js +18 -18
- package/dist/cjs/examples/server/jsonResponseStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/server/mcpServerOutputSchema.js +19 -17
- package/dist/cjs/examples/server/mcpServerOutputSchema.js.map +1 -1
- package/dist/cjs/examples/server/simpleSseServer.js +8 -8
- package/dist/cjs/examples/server/simpleSseServer.js.map +1 -1
- package/dist/cjs/examples/server/simpleStatelessStreamableHttp.js +22 -22
- package/dist/cjs/examples/server/simpleStatelessStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/server/simpleStreamableHttp.js +78 -78
- package/dist/cjs/examples/server/simpleStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/server/sseAndStreamableHttpCompatibleServer.js +18 -18
- package/dist/cjs/examples/server/sseAndStreamableHttpCompatibleServer.js.map +1 -1
- package/dist/cjs/examples/server/standaloneSseWithGetStreamableHttp.js +8 -8
- package/dist/cjs/examples/server/standaloneSseWithGetStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/server/toolWithSampleServer.js +19 -19
- package/dist/cjs/examples/server/toolWithSampleServer.js.map +1 -1
- package/dist/cjs/examples/shared/inMemoryEventStore.d.ts.map +1 -1
- package/dist/cjs/examples/shared/inMemoryEventStore.js.map +1 -1
- package/dist/cjs/inMemory.d.ts +3 -3
- package/dist/cjs/inMemory.d.ts.map +1 -1
- package/dist/cjs/inMemory.js +1 -1
- package/dist/cjs/inMemory.js.map +1 -1
- package/dist/cjs/server/auth/clients.d.ts +2 -2
- package/dist/cjs/server/auth/clients.d.ts.map +1 -1
- package/dist/cjs/server/auth/errors.d.ts +1 -1
- package/dist/cjs/server/auth/errors.d.ts.map +1 -1
- package/dist/cjs/server/auth/errors.js +17 -17
- package/dist/cjs/server/auth/errors.js.map +1 -1
- package/dist/cjs/server/auth/handlers/authorize.d.ts +3 -3
- package/dist/cjs/server/auth/handlers/authorize.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/authorize.js +21 -18
- package/dist/cjs/server/auth/handlers/authorize.js.map +1 -1
- package/dist/cjs/server/auth/handlers/metadata.d.ts +2 -2
- package/dist/cjs/server/auth/handlers/metadata.js +1 -1
- package/dist/cjs/server/auth/handlers/metadata.js.map +1 -1
- package/dist/cjs/server/auth/handlers/register.d.ts +4 -4
- package/dist/cjs/server/auth/handlers/register.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/register.js +7 -9
- package/dist/cjs/server/auth/handlers/register.js.map +1 -1
- package/dist/cjs/server/auth/handlers/revoke.d.ts +4 -4
- package/dist/cjs/server/auth/handlers/revoke.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/revoke.js +9 -9
- package/dist/cjs/server/auth/handlers/revoke.js.map +1 -1
- package/dist/cjs/server/auth/handlers/token.d.ts +3 -3
- package/dist/cjs/server/auth/handlers/token.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/token.js +14 -14
- package/dist/cjs/server/auth/handlers/token.js.map +1 -1
- package/dist/cjs/server/auth/middleware/allowedMethods.d.ts +1 -1
- package/dist/cjs/server/auth/middleware/allowedMethods.d.ts.map +1 -1
- package/dist/cjs/server/auth/middleware/allowedMethods.js +1 -3
- package/dist/cjs/server/auth/middleware/allowedMethods.js.map +1 -1
- package/dist/cjs/server/auth/middleware/bearerAuth.d.ts +4 -4
- package/dist/cjs/server/auth/middleware/bearerAuth.d.ts.map +1 -1
- package/dist/cjs/server/auth/middleware/bearerAuth.js +7 -7
- package/dist/cjs/server/auth/middleware/bearerAuth.js.map +1 -1
- package/dist/cjs/server/auth/middleware/clientAuth.d.ts +4 -4
- package/dist/cjs/server/auth/middleware/clientAuth.d.ts.map +1 -1
- package/dist/cjs/server/auth/middleware/clientAuth.js +6 -6
- package/dist/cjs/server/auth/middleware/clientAuth.js.map +1 -1
- package/dist/cjs/server/auth/provider.d.ts +4 -4
- package/dist/cjs/server/auth/provider.d.ts.map +1 -1
- package/dist/cjs/server/auth/providers/proxyProvider.d.ts +10 -10
- package/dist/cjs/server/auth/providers/proxyProvider.d.ts.map +1 -1
- package/dist/cjs/server/auth/providers/proxyProvider.js +34 -34
- package/dist/cjs/server/auth/providers/proxyProvider.js.map +1 -1
- package/dist/cjs/server/auth/router.d.ts +11 -11
- package/dist/cjs/server/auth/router.d.ts.map +1 -1
- package/dist/cjs/server/auth/router.js +16 -18
- package/dist/cjs/server/auth/router.js.map +1 -1
- package/dist/cjs/server/auth/types.d.ts +1 -1
- package/dist/cjs/server/auth/types.d.ts.map +1 -1
- package/dist/cjs/server/completable.d.ts +5 -5
- package/dist/cjs/server/completable.d.ts.map +1 -1
- package/dist/cjs/server/completable.js +5 -5
- package/dist/cjs/server/completable.js.map +1 -1
- package/dist/cjs/server/index.d.ts +9 -9
- package/dist/cjs/server/index.d.ts.map +1 -1
- package/dist/cjs/server/index.js +38 -42
- package/dist/cjs/server/index.js.map +1 -1
- package/dist/cjs/server/mcp.d.ts +8 -8
- package/dist/cjs/server/mcp.d.ts.map +1 -1
- package/dist/cjs/server/mcp.js +87 -82
- package/dist/cjs/server/mcp.js.map +1 -1
- package/dist/cjs/server/sse.d.ts +4 -4
- package/dist/cjs/server/sse.d.ts.map +1 -1
- package/dist/cjs/server/sse.js +16 -15
- package/dist/cjs/server/sse.js.map +1 -1
- package/dist/cjs/server/stdio.d.ts +3 -3
- package/dist/cjs/server/stdio.d.ts.map +1 -1
- package/dist/cjs/server/stdio.js +7 -7
- package/dist/cjs/server/stdio.js.map +1 -1
- package/dist/cjs/server/streamableHttp.d.ts +5 -5
- package/dist/cjs/server/streamableHttp.d.ts.map +1 -1
- package/dist/cjs/server/streamableHttp.js +63 -64
- package/dist/cjs/server/streamableHttp.js.map +1 -1
- package/dist/cjs/shared/auth-utils.d.ts.map +1 -1
- package/dist/cjs/shared/auth-utils.js +3 -3
- package/dist/cjs/shared/auth-utils.js.map +1 -1
- package/dist/cjs/shared/auth.d.ts +1 -1
- package/dist/cjs/shared/auth.d.ts.map +1 -1
- package/dist/cjs/shared/auth.js +42 -46
- package/dist/cjs/shared/auth.js.map +1 -1
- package/dist/cjs/shared/metadataUtils.d.ts +1 -1
- package/dist/cjs/shared/metadataUtils.js.map +1 -1
- package/dist/cjs/shared/protocol.d.ts +6 -6
- package/dist/cjs/shared/protocol.d.ts.map +1 -1
- package/dist/cjs/shared/protocol.js +42 -43
- package/dist/cjs/shared/protocol.js.map +1 -1
- package/dist/cjs/shared/stdio.d.ts +1 -1
- package/dist/cjs/shared/stdio.d.ts.map +1 -1
- package/dist/cjs/shared/stdio.js +3 -3
- package/dist/cjs/shared/stdio.js.map +1 -1
- package/dist/cjs/shared/transport.d.ts +1 -1
- package/dist/cjs/shared/transport.d.ts.map +1 -1
- package/dist/cjs/shared/uriTemplate.d.ts.map +1 -1
- package/dist/cjs/shared/uriTemplate.js +69 -71
- package/dist/cjs/shared/uriTemplate.js.map +1 -1
- package/dist/cjs/types.d.ts +9650 -4790
- package/dist/cjs/types.d.ts.map +1 -1
- package/dist/cjs/types.js +199 -234
- package/dist/cjs/types.js.map +1 -1
- package/dist/esm/cli.js +45 -47
- package/dist/esm/cli.js.map +1 -1
- package/dist/esm/client/auth.d.ts +12 -12
- package/dist/esm/client/auth.d.ts.map +1 -1
- package/dist/esm/client/auth.js +82 -89
- package/dist/esm/client/auth.js.map +1 -1
- package/dist/esm/client/index.d.ts +186 -123
- package/dist/esm/client/index.d.ts.map +1 -1
- package/dist/esm/client/index.js +43 -44
- package/dist/esm/client/index.js.map +1 -1
- package/dist/esm/client/middleware.d.ts +2 -2
- package/dist/esm/client/middleware.d.ts.map +1 -1
- package/dist/esm/client/middleware.js +23 -28
- package/dist/esm/client/middleware.js.map +1 -1
- package/dist/esm/client/sse.d.ts +4 -4
- package/dist/esm/client/sse.d.ts.map +1 -1
- package/dist/esm/client/sse.js +37 -24
- package/dist/esm/client/sse.js.map +1 -1
- package/dist/esm/client/stdio.d.ts +4 -4
- package/dist/esm/client/stdio.d.ts.map +1 -1
- package/dist/esm/client/stdio.js +36 -36
- package/dist/esm/client/stdio.js.map +1 -1
- package/dist/esm/client/streamableHttp.d.ts +7 -6
- package/dist/esm/client/streamableHttp.d.ts.map +1 -1
- package/dist/esm/client/streamableHttp.js +58 -41
- package/dist/esm/client/streamableHttp.js.map +1 -1
- package/dist/esm/client/websocket.d.ts +2 -2
- package/dist/esm/client/websocket.d.ts.map +1 -1
- package/dist/esm/client/websocket.js +6 -8
- package/dist/esm/client/websocket.js.map +1 -1
- package/dist/esm/examples/client/multipleClientsParallel.js +3 -3
- package/dist/esm/examples/client/multipleClientsParallel.js.map +1 -1
- package/dist/esm/examples/client/parallelToolCallsClient.js +7 -6
- package/dist/esm/examples/client/parallelToolCallsClient.js.map +1 -1
- package/dist/esm/examples/client/simpleOAuthClient.js +15 -13
- package/dist/esm/examples/client/simpleOAuthClient.js.map +1 -1
- package/dist/esm/examples/client/simpleStreamableHttp.js +17 -13
- package/dist/esm/examples/client/simpleStreamableHttp.js.map +1 -1
- package/dist/esm/examples/client/streamableHttpWithSseFallbackClient.js +3 -3
- package/dist/esm/examples/client/streamableHttpWithSseFallbackClient.js.map +1 -1
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.d.ts +1 -1
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.d.ts.map +1 -1
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.js +19 -17
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.js.map +1 -1
- package/dist/esm/examples/server/jsonResponseStreamableHttp.js +18 -18
- package/dist/esm/examples/server/jsonResponseStreamableHttp.js.map +1 -1
- package/dist/esm/examples/server/mcpServerOutputSchema.js +22 -20
- package/dist/esm/examples/server/mcpServerOutputSchema.js.map +1 -1
- package/dist/esm/examples/server/simpleSseServer.js +8 -8
- package/dist/esm/examples/server/simpleSseServer.js.map +1 -1
- package/dist/esm/examples/server/simpleStatelessStreamableHttp.js +22 -22
- package/dist/esm/examples/server/simpleStatelessStreamableHttp.js.map +1 -1
- package/dist/esm/examples/server/simpleStreamableHttp.js +78 -78
- package/dist/esm/examples/server/simpleStreamableHttp.js.map +1 -1
- package/dist/esm/examples/server/sseAndStreamableHttpCompatibleServer.js +19 -19
- package/dist/esm/examples/server/sseAndStreamableHttpCompatibleServer.js.map +1 -1
- package/dist/esm/examples/server/standaloneSseWithGetStreamableHttp.js +8 -8
- package/dist/esm/examples/server/standaloneSseWithGetStreamableHttp.js.map +1 -1
- package/dist/esm/examples/server/toolWithSampleServer.js +22 -22
- package/dist/esm/examples/server/toolWithSampleServer.js.map +1 -1
- package/dist/esm/examples/shared/inMemoryEventStore.d.ts.map +1 -1
- package/dist/esm/examples/shared/inMemoryEventStore.js.map +1 -1
- package/dist/esm/inMemory.d.ts +3 -3
- package/dist/esm/inMemory.d.ts.map +1 -1
- package/dist/esm/inMemory.js +1 -1
- package/dist/esm/inMemory.js.map +1 -1
- package/dist/esm/server/auth/clients.d.ts +2 -2
- package/dist/esm/server/auth/clients.d.ts.map +1 -1
- package/dist/esm/server/auth/errors.d.ts +1 -1
- package/dist/esm/server/auth/errors.d.ts.map +1 -1
- package/dist/esm/server/auth/errors.js +17 -17
- package/dist/esm/server/auth/errors.js.map +1 -1
- package/dist/esm/server/auth/handlers/authorize.d.ts +3 -3
- package/dist/esm/server/auth/handlers/authorize.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/authorize.js +26 -23
- package/dist/esm/server/auth/handlers/authorize.js.map +1 -1
- package/dist/esm/server/auth/handlers/metadata.d.ts +2 -2
- package/dist/esm/server/auth/handlers/metadata.js +3 -3
- package/dist/esm/server/auth/handlers/metadata.js.map +1 -1
- package/dist/esm/server/auth/handlers/register.d.ts +4 -4
- package/dist/esm/server/auth/handlers/register.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/register.js +12 -14
- package/dist/esm/server/auth/handlers/register.js.map +1 -1
- package/dist/esm/server/auth/handlers/revoke.d.ts +4 -4
- package/dist/esm/server/auth/handlers/revoke.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/revoke.js +16 -16
- package/dist/esm/server/auth/handlers/revoke.js.map +1 -1
- package/dist/esm/server/auth/handlers/token.d.ts +3 -3
- package/dist/esm/server/auth/handlers/token.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/token.js +22 -22
- package/dist/esm/server/auth/handlers/token.js.map +1 -1
- package/dist/esm/server/auth/middleware/allowedMethods.d.ts +1 -1
- package/dist/esm/server/auth/middleware/allowedMethods.d.ts.map +1 -1
- package/dist/esm/server/auth/middleware/allowedMethods.js +2 -4
- package/dist/esm/server/auth/middleware/allowedMethods.js.map +1 -1
- package/dist/esm/server/auth/middleware/bearerAuth.d.ts +4 -4
- package/dist/esm/server/auth/middleware/bearerAuth.d.ts.map +1 -1
- package/dist/esm/server/auth/middleware/bearerAuth.js +8 -8
- package/dist/esm/server/auth/middleware/bearerAuth.js.map +1 -1
- package/dist/esm/server/auth/middleware/clientAuth.d.ts +4 -4
- package/dist/esm/server/auth/middleware/clientAuth.d.ts.map +1 -1
- package/dist/esm/server/auth/middleware/clientAuth.js +8 -8
- package/dist/esm/server/auth/middleware/clientAuth.js.map +1 -1
- package/dist/esm/server/auth/provider.d.ts +4 -4
- package/dist/esm/server/auth/provider.d.ts.map +1 -1
- package/dist/esm/server/auth/providers/proxyProvider.d.ts +10 -10
- package/dist/esm/server/auth/providers/proxyProvider.d.ts.map +1 -1
- package/dist/esm/server/auth/providers/proxyProvider.js +36 -36
- package/dist/esm/server/auth/providers/proxyProvider.js.map +1 -1
- package/dist/esm/server/auth/router.d.ts +11 -11
- package/dist/esm/server/auth/router.d.ts.map +1 -1
- package/dist/esm/server/auth/router.js +22 -24
- package/dist/esm/server/auth/router.js.map +1 -1
- package/dist/esm/server/auth/types.d.ts +1 -1
- package/dist/esm/server/auth/types.d.ts.map +1 -1
- package/dist/esm/server/completable.d.ts +5 -5
- package/dist/esm/server/completable.d.ts.map +1 -1
- package/dist/esm/server/completable.js +6 -6
- package/dist/esm/server/completable.js.map +1 -1
- package/dist/esm/server/index.d.ts +9 -9
- package/dist/esm/server/index.d.ts.map +1 -1
- package/dist/esm/server/index.js +41 -45
- package/dist/esm/server/index.js.map +1 -1
- package/dist/esm/server/mcp.d.ts +8 -8
- package/dist/esm/server/mcp.d.ts.map +1 -1
- package/dist/esm/server/mcp.js +93 -88
- package/dist/esm/server/mcp.js.map +1 -1
- package/dist/esm/server/sse.d.ts +4 -4
- package/dist/esm/server/sse.d.ts.map +1 -1
- package/dist/esm/server/sse.js +20 -19
- package/dist/esm/server/sse.js.map +1 -1
- package/dist/esm/server/stdio.d.ts +3 -3
- package/dist/esm/server/stdio.d.ts.map +1 -1
- package/dist/esm/server/stdio.js +9 -9
- package/dist/esm/server/stdio.js.map +1 -1
- package/dist/esm/server/streamableHttp.d.ts +5 -5
- package/dist/esm/server/streamableHttp.d.ts.map +1 -1
- package/dist/esm/server/streamableHttp.js +67 -68
- package/dist/esm/server/streamableHttp.js.map +1 -1
- package/dist/esm/shared/auth-utils.d.ts.map +1 -1
- package/dist/esm/shared/auth-utils.js +3 -3
- package/dist/esm/shared/auth-utils.js.map +1 -1
- package/dist/esm/shared/auth.d.ts +1 -1
- package/dist/esm/shared/auth.d.ts.map +1 -1
- package/dist/esm/shared/auth.js +43 -47
- package/dist/esm/shared/auth.js.map +1 -1
- package/dist/esm/shared/metadataUtils.d.ts +1 -1
- package/dist/esm/shared/metadataUtils.js.map +1 -1
- package/dist/esm/shared/protocol.d.ts +6 -6
- package/dist/esm/shared/protocol.d.ts.map +1 -1
- package/dist/esm/shared/protocol.js +43 -44
- package/dist/esm/shared/protocol.js.map +1 -1
- package/dist/esm/shared/stdio.d.ts +1 -1
- package/dist/esm/shared/stdio.d.ts.map +1 -1
- package/dist/esm/shared/stdio.js +4 -4
- package/dist/esm/shared/stdio.js.map +1 -1
- package/dist/esm/shared/transport.d.ts +1 -1
- package/dist/esm/shared/transport.d.ts.map +1 -1
- package/dist/esm/shared/uriTemplate.d.ts.map +1 -1
- package/dist/esm/shared/uriTemplate.js +69 -71
- package/dist/esm/shared/uriTemplate.js.map +1 -1
- package/dist/esm/types.d.ts +9650 -4790
- package/dist/esm/types.d.ts.map +1 -1
- package/dist/esm/types.js +197 -232
- package/dist/esm/types.js.map +1 -1
- package/package.json +100 -98
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { RequestHandler } from
|
|
2
|
-
import { OAuthRegisteredClientsStore } from
|
|
3
|
-
import { Options as RateLimitOptions } from
|
|
1
|
+
import { RequestHandler } from 'express';
|
|
2
|
+
import { OAuthRegisteredClientsStore } from '../clients.js';
|
|
3
|
+
import { Options as RateLimitOptions } from 'express-rate-limit';
|
|
4
4
|
export type ClientRegistrationHandlerOptions = {
|
|
5
5
|
/**
|
|
6
6
|
* A store used to save information about dynamically registered OAuth clients.
|
|
@@ -25,5 +25,5 @@ export type ClientRegistrationHandlerOptions = {
|
|
|
25
25
|
*/
|
|
26
26
|
clientIdGeneration?: boolean;
|
|
27
27
|
};
|
|
28
|
-
export declare function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds, rateLimit: rateLimitConfig, clientIdGeneration
|
|
28
|
+
export declare function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds, rateLimit: rateLimitConfig, clientIdGeneration }: ClientRegistrationHandlerOptions): RequestHandler;
|
|
29
29
|
//# sourceMappingURL=register.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAI5E,MAAM,MAAM,gCAAgC,GAAG;IAC3C;;OAEG;IACH,YAAY,EAAE,2BAA2B,CAAC;IAE1C;;;;OAIG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;IAE9C;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAChC,CAAC;AAIF,wBAAgB,yBAAyB,CAAC,EACtC,YAAY,EACZ,yBAAgE,EAChE,SAAS,EAAE,eAAe,EAC1B,kBAAyB,EAC5B,EAAE,gCAAgC,GAAG,cAAc,CA0EnD"}
|
|
@@ -12,15 +12,15 @@ const express_rate_limit_1 = require("express-rate-limit");
|
|
|
12
12
|
const allowedMethods_js_1 = require("../middleware/allowedMethods.js");
|
|
13
13
|
const errors_js_1 = require("../errors.js");
|
|
14
14
|
const DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS = 30 * 24 * 60 * 60; // 30 days
|
|
15
|
-
function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS, rateLimit: rateLimitConfig, clientIdGeneration = true
|
|
15
|
+
function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS, rateLimit: rateLimitConfig, clientIdGeneration = true }) {
|
|
16
16
|
if (!clientsStore.registerClient) {
|
|
17
|
-
throw new Error(
|
|
17
|
+
throw new Error('Client registration store does not support registering clients');
|
|
18
18
|
}
|
|
19
19
|
// Nested router so we can configure middleware and restrict HTTP method
|
|
20
20
|
const router = express_1.default.Router();
|
|
21
21
|
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
22
22
|
router.use((0, cors_1.default)());
|
|
23
|
-
router.use((0, allowedMethods_js_1.allowedMethods)([
|
|
23
|
+
router.use((0, allowedMethods_js_1.allowedMethods)(['POST']));
|
|
24
24
|
router.use(express_1.default.json());
|
|
25
25
|
// Apply rate limiting unless explicitly disabled - stricter limits for registration
|
|
26
26
|
if (rateLimitConfig !== false) {
|
|
@@ -33,7 +33,7 @@ function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = D
|
|
|
33
33
|
...rateLimitConfig
|
|
34
34
|
}));
|
|
35
35
|
}
|
|
36
|
-
router.post(
|
|
36
|
+
router.post('/', async (req, res) => {
|
|
37
37
|
res.setHeader('Cache-Control', 'no-store');
|
|
38
38
|
try {
|
|
39
39
|
const parseResult = auth_js_1.OAuthClientMetadataSchema.safeParse(req.body);
|
|
@@ -43,9 +43,7 @@ function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = D
|
|
|
43
43
|
const clientMetadata = parseResult.data;
|
|
44
44
|
const isPublicClient = clientMetadata.token_endpoint_auth_method === 'none';
|
|
45
45
|
// Generate client credentials
|
|
46
|
-
const clientSecret = isPublicClient
|
|
47
|
-
? undefined
|
|
48
|
-
: node_crypto_1.default.randomBytes(32).toString('hex');
|
|
46
|
+
const clientSecret = isPublicClient ? undefined : node_crypto_1.default.randomBytes(32).toString('hex');
|
|
49
47
|
const clientIdIssuedAt = Math.floor(Date.now() / 1000);
|
|
50
48
|
// Calculate client secret expiry time
|
|
51
49
|
const clientsDoExpire = clientSecretExpirySeconds > 0;
|
|
@@ -54,7 +52,7 @@ function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = D
|
|
|
54
52
|
let clientInfo = {
|
|
55
53
|
...clientMetadata,
|
|
56
54
|
client_secret: clientSecret,
|
|
57
|
-
client_secret_expires_at: clientSecretExpiresAt
|
|
55
|
+
client_secret_expires_at: clientSecretExpiresAt
|
|
58
56
|
};
|
|
59
57
|
if (clientIdGeneration) {
|
|
60
58
|
clientInfo.client_id = node_crypto_1.default.randomUUID();
|
|
@@ -69,7 +67,7 @@ function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = D
|
|
|
69
67
|
res.status(status).json(error.toResponseObject());
|
|
70
68
|
}
|
|
71
69
|
else {
|
|
72
|
-
const serverError = new errors_js_1.ServerError(
|
|
70
|
+
const serverError = new errors_js_1.ServerError('Internal Server Error');
|
|
73
71
|
res.status(500).json(serverError.toResponseObject());
|
|
74
72
|
}
|
|
75
73
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":";;;;;AAuCA,8DA+EC;AAtHD,sDAAkD;AAClD,qDAAgG;AAChG,8DAAiC;AACjC,gDAAwB;AAExB,2DAA4E;AAC5E,uEAAiE;AACjE,4CAAyG;AA8BzG,MAAM,oCAAoC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;AAE1E,SAAgB,yBAAyB,CAAC,EACtC,YAAY,EACZ,yBAAyB,GAAG,oCAAoC,EAChE,SAAS,EAAE,eAAe,EAC1B,kBAAkB,GAAG,IAAI,EACM;IAC/B,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACtF,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAE3B,oFAAoF;IACpF,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,IAAA,8BAAS,EAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;YACnC,GAAG,EAAE,EAAE,EAAE,+DAA+D;YACxE,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAAC,mEAAmE,CAAC,CAAC,gBAAgB,EAAE;YACzH,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,mCAAyB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,sCAA0B,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpE,CAAC;YAED,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC;YACxC,MAAM,cAAc,GAAG,cAAc,CAAC,0BAA0B,KAAK,MAAM,CAAC;YAE5E,8BAA8B;YAC9B,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,qBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACzF,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAEvD,sCAAsC;YACtC,MAAM,eAAe,GAAG,yBAAyB,GAAG,CAAC,CAAC;YACtD,MAAM,gBAAgB,GAAG,eAAe,CAAC,CAAC,CAAC,gBAAgB,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5F,MAAM,qBAAqB,GAAG,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC;YAE5E,IAAI,UAAU,GAA2E;gBACrF,GAAG,cAAc;gBACjB,aAAa,EAAE,YAAY;gBAC3B,wBAAwB,EAAE,qBAAqB;aAClD,CAAC;YAEF,IAAI,kBAAkB,EAAE,CAAC;gBACrB,UAAU,CAAC,SAAS,GAAG,qBAAM,CAAC,UAAU,EAAE,CAAC;gBAC3C,UAAU,CAAC,mBAAmB,GAAG,gBAAgB,CAAC;YACtD,CAAC;YAED,UAAU,GAAG,MAAM,YAAY,CAAC,cAAe,CAAC,UAAU,CAAC,CAAC;YAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { OAuthServerProvider } from
|
|
2
|
-
import { RequestHandler } from
|
|
3
|
-
import { Options as RateLimitOptions } from
|
|
1
|
+
import { OAuthServerProvider } from '../provider.js';
|
|
2
|
+
import { RequestHandler } from 'express';
|
|
3
|
+
import { Options as RateLimitOptions } from 'express-rate-limit';
|
|
4
4
|
export type RevocationHandlerOptions = {
|
|
5
5
|
provider: OAuthServerProvider;
|
|
6
6
|
/**
|
|
@@ -9,5 +9,5 @@ export type RevocationHandlerOptions = {
|
|
|
9
9
|
*/
|
|
10
10
|
rateLimit?: Partial<RateLimitOptions> | false;
|
|
11
11
|
};
|
|
12
|
-
export declare function revocationHandler({ provider, rateLimit: rateLimitConfig
|
|
12
|
+
export declare function revocationHandler({ provider, rateLimit: rateLimitConfig }: RevocationHandlerOptions): RequestHandler;
|
|
13
13
|
//# sourceMappingURL=revoke.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"revoke.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"revoke.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAI5E,MAAM,MAAM,wBAAwB,GAAG;IACnC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CACjD,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,wBAAwB,GAAG,cAAc,CA4DpH"}
|
|
@@ -11,15 +11,15 @@ const auth_js_1 = require("../../../shared/auth.js");
|
|
|
11
11
|
const express_rate_limit_1 = require("express-rate-limit");
|
|
12
12
|
const allowedMethods_js_1 = require("../middleware/allowedMethods.js");
|
|
13
13
|
const errors_js_1 = require("../errors.js");
|
|
14
|
-
function revocationHandler({ provider, rateLimit: rateLimitConfig
|
|
14
|
+
function revocationHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
15
15
|
if (!provider.revokeToken) {
|
|
16
|
-
throw new Error(
|
|
16
|
+
throw new Error('Auth provider does not support revoking tokens');
|
|
17
17
|
}
|
|
18
18
|
// Nested router so we can configure middleware and restrict HTTP method
|
|
19
19
|
const router = express_1.default.Router();
|
|
20
20
|
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
21
21
|
router.use((0, cors_1.default)());
|
|
22
|
-
router.use((0, allowedMethods_js_1.allowedMethods)([
|
|
22
|
+
router.use((0, allowedMethods_js_1.allowedMethods)(['POST']));
|
|
23
23
|
router.use(express_1.default.urlencoded({ extended: false }));
|
|
24
24
|
// Apply rate limiting unless explicitly disabled
|
|
25
25
|
if (rateLimitConfig !== false) {
|
|
@@ -28,14 +28,14 @@ function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
|
|
|
28
28
|
max: 50, // 50 requests per windowMs
|
|
29
29
|
standardHeaders: true,
|
|
30
30
|
legacyHeaders: false,
|
|
31
|
-
message: new errors_js_1.TooManyRequestsError(
|
|
32
|
-
...rateLimitConfig
|
|
31
|
+
message: new errors_js_1.TooManyRequestsError('You have exceeded the rate limit for token revocation requests').toResponseObject(),
|
|
32
|
+
...rateLimitConfig
|
|
33
33
|
}));
|
|
34
34
|
}
|
|
35
35
|
// Authenticate and extract client details
|
|
36
36
|
router.use((0, clientAuth_js_1.authenticateClient)({ clientsStore: provider.clientsStore }));
|
|
37
|
-
router.post(
|
|
38
|
-
res.setHeader(
|
|
37
|
+
router.post('/', async (req, res) => {
|
|
38
|
+
res.setHeader('Cache-Control', 'no-store');
|
|
39
39
|
try {
|
|
40
40
|
const parseResult = auth_js_1.OAuthTokenRevocationRequestSchema.safeParse(req.body);
|
|
41
41
|
if (!parseResult.success) {
|
|
@@ -44,7 +44,7 @@ function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
|
|
|
44
44
|
const client = req.client;
|
|
45
45
|
if (!client) {
|
|
46
46
|
// This should never happen
|
|
47
|
-
throw new errors_js_1.ServerError(
|
|
47
|
+
throw new errors_js_1.ServerError('Internal Server Error');
|
|
48
48
|
}
|
|
49
49
|
await provider.revokeToken(client, parseResult.data);
|
|
50
50
|
res.status(200).json({});
|
|
@@ -55,7 +55,7 @@ function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
|
|
|
55
55
|
res.status(status).json(error.toResponseObject());
|
|
56
56
|
}
|
|
57
57
|
else {
|
|
58
|
-
const serverError = new errors_js_1.ServerError(
|
|
58
|
+
const serverError = new errors_js_1.ServerError('Internal Server Error');
|
|
59
59
|
res.status(500).json(serverError.toResponseObject());
|
|
60
60
|
}
|
|
61
61
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"revoke.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"revoke.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":";;;;;AAkBA,8CA4DC;AA7ED,sDAAkD;AAClD,gDAAwB;AACxB,+DAAiE;AACjE,qDAA4E;AAC5E,2DAA4E;AAC5E,uEAAiE;AACjE,4CAAkG;AAWlG,SAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAA4B;IAChG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACtE,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,IAAA,8BAAS,EAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,2BAA2B;YACpC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAAC,gEAAgE,CAAC,CAAC,gBAAgB,EAAE;YACtH,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAkB,EAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,2CAAiC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,2BAA2B;gBAC3B,MAAM,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;YACnD,CAAC;YAED,MAAM,QAAQ,CAAC,WAAY,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { RequestHandler } from
|
|
2
|
-
import { OAuthServerProvider } from
|
|
3
|
-
import { Options as RateLimitOptions } from
|
|
1
|
+
import { RequestHandler } from 'express';
|
|
2
|
+
import { OAuthServerProvider } from '../provider.js';
|
|
3
|
+
import { Options as RateLimitOptions } from 'express-rate-limit';
|
|
4
4
|
export type TokenHandlerOptions = {
|
|
5
5
|
provider: OAuthServerProvider;
|
|
6
6
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AACA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAIrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,mBAAmB,GAAG;
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AACA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAIrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,mBAAmB,GAAG;IAC9B,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CACjD,CAAC;AAmBF,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,mBAAmB,GAAG,cAAc,CAiH1G"}
|
|
@@ -13,31 +13,31 @@ const express_rate_limit_1 = require("express-rate-limit");
|
|
|
13
13
|
const allowedMethods_js_1 = require("../middleware/allowedMethods.js");
|
|
14
14
|
const errors_js_1 = require("../errors.js");
|
|
15
15
|
const TokenRequestSchema = zod_1.z.object({
|
|
16
|
-
grant_type: zod_1.z.string()
|
|
16
|
+
grant_type: zod_1.z.string()
|
|
17
17
|
});
|
|
18
18
|
const AuthorizationCodeGrantSchema = zod_1.z.object({
|
|
19
19
|
code: zod_1.z.string(),
|
|
20
20
|
code_verifier: zod_1.z.string(),
|
|
21
21
|
redirect_uri: zod_1.z.string().optional(),
|
|
22
|
-
resource: zod_1.z.string().url().optional()
|
|
22
|
+
resource: zod_1.z.string().url().optional()
|
|
23
23
|
});
|
|
24
24
|
const RefreshTokenGrantSchema = zod_1.z.object({
|
|
25
25
|
refresh_token: zod_1.z.string(),
|
|
26
26
|
scope: zod_1.z.string().optional(),
|
|
27
|
-
resource: zod_1.z.string().url().optional()
|
|
27
|
+
resource: zod_1.z.string().url().optional()
|
|
28
28
|
});
|
|
29
29
|
function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
30
30
|
// Nested router so we can configure middleware and restrict HTTP method
|
|
31
31
|
const router = express_1.default.Router();
|
|
32
32
|
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
33
33
|
router.use((0, cors_1.default)());
|
|
34
|
-
router.use((0, allowedMethods_js_1.allowedMethods)([
|
|
34
|
+
router.use((0, allowedMethods_js_1.allowedMethods)(['POST']));
|
|
35
35
|
router.use(express_1.default.urlencoded({ extended: false }));
|
|
36
36
|
// Apply rate limiting unless explicitly disabled
|
|
37
37
|
if (rateLimitConfig !== false) {
|
|
38
38
|
router.use((0, express_rate_limit_1.rateLimit)({
|
|
39
39
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
40
|
-
max: 50, // 50 requests per windowMs
|
|
40
|
+
max: 50, // 50 requests per windowMs
|
|
41
41
|
standardHeaders: true,
|
|
42
42
|
legacyHeaders: false,
|
|
43
43
|
message: new errors_js_1.TooManyRequestsError('You have exceeded the rate limit for token requests').toResponseObject(),
|
|
@@ -46,7 +46,7 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
46
46
|
}
|
|
47
47
|
// Authenticate and extract client details
|
|
48
48
|
router.use((0, clientAuth_js_1.authenticateClient)({ clientsStore: provider.clientsStore }));
|
|
49
|
-
router.post(
|
|
49
|
+
router.post('/', async (req, res) => {
|
|
50
50
|
res.setHeader('Cache-Control', 'no-store');
|
|
51
51
|
try {
|
|
52
52
|
const parseResult = TokenRequestSchema.safeParse(req.body);
|
|
@@ -57,22 +57,22 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
57
57
|
const client = req.client;
|
|
58
58
|
if (!client) {
|
|
59
59
|
// This should never happen
|
|
60
|
-
throw new errors_js_1.ServerError(
|
|
60
|
+
throw new errors_js_1.ServerError('Internal Server Error');
|
|
61
61
|
}
|
|
62
62
|
switch (grant_type) {
|
|
63
|
-
case
|
|
63
|
+
case 'authorization_code': {
|
|
64
64
|
const parseResult = AuthorizationCodeGrantSchema.safeParse(req.body);
|
|
65
65
|
if (!parseResult.success) {
|
|
66
66
|
throw new errors_js_1.InvalidRequestError(parseResult.error.message);
|
|
67
67
|
}
|
|
68
68
|
const { code, code_verifier, redirect_uri, resource } = parseResult.data;
|
|
69
69
|
const skipLocalPkceValidation = provider.skipLocalPkceValidation;
|
|
70
|
-
// Perform local PKCE validation unless explicitly skipped
|
|
70
|
+
// Perform local PKCE validation unless explicitly skipped
|
|
71
71
|
// (e.g. to validate code_verifier in upstream server)
|
|
72
72
|
if (!skipLocalPkceValidation) {
|
|
73
73
|
const codeChallenge = await provider.challengeForAuthorizationCode(client, code);
|
|
74
74
|
if (!(await (0, pkce_challenge_1.verifyChallenge)(code_verifier, codeChallenge))) {
|
|
75
|
-
throw new errors_js_1.InvalidGrantError(
|
|
75
|
+
throw new errors_js_1.InvalidGrantError('code_verifier does not match the challenge');
|
|
76
76
|
}
|
|
77
77
|
}
|
|
78
78
|
// Passes the code_verifier to the provider if PKCE validation didn't occur locally
|
|
@@ -80,13 +80,13 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
80
80
|
res.status(200).json(tokens);
|
|
81
81
|
break;
|
|
82
82
|
}
|
|
83
|
-
case
|
|
83
|
+
case 'refresh_token': {
|
|
84
84
|
const parseResult = RefreshTokenGrantSchema.safeParse(req.body);
|
|
85
85
|
if (!parseResult.success) {
|
|
86
86
|
throw new errors_js_1.InvalidRequestError(parseResult.error.message);
|
|
87
87
|
}
|
|
88
88
|
const { refresh_token, scope, resource } = parseResult.data;
|
|
89
|
-
const scopes = scope === null || scope === void 0 ? void 0 : scope.split(
|
|
89
|
+
const scopes = scope === null || scope === void 0 ? void 0 : scope.split(' ');
|
|
90
90
|
const tokens = await provider.exchangeRefreshToken(client, refresh_token, scopes, resource ? new URL(resource) : undefined);
|
|
91
91
|
res.status(200).json(tokens);
|
|
92
92
|
break;
|
|
@@ -94,7 +94,7 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
94
94
|
// Not supported right now
|
|
95
95
|
//case "client_credentials":
|
|
96
96
|
default:
|
|
97
|
-
throw new errors_js_1.UnsupportedGrantTypeError(
|
|
97
|
+
throw new errors_js_1.UnsupportedGrantTypeError('The grant type is not supported by this authorization server.');
|
|
98
98
|
}
|
|
99
99
|
}
|
|
100
100
|
catch (error) {
|
|
@@ -103,7 +103,7 @@ function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
103
103
|
res.status(status).json(error.toResponseObject());
|
|
104
104
|
}
|
|
105
105
|
else {
|
|
106
|
-
const serverError = new errors_js_1.ServerError(
|
|
106
|
+
const serverError = new errors_js_1.ServerError('Internal Server Error');
|
|
107
107
|
res.status(500).json(serverError.toResponseObject());
|
|
108
108
|
}
|
|
109
109
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":";;;;;AA2CA,
|
|
1
|
+
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":";;;;;AA2CA,oCAiHC;AA5JD,6BAAwB;AACxB,sDAAkD;AAElD,gDAAwB;AACxB,mDAAiD;AACjD,+DAAiE;AACjE,2DAA4E;AAC5E,uEAAiE;AACjE,4CAOsB;AAWtB,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;CACzB,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;IAChB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;IACzB,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,MAAM,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;IACzB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,SAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAuB;IACtF,wEAAwE;IACxE,MAAM,MAAM,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,IAAA,8BAAS,EAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,2BAA2B;YACpC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,gCAAoB,CAAC,qDAAqD,CAAC,CAAC,gBAAgB,EAAE;YAC3G,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,IAAA,kCAAkB,EAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;YAExC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,2BAA2B;gBAC3B,MAAM,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;YACnD,CAAC;YAED,QAAQ,UAAU,EAAE,CAAC;gBACjB,KAAK,oBAAoB,CAAC,CAAC,CAAC;oBACxB,MAAM,WAAW,GAAG,4BAA4B,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBACrE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACvB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC7D,CAAC;oBAED,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAEzE,MAAM,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC;oBAEjE,0DAA0D;oBAC1D,sDAAsD;oBACtD,IAAI,CAAC,uBAAuB,EAAE,CAAC;wBAC3B,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,6BAA6B,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;wBACjF,IAAI,CAAC,CAAC,MAAM,IAAA,gCAAe,EAAC,aAAa,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC;4BACzD,MAAM,IAAI,6BAAiB,CAAC,4CAA4C,CAAC,CAAC;wBAC9E,CAAC;oBACL,CAAC;oBAED,mFAAmF;oBACnF,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,yBAAyB,CACnD,MAAM,EACN,IAAI,EACJ,uBAAuB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,EACnD,YAAY,EACZ,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;oBACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACV,CAAC;gBAED,KAAK,eAAe,CAAC,CAAC,CAAC;oBACnB,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAChE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACvB,MAAM,IAAI,+BAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC7D,CAAC;oBAED,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAE5D,MAAM,MAAM,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,oBAAoB,CAC9C,MAAM,EACN,aAAa,EACb,MAAM,EACN,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;oBACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACV,CAAC;gBAED,0BAA0B;gBAC1B,4BAA4B;gBAE5B;oBACI,MAAM,IAAI,qCAAyB,CAAC,+DAA+D,CAAC,CAAC;YAC7G,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"allowedMethods.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,cAAc,
|
|
1
|
+
{"version":3,"file":"allowedMethods.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,cAAc,CAUvE"}
|
|
@@ -15,9 +15,7 @@ function allowedMethods(allowedMethods) {
|
|
|
15
15
|
return;
|
|
16
16
|
}
|
|
17
17
|
const error = new errors_js_1.MethodNotAllowedError(`The method ${req.method} is not allowed for this endpoint`);
|
|
18
|
-
res.status(405)
|
|
19
|
-
.set('Allow', allowedMethods.join(', '))
|
|
20
|
-
.json(error.toResponseObject());
|
|
18
|
+
res.status(405).set('Allow', allowedMethods.join(', ')).json(error.toResponseObject());
|
|
21
19
|
};
|
|
22
20
|
}
|
|
23
21
|
//# sourceMappingURL=allowedMethods.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"allowedMethods.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":";;AASA,
|
|
1
|
+
{"version":3,"file":"allowedMethods.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":";;AASA,wCAUC;AAlBD,4CAAqD;AAErD;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,cAAwB;IACnD,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,IAAI,EAAE,CAAC;YACP,OAAO;QACX,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,iCAAqB,CAAC,cAAc,GAAG,CAAC,MAAM,mCAAmC,CAAC,CAAC;QACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAC3F,CAAC,CAAC;AACN,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { RequestHandler } from
|
|
2
|
-
import { OAuthTokenVerifier } from
|
|
3
|
-
import { AuthInfo } from
|
|
1
|
+
import { RequestHandler } from 'express';
|
|
2
|
+
import { OAuthTokenVerifier } from '../provider.js';
|
|
3
|
+
import { AuthInfo } from '../types.js';
|
|
4
4
|
export type BearerAuthMiddlewareOptions = {
|
|
5
5
|
/**
|
|
6
6
|
* A provider used to verify tokens.
|
|
@@ -15,7 +15,7 @@ export type BearerAuthMiddlewareOptions = {
|
|
|
15
15
|
*/
|
|
16
16
|
resourceMetadataUrl?: string;
|
|
17
17
|
};
|
|
18
|
-
declare module
|
|
18
|
+
declare module 'express-serve-static-core' {
|
|
19
19
|
interface Request {
|
|
20
20
|
/**
|
|
21
21
|
* Information about the validated access token, if the `requireBearerAuth` middleware was used.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearerAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,MAAM,2BAA2B,GAAG;
|
|
1
|
+
{"version":3,"file":"bearerAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,MAAM,2BAA2B,GAAG;IACtC;;OAEG;IACH,QAAQ,EAAE,kBAAkB,CAAC;IAE7B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,OAAO,QAAQ,2BAA2B,CAAC;IACvC,UAAU,OAAO;QACb;;WAEG;QACH,IAAI,CAAC,EAAE,QAAQ,CAAC;KACnB;CACJ;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAmB,EAAE,mBAAmB,EAAE,EAAE,2BAA2B,GAAG,cAAc,CAwDrI"}
|
|
@@ -15,7 +15,7 @@ function requireBearerAuth({ verifier, requiredScopes = [], resourceMetadataUrl
|
|
|
15
15
|
try {
|
|
16
16
|
const authHeader = req.headers.authorization;
|
|
17
17
|
if (!authHeader) {
|
|
18
|
-
throw new errors_js_1.InvalidTokenError(
|
|
18
|
+
throw new errors_js_1.InvalidTokenError('Missing Authorization header');
|
|
19
19
|
}
|
|
20
20
|
const [type, token] = authHeader.split(' ');
|
|
21
21
|
if (type.toLowerCase() !== 'bearer' || !token) {
|
|
@@ -26,15 +26,15 @@ function requireBearerAuth({ verifier, requiredScopes = [], resourceMetadataUrl
|
|
|
26
26
|
if (requiredScopes.length > 0) {
|
|
27
27
|
const hasAllScopes = requiredScopes.every(scope => authInfo.scopes.includes(scope));
|
|
28
28
|
if (!hasAllScopes) {
|
|
29
|
-
throw new errors_js_1.InsufficientScopeError(
|
|
29
|
+
throw new errors_js_1.InsufficientScopeError('Insufficient scope');
|
|
30
30
|
}
|
|
31
31
|
}
|
|
32
32
|
// Check if the token is set to expire or if it is expired
|
|
33
33
|
if (typeof authInfo.expiresAt !== 'number' || isNaN(authInfo.expiresAt)) {
|
|
34
|
-
throw new errors_js_1.InvalidTokenError(
|
|
34
|
+
throw new errors_js_1.InvalidTokenError('Token has no expiration time');
|
|
35
35
|
}
|
|
36
36
|
else if (authInfo.expiresAt < Date.now() / 1000) {
|
|
37
|
-
throw new errors_js_1.InvalidTokenError(
|
|
37
|
+
throw new errors_js_1.InvalidTokenError('Token has expired');
|
|
38
38
|
}
|
|
39
39
|
req.auth = authInfo;
|
|
40
40
|
next();
|
|
@@ -44,14 +44,14 @@ function requireBearerAuth({ verifier, requiredScopes = [], resourceMetadataUrl
|
|
|
44
44
|
const wwwAuthValue = resourceMetadataUrl
|
|
45
45
|
? `Bearer error="${error.errorCode}", error_description="${error.message}", resource_metadata="${resourceMetadataUrl}"`
|
|
46
46
|
: `Bearer error="${error.errorCode}", error_description="${error.message}"`;
|
|
47
|
-
res.set(
|
|
47
|
+
res.set('WWW-Authenticate', wwwAuthValue);
|
|
48
48
|
res.status(401).json(error.toResponseObject());
|
|
49
49
|
}
|
|
50
50
|
else if (error instanceof errors_js_1.InsufficientScopeError) {
|
|
51
51
|
const wwwAuthValue = resourceMetadataUrl
|
|
52
52
|
? `Bearer error="${error.errorCode}", error_description="${error.message}", resource_metadata="${resourceMetadataUrl}"`
|
|
53
53
|
: `Bearer error="${error.errorCode}", error_description="${error.message}"`;
|
|
54
|
-
res.set(
|
|
54
|
+
res.set('WWW-Authenticate', wwwAuthValue);
|
|
55
55
|
res.status(403).json(error.toResponseObject());
|
|
56
56
|
}
|
|
57
57
|
else if (error instanceof errors_js_1.ServerError) {
|
|
@@ -61,7 +61,7 @@ function requireBearerAuth({ verifier, requiredScopes = [], resourceMetadataUrl
|
|
|
61
61
|
res.status(400).json(error.toResponseObject());
|
|
62
62
|
}
|
|
63
63
|
else {
|
|
64
|
-
const serverError = new errors_js_1.ServerError(
|
|
64
|
+
const serverError = new errors_js_1.ServerError('Internal Server Error');
|
|
65
65
|
res.status(500).json(serverError.toResponseObject());
|
|
66
66
|
}
|
|
67
67
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearerAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":";;AAuCA,
|
|
1
|
+
{"version":3,"file":"bearerAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":";;AAuCA,8CAwDC;AA9FD,4CAAkG;AA8BlG;;;;;;;GAOG;AACH,SAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAc,GAAG,EAAE,EAAE,mBAAmB,EAA+B;IACjH,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC5B,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;gBACd,MAAM,IAAI,6BAAiB,CAAC,8BAA8B,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC5C,MAAM,IAAI,6BAAiB,CAAC,8DAA8D,CAAC,CAAC;YAChG,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAEzD,kDAAkD;YAClD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;gBAEpF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAChB,MAAM,IAAI,kCAAsB,CAAC,oBAAoB,CAAC,CAAC;gBAC3D,CAAC;YACL,CAAC;YAED,0DAA0D;YAC1D,IAAI,OAAO,QAAQ,CAAC,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACtE,MAAM,IAAI,6BAAiB,CAAC,8BAA8B,CAAC,CAAC;YAChE,CAAC;iBAAM,IAAI,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,6BAAiB,CAAC,mBAAmB,CAAC,CAAC;YACrD,CAAC;YAED,GAAG,CAAC,IAAI,GAAG,QAAQ,CAAC;YACpB,IAAI,EAAE,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,6BAAiB,EAAE,CAAC;gBACrC,MAAM,YAAY,GAAG,mBAAmB;oBACpC,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,yBAAyB,mBAAmB,GAAG;oBACvH,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,GAAG,CAAC;gBAChF,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;gBAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,KAAK,YAAY,kCAAsB,EAAE,CAAC;gBACjD,MAAM,YAAY,GAAG,mBAAmB;oBACpC,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,yBAAyB,mBAAmB,GAAG;oBACvH,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,GAAG,CAAC;gBAChF,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;gBAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,KAAK,YAAY,uBAAW,EAAE,CAAC;gBACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBACrC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC;AACN,CAAC"}
|
|
@@ -1,13 +1,13 @@
|
|
|
1
|
-
import { RequestHandler } from
|
|
2
|
-
import { OAuthRegisteredClientsStore } from
|
|
3
|
-
import { OAuthClientInformationFull } from
|
|
1
|
+
import { RequestHandler } from 'express';
|
|
2
|
+
import { OAuthRegisteredClientsStore } from '../clients.js';
|
|
3
|
+
import { OAuthClientInformationFull } from '../../../shared/auth.js';
|
|
4
4
|
export type ClientAuthenticationMiddlewareOptions = {
|
|
5
5
|
/**
|
|
6
6
|
* A store used to read information about registered OAuth clients.
|
|
7
7
|
*/
|
|
8
8
|
clientsStore: OAuthRegisteredClientsStore;
|
|
9
9
|
};
|
|
10
|
-
declare module
|
|
10
|
+
declare module 'express-serve-static-core' {
|
|
11
11
|
interface Request {
|
|
12
12
|
/**
|
|
13
13
|
* The authenticated client for this request, if the `authenticateClient` middleware was used.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"clientAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/clientAuth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAGrE,MAAM,MAAM,qCAAqC,GAAG;
|
|
1
|
+
{"version":3,"file":"clientAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/clientAuth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAGrE,MAAM,MAAM,qCAAqC,GAAG;IAChD;;OAEG;IACH,YAAY,EAAE,2BAA2B,CAAC;CAC7C,CAAC;AAOF,OAAO,QAAQ,2BAA2B,CAAC;IACvC,UAAU,OAAO;QACb;;WAEG;QACH,MAAM,CAAC,EAAE,0BAA0B,CAAC;KACvC;CACJ;AAED,wBAAgB,kBAAkB,CAAC,EAAE,YAAY,EAAE,EAAE,qCAAqC,GAAG,cAAc,CA4C1G"}
|
|
@@ -5,7 +5,7 @@ const zod_1 = require("zod");
|
|
|
5
5
|
const errors_js_1 = require("../errors.js");
|
|
6
6
|
const ClientAuthenticatedRequestSchema = zod_1.z.object({
|
|
7
7
|
client_id: zod_1.z.string(),
|
|
8
|
-
client_secret: zod_1.z.string().optional()
|
|
8
|
+
client_secret: zod_1.z.string().optional()
|
|
9
9
|
});
|
|
10
10
|
function authenticateClient({ clientsStore }) {
|
|
11
11
|
return async (req, res, next) => {
|
|
@@ -17,21 +17,21 @@ function authenticateClient({ clientsStore }) {
|
|
|
17
17
|
const { client_id, client_secret } = result.data;
|
|
18
18
|
const client = await clientsStore.getClient(client_id);
|
|
19
19
|
if (!client) {
|
|
20
|
-
throw new errors_js_1.InvalidClientError(
|
|
20
|
+
throw new errors_js_1.InvalidClientError('Invalid client_id');
|
|
21
21
|
}
|
|
22
22
|
// If client has a secret, validate it
|
|
23
23
|
if (client.client_secret) {
|
|
24
24
|
// Check if client_secret is required but not provided
|
|
25
25
|
if (!client_secret) {
|
|
26
|
-
throw new errors_js_1.InvalidClientError(
|
|
26
|
+
throw new errors_js_1.InvalidClientError('Client secret is required');
|
|
27
27
|
}
|
|
28
28
|
// Check if client_secret matches
|
|
29
29
|
if (client.client_secret !== client_secret) {
|
|
30
|
-
throw new errors_js_1.InvalidClientError(
|
|
30
|
+
throw new errors_js_1.InvalidClientError('Invalid client_secret');
|
|
31
31
|
}
|
|
32
32
|
// Check if client_secret has expired
|
|
33
33
|
if (client.client_secret_expires_at && client.client_secret_expires_at < Math.floor(Date.now() / 1000)) {
|
|
34
|
-
throw new errors_js_1.InvalidClientError(
|
|
34
|
+
throw new errors_js_1.InvalidClientError('Client secret has expired');
|
|
35
35
|
}
|
|
36
36
|
}
|
|
37
37
|
req.client = client;
|
|
@@ -43,7 +43,7 @@ function authenticateClient({ clientsStore }) {
|
|
|
43
43
|
res.status(status).json(error.toResponseObject());
|
|
44
44
|
}
|
|
45
45
|
else {
|
|
46
|
-
const serverError = new errors_js_1.ServerError(
|
|
46
|
+
const serverError = new errors_js_1.ServerError('Internal Server Error');
|
|
47
47
|
res.status(500).json(serverError.toResponseObject());
|
|
48
48
|
}
|
|
49
49
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"clientAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/clientAuth.ts"],"names":[],"mappings":";;AA2BA,gDA4CC;AAvED,6BAAwB;AAIxB,4CAAgG;AAShG,MAAM,gCAAgC,GAAG,OAAC,CAAC,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"clientAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/clientAuth.ts"],"names":[],"mappings":";;AA2BA,gDA4CC;AAvED,6BAAwB;AAIxB,4CAAgG;AAShG,MAAM,gCAAgC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAWH,SAAgB,kBAAkB,CAAC,EAAE,YAAY,EAAyC;IACtF,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC5B,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,gCAAgC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACpE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,IAAI,+BAAmB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YACxD,CAAC;YAED,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC;YACjD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACvD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,MAAM,IAAI,8BAAkB,CAAC,mBAAmB,CAAC,CAAC;YACtD,CAAC;YAED,sCAAsC;YACtC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACvB,sDAAsD;gBACtD,IAAI,CAAC,aAAa,EAAE,CAAC;oBACjB,MAAM,IAAI,8BAAkB,CAAC,2BAA2B,CAAC,CAAC;gBAC9D,CAAC;gBAED,iCAAiC;gBACjC,IAAI,MAAM,CAAC,aAAa,KAAK,aAAa,EAAE,CAAC;oBACzC,MAAM,IAAI,8BAAkB,CAAC,uBAAuB,CAAC,CAAC;gBAC1D,CAAC;gBAED,qCAAqC;gBACrC,IAAI,MAAM,CAAC,wBAAwB,IAAI,MAAM,CAAC,wBAAwB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;oBACrG,MAAM,IAAI,8BAAkB,CAAC,2BAA2B,CAAC,CAAC;gBAC9D,CAAC;YACL,CAAC;YAED,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC;YACpB,IAAI,EAAE,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,uBAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,uBAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC;AACN,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { Response } from
|
|
2
|
-
import { OAuthRegisteredClientsStore } from
|
|
3
|
-
import { OAuthClientInformationFull, OAuthTokenRevocationRequest, OAuthTokens } from
|
|
4
|
-
import { AuthInfo } from
|
|
1
|
+
import { Response } from 'express';
|
|
2
|
+
import { OAuthRegisteredClientsStore } from './clients.js';
|
|
3
|
+
import { OAuthClientInformationFull, OAuthTokenRevocationRequest, OAuthTokens } from '../../shared/auth.js';
|
|
4
|
+
import { AuthInfo } from './types.js';
|
|
5
5
|
export type AuthorizationParams = {
|
|
6
6
|
state?: string;
|
|
7
7
|
scopes?: string[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../../src/server/auth/provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,0BAA0B,EAAE,2BAA2B,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAC5G,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEtC,MAAM,MAAM,mBAAmB,GAAG;
|
|
1
|
+
{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../../src/server/auth/provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,0BAA0B,EAAE,2BAA2B,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAC5G,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEtC,MAAM,MAAM,mBAAmB,GAAG;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,GAAG,CAAC;CAClB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAChC;;OAEG;IACH,IAAI,YAAY,IAAI,2BAA2B,CAAC;IAEhD;;;;;;OAMG;IACH,SAAS,CAAC,MAAM,EAAE,0BAA0B,EAAE,MAAM,EAAE,mBAAmB,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzG;;OAEG;IACH,6BAA6B,CAAC,MAAM,EAAE,0BAA0B,EAAE,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE9G;;OAEG;IACH,yBAAyB,CACrB,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,EACzB,YAAY,CAAC,EAAE,MAAM,EACrB,WAAW,CAAC,EAAE,MAAM,EACpB,QAAQ,CAAC,EAAE,GAAG,GACf,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;OAEG;IACH,oBAAoB,CAAC,MAAM,EAAE,0BAA0B,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAExI;;OAEG;IACH,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEpD;;;;OAIG;IACH,WAAW,CAAC,CAAC,MAAM,EAAE,0BAA0B,EAAE,OAAO,EAAE,2BAA2B,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtG;;;;;;OAMG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAC/B;;OAEG;IACH,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACvD"}
|