@modelcontextprotocol/sdk 1.18.2 → 1.19.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +766 -738
- package/dist/cjs/cli.js +35 -37
- package/dist/cjs/cli.js.map +1 -1
- package/dist/cjs/client/auth.d.ts +12 -12
- package/dist/cjs/client/auth.d.ts.map +1 -1
- package/dist/cjs/client/auth.js +76 -83
- package/dist/cjs/client/auth.js.map +1 -1
- package/dist/cjs/client/index.d.ts +186 -123
- package/dist/cjs/client/index.d.ts.map +1 -1
- package/dist/cjs/client/index.js +40 -41
- package/dist/cjs/client/index.js.map +1 -1
- package/dist/cjs/client/middleware.d.ts +2 -2
- package/dist/cjs/client/middleware.d.ts.map +1 -1
- package/dist/cjs/client/middleware.js +22 -27
- package/dist/cjs/client/middleware.js.map +1 -1
- package/dist/cjs/client/sse.d.ts +4 -4
- package/dist/cjs/client/sse.d.ts.map +1 -1
- package/dist/cjs/client/sse.js +34 -21
- package/dist/cjs/client/sse.js.map +1 -1
- package/dist/cjs/client/stdio.d.ts +4 -4
- package/dist/cjs/client/stdio.d.ts.map +1 -1
- package/dist/cjs/client/stdio.js +32 -32
- package/dist/cjs/client/stdio.js.map +1 -1
- package/dist/cjs/client/streamableHttp.d.ts +7 -6
- package/dist/cjs/client/streamableHttp.d.ts.map +1 -1
- package/dist/cjs/client/streamableHttp.js +55 -38
- package/dist/cjs/client/streamableHttp.js.map +1 -1
- package/dist/cjs/client/websocket.d.ts +2 -2
- package/dist/cjs/client/websocket.d.ts.map +1 -1
- package/dist/cjs/client/websocket.js +5 -7
- package/dist/cjs/client/websocket.js.map +1 -1
- package/dist/cjs/examples/client/multipleClientsParallel.js +2 -2
- package/dist/cjs/examples/client/multipleClientsParallel.js.map +1 -1
- package/dist/cjs/examples/client/parallelToolCallsClient.js +6 -5
- package/dist/cjs/examples/client/parallelToolCallsClient.js.map +1 -1
- package/dist/cjs/examples/client/simpleOAuthClient.js +15 -13
- package/dist/cjs/examples/client/simpleOAuthClient.js.map +1 -1
- package/dist/cjs/examples/client/simpleStreamableHttp.js +15 -11
- package/dist/cjs/examples/client/simpleStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/client/streamableHttpWithSseFallbackClient.js +2 -2
- package/dist/cjs/examples/client/streamableHttpWithSseFallbackClient.js.map +1 -1
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.d.ts +1 -1
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.d.ts.map +1 -1
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.js +18 -16
- package/dist/cjs/examples/server/demoInMemoryOAuthProvider.js.map +1 -1
- package/dist/cjs/examples/server/jsonResponseStreamableHttp.js +18 -18
- package/dist/cjs/examples/server/jsonResponseStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/server/mcpServerOutputSchema.js +19 -17
- package/dist/cjs/examples/server/mcpServerOutputSchema.js.map +1 -1
- package/dist/cjs/examples/server/simpleSseServer.js +8 -8
- package/dist/cjs/examples/server/simpleSseServer.js.map +1 -1
- package/dist/cjs/examples/server/simpleStatelessStreamableHttp.js +22 -22
- package/dist/cjs/examples/server/simpleStatelessStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/server/simpleStreamableHttp.js +78 -78
- package/dist/cjs/examples/server/simpleStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/server/sseAndStreamableHttpCompatibleServer.js +18 -18
- package/dist/cjs/examples/server/sseAndStreamableHttpCompatibleServer.js.map +1 -1
- package/dist/cjs/examples/server/standaloneSseWithGetStreamableHttp.js +8 -8
- package/dist/cjs/examples/server/standaloneSseWithGetStreamableHttp.js.map +1 -1
- package/dist/cjs/examples/server/toolWithSampleServer.js +19 -19
- package/dist/cjs/examples/server/toolWithSampleServer.js.map +1 -1
- package/dist/cjs/examples/shared/inMemoryEventStore.d.ts.map +1 -1
- package/dist/cjs/examples/shared/inMemoryEventStore.js.map +1 -1
- package/dist/cjs/inMemory.d.ts +3 -3
- package/dist/cjs/inMemory.d.ts.map +1 -1
- package/dist/cjs/inMemory.js +1 -1
- package/dist/cjs/inMemory.js.map +1 -1
- package/dist/cjs/server/auth/clients.d.ts +2 -2
- package/dist/cjs/server/auth/clients.d.ts.map +1 -1
- package/dist/cjs/server/auth/errors.d.ts +1 -1
- package/dist/cjs/server/auth/errors.d.ts.map +1 -1
- package/dist/cjs/server/auth/errors.js +17 -17
- package/dist/cjs/server/auth/errors.js.map +1 -1
- package/dist/cjs/server/auth/handlers/authorize.d.ts +3 -3
- package/dist/cjs/server/auth/handlers/authorize.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/authorize.js +21 -18
- package/dist/cjs/server/auth/handlers/authorize.js.map +1 -1
- package/dist/cjs/server/auth/handlers/metadata.d.ts +2 -2
- package/dist/cjs/server/auth/handlers/metadata.js +1 -1
- package/dist/cjs/server/auth/handlers/metadata.js.map +1 -1
- package/dist/cjs/server/auth/handlers/register.d.ts +4 -4
- package/dist/cjs/server/auth/handlers/register.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/register.js +7 -9
- package/dist/cjs/server/auth/handlers/register.js.map +1 -1
- package/dist/cjs/server/auth/handlers/revoke.d.ts +4 -4
- package/dist/cjs/server/auth/handlers/revoke.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/revoke.js +9 -9
- package/dist/cjs/server/auth/handlers/revoke.js.map +1 -1
- package/dist/cjs/server/auth/handlers/token.d.ts +3 -3
- package/dist/cjs/server/auth/handlers/token.d.ts.map +1 -1
- package/dist/cjs/server/auth/handlers/token.js +14 -14
- package/dist/cjs/server/auth/handlers/token.js.map +1 -1
- package/dist/cjs/server/auth/middleware/allowedMethods.d.ts +1 -1
- package/dist/cjs/server/auth/middleware/allowedMethods.d.ts.map +1 -1
- package/dist/cjs/server/auth/middleware/allowedMethods.js +1 -3
- package/dist/cjs/server/auth/middleware/allowedMethods.js.map +1 -1
- package/dist/cjs/server/auth/middleware/bearerAuth.d.ts +4 -4
- package/dist/cjs/server/auth/middleware/bearerAuth.d.ts.map +1 -1
- package/dist/cjs/server/auth/middleware/bearerAuth.js +7 -7
- package/dist/cjs/server/auth/middleware/bearerAuth.js.map +1 -1
- package/dist/cjs/server/auth/middleware/clientAuth.d.ts +4 -4
- package/dist/cjs/server/auth/middleware/clientAuth.d.ts.map +1 -1
- package/dist/cjs/server/auth/middleware/clientAuth.js +6 -6
- package/dist/cjs/server/auth/middleware/clientAuth.js.map +1 -1
- package/dist/cjs/server/auth/provider.d.ts +4 -4
- package/dist/cjs/server/auth/provider.d.ts.map +1 -1
- package/dist/cjs/server/auth/providers/proxyProvider.d.ts +10 -10
- package/dist/cjs/server/auth/providers/proxyProvider.d.ts.map +1 -1
- package/dist/cjs/server/auth/providers/proxyProvider.js +34 -34
- package/dist/cjs/server/auth/providers/proxyProvider.js.map +1 -1
- package/dist/cjs/server/auth/router.d.ts +11 -11
- package/dist/cjs/server/auth/router.d.ts.map +1 -1
- package/dist/cjs/server/auth/router.js +16 -18
- package/dist/cjs/server/auth/router.js.map +1 -1
- package/dist/cjs/server/auth/types.d.ts +1 -1
- package/dist/cjs/server/auth/types.d.ts.map +1 -1
- package/dist/cjs/server/completable.d.ts +5 -5
- package/dist/cjs/server/completable.d.ts.map +1 -1
- package/dist/cjs/server/completable.js +5 -5
- package/dist/cjs/server/completable.js.map +1 -1
- package/dist/cjs/server/index.d.ts +9 -9
- package/dist/cjs/server/index.d.ts.map +1 -1
- package/dist/cjs/server/index.js +38 -42
- package/dist/cjs/server/index.js.map +1 -1
- package/dist/cjs/server/mcp.d.ts +8 -8
- package/dist/cjs/server/mcp.d.ts.map +1 -1
- package/dist/cjs/server/mcp.js +87 -82
- package/dist/cjs/server/mcp.js.map +1 -1
- package/dist/cjs/server/sse.d.ts +4 -4
- package/dist/cjs/server/sse.d.ts.map +1 -1
- package/dist/cjs/server/sse.js +16 -15
- package/dist/cjs/server/sse.js.map +1 -1
- package/dist/cjs/server/stdio.d.ts +3 -3
- package/dist/cjs/server/stdio.d.ts.map +1 -1
- package/dist/cjs/server/stdio.js +7 -7
- package/dist/cjs/server/stdio.js.map +1 -1
- package/dist/cjs/server/streamableHttp.d.ts +5 -5
- package/dist/cjs/server/streamableHttp.d.ts.map +1 -1
- package/dist/cjs/server/streamableHttp.js +63 -64
- package/dist/cjs/server/streamableHttp.js.map +1 -1
- package/dist/cjs/shared/auth-utils.d.ts.map +1 -1
- package/dist/cjs/shared/auth-utils.js +3 -3
- package/dist/cjs/shared/auth-utils.js.map +1 -1
- package/dist/cjs/shared/auth.d.ts +1 -1
- package/dist/cjs/shared/auth.d.ts.map +1 -1
- package/dist/cjs/shared/auth.js +42 -46
- package/dist/cjs/shared/auth.js.map +1 -1
- package/dist/cjs/shared/metadataUtils.d.ts +1 -1
- package/dist/cjs/shared/metadataUtils.js.map +1 -1
- package/dist/cjs/shared/protocol.d.ts +6 -6
- package/dist/cjs/shared/protocol.d.ts.map +1 -1
- package/dist/cjs/shared/protocol.js +42 -43
- package/dist/cjs/shared/protocol.js.map +1 -1
- package/dist/cjs/shared/stdio.d.ts +1 -1
- package/dist/cjs/shared/stdio.d.ts.map +1 -1
- package/dist/cjs/shared/stdio.js +3 -3
- package/dist/cjs/shared/stdio.js.map +1 -1
- package/dist/cjs/shared/transport.d.ts +1 -1
- package/dist/cjs/shared/transport.d.ts.map +1 -1
- package/dist/cjs/shared/uriTemplate.d.ts.map +1 -1
- package/dist/cjs/shared/uriTemplate.js +69 -71
- package/dist/cjs/shared/uriTemplate.js.map +1 -1
- package/dist/cjs/types.d.ts +9650 -4790
- package/dist/cjs/types.d.ts.map +1 -1
- package/dist/cjs/types.js +199 -234
- package/dist/cjs/types.js.map +1 -1
- package/dist/esm/cli.js +45 -47
- package/dist/esm/cli.js.map +1 -1
- package/dist/esm/client/auth.d.ts +12 -12
- package/dist/esm/client/auth.d.ts.map +1 -1
- package/dist/esm/client/auth.js +82 -89
- package/dist/esm/client/auth.js.map +1 -1
- package/dist/esm/client/index.d.ts +186 -123
- package/dist/esm/client/index.d.ts.map +1 -1
- package/dist/esm/client/index.js +43 -44
- package/dist/esm/client/index.js.map +1 -1
- package/dist/esm/client/middleware.d.ts +2 -2
- package/dist/esm/client/middleware.d.ts.map +1 -1
- package/dist/esm/client/middleware.js +23 -28
- package/dist/esm/client/middleware.js.map +1 -1
- package/dist/esm/client/sse.d.ts +4 -4
- package/dist/esm/client/sse.d.ts.map +1 -1
- package/dist/esm/client/sse.js +37 -24
- package/dist/esm/client/sse.js.map +1 -1
- package/dist/esm/client/stdio.d.ts +4 -4
- package/dist/esm/client/stdio.d.ts.map +1 -1
- package/dist/esm/client/stdio.js +36 -36
- package/dist/esm/client/stdio.js.map +1 -1
- package/dist/esm/client/streamableHttp.d.ts +7 -6
- package/dist/esm/client/streamableHttp.d.ts.map +1 -1
- package/dist/esm/client/streamableHttp.js +58 -41
- package/dist/esm/client/streamableHttp.js.map +1 -1
- package/dist/esm/client/websocket.d.ts +2 -2
- package/dist/esm/client/websocket.d.ts.map +1 -1
- package/dist/esm/client/websocket.js +6 -8
- package/dist/esm/client/websocket.js.map +1 -1
- package/dist/esm/examples/client/multipleClientsParallel.js +3 -3
- package/dist/esm/examples/client/multipleClientsParallel.js.map +1 -1
- package/dist/esm/examples/client/parallelToolCallsClient.js +7 -6
- package/dist/esm/examples/client/parallelToolCallsClient.js.map +1 -1
- package/dist/esm/examples/client/simpleOAuthClient.js +15 -13
- package/dist/esm/examples/client/simpleOAuthClient.js.map +1 -1
- package/dist/esm/examples/client/simpleStreamableHttp.js +17 -13
- package/dist/esm/examples/client/simpleStreamableHttp.js.map +1 -1
- package/dist/esm/examples/client/streamableHttpWithSseFallbackClient.js +3 -3
- package/dist/esm/examples/client/streamableHttpWithSseFallbackClient.js.map +1 -1
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.d.ts +1 -1
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.d.ts.map +1 -1
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.js +19 -17
- package/dist/esm/examples/server/demoInMemoryOAuthProvider.js.map +1 -1
- package/dist/esm/examples/server/jsonResponseStreamableHttp.js +18 -18
- package/dist/esm/examples/server/jsonResponseStreamableHttp.js.map +1 -1
- package/dist/esm/examples/server/mcpServerOutputSchema.js +22 -20
- package/dist/esm/examples/server/mcpServerOutputSchema.js.map +1 -1
- package/dist/esm/examples/server/simpleSseServer.js +8 -8
- package/dist/esm/examples/server/simpleSseServer.js.map +1 -1
- package/dist/esm/examples/server/simpleStatelessStreamableHttp.js +22 -22
- package/dist/esm/examples/server/simpleStatelessStreamableHttp.js.map +1 -1
- package/dist/esm/examples/server/simpleStreamableHttp.js +78 -78
- package/dist/esm/examples/server/simpleStreamableHttp.js.map +1 -1
- package/dist/esm/examples/server/sseAndStreamableHttpCompatibleServer.js +19 -19
- package/dist/esm/examples/server/sseAndStreamableHttpCompatibleServer.js.map +1 -1
- package/dist/esm/examples/server/standaloneSseWithGetStreamableHttp.js +8 -8
- package/dist/esm/examples/server/standaloneSseWithGetStreamableHttp.js.map +1 -1
- package/dist/esm/examples/server/toolWithSampleServer.js +22 -22
- package/dist/esm/examples/server/toolWithSampleServer.js.map +1 -1
- package/dist/esm/examples/shared/inMemoryEventStore.d.ts.map +1 -1
- package/dist/esm/examples/shared/inMemoryEventStore.js.map +1 -1
- package/dist/esm/inMemory.d.ts +3 -3
- package/dist/esm/inMemory.d.ts.map +1 -1
- package/dist/esm/inMemory.js +1 -1
- package/dist/esm/inMemory.js.map +1 -1
- package/dist/esm/server/auth/clients.d.ts +2 -2
- package/dist/esm/server/auth/clients.d.ts.map +1 -1
- package/dist/esm/server/auth/errors.d.ts +1 -1
- package/dist/esm/server/auth/errors.d.ts.map +1 -1
- package/dist/esm/server/auth/errors.js +17 -17
- package/dist/esm/server/auth/errors.js.map +1 -1
- package/dist/esm/server/auth/handlers/authorize.d.ts +3 -3
- package/dist/esm/server/auth/handlers/authorize.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/authorize.js +26 -23
- package/dist/esm/server/auth/handlers/authorize.js.map +1 -1
- package/dist/esm/server/auth/handlers/metadata.d.ts +2 -2
- package/dist/esm/server/auth/handlers/metadata.js +3 -3
- package/dist/esm/server/auth/handlers/metadata.js.map +1 -1
- package/dist/esm/server/auth/handlers/register.d.ts +4 -4
- package/dist/esm/server/auth/handlers/register.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/register.js +12 -14
- package/dist/esm/server/auth/handlers/register.js.map +1 -1
- package/dist/esm/server/auth/handlers/revoke.d.ts +4 -4
- package/dist/esm/server/auth/handlers/revoke.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/revoke.js +16 -16
- package/dist/esm/server/auth/handlers/revoke.js.map +1 -1
- package/dist/esm/server/auth/handlers/token.d.ts +3 -3
- package/dist/esm/server/auth/handlers/token.d.ts.map +1 -1
- package/dist/esm/server/auth/handlers/token.js +22 -22
- package/dist/esm/server/auth/handlers/token.js.map +1 -1
- package/dist/esm/server/auth/middleware/allowedMethods.d.ts +1 -1
- package/dist/esm/server/auth/middleware/allowedMethods.d.ts.map +1 -1
- package/dist/esm/server/auth/middleware/allowedMethods.js +2 -4
- package/dist/esm/server/auth/middleware/allowedMethods.js.map +1 -1
- package/dist/esm/server/auth/middleware/bearerAuth.d.ts +4 -4
- package/dist/esm/server/auth/middleware/bearerAuth.d.ts.map +1 -1
- package/dist/esm/server/auth/middleware/bearerAuth.js +8 -8
- package/dist/esm/server/auth/middleware/bearerAuth.js.map +1 -1
- package/dist/esm/server/auth/middleware/clientAuth.d.ts +4 -4
- package/dist/esm/server/auth/middleware/clientAuth.d.ts.map +1 -1
- package/dist/esm/server/auth/middleware/clientAuth.js +8 -8
- package/dist/esm/server/auth/middleware/clientAuth.js.map +1 -1
- package/dist/esm/server/auth/provider.d.ts +4 -4
- package/dist/esm/server/auth/provider.d.ts.map +1 -1
- package/dist/esm/server/auth/providers/proxyProvider.d.ts +10 -10
- package/dist/esm/server/auth/providers/proxyProvider.d.ts.map +1 -1
- package/dist/esm/server/auth/providers/proxyProvider.js +36 -36
- package/dist/esm/server/auth/providers/proxyProvider.js.map +1 -1
- package/dist/esm/server/auth/router.d.ts +11 -11
- package/dist/esm/server/auth/router.d.ts.map +1 -1
- package/dist/esm/server/auth/router.js +22 -24
- package/dist/esm/server/auth/router.js.map +1 -1
- package/dist/esm/server/auth/types.d.ts +1 -1
- package/dist/esm/server/auth/types.d.ts.map +1 -1
- package/dist/esm/server/completable.d.ts +5 -5
- package/dist/esm/server/completable.d.ts.map +1 -1
- package/dist/esm/server/completable.js +6 -6
- package/dist/esm/server/completable.js.map +1 -1
- package/dist/esm/server/index.d.ts +9 -9
- package/dist/esm/server/index.d.ts.map +1 -1
- package/dist/esm/server/index.js +41 -45
- package/dist/esm/server/index.js.map +1 -1
- package/dist/esm/server/mcp.d.ts +8 -8
- package/dist/esm/server/mcp.d.ts.map +1 -1
- package/dist/esm/server/mcp.js +93 -88
- package/dist/esm/server/mcp.js.map +1 -1
- package/dist/esm/server/sse.d.ts +4 -4
- package/dist/esm/server/sse.d.ts.map +1 -1
- package/dist/esm/server/sse.js +20 -19
- package/dist/esm/server/sse.js.map +1 -1
- package/dist/esm/server/stdio.d.ts +3 -3
- package/dist/esm/server/stdio.d.ts.map +1 -1
- package/dist/esm/server/stdio.js +9 -9
- package/dist/esm/server/stdio.js.map +1 -1
- package/dist/esm/server/streamableHttp.d.ts +5 -5
- package/dist/esm/server/streamableHttp.d.ts.map +1 -1
- package/dist/esm/server/streamableHttp.js +67 -68
- package/dist/esm/server/streamableHttp.js.map +1 -1
- package/dist/esm/shared/auth-utils.d.ts.map +1 -1
- package/dist/esm/shared/auth-utils.js +3 -3
- package/dist/esm/shared/auth-utils.js.map +1 -1
- package/dist/esm/shared/auth.d.ts +1 -1
- package/dist/esm/shared/auth.d.ts.map +1 -1
- package/dist/esm/shared/auth.js +43 -47
- package/dist/esm/shared/auth.js.map +1 -1
- package/dist/esm/shared/metadataUtils.d.ts +1 -1
- package/dist/esm/shared/metadataUtils.js.map +1 -1
- package/dist/esm/shared/protocol.d.ts +6 -6
- package/dist/esm/shared/protocol.d.ts.map +1 -1
- package/dist/esm/shared/protocol.js +43 -44
- package/dist/esm/shared/protocol.js.map +1 -1
- package/dist/esm/shared/stdio.d.ts +1 -1
- package/dist/esm/shared/stdio.d.ts.map +1 -1
- package/dist/esm/shared/stdio.js +4 -4
- package/dist/esm/shared/stdio.js.map +1 -1
- package/dist/esm/shared/transport.d.ts +1 -1
- package/dist/esm/shared/transport.d.ts.map +1 -1
- package/dist/esm/shared/uriTemplate.d.ts.map +1 -1
- package/dist/esm/shared/uriTemplate.js +69 -71
- package/dist/esm/shared/uriTemplate.js.map +1 -1
- package/dist/esm/types.d.ts +9650 -4790
- package/dist/esm/types.d.ts.map +1 -1
- package/dist/esm/types.js +197 -232
- package/dist/esm/types.js.map +1 -1
- package/package.json +100 -98
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorize.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/authorize.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,
|
|
1
|
+
{"version":3,"file":"authorize.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/authorize.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,WAAW,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAWzI,iEAAiE;AACjE,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,YAAY,EAAE,CAAC;SACV,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,KAAK,SAAS,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;CACpH,CAAC,CAAC;AAEH,yHAAyH;AACzH,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IAChC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;IAC1B,qBAAqB,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACxC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,MAAM,UAAU,oBAAoB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAA+B;IACtG,sCAAsC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAChC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,SAAS,CAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,GAAG,EAAE,4BAA4B;YACtC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,oBAAoB,CAAC,6DAA6D,CAAC,CAAC,gBAAgB,EAAE;YACnH,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;;QAC/B,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,mEAAmE;QACnE,oDAAoD;QACpD,2DAA2D;QAE3D,0FAA0F;QAC1F,IAAI,SAAS,EAAE,YAAY,EAAE,MAAM,CAAC;QACpC,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,+BAA+B,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACvG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,IAAI,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACxD,CAAC;YAED,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;YAClC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;YAExC,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC1D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,MAAM,IAAI,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;YACtD,CAAC;YAED,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;gBAC7B,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC/C,MAAM,IAAI,mBAAmB,CAAC,2BAA2B,CAAC,CAAC;gBAC/D,CAAC;YACL,CAAC;iBAAM,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3C,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACJ,MAAM,IAAI,mBAAmB,CAAC,yEAAyE,CAAC,CAAC;YAC7G,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,+CAA+C;YAC/C,EAAE;YACF,yEAAyE;YACzE,uEAAuE;YACvE,uEAAuE;YACvE,eAAe;YACf,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;YAED,OAAO;QACX,CAAC;QAED,yFAAyF;QACzF,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACD,8CAA8C;YAC9C,MAAM,WAAW,GAAG,gCAAgC,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAC7G,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;YAC7D,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YAE/B,kBAAkB;YAClB,IAAI,eAAe,GAAa,EAAE,CAAC;YACnC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACtB,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAA,MAAM,CAAC,KAAK,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBAExD,oDAAoD;gBACpD,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;oBAClC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC5B,MAAM,IAAI,iBAAiB,CAAC,wCAAwC,KAAK,EAAE,CAAC,CAAC;oBACjF,CAAC;gBACL,CAAC;YACL,CAAC;YAED,oDAAoD;YACpD,MAAM,QAAQ,CAAC,SAAS,CACpB,MAAM,EACN;gBACI,KAAK;gBACL,MAAM,EAAE,eAAe;gBACvB,WAAW,EAAE,YAAY;gBACzB,aAAa,EAAE,cAAc;gBAC7B,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;aACrD,EACD,GAAG,CACN,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,wDAAwD;YACxD,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAC9B,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,mBAAmB,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YACvE,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,mBAAmB,CAAC,YAAY,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;YAC7E,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,WAAmB,EAAE,KAAiB,EAAE,KAAc;IAC/E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IACpD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9D,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACjB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACR,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC;AACzB,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { RequestHandler } from
|
|
2
|
-
import { OAuthMetadata, OAuthProtectedResourceMetadata } from
|
|
1
|
+
import { RequestHandler } from 'express';
|
|
2
|
+
import { OAuthMetadata, OAuthProtectedResourceMetadata } from '../../../shared/auth.js';
|
|
3
3
|
export declare function metadataHandler(metadata: OAuthMetadata | OAuthProtectedResourceMetadata): RequestHandler;
|
|
4
4
|
//# sourceMappingURL=metadata.d.ts.map
|
|
@@ -1,13 +1,13 @@
|
|
|
1
|
-
import express from
|
|
1
|
+
import express from 'express';
|
|
2
2
|
import cors from 'cors';
|
|
3
|
-
import { allowedMethods } from
|
|
3
|
+
import { allowedMethods } from '../middleware/allowedMethods.js';
|
|
4
4
|
export function metadataHandler(metadata) {
|
|
5
5
|
// Nested router so we can configure middleware and restrict HTTP method
|
|
6
6
|
const router = express.Router();
|
|
7
7
|
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
8
8
|
router.use(cors());
|
|
9
9
|
router.use(allowedMethods(['GET']));
|
|
10
|
-
router.get(
|
|
10
|
+
router.get('/', (req, res) => {
|
|
11
11
|
res.status(200).json(metadata);
|
|
12
12
|
});
|
|
13
13
|
return router;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":"AAAA,OAAO,OAA2B,MAAM,SAAS,CAAC;AAElD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAEjE,MAAM,UAAU,eAAe,CAAC,QAAwD;
|
|
1
|
+
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":"AAAA,OAAO,OAA2B,MAAM,SAAS,CAAC;AAElD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAEjE,MAAM,UAAU,eAAe,CAAC,QAAwD;IACpF,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACpC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { RequestHandler } from
|
|
2
|
-
import { OAuthRegisteredClientsStore } from
|
|
3
|
-
import { Options as RateLimitOptions } from
|
|
1
|
+
import { RequestHandler } from 'express';
|
|
2
|
+
import { OAuthRegisteredClientsStore } from '../clients.js';
|
|
3
|
+
import { Options as RateLimitOptions } from 'express-rate-limit';
|
|
4
4
|
export type ClientRegistrationHandlerOptions = {
|
|
5
5
|
/**
|
|
6
6
|
* A store used to save information about dynamically registered OAuth clients.
|
|
@@ -25,5 +25,5 @@ export type ClientRegistrationHandlerOptions = {
|
|
|
25
25
|
*/
|
|
26
26
|
clientIdGeneration?: boolean;
|
|
27
27
|
};
|
|
28
|
-
export declare function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds, rateLimit: rateLimitConfig, clientIdGeneration
|
|
28
|
+
export declare function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds, rateLimit: rateLimitConfig, clientIdGeneration }: ClientRegistrationHandlerOptions): RequestHandler;
|
|
29
29
|
//# sourceMappingURL=register.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAI5E,MAAM,MAAM,gCAAgC,GAAG;IAC3C;;OAEG;IACH,YAAY,EAAE,2BAA2B,CAAC;IAE1C;;;;OAIG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;IAE9C;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAChC,CAAC;AAIF,wBAAgB,yBAAyB,CAAC,EACtC,YAAY,EACZ,yBAAgE,EAChE,SAAS,EAAE,eAAe,EAC1B,kBAAyB,EAC5B,EAAE,gCAAgC,GAAG,cAAc,CA0EnD"}
|
|
@@ -1,20 +1,20 @@
|
|
|
1
|
-
import express from
|
|
2
|
-
import { OAuthClientMetadataSchema } from
|
|
1
|
+
import express from 'express';
|
|
2
|
+
import { OAuthClientMetadataSchema } from '../../../shared/auth.js';
|
|
3
3
|
import crypto from 'node:crypto';
|
|
4
4
|
import cors from 'cors';
|
|
5
|
-
import { rateLimit } from
|
|
6
|
-
import { allowedMethods } from
|
|
7
|
-
import { InvalidClientMetadataError, ServerError, TooManyRequestsError, OAuthError } from
|
|
5
|
+
import { rateLimit } from 'express-rate-limit';
|
|
6
|
+
import { allowedMethods } from '../middleware/allowedMethods.js';
|
|
7
|
+
import { InvalidClientMetadataError, ServerError, TooManyRequestsError, OAuthError } from '../errors.js';
|
|
8
8
|
const DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS = 30 * 24 * 60 * 60; // 30 days
|
|
9
|
-
export function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS, rateLimit: rateLimitConfig, clientIdGeneration = true
|
|
9
|
+
export function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS, rateLimit: rateLimitConfig, clientIdGeneration = true }) {
|
|
10
10
|
if (!clientsStore.registerClient) {
|
|
11
|
-
throw new Error(
|
|
11
|
+
throw new Error('Client registration store does not support registering clients');
|
|
12
12
|
}
|
|
13
13
|
// Nested router so we can configure middleware and restrict HTTP method
|
|
14
14
|
const router = express.Router();
|
|
15
15
|
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
16
16
|
router.use(cors());
|
|
17
|
-
router.use(allowedMethods([
|
|
17
|
+
router.use(allowedMethods(['POST']));
|
|
18
18
|
router.use(express.json());
|
|
19
19
|
// Apply rate limiting unless explicitly disabled - stricter limits for registration
|
|
20
20
|
if (rateLimitConfig !== false) {
|
|
@@ -27,7 +27,7 @@ export function clientRegistrationHandler({ clientsStore, clientSecretExpirySeco
|
|
|
27
27
|
...rateLimitConfig
|
|
28
28
|
}));
|
|
29
29
|
}
|
|
30
|
-
router.post(
|
|
30
|
+
router.post('/', async (req, res) => {
|
|
31
31
|
res.setHeader('Cache-Control', 'no-store');
|
|
32
32
|
try {
|
|
33
33
|
const parseResult = OAuthClientMetadataSchema.safeParse(req.body);
|
|
@@ -37,9 +37,7 @@ export function clientRegistrationHandler({ clientsStore, clientSecretExpirySeco
|
|
|
37
37
|
const clientMetadata = parseResult.data;
|
|
38
38
|
const isPublicClient = clientMetadata.token_endpoint_auth_method === 'none';
|
|
39
39
|
// Generate client credentials
|
|
40
|
-
const clientSecret = isPublicClient
|
|
41
|
-
? undefined
|
|
42
|
-
: crypto.randomBytes(32).toString('hex');
|
|
40
|
+
const clientSecret = isPublicClient ? undefined : crypto.randomBytes(32).toString('hex');
|
|
43
41
|
const clientIdIssuedAt = Math.floor(Date.now() / 1000);
|
|
44
42
|
// Calculate client secret expiry time
|
|
45
43
|
const clientsDoExpire = clientSecretExpirySeconds > 0;
|
|
@@ -48,7 +46,7 @@ export function clientRegistrationHandler({ clientsStore, clientSecretExpirySeco
|
|
|
48
46
|
let clientInfo = {
|
|
49
47
|
...clientMetadata,
|
|
50
48
|
client_secret: clientSecret,
|
|
51
|
-
client_secret_expires_at: clientSecretExpiresAt
|
|
49
|
+
client_secret_expires_at: clientSecretExpiresAt
|
|
52
50
|
};
|
|
53
51
|
if (clientIdGeneration) {
|
|
54
52
|
clientInfo.client_id = crypto.randomUUID();
|
|
@@ -63,7 +61,7 @@ export function clientRegistrationHandler({ clientsStore, clientSecretExpirySeco
|
|
|
63
61
|
res.status(status).json(error.toResponseObject());
|
|
64
62
|
}
|
|
65
63
|
else {
|
|
66
|
-
const serverError = new ServerError(
|
|
64
|
+
const serverError = new ServerError('Internal Server Error');
|
|
67
65
|
res.status(500).json(serverError.toResponseObject());
|
|
68
66
|
}
|
|
69
67
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAO,OAA2B,MAAM,SAAS,CAAC;AAClD,OAAO,EAA8B,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AAChG,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,
|
|
1
|
+
{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAO,OAA2B,MAAM,SAAS,CAAC;AAClD,OAAO,EAA8B,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AAChG,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,0BAA0B,EAAE,WAAW,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AA8BzG,MAAM,oCAAoC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;AAE1E,MAAM,UAAU,yBAAyB,CAAC,EACtC,YAAY,EACZ,yBAAyB,GAAG,oCAAoC,EAChE,SAAS,EAAE,eAAe,EAC1B,kBAAkB,GAAG,IAAI,EACM;IAC/B,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACtF,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAE3B,oFAAoF;IACpF,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,SAAS,CAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;YACnC,GAAG,EAAE,EAAE,EAAE,+DAA+D;YACxE,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,oBAAoB,CAAC,mEAAmE,CAAC,CAAC,gBAAgB,EAAE;YACzH,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,yBAAyB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,0BAA0B,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpE,CAAC;YAED,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC;YACxC,MAAM,cAAc,GAAG,cAAc,CAAC,0BAA0B,KAAK,MAAM,CAAC;YAE5E,8BAA8B;YAC9B,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACzF,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAEvD,sCAAsC;YACtC,MAAM,eAAe,GAAG,yBAAyB,GAAG,CAAC,CAAC;YACtD,MAAM,gBAAgB,GAAG,eAAe,CAAC,CAAC,CAAC,gBAAgB,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5F,MAAM,qBAAqB,GAAG,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC;YAE5E,IAAI,UAAU,GAA2E;gBACrF,GAAG,cAAc;gBACjB,aAAa,EAAE,YAAY;gBAC3B,wBAAwB,EAAE,qBAAqB;aAClD,CAAC;YAEF,IAAI,kBAAkB,EAAE,CAAC;gBACrB,UAAU,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC3C,UAAU,CAAC,mBAAmB,GAAG,gBAAgB,CAAC;YACtD,CAAC;YAED,UAAU,GAAG,MAAM,YAAY,CAAC,cAAe,CAAC,UAAU,CAAC,CAAC;YAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { OAuthServerProvider } from
|
|
2
|
-
import { RequestHandler } from
|
|
3
|
-
import { Options as RateLimitOptions } from
|
|
1
|
+
import { OAuthServerProvider } from '../provider.js';
|
|
2
|
+
import { RequestHandler } from 'express';
|
|
3
|
+
import { Options as RateLimitOptions } from 'express-rate-limit';
|
|
4
4
|
export type RevocationHandlerOptions = {
|
|
5
5
|
provider: OAuthServerProvider;
|
|
6
6
|
/**
|
|
@@ -9,5 +9,5 @@ export type RevocationHandlerOptions = {
|
|
|
9
9
|
*/
|
|
10
10
|
rateLimit?: Partial<RateLimitOptions> | false;
|
|
11
11
|
};
|
|
12
|
-
export declare function revocationHandler({ provider, rateLimit: rateLimitConfig
|
|
12
|
+
export declare function revocationHandler({ provider, rateLimit: rateLimitConfig }: RevocationHandlerOptions): RequestHandler;
|
|
13
13
|
//# sourceMappingURL=revoke.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"revoke.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"revoke.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAI5E,MAAM,MAAM,wBAAwB,GAAG;IACnC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CACjD,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,wBAAwB,GAAG,cAAc,CA4DpH"}
|
|
@@ -1,19 +1,19 @@
|
|
|
1
|
-
import express from
|
|
2
|
-
import cors from
|
|
3
|
-
import { authenticateClient } from
|
|
4
|
-
import { OAuthTokenRevocationRequestSchema } from
|
|
5
|
-
import { rateLimit } from
|
|
6
|
-
import { allowedMethods } from
|
|
7
|
-
import { InvalidRequestError, ServerError, TooManyRequestsError, OAuthError
|
|
8
|
-
export function revocationHandler({ provider, rateLimit: rateLimitConfig
|
|
1
|
+
import express from 'express';
|
|
2
|
+
import cors from 'cors';
|
|
3
|
+
import { authenticateClient } from '../middleware/clientAuth.js';
|
|
4
|
+
import { OAuthTokenRevocationRequestSchema } from '../../../shared/auth.js';
|
|
5
|
+
import { rateLimit } from 'express-rate-limit';
|
|
6
|
+
import { allowedMethods } from '../middleware/allowedMethods.js';
|
|
7
|
+
import { InvalidRequestError, ServerError, TooManyRequestsError, OAuthError } from '../errors.js';
|
|
8
|
+
export function revocationHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
9
9
|
if (!provider.revokeToken) {
|
|
10
|
-
throw new Error(
|
|
10
|
+
throw new Error('Auth provider does not support revoking tokens');
|
|
11
11
|
}
|
|
12
12
|
// Nested router so we can configure middleware and restrict HTTP method
|
|
13
13
|
const router = express.Router();
|
|
14
14
|
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
15
15
|
router.use(cors());
|
|
16
|
-
router.use(allowedMethods([
|
|
16
|
+
router.use(allowedMethods(['POST']));
|
|
17
17
|
router.use(express.urlencoded({ extended: false }));
|
|
18
18
|
// Apply rate limiting unless explicitly disabled
|
|
19
19
|
if (rateLimitConfig !== false) {
|
|
@@ -22,14 +22,14 @@ export function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
|
|
|
22
22
|
max: 50, // 50 requests per windowMs
|
|
23
23
|
standardHeaders: true,
|
|
24
24
|
legacyHeaders: false,
|
|
25
|
-
message: new TooManyRequestsError(
|
|
26
|
-
...rateLimitConfig
|
|
25
|
+
message: new TooManyRequestsError('You have exceeded the rate limit for token revocation requests').toResponseObject(),
|
|
26
|
+
...rateLimitConfig
|
|
27
27
|
}));
|
|
28
28
|
}
|
|
29
29
|
// Authenticate and extract client details
|
|
30
30
|
router.use(authenticateClient({ clientsStore: provider.clientsStore }));
|
|
31
|
-
router.post(
|
|
32
|
-
res.setHeader(
|
|
31
|
+
router.post('/', async (req, res) => {
|
|
32
|
+
res.setHeader('Cache-Control', 'no-store');
|
|
33
33
|
try {
|
|
34
34
|
const parseResult = OAuthTokenRevocationRequestSchema.safeParse(req.body);
|
|
35
35
|
if (!parseResult.success) {
|
|
@@ -38,7 +38,7 @@ export function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
|
|
|
38
38
|
const client = req.client;
|
|
39
39
|
if (!client) {
|
|
40
40
|
// This should never happen
|
|
41
|
-
throw new ServerError(
|
|
41
|
+
throw new ServerError('Internal Server Error');
|
|
42
42
|
}
|
|
43
43
|
await provider.revokeToken(client, parseResult.data);
|
|
44
44
|
res.status(200).json({});
|
|
@@ -49,7 +49,7 @@ export function revocationHandler({ provider, rateLimit: rateLimitConfig, }) {
|
|
|
49
49
|
res.status(status).json(error.toResponseObject());
|
|
50
50
|
}
|
|
51
51
|
else {
|
|
52
|
-
const serverError = new ServerError(
|
|
52
|
+
const serverError = new ServerError('Internal Server Error');
|
|
53
53
|
res.status(500).json(serverError.toResponseObject());
|
|
54
54
|
}
|
|
55
55
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"revoke.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AACA,OAAO,OAA2B,MAAM,SAAS,CAAC;AAClD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,iCAAiC,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,
|
|
1
|
+
{"version":3,"file":"revoke.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AACA,OAAO,OAA2B,MAAM,SAAS,CAAC;AAClD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,iCAAiC,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAWlG,MAAM,UAAU,iBAAiB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAA4B;IAChG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACtE,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,SAAS,CAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,2BAA2B;YACpC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,oBAAoB,CAAC,gEAAgE,CAAC,CAAC,gBAAgB,EAAE;YACtH,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,iCAAiC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,2BAA2B;gBAC3B,MAAM,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;YACnD,CAAC;YAED,MAAM,QAAQ,CAAC,WAAY,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { RequestHandler } from
|
|
2
|
-
import { OAuthServerProvider } from
|
|
3
|
-
import { Options as RateLimitOptions } from
|
|
1
|
+
import { RequestHandler } from 'express';
|
|
2
|
+
import { OAuthServerProvider } from '../provider.js';
|
|
3
|
+
import { Options as RateLimitOptions } from 'express-rate-limit';
|
|
4
4
|
export type TokenHandlerOptions = {
|
|
5
5
|
provider: OAuthServerProvider;
|
|
6
6
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AACA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAIrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,mBAAmB,GAAG;
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AACA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAIrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,mBAAmB,GAAG;IAC9B,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CACjD,CAAC;AAmBF,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,mBAAmB,GAAG,cAAc,CAiH1G"}
|
|
@@ -1,37 +1,37 @@
|
|
|
1
|
-
import { z } from
|
|
2
|
-
import express from
|
|
3
|
-
import cors from
|
|
4
|
-
import { verifyChallenge } from
|
|
5
|
-
import { authenticateClient } from
|
|
6
|
-
import { rateLimit } from
|
|
7
|
-
import { allowedMethods } from
|
|
8
|
-
import { InvalidRequestError, InvalidGrantError, UnsupportedGrantTypeError, ServerError, TooManyRequestsError, OAuthError } from
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import express from 'express';
|
|
3
|
+
import cors from 'cors';
|
|
4
|
+
import { verifyChallenge } from 'pkce-challenge';
|
|
5
|
+
import { authenticateClient } from '../middleware/clientAuth.js';
|
|
6
|
+
import { rateLimit } from 'express-rate-limit';
|
|
7
|
+
import { allowedMethods } from '../middleware/allowedMethods.js';
|
|
8
|
+
import { InvalidRequestError, InvalidGrantError, UnsupportedGrantTypeError, ServerError, TooManyRequestsError, OAuthError } from '../errors.js';
|
|
9
9
|
const TokenRequestSchema = z.object({
|
|
10
|
-
grant_type: z.string()
|
|
10
|
+
grant_type: z.string()
|
|
11
11
|
});
|
|
12
12
|
const AuthorizationCodeGrantSchema = z.object({
|
|
13
13
|
code: z.string(),
|
|
14
14
|
code_verifier: z.string(),
|
|
15
15
|
redirect_uri: z.string().optional(),
|
|
16
|
-
resource: z.string().url().optional()
|
|
16
|
+
resource: z.string().url().optional()
|
|
17
17
|
});
|
|
18
18
|
const RefreshTokenGrantSchema = z.object({
|
|
19
19
|
refresh_token: z.string(),
|
|
20
20
|
scope: z.string().optional(),
|
|
21
|
-
resource: z.string().url().optional()
|
|
21
|
+
resource: z.string().url().optional()
|
|
22
22
|
});
|
|
23
23
|
export function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
24
24
|
// Nested router so we can configure middleware and restrict HTTP method
|
|
25
25
|
const router = express.Router();
|
|
26
26
|
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
27
27
|
router.use(cors());
|
|
28
|
-
router.use(allowedMethods([
|
|
28
|
+
router.use(allowedMethods(['POST']));
|
|
29
29
|
router.use(express.urlencoded({ extended: false }));
|
|
30
30
|
// Apply rate limiting unless explicitly disabled
|
|
31
31
|
if (rateLimitConfig !== false) {
|
|
32
32
|
router.use(rateLimit({
|
|
33
33
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
34
|
-
max: 50, // 50 requests per windowMs
|
|
34
|
+
max: 50, // 50 requests per windowMs
|
|
35
35
|
standardHeaders: true,
|
|
36
36
|
legacyHeaders: false,
|
|
37
37
|
message: new TooManyRequestsError('You have exceeded the rate limit for token requests').toResponseObject(),
|
|
@@ -40,7 +40,7 @@ export function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
40
40
|
}
|
|
41
41
|
// Authenticate and extract client details
|
|
42
42
|
router.use(authenticateClient({ clientsStore: provider.clientsStore }));
|
|
43
|
-
router.post(
|
|
43
|
+
router.post('/', async (req, res) => {
|
|
44
44
|
res.setHeader('Cache-Control', 'no-store');
|
|
45
45
|
try {
|
|
46
46
|
const parseResult = TokenRequestSchema.safeParse(req.body);
|
|
@@ -51,22 +51,22 @@ export function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
51
51
|
const client = req.client;
|
|
52
52
|
if (!client) {
|
|
53
53
|
// This should never happen
|
|
54
|
-
throw new ServerError(
|
|
54
|
+
throw new ServerError('Internal Server Error');
|
|
55
55
|
}
|
|
56
56
|
switch (grant_type) {
|
|
57
|
-
case
|
|
57
|
+
case 'authorization_code': {
|
|
58
58
|
const parseResult = AuthorizationCodeGrantSchema.safeParse(req.body);
|
|
59
59
|
if (!parseResult.success) {
|
|
60
60
|
throw new InvalidRequestError(parseResult.error.message);
|
|
61
61
|
}
|
|
62
62
|
const { code, code_verifier, redirect_uri, resource } = parseResult.data;
|
|
63
63
|
const skipLocalPkceValidation = provider.skipLocalPkceValidation;
|
|
64
|
-
// Perform local PKCE validation unless explicitly skipped
|
|
64
|
+
// Perform local PKCE validation unless explicitly skipped
|
|
65
65
|
// (e.g. to validate code_verifier in upstream server)
|
|
66
66
|
if (!skipLocalPkceValidation) {
|
|
67
67
|
const codeChallenge = await provider.challengeForAuthorizationCode(client, code);
|
|
68
68
|
if (!(await verifyChallenge(code_verifier, codeChallenge))) {
|
|
69
|
-
throw new InvalidGrantError(
|
|
69
|
+
throw new InvalidGrantError('code_verifier does not match the challenge');
|
|
70
70
|
}
|
|
71
71
|
}
|
|
72
72
|
// Passes the code_verifier to the provider if PKCE validation didn't occur locally
|
|
@@ -74,13 +74,13 @@ export function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
74
74
|
res.status(200).json(tokens);
|
|
75
75
|
break;
|
|
76
76
|
}
|
|
77
|
-
case
|
|
77
|
+
case 'refresh_token': {
|
|
78
78
|
const parseResult = RefreshTokenGrantSchema.safeParse(req.body);
|
|
79
79
|
if (!parseResult.success) {
|
|
80
80
|
throw new InvalidRequestError(parseResult.error.message);
|
|
81
81
|
}
|
|
82
82
|
const { refresh_token, scope, resource } = parseResult.data;
|
|
83
|
-
const scopes = scope === null || scope === void 0 ? void 0 : scope.split(
|
|
83
|
+
const scopes = scope === null || scope === void 0 ? void 0 : scope.split(' ');
|
|
84
84
|
const tokens = await provider.exchangeRefreshToken(client, refresh_token, scopes, resource ? new URL(resource) : undefined);
|
|
85
85
|
res.status(200).json(tokens);
|
|
86
86
|
break;
|
|
@@ -88,7 +88,7 @@ export function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
88
88
|
// Not supported right now
|
|
89
89
|
//case "client_credentials":
|
|
90
90
|
default:
|
|
91
|
-
throw new UnsupportedGrantTypeError(
|
|
91
|
+
throw new UnsupportedGrantTypeError('The grant type is not supported by this authorization server.');
|
|
92
92
|
}
|
|
93
93
|
}
|
|
94
94
|
catch (error) {
|
|
@@ -97,7 +97,7 @@ export function tokenHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
|
97
97
|
res.status(status).json(error.toResponseObject());
|
|
98
98
|
}
|
|
99
99
|
else {
|
|
100
|
-
const serverError = new ServerError(
|
|
100
|
+
const serverError = new ServerError('Internal Server Error');
|
|
101
101
|
res.status(500).json(serverError.toResponseObject());
|
|
102
102
|
}
|
|
103
103
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,OAA2B,MAAM,SAAS,CAAC;AAElD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,
|
|
1
|
+
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,OAA2B,MAAM,SAAS,CAAC;AAElD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EACH,mBAAmB,EACnB,iBAAiB,EACjB,yBAAyB,EACzB,WAAW,EACX,oBAAoB,EACpB,UAAU,EACb,MAAM,cAAc,CAAC;AAWtB,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;CACzB,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;IACzB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;IACzB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,MAAM,UAAU,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAuB;IACtF,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,CACN,SAAS,CAAC;YACN,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,2BAA2B;YACpC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,oBAAoB,CAAC,qDAAqD,CAAC,CAAC,gBAAgB,EAAE;YAC3G,GAAG,eAAe;SACrB,CAAC,CACL,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;YAExC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,2BAA2B;gBAC3B,MAAM,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;YACnD,CAAC;YAED,QAAQ,UAAU,EAAE,CAAC;gBACjB,KAAK,oBAAoB,CAAC,CAAC,CAAC;oBACxB,MAAM,WAAW,GAAG,4BAA4B,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBACrE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACvB,MAAM,IAAI,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC7D,CAAC;oBAED,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAEzE,MAAM,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC;oBAEjE,0DAA0D;oBAC1D,sDAAsD;oBACtD,IAAI,CAAC,uBAAuB,EAAE,CAAC;wBAC3B,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,6BAA6B,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;wBACjF,IAAI,CAAC,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC;4BACzD,MAAM,IAAI,iBAAiB,CAAC,4CAA4C,CAAC,CAAC;wBAC9E,CAAC;oBACL,CAAC;oBAED,mFAAmF;oBACnF,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,yBAAyB,CACnD,MAAM,EACN,IAAI,EACJ,uBAAuB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,EACnD,YAAY,EACZ,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;oBACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACV,CAAC;gBAED,KAAK,eAAe,CAAC,CAAC,CAAC;oBACnB,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAChE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACvB,MAAM,IAAI,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC7D,CAAC;oBAED,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;oBAE5D,MAAM,MAAM,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,oBAAoB,CAC9C,MAAM,EACN,aAAa,EACb,MAAM,EACN,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;oBACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC7B,MAAM;gBACV,CAAC;gBAED,0BAA0B;gBAC1B,4BAA4B;gBAE5B;oBACI,MAAM,IAAI,yBAAyB,CAAC,+DAA+D,CAAC,CAAC;YAC7G,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"allowedMethods.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,cAAc,
|
|
1
|
+
{"version":3,"file":"allowedMethods.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,cAAc,CAUvE"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { MethodNotAllowedError } from
|
|
1
|
+
import { MethodNotAllowedError } from '../errors.js';
|
|
2
2
|
/**
|
|
3
3
|
* Middleware to handle unsupported HTTP methods with a 405 Method Not Allowed response.
|
|
4
4
|
*
|
|
@@ -12,9 +12,7 @@ export function allowedMethods(allowedMethods) {
|
|
|
12
12
|
return;
|
|
13
13
|
}
|
|
14
14
|
const error = new MethodNotAllowedError(`The method ${req.method} is not allowed for this endpoint`);
|
|
15
|
-
res.status(405)
|
|
16
|
-
.set('Allow', allowedMethods.join(', '))
|
|
17
|
-
.json(error.toResponseObject());
|
|
15
|
+
res.status(405).set('Allow', allowedMethods.join(', ')).json(error.toResponseObject());
|
|
18
16
|
};
|
|
19
17
|
}
|
|
20
18
|
//# sourceMappingURL=allowedMethods.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"allowedMethods.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAErD;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,cAAwB;
|
|
1
|
+
{"version":3,"file":"allowedMethods.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/allowedMethods.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAErD;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,cAAwB;IACnD,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,IAAI,EAAE,CAAC;YACP,OAAO;QACX,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,qBAAqB,CAAC,cAAc,GAAG,CAAC,MAAM,mCAAmC,CAAC,CAAC;QACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAC3F,CAAC,CAAC;AACN,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { RequestHandler } from
|
|
2
|
-
import { OAuthTokenVerifier } from
|
|
3
|
-
import { AuthInfo } from
|
|
1
|
+
import { RequestHandler } from 'express';
|
|
2
|
+
import { OAuthTokenVerifier } from '../provider.js';
|
|
3
|
+
import { AuthInfo } from '../types.js';
|
|
4
4
|
export type BearerAuthMiddlewareOptions = {
|
|
5
5
|
/**
|
|
6
6
|
* A provider used to verify tokens.
|
|
@@ -15,7 +15,7 @@ export type BearerAuthMiddlewareOptions = {
|
|
|
15
15
|
*/
|
|
16
16
|
resourceMetadataUrl?: string;
|
|
17
17
|
};
|
|
18
|
-
declare module
|
|
18
|
+
declare module 'express-serve-static-core' {
|
|
19
19
|
interface Request {
|
|
20
20
|
/**
|
|
21
21
|
* Information about the validated access token, if the `requireBearerAuth` middleware was used.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearerAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,MAAM,2BAA2B,GAAG;
|
|
1
|
+
{"version":3,"file":"bearerAuth.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,MAAM,2BAA2B,GAAG;IACtC;;OAEG;IACH,QAAQ,EAAE,kBAAkB,CAAC;IAE7B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,OAAO,QAAQ,2BAA2B,CAAC;IACvC,UAAU,OAAO;QACb;;WAEG;QACH,IAAI,CAAC,EAAE,QAAQ,CAAC;KACnB;CACJ;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAmB,EAAE,mBAAmB,EAAE,EAAE,2BAA2B,GAAG,cAAc,CAwDrI"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { InsufficientScopeError, InvalidTokenError, OAuthError, ServerError } from
|
|
1
|
+
import { InsufficientScopeError, InvalidTokenError, OAuthError, ServerError } from '../errors.js';
|
|
2
2
|
/**
|
|
3
3
|
* Middleware that requires a valid Bearer token in the Authorization header.
|
|
4
4
|
*
|
|
@@ -12,7 +12,7 @@ export function requireBearerAuth({ verifier, requiredScopes = [], resourceMetad
|
|
|
12
12
|
try {
|
|
13
13
|
const authHeader = req.headers.authorization;
|
|
14
14
|
if (!authHeader) {
|
|
15
|
-
throw new InvalidTokenError(
|
|
15
|
+
throw new InvalidTokenError('Missing Authorization header');
|
|
16
16
|
}
|
|
17
17
|
const [type, token] = authHeader.split(' ');
|
|
18
18
|
if (type.toLowerCase() !== 'bearer' || !token) {
|
|
@@ -23,15 +23,15 @@ export function requireBearerAuth({ verifier, requiredScopes = [], resourceMetad
|
|
|
23
23
|
if (requiredScopes.length > 0) {
|
|
24
24
|
const hasAllScopes = requiredScopes.every(scope => authInfo.scopes.includes(scope));
|
|
25
25
|
if (!hasAllScopes) {
|
|
26
|
-
throw new InsufficientScopeError(
|
|
26
|
+
throw new InsufficientScopeError('Insufficient scope');
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
29
|
// Check if the token is set to expire or if it is expired
|
|
30
30
|
if (typeof authInfo.expiresAt !== 'number' || isNaN(authInfo.expiresAt)) {
|
|
31
|
-
throw new InvalidTokenError(
|
|
31
|
+
throw new InvalidTokenError('Token has no expiration time');
|
|
32
32
|
}
|
|
33
33
|
else if (authInfo.expiresAt < Date.now() / 1000) {
|
|
34
|
-
throw new InvalidTokenError(
|
|
34
|
+
throw new InvalidTokenError('Token has expired');
|
|
35
35
|
}
|
|
36
36
|
req.auth = authInfo;
|
|
37
37
|
next();
|
|
@@ -41,14 +41,14 @@ export function requireBearerAuth({ verifier, requiredScopes = [], resourceMetad
|
|
|
41
41
|
const wwwAuthValue = resourceMetadataUrl
|
|
42
42
|
? `Bearer error="${error.errorCode}", error_description="${error.message}", resource_metadata="${resourceMetadataUrl}"`
|
|
43
43
|
: `Bearer error="${error.errorCode}", error_description="${error.message}"`;
|
|
44
|
-
res.set(
|
|
44
|
+
res.set('WWW-Authenticate', wwwAuthValue);
|
|
45
45
|
res.status(401).json(error.toResponseObject());
|
|
46
46
|
}
|
|
47
47
|
else if (error instanceof InsufficientScopeError) {
|
|
48
48
|
const wwwAuthValue = resourceMetadataUrl
|
|
49
49
|
? `Bearer error="${error.errorCode}", error_description="${error.message}", resource_metadata="${resourceMetadataUrl}"`
|
|
50
50
|
: `Bearer error="${error.errorCode}", error_description="${error.message}"`;
|
|
51
|
-
res.set(
|
|
51
|
+
res.set('WWW-Authenticate', wwwAuthValue);
|
|
52
52
|
res.status(403).json(error.toResponseObject());
|
|
53
53
|
}
|
|
54
54
|
else if (error instanceof ServerError) {
|
|
@@ -58,7 +58,7 @@ export function requireBearerAuth({ verifier, requiredScopes = [], resourceMetad
|
|
|
58
58
|
res.status(400).json(error.toResponseObject());
|
|
59
59
|
}
|
|
60
60
|
else {
|
|
61
|
-
const serverError = new ServerError(
|
|
61
|
+
const serverError = new ServerError('Internal Server Error');
|
|
62
62
|
res.status(500).json(serverError.toResponseObject());
|
|
63
63
|
}
|
|
64
64
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearerAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AA8BlG;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAc,GAAG,EAAE,EAAE,mBAAmB,EAA+B;
|
|
1
|
+
{"version":3,"file":"bearerAuth.js","sourceRoot":"","sources":["../../../../../src/server/auth/middleware/bearerAuth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AA8BlG;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAAC,EAAE,QAAQ,EAAE,cAAc,GAAG,EAAE,EAAE,mBAAmB,EAA+B;IACjH,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC5B,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;gBACd,MAAM,IAAI,iBAAiB,CAAC,8BAA8B,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC5C,MAAM,IAAI,iBAAiB,CAAC,8DAA8D,CAAC,CAAC;YAChG,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAEzD,kDAAkD;YAClD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;gBAEpF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAChB,MAAM,IAAI,sBAAsB,CAAC,oBAAoB,CAAC,CAAC;gBAC3D,CAAC;YACL,CAAC;YAED,0DAA0D;YAC1D,IAAI,OAAO,QAAQ,CAAC,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACtE,MAAM,IAAI,iBAAiB,CAAC,8BAA8B,CAAC,CAAC;YAChE,CAAC;iBAAM,IAAI,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;YACrD,CAAC;YAED,GAAG,CAAC,IAAI,GAAG,QAAQ,CAAC;YACpB,IAAI,EAAE,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;gBACrC,MAAM,YAAY,GAAG,mBAAmB;oBACpC,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,yBAAyB,mBAAmB,GAAG;oBACvH,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,GAAG,CAAC;gBAChF,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;gBAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,KAAK,YAAY,sBAAsB,EAAE,CAAC;gBACjD,MAAM,YAAY,GAAG,mBAAmB;oBACpC,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,yBAAyB,mBAAmB,GAAG;oBACvH,CAAC,CAAC,iBAAiB,KAAK,CAAC,SAAS,yBAAyB,KAAK,CAAC,OAAO,GAAG,CAAC;gBAChF,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;gBAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;gBACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBACrC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACnD,CAAC;iBAAM,CAAC;gBACJ,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;IACL,CAAC,CAAC;AACN,CAAC"}
|
|
@@ -1,13 +1,13 @@
|
|
|
1
|
-
import { RequestHandler } from
|
|
2
|
-
import { OAuthRegisteredClientsStore } from
|
|
3
|
-
import { OAuthClientInformationFull } from
|
|
1
|
+
import { RequestHandler } from 'express';
|
|
2
|
+
import { OAuthRegisteredClientsStore } from '../clients.js';
|
|
3
|
+
import { OAuthClientInformationFull } from '../../../shared/auth.js';
|
|
4
4
|
export type ClientAuthenticationMiddlewareOptions = {
|
|
5
5
|
/**
|
|
6
6
|
* A store used to read information about registered OAuth clients.
|
|
7
7
|
*/
|
|
8
8
|
clientsStore: OAuthRegisteredClientsStore;
|
|
9
9
|
};
|
|
10
|
-
declare module
|
|
10
|
+
declare module 'express-serve-static-core' {
|
|
11
11
|
interface Request {
|
|
12
12
|
/**
|
|
13
13
|
* The authenticated client for this request, if the `authenticateClient` middleware was used.
|