@modelcontextprotocol/sdk 1.5.0 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/client/auth.d.ts +116 -0
- package/dist/cjs/client/auth.d.ts.map +1 -0
- package/dist/cjs/client/auth.js +239 -0
- package/dist/cjs/client/auth.js.map +1 -0
- package/dist/cjs/client/sse.d.ts +43 -4
- package/dist/cjs/client/sse.d.ts.map +1 -1
- package/dist/cjs/client/sse.js +72 -5
- package/dist/cjs/client/sse.js.map +1 -1
- package/dist/cjs/server/auth/clients.d.ts +19 -0
- package/dist/cjs/server/auth/clients.d.ts.map +1 -0
- package/dist/cjs/server/auth/clients.js +3 -0
- package/dist/cjs/server/auth/clients.js.map +1 -0
- package/dist/cjs/server/auth/errors.d.ts +126 -0
- package/dist/cjs/server/auth/errors.d.ts.map +1 -0
- package/dist/cjs/server/auth/errors.js +189 -0
- package/dist/cjs/server/auth/errors.js.map +1 -0
- package/dist/cjs/server/auth/handlers/authorize.d.ts +13 -0
- package/dist/cjs/server/auth/handlers/authorize.d.ts.map +1 -0
- package/dist/cjs/server/auth/handlers/authorize.js +149 -0
- package/dist/cjs/server/auth/handlers/authorize.js.map +1 -0
- package/dist/cjs/server/auth/handlers/metadata.d.ts +4 -0
- package/dist/cjs/server/auth/handlers/metadata.d.ts.map +1 -0
- package/dist/cjs/server/auth/handlers/metadata.js +21 -0
- package/dist/cjs/server/auth/handlers/metadata.js.map +1 -0
- package/dist/cjs/server/auth/handlers/register.d.ts +23 -0
- package/dist/cjs/server/auth/handlers/register.d.ts.map +1 -0
- package/dist/cjs/server/auth/handlers/register.js +74 -0
- package/dist/cjs/server/auth/handlers/register.js.map +1 -0
- package/dist/cjs/server/auth/handlers/revoke.d.ts +13 -0
- package/dist/cjs/server/auth/handlers/revoke.d.ts.map +1 -0
- package/dist/cjs/server/auth/handlers/revoke.js +67 -0
- package/dist/cjs/server/auth/handlers/revoke.js.map +1 -0
- package/dist/cjs/server/auth/handlers/token.d.ts +13 -0
- package/dist/cjs/server/auth/handlers/token.d.ts.map +1 -0
- package/dist/cjs/server/auth/handlers/token.js +107 -0
- package/dist/cjs/server/auth/handlers/token.js.map +1 -0
- package/dist/cjs/server/auth/middleware/allowedMethods.d.ts +9 -0
- package/dist/cjs/server/auth/middleware/allowedMethods.d.ts.map +1 -0
- package/dist/cjs/server/auth/middleware/allowedMethods.js +23 -0
- package/dist/cjs/server/auth/middleware/allowedMethods.js.map +1 -0
- package/dist/cjs/server/auth/middleware/bearerAuth.d.ts +28 -0
- package/dist/cjs/server/auth/middleware/bearerAuth.d.ts.map +1 -0
- package/dist/cjs/server/auth/middleware/bearerAuth.js +55 -0
- package/dist/cjs/server/auth/middleware/bearerAuth.js.map +1 -0
- package/dist/cjs/server/auth/middleware/clientAuth.d.ts +19 -0
- package/dist/cjs/server/auth/middleware/clientAuth.d.ts.map +1 -0
- package/dist/cjs/server/auth/middleware/clientAuth.js +53 -0
- package/dist/cjs/server/auth/middleware/clientAuth.js.map +1 -0
- package/dist/cjs/server/auth/provider.d.ts +50 -0
- package/dist/cjs/server/auth/provider.d.ts.map +1 -0
- package/dist/cjs/server/auth/provider.js +3 -0
- package/dist/cjs/server/auth/provider.js.map +1 -0
- package/dist/cjs/server/auth/router.d.ts +36 -0
- package/dist/cjs/server/auth/router.d.ts.map +1 -0
- package/dist/cjs/server/auth/router.js +68 -0
- package/dist/cjs/server/auth/router.js.map +1 -0
- package/dist/cjs/server/auth/types.d.ts +22 -0
- package/dist/cjs/server/auth/types.d.ts.map +1 -0
- package/dist/cjs/server/auth/types.js +3 -0
- package/dist/cjs/server/auth/types.js.map +1 -0
- package/dist/cjs/server/mcp.d.ts.map +1 -1
- package/dist/cjs/server/mcp.js +3 -1
- package/dist/cjs/server/mcp.js.map +1 -1
- package/dist/cjs/shared/auth.d.ts +271 -0
- package/dist/cjs/shared/auth.d.ts.map +1 -0
- package/dist/cjs/shared/auth.js +106 -0
- package/dist/cjs/shared/auth.js.map +1 -0
- package/dist/cjs/types.d.ts.map +1 -1
- package/dist/cjs/types.js +1 -0
- package/dist/cjs/types.js.map +1 -1
- package/dist/esm/client/auth.d.ts +116 -0
- package/dist/esm/client/auth.d.ts.map +1 -0
- package/dist/esm/client/auth.js +226 -0
- package/dist/esm/client/auth.js.map +1 -0
- package/dist/esm/client/sse.d.ts +43 -4
- package/dist/esm/client/sse.d.ts.map +1 -1
- package/dist/esm/client/sse.js +72 -5
- package/dist/esm/client/sse.js.map +1 -1
- package/dist/esm/server/auth/clients.d.ts +19 -0
- package/dist/esm/server/auth/clients.d.ts.map +1 -0
- package/dist/esm/server/auth/clients.js +2 -0
- package/dist/esm/server/auth/clients.js.map +1 -0
- package/dist/esm/server/auth/errors.d.ts +126 -0
- package/dist/esm/server/auth/errors.d.ts.map +1 -0
- package/dist/esm/server/auth/errors.js +169 -0
- package/dist/esm/server/auth/errors.js.map +1 -0
- package/dist/esm/server/auth/handlers/authorize.d.ts +13 -0
- package/dist/esm/server/auth/handlers/authorize.d.ts.map +1 -0
- package/dist/esm/server/auth/handlers/authorize.js +143 -0
- package/dist/esm/server/auth/handlers/authorize.js.map +1 -0
- package/dist/esm/server/auth/handlers/metadata.d.ts +4 -0
- package/dist/esm/server/auth/handlers/metadata.d.ts.map +1 -0
- package/dist/esm/server/auth/handlers/metadata.js +15 -0
- package/dist/esm/server/auth/handlers/metadata.js.map +1 -0
- package/dist/esm/server/auth/handlers/register.d.ts +23 -0
- package/dist/esm/server/auth/handlers/register.d.ts.map +1 -0
- package/dist/esm/server/auth/handlers/register.js +68 -0
- package/dist/esm/server/auth/handlers/register.js.map +1 -0
- package/dist/esm/server/auth/handlers/revoke.d.ts +13 -0
- package/dist/esm/server/auth/handlers/revoke.d.ts.map +1 -0
- package/dist/esm/server/auth/handlers/revoke.js +61 -0
- package/dist/esm/server/auth/handlers/revoke.js.map +1 -0
- package/dist/esm/server/auth/handlers/token.d.ts +13 -0
- package/dist/esm/server/auth/handlers/token.d.ts.map +1 -0
- package/dist/esm/server/auth/handlers/token.js +101 -0
- package/dist/esm/server/auth/handlers/token.js.map +1 -0
- package/dist/esm/server/auth/middleware/allowedMethods.d.ts +9 -0
- package/dist/esm/server/auth/middleware/allowedMethods.d.ts.map +1 -0
- package/dist/esm/server/auth/middleware/allowedMethods.js +20 -0
- package/dist/esm/server/auth/middleware/allowedMethods.js.map +1 -0
- package/dist/esm/server/auth/middleware/bearerAuth.d.ts +28 -0
- package/dist/esm/server/auth/middleware/bearerAuth.d.ts.map +1 -0
- package/dist/esm/server/auth/middleware/bearerAuth.js +52 -0
- package/dist/esm/server/auth/middleware/bearerAuth.js.map +1 -0
- package/dist/esm/server/auth/middleware/clientAuth.d.ts +19 -0
- package/dist/esm/server/auth/middleware/clientAuth.d.ts.map +1 -0
- package/dist/esm/server/auth/middleware/clientAuth.js +50 -0
- package/dist/esm/server/auth/middleware/clientAuth.js.map +1 -0
- package/dist/esm/server/auth/provider.d.ts +50 -0
- package/dist/esm/server/auth/provider.d.ts.map +1 -0
- package/dist/esm/server/auth/provider.js +2 -0
- package/dist/esm/server/auth/provider.js.map +1 -0
- package/dist/esm/server/auth/router.d.ts +36 -0
- package/dist/esm/server/auth/router.d.ts.map +1 -0
- package/dist/esm/server/auth/router.js +62 -0
- package/dist/esm/server/auth/router.js.map +1 -0
- package/dist/esm/server/auth/types.d.ts +22 -0
- package/dist/esm/server/auth/types.d.ts.map +1 -0
- package/dist/esm/server/auth/types.js +2 -0
- package/dist/esm/server/auth/types.js.map +1 -0
- package/dist/esm/server/mcp.d.ts.map +1 -1
- package/dist/esm/server/mcp.js +3 -1
- package/dist/esm/server/mcp.js.map +1 -1
- package/dist/esm/shared/auth.d.ts +271 -0
- package/dist/esm/shared/auth.d.ts.map +1 -0
- package/dist/esm/shared/auth.js +103 -0
- package/dist/esm/shared/auth.js.map +1 -0
- package/dist/esm/types.d.ts.map +1 -1
- package/dist/esm/types.js +1 -0
- package/dist/esm/types.js.map +1 -1
- package/package.json +10 -3
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Base class for all OAuth errors
|
|
3
|
+
*/
|
|
4
|
+
export class OAuthError extends Error {
|
|
5
|
+
constructor(errorCode, message, errorUri) {
|
|
6
|
+
super(message);
|
|
7
|
+
this.errorCode = errorCode;
|
|
8
|
+
this.errorUri = errorUri;
|
|
9
|
+
this.name = this.constructor.name;
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Converts the error to a standard OAuth error response object
|
|
13
|
+
*/
|
|
14
|
+
toResponseObject() {
|
|
15
|
+
const response = {
|
|
16
|
+
error: this.errorCode,
|
|
17
|
+
error_description: this.message
|
|
18
|
+
};
|
|
19
|
+
if (this.errorUri) {
|
|
20
|
+
response.error_uri = this.errorUri;
|
|
21
|
+
}
|
|
22
|
+
return response;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Invalid request error - The request is missing a required parameter,
|
|
27
|
+
* includes an invalid parameter value, includes a parameter more than once,
|
|
28
|
+
* or is otherwise malformed.
|
|
29
|
+
*/
|
|
30
|
+
export class InvalidRequestError extends OAuthError {
|
|
31
|
+
constructor(message, errorUri) {
|
|
32
|
+
super("invalid_request", message, errorUri);
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Invalid client error - Client authentication failed (e.g., unknown client, no client
|
|
37
|
+
* authentication included, or unsupported authentication method).
|
|
38
|
+
*/
|
|
39
|
+
export class InvalidClientError extends OAuthError {
|
|
40
|
+
constructor(message, errorUri) {
|
|
41
|
+
super("invalid_client", message, errorUri);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Invalid grant error - The provided authorization grant or refresh token is
|
|
46
|
+
* invalid, expired, revoked, does not match the redirection URI used in the
|
|
47
|
+
* authorization request, or was issued to another client.
|
|
48
|
+
*/
|
|
49
|
+
export class InvalidGrantError extends OAuthError {
|
|
50
|
+
constructor(message, errorUri) {
|
|
51
|
+
super("invalid_grant", message, errorUri);
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Unauthorized client error - The authenticated client is not authorized to use
|
|
56
|
+
* this authorization grant type.
|
|
57
|
+
*/
|
|
58
|
+
export class UnauthorizedClientError extends OAuthError {
|
|
59
|
+
constructor(message, errorUri) {
|
|
60
|
+
super("unauthorized_client", message, errorUri);
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Unsupported grant type error - The authorization grant type is not supported
|
|
65
|
+
* by the authorization server.
|
|
66
|
+
*/
|
|
67
|
+
export class UnsupportedGrantTypeError extends OAuthError {
|
|
68
|
+
constructor(message, errorUri) {
|
|
69
|
+
super("unsupported_grant_type", message, errorUri);
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* Invalid scope error - The requested scope is invalid, unknown, malformed, or
|
|
74
|
+
* exceeds the scope granted by the resource owner.
|
|
75
|
+
*/
|
|
76
|
+
export class InvalidScopeError extends OAuthError {
|
|
77
|
+
constructor(message, errorUri) {
|
|
78
|
+
super("invalid_scope", message, errorUri);
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Access denied error - The resource owner or authorization server denied the request.
|
|
83
|
+
*/
|
|
84
|
+
export class AccessDeniedError extends OAuthError {
|
|
85
|
+
constructor(message, errorUri) {
|
|
86
|
+
super("access_denied", message, errorUri);
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Server error - The authorization server encountered an unexpected condition
|
|
91
|
+
* that prevented it from fulfilling the request.
|
|
92
|
+
*/
|
|
93
|
+
export class ServerError extends OAuthError {
|
|
94
|
+
constructor(message, errorUri) {
|
|
95
|
+
super("server_error", message, errorUri);
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Temporarily unavailable error - The authorization server is currently unable to
|
|
100
|
+
* handle the request due to a temporary overloading or maintenance of the server.
|
|
101
|
+
*/
|
|
102
|
+
export class TemporarilyUnavailableError extends OAuthError {
|
|
103
|
+
constructor(message, errorUri) {
|
|
104
|
+
super("temporarily_unavailable", message, errorUri);
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
/**
|
|
108
|
+
* Unsupported response type error - The authorization server does not support
|
|
109
|
+
* obtaining an authorization code using this method.
|
|
110
|
+
*/
|
|
111
|
+
export class UnsupportedResponseTypeError extends OAuthError {
|
|
112
|
+
constructor(message, errorUri) {
|
|
113
|
+
super("unsupported_response_type", message, errorUri);
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
/**
|
|
117
|
+
* Unsupported token type error - The authorization server does not support
|
|
118
|
+
* the requested token type.
|
|
119
|
+
*/
|
|
120
|
+
export class UnsupportedTokenTypeError extends OAuthError {
|
|
121
|
+
constructor(message, errorUri) {
|
|
122
|
+
super("unsupported_token_type", message, errorUri);
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
/**
|
|
126
|
+
* Invalid token error - The access token provided is expired, revoked, malformed,
|
|
127
|
+
* or invalid for other reasons.
|
|
128
|
+
*/
|
|
129
|
+
export class InvalidTokenError extends OAuthError {
|
|
130
|
+
constructor(message, errorUri) {
|
|
131
|
+
super("invalid_token", message, errorUri);
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
/**
|
|
135
|
+
* Method not allowed error - The HTTP method used is not allowed for this endpoint.
|
|
136
|
+
* (Custom, non-standard error)
|
|
137
|
+
*/
|
|
138
|
+
export class MethodNotAllowedError extends OAuthError {
|
|
139
|
+
constructor(message, errorUri) {
|
|
140
|
+
super("method_not_allowed", message, errorUri);
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
/**
|
|
144
|
+
* Too many requests error - Rate limit exceeded.
|
|
145
|
+
* (Custom, non-standard error based on RFC 6585)
|
|
146
|
+
*/
|
|
147
|
+
export class TooManyRequestsError extends OAuthError {
|
|
148
|
+
constructor(message, errorUri) {
|
|
149
|
+
super("too_many_requests", message, errorUri);
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Invalid client metadata error - The client metadata is invalid.
|
|
154
|
+
* (Custom error for dynamic client registration - RFC 7591)
|
|
155
|
+
*/
|
|
156
|
+
export class InvalidClientMetadataError extends OAuthError {
|
|
157
|
+
constructor(message, errorUri) {
|
|
158
|
+
super("invalid_client_metadata", message, errorUri);
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
/**
|
|
162
|
+
* Insufficient scope error - The request requires higher privileges than provided by the access token.
|
|
163
|
+
*/
|
|
164
|
+
export class InsufficientScopeError extends OAuthError {
|
|
165
|
+
constructor(message, errorUri) {
|
|
166
|
+
super("insufficient_scope", message, errorUri);
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
//# sourceMappingURL=errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../../src/server/auth/errors.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,KAAK;IACnC,YACkB,SAAiB,EACjC,OAAe,EACC,QAAiB;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,cAAS,GAAT,SAAS,CAAQ;QAEjB,aAAQ,GAAR,QAAQ,CAAS;QAGjC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,MAAM,QAAQ,GAAuB;YACnC,KAAK,EAAE,IAAI,CAAC,SAAS;YACrB,iBAAiB,EAAE,IAAI,CAAC,OAAO;SAChC,CAAC;QAEF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC;QACrC,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,UAAU;IACjD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,iBAAiB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,kBAAmB,SAAQ,UAAU;IAChD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,gBAAgB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,iBAAkB,SAAQ,UAAU;IAC/C,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,eAAe,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,uBAAwB,SAAQ,UAAU;IACrD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,qBAAqB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,yBAA0B,SAAQ,UAAU;IACvD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,wBAAwB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACrD,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,iBAAkB,SAAQ,UAAU;IAC/C,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,eAAe,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,UAAU;IAC/C,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,eAAe,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,WAAY,SAAQ,UAAU;IACzC,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,cAAc,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3C,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,2BAA4B,SAAQ,UAAU;IACzD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,yBAAyB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACtD,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,UAAU;IAC1D,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,2BAA2B,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,yBAA0B,SAAQ,UAAU;IACvD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,wBAAwB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACrD,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,iBAAkB,SAAQ,UAAU;IAC/C,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,eAAe,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,UAAU;IACnD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,oBAAoB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,UAAU;IAClD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,mBAAmB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,0BAA2B,SAAQ,UAAU;IACxD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,yBAAyB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACtD,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,UAAU;IACpD,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,oBAAoB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC;CACF"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { RequestHandler } from "express";
|
|
2
|
+
import { OAuthServerProvider } from "../provider.js";
|
|
3
|
+
import { Options as RateLimitOptions } from "express-rate-limit";
|
|
4
|
+
export type AuthorizationHandlerOptions = {
|
|
5
|
+
provider: OAuthServerProvider;
|
|
6
|
+
/**
|
|
7
|
+
* Rate limiting configuration for the authorization endpoint.
|
|
8
|
+
* Set to false to disable rate limiting for this endpoint.
|
|
9
|
+
*/
|
|
10
|
+
rateLimit?: Partial<RateLimitOptions> | false;
|
|
11
|
+
};
|
|
12
|
+
export declare function authorizationHandler({ provider, rateLimit: rateLimitConfig }: AuthorizationHandlerOptions): RequestHandler;
|
|
13
|
+
//# sourceMappingURL=authorize.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorize.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/authorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,2BAA2B,GAAG;IACxC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CAC/C,CAAC;AAiBF,wBAAgB,oBAAoB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,2BAA2B,GAAG,cAAc,CAmH1H"}
|
|
@@ -0,0 +1,143 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
import express from "express";
|
|
3
|
+
import { rateLimit } from "express-rate-limit";
|
|
4
|
+
import { allowedMethods } from "../middleware/allowedMethods.js";
|
|
5
|
+
import { InvalidRequestError, InvalidClientError, InvalidScopeError, ServerError, TooManyRequestsError, OAuthError } from "../errors.js";
|
|
6
|
+
// Parameters that must be validated in order to issue redirects.
|
|
7
|
+
const ClientAuthorizationParamsSchema = z.object({
|
|
8
|
+
client_id: z.string(),
|
|
9
|
+
redirect_uri: z.string().optional().refine((value) => value === undefined || URL.canParse(value), { message: "redirect_uri must be a valid URL" }),
|
|
10
|
+
});
|
|
11
|
+
// Parameters that must be validated for a successful authorization request. Failure can be reported to the redirect URI.
|
|
12
|
+
const RequestAuthorizationParamsSchema = z.object({
|
|
13
|
+
response_type: z.literal("code"),
|
|
14
|
+
code_challenge: z.string(),
|
|
15
|
+
code_challenge_method: z.literal("S256"),
|
|
16
|
+
scope: z.string().optional(),
|
|
17
|
+
state: z.string().optional(),
|
|
18
|
+
});
|
|
19
|
+
export function authorizationHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
20
|
+
// Create a router to apply middleware
|
|
21
|
+
const router = express.Router();
|
|
22
|
+
router.use(allowedMethods(["GET", "POST"]));
|
|
23
|
+
router.use(express.urlencoded({ extended: false }));
|
|
24
|
+
// Apply rate limiting unless explicitly disabled
|
|
25
|
+
if (rateLimitConfig !== false) {
|
|
26
|
+
router.use(rateLimit({
|
|
27
|
+
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
28
|
+
max: 100, // 100 requests per windowMs
|
|
29
|
+
standardHeaders: true,
|
|
30
|
+
legacyHeaders: false,
|
|
31
|
+
message: new TooManyRequestsError('You have exceeded the rate limit for authorization requests').toResponseObject(),
|
|
32
|
+
...rateLimitConfig
|
|
33
|
+
}));
|
|
34
|
+
}
|
|
35
|
+
router.all("/", async (req, res) => {
|
|
36
|
+
var _a;
|
|
37
|
+
res.setHeader('Cache-Control', 'no-store');
|
|
38
|
+
// In the authorization flow, errors are split into two categories:
|
|
39
|
+
// 1. Pre-redirect errors (direct response with 400)
|
|
40
|
+
// 2. Post-redirect errors (redirect with error parameters)
|
|
41
|
+
// Phase 1: Validate client_id and redirect_uri. Any errors here must be direct responses.
|
|
42
|
+
let client_id, redirect_uri, client;
|
|
43
|
+
try {
|
|
44
|
+
const result = ClientAuthorizationParamsSchema.safeParse(req.method === 'POST' ? req.body : req.query);
|
|
45
|
+
if (!result.success) {
|
|
46
|
+
throw new InvalidRequestError(result.error.message);
|
|
47
|
+
}
|
|
48
|
+
client_id = result.data.client_id;
|
|
49
|
+
redirect_uri = result.data.redirect_uri;
|
|
50
|
+
client = await provider.clientsStore.getClient(client_id);
|
|
51
|
+
if (!client) {
|
|
52
|
+
throw new InvalidClientError("Invalid client_id");
|
|
53
|
+
}
|
|
54
|
+
if (redirect_uri !== undefined) {
|
|
55
|
+
if (!client.redirect_uris.includes(redirect_uri)) {
|
|
56
|
+
throw new InvalidRequestError("Unregistered redirect_uri");
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
else if (client.redirect_uris.length === 1) {
|
|
60
|
+
redirect_uri = client.redirect_uris[0];
|
|
61
|
+
}
|
|
62
|
+
else {
|
|
63
|
+
throw new InvalidRequestError("redirect_uri must be specified when client has multiple registered URIs");
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
catch (error) {
|
|
67
|
+
// Pre-redirect errors - return direct response
|
|
68
|
+
//
|
|
69
|
+
// These don't need to be JSON encoded, as they'll be displayed in a user
|
|
70
|
+
// agent, but OTOH they all represent exceptional situations (arguably,
|
|
71
|
+
// "programmer error"), so presenting a nice HTML page doesn't help the
|
|
72
|
+
// user anyway.
|
|
73
|
+
if (error instanceof OAuthError) {
|
|
74
|
+
const status = error instanceof ServerError ? 500 : 400;
|
|
75
|
+
res.status(status).json(error.toResponseObject());
|
|
76
|
+
}
|
|
77
|
+
else {
|
|
78
|
+
console.error("Unexpected error looking up client:", error);
|
|
79
|
+
const serverError = new ServerError("Internal Server Error");
|
|
80
|
+
res.status(500).json(serverError.toResponseObject());
|
|
81
|
+
}
|
|
82
|
+
return;
|
|
83
|
+
}
|
|
84
|
+
// Phase 2: Validate other parameters. Any errors here should go into redirect responses.
|
|
85
|
+
let state;
|
|
86
|
+
try {
|
|
87
|
+
// Parse and validate authorization parameters
|
|
88
|
+
const parseResult = RequestAuthorizationParamsSchema.safeParse(req.method === 'POST' ? req.body : req.query);
|
|
89
|
+
if (!parseResult.success) {
|
|
90
|
+
throw new InvalidRequestError(parseResult.error.message);
|
|
91
|
+
}
|
|
92
|
+
const { scope, code_challenge } = parseResult.data;
|
|
93
|
+
state = parseResult.data.state;
|
|
94
|
+
// Validate scopes
|
|
95
|
+
let requestedScopes = [];
|
|
96
|
+
if (scope !== undefined) {
|
|
97
|
+
requestedScopes = scope.split(" ");
|
|
98
|
+
const allowedScopes = new Set((_a = client.scope) === null || _a === void 0 ? void 0 : _a.split(" "));
|
|
99
|
+
// Check each requested scope against allowed scopes
|
|
100
|
+
for (const scope of requestedScopes) {
|
|
101
|
+
if (!allowedScopes.has(scope)) {
|
|
102
|
+
throw new InvalidScopeError(`Client was not registered with scope ${scope}`);
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
// All validation passed, proceed with authorization
|
|
107
|
+
await provider.authorize(client, {
|
|
108
|
+
state,
|
|
109
|
+
scopes: requestedScopes,
|
|
110
|
+
redirectUri: redirect_uri,
|
|
111
|
+
codeChallenge: code_challenge,
|
|
112
|
+
}, res);
|
|
113
|
+
}
|
|
114
|
+
catch (error) {
|
|
115
|
+
// Post-redirect errors - redirect with error parameters
|
|
116
|
+
if (error instanceof OAuthError) {
|
|
117
|
+
res.redirect(302, createErrorRedirect(redirect_uri, error, state));
|
|
118
|
+
}
|
|
119
|
+
else {
|
|
120
|
+
console.error("Unexpected error during authorization:", error);
|
|
121
|
+
const serverError = new ServerError("Internal Server Error");
|
|
122
|
+
res.redirect(302, createErrorRedirect(redirect_uri, serverError, state));
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
});
|
|
126
|
+
return router;
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* Helper function to create redirect URL with error parameters
|
|
130
|
+
*/
|
|
131
|
+
function createErrorRedirect(redirectUri, error, state) {
|
|
132
|
+
const errorUrl = new URL(redirectUri);
|
|
133
|
+
errorUrl.searchParams.set("error", error.errorCode);
|
|
134
|
+
errorUrl.searchParams.set("error_description", error.message);
|
|
135
|
+
if (error.errorUri) {
|
|
136
|
+
errorUrl.searchParams.set("error_uri", error.errorUri);
|
|
137
|
+
}
|
|
138
|
+
if (state) {
|
|
139
|
+
errorUrl.searchParams.set("state", state);
|
|
140
|
+
}
|
|
141
|
+
return errorUrl.href;
|
|
142
|
+
}
|
|
143
|
+
//# sourceMappingURL=authorize.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorize.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/authorize.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,UAAU,EACX,MAAM,cAAc,CAAC;AAWtB,iEAAiE;AACjE,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;CACnJ,CAAC,CAAC;AAEH,yHAAyH;AACzH,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IAChC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;IAC1B,qBAAqB,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACxC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC;AAEH,MAAM,UAAU,oBAAoB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAA+B;IACxG,sCAAsC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAChC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,GAAG,EAAE,4BAA4B;YACtC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,oBAAoB,CAAC,6DAA6D,CAAC,CAAC,gBAAgB,EAAE;YACnH,GAAG,eAAe;SACnB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;;QACjC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,mEAAmE;QACnE,oDAAoD;QACpD,2DAA2D;QAE3D,0FAA0F;QAC1F,IAAI,SAAS,EAAE,YAAY,EAAE,MAAM,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,+BAA+B,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACvG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACtD,CAAC;YAED,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;YAClC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;YAExC,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC1D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;gBAC/B,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBACjD,MAAM,IAAI,mBAAmB,CAAC,2BAA2B,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC;iBAAM,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7C,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;YACzC,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,mBAAmB,CAAC,yEAAyE,CAAC,CAAC;YAC3G,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,+CAA+C;YAC/C,EAAE;YACF,yEAAyE;YACzE,uEAAuE;YACvE,uEAAuE;YACvE,eAAe;YACf,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;gBAC5D,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvD,CAAC;YAED,OAAO;QACT,CAAC;QAED,yFAAyF;QACzF,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,8CAA8C;YAC9C,MAAM,WAAW,GAAG,gCAAgC,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAC7G,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,MAAM,IAAI,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;YACnD,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YAE/B,kBAAkB;YAClB,IAAI,eAAe,GAAa,EAAE,CAAC;YACnC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAA,MAAM,CAAC,KAAK,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBAExD,oDAAoD;gBACpD,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;oBACpC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC9B,MAAM,IAAI,iBAAiB,CAAC,wCAAwC,KAAK,EAAE,CAAC,CAAC;oBAC/E,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oDAAoD;YACpD,MAAM,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE;gBAC/B,KAAK;gBACL,MAAM,EAAE,eAAe;gBACvB,WAAW,EAAE,YAAY;gBACzB,aAAa,EAAE,cAAc;aAC9B,EAAE,GAAG,CAAC,CAAC;QACV,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,wDAAwD;YACxD,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAChC,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,mBAAmB,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YACrE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,KAAK,CAAC,CAAC;gBAC/D,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,mBAAmB,CAAC,YAAY,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,WAAmB,EAAE,KAAiB,EAAE,KAAc;IACjF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IACpD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9D,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACnB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC;AACvB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"metadata.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAIxD,wBAAgB,eAAe,CAAC,QAAQ,EAAE,aAAa,GAAG,cAAc,CAavE"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import express from "express";
|
|
2
|
+
import cors from 'cors';
|
|
3
|
+
import { allowedMethods } from "../middleware/allowedMethods.js";
|
|
4
|
+
export function metadataHandler(metadata) {
|
|
5
|
+
// Nested router so we can configure middleware and restrict HTTP method
|
|
6
|
+
const router = express.Router();
|
|
7
|
+
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
8
|
+
router.use(cors());
|
|
9
|
+
router.use(allowedMethods(['GET']));
|
|
10
|
+
router.get("/", (req, res) => {
|
|
11
|
+
res.status(200).json(metadata);
|
|
12
|
+
});
|
|
13
|
+
return router;
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=metadata.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"metadata.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/metadata.ts"],"names":[],"mappings":"AAAA,OAAO,OAA2B,MAAM,SAAS,CAAC;AAElD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAEjE,MAAM,UAAU,eAAe,CAAC,QAAuB;IACrD,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACpC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { RequestHandler } from "express";
|
|
2
|
+
import { OAuthRegisteredClientsStore } from "../clients.js";
|
|
3
|
+
import { Options as RateLimitOptions } from "express-rate-limit";
|
|
4
|
+
export type ClientRegistrationHandlerOptions = {
|
|
5
|
+
/**
|
|
6
|
+
* A store used to save information about dynamically registered OAuth clients.
|
|
7
|
+
*/
|
|
8
|
+
clientsStore: OAuthRegisteredClientsStore;
|
|
9
|
+
/**
|
|
10
|
+
* The number of seconds after which to expire issued client secrets, or 0 to prevent expiration of client secrets (not recommended).
|
|
11
|
+
*
|
|
12
|
+
* If not set, defaults to 30 days.
|
|
13
|
+
*/
|
|
14
|
+
clientSecretExpirySeconds?: number;
|
|
15
|
+
/**
|
|
16
|
+
* Rate limiting configuration for the client registration endpoint.
|
|
17
|
+
* Set to false to disable rate limiting for this endpoint.
|
|
18
|
+
* Registration endpoints are particularly sensitive to abuse and should be rate limited.
|
|
19
|
+
*/
|
|
20
|
+
rateLimit?: Partial<RateLimitOptions> | false;
|
|
21
|
+
};
|
|
22
|
+
export declare function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds, rateLimit: rateLimitConfig }: ClientRegistrationHandlerOptions): RequestHandler;
|
|
23
|
+
//# sourceMappingURL=register.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAE,2BAA2B,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAS5E,MAAM,MAAM,gCAAgC,GAAG;IAC7C;;OAEG;IACH,YAAY,EAAE,2BAA2B,CAAC;IAE1C;;;;OAIG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CAC/C,CAAC;AAIF,wBAAgB,yBAAyB,CAAC,EACxC,YAAY,EACZ,yBAAgE,EAChE,SAAS,EAAE,eAAe,EAC3B,EAAE,gCAAgC,GAAG,cAAc,CAmEnD"}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
import express from "express";
|
|
2
|
+
import { OAuthClientMetadataSchema } from "../../../shared/auth.js";
|
|
3
|
+
import crypto from 'node:crypto';
|
|
4
|
+
import cors from 'cors';
|
|
5
|
+
import { rateLimit } from "express-rate-limit";
|
|
6
|
+
import { allowedMethods } from "../middleware/allowedMethods.js";
|
|
7
|
+
import { InvalidClientMetadataError, ServerError, TooManyRequestsError, OAuthError } from "../errors.js";
|
|
8
|
+
const DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS = 30 * 24 * 60 * 60; // 30 days
|
|
9
|
+
export function clientRegistrationHandler({ clientsStore, clientSecretExpirySeconds = DEFAULT_CLIENT_SECRET_EXPIRY_SECONDS, rateLimit: rateLimitConfig }) {
|
|
10
|
+
if (!clientsStore.registerClient) {
|
|
11
|
+
throw new Error("Client registration store does not support registering clients");
|
|
12
|
+
}
|
|
13
|
+
// Nested router so we can configure middleware and restrict HTTP method
|
|
14
|
+
const router = express.Router();
|
|
15
|
+
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
16
|
+
router.use(cors());
|
|
17
|
+
router.use(allowedMethods(["POST"]));
|
|
18
|
+
router.use(express.json());
|
|
19
|
+
// Apply rate limiting unless explicitly disabled - stricter limits for registration
|
|
20
|
+
if (rateLimitConfig !== false) {
|
|
21
|
+
router.use(rateLimit({
|
|
22
|
+
windowMs: 60 * 60 * 1000, // 1 hour
|
|
23
|
+
max: 20, // 20 requests per hour - stricter as registration is sensitive
|
|
24
|
+
standardHeaders: true,
|
|
25
|
+
legacyHeaders: false,
|
|
26
|
+
message: new TooManyRequestsError('You have exceeded the rate limit for client registration requests').toResponseObject(),
|
|
27
|
+
...rateLimitConfig
|
|
28
|
+
}));
|
|
29
|
+
}
|
|
30
|
+
router.post("/", async (req, res) => {
|
|
31
|
+
res.setHeader('Cache-Control', 'no-store');
|
|
32
|
+
try {
|
|
33
|
+
const parseResult = OAuthClientMetadataSchema.safeParse(req.body);
|
|
34
|
+
if (!parseResult.success) {
|
|
35
|
+
throw new InvalidClientMetadataError(parseResult.error.message);
|
|
36
|
+
}
|
|
37
|
+
const clientMetadata = parseResult.data;
|
|
38
|
+
// Generate client credentials
|
|
39
|
+
const clientId = crypto.randomUUID();
|
|
40
|
+
const clientSecret = clientMetadata.token_endpoint_auth_method !== 'none'
|
|
41
|
+
? crypto.randomBytes(32).toString('hex')
|
|
42
|
+
: undefined;
|
|
43
|
+
const clientIdIssuedAt = Math.floor(Date.now() / 1000);
|
|
44
|
+
let clientInfo = {
|
|
45
|
+
...clientMetadata,
|
|
46
|
+
client_id: clientId,
|
|
47
|
+
client_secret: clientSecret,
|
|
48
|
+
client_id_issued_at: clientIdIssuedAt,
|
|
49
|
+
client_secret_expires_at: clientSecretExpirySeconds > 0 ? clientIdIssuedAt + clientSecretExpirySeconds : 0
|
|
50
|
+
};
|
|
51
|
+
clientInfo = await clientsStore.registerClient(clientInfo);
|
|
52
|
+
res.status(201).json(clientInfo);
|
|
53
|
+
}
|
|
54
|
+
catch (error) {
|
|
55
|
+
if (error instanceof OAuthError) {
|
|
56
|
+
const status = error instanceof ServerError ? 500 : 400;
|
|
57
|
+
res.status(status).json(error.toResponseObject());
|
|
58
|
+
}
|
|
59
|
+
else {
|
|
60
|
+
console.error("Unexpected error registering client:", error);
|
|
61
|
+
const serverError = new ServerError("Internal Server Error");
|
|
62
|
+
res.status(500).json(serverError.toResponseObject());
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
});
|
|
66
|
+
return router;
|
|
67
|
+
}
|
|
68
|
+
//# sourceMappingURL=register.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/register.ts"],"names":[],"mappings":"AAAA,OAAO,OAA2B,MAAM,SAAS,CAAC;AAClD,OAAO,EAA8B,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AAChG,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EACL,0BAA0B,EAC1B,WAAW,EACX,oBAAoB,EACpB,UAAU,EACX,MAAM,cAAc,CAAC;AAuBtB,MAAM,oCAAoC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;AAE1E,MAAM,UAAU,yBAAyB,CAAC,EACxC,YAAY,EACZ,yBAAyB,GAAG,oCAAoC,EAChE,SAAS,EAAE,eAAe,EACO;IACjC,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACpF,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAE3B,oFAAoF;IACpF,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;YACnC,GAAG,EAAE,EAAE,EAAE,+DAA+D;YACxE,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,oBAAoB,CAAC,mEAAmE,CAAC,CAAC,gBAAgB,EAAE;YACzH,GAAG,eAAe;SACnB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,yBAAyB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,MAAM,IAAI,0BAA0B,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC;YAExC,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YACrC,MAAM,YAAY,GAAG,cAAc,CAAC,0BAA0B,KAAK,MAAM;gBACvE,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACxC,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAEvD,IAAI,UAAU,GAA+B;gBAC3C,GAAG,cAAc;gBACjB,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,mBAAmB,EAAE,gBAAgB;gBACrC,wBAAwB,EAAE,yBAAyB,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC;aAC3G,CAAC;YAEF,UAAU,GAAG,MAAM,YAAY,CAAC,cAAe,CAAC,UAAU,CAAC,CAAC;YAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;gBAC7D,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { OAuthServerProvider } from "../provider.js";
|
|
2
|
+
import { RequestHandler } from "express";
|
|
3
|
+
import { Options as RateLimitOptions } from "express-rate-limit";
|
|
4
|
+
export type RevocationHandlerOptions = {
|
|
5
|
+
provider: OAuthServerProvider;
|
|
6
|
+
/**
|
|
7
|
+
* Rate limiting configuration for the token revocation endpoint.
|
|
8
|
+
* Set to false to disable rate limiting for this endpoint.
|
|
9
|
+
*/
|
|
10
|
+
rateLimit?: Partial<RateLimitOptions> | false;
|
|
11
|
+
};
|
|
12
|
+
export declare function revocationHandler({ provider, rateLimit: rateLimitConfig }: RevocationHandlerOptions): RequestHandler;
|
|
13
|
+
//# sourceMappingURL=revoke.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"revoke.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAIlD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAS5E,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CAC/C,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,wBAAwB,GAAG,cAAc,CA4DpH"}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import express from "express";
|
|
2
|
+
import cors from "cors";
|
|
3
|
+
import { authenticateClient } from "../middleware/clientAuth.js";
|
|
4
|
+
import { OAuthTokenRevocationRequestSchema } from "../../../shared/auth.js";
|
|
5
|
+
import { rateLimit } from "express-rate-limit";
|
|
6
|
+
import { allowedMethods } from "../middleware/allowedMethods.js";
|
|
7
|
+
import { InvalidRequestError, ServerError, TooManyRequestsError, OAuthError } from "../errors.js";
|
|
8
|
+
export function revocationHandler({ provider, rateLimit: rateLimitConfig }) {
|
|
9
|
+
if (!provider.revokeToken) {
|
|
10
|
+
throw new Error("Auth provider does not support revoking tokens");
|
|
11
|
+
}
|
|
12
|
+
// Nested router so we can configure middleware and restrict HTTP method
|
|
13
|
+
const router = express.Router();
|
|
14
|
+
// Configure CORS to allow any origin, to make accessible to web-based MCP clients
|
|
15
|
+
router.use(cors());
|
|
16
|
+
router.use(allowedMethods(["POST"]));
|
|
17
|
+
router.use(express.urlencoded({ extended: false }));
|
|
18
|
+
// Apply rate limiting unless explicitly disabled
|
|
19
|
+
if (rateLimitConfig !== false) {
|
|
20
|
+
router.use(rateLimit({
|
|
21
|
+
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
22
|
+
max: 50, // 50 requests per windowMs
|
|
23
|
+
standardHeaders: true,
|
|
24
|
+
legacyHeaders: false,
|
|
25
|
+
message: new TooManyRequestsError('You have exceeded the rate limit for token revocation requests').toResponseObject(),
|
|
26
|
+
...rateLimitConfig
|
|
27
|
+
}));
|
|
28
|
+
}
|
|
29
|
+
// Authenticate and extract client details
|
|
30
|
+
router.use(authenticateClient({ clientsStore: provider.clientsStore }));
|
|
31
|
+
router.post("/", async (req, res) => {
|
|
32
|
+
res.setHeader('Cache-Control', 'no-store');
|
|
33
|
+
try {
|
|
34
|
+
const parseResult = OAuthTokenRevocationRequestSchema.safeParse(req.body);
|
|
35
|
+
if (!parseResult.success) {
|
|
36
|
+
throw new InvalidRequestError(parseResult.error.message);
|
|
37
|
+
}
|
|
38
|
+
const client = req.client;
|
|
39
|
+
if (!client) {
|
|
40
|
+
// This should never happen
|
|
41
|
+
console.error("Missing client information after authentication");
|
|
42
|
+
throw new ServerError("Internal Server Error");
|
|
43
|
+
}
|
|
44
|
+
await provider.revokeToken(client, parseResult.data);
|
|
45
|
+
res.status(200).json({});
|
|
46
|
+
}
|
|
47
|
+
catch (error) {
|
|
48
|
+
if (error instanceof OAuthError) {
|
|
49
|
+
const status = error instanceof ServerError ? 500 : 400;
|
|
50
|
+
res.status(status).json(error.toResponseObject());
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
console.error("Unexpected error revoking token:", error);
|
|
54
|
+
const serverError = new ServerError("Internal Server Error");
|
|
55
|
+
res.status(500).json(serverError.toResponseObject());
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
});
|
|
59
|
+
return router;
|
|
60
|
+
}
|
|
61
|
+
//# sourceMappingURL=revoke.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"revoke.js","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/revoke.ts"],"names":[],"mappings":"AACA,OAAO,OAA2B,MAAM,SAAS,CAAC;AAClD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,iCAAiC,EAAE,MAAM,yBAAyB,CAAC;AAC5E,OAAO,EAAE,SAAS,EAA+B,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EACL,mBAAmB,EACnB,WAAW,EACX,oBAAoB,EACpB,UAAU,EACX,MAAM,cAAc,CAAC;AAWtB,MAAM,UAAU,iBAAiB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAA4B;IAClG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAEnB,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpD,iDAAiD;IACjD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;YACvC,GAAG,EAAE,EAAE,EAAE,2BAA2B;YACpC,eAAe,EAAE,IAAI;YACrB,aAAa,EAAE,KAAK;YACpB,OAAO,EAAE,IAAI,oBAAoB,CAAC,gEAAgE,CAAC,CAAC,gBAAgB,EAAE;YACtH,GAAG,eAAe;SACnB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,0CAA0C;IAC1C,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAExE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,iCAAiC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,MAAM,IAAI,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,2BAA2B;gBAC3B,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;gBACjE,MAAM,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;YACjD,CAAC;YAED,MAAM,QAAQ,CAAC,WAAY,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,KAAK,YAAY,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;gBACzD,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { RequestHandler } from "express";
|
|
2
|
+
import { OAuthServerProvider } from "../provider.js";
|
|
3
|
+
import { Options as RateLimitOptions } from "express-rate-limit";
|
|
4
|
+
export type TokenHandlerOptions = {
|
|
5
|
+
provider: OAuthServerProvider;
|
|
6
|
+
/**
|
|
7
|
+
* Rate limiting configuration for the token endpoint.
|
|
8
|
+
* Set to false to disable rate limiting for this endpoint.
|
|
9
|
+
*/
|
|
10
|
+
rateLimit?: Partial<RateLimitOptions> | false;
|
|
11
|
+
};
|
|
12
|
+
export declare function tokenHandler({ provider, rateLimit: rateLimitConfig }: TokenHandlerOptions): RequestHandler;
|
|
13
|
+
//# sourceMappingURL=token.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../src/server/auth/handlers/token.ts"],"names":[],"mappings":"AACA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAIrD,OAAO,EAAa,OAAO,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAW5E,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;CAC/C,CAAC;AAgBF,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE,mBAAmB,GAAG,cAAc,CAkG1G"}
|