npm - @mondaydotcomorg/atp-server - Versions diffs - 0.24.0 → 0.24.2 - Mend

@mondaydotcomorg/atp-server 0.24.0 → 0.24.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/dist/client-sessions.d.ts +0 -13
package/dist/client-sessions.d.ts.map +1 -1
package/dist/client-sessions.js +1 -57
package/dist/client-sessions.js.map +1 -1
package/dist/create-server.d.ts +0 -1
package/dist/create-server.d.ts.map +1 -1
package/dist/create-server.js +1 -7
package/dist/create-server.js.map +1 -1
package/dist/graphql-loader.d.ts +27 -5
package/dist/graphql-loader.d.ts.map +1 -1
package/dist/graphql-loader.js +14 -11
package/dist/graphql-loader.js.map +1 -1
package/dist/http/router.d.ts.map +1 -1
package/dist/http/router.js +0 -3
package/dist/http/router.js.map +1 -1
package/dist/index.cjs +29 -98
package/dist/index.cjs.map +1 -1
package/dist/index.js +29 -98
package/dist/index.js.map +1 -1
package/dist/openapi-loader.d.ts +32 -7
package/dist/openapi-loader.d.ts.map +1 -1
package/dist/openapi-loader.js +11 -9
package/dist/openapi-loader.js.map +1 -1
package/package.json +6 -6
package/src/client-sessions.ts +1 -64
package/src/create-server.ts +1 -7
package/src/graphql-loader.ts +43 -17
package/src/http/router.ts +0 -2
package/src/openapi-loader.ts +47 -17
package/dist/handlers/token.handler.d.ts +0 -18
package/dist/handlers/token.handler.d.ts.map +0 -1
package/dist/handlers/token.handler.js +0 -36
package/dist/handlers/token.handler.js.map +0 -1
package/src/handlers/token.handler.ts +0 -59

package/dist/index.cjs CHANGED Viewed

@@ -6211,7 +6211,7 @@ function isSwagger2(spec) {
   return "swagger" in spec;
 }
 async function loadOpenAPI(source, options = {}) {
-  const spec = await loadSpec(source);
+  const spec = await loadSpec(source, options.fetcher);
   const name = options.name || spec.info.title.toLowerCase().replace(/\s+/g, "-");
   let baseURL = options.baseURL;
   if (!baseURL) {
@@ -6255,11 +6255,14 @@ async function loadOpenAPI(source, options = {}) {
     auth
   };
 }
-async function loadSpec(source) {
+async function loadSpec(source, fetcher) {
   let content;
   let isYaml = false;
   if (source.startsWith("http://") || source.startsWith("https://")) {
-    const response = await fetch(source);
+    const fetchFn = fetcher || fetch;
+    const response = await fetchFn(source, {
+      method: "GET"
+    });
     if (!response.ok) {
       throw new Error(`Failed to load OpenAPI spec from ${source}: ${response.statusText}`);
     }
@@ -6362,12 +6365,12 @@ function convertOperation(path, method, operation, spec, baseURL, options, pathP
     const headers = {
       "Content-Type": "application/json"
     };
-    let context;
-    if (options.contextProvider) {
-      context = await options.contextProvider(handlerContext?.requestContext);
-    }
     if (options.headerProvider) {
-      const dynamicHeaders = await options.headerProvider(input, context);
+      let requestContext = handlerContext?.requestContext;
+      if (options.contextProvider) {
+        requestContext = await options.contextProvider(requestContext);
+      }
+      const dynamicHeaders = await options.headerProvider(input, requestContext);
       Object.assign(headers, dynamicHeaders);
       atpRuntime.log.debug("Added headers from headerProvider", {
         keys: Object.keys(dynamicHeaders)
@@ -6491,7 +6494,8 @@ function convertOperation(path, method, operation, spec, baseURL, options, pathP
         if (transformed.headers) finalHeaders = transformed.headers;
         if (transformed.body !== void 0) finalBody = transformed.body;
       }
-      const response = await fetch(finalUrl, {
+      const fetchFn = options.fetcher || fetch;
+      const response = await fetchFn(finalUrl, {
         method: finalMethod,
         headers: finalHeaders,
         body: finalBody
@@ -6824,12 +6828,11 @@ var ClientSessionManager = class {
       this.jwtSecret = secret;
     }
   }
-  ensureClientJWT(token, clientId, ignoreExpiration = false) {
+  ensureClientJWT(token, clientId) {
     const decoded = jwt__default.default.verify(token, this.jwtSecret, {
       algorithms: [
         "HS256"
-      ],
-      ignoreExpiration
+      ]
     });
     if (decoded.clientId !== clientId || decoded.type !== "client") {
       return false;
@@ -6877,22 +6880,6 @@ var ClientSessionManager = class {
     }
   }
   /**
-  * Verify client token for refresh purposes - allows expired JWT tokens.
-  * This is used during token refresh when the JWT may have expired but
-  * the session still exists in cache.
-  */
-  async verifyClientForRefresh(clientId, token) {
-    try {
-      if (!this.ensureClientJWT(token, clientId, true)) {
-        return false;
-      }
-      const session = await this.cache.get(`session:${clientId}`);
-      return session !== null;
-    } catch {
-      return false;
-    }
-  }
-  /**
   * Get client session
   */
   async getSession(clientId) {
@@ -6932,36 +6919,6 @@ var ClientSessionManager = class {
     });
   }
   /**
-  * Refresh token for an existing client session.
-  * Returns new token credentials if session exists in cache.
-  * This works even if the session's expiresAt has passed - the refresh
-  * will update expiresAt to extend the session.
-  */
-  async refreshToken(clientId) {
-    const session = await this.cache.get(`session:${clientId}`);
-    if (!session) {
-      return null;
-    }
-    await this.cache.delete(`session:${clientId}`);
-    const newClientId = this.generateClientId();
-    const now = Date.now();
-    const newExpiresAt = now + this.tokenTTL;
-    const newTokenRotateAt = now + this.tokenRotation;
-    const updatedSession = {
-      ...session,
-      clientId,
-      expiresAt: newExpiresAt
-    };
-    await this.cache.set(`session:${newClientId}`, updatedSession);
-    const newToken = this.generateToken(newClientId);
-    return {
-      clientId: newClientId,
-      token: newToken,
-      expiresAt: newExpiresAt,
-      tokenRotateAt: newTokenRotateAt
-    };
-  }
-  /**
   * Get token TTL and rotation settings (useful for clients)
   */
   getTokenSettings() {
@@ -11447,8 +11404,6 @@ async function handleRoute(ctx, server) {
   } else if (ctx.path.startsWith("/api/resume/") && ctx.method === "POST") {
     const executionId = ctx.path.substring("/api/resume/".length);
     ctx.responseBody = await server.handleResume(ctx, executionId);
-  } else if (ctx.path === "/api/token/refresh" && ctx.method === "POST") {
-    ctx.responseBody = await server.handleTokenRefresh(ctx);
   } else {
     ctx.status = 404;
     ctx.responseBody = {
@@ -12186,32 +12141,6 @@ async function handleResume(ctx, executionId, executor, stateManager, serverConf
   return result;
 }
 __name(handleResume, "handleResume");
-async function handleTokenRefresh(ctx, sessionManager) {
-  const clientId = ctx.clientId || ctx.body?.clientId;
-  if (!clientId) {
-    ctx.throw(400, "Client ID is required for token refresh");
-  }
-  const authHeader = ctx.headers["authorization"];
-  if (!authHeader || !authHeader.startsWith("Bearer ")) {
-    ctx.throw(401, "Bearer token required for refresh");
-  }
-  const currentToken = authHeader.substring(7);
-  const isValid = await sessionManager.verifyClientForRefresh(clientId, currentToken);
-  if (!isValid) {
-    ctx.throw(401, "Invalid token or session expired");
-  }
-  const refreshResult = await sessionManager.refreshToken(clientId);
-  if (!refreshResult) {
-    ctx.throw(401, "Session not found or expired");
-  }
-  atpRuntime.log.debug("Token refreshed", {
-    clientId,
-    newExpiresAt: refreshResult.expiresAt,
-    newRotateAt: refreshResult.tokenRotateAt
-  });
-  return refreshResult;
-}
-__name(handleTokenRefresh, "handleTokenRefresh");
 // src/handlers/definitions.handler.ts
 async function getDefinitions(apiGroups) {
@@ -21359,7 +21288,7 @@ function buildSchema(source, options) {
   });
 }
 __name(buildSchema, "buildSchema");
-async function resolveHeaders(options, params, executionContext) {
+async function resolveHeaders(options, params, requestContext) {
   const headers = {};
   if (options.headers) {
     Object.assign(headers, options.headers);
@@ -21372,8 +21301,11 @@ async function resolveHeaders(options, params, executionContext) {
     Object.assign(headers, authHeaders);
   }
   if (options.headerProvider) {
-    const context = options.contextProvider ? await options.contextProvider(executionContext) : void 0;
-    const dynamicHeaders = await options.headerProvider(params, context);
+    let ctx = requestContext;
+    if (options.contextProvider) {
+      ctx = await options.contextProvider(requestContext);
+    }
+    const dynamicHeaders = await options.headerProvider(params, ctx);
     Object.assign(headers, dynamicHeaders);
   }
   return headers;
@@ -21499,8 +21431,9 @@ async function loadGraphQL(source, options = {}) {
 __name(loadGraphQL, "loadGraphQL");
 async function loadSchema(source, options) {
   if (source.startsWith("http://") || source.startsWith("https://")) {
+    const fetchFn = options.fetcher || fetch;
     const headers = await resolveHeaders(options);
-    const response = await fetch(source, {
+    const response = await fetchFn(source, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -21511,7 +21444,8 @@ async function loadSchema(source, options) {
       })
     });
     if (!response.ok) {
-      const getResponse = await fetch(source, {
+      const getResponse = await fetchFn(source, {
+        method: "GET",
         headers
       });
       if (getResponse.ok) {
@@ -21581,8 +21515,9 @@ function convertFieldToFunction(type, fieldName, field, url, options) {
         context.metadata.graphql_query = query;
         context.metadata.graphql_variables = variables;
       }
-      const headers = await resolveHeaders(options, paramsObj, context);
-      const response = await fetch(url, {
+      const headers = await resolveHeaders(options, paramsObj, context?.requestContext);
+      const fetchFn = options.fetcher || fetch;
+      const response = await fetchFn(url, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
@@ -21900,7 +21835,7 @@ var AgentToolProtocolServer = class {
     if (!this.cacheProvider) {
       this.cacheProvider = new atpProviders.MemoryCache({
         maxKeys: 1e3,
-        defaultTTL: 3600
+        defaultTTL: 24 * 3600
       });
       atpRuntime.log.info("Cache provider configured (default)", {
         provider: "memory"
@@ -22273,10 +22208,6 @@ var AgentToolProtocolServer = class {
     }
     return await handleResume(ctx, executionId, this.executor, this.stateManager, this.config, this.sessionManager);
   }
-  async handleTokenRefresh(ctx) {
-    if (!this.sessionManager) ctx.throw(503, "Session manager not initialized");
-    return await handleTokenRefresh(ctx, this.sessionManager);
-  }
   /**
   * Update server components with new API groups (internal method)
   * @private