@moovio/sdk 0.0.0-dev.17 → 0.0.0-dev.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -2
- package/bin/mcp-server.js +56 -11
- package/bin/mcp-server.js.map +10 -9
- package/hooks/access-token-hook.d.ts +25 -0
- package/hooks/access-token-hook.d.ts.map +1 -0
- package/hooks/access-token-hook.js +60 -0
- package/hooks/access-token-hook.js.map +1 -0
- package/hooks/registration.d.ts.map +1 -1
- package/hooks/registration.js +4 -0
- package/hooks/registration.js.map +1 -1
- package/jsr.json +1 -1
- package/lib/config.d.ts +7 -3
- package/lib/config.d.ts.map +1 -1
- package/lib/config.js +3 -3
- package/lib/config.js.map +1 -1
- package/mcp-server/cli/start/command.d.ts.map +1 -1
- package/mcp-server/cli/start/command.js +8 -0
- package/mcp-server/cli/start/command.js.map +1 -1
- package/mcp-server/cli/start/impl.d.ts +1 -0
- package/mcp-server/cli/start/impl.d.ts.map +1 -1
- package/mcp-server/cli/start/impl.js +2 -0
- package/mcp-server/cli/start/impl.js.map +1 -1
- package/mcp-server/mcp-server.js +1 -1
- package/mcp-server/server.d.ts +1 -0
- package/mcp-server/server.d.ts.map +1 -1
- package/mcp-server/server.js +2 -1
- package/mcp-server/server.js.map +1 -1
- package/package.json +1 -1
- package/src/hooks/access-token-hook.ts +73 -0
- package/src/hooks/registration.ts +5 -0
- package/src/lib/config.ts +8 -3
- package/src/mcp-server/cli/start/command.ts +9 -0
- package/src/mcp-server/cli/start/impl.ts +3 -0
- package/src/mcp-server/mcp-server.ts +1 -1
- package/src/mcp-server/server.ts +3 -1
- package/test/tests/accessToken.test.ts +86 -0
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import { describe, expect, test } from "bun:test";
|
|
2
|
+
import { HTTPClient, Moov } from "@moovio/sdk";
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Builds a Moov SDK instance whose HTTPClient captures every outgoing
|
|
6
|
+
* Request without hitting the network. The captured Request can then be
|
|
7
|
+
* inspected for headers, URL, etc.
|
|
8
|
+
*/
|
|
9
|
+
function captureRequests(opts: ConstructorParameters<typeof Moov>[0]) {
|
|
10
|
+
const requests: Request[] = [];
|
|
11
|
+
const httpClient = new HTTPClient({
|
|
12
|
+
fetcher: async (input, init) => {
|
|
13
|
+
const req = input instanceof Request ? input : new Request(input, init);
|
|
14
|
+
requests.push(req.clone());
|
|
15
|
+
return new Response(null, { status: 200 });
|
|
16
|
+
},
|
|
17
|
+
});
|
|
18
|
+
|
|
19
|
+
const moov = new Moov({ ...opts, httpClient });
|
|
20
|
+
return { moov, requests };
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
describe("accessToken option", () => {
|
|
24
|
+
test("sets Authorization: Bearer header on outgoing requests", async () => {
|
|
25
|
+
const { moov, requests } = captureRequests({
|
|
26
|
+
accessToken: "test-access-token-123",
|
|
27
|
+
});
|
|
28
|
+
|
|
29
|
+
await moov.ping.ping();
|
|
30
|
+
|
|
31
|
+
expect(requests.length).toBe(1);
|
|
32
|
+
expect(requests[0].headers.get("Authorization")).toBe(
|
|
33
|
+
"Bearer test-access-token-123",
|
|
34
|
+
);
|
|
35
|
+
});
|
|
36
|
+
|
|
37
|
+
test("applies bearer auth on every request, not just the first", async () => {
|
|
38
|
+
const { moov, requests } = captureRequests({
|
|
39
|
+
accessToken: "another-token",
|
|
40
|
+
});
|
|
41
|
+
|
|
42
|
+
await moov.ping.ping();
|
|
43
|
+
await moov.ping.ping();
|
|
44
|
+
await moov.ping.ping();
|
|
45
|
+
|
|
46
|
+
expect(requests.length).toBe(3);
|
|
47
|
+
for (const req of requests) {
|
|
48
|
+
expect(req.headers.get("Authorization")).toBe("Bearer another-token");
|
|
49
|
+
}
|
|
50
|
+
});
|
|
51
|
+
|
|
52
|
+
test("HTTP Basic auth still works when accessToken is not set", async () => {
|
|
53
|
+
const { moov, requests } = captureRequests({
|
|
54
|
+
security: { username: "my-public-key", password: "my-secret-key" },
|
|
55
|
+
});
|
|
56
|
+
|
|
57
|
+
await moov.ping.ping();
|
|
58
|
+
|
|
59
|
+
expect(requests.length).toBe(1);
|
|
60
|
+
const auth = requests[0].headers.get("Authorization");
|
|
61
|
+
expect(auth).toMatch(/^Basic /);
|
|
62
|
+
|
|
63
|
+
// Decode the base64 portion and confirm the credentials round-trip.
|
|
64
|
+
const encoded = auth!.slice("Basic ".length);
|
|
65
|
+
const decoded = Buffer.from(encoded, "base64").toString("utf8");
|
|
66
|
+
expect(decoded).toBe("my-public-key:my-secret-key");
|
|
67
|
+
});
|
|
68
|
+
|
|
69
|
+
test("no Authorization header is sent when neither auth mode is configured", async () => {
|
|
70
|
+
const { moov, requests } = captureRequests({});
|
|
71
|
+
|
|
72
|
+
await moov.ping.ping();
|
|
73
|
+
|
|
74
|
+
expect(requests.length).toBe(1);
|
|
75
|
+
expect(requests[0].headers.get("Authorization")).toBeNull();
|
|
76
|
+
});
|
|
77
|
+
|
|
78
|
+
test("throws at construction when both accessToken and Basic creds are set", () => {
|
|
79
|
+
expect(() =>
|
|
80
|
+
new Moov({
|
|
81
|
+
accessToken: "some-token",
|
|
82
|
+
security: { username: "u", password: "p" },
|
|
83
|
+
})
|
|
84
|
+
).toThrow(/cannot both be set/i);
|
|
85
|
+
});
|
|
86
|
+
});
|