@postman/test-mcp-server 1.0.0

package/dist/oauth/helpers.js

@@ -0,0 +1,100 @@
+/**
+ * OAuth2 Helper Functions
+ */
+import { randomUUID, createHmac, createHash } from "node:crypto";
+import { OAUTH_CONFIG } from "./config.js";
+import { tokenStore, clientStore } from "./stores.js";
+// ============================================
+// Client Registration Helpers
+// ============================================
+export function generateClientId() {
+    return `client-${randomUUID()}`;
+}
+export function generateClientSecret() {
+    return randomUUID() + randomUUID().replace(/-/g, "");
+}
+export function validateClient(clientId, clientSecret) {
+    const client = clientStore.get(clientId);
+    if (!client) {
+        return null;
+    }
+    if (client.clientSecret !== clientSecret) {
+        return null;
+    }
+    return client;
+}
+export function getClient(clientId) {
+    return clientStore.get(clientId) || null;
+}
+// ============================================
+// PKCE Helpers (RFC 7636)
+// ============================================
+export function generateAuthorizationCode() {
+    return randomUUID() + randomUUID().replace(/-/g, "");
+}
+export function generateRefreshToken() {
+    return "rt_" + randomUUID() + randomUUID().replace(/-/g, "");
+}
+export function base64UrlEncode(buffer) {
+    return buffer.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+export function verifyCodeChallenge(codeVerifier, codeChallenge, method) {
+    if (method === "plain") {
+        return codeVerifier === codeChallenge;
+    }
+    // S256: BASE64URL(SHA256(code_verifier))
+    const hash = createHash("sha256").update(codeVerifier).digest();
+    const computedChallenge = base64UrlEncode(hash);
+    return computedChallenge === codeChallenge;
+}
+// ============================================
+// Token Generation & Validation
+// ============================================
+export function generateAccessToken() {
+    const token = randomUUID() + "-" + randomUUID();
+    const signature = createHmac("sha256", OAUTH_CONFIG.tokenSecret)
+        .update(token)
+        .digest("hex")
+        .substring(0, 16);
+    return `${token}.${signature}`;
+}
+export function validateTokenSignature(token) {
+    const parts = token.split(".");
+    if (parts.length !== 2)
+        return false;
+    const [tokenBody, providedSignature] = parts;
+    const expectedSignature = createHmac("sha256", OAUTH_CONFIG.tokenSecret)
+        .update(tokenBody)
+        .digest("hex")
+        .substring(0, 16);
+    return providedSignature === expectedSignature;
+}
+export function createToken(clientId, scope) {
+    const now = Date.now();
+    const tokenInfo = {
+        accessToken: generateAccessToken(),
+        clientId,
+        createdAt: now,
+        expiresAt: now + OAUTH_CONFIG.tokenExpiry * 1000,
+        scope,
+    };
+    tokenStore.set(tokenInfo.accessToken, tokenInfo);
+    return tokenInfo;
+}
+export function validateToken(token) {
+    // Check signature
+    if (!validateTokenSignature(token)) {
+        return null;
+    }
+    // Check if token exists and is not expired
+    const tokenInfo = tokenStore.get(token);
+    if (!tokenInfo) {
+        return null;
+    }
+    if (Date.now() > tokenInfo.expiresAt) {
+        tokenStore.delete(token);
+        return null;
+    }
+    return tokenInfo;
+}
+//# sourceMappingURL=helpers.js.map

package/dist/oauth/helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../src/oauth/helpers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEjE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEtD,+CAA+C;AAC/C,8BAA8B;AAC9B,+CAA+C;AAE/C,MAAM,UAAU,gBAAgB;IAC9B,OAAO,UAAU,UAAU,EAAE,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,OAAO,UAAU,EAAE,GAAG,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,YAAoB;IACnE,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAM,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAgB;IACxC,OAAO,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;AAC3C,CAAC;AAED,+CAA+C;AAC/C,0BAA0B;AAC1B,+CAA+C;AAE/C,MAAM,UAAU,yBAAyB;IACvC,OAAO,UAAU,EAAE,GAAG,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,OAAO,KAAK,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,OAAO,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,YAAoB,EACpB,aAAqB,EACrB,MAAwB;IAExB,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,YAAY,KAAK,aAAa,CAAC;IACxC,CAAC;IAED,yCAAyC;IACzC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,EAAE,CAAC;IAChE,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAChD,OAAO,iBAAiB,KAAK,aAAa,CAAC;AAC7C,CAAC;AAED,+CAA+C;AAC/C,gCAAgC;AAChC,+CAA+C;AAE/C,MAAM,UAAU,mBAAmB;IACjC,MAAM,KAAK,GAAG,UAAU,EAAE,GAAG,GAAG,GAAG,UAAU,EAAE,CAAC;IAChD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC,WAAW,CAAC;SAC7D,MAAM,CAAC,KAAK,CAAC;SACb,MAAM,CAAC,KAAK,CAAC;SACb,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACpB,OAAO,GAAG,KAAK,IAAI,SAAS,EAAE,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,KAAa;IAClD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,CAAC,SAAS,EAAE,iBAAiB,CAAC,GAAG,KAAK,CAAC;IAC7C,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC,WAAW,CAAC;SACrE,MAAM,CAAC,SAAS,CAAC;SACjB,MAAM,CAAC,KAAK,CAAC;SACb,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEpB,OAAO,iBAAiB,KAAK,iBAAiB,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,QAAgB,EAAE,KAAe;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAc;QAC3B,WAAW,EAAE,mBAAmB,EAAE;QAClC,QAAQ;QACR,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG,GAAG,YAAY,CAAC,WAAW,GAAG,IAAI;QAChD,KAAK;KACN,CAAC;IAEF,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACjD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,kBAAkB;IAClB,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2CAA2C;IAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;QACrC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/oauth/index.d.ts

@@ -0,0 +1,17 @@
+/**
+ * OAuth2 Module
+ *
+ * Provides OAuth2 authentication for MCP servers.
+ *
+ * Usage:
+ *   import { oauthRouter, requireAuth, OAUTH_CONFIG } from './oauth/index.js';
+ *
+ *   app.use(oauthRouter);
+ *   app.post('/mcp', requireAuth, handler);
+ */
+export { OAUTH_CONFIG } from "./config.js";
+export { requireAuth } from "./middleware.js";
+export { oauthRouter } from "./routes.js";
+export type { TokenInfo, AuthorizationCode, RefreshTokenInfo, RegisteredClient, OAuthConfig, } from "./types.js";
+export type { AuthenticatedRequest } from "./middleware.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/oauth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/oauth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,YAAY,EACV,SAAS,EACT,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/oauth/index.js

@@ -0,0 +1,15 @@
+/**
+ * OAuth2 Module
+ *
+ * Provides OAuth2 authentication for MCP servers.
+ *
+ * Usage:
+ *   import { oauthRouter, requireAuth, OAUTH_CONFIG } from './oauth/index.js';
+ *
+ *   app.use(oauthRouter);
+ *   app.post('/mcp', requireAuth, handler);
+ */
+export { OAUTH_CONFIG } from "./config.js";
+export { requireAuth } from "./middleware.js";
+export { oauthRouter } from "./routes.js";
+//# sourceMappingURL=index.js.map

package/dist/oauth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/oauth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC"}

package/dist/oauth/middleware.d.ts

@@ -0,0 +1,15 @@
+/**
+ * OAuth2 Authentication Middleware
+ */
+import { Request, Response, NextFunction } from "express";
+import type { TokenInfo } from "./types.js";
+export interface AuthenticatedRequest extends Request {
+    tokenInfo: TokenInfo;
+}
+/**
+ * Bearer Token Authentication Middleware
+ *
+ * Validates the Authorization header and attaches tokenInfo to the request.
+ */
+export declare function requireAuth(req: Request, res: Response, next: NextFunction): void;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/oauth/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/oauth/middleware.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE1D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAM5C,MAAM,WAAW,oBAAqB,SAAQ,OAAO;IACnD,SAAS,EAAE,SAAS,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAuCjF"}

package/dist/oauth/middleware.js

@@ -0,0 +1,46 @@
+/**
+ * OAuth2 Authentication Middleware
+ */
+import { validateToken } from "./helpers.js";
+import { oauthLogger } from "../logger.js";
+const log = oauthLogger;
+/**
+ * Bearer Token Authentication Middleware
+ *
+ * Validates the Authorization header and attaches tokenInfo to the request.
+ */
+export function requireAuth(req, res, next) {
+    const authHeader = req.headers.authorization;
+    if (!authHeader) {
+        log.debug("Missing Authorization header");
+        res.status(401).json({
+            error: "unauthorized",
+            error_description: "Missing Authorization header. Use Bearer token authentication.",
+        });
+        return;
+    }
+    const parts = authHeader.split(" ");
+    if (parts.length !== 2 || parts[0].toLowerCase() !== "bearer") {
+        log.debug("Invalid Authorization header format");
+        res.status(401).json({
+            error: "unauthorized",
+            error_description: "Invalid Authorization header format. Expected: Bearer <token>",
+        });
+        return;
+    }
+    const token = parts[1];
+    const tokenInfo = validateToken(token);
+    if (!tokenInfo) {
+        log.debug("Invalid or expired token");
+        res.status(401).json({
+            error: "invalid_token",
+            error_description: "The access token is invalid or has expired",
+        });
+        return;
+    }
+    // Attach token info to request for downstream use
+    req.tokenInfo = tokenInfo;
+    log.debug({ clientId: tokenInfo.clientId }, "Authenticated request");
+    next();
+}
+//# sourceMappingURL=middleware.js.map

package/dist/oauth/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/oauth/middleware.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAE7C,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,MAAM,GAAG,GAAG,WAAW,CAAC;AAOxB;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IACzE,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAE7C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,GAAG,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,cAAc;YACrB,iBAAiB,EAAE,gEAAgE;SACpF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC9D,GAAG,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,cAAc;YACrB,iBAAiB,EAAE,+DAA+D;SACnF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAEvC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,eAAe;YACtB,iBAAiB,EAAE,4CAA4C;SAChE,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,kDAAkD;IACjD,GAA4B,CAAC,SAAS,GAAG,SAAS,CAAC;IAEpD,GAAG,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,EAAE,uBAAuB,CAAC,CAAC;IACrE,IAAI,EAAE,CAAC;AACT,CAAC"}

package/dist/oauth/routes.d.ts

@@ -0,0 +1,3 @@
+declare const router: import("express-serve-static-core").Router;
+export { router as oauthRouter };
+//# sourceMappingURL=routes.d.ts.map

package/dist/oauth/routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/oauth/routes.ts"],"names":[],"mappings":"AA8BA,QAAA,MAAM,MAAM,4CAAW,CAAC;AAsjBxB,OAAO,EAAE,MAAM,IAAI,WAAW,EAAE,CAAC"}