@redocly/redoc-reef 0.135.0-next.2 → 0.135.0-next.4

package/dist/server/web-server/routes/mcp-routes/mcp-oauth.js

@@ -1 +1 @@
-import{getCookie as C}from"hono/cookie";import{createHash as U,timingSafeEqual as R}from"node:crypto";import{ulid as v}from"ulid";import{AUTH_URL as f,JWT_SECRET_KEY as M}from"../../../constants/common.js";import{AuthCookieNames as T,ServerRoutes as _}from"../../../../constants/common.js";import{withPathPrefix as u}from"@redocly/theme/core/utils";import{telemetry as m}from"../../../telemetry/index.js";import{envConfig as A}from"../../../config/env-config.js";import{createMcpAuthorizationCode as O,verifyMcpAuthorizationCode as D,createMcpSessionResource as h}from"../../auth.js";import*as g from"../../jwt/jwt.js";import{AlgorithmTypes as S}from"../../jwt/types.js";import{getRequestOrigin as y}from"../../utils/get-request-origin.js";import{fetchClientMetadataDocument as L,isClientMetadataDocumentUrl as k,isRedirectUriRegistered as H}from"./mcp-client-metadata.js";const o=(e,r,n=200,a)=>e.json(r,n,{"Content-Type":"application/json",...a??{}}),I=new Set(["S256"]),q="https://claude.ai/oauth/claude-code-client-metadata";function z(e,r,n){if(!I.has(r||""))return!1;const a=U("sha256").update(n).digest("base64url"),t=Buffer.from(a),s=Buffer.from(e);return t.length!==s.length?!1:R(t,s)}async function $(e){const r=Math.floor(Date.now()/1e3);return g.sign({type:"mcp_context",...e,iat:r,exp:r+600},M,S.HS256)}async function N(e){await g.verify(e,M,S.HS256);const{payload:r}=g.decode(e);if(r.type!=="mcp_context")throw new Error("Invalid context token type");return r}function X(){return async e=>{if(e.req.method!=="GET")return o(e,{error:"Method not allowed"},405,{Allow:"GET"});const r=y(e);return o(e,{resource:`${r}${u("/mcp")}`,authorization_servers:[r,f].filter(Boolean),bearer_methods_supported:["header"],resource_documentation:`${r}${_.MCP_OAUTH_AUTHORIZATION_SERVER}`,scopes_supported:["openid","profile","email","offline_access"],bearer_token_types_supported:["Bearer"]})}}function x(){return async e=>{const r=y(e);return o(e,{issuer:f||"",authorization_endpoint:`${r}${u(_.MCP_AUTHORIZATION)}`,token_endpoint:`${r}${u(_.MCP_TOKEN_PORTAL)}`,jwks_uri:`${f||""}/.well-known/jwks.json`,scopes_supported:["openid","profile","email","offline_access"],registration_endpoint:`${r}${u(_.MCP_DYNAMIC_CLIENT_REGISTRATION)}`,response_types_supported:["code"],grant_types_supported:["authorization_code","refresh_token","client_credentials"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],code_challenge_methods_supported:["S256"],token_endpoint_auth_methods_supported:["none"],client_id_metadata_document_supported:!0})}}function ee(){return async e=>{if(e.req.method!=="POST")return o(e,{error:"Method not allowed"},405);try{return o(e,{client_id:A.OAUTH_CLIENT_ID||"",client_name:"MCP Client",redirect_uris:[],grant_types:["authorization_code","refresh_token"],response_types:["code"],scope:"openid offline email",subject_type:"public",token_endpoint_auth_method:"none",created_at:new Date().toISOString(),updated_at:new Date().toISOString()},201)}catch(r){return o(e,{error:"invalid_request",error_description:r?.message||"Unable to register client"},500)}}}function re(){return async e=>{const r=new URL(e.req.url),{searchParams:n}=r,a=n.get("redirect_uri"),t=n.get("client_id"),s=n.get("code_challenge"),i=n.get("code_challenge_method"),d=v();if(s&&!I.has(i||""))return o(e,{error:"invalid_request",error_description:`Unsupported code_challenge_method. Supported: ${[...I].join(", ")}`},400);if(k(t)&&!s)return o(e,{error:"invalid_request",error_description:"code_challenge is required for client_id_metadata_document clients"},400);if(k(t)&&a)try{const c=await L(t),l=t===q;if(!H(a,c.redirect_uris,{ignorePort:l}))return o(e,{error:"invalid_request",error_description:"redirect_uri is not registered for this client"},400)}catch(c){const l=c instanceof Error?c.message:String(c);return o(e,{error:"invalid_client",error_description:`Unable to resolve client metadata document: ${l}`},400)}m.sendMcpAuthorizationStartedMessage([{...h(d),redirect_uri:a||null}]);const p=y(e),w={isMcpFlow:!0,originalRedirectUri:a,mcpClientId:t,mcpState:n.get("state"),mcpSessionId:d,mcpCodeChallenge:s,mcpCodeChallengeMethod:s?i:null,timestamp:Date.now()};try{const c=await $(w),l=new URL(u(_.IDP_LOGIN),p);return l.searchParams.set("redirectTo",`${_.MCP_CALLBACK}/${c}`),l.searchParams.set("idpId","oidc"),e.redirect(l.toString())}catch(c){const l=c instanceof Error?c.message:String(c),P=c instanceof Error?c.stack:String(c);m.sendMcpAuthorizationFailedMessage([{...h(d),error:l,error_details:P}]);const E=new URL(u(`${f}/oauth2/auth`));return E.search=n.toString(),e.redirect(E.toString())}}}function te(){return async e=>{if(e.req.method!=="POST")return o(e,{error:"Method not allowed"},405);try{const r=await e.req.formData(),n=r.get("grant_type"),a=r.get("code"),t=r.get("redirect_uri")||void 0,s=r.get("code_verifier")||void 0;if(n!=="authorization_code"||!a)return o(e,{error:"invalid_request",error_description:"Invalid grant type or missing authorization code"},400);try{const i=await D(a);if(t&&t!==i.redirect_uri)return o(e,{error:"invalid_grant",error_description:"redirect_uri mismatch"},400);if(i.code_challenge){if(!s)return o(e,{error:"invalid_grant",error_description:"code_verifier required"},400);if(!z(i.code_challenge,i.code_challenge_method,s))return o(e,{error:"invalid_grant",error_description:"code_verifier mismatch"},400)}if(A.OAUTH_CLIENT_ID&&i.client_id&&!k(i.client_id)&&i.client_id!==A.OAUTH_CLIENT_ID)return o(e,{error:"invalid_client",error_description:"Client mismatch"},400);const d=i.id_token;if(typeof d!="string"||d.length===0)return o(e,{error:"invalid_grant",error_description:"Missing id_token in authorization code"},400);let p=d;if(i.idp_access_token){const{payload:c,header:{kid:l}}=g.decode(d);p=await g.sign({...c,idp_access_token:i.idp_access_token},M,S.HS256,l)}return o(e,{access_token:p,token_type:"Bearer",expires_in:3600,scope:"openid profile email",id_token:d},200,{"Cache-Control":"no-store",Pragma:"no-cache"})}catch{return o(e,{error:"invalid_grant",error_description:"Invalid authorization code"},400)}}catch(r){const n=r instanceof Error?r.message:String(r);return o(e,{error:"server_error",error_description:"Failed to process token request",error_details:n},500)}}}function oe(){return async e=>{const r=new URL(e.req.url);let n=r.searchParams.get("context");if(!n&&r.pathname.startsWith(u(`${_.MCP_CALLBACK}/`))){const t=r.pathname.split("/");n=t[t.length-1]}if(!n)return m.sendMcpAuthorizationFailedMessage([{...h(null),error:"Missing context parameter",error_details:null}]),e.text("Missing context parameter",400);let a=null;try{const t=await N(n);if(a=t.mcpSessionId||null,!t.isMcpFlow||!t.originalRedirectUri)throw new Error("Invalid MCP context");const s=C(e,T.IDP_ID_TOKEN)||C(e,T.AUTHORIZATION),i=C(e,T.IDP_ACCESS_TOKEN);if(!s)return m.sendMcpAuthorizationFailedMessage([{...h(a),error:"Authentication required",error_details:null}]),e.text("Authentication required",401);const d=await O({idToken:s,idpAccessToken:i||void 0,clientId:t.mcpClientId||"",redirectUri:t.originalRedirectUri,codeChallenge:t.mcpCodeChallenge||void 0,codeChallengeMethod:t.mcpCodeChallengeMethod||void 0,ttlSec:600}),p=new URL(t.originalRedirectUri);return p.searchParams.set("code",d),t.mcpState&&p.searchParams.set("state",t.mcpState),m.sendMcpAuthorizationCompletedMessage([{...h(a),redirect_uri:t.originalRedirectUri||null}]),e.redirect(p.toString())}catch(t){const s=t instanceof Error?t.message:String(t),i=t instanceof Error?t.stack:String(t);return m.sendMcpAuthorizationFailedMessage([{...h(a),error:s,error_details:i}]),e.text(`Invalid MCP callback: ${s}`,400)}}}export{$ as createMcpContextToken,re as mcpAuthorizationHandler,oe as mcpCallbackHandler,ee as mcpDynamicClientRegistrationHandler,x as mcpOAuthAuthorizationServerHandler,X as mcpOAuthProtectedResourceHandler,te as mcpTokenPortalHandler,N as verifyAndParseMcpContextToken,z as verifyPkce};
+import{getCookie as C}from"hono/cookie";import{createHash as U,timingSafeEqual as R}from"node:crypto";import{ulid as v}from"ulid";import{AUTH_URL as f,JWT_SECRET_KEY as M}from"../../../constants/common.js";import{ServerRoutes as _}from"../../../../constants/api.js";import{AuthCookieNames as T}from"../../../../constants/common.js";import{withPathPrefix as u}from"@redocly/theme/core/utils";import{telemetry as m}from"../../../telemetry/index.js";import{envConfig as A}from"../../../config/env-config.js";import{createMcpAuthorizationCode as O,verifyMcpAuthorizationCode as D,createMcpSessionResource as h}from"../../auth.js";import*as g from"../../jwt/jwt.js";import{AlgorithmTypes as S}from"../../jwt/types.js";import{getRequestOrigin as y}from"../../utils/get-request-origin.js";import{fetchClientMetadataDocument as L,isClientMetadataDocumentUrl as k,isRedirectUriRegistered as H}from"./mcp-client-metadata.js";const o=(e,r,n=200,a)=>e.json(r,n,{"Content-Type":"application/json",...a??{}}),I=new Set(["S256"]),q="https://claude.ai/oauth/claude-code-client-metadata";function z(e,r,n){if(!I.has(r||""))return!1;const a=U("sha256").update(n).digest("base64url"),t=Buffer.from(a),s=Buffer.from(e);return t.length!==s.length?!1:R(t,s)}async function $(e){const r=Math.floor(Date.now()/1e3);return g.sign({type:"mcp_context",...e,iat:r,exp:r+600},M,S.HS256)}async function N(e){await g.verify(e,M,S.HS256);const{payload:r}=g.decode(e);if(r.type!=="mcp_context")throw new Error("Invalid context token type");return r}function x(){return async e=>{if(e.req.method!=="GET")return o(e,{error:"Method not allowed"},405,{Allow:"GET"});const r=y(e);return o(e,{resource:`${r}${u("/mcp")}`,authorization_servers:[r,f].filter(Boolean),bearer_methods_supported:["header"],resource_documentation:`${r}${_.MCP_OAUTH_AUTHORIZATION_SERVER}`,scopes_supported:["openid","profile","email","offline_access"],bearer_token_types_supported:["Bearer"]})}}function ee(){return async e=>{const r=y(e);return o(e,{issuer:f||"",authorization_endpoint:`${r}${u(_.MCP_AUTHORIZATION)}`,token_endpoint:`${r}${u(_.MCP_TOKEN_PORTAL)}`,jwks_uri:`${f||""}/.well-known/jwks.json`,scopes_supported:["openid","profile","email","offline_access"],registration_endpoint:`${r}${u(_.MCP_DYNAMIC_CLIENT_REGISTRATION)}`,response_types_supported:["code"],grant_types_supported:["authorization_code","refresh_token","client_credentials"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],code_challenge_methods_supported:["S256"],token_endpoint_auth_methods_supported:["none"],client_id_metadata_document_supported:!0})}}function re(){return async e=>{if(e.req.method!=="POST")return o(e,{error:"Method not allowed"},405);try{return o(e,{client_id:A.OAUTH_CLIENT_ID||"",client_name:"MCP Client",redirect_uris:[],grant_types:["authorization_code","refresh_token"],response_types:["code"],scope:"openid offline email",subject_type:"public",token_endpoint_auth_method:"none",created_at:new Date().toISOString(),updated_at:new Date().toISOString()},201)}catch(r){return o(e,{error:"invalid_request",error_description:r?.message||"Unable to register client"},500)}}}function te(){return async e=>{const r=new URL(e.req.url),{searchParams:n}=r,a=n.get("redirect_uri"),t=n.get("client_id"),s=n.get("code_challenge"),i=n.get("code_challenge_method"),d=v();if(s&&!I.has(i||""))return o(e,{error:"invalid_request",error_description:`Unsupported code_challenge_method. Supported: ${[...I].join(", ")}`},400);if(k(t)&&!s)return o(e,{error:"invalid_request",error_description:"code_challenge is required for client_id_metadata_document clients"},400);if(k(t)&&a)try{const c=await L(t),l=t===q;if(!H(a,c.redirect_uris,{ignorePort:l}))return o(e,{error:"invalid_request",error_description:"redirect_uri is not registered for this client"},400)}catch(c){const l=c instanceof Error?c.message:String(c);return o(e,{error:"invalid_client",error_description:`Unable to resolve client metadata document: ${l}`},400)}m.sendMcpAuthorizationStartedMessage([{...h(d),redirect_uri:a||null}]);const p=y(e),w={isMcpFlow:!0,originalRedirectUri:a,mcpClientId:t,mcpState:n.get("state"),mcpSessionId:d,mcpCodeChallenge:s,mcpCodeChallengeMethod:s?i:null,timestamp:Date.now()};try{const c=await $(w),l=new URL(u(_.IDP_LOGIN),p);return l.searchParams.set("redirectTo",`${_.MCP_CALLBACK}/${c}`),l.searchParams.set("idpId","oidc"),e.redirect(l.toString())}catch(c){const l=c instanceof Error?c.message:String(c),P=c instanceof Error?c.stack:String(c);m.sendMcpAuthorizationFailedMessage([{...h(d),error:l,error_details:P}]);const E=new URL(u(`${f}/oauth2/auth`));return E.search=n.toString(),e.redirect(E.toString())}}}function oe(){return async e=>{if(e.req.method!=="POST")return o(e,{error:"Method not allowed"},405);try{const r=await e.req.formData(),n=r.get("grant_type"),a=r.get("code"),t=r.get("redirect_uri")||void 0,s=r.get("code_verifier")||void 0;if(n!=="authorization_code"||!a)return o(e,{error:"invalid_request",error_description:"Invalid grant type or missing authorization code"},400);try{const i=await D(a);if(t&&t!==i.redirect_uri)return o(e,{error:"invalid_grant",error_description:"redirect_uri mismatch"},400);if(i.code_challenge){if(!s)return o(e,{error:"invalid_grant",error_description:"code_verifier required"},400);if(!z(i.code_challenge,i.code_challenge_method,s))return o(e,{error:"invalid_grant",error_description:"code_verifier mismatch"},400)}if(A.OAUTH_CLIENT_ID&&i.client_id&&!k(i.client_id)&&i.client_id!==A.OAUTH_CLIENT_ID)return o(e,{error:"invalid_client",error_description:"Client mismatch"},400);const d=i.id_token;if(typeof d!="string"||d.length===0)return o(e,{error:"invalid_grant",error_description:"Missing id_token in authorization code"},400);let p=d;if(i.idp_access_token){const{payload:c,header:{kid:l}}=g.decode(d);p=await g.sign({...c,idp_access_token:i.idp_access_token},M,S.HS256,l)}return o(e,{access_token:p,token_type:"Bearer",expires_in:3600,scope:"openid profile email",id_token:d},200,{"Cache-Control":"no-store",Pragma:"no-cache"})}catch{return o(e,{error:"invalid_grant",error_description:"Invalid authorization code"},400)}}catch(r){const n=r instanceof Error?r.message:String(r);return o(e,{error:"server_error",error_description:"Failed to process token request",error_details:n},500)}}}function ne(){return async e=>{const r=new URL(e.req.url);let n=r.searchParams.get("context");if(!n&&r.pathname.startsWith(u(`${_.MCP_CALLBACK}/`))){const t=r.pathname.split("/");n=t[t.length-1]}if(!n)return m.sendMcpAuthorizationFailedMessage([{...h(null),error:"Missing context parameter",error_details:null}]),e.text("Missing context parameter",400);let a=null;try{const t=await N(n);if(a=t.mcpSessionId||null,!t.isMcpFlow||!t.originalRedirectUri)throw new Error("Invalid MCP context");const s=C(e,T.IDP_ID_TOKEN)||C(e,T.AUTHORIZATION),i=C(e,T.IDP_ACCESS_TOKEN);if(!s)return m.sendMcpAuthorizationFailedMessage([{...h(a),error:"Authentication required",error_details:null}]),e.text("Authentication required",401);const d=await O({idToken:s,idpAccessToken:i||void 0,clientId:t.mcpClientId||"",redirectUri:t.originalRedirectUri,codeChallenge:t.mcpCodeChallenge||void 0,codeChallengeMethod:t.mcpCodeChallengeMethod||void 0,ttlSec:600}),p=new URL(t.originalRedirectUri);return p.searchParams.set("code",d),t.mcpState&&p.searchParams.set("state",t.mcpState),m.sendMcpAuthorizationCompletedMessage([{...h(a),redirect_uri:t.originalRedirectUri||null}]),e.redirect(p.toString())}catch(t){const s=t instanceof Error?t.message:String(t),i=t instanceof Error?t.stack:String(t);return m.sendMcpAuthorizationFailedMessage([{...h(a),error:s,error_details:i}]),e.text(`Invalid MCP callback: ${s}`,400)}}}export{$ as createMcpContextToken,te as mcpAuthorizationHandler,ne as mcpCallbackHandler,re as mcpDynamicClientRegistrationHandler,ee as mcpOAuthAuthorizationServerHandler,x as mcpOAuthProtectedResourceHandler,oe as mcpTokenPortalHandler,N as verifyAndParseMcpContextToken,z as verifyPkce};

package/dist/server/web-server/routes/mcp-routes/mcp-routes.js

@@ -1 +1 @@
-import{ServerRoutes as e}from"../../../../constants/common.js";import{EntitlementsProvider as m}from"../../../entitlements/entitlements-provider.js";import{withPathPrefix as n}from"@redocly/theme/core/utils";import{mcpOAuthProtectedResourceHandler as p,mcpOAuthAuthorizationServerHandler as s,mcpDynamicClientRegistrationHandler as A,mcpAuthorizationHandler as C,mcpTokenPortalHandler as l,mcpCallbackHandler as i}from"./mcp-oauth.js";function d(t,o){const c=o.getConfig().mcp,a=m.instance().canAccessFeature("mcp");!c?.hide&&!c?.docs?.hide&&a&&(t.get(`${e.MCP_OAUTH_PROTECTED_RESOURCE}${n("/mcp")}`,p()),t.get(e.MCP_OAUTH_AUTHORIZATION_SERVER,s()),t.post(n(e.MCP_DYNAMIC_CLIENT_REGISTRATION),A()),t.get(n(e.MCP_AUTHORIZATION),C()),t.post(n(e.MCP_TOKEN_PORTAL),l()),t.get(n(e.MCP_CALLBACK),i()),t.get(n(`${e.MCP_CALLBACK}/*`),i()))}export{d as installMcpAuthRoutes};
+import{ServerRoutes as e}from"../../../../constants/api.js";import{EntitlementsProvider as m}from"../../../entitlements/entitlements-provider.js";import{withPathPrefix as n}from"@redocly/theme/core/utils";import{mcpOAuthProtectedResourceHandler as p,mcpOAuthAuthorizationServerHandler as s,mcpDynamicClientRegistrationHandler as A,mcpAuthorizationHandler as C,mcpTokenPortalHandler as l,mcpCallbackHandler as i}from"./mcp-oauth.js";function d(t,o){const c=o.getConfig().mcp,a=m.instance().canAccessFeature("mcp");!c?.hide&&!c?.docs?.hide&&a&&(t.get(`${e.MCP_OAUTH_PROTECTED_RESOURCE}${n("/mcp")}`,p()),t.get(e.MCP_OAUTH_AUTHORIZATION_SERVER,s()),t.post(n(e.MCP_DYNAMIC_CLIENT_REGISTRATION),A()),t.get(n(e.MCP_AUTHORIZATION),C()),t.post(n(e.MCP_TOKEN_PORTAL),l()),t.get(n(e.MCP_CALLBACK),i()),t.get(n(`${e.MCP_CALLBACK}/*`),i()))}export{d as installMcpAuthRoutes};

package/dist/server/web-server/routes/page-data.js

@@ -1 +1 @@
-import{DEV_LOGIN_SLUG as O,ServerRoutes as U}from"../../../constants/common.js";import{CACHE_CONTROL_NO_STORE_HEADER_VALUE as a,DEFAULT_TITLE as $}from"../../constants/common.js";import{findInIterable as F}from"../../../utils/collection/find-in-iterable.js";import{removeTrailingSlash as N}from"../../../utils/url/remove-trailing-slash.js";import{envConfig as S}from"../../config/env-config.js";import{canAccessResource as q,filterDataByAccessDeep as b,isResourcePubliclyAccessible as B}from"../../utils/rbac.js";import{getServerProps as H}from"../../ssr/index.js";import{readSharedData as G}from"../../utils/index.js";import{getRedirectLoginUrl as M}from"../utils/get-redirect-login-url.js";import{processRedirects as V}from"./helpers/process-redirects.js";import{removeErrorDetails as k}from"../utils/remove-error-details.js";import{telemetry as K}from"../../telemetry/index.js";function ae(e,s){return async(t,p)=>{const l=t.get("logger"),{req:u}=t,{pathname:d}=new URL(u.url),{seo:f,ssoDirect:h}=e.getConfig(),i=f?.title||$;if(e?.compilationErrors?.length&&S.isDevelopMode)return t.json({templateId:"compilation-error",props:{compilationErrors:e?.compilationErrors},sharedDataIds:{}},500,{"Cache-Control":a});const g=d.match(/page-data(.*)data.json$/);if(!g)return p();const c=decodeURI(g[1]),n=c==="/index/"?"/":N(c),o=e.getRouteBySlug(n,{followRedirect:!1})||F(e.routesBySlug.values(),r=>r.hasClientRoutes&&c.startsWith(r.slug+"/"));if(c===U.OIDC_CALLBACK+"/")return t.json({templateId:"403OIDC",sharedDataIds:{},props:{seo:{title:`${i} - Forbidden`}}},200,{"Cache-Control":a});const{isAuthenticated:C,teams:D,claims:{name:j,picture:v,email:I}}=t.get("auth"),R={isAuthenticated:C,email:I,teams:D},m={isAuthenticated:C,name:j,picture:v,email:I,teams:D},L=e.getRedirect(n);if(L){const r=V({redirect:L}).location;return K.sendRedirectMessage([{object:"redirect",from:n,templateId:"404"}]),t.json({templateId:"404",redirectTo:r,sharedDataIds:{},props:{}},301,{"Cache-Control":a})}if(!o){const r=e.getRouteBySlug(n,{followRedirect:!0});return l.error(`Page not found: ${d}`),t.json({templateId:"404",redirectTo:r?.slug,sharedDataIds:{},props:{seo:{title:`${i} - Not Found`}},userData:m},404,{"Cache-Control":a})}if(l.verbose(`Page viewed: ${o.slug}`),!q(o,R,e.config.access?.rbac,e.config.access?.requiresLogin)&&o.slug!==O){if(C)return t.json({templateId:"403",sharedDataIds:{},props:{seo:{title:`${i} - Forbidden`}},userData:m},403,{"Cache-Control":a});const r=Object.keys(h||{}).length>0;return t.json({templateId:"404",sharedDataIds:{},props:{seo:{title:`${i} - Not Found`}},userData:m,...r?{redirectTo:M(e,o.slug)}:{}},r?401:404,{"Cache-Control":a})}const A=b(o.versions,R,e.config.access?.rbac,e.config.access?.requiresLogin),T=e.routesSharedData.get(o.slug)||{},P=await s(o),y=await H(o,t,P,e),{sharedDataIds:_,...E}=y,w={templateId:o.templateId,versions:A,sharedDataIds:{...T,..._||{}},props:S.isProductionEnv?k(E):E,slug:o.slug,userData:m,isPublic:B(o,e.config)};return t.json(w,200,{"Cache-Control":a})}}function se(e){return async(s,t)=>{const p=s.get("logger"),{req:l}=s,{pathname:u}=new URL(l.url),d=u.match(/\/page-data\/shared\/(.*)\.json/);if(!d)return t();const f=decodeURIComponent(d[1]),h=await G(f,e.outdir),{isAuthenticated:i,teams:g,claims:{email:c}}=s.get("auth"),n=b(h,{isAuthenticated:i,email:c,teams:g},e.config.access?.rbac,e.config.access?.requiresLogin);return n?s.json(n,200,{"Cache-Control":a}):(p.error(`Shared data not found: ${u}`),s.text("Not Found",404,{"Cache-Control":a}))}}export{ae as pageDataHandler,se as sharedPageDataHandler};
+import{ServerRoutes as O}from"../../../constants/api.js";import{DEV_LOGIN_SLUG as U}from"../../../constants/common.js";import{CACHE_CONTROL_NO_STORE_HEADER_VALUE as a,DEFAULT_TITLE as $}from"../../constants/common.js";import{findInIterable as F}from"../../../utils/collection/find-in-iterable.js";import{removeTrailingSlash as N}from"../../../utils/url/remove-trailing-slash.js";import{envConfig as S}from"../../config/env-config.js";import{canAccessResource as q,filterDataByAccessDeep as b,isResourcePubliclyAccessible as B}from"../../utils/rbac.js";import{getServerProps as H}from"../../ssr/index.js";import{readSharedData as G}from"../../utils/index.js";import{getRedirectLoginUrl as M}from"../utils/get-redirect-login-url.js";import{processRedirects as V}from"./helpers/process-redirects.js";import{removeErrorDetails as k}from"../utils/remove-error-details.js";import{telemetry as K}from"../../telemetry/index.js";function se(e,s){return async(t,p)=>{const l=t.get("logger"),{req:u}=t,{pathname:d}=new URL(u.url),{seo:f,ssoDirect:h}=e.getConfig(),i=f?.title||$;if(e?.compilationErrors?.length&&S.isDevelopMode)return t.json({templateId:"compilation-error",props:{compilationErrors:e?.compilationErrors},sharedDataIds:{}},500,{"Cache-Control":a});const m=d.match(/page-data(.*)data.json$/);if(!m)return p();const c=decodeURI(m[1]),n=c==="/index/"?"/":N(c),o=e.getRouteBySlug(n,{followRedirect:!1})||F(e.routesBySlug.values(),r=>r.hasClientRoutes&&c.startsWith(r.slug+"/"));if(c===O.OIDC_CALLBACK+"/")return t.json({templateId:"403OIDC",sharedDataIds:{},props:{seo:{title:`${i} - Forbidden`}}},200,{"Cache-Control":a});const{isAuthenticated:C,teams:D,claims:{name:j,picture:v,email:I}}=t.get("auth"),R={isAuthenticated:C,email:I,teams:D},g={isAuthenticated:C,name:j,picture:v,email:I,teams:D},L=e.getRedirect(n);if(L){const r=V({redirect:L}).location;return K.sendRedirectMessage([{object:"redirect",from:n,templateId:"404"}]),t.json({templateId:"404",redirectTo:r,sharedDataIds:{},props:{}},301,{"Cache-Control":a})}if(!o){const r=e.getRouteBySlug(n,{followRedirect:!0});return l.error(`Page not found: ${d}`),t.json({templateId:"404",redirectTo:r?.slug,sharedDataIds:{},props:{seo:{title:`${i} - Not Found`}},userData:g},404,{"Cache-Control":a})}if(l.verbose(`Page viewed: ${o.slug}`),!q(o,R,e.config.access?.rbac,e.config.access?.requiresLogin)&&o.slug!==U){if(C)return t.json({templateId:"403",sharedDataIds:{},props:{seo:{title:`${i} - Forbidden`}},userData:g},403,{"Cache-Control":a});const r=Object.keys(h||{}).length>0;return t.json({templateId:"404",sharedDataIds:{},props:{seo:{title:`${i} - Not Found`}},userData:g,...r?{redirectTo:M(e,o.slug)}:{}},r?401:404,{"Cache-Control":a})}const A=b(o.versions,R,e.config.access?.rbac,e.config.access?.requiresLogin),T=e.routesSharedData.get(o.slug)||{},P=await s(o),y=await H(o,t,P,e),{sharedDataIds:_,...E}=y,w={templateId:o.templateId,versions:A,sharedDataIds:{...T,..._||{}},props:S.isProductionEnv?k(E):E,slug:o.slug,userData:g,isPublic:B(o,e.config)};return t.json(w,200,{"Cache-Control":a})}}function ne(e){return async(s,t)=>{const p=s.get("logger"),{req:l}=s,{pathname:u}=new URL(l.url),d=u.match(/\/page-data\/shared\/(.*)\.json/);if(!d)return t();const f=decodeURIComponent(d[1]),h=await G(f,e.outdir),{isAuthenticated:i,teams:m,claims:{email:c}}=s.get("auth"),n=b(h,{isAuthenticated:i,email:c,teams:m},e.config.access?.rbac,e.config.access?.requiresLogin);return n?s.json(n,200,{"Cache-Control":a}):(p.error(`Shared data not found: ${u}`),s.text("Not Found",404,{"Cache-Control":a}))}}export{se as pageDataHandler,ne as sharedPageDataHandler};

package/dist/server/web-server/routes/search.d.ts

@@ -1,5 +1,7 @@
-import type { Handler } from 'hono';
+import type { Env, Handler } from 'hono';
 import type { Store } from '../../store';
-export declare function searchHandler(store: Store): Handler;
-export declare function searchFacetsHandler(store: Store): Handler;
+import type { SearchRequestParams, FacetCountsRequestParams } from '../../../types/index.js';
+import type { ValidatedJsonInput } from '../../types';
+export declare function searchHandler(store: Store): Handler<Env, string, ValidatedJsonInput<SearchRequestParams>>;
+export declare function searchFacetsHandler(store: Store): Handler<Env, string, ValidatedJsonInput<FacetCountsRequestParams>>;
 //# sourceMappingURL=search.d.ts.map

package/dist/server/web-server/routes/search.js

@@ -1 +1 @@
-import{telemetryTraceStep as C}from"../../telemetry/helpers/trace-step.js";import{CACHE_CONTROL_NO_STORE_HEADER_VALUE as T}from"../../constants/common.js";import{expandTeamsForRead as E}from"../../utils/rbac.js";function F(e){return async t=>(t.header("Cache-Control",T),await C("search",async s=>{const u=t.get("logger"),o=t.get("auth"),A=u.startTiming(),a=e.getConfig().access?.requiresLogin&&!o.isAuthenticated,r={...await t.req.json(),auth:{...o,teams:E(e.config.access?.rbac,o.teams)}};s?.setAttribute("engine",e?.searchEngine?.type),s?.setAttribute("query",r.query||""),s?.setAttribute("user",r.auth.claims.email??"anonymous"),s?.setAttribute("noAccess",a);const g=e.getSearchFacets(),i=a?{}:e.searchEngine?await e.searchEngine.search(r,g):{};let h=0;if(Object.keys(i).length){const f=i.documents;for(const[c,n]of Object.entries(f))h+=n.length}return u.infoTime(A,`Search with query "${r.query||""}". Total results: ${h}`),s?.setAttribute("resultsCount",h),t.json(i)}))}function j(e){return async t=>(t.header("Cache-Control",T),await C("search.facets",async s=>{const u=t.get("logger"),o=t.get("auth"),m=e.getConfig().access?.requiresLogin&&!o.isAuthenticated,a={...await t.req.json(),auth:o};s?.setAttribute("engine",e?.searchEngine?.type),s?.setAttribute("user",a.auth.claims.email??"anonymous"),s?.setAttribute("noAccess",m);const r=u.startTiming(),g=e.getSearchFacets(),i=m?{}:e.searchEngine?await e.searchEngine.countFacets(a,g):{},h=!!a.field;let f=[];if(h){const c=a.field,n=c&&g.get(c);if(n){const l={...n};l.values=i?.[c]||[],f.push(l)}}else{const c=new Map;for(const[n,l]of g){const y=i?.[n],d={...l};d.values=y||l.values.map(b=>({value:b,count:0})),c.set(n,d)}f=Array.from(c,([,n])=>n)}return u.verboseTime(r,"Search facets"),t.json(f)}))}export{j as searchFacetsHandler,F as searchHandler};
+import{telemetryTraceStep as C}from"../../telemetry/helpers/trace-step.js";import{CACHE_CONTROL_NO_STORE_HEADER_VALUE as T}from"../../constants/common.js";import{expandTeamsForRead as E}from"../../utils/rbac.js";function F(e){return async t=>(t.header("Cache-Control",T),await C("search",async s=>{const i=t.get("logger"),a=t.get("auth"),A=i.startTiming(),o=e.getConfig().access?.requiresLogin&&!a.isAuthenticated,u=t.req.valid("json");s?.setAttribute("engine",e?.searchEngine?.type),s?.setAttribute("query",u.query||""),s?.setAttribute("user",a.claims.email??"anonymous"),s?.setAttribute("noAccess",o);const g=e.getSearchFacets(),r=o?{}:e.searchEngine?await e.searchEngine.search(u,{...a,teams:E(e.config.access?.rbac,a.teams)},g):{};let l=0;if(Object.keys(r).length){const f=r.documents;for(const[c,n]of Object.entries(f))l+=n.length}return i.infoTime(A,`Search with query "${u.query||""}". Total results: ${l}`),s?.setAttribute("resultsCount",l),t.json(r)}))}function j(e){return async t=>(t.header("Cache-Control",T),await C("search.facets",async s=>{const i=t.get("logger"),a=t.get("auth"),m=e.getConfig().access?.requiresLogin&&!a.isAuthenticated,o=t.req.valid("json");s?.setAttribute("engine",e?.searchEngine?.type),s?.setAttribute("user",a.claims.email??"anonymous"),s?.setAttribute("noAccess",m);const u=i.startTiming(),g=e.getSearchFacets(),r=m?{}:e.searchEngine?await e.searchEngine.countFacets(o,a,g):{},l=!!o.field;let f=[];if(l){const c=o.field,n=c&&g.get(c);if(n){const h={...n};h.values=r?.[c]||[],f.push(h)}}else{const c=new Map;for(const[n,h]of g){const y=r?.[n],d={...h};d.values=y||h.values.map(b=>({value:b,count:0})),c.set(n,d)}f=Array.from(c,([,n])=>n)}return i.verboseTime(u,"Search facets"),t.json(f)}))}export{j as searchFacetsHandler,F as searchHandler};

package/dist/types/api.d.ts

@@ -0,0 +1,15 @@
+import type { SearchFacetCount, SearchItemData } from '@redocly/theme/core/types';
+import type { z } from 'zod';
+import type { searchFacetsRequestSchema } from '../api-schemas/search-facets.js';
+import type { searchRequestSchema } from '../api-schemas/search.js';
+export type SearchRequestParams = z.infer<typeof searchRequestSchema>;
+export type FacetCountsRequestParams = z.infer<typeof searchFacetsRequestSchema>;
+export type SearchResponse = {
+    facets: {
+        [key: string]: SearchFacetCount[];
+    };
+    documents: {
+        [key: string]: SearchItemData[];
+    };
+};
+//# sourceMappingURL=api.d.ts.map

package/dist/types/index.d.ts

@@ -5,6 +5,6 @@ export type * from './errors.js';
 export type * from './global-data.js';
 export type * from './extended-page-data.js';
 export type * from './markdoc.js';
-export type * from './search.js';
+export type * from './api.js';
 export type * from './ssr.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/utils/auth/build-login-url.js

@@ -1 +1 @@
-import{ServerRoutes as u}from"../../constants/common.js";import{appendQueryParams as m}from"../url/append-query-params.js";function s(r,e,o,n={}){if(!r)return;const t=u.IDP_LOGIN,i={idpId:r,localePrefix:e,redirectTo:o||"",...n};return m(t,i)}export{s as buildLoginUrl};
+import{ServerRoutes as u}from"../../constants/api.js";import{appendQueryParams as m}from"../url/append-query-params.js";function s(r,e,o,n={}){if(!r)return;const t=u.IDP_LOGIN,i={idpId:r,localePrefix:e,redirectTo:o||"",...n};return m(t,i)}export{s as buildLoginUrl};

package/dist/utils/auth/is-auth-route-path.js

@@ -1 +1 @@
-import{withoutPathPrefix as i}from"@redocly/theme/core/utils";import{AUTH_SEGMENT as r}from"../../constants/common.js";function n(e){const t=i(e);return(t.startsWith("/")?t:`/${t}`).split("/").filter(Boolean)}function f(e){return n(e)[0]===r}export{f as isAuthRoutePath};
+import{withoutPathPrefix as i}from"@redocly/theme/core/utils";import{AUTH_SEGMENT as r}from"../../constants/api.js";function n(e){const t=i(e);return(t.startsWith("/")?t:`/${t}`).split("/").filter(Boolean)}function f(e){return n(e)[0]===r}export{f as isAuthRoutePath};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@redocly/redoc-reef",
-  "version": "0.135.0-next.2",
+  "version": "0.135.0-next.4",
   "description": "",
   "type": "module",
   "bin": {
@@ -17,17 +17,18 @@
     "@babel/core": "7.29.7",
     "@dr.pogodin/react-helmet": "3.0.2",
     "@emotion/is-prop-valid": "^1.3.1",
+    "@hono/zod-validator": "0.8.0",
     "@libsql/client": "0.17.3",
     "@markdoc/markdoc": "0.5.2",
     "@opentelemetry/api": "1.9.0",
     "@opentelemetry/context-zone": "2.0.1",
-    "@opentelemetry/core": "2.0.1",
-    "@opentelemetry/exporter-trace-otlp-http": "0.214.0",
-    "@opentelemetry/instrumentation": "0.202.0",
-    "@opentelemetry/instrumentation-http": "0.202.0",
-    "@opentelemetry/resources": "2.6.1",
-    "@opentelemetry/sdk-trace-node": "2.6.1",
-    "@opentelemetry/sdk-trace-web": "2.6.1",
+    "@opentelemetry/core": "2.8.0",
+    "@opentelemetry/exporter-trace-otlp-http": "0.219.0",
+    "@opentelemetry/instrumentation": "0.219.0",
+    "@opentelemetry/instrumentation-http": "0.219.0",
+    "@opentelemetry/resources": "2.8.0",
+    "@opentelemetry/sdk-trace-node": "2.8.0",
+    "@opentelemetry/sdk-trace-web": "2.8.0",
     "@opentelemetry/semantic-conventions": "1.40.0",
     "@redocly/ajv": "8.18.0",
     "@redocly/openapi-core": "2.32.1",
@@ -54,11 +55,11 @@
     "flexsearch": "0.7.43",
     "graphql": "16.12.0",
     "gray-matter": "4.0.3",
-    "hono": "4.12.23",
+    "hono": "4.12.25",
     "htmlparser2": "8.0.2",
     "i18next": "22.4.15",
     "is-glob": "4.0.3",
-    "js-yaml": "4.1.1",
+    "js-yaml": "4.2.0",
     "lru-cache": "11.1.0",
     "minimatch": "10.2.4",
     "mri": "1.2.0",
@@ -91,14 +92,14 @@
     "xpath": "0.0.34",
     "yaml-ast-parser": "0.0.43",
     "zod": "^3.25.76",
-    "@redocly/asyncapi-docs": "1.12.0-next.2",
+    "@redocly/asyncapi-docs": "1.12.0-next.4",
     "@redocly/config": "0.49.0",
-    "@redocly/graphql-docs": "1.12.0-next.2",
-    "@redocly/openapi-docs": "3.23.0-next.2",
+    "@redocly/graphql-docs": "1.12.0-next.4",
+    "@redocly/openapi-docs": "3.23.0-next.4",
     "@redocly/portal-legacy-ui": "0.18.0-next.0",
-    "@redocly/portal-plugin-mock-server": "0.20.0-next.2",
-    "@redocly/realm-asyncapi-sdk": "0.13.0-next.0",
-    "@redocly/theme": "0.67.0-next.1"
+    "@redocly/portal-plugin-mock-server": "0.20.0-next.4",
+    "@redocly/realm-asyncapi-sdk": "0.13.0-next.2",
+    "@redocly/theme": "0.67.0-next.3"
   },
   "peerDependencies": {
     "react": "^19.2.4",

package/dist/types/search.d.ts

@@ -1,29 +0,0 @@
-import type { SearchFilterItem, SearchItemData, SearchFacetCount } from '@redocly/theme/core/types';
-import type { AuthDetails } from '../server/types';
-export type SearchRequestParams = {
-    auth: AuthDetails;
-    query: string;
-    locale: string;
-    filter?: SearchFilterItem[];
-    loadMore?: {
-        groupKey: string;
-        offset: number;
-    };
-};
-export type SearchResponse = {
-    facets: {
-        [key: string]: SearchFacetCount[];
-    };
-    documents: {
-        [key: string]: SearchItemData[];
-    };
-};
-export type FacetCountsRequestParams = {
-    auth: AuthDetails;
-    locale: string;
-    field?: string;
-    query?: string;
-    filter?: SearchFilterItem[];
-    facetQuery?: string;
-};
-//# sourceMappingURL=search.d.ts.map