@rekog/mcp-nest 1.9.1 → 1.9.3-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authz/guards/jwt-auth.guard.d.ts +2 -2
- package/dist/authz/guards/jwt-auth.guard.d.ts.map +1 -1
- package/dist/authz/guards/jwt-auth.guard.js +108 -0
- package/dist/authz/guards/jwt-auth.guard.js.map +1 -0
- package/dist/authz/index.js +27 -0
- package/dist/authz/index.js.map +1 -0
- package/dist/authz/interfaces/oauth-common.interface.d.ts +21 -0
- package/dist/authz/interfaces/oauth-common.interface.d.ts.map +1 -0
- package/dist/authz/interfaces/oauth-common.interface.js +3 -0
- package/dist/authz/interfaces/oauth-common.interface.js.map +1 -0
- package/dist/authz/interfaces/request-with-user.d.ts +13 -0
- package/dist/authz/interfaces/request-with-user.d.ts.map +1 -0
- package/dist/authz/interfaces/request-with-user.js +3 -0
- package/dist/authz/interfaces/request-with-user.js.map +1 -0
- package/dist/authz/mcp-oauth.controller.d.ts +81 -0
- package/dist/authz/mcp-oauth.controller.d.ts.map +1 -0
- package/dist/authz/mcp-oauth.controller.js +540 -0
- package/dist/authz/mcp-oauth.controller.js.map +1 -0
- package/dist/authz/mcp-oauth.module.d.ts +1 -1
- package/dist/authz/mcp-oauth.module.d.ts.map +1 -1
- package/dist/authz/mcp-oauth.module.js +271 -0
- package/dist/authz/mcp-oauth.module.js.map +1 -0
- package/dist/authz/providers/azure-ad.provider.d.ts +3 -0
- package/dist/authz/providers/azure-ad.provider.d.ts.map +1 -0
- package/dist/authz/providers/azure-ad.provider.js +37 -0
- package/dist/authz/providers/azure-ad.provider.js.map +1 -0
- package/dist/authz/providers/github.provider.d.ts +3 -0
- package/dist/authz/providers/github.provider.d.ts.map +1 -0
- package/dist/authz/providers/github.provider.js +24 -0
- package/dist/authz/providers/github.provider.js.map +1 -0
- package/dist/authz/providers/google.provider.d.ts +3 -0
- package/dist/authz/providers/google.provider.d.ts.map +1 -0
- package/dist/authz/providers/google.provider.js +25 -0
- package/dist/authz/providers/google.provider.js.map +1 -0
- package/dist/authz/providers/oauth-provider.interface.d.ts +107 -0
- package/dist/authz/providers/oauth-provider.interface.d.ts.map +1 -0
- package/dist/authz/providers/oauth-provider.interface.js +3 -0
- package/dist/authz/providers/oauth-provider.interface.js.map +1 -0
- package/dist/authz/services/client.service.d.ts +12 -0
- package/dist/authz/services/client.service.d.ts.map +1 -0
- package/dist/authz/services/client.service.js +81 -0
- package/dist/authz/services/client.service.js.map +1 -0
- package/dist/authz/services/jwt-token.service.d.ts +37 -0
- package/dist/authz/services/jwt-token.service.d.ts.map +1 -0
- package/dist/authz/services/jwt-token.service.js +182 -0
- package/dist/authz/services/jwt-token.service.js.map +1 -0
- package/dist/authz/services/jwt-token.service.spec.d.ts +2 -0
- package/dist/authz/services/jwt-token.service.spec.d.ts.map +1 -0
- package/dist/authz/services/jwt-token.service.spec.js +86 -0
- package/dist/authz/services/jwt-token.service.spec.js.map +1 -0
- package/dist/authz/services/oauth-strategy.service.d.ts +13 -0
- package/dist/authz/services/oauth-strategy.service.d.ts.map +1 -0
- package/dist/authz/services/oauth-strategy.service.js +71 -0
- package/dist/authz/services/oauth-strategy.service.js.map +1 -0
- package/dist/authz/stores/memory-store.service.d.ts +27 -0
- package/dist/authz/stores/memory-store.service.d.ts.map +1 -0
- package/dist/authz/stores/memory-store.service.js +107 -0
- package/dist/authz/stores/memory-store.service.js.map +1 -0
- package/dist/authz/stores/memory-store.service.spec.d.ts +2 -0
- package/dist/authz/stores/memory-store.service.spec.d.ts.map +1 -0
- package/dist/authz/stores/memory-store.service.spec.js +382 -0
- package/dist/authz/stores/memory-store.service.spec.js.map +1 -0
- package/dist/authz/stores/oauth-store.interface.d.ts +61 -0
- package/dist/authz/stores/oauth-store.interface.d.ts.map +1 -0
- package/dist/authz/stores/oauth-store.interface.js +5 -0
- package/dist/authz/stores/oauth-store.interface.js.map +1 -0
- package/dist/authz/stores/typeorm/constants.d.ts +3 -0
- package/dist/authz/stores/typeorm/constants.d.ts.map +1 -0
- package/dist/authz/stores/typeorm/constants.js +6 -0
- package/dist/authz/stores/typeorm/constants.js.map +1 -0
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts +15 -0
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts.map +1 -0
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js +69 -0
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js.map +1 -0
- package/dist/authz/stores/typeorm/entities/index.d.ts +5 -0
- package/dist/authz/stores/typeorm/entities/index.d.ts.map +1 -0
- package/dist/authz/stores/typeorm/entities/index.js +12 -0
- package/dist/authz/stores/typeorm/entities/index.js.map +1 -0
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts +17 -0
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts.map +1 -0
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js +77 -0
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js.map +1 -0
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts +14 -0
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts.map +1 -0
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js +65 -0
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js.map +1 -0
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts +13 -0
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts.map +1 -0
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js +62 -0
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js.map +1 -0
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts +28 -0
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts.map +1 -0
- package/dist/authz/stores/typeorm/typeorm-store.service.js +138 -0
- package/dist/authz/stores/typeorm/typeorm-store.service.js.map +1 -0
- package/dist/authz/stores/typeorm/typeorm-store.service.spec.d.ts +2 -0
- package/dist/authz/stores/typeorm/typeorm-store.service.spec.d.ts.map +1 -0
- package/dist/authz/stores/typeorm/typeorm-store.service.spec.js +340 -0
- package/dist/authz/stores/typeorm/typeorm-store.service.spec.js.map +1 -0
- package/dist/index.js +19 -0
- package/dist/index.js.map +1 -0
- package/dist/mcp/adapters/express-http.adapter.d.ts +7 -0
- package/dist/mcp/adapters/express-http.adapter.d.ts.map +1 -0
- package/dist/mcp/adapters/express-http.adapter.js +50 -0
- package/dist/mcp/adapters/express-http.adapter.js.map +1 -0
- package/dist/mcp/adapters/fastify-http.adapter.d.ts +23 -0
- package/dist/mcp/adapters/fastify-http.adapter.d.ts.map +1 -0
- package/dist/mcp/adapters/fastify-http.adapter.js +57 -0
- package/dist/mcp/adapters/fastify-http.adapter.js.map +1 -0
- package/dist/mcp/adapters/http-adapter.factory.d.ts +11 -0
- package/dist/mcp/adapters/http-adapter.factory.d.ts.map +1 -0
- package/dist/mcp/adapters/http-adapter.factory.js +61 -0
- package/dist/mcp/adapters/http-adapter.factory.js.map +1 -0
- package/dist/mcp/adapters/index.d.ts +4 -0
- package/dist/mcp/adapters/index.d.ts.map +1 -0
- package/dist/mcp/adapters/index.js +20 -0
- package/dist/mcp/adapters/index.js.map +1 -0
- package/dist/mcp/decorators/constants.d.ts +5 -0
- package/dist/mcp/decorators/constants.d.ts.map +1 -0
- package/dist/mcp/decorators/constants.js +8 -0
- package/dist/mcp/decorators/constants.js.map +1 -0
- package/dist/mcp/decorators/public.decorator.d.ts +3 -0
- package/dist/mcp/decorators/public.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/public.decorator.js +8 -0
- package/dist/mcp/decorators/public.decorator.js.map +1 -0
- package/dist/mcp/decorators/require-roles.decorator.d.ts +3 -0
- package/dist/mcp/decorators/require-roles.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/require-roles.decorator.js +13 -0
- package/dist/mcp/decorators/require-roles.decorator.js.map +1 -0
- package/dist/mcp/decorators/require-scopes.decorator.d.ts +3 -0
- package/dist/mcp/decorators/require-scopes.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/require-scopes.decorator.js +13 -0
- package/dist/mcp/decorators/require-scopes.decorator.js.map +1 -0
- package/dist/mcp/decorators/resource-template.decorator.d.ts +16 -0
- package/dist/mcp/decorators/resource-template.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/resource-template.decorator.js +10 -0
- package/dist/mcp/decorators/resource-template.decorator.js.map +1 -0
- package/dist/mcp/decorators/resource.decorator.d.ts +16 -0
- package/dist/mcp/decorators/resource.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/resource.decorator.js +10 -0
- package/dist/mcp/decorators/resource.decorator.js.map +1 -0
- package/dist/mcp/decorators/tool-roles.decorator.d.ts +3 -0
- package/dist/mcp/decorators/tool-roles.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/tool-roles.decorator.js +13 -0
- package/dist/mcp/decorators/tool-roles.decorator.js.map +1 -0
- package/dist/mcp/decorators/tool-scopes.decorator.d.ts +3 -0
- package/dist/mcp/decorators/tool-scopes.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/tool-scopes.decorator.js +13 -0
- package/dist/mcp/decorators/tool-scopes.decorator.js.map +1 -0
- package/dist/mcp/decorators/tool.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/tool.decorator.js +1 -1
- package/dist/mcp/decorators/tool.decorator.js.map +1 -1
- package/dist/mcp/index.js +24 -0
- package/dist/mcp/index.js.map +1 -0
- package/dist/mcp/interfaces/http-adapter.interface.d.ts +27 -0
- package/dist/mcp/interfaces/http-adapter.interface.d.ts.map +1 -0
- package/dist/mcp/interfaces/http-adapter.interface.js +3 -0
- package/dist/mcp/interfaces/http-adapter.interface.js.map +1 -0
- package/dist/mcp/interfaces/index.d.ts +5 -0
- package/dist/mcp/interfaces/index.d.ts.map +1 -0
- package/dist/mcp/interfaces/index.js +6 -0
- package/dist/mcp/interfaces/index.js.map +1 -0
- package/dist/mcp/interfaces/mcp-options.interface.d.ts +46 -0
- package/dist/mcp/interfaces/mcp-options.interface.d.ts.map +1 -0
- package/dist/mcp/interfaces/mcp-options.interface.js +10 -0
- package/dist/mcp/interfaces/mcp-options.interface.js.map +1 -0
- package/dist/mcp/interfaces/mcp-tool.interface.d.ts +21 -0
- package/dist/mcp/interfaces/mcp-tool.interface.d.ts.map +1 -0
- package/dist/mcp/interfaces/mcp-tool.interface.js +3 -0
- package/dist/mcp/interfaces/mcp-tool.interface.js.map +1 -0
- package/dist/mcp/mcp.module.js +205 -0
- package/dist/mcp/mcp.module.js.map +1 -0
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts +1 -2
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts.map +1 -1
- package/dist/mcp/services/handlers/mcp-handler.base.js +86 -0
- package/dist/mcp/services/handlers/mcp-handler.base.js.map +1 -0
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts +1 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts.map +1 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.js +90 -0
- package/dist/mcp/services/handlers/mcp-prompts.handler.js.map +1 -0
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts +1 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts.map +1 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.js +110 -0
- package/dist/mcp/services/handlers/mcp-resources.handler.js.map +1 -0
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts +1 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts.map +1 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.js.map +1 -1
- package/dist/mcp/services/mcp-executor.service.d.ts +1 -1
- package/dist/mcp/services/mcp-executor.service.d.ts.map +1 -1
- package/dist/mcp/services/mcp-executor.service.js +46 -0
- package/dist/mcp/services/mcp-executor.service.js.map +1 -0
- package/dist/mcp/services/mcp-registry.service.d.ts +1 -1
- package/dist/mcp/services/mcp-registry.service.d.ts.map +1 -1
- package/dist/mcp/services/mcp-registry.service.js.map +1 -1
- package/dist/mcp/services/mcp-sse.service.d.ts +1 -1
- package/dist/mcp/services/mcp-sse.service.d.ts.map +1 -1
- package/dist/mcp/services/mcp-sse.service.js +97 -0
- package/dist/mcp/services/mcp-sse.service.js.map +1 -0
- package/dist/mcp/services/mcp-streamable-http.service.d.ts +1 -1
- package/dist/mcp/services/mcp-streamable-http.service.d.ts.map +1 -1
- package/dist/mcp/services/mcp-streamable-http.service.js +337 -0
- package/dist/mcp/services/mcp-streamable-http.service.js.map +1 -0
- package/dist/mcp/services/sse-ping.service.d.ts +23 -0
- package/dist/mcp/services/sse-ping.service.d.ts.map +1 -0
- package/dist/mcp/services/sse-ping.service.js +99 -0
- package/dist/mcp/services/sse-ping.service.js.map +1 -0
- package/dist/mcp/transport/custom-decorator.spec.js +34 -0
- package/dist/mcp/transport/custom-decorator.spec.js.map +1 -0
- package/dist/mcp/transport/sse.controller.factory.d.ts +1 -1
- package/dist/mcp/transport/sse.controller.factory.d.ts.map +1 -1
- package/dist/mcp/transport/sse.controller.factory.js +67 -0
- package/dist/mcp/transport/sse.controller.factory.js.map +1 -0
- package/dist/mcp/transport/stdio.service.d.ts +1 -1
- package/dist/mcp/transport/stdio.service.d.ts.map +1 -1
- package/dist/mcp/transport/stdio.service.js +61 -0
- package/dist/mcp/transport/stdio.service.js.map +1 -0
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts +1 -1
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts.map +1 -1
- package/dist/mcp/transport/streamable-http.controller.factory.js +74 -0
- package/dist/mcp/transport/streamable-http.controller.factory.js.map +1 -0
- package/dist/mcp/utils/capabilities-builder.d.ts +1 -1
- package/dist/mcp/utils/capabilities-builder.d.ts.map +1 -1
- package/dist/mcp/utils/capabilities-builder.js +25 -0
- package/dist/mcp/utils/capabilities-builder.js.map +1 -0
- package/dist/mcp/utils/mcp-logger.factory.d.ts +4 -0
- package/dist/mcp/utils/mcp-logger.factory.d.ts.map +1 -0
- package/dist/mcp/utils/mcp-logger.factory.js +60 -0
- package/dist/mcp/utils/mcp-logger.factory.js.map +1 -0
- package/dist/mcp/utils/mcp-logger.factory.spec.d.ts +2 -0
- package/dist/mcp/utils/mcp-logger.factory.spec.d.ts.map +1 -0
- package/dist/mcp/utils/mcp-logger.factory.spec.js +150 -0
- package/dist/mcp/utils/mcp-logger.factory.spec.js.map +1 -0
- package/dist/mcp/utils/normalize-endpoint.d.ts +2 -0
- package/dist/mcp/utils/normalize-endpoint.d.ts.map +1 -0
- package/dist/mcp/utils/normalize-endpoint.js +30 -0
- package/dist/mcp/utils/normalize-endpoint.js.map +1 -0
- package/dist/mcp/utils/normalize-endpoint.spec.d.ts +2 -0
- package/dist/mcp/utils/normalize-endpoint.spec.d.ts.map +1 -0
- package/dist/mcp/utils/normalize-endpoint.spec.js +40 -0
- package/dist/mcp/utils/normalize-endpoint.spec.js.map +1 -0
- package/package.json +2 -1
- package/src/authz/guards/jwt-auth.guard.ts +2 -2
- package/src/authz/interfaces/oauth-common.interface.ts +21 -0
- package/src/authz/mcp-oauth.controller.ts +7 -3
- package/src/authz/mcp-oauth.module.ts +1 -1
- package/src/authz/providers/oauth-provider.interface.ts +8 -23
- package/src/authz/services/client.service.ts +2 -2
- package/src/authz/services/jwt-token.service.ts +1 -1
- package/src/authz/services/oauth-strategy.service.ts +1 -1
- package/src/authz/stores/memory-store.service.spec.ts +2 -2
- package/src/authz/stores/memory-store.service.ts +1 -1
- package/src/authz/stores/oauth-store.interface.ts +4 -2
- package/src/authz/stores/typeorm/typeorm-store.service.ts +3 -3
- package/src/mcp/decorators/tool.decorator.ts +1 -1
- package/src/mcp/interfaces/index.ts +17 -3
- package/src/mcp/services/handlers/mcp-handler.base.ts +6 -2
- package/src/mcp/services/handlers/mcp-prompts.handler.ts +1 -1
- package/src/mcp/services/handlers/mcp-resources.handler.ts +1 -1
- package/src/mcp/services/handlers/mcp-tools.handler.ts +4 -2
- package/src/mcp/services/mcp-executor.service.ts +1 -1
- package/src/mcp/services/mcp-registry.service.ts +1 -1
- package/src/mcp/services/mcp-sse.service.ts +1 -1
- package/src/mcp/services/mcp-streamable-http.service.ts +1 -1
- package/src/mcp/services/sse-ping.service.ts +1 -1
- package/src/mcp/transport/sse.controller.factory.ts +1 -1
- package/src/mcp/transport/stdio.service.ts +2 -1
- package/src/mcp/transport/streamable-http.controller.factory.ts +1 -1
- package/src/mcp/utils/capabilities-builder.ts +1 -1
- package/src/mcp/utils/mcp-logger.factory.spec.ts +1 -1
- package/src/mcp/utils/mcp-logger.factory.ts +1 -1
|
@@ -2,8 +2,8 @@ import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
|
2
2
|
import { ModuleRef } from '@nestjs/core';
|
|
3
3
|
import { Request } from 'express';
|
|
4
4
|
import { JwtPayload, JwtTokenService } from '../services/jwt-token.service';
|
|
5
|
-
import { IOAuthStore } from '../stores/oauth-store.interface';
|
|
6
|
-
import { McpOptions } from '../../mcp';
|
|
5
|
+
import type { IOAuthStore } from '../stores/oauth-store.interface';
|
|
6
|
+
import type { McpOptions } from '../../mcp';
|
|
7
7
|
export interface AuthenticatedRequest extends Request {
|
|
8
8
|
user: JwtPayload;
|
|
9
9
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-auth.guard.d.ts","sourceRoot":"","sources":["../../../src/authz/guards/jwt-auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAIjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;
|
|
1
|
+
{"version":3,"file":"jwt-auth.guard.d.ts","sourceRoot":"","sources":["../../../src/authz/guards/jwt-auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAIjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAE5C,MAAM,WAAW,oBAAqB,SAAQ,OAAO;IACnD,IAAI,EAAE,UAAU,CAAC;CAClB;AAED,qBACa,eAAgB,YAAW,WAAW;IAEnC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAG5C,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAG1B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAPI,eAAe,EAAE,eAAe,GAAG,IAAI,EAGnD,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,SAAS,EAAE,SAAS,EAGpB,OAAO,CAAC,EAAE,UAAU,YAAA;IAGjC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;IAsF9D,OAAO,CAAC,sBAAsB;CAS/B"}
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.McpAuthJwtGuard = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const core_1 = require("@nestjs/core");
|
|
18
|
+
const jwt_token_service_1 = require("../services/jwt-token.service");
|
|
19
|
+
let McpAuthJwtGuard = class McpAuthJwtGuard {
|
|
20
|
+
constructor(jwtTokenService, store, moduleRef, options) {
|
|
21
|
+
this.jwtTokenService = jwtTokenService;
|
|
22
|
+
this.store = store;
|
|
23
|
+
this.moduleRef = moduleRef;
|
|
24
|
+
this.options = options;
|
|
25
|
+
}
|
|
26
|
+
async canActivate(context) {
|
|
27
|
+
const request = context.switchToHttp().getRequest();
|
|
28
|
+
const token = this.extractTokenFromHeader(request);
|
|
29
|
+
const allowUnauthenticated = this.options?.allowUnauthenticatedAccess ?? false;
|
|
30
|
+
if (!token) {
|
|
31
|
+
if (allowUnauthenticated) {
|
|
32
|
+
return true;
|
|
33
|
+
}
|
|
34
|
+
else {
|
|
35
|
+
throw new common_1.UnauthorizedException('Access token required');
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
const jwtTokenService = this.jwtTokenService ||
|
|
39
|
+
this.moduleRef.get(jwt_token_service_1.JwtTokenService, { strict: false });
|
|
40
|
+
const store = this.store ||
|
|
41
|
+
this.moduleRef.get('IOAuthStore', { strict: false });
|
|
42
|
+
if (!jwtTokenService || !store) {
|
|
43
|
+
throw new common_1.UnauthorizedException('Authentication service not available');
|
|
44
|
+
}
|
|
45
|
+
const payload = jwtTokenService.validateToken(token);
|
|
46
|
+
if (!payload) {
|
|
47
|
+
throw new common_1.UnauthorizedException('Invalid or expired access token');
|
|
48
|
+
}
|
|
49
|
+
const enriched = { ...payload };
|
|
50
|
+
try {
|
|
51
|
+
if (!enriched.user_data && enriched.user_profile_id) {
|
|
52
|
+
const profile = await store.getUserProfileById(enriched.user_profile_id);
|
|
53
|
+
if (profile) {
|
|
54
|
+
enriched.user_data = profile;
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
const ud = enriched.user_data || {};
|
|
58
|
+
enriched.username =
|
|
59
|
+
enriched.username || ud.username || ud.id || enriched.sub;
|
|
60
|
+
enriched.email = enriched.email || ud.email;
|
|
61
|
+
enriched.displayName = enriched.displayName || ud.displayName;
|
|
62
|
+
enriched.avatarUrl = enriched.avatarUrl || ud.avatarUrl;
|
|
63
|
+
enriched.name =
|
|
64
|
+
enriched.name ||
|
|
65
|
+
ud.displayName ||
|
|
66
|
+
ud.username ||
|
|
67
|
+
ud.email ||
|
|
68
|
+
enriched.sub;
|
|
69
|
+
if (enriched.scope && typeof enriched.scope === 'string') {
|
|
70
|
+
enriched.scopes = enriched.scope
|
|
71
|
+
.split(' ')
|
|
72
|
+
.filter((s) => s.length > 0);
|
|
73
|
+
}
|
|
74
|
+
else if (!enriched.scopes) {
|
|
75
|
+
enriched.scopes = [];
|
|
76
|
+
}
|
|
77
|
+
if (!enriched.roles && ud.roles && Array.isArray(ud.roles)) {
|
|
78
|
+
enriched.roles = ud.roles;
|
|
79
|
+
}
|
|
80
|
+
else if (!enriched.roles) {
|
|
81
|
+
enriched.roles = [];
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
catch {
|
|
85
|
+
}
|
|
86
|
+
request.user = enriched;
|
|
87
|
+
return true;
|
|
88
|
+
}
|
|
89
|
+
extractTokenFromHeader(request) {
|
|
90
|
+
const authHeader = request.headers.authorization;
|
|
91
|
+
if (!authHeader) {
|
|
92
|
+
return undefined;
|
|
93
|
+
}
|
|
94
|
+
const [type, token] = authHeader.split(' ');
|
|
95
|
+
return type === 'Bearer' ? token : undefined;
|
|
96
|
+
}
|
|
97
|
+
};
|
|
98
|
+
exports.McpAuthJwtGuard = McpAuthJwtGuard;
|
|
99
|
+
exports.McpAuthJwtGuard = McpAuthJwtGuard = __decorate([
|
|
100
|
+
(0, common_1.Injectable)(),
|
|
101
|
+
__param(0, (0, common_1.Optional)()),
|
|
102
|
+
__param(1, (0, common_1.Optional)()),
|
|
103
|
+
__param(1, (0, common_1.Inject)('IOAuthStore')),
|
|
104
|
+
__param(3, (0, common_1.Optional)()),
|
|
105
|
+
__param(3, (0, common_1.Inject)('MCP_OPTIONS')),
|
|
106
|
+
__metadata("design:paramtypes", [Object, Object, core_1.ModuleRef, Object])
|
|
107
|
+
], McpAuthJwtGuard);
|
|
108
|
+
//# sourceMappingURL=jwt-auth.guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-auth.guard.js","sourceRoot":"","sources":["../../../src/authz/guards/jwt-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAOwB;AACxB,uCAAyC;AAEzC,qEAA4E;AASrE,IAAM,eAAe,GAArB,MAAM,eAAe;IAC1B,YAC+B,eAAuC,EAGnD,KAAyB,EACzB,SAAoB,EAGpB,OAAoB;QAPR,oBAAe,GAAf,eAAe,CAAwB;QAGnD,UAAK,GAAL,KAAK,CAAoB;QACzB,cAAS,GAAT,SAAS,CAAW;QAGpB,YAAO,GAAP,OAAO,CAAa;IACpC,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAwB,CAAC;QAC1E,MAAM,KAAK,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAGnD,MAAM,oBAAoB,GACxB,IAAI,CAAC,OAAO,EAAE,0BAA0B,IAAI,KAAK,CAAC;QAEpD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,oBAAoB,EAAE,CAAC;gBAGzB,OAAO,IAAI,CAAC;YACd,CAAC;iBAAM,CAAC;gBAEN,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAGD,MAAM,eAAe,GACnB,IAAI,CAAC,eAAe;YACpB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,mCAAe,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,MAAM,KAAK,GACT,IAAI,CAAC,KAAK;YACV,IAAI,CAAC,SAAS,CAAC,GAAG,CAAc,aAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,eAAe,IAAI,CAAC,KAAK,EAAE,CAAC;YAC/B,MAAM,IAAI,8BAAqB,CAAC,sCAAsC,CAAC,CAAC;QAC1E,CAAC;QAGD,MAAM,OAAO,GAAG,eAAe,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAErD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC,iCAAiC,CAAC,CAAC;QACrE,CAAC;QAGD,MAAM,QAAQ,GAAQ,EAAE,GAAG,OAAO,EAAE,CAAC;QACrC,IAAI,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;gBACpD,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAC5C,QAAQ,CAAC,eAAe,CACzB,CAAC;gBACF,IAAI,OAAO,EAAE,CAAC;oBACZ,QAAQ,CAAC,SAAS,GAAG,OAAO,CAAC;gBAC/B,CAAC;YACH,CAAC;YACD,MAAM,EAAE,GAAG,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;YAEpC,QAAQ,CAAC,QAAQ;gBACf,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,IAAI,QAAQ,CAAC,GAAG,CAAC;YAC5D,QAAQ,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,KAAK,CAAC;YAC5C,QAAQ,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,IAAI,EAAE,CAAC,WAAW,CAAC;YAC9D,QAAQ,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC,SAAS,CAAC;YACxD,QAAQ,CAAC,IAAI;gBACX,QAAQ,CAAC,IAAI;oBACb,EAAE,CAAC,WAAW;oBACd,EAAE,CAAC,QAAQ;oBACX,EAAE,CAAC,KAAK;oBACR,QAAQ,CAAC,GAAG,CAAC;YAGf,IAAI,QAAQ,CAAC,KAAK,IAAI,OAAO,QAAQ,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACzD,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,KAAK;qBAC7B,KAAK,CAAC,GAAG,CAAC;qBACV,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACzC,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC5B,QAAQ,CAAC,MAAM,GAAG,EAAE,CAAC;YACvB,CAAC;YAGD,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3D,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC;YAC5B,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAC3B,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAC;YACtB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,OAAO,CAAC,IAAI,GAAG,QAAsB,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,sBAAsB,CAAC,OAAgB;QAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/C,CAAC;CACF,CAAA;AA3GY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,aAAa,CAAC,CAAA;IAGrB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,aAAa,CAAC,CAAA;qDAFM,gBAAS;GAN5B,eAAe,CA2G3B","sourcesContent":["import {\n Injectable,\n CanActivate,\n ExecutionContext,\n UnauthorizedException,\n Inject,\n Optional,\n} from '@nestjs/common';\nimport { ModuleRef } from '@nestjs/core';\nimport { Request } from 'express';\nimport { JwtPayload, JwtTokenService } from '../services/jwt-token.service';\nimport type { IOAuthStore } from '../stores/oauth-store.interface';\nimport type { McpOptions } from '../../mcp';\n\nexport interface AuthenticatedRequest extends Request {\n user: JwtPayload;\n}\n\n@Injectable()\nexport class McpAuthJwtGuard implements CanActivate {\n constructor(\n @Optional() private readonly jwtTokenService: JwtTokenService | null,\n @Optional()\n @Inject('IOAuthStore')\n private readonly store: IOAuthStore | null,\n private readonly moduleRef: ModuleRef,\n @Optional()\n @Inject('MCP_OPTIONS')\n private readonly options?: McpOptions,\n ) {}\n\n async canActivate(context: ExecutionContext): Promise<boolean> {\n const request = context.switchToHttp().getRequest<AuthenticatedRequest>();\n const token = this.extractTokenFromHeader(request);\n\n // Check if unauthenticated access is allowed\n const allowUnauthenticated =\n this.options?.allowUnauthenticatedAccess ?? false;\n\n if (!token) {\n if (allowUnauthenticated) {\n // Allow unauthenticated sessions\n // Per-tool authorization will decide what's accessible (@PublicTool() tools only)\n return true;\n } else {\n // Standard OAuth flow: Reject and trigger authorization\n throw new UnauthorizedException('Access token required');\n }\n }\n\n // Resolve services dynamically if not injected directly\n const jwtTokenService =\n this.jwtTokenService ||\n this.moduleRef.get(JwtTokenService, { strict: false });\n const store =\n this.store ||\n this.moduleRef.get<IOAuthStore>('IOAuthStore', { strict: false });\n\n if (!jwtTokenService || !store) {\n throw new UnauthorizedException('Authentication service not available');\n }\n\n // If a token is provided, it must be valid\n const payload = jwtTokenService.validateToken(token);\n\n if (!payload) {\n throw new UnauthorizedException('Invalid or expired access token');\n }\n\n // Enrich request.user with friendly fields for tools\n const enriched: any = { ...payload };\n try {\n if (!enriched.user_data && enriched.user_profile_id) {\n const profile = await store.getUserProfileById(\n enriched.user_profile_id,\n );\n if (profile) {\n enriched.user_data = profile;\n }\n }\n const ud = enriched.user_data || {};\n // Provide convenient top-level fields commonly used by tools\n enriched.username =\n enriched.username || ud.username || ud.id || enriched.sub;\n enriched.email = enriched.email || ud.email;\n enriched.displayName = enriched.displayName || ud.displayName;\n enriched.avatarUrl = enriched.avatarUrl || ud.avatarUrl;\n enriched.name =\n enriched.name ||\n ud.displayName ||\n ud.username ||\n ud.email ||\n enriched.sub;\n\n // Parse scopes: OAuth 2.0 standard is space-delimited string in 'scope' field\n if (enriched.scope && typeof enriched.scope === 'string') {\n enriched.scopes = enriched.scope\n .split(' ')\n .filter((s: string) => s.length > 0);\n } else if (!enriched.scopes) {\n enriched.scopes = [];\n }\n\n // Extract roles from user_data if present\n if (!enriched.roles && ud.roles && Array.isArray(ud.roles)) {\n enriched.roles = ud.roles;\n } else if (!enriched.roles) {\n enriched.roles = [];\n }\n } catch {\n // Non-fatal; proceed with raw payload\n }\n\n request.user = enriched as JwtPayload;\n return true;\n }\n\n private extractTokenFromHeader(request: Request): string | undefined {\n const authHeader = request.headers.authorization;\n if (!authHeader) {\n return undefined;\n }\n\n const [type, token] = authHeader.split(' ');\n return type === 'Bearer' ? token : undefined;\n }\n}\n"]}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./mcp-oauth.controller"), exports);
|
|
18
|
+
__exportStar(require("./mcp-oauth.module"), exports);
|
|
19
|
+
__exportStar(require("./providers/oauth-provider.interface"), exports);
|
|
20
|
+
__exportStar(require("./providers/google.provider"), exports);
|
|
21
|
+
__exportStar(require("./providers/github.provider"), exports);
|
|
22
|
+
__exportStar(require("./providers/azure-ad.provider"), exports);
|
|
23
|
+
__exportStar(require("./stores/oauth-store.interface"), exports);
|
|
24
|
+
__exportStar(require("./stores/memory-store.service"), exports);
|
|
25
|
+
__exportStar(require("./interfaces/request-with-user"), exports);
|
|
26
|
+
__exportStar(require("./guards/jwt-auth.guard"), exports);
|
|
27
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/authz/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yDAAuC;AACvC,qDAAmC;AACnC,uEAAqD;AACrD,8DAA4C;AAC5C,8DAA4C;AAC5C,gEAA8C;AAC9C,iEAA+C;AAC/C,gEAA8C;AAC9C,iEAA+C;AAC/C,0DAAwC","sourcesContent":["export * from './mcp-oauth.controller';\nexport * from './mcp-oauth.module';\nexport * from './providers/oauth-provider.interface';\nexport * from './providers/google.provider';\nexport * from './providers/github.provider';\nexport * from './providers/azure-ad.provider';\nexport * from './stores/oauth-store.interface';\nexport * from './stores/memory-store.service';\nexport * from './interfaces/request-with-user';\nexport * from './guards/jwt-auth.guard';\n"]}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export interface OAuthUserProfile {
|
|
2
|
+
id: string;
|
|
3
|
+
username: string;
|
|
4
|
+
email?: string;
|
|
5
|
+
displayName?: string;
|
|
6
|
+
avatarUrl?: string;
|
|
7
|
+
raw?: any;
|
|
8
|
+
}
|
|
9
|
+
export interface OAuthSession {
|
|
10
|
+
sessionId: string;
|
|
11
|
+
state: string;
|
|
12
|
+
clientId?: string;
|
|
13
|
+
redirectUri?: string;
|
|
14
|
+
codeChallenge?: string;
|
|
15
|
+
codeChallengeMethod?: string;
|
|
16
|
+
oauthState?: string;
|
|
17
|
+
scope?: string;
|
|
18
|
+
resource?: string;
|
|
19
|
+
expiresAt: number;
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=oauth-common.interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-common.interface.d.ts","sourceRoot":"","sources":["../../../src/authz/interfaces/oauth-common.interface.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-common.interface.js","sourceRoot":"","sources":["../../../src/authz/interfaces/oauth-common.interface.ts"],"names":[],"mappings":"","sourcesContent":["export interface OAuthUserProfile {\n id: string;\n username: string;\n email?: string;\n displayName?: string;\n avatarUrl?: string;\n raw?: any; // Original profile data\n}\n\nexport interface OAuthSession {\n sessionId: string;\n state: string;\n clientId?: string;\n redirectUri?: string;\n codeChallenge?: string;\n codeChallengeMethod?: string;\n oauthState?: string;\n scope?: string;\n resource?: string;\n expiresAt: number;\n}\n"]}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { Request } from 'express';
|
|
2
|
+
import type { JwtPayload } from '../services/jwt-token.service';
|
|
3
|
+
export type McpUserPayload = JwtPayload & {
|
|
4
|
+
name?: string;
|
|
5
|
+
username?: string;
|
|
6
|
+
email?: string;
|
|
7
|
+
displayName?: string;
|
|
8
|
+
avatarUrl?: string;
|
|
9
|
+
};
|
|
10
|
+
export type McpRequestWithUser = Request & {
|
|
11
|
+
user: McpUserPayload;
|
|
12
|
+
};
|
|
13
|
+
//# sourceMappingURL=request-with-user.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request-with-user.d.ts","sourceRoot":"","sources":["../../../src/authz/interfaces/request-with-user.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAGhE,MAAM,MAAM,cAAc,GAAG,UAAU,GAAG;IACxC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG;IACzC,IAAI,EAAE,cAAc,CAAC;CACtB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request-with-user.js","sourceRoot":"","sources":["../../../src/authz/interfaces/request-with-user.ts"],"names":[],"mappings":"","sourcesContent":["import type { Request } from 'express';\nimport type { JwtPayload } from '../services/jwt-token.service';\n\n// Enriched user payload placed on request.user by McpAuthJwtGuard\nexport type McpUserPayload = JwtPayload & {\n name?: string;\n username?: string;\n email?: string;\n displayName?: string;\n avatarUrl?: string;\n};\n\n// Express Request with enriched user information\nexport type McpRequestWithUser = Request & {\n user: McpUserPayload;\n};\n"]}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { Logger } from '@nestjs/common';
|
|
2
|
+
import type { Request as ExpressRequest, NextFunction, Response } from 'express';
|
|
3
|
+
import type { OAuthEndpointConfiguration, OAuthModuleOptions, OAuthUserProfile } from './providers/oauth-provider.interface';
|
|
4
|
+
import { ClientService } from './services/client.service';
|
|
5
|
+
import { JwtTokenService, TokenPair } from './services/jwt-token.service';
|
|
6
|
+
import { OAuthStrategyService } from './services/oauth-strategy.service';
|
|
7
|
+
import type { IOAuthStore } from './stores/oauth-store.interface';
|
|
8
|
+
interface OAuthCallbackRequest extends ExpressRequest {
|
|
9
|
+
user?: {
|
|
10
|
+
profile: OAuthUserProfile;
|
|
11
|
+
accessToken: string;
|
|
12
|
+
provider: string;
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
interface RequestWithRawBody extends ExpressRequest {
|
|
16
|
+
rawBody?: Buffer;
|
|
17
|
+
textBody?: string;
|
|
18
|
+
}
|
|
19
|
+
export declare function createMcpOAuthController(endpoints?: OAuthEndpointConfiguration, options?: {
|
|
20
|
+
disableWellKnownProtectedResourceMetadata?: boolean;
|
|
21
|
+
disableWellKnownAuthorizationServerMetadata?: boolean;
|
|
22
|
+
}, authModuleId?: string): {
|
|
23
|
+
new (options: OAuthModuleOptions, store: IOAuthStore, jwtTokenService: JwtTokenService, clientService: ClientService, oauthStrategyService: OAuthStrategyService): {
|
|
24
|
+
readonly logger: Logger;
|
|
25
|
+
readonly serverUrl: string;
|
|
26
|
+
readonly isProduction: boolean;
|
|
27
|
+
readonly options: OAuthModuleOptions;
|
|
28
|
+
readonly strategyName: string;
|
|
29
|
+
readonly store: IOAuthStore;
|
|
30
|
+
readonly jwtTokenService: JwtTokenService;
|
|
31
|
+
readonly clientService: ClientService;
|
|
32
|
+
readonly oauthStrategyService: OAuthStrategyService;
|
|
33
|
+
parseRequestBody(body: any, req?: RequestWithRawBody): Record<string, any>;
|
|
34
|
+
captureRawBody(req: RequestWithRawBody, res: Response, next: NextFunction): void;
|
|
35
|
+
getProtectedResourceMetadata(): {
|
|
36
|
+
authorization_servers: string[];
|
|
37
|
+
resource: string;
|
|
38
|
+
scopes_supported: string[];
|
|
39
|
+
bearer_methods_supported: string[];
|
|
40
|
+
mcp_versions_supported: string[];
|
|
41
|
+
};
|
|
42
|
+
getAuthorizationServerMetadata(): {
|
|
43
|
+
issuer: string;
|
|
44
|
+
authorization_endpoint: string;
|
|
45
|
+
token_endpoint: string;
|
|
46
|
+
registration_endpoint: string;
|
|
47
|
+
response_types_supported: string[];
|
|
48
|
+
response_modes_supported: string[];
|
|
49
|
+
grant_types_supported: string[];
|
|
50
|
+
token_endpoint_auth_methods_supported: string[];
|
|
51
|
+
scopes_supported: string[];
|
|
52
|
+
revocation_endpoint: string;
|
|
53
|
+
code_challenge_methods_supported: string[];
|
|
54
|
+
};
|
|
55
|
+
registerClient(registrationDto: any): Promise<import("./stores/oauth-store.interface").OAuthClient>;
|
|
56
|
+
authorize(query: any, req: any, res: Response, next: NextFunction): Promise<void>;
|
|
57
|
+
handleProviderCallback(req: OAuthCallbackRequest, res: Response, next: NextFunction): void;
|
|
58
|
+
processAuthenticationSuccess(req: OAuthCallbackRequest, res: Response): Promise<void>;
|
|
59
|
+
exchangeToken(body: any, req: RequestWithRawBody, res: Response): Promise<TokenPair>;
|
|
60
|
+
processTokenExchange(parsedBody: Record<string, any>, req: RequestWithRawBody): Promise<TokenPair>;
|
|
61
|
+
extractClientCredentials(req: RequestWithRawBody, body: any): {
|
|
62
|
+
client_id: string;
|
|
63
|
+
client_secret?: string;
|
|
64
|
+
};
|
|
65
|
+
validateClientAuthentication(client: any, clientCredentials: {
|
|
66
|
+
client_id: string;
|
|
67
|
+
client_secret?: string;
|
|
68
|
+
}): void;
|
|
69
|
+
handleAuthorizationCodeGrant(code: string, code_verifier: string, _redirect_uri: string, clientCredentials: {
|
|
70
|
+
client_id: string;
|
|
71
|
+
client_secret?: string;
|
|
72
|
+
}): Promise<TokenPair>;
|
|
73
|
+
handleRefreshTokenGrant(refresh_token: string, clientCredentials: {
|
|
74
|
+
client_id: string;
|
|
75
|
+
client_secret?: string;
|
|
76
|
+
}): Promise<TokenPair>;
|
|
77
|
+
validatePKCE(code_verifier: string, code_challenge: string, method: string): boolean;
|
|
78
|
+
};
|
|
79
|
+
};
|
|
80
|
+
export {};
|
|
81
|
+
//# sourceMappingURL=mcp-oauth.controller.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-oauth.controller.d.ts","sourceRoot":"","sources":["../../src/authz/mcp-oauth.controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAQL,MAAM,EAMP,MAAM,gBAAgB,CAAC;AAExB,OAAO,KAAK,EACV,OAAO,IAAI,cAAc,EACzB,YAAY,EACZ,QAAQ,EACT,MAAM,SAAS,CAAC;AAGjB,OAAO,KAAK,EACV,0BAA0B,EAC1B,kBAAkB,EAElB,gBAAgB,EACjB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAElE,UAAU,oBAAqB,SAAQ,cAAc;IACnD,IAAI,CAAC,EAAE;QACL,OAAO,EAAE,gBAAgB,CAAC;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAGD,UAAU,kBAAmB,SAAQ,cAAc;IACjD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,wBAAwB,CACtC,SAAS,GAAE,0BAA+B,EAC1C,OAAO,CAAC,EAAE;IACR,yCAAyC,CAAC,EAAE,OAAO,CAAC;IACpD,2CAA2C,CAAC,EAAE,OAAO,CAAC;CACvD,EACD,YAAY,CAAC,EAAE,MAAM;kBAsCR,kBAAkB,SAEX,WAAW,mBACD,eAAe,iBACjB,aAAa,wBACN,oBAAoB;;4BAhBjC,MAAM;+BACH,OAAO;0BACZ,kBAAkB;+BACb,MAAM;wBAUX,WAAW;kCACD,eAAe;gCACjB,aAAa;uCACN,oBAAoB;+BAY9B,GAAG,QAAQ,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;4BA+CtD,kBAAkB,OAAO,QAAQ,QAAQ,YAAY;;;;;;;;;;;;;;;;;;;;;wCAoI3B,GAAG;yBAM/B,GAAG,OAEd,GAAG,OACI,QAAQ,QACN,YAAY;oCA2Ed,oBAAoB,OACpB,QAAQ,QACN,YAAY;0CA2BrB,oBAAoB,OACpB,QAAQ;4BAkFC,GAAG,OACL,kBAAkB,OACG,QAAQ,GACxC,OAAO,CAAC,SAAS,CAAC;yCA6CP,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,OAC1B,kBAAkB,GACtB,OAAO,CAAC,SAAS,CAAC;sCA4Dd,kBAAkB,QACjB,GAAG,GACR;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE;6CA+BtC,GAAG,qBACQ;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE,GAC/D,IAAI;2CAqCC,MAAM,iBACG,MAAM,iBACN,MAAM,qBACF;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE,GAC/D,OAAO,CAAC,SAAS,CAAC;+CA4FJ,MAAM,qBACF;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE,GAC/D,OAAO,CAAC,SAAS,CAAC;oCA6EJ,MAAM,kBACL,MAAM,UACd,MAAM,GACb,OAAO;;EAcb"}
|