@rekog/mcp-nest 1.9.10 → 2.0.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +76 -29
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -1
- package/dist/index.js.map +1 -1
- package/dist/mcp/decorators/constants.d.ts +1 -0
- package/dist/mcp/decorators/constants.d.ts.map +1 -1
- package/dist/mcp/decorators/constants.js +2 -1
- package/dist/mcp/decorators/constants.js.map +1 -1
- package/dist/mcp/decorators/index.d.ts +3 -1
- package/dist/mcp/decorators/index.d.ts.map +1 -1
- package/dist/mcp/decorators/index.js +3 -1
- package/dist/mcp/decorators/index.js.map +1 -1
- package/dist/mcp/decorators/mcp-controller.decorator.d.ts +6 -0
- package/dist/mcp/decorators/mcp-controller.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/mcp-controller.decorator.js +43 -0
- package/dist/mcp/decorators/mcp-controller.decorator.js.map +1 -0
- package/dist/mcp/decorators/mcp-message-pattern.d.ts +3 -0
- package/dist/mcp/decorators/mcp-message-pattern.d.ts.map +1 -0
- package/dist/mcp/decorators/mcp-message-pattern.js +13 -0
- package/dist/mcp/decorators/mcp-message-pattern.js.map +1 -0
- package/dist/mcp/decorators/prompt.decorator.d.ts +1 -1
- package/dist/mcp/decorators/prompt.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/prompt.decorator.js +2 -1
- package/dist/mcp/decorators/prompt.decorator.js.map +1 -1
- package/dist/mcp/decorators/public.decorator.js.map +1 -1
- package/dist/mcp/decorators/raw-request.decorator.d.ts +2 -0
- package/dist/mcp/decorators/raw-request.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/raw-request.decorator.js +6 -0
- package/dist/mcp/decorators/raw-request.decorator.js.map +1 -0
- package/dist/mcp/decorators/resource-template.decorator.d.ts +1 -1
- package/dist/mcp/decorators/resource-template.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/resource-template.decorator.js +2 -1
- package/dist/mcp/decorators/resource-template.decorator.js.map +1 -1
- package/dist/mcp/decorators/resource.decorator.d.ts +1 -1
- package/dist/mcp/decorators/resource.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/resource.decorator.js +2 -1
- package/dist/mcp/decorators/resource.decorator.js.map +1 -1
- package/dist/mcp/decorators/tool.decorator.d.ts +1 -3
- package/dist/mcp/decorators/tool.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/tool.decorator.js +2 -1
- package/dist/mcp/decorators/tool.decorator.js.map +1 -1
- package/dist/mcp/filters/mcp-exception.filter.d.ts +6 -0
- package/dist/mcp/filters/mcp-exception.filter.d.ts.map +1 -0
- package/dist/mcp/filters/mcp-exception.filter.js +26 -0
- package/dist/mcp/filters/mcp-exception.filter.js.map +1 -0
- package/dist/mcp/index.d.ts +11 -7
- package/dist/mcp/index.d.ts.map +1 -1
- package/dist/mcp/index.js +11 -7
- package/dist/mcp/index.js.map +1 -1
- package/dist/mcp/interfaces/authenticated-user.interface.d.ts +9 -0
- package/dist/mcp/interfaces/authenticated-user.interface.d.ts.map +1 -0
- package/dist/{authz/interfaces/request-with-user.js → mcp/interfaces/authenticated-user.interface.js} +1 -1
- package/dist/mcp/interfaces/authenticated-user.interface.js.map +1 -0
- package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-prompt.interface.js.map +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.js.map +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.js.map +1 -1
- package/dist/mcp/interfaces/index.d.ts +2 -2
- package/dist/mcp/interfaces/index.d.ts.map +1 -1
- package/dist/mcp/interfaces/index.js +0 -3
- package/dist/mcp/interfaces/index.js.map +1 -1
- package/dist/mcp/services/tool-authorization.service.d.ts +7 -5
- package/dist/mcp/services/tool-authorization.service.d.ts.map +1 -1
- package/dist/mcp/services/tool-authorization.service.js +9 -6
- package/dist/mcp/services/tool-authorization.service.js.map +1 -1
- package/dist/mcp/transport/mcp-context.d.ts +34 -0
- package/dist/mcp/transport/mcp-context.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-context.js +74 -0
- package/dist/mcp/transport/mcp-context.js.map +1 -0
- package/dist/mcp/transport/mcp-http-handler.d.ts +7 -0
- package/dist/mcp/transport/mcp-http-handler.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-http-handler.js +5 -0
- package/dist/mcp/transport/mcp-http-handler.js.map +1 -0
- package/dist/mcp/transport/mcp-server-options.interface.d.ts +23 -0
- package/dist/mcp/transport/mcp-server-options.interface.d.ts.map +1 -0
- package/dist/{authz/providers/oauth-provider.interface.js → mcp/transport/mcp-server-options.interface.js} +1 -1
- package/dist/mcp/transport/mcp-server-options.interface.js.map +1 -0
- package/dist/mcp/transport/mcp-transport.constants.d.ts +19 -0
- package/dist/mcp/transport/mcp-transport.constants.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-transport.constants.js +21 -0
- package/dist/mcp/transport/mcp-transport.constants.js.map +1 -0
- package/dist/mcp/transport/mcp-transport.interface.d.ts +17 -0
- package/dist/mcp/transport/mcp-transport.interface.d.ts.map +1 -0
- package/dist/{authz/interfaces/oauth-common.interface.js → mcp/transport/mcp-transport.interface.js} +1 -1
- package/dist/mcp/transport/mcp-transport.interface.js.map +1 -0
- package/dist/mcp/transport/mcp.strategy.d.ts +56 -0
- package/dist/mcp/transport/mcp.strategy.d.ts.map +1 -0
- package/dist/mcp/transport/mcp.strategy.js +446 -0
- package/dist/mcp/transport/mcp.strategy.js.map +1 -0
- package/dist/mcp/transport/resource-matcher.d.ts +13 -0
- package/dist/mcp/transport/resource-matcher.d.ts.map +1 -0
- package/dist/mcp/transport/resource-matcher.js +83 -0
- package/dist/mcp/transport/resource-matcher.js.map +1 -0
- package/dist/mcp/transport/streamable-http.controller.d.ts +16 -0
- package/dist/mcp/transport/streamable-http.controller.d.ts.map +1 -0
- package/dist/mcp/transport/streamable-http.controller.js +98 -0
- package/dist/mcp/transport/streamable-http.controller.js.map +1 -0
- package/dist/mcp/transport/transports/index.d.ts +3 -0
- package/dist/mcp/transport/transports/index.d.ts.map +1 -0
- package/dist/{authz → mcp/transport/transports}/index.js +2 -10
- package/dist/mcp/transport/transports/index.js.map +1 -0
- package/dist/mcp/transport/transports/read-body.d.ts +3 -0
- package/dist/mcp/transport/transports/read-body.d.ts.map +1 -0
- package/dist/mcp/transport/transports/read-body.js +32 -0
- package/dist/mcp/transport/transports/read-body.js.map +1 -0
- package/dist/mcp/transport/transports/stdio.transport.d.ts +9 -0
- package/dist/mcp/transport/transports/stdio.transport.d.ts.map +1 -0
- package/dist/mcp/transport/transports/stdio.transport.js +27 -0
- package/dist/mcp/transport/transports/stdio.transport.js.map +1 -0
- package/dist/mcp/transport/transports/streamable-http.transport.d.ts +33 -0
- package/dist/mcp/transport/transports/streamable-http.transport.d.ts.map +1 -0
- package/dist/mcp/transport/transports/streamable-http.transport.js +216 -0
- package/dist/mcp/transport/transports/streamable-http.transport.js.map +1 -0
- package/dist/mcp/utils/mcp-logger.factory.d.ts +6 -2
- package/dist/mcp/utils/mcp-logger.factory.d.ts.map +1 -1
- package/dist/mcp/utils/mcp-logger.factory.js.map +1 -1
- package/package.json +3 -66
- package/src/index.ts +0 -1
- package/src/mcp/decorators/constants.ts +1 -0
- package/src/mcp/decorators/index.ts +3 -1
- package/src/mcp/decorators/mcp-controller.decorator.ts +126 -0
- package/src/mcp/decorators/mcp-message-pattern.ts +38 -0
- package/src/mcp/decorators/prompt.decorator.ts +6 -2
- package/src/mcp/decorators/public.decorator.ts +3 -3
- package/src/mcp/decorators/raw-request.decorator.ts +32 -0
- package/src/mcp/decorators/resource-template.decorator.ts +6 -2
- package/src/mcp/decorators/resource.decorator.ts +6 -2
- package/src/mcp/decorators/tool.decorator.ts +6 -3
- package/src/mcp/filters/mcp-exception.filter.ts +47 -0
- package/src/mcp/index.ts +13 -7
- package/src/mcp/interfaces/authenticated-user.interface.ts +22 -0
- package/src/mcp/interfaces/dynamic-prompt.interface.ts +1 -1
- package/src/mcp/interfaces/dynamic-resource.interface.ts +1 -1
- package/src/mcp/interfaces/dynamic-tool.interface.ts +2 -2
- package/src/mcp/interfaces/index.ts +3 -7
- package/src/mcp/services/tool-authorization.service.ts +52 -72
- package/src/mcp/transport/mcp-context.ts +138 -0
- package/src/mcp/transport/mcp-http-handler.ts +32 -0
- package/src/mcp/transport/mcp-server-options.interface.ts +75 -0
- package/src/mcp/transport/mcp-transport.constants.ts +99 -0
- package/src/mcp/transport/mcp-transport.interface.ts +50 -0
- package/src/mcp/transport/mcp.strategy.ts +752 -0
- package/src/mcp/transport/resource-matcher.ts +107 -0
- package/src/mcp/transport/streamable-http.controller.ts +114 -0
- package/src/mcp/transport/transports/index.ts +2 -0
- package/src/mcp/transport/transports/read-body.ts +39 -0
- package/src/mcp/transport/transports/stdio.transport.ts +35 -0
- package/src/mcp/transport/transports/streamable-http.transport.ts +384 -0
- package/src/mcp/utils/mcp-logger.factory.spec.ts +8 -22
- package/src/mcp/utils/mcp-logger.factory.ts +13 -2
- package/dist/authz/guards/jwt-auth.guard.d.ts +0 -19
- package/dist/authz/guards/jwt-auth.guard.d.ts.map +0 -1
- package/dist/authz/guards/jwt-auth.guard.js +0 -108
- package/dist/authz/guards/jwt-auth.guard.js.map +0 -1
- package/dist/authz/index.d.ts +0 -11
- package/dist/authz/index.d.ts.map +0 -1
- package/dist/authz/index.js.map +0 -1
- package/dist/authz/interfaces/oauth-common.interface.d.ts +0 -21
- package/dist/authz/interfaces/oauth-common.interface.d.ts.map +0 -1
- package/dist/authz/interfaces/oauth-common.interface.js.map +0 -1
- package/dist/authz/interfaces/request-with-user.d.ts +0 -13
- package/dist/authz/interfaces/request-with-user.d.ts.map +0 -1
- package/dist/authz/interfaces/request-with-user.js.map +0 -1
- package/dist/authz/mcp-oauth.controller.d.ts +0 -81
- package/dist/authz/mcp-oauth.controller.d.ts.map +0 -1
- package/dist/authz/mcp-oauth.controller.js +0 -540
- package/dist/authz/mcp-oauth.controller.js.map +0 -1
- package/dist/authz/mcp-oauth.module.d.ts +0 -12
- package/dist/authz/mcp-oauth.module.d.ts.map +0 -1
- package/dist/authz/mcp-oauth.module.js +0 -271
- package/dist/authz/mcp-oauth.module.js.map +0 -1
- package/dist/authz/providers/azure-ad.provider.d.ts +0 -3
- package/dist/authz/providers/azure-ad.provider.d.ts.map +0 -1
- package/dist/authz/providers/azure-ad.provider.js +0 -37
- package/dist/authz/providers/azure-ad.provider.js.map +0 -1
- package/dist/authz/providers/github.provider.d.ts +0 -3
- package/dist/authz/providers/github.provider.d.ts.map +0 -1
- package/dist/authz/providers/github.provider.js +0 -24
- package/dist/authz/providers/github.provider.js.map +0 -1
- package/dist/authz/providers/google.provider.d.ts +0 -3
- package/dist/authz/providers/google.provider.d.ts.map +0 -1
- package/dist/authz/providers/google.provider.js +0 -25
- package/dist/authz/providers/google.provider.js.map +0 -1
- package/dist/authz/providers/oauth-provider.interface.d.ts +0 -107
- package/dist/authz/providers/oauth-provider.interface.d.ts.map +0 -1
- package/dist/authz/providers/oauth-provider.interface.js.map +0 -1
- package/dist/authz/services/client.service.d.ts +0 -12
- package/dist/authz/services/client.service.d.ts.map +0 -1
- package/dist/authz/services/client.service.js +0 -81
- package/dist/authz/services/client.service.js.map +0 -1
- package/dist/authz/services/jwt-token.service.d.ts +0 -37
- package/dist/authz/services/jwt-token.service.d.ts.map +0 -1
- package/dist/authz/services/jwt-token.service.js +0 -182
- package/dist/authz/services/jwt-token.service.js.map +0 -1
- package/dist/authz/services/oauth-strategy.service.d.ts +0 -13
- package/dist/authz/services/oauth-strategy.service.d.ts.map +0 -1
- package/dist/authz/services/oauth-strategy.service.js +0 -71
- package/dist/authz/services/oauth-strategy.service.js.map +0 -1
- package/dist/authz/stores/memory-store.service.d.ts +0 -27
- package/dist/authz/stores/memory-store.service.d.ts.map +0 -1
- package/dist/authz/stores/memory-store.service.js +0 -107
- package/dist/authz/stores/memory-store.service.js.map +0 -1
- package/dist/authz/stores/oauth-store.interface.d.ts +0 -61
- package/dist/authz/stores/oauth-store.interface.d.ts.map +0 -1
- package/dist/authz/stores/oauth-store.interface.js +0 -5
- package/dist/authz/stores/oauth-store.interface.js.map +0 -1
- package/dist/authz/stores/typeorm/constants.d.ts +0 -3
- package/dist/authz/stores/typeorm/constants.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/constants.js +0 -6
- package/dist/authz/stores/typeorm/constants.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts +0 -15
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js +0 -69
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/index.d.ts +0 -5
- package/dist/authz/stores/typeorm/entities/index.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/index.js +0 -12
- package/dist/authz/stores/typeorm/entities/index.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts +0 -17
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js +0 -77
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts +0 -14
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js +0 -65
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts +0 -13
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js +0 -62
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts +0 -28
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/typeorm-store.service.js +0 -138
- package/dist/authz/stores/typeorm/typeorm-store.service.js.map +0 -1
- package/dist/mcp/constants/feature-registration.constants.d.ts +0 -7
- package/dist/mcp/constants/feature-registration.constants.d.ts.map +0 -1
- package/dist/mcp/constants/feature-registration.constants.js +0 -5
- package/dist/mcp/constants/feature-registration.constants.js.map +0 -1
- package/dist/mcp/decorators/tool-guards.decorator.d.ts +0 -12
- package/dist/mcp/decorators/tool-guards.decorator.d.ts.map +0 -1
- package/dist/mcp/decorators/tool-guards.decorator.js +0 -13
- package/dist/mcp/decorators/tool-guards.decorator.js.map +0 -1
- package/dist/mcp/interfaces/mcp-options.interface.d.ts +0 -53
- package/dist/mcp/interfaces/mcp-options.interface.d.ts.map +0 -1
- package/dist/mcp/interfaces/mcp-options.interface.js +0 -10
- package/dist/mcp/interfaces/mcp-options.interface.js.map +0 -1
- package/dist/mcp/mcp.module.d.ts +0 -15
- package/dist/mcp/mcp.module.d.ts.map +0 -1
- package/dist/mcp/mcp.module.js +0 -248
- package/dist/mcp/mcp.module.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts +0 -117
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-handler.base.js +0 -125
- package/dist/mcp/services/handlers/mcp-handler.base.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts +0 -12
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.js +0 -98
- package/dist/mcp/services/handlers/mcp-prompts.handler.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts +0 -13
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.js +0 -117
- package/dist/mcp/services/handlers/mcp-resources.handler.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts +0 -22
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.js +0 -258
- package/dist/mcp/services/handlers/mcp-tools.handler.js.map +0 -1
- package/dist/mcp/services/mcp-dynamic-registry.service.d.ts +0 -26
- package/dist/mcp/services/mcp-dynamic-registry.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-dynamic-registry.service.js +0 -133
- package/dist/mcp/services/mcp-dynamic-registry.service.js.map +0 -1
- package/dist/mcp/services/mcp-executor.service.d.ts +0 -15
- package/dist/mcp/services/mcp-executor.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-executor.service.js +0 -47
- package/dist/mcp/services/mcp-executor.service.js.map +0 -1
- package/dist/mcp/services/mcp-registry-discovery.service.d.ts +0 -63
- package/dist/mcp/services/mcp-registry-discovery.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-registry-discovery.service.js +0 -397
- package/dist/mcp/services/mcp-registry-discovery.service.js.map +0 -1
- package/dist/mcp/services/mcp-sse.service.d.ts +0 -20
- package/dist/mcp/services/mcp-sse.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-sse.service.js +0 -91
- package/dist/mcp/services/mcp-sse.service.js.map +0 -1
- package/dist/mcp/services/mcp-streamable-http.service.d.ts +0 -32
- package/dist/mcp/services/mcp-streamable-http.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-streamable-http.service.js +0 -327
- package/dist/mcp/services/mcp-streamable-http.service.js.map +0 -1
- package/dist/mcp/services/sse-ping.service.d.ts +0 -23
- package/dist/mcp/services/sse-ping.service.d.ts.map +0 -1
- package/dist/mcp/services/sse-ping.service.js +0 -99
- package/dist/mcp/services/sse-ping.service.js.map +0 -1
- package/dist/mcp/transport/sse.controller.factory.d.ts +0 -14
- package/dist/mcp/transport/sse.controller.factory.d.ts.map +0 -1
- package/dist/mcp/transport/sse.controller.factory.js +0 -67
- package/dist/mcp/transport/sse.controller.factory.js.map +0 -1
- package/dist/mcp/transport/stdio.service.d.ts +0 -14
- package/dist/mcp/transport/stdio.service.d.ts.map +0 -1
- package/dist/mcp/transport/stdio.service.js +0 -66
- package/dist/mcp/transport/stdio.service.js.map +0 -1
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts +0 -14
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts.map +0 -1
- package/dist/mcp/transport/streamable-http.controller.factory.js +0 -74
- package/dist/mcp/transport/streamable-http.controller.factory.js.map +0 -1
- package/dist/mcp/utils/capabilities-builder.d.ts +0 -5
- package/dist/mcp/utils/capabilities-builder.d.ts.map +0 -1
- package/dist/mcp/utils/capabilities-builder.js +0 -25
- package/dist/mcp/utils/capabilities-builder.js.map +0 -1
- package/dist/mcp/utils/mcp-server.factory.d.ts +0 -6
- package/dist/mcp/utils/mcp-server.factory.d.ts.map +0 -1
- package/dist/mcp/utils/mcp-server.factory.js +0 -22
- package/dist/mcp/utils/mcp-server.factory.js.map +0 -1
- package/src/authz/guards/jwt-auth.guard.ts +0 -127
- package/src/authz/index.ts +0 -10
- package/src/authz/interfaces/oauth-common.interface.ts +0 -21
- package/src/authz/interfaces/request-with-user.ts +0 -16
- package/src/authz/mcp-oauth.controller.ts +0 -860
- package/src/authz/mcp-oauth.module.ts +0 -384
- package/src/authz/providers/azure-ad.provider.ts +0 -40
- package/src/authz/providers/github.provider.ts +0 -22
- package/src/authz/providers/google.provider.ts +0 -23
- package/src/authz/providers/oauth-provider.interface.ts +0 -147
- package/src/authz/services/client.service.ts +0 -125
- package/src/authz/services/jwt-token.service.spec.ts +0 -67
- package/src/authz/services/jwt-token.service.ts +0 -188
- package/src/authz/services/oauth-strategy.service.ts +0 -64
- package/src/authz/stores/memory-store.service.spec.ts +0 -475
- package/src/authz/stores/memory-store.service.ts +0 -141
- package/src/authz/stores/oauth-store.interface.ts +0 -131
- package/src/authz/stores/typeorm/README.md +0 -140
- package/src/authz/stores/typeorm/constants.ts +0 -6
- package/src/authz/stores/typeorm/entities/authorization-code.entity.ts +0 -41
- package/src/authz/stores/typeorm/entities/index.ts +0 -4
- package/src/authz/stores/typeorm/entities/oauth-client.entity.ts +0 -53
- package/src/authz/stores/typeorm/entities/oauth-session.entity.ts +0 -38
- package/src/authz/stores/typeorm/entities/user-profile.entity.ts +0 -46
- package/src/authz/stores/typeorm/typeorm-store.service.spec.ts +0 -494
- package/src/authz/stores/typeorm/typeorm-store.service.ts +0 -165
- package/src/mcp/constants/feature-registration.constants.ts +0 -24
- package/src/mcp/decorators/tool-guards.decorator.ts +0 -82
- package/src/mcp/interfaces/mcp-options.interface.ts +0 -95
- package/src/mcp/mcp.module.ts +0 -349
- package/src/mcp/services/handlers/mcp-handler.base.ts +0 -203
- package/src/mcp/services/handlers/mcp-prompts.handler.ts +0 -143
- package/src/mcp/services/handlers/mcp-resources.handler.ts +0 -183
- package/src/mcp/services/handlers/mcp-tools.handler.spec.ts +0 -41
- package/src/mcp/services/handlers/mcp-tools.handler.ts +0 -436
- package/src/mcp/services/mcp-dynamic-registry.service.ts +0 -236
- package/src/mcp/services/mcp-executor.service.ts +0 -64
- package/src/mcp/services/mcp-registry-discovery.service.spec.ts +0 -306
- package/src/mcp/services/mcp-registry-discovery.service.ts +0 -849
- package/src/mcp/services/mcp-sse.service.ts +0 -124
- package/src/mcp/services/mcp-streamable-http.service.ts +0 -472
- package/src/mcp/services/sse-ping.service.ts +0 -144
- package/src/mcp/transport/custom-decorator.spec.ts +0 -75
- package/src/mcp/transport/sse.controller.factory.ts +0 -84
- package/src/mcp/transport/stdio.service.ts +0 -75
- package/src/mcp/transport/streamable-http.controller.factory.ts +0 -80
- package/src/mcp/utils/capabilities-builder.ts +0 -43
- package/src/mcp/utils/mcp-server.factory.ts +0 -33
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Logger } from '@nestjs/common';
|
|
2
2
|
import { createMcpLogger } from './mcp-logger.factory';
|
|
3
|
-
import type {
|
|
3
|
+
import type { McpLoggingOptions } from './mcp-logger.factory';
|
|
4
4
|
|
|
5
5
|
describe('McpLoggerFactory', () => {
|
|
6
6
|
describe('createMcpLogger', () => {
|
|
@@ -10,9 +10,7 @@ describe('McpLoggerFactory', () => {
|
|
|
10
10
|
});
|
|
11
11
|
|
|
12
12
|
it('should create standard logger when logging is undefined', () => {
|
|
13
|
-
const options:
|
|
14
|
-
name: 'test',
|
|
15
|
-
version: '1.0.0',
|
|
13
|
+
const options: McpLoggingOptions = {
|
|
16
14
|
// logging is undefined
|
|
17
15
|
};
|
|
18
16
|
const logger = createMcpLogger('TestContext', options);
|
|
@@ -20,9 +18,7 @@ describe('McpLoggerFactory', () => {
|
|
|
20
18
|
});
|
|
21
19
|
|
|
22
20
|
it('should create no-op logger when logging is false', () => {
|
|
23
|
-
const options:
|
|
24
|
-
name: 'test',
|
|
25
|
-
version: '1.0.0',
|
|
21
|
+
const options: McpLoggingOptions = {
|
|
26
22
|
logging: false,
|
|
27
23
|
};
|
|
28
24
|
const logger = createMcpLogger('TestContext', options);
|
|
@@ -39,9 +35,7 @@ describe('McpLoggerFactory', () => {
|
|
|
39
35
|
});
|
|
40
36
|
|
|
41
37
|
it('should create filtered logger with specified levels', () => {
|
|
42
|
-
const options:
|
|
43
|
-
name: 'test',
|
|
44
|
-
version: '1.0.0',
|
|
38
|
+
const options: McpLoggingOptions = {
|
|
45
39
|
logging: {
|
|
46
40
|
level: ['error', 'warn'],
|
|
47
41
|
},
|
|
@@ -60,9 +54,7 @@ describe('McpLoggerFactory', () => {
|
|
|
60
54
|
});
|
|
61
55
|
|
|
62
56
|
it('should create logger with all log levels when specified', () => {
|
|
63
|
-
const options:
|
|
64
|
-
name: 'test',
|
|
65
|
-
version: '1.0.0',
|
|
57
|
+
const options: McpLoggingOptions = {
|
|
66
58
|
logging: {
|
|
67
59
|
level: ['log', 'error', 'warn', 'debug', 'verbose'],
|
|
68
60
|
},
|
|
@@ -72,9 +64,7 @@ describe('McpLoggerFactory', () => {
|
|
|
72
64
|
});
|
|
73
65
|
|
|
74
66
|
it('should handle empty level array gracefully', () => {
|
|
75
|
-
const options:
|
|
76
|
-
name: 'test',
|
|
77
|
-
version: '1.0.0',
|
|
67
|
+
const options: McpLoggingOptions = {
|
|
78
68
|
logging: {
|
|
79
69
|
level: [],
|
|
80
70
|
},
|
|
@@ -95,9 +85,7 @@ describe('McpLoggerFactory', () => {
|
|
|
95
85
|
|
|
96
86
|
describe('FilteredLogger behavior', () => {
|
|
97
87
|
it('should only call parent logger methods for enabled levels', () => {
|
|
98
|
-
const options:
|
|
99
|
-
name: 'test',
|
|
100
|
-
version: '1.0.0',
|
|
88
|
+
const options: McpLoggingOptions = {
|
|
101
89
|
logging: {
|
|
102
90
|
level: ['error', 'warn'],
|
|
103
91
|
},
|
|
@@ -141,9 +129,7 @@ describe('McpLoggerFactory', () => {
|
|
|
141
129
|
|
|
142
130
|
describe('NoOpLogger behavior', () => {
|
|
143
131
|
it('should not call parent logger methods when logging is disabled', () => {
|
|
144
|
-
const options:
|
|
145
|
-
name: 'test',
|
|
146
|
-
version: '1.0.0',
|
|
132
|
+
const options: McpLoggingOptions = {
|
|
147
133
|
logging: false,
|
|
148
134
|
};
|
|
149
135
|
|
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
import { Logger, LogLevel } from '@nestjs/common';
|
|
2
|
-
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* The subset of server options the logger factory cares about. Matches the
|
|
5
|
+
* `logging` field on {@link McpServerOptions}.
|
|
6
|
+
*/
|
|
7
|
+
export interface McpLoggingOptions {
|
|
8
|
+
logging?:
|
|
9
|
+
| false
|
|
10
|
+
| {
|
|
11
|
+
level: ('log' | 'error' | 'warn' | 'debug' | 'verbose')[];
|
|
12
|
+
};
|
|
13
|
+
}
|
|
3
14
|
|
|
4
15
|
/**
|
|
5
16
|
* Logger that filters log messages based on configured log levels
|
|
@@ -85,7 +96,7 @@ class NoOpLogger extends Logger {
|
|
|
85
96
|
*/
|
|
86
97
|
export function createMcpLogger(
|
|
87
98
|
context: string,
|
|
88
|
-
options:
|
|
99
|
+
options: McpLoggingOptions | undefined,
|
|
89
100
|
): Logger {
|
|
90
101
|
// If no options provided or logging not configured, use standard logger
|
|
91
102
|
if (!options || options.logging === undefined) {
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
-
import { ModuleRef } from '@nestjs/core';
|
|
3
|
-
import { Request } from 'express';
|
|
4
|
-
import { JwtPayload, JwtTokenService } from '../services/jwt-token.service';
|
|
5
|
-
import type { IOAuthStore } from '../stores/oauth-store.interface';
|
|
6
|
-
import type { McpOptions } from '../../mcp';
|
|
7
|
-
export interface AuthenticatedRequest extends Request {
|
|
8
|
-
user: JwtPayload;
|
|
9
|
-
}
|
|
10
|
-
export declare class McpAuthJwtGuard implements CanActivate {
|
|
11
|
-
private readonly jwtTokenService;
|
|
12
|
-
private readonly store;
|
|
13
|
-
private readonly moduleRef;
|
|
14
|
-
private readonly options?;
|
|
15
|
-
constructor(jwtTokenService: JwtTokenService | null, store: IOAuthStore | null, moduleRef: ModuleRef, options?: McpOptions | undefined);
|
|
16
|
-
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
17
|
-
private extractTokenFromHeader;
|
|
18
|
-
}
|
|
19
|
-
//# sourceMappingURL=jwt-auth.guard.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-auth.guard.d.ts","sourceRoot":"","sources":["../../../src/authz/guards/jwt-auth.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAIjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAE5C,MAAM,WAAW,oBAAqB,SAAQ,OAAO;IACnD,IAAI,EAAE,UAAU,CAAC;CAClB;AAED,qBACa,eAAgB,YAAW,WAAW;IAEnC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAG5C,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAG1B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAPI,eAAe,EAAE,eAAe,GAAG,IAAI,EAGnD,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,SAAS,EAAE,SAAS,EAGpB,OAAO,CAAC,EAAE,UAAU,YAAA;IAGjC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;IAsF9D,OAAO,CAAC,sBAAsB;CAS/B"}
|
|
@@ -1,108 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
-
};
|
|
8
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
-
};
|
|
11
|
-
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
-
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
-
};
|
|
14
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
-
exports.McpAuthJwtGuard = void 0;
|
|
16
|
-
const common_1 = require("@nestjs/common");
|
|
17
|
-
const core_1 = require("@nestjs/core");
|
|
18
|
-
const jwt_token_service_1 = require("../services/jwt-token.service");
|
|
19
|
-
let McpAuthJwtGuard = class McpAuthJwtGuard {
|
|
20
|
-
constructor(jwtTokenService, store, moduleRef, options) {
|
|
21
|
-
this.jwtTokenService = jwtTokenService;
|
|
22
|
-
this.store = store;
|
|
23
|
-
this.moduleRef = moduleRef;
|
|
24
|
-
this.options = options;
|
|
25
|
-
}
|
|
26
|
-
async canActivate(context) {
|
|
27
|
-
const request = context.switchToHttp().getRequest();
|
|
28
|
-
const token = this.extractTokenFromHeader(request);
|
|
29
|
-
const allowUnauthenticated = this.options?.allowUnauthenticatedAccess ?? false;
|
|
30
|
-
if (!token) {
|
|
31
|
-
if (allowUnauthenticated) {
|
|
32
|
-
return true;
|
|
33
|
-
}
|
|
34
|
-
else {
|
|
35
|
-
throw new common_1.UnauthorizedException('Access token required');
|
|
36
|
-
}
|
|
37
|
-
}
|
|
38
|
-
const jwtTokenService = this.jwtTokenService ||
|
|
39
|
-
this.moduleRef.get(jwt_token_service_1.JwtTokenService, { strict: false });
|
|
40
|
-
const store = this.store ||
|
|
41
|
-
this.moduleRef.get('IOAuthStore', { strict: false });
|
|
42
|
-
if (!jwtTokenService || !store) {
|
|
43
|
-
throw new common_1.UnauthorizedException('Authentication service not available');
|
|
44
|
-
}
|
|
45
|
-
const payload = jwtTokenService.validateToken(token);
|
|
46
|
-
if (!payload) {
|
|
47
|
-
throw new common_1.UnauthorizedException('Invalid or expired access token');
|
|
48
|
-
}
|
|
49
|
-
const enriched = { ...payload };
|
|
50
|
-
try {
|
|
51
|
-
if (!enriched.user_data && enriched.user_profile_id) {
|
|
52
|
-
const profile = await store.getUserProfileById(enriched.user_profile_id);
|
|
53
|
-
if (profile) {
|
|
54
|
-
enriched.user_data = profile;
|
|
55
|
-
}
|
|
56
|
-
}
|
|
57
|
-
const ud = enriched.user_data || {};
|
|
58
|
-
enriched.username =
|
|
59
|
-
enriched.username || ud.username || ud.id || enriched.sub;
|
|
60
|
-
enriched.email = enriched.email || ud.email;
|
|
61
|
-
enriched.displayName = enriched.displayName || ud.displayName;
|
|
62
|
-
enriched.avatarUrl = enriched.avatarUrl || ud.avatarUrl;
|
|
63
|
-
enriched.name =
|
|
64
|
-
enriched.name ||
|
|
65
|
-
ud.displayName ||
|
|
66
|
-
ud.username ||
|
|
67
|
-
ud.email ||
|
|
68
|
-
enriched.sub;
|
|
69
|
-
if (enriched.scope && typeof enriched.scope === 'string') {
|
|
70
|
-
enriched.scopes = enriched.scope
|
|
71
|
-
.split(' ')
|
|
72
|
-
.filter((s) => s.length > 0);
|
|
73
|
-
}
|
|
74
|
-
else if (!enriched.scopes) {
|
|
75
|
-
enriched.scopes = [];
|
|
76
|
-
}
|
|
77
|
-
if (!enriched.roles && ud.roles && Array.isArray(ud.roles)) {
|
|
78
|
-
enriched.roles = ud.roles;
|
|
79
|
-
}
|
|
80
|
-
else if (!enriched.roles) {
|
|
81
|
-
enriched.roles = [];
|
|
82
|
-
}
|
|
83
|
-
}
|
|
84
|
-
catch {
|
|
85
|
-
}
|
|
86
|
-
request.user = enriched;
|
|
87
|
-
return true;
|
|
88
|
-
}
|
|
89
|
-
extractTokenFromHeader(request) {
|
|
90
|
-
const authHeader = request.headers.authorization;
|
|
91
|
-
if (!authHeader) {
|
|
92
|
-
return undefined;
|
|
93
|
-
}
|
|
94
|
-
const [type, token] = authHeader.split(' ');
|
|
95
|
-
return type === 'Bearer' ? token : undefined;
|
|
96
|
-
}
|
|
97
|
-
};
|
|
98
|
-
exports.McpAuthJwtGuard = McpAuthJwtGuard;
|
|
99
|
-
exports.McpAuthJwtGuard = McpAuthJwtGuard = __decorate([
|
|
100
|
-
(0, common_1.Injectable)(),
|
|
101
|
-
__param(0, (0, common_1.Optional)()),
|
|
102
|
-
__param(1, (0, common_1.Optional)()),
|
|
103
|
-
__param(1, (0, common_1.Inject)('IOAuthStore')),
|
|
104
|
-
__param(3, (0, common_1.Optional)()),
|
|
105
|
-
__param(3, (0, common_1.Inject)('MCP_OPTIONS')),
|
|
106
|
-
__metadata("design:paramtypes", [Object, Object, core_1.ModuleRef, Object])
|
|
107
|
-
], McpAuthJwtGuard);
|
|
108
|
-
//# sourceMappingURL=jwt-auth.guard.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-auth.guard.js","sourceRoot":"","sources":["../../../src/authz/guards/jwt-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAOwB;AACxB,uCAAyC;AAEzC,qEAA4E;AASrE,IAAM,eAAe,GAArB,MAAM,eAAe;IAC1B,YAC+B,eAAuC,EAGnD,KAAyB,EACzB,SAAoB,EAGpB,OAAoB;QAPR,oBAAe,GAAf,eAAe,CAAwB;QAGnD,UAAK,GAAL,KAAK,CAAoB;QACzB,cAAS,GAAT,SAAS,CAAW;QAGpB,YAAO,GAAP,OAAO,CAAa;IACpC,CAAC;IAEJ,KAAK,CAAC,WAAW,CAAC,OAAyB;QACzC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAwB,CAAC;QAC1E,MAAM,KAAK,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAGnD,MAAM,oBAAoB,GACxB,IAAI,CAAC,OAAO,EAAE,0BAA0B,IAAI,KAAK,CAAC;QAEpD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,oBAAoB,EAAE,CAAC;gBAGzB,OAAO,IAAI,CAAC;YACd,CAAC;iBAAM,CAAC;gBAEN,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAGD,MAAM,eAAe,GACnB,IAAI,CAAC,eAAe;YACpB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,mCAAe,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,MAAM,KAAK,GACT,IAAI,CAAC,KAAK;YACV,IAAI,CAAC,SAAS,CAAC,GAAG,CAAc,aAAa,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,eAAe,IAAI,CAAC,KAAK,EAAE,CAAC;YAC/B,MAAM,IAAI,8BAAqB,CAAC,sCAAsC,CAAC,CAAC;QAC1E,CAAC;QAGD,MAAM,OAAO,GAAG,eAAe,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAErD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,8BAAqB,CAAC,iCAAiC,CAAC,CAAC;QACrE,CAAC;QAGD,MAAM,QAAQ,GAAQ,EAAE,GAAG,OAAO,EAAE,CAAC;QACrC,IAAI,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;gBACpD,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAC5C,QAAQ,CAAC,eAAe,CACzB,CAAC;gBACF,IAAI,OAAO,EAAE,CAAC;oBACZ,QAAQ,CAAC,SAAS,GAAG,OAAO,CAAC;gBAC/B,CAAC;YACH,CAAC;YACD,MAAM,EAAE,GAAG,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;YAEpC,QAAQ,CAAC,QAAQ;gBACf,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,IAAI,QAAQ,CAAC,GAAG,CAAC;YAC5D,QAAQ,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,KAAK,CAAC;YAC5C,QAAQ,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,IAAI,EAAE,CAAC,WAAW,CAAC;YAC9D,QAAQ,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC,SAAS,CAAC;YACxD,QAAQ,CAAC,IAAI;gBACX,QAAQ,CAAC,IAAI;oBACb,EAAE,CAAC,WAAW;oBACd,EAAE,CAAC,QAAQ;oBACX,EAAE,CAAC,KAAK;oBACR,QAAQ,CAAC,GAAG,CAAC;YAGf,IAAI,QAAQ,CAAC,KAAK,IAAI,OAAO,QAAQ,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACzD,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,KAAK;qBAC7B,KAAK,CAAC,GAAG,CAAC;qBACV,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACzC,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC5B,QAAQ,CAAC,MAAM,GAAG,EAAE,CAAC;YACvB,CAAC;YAGD,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3D,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC;YAC5B,CAAC;iBAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAC3B,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAC;YACtB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,OAAO,CAAC,IAAI,GAAG,QAAsB,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,sBAAsB,CAAC,OAAgB;QAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/C,CAAC;CACF,CAAA;AA3GY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,aAAa,CAAC,CAAA;IAGrB,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,eAAM,EAAC,aAAa,CAAC,CAAA;qDAFM,gBAAS;GAN5B,eAAe,CA2G3B","sourcesContent":["import {\n Injectable,\n CanActivate,\n ExecutionContext,\n UnauthorizedException,\n Inject,\n Optional,\n} from '@nestjs/common';\nimport { ModuleRef } from '@nestjs/core';\nimport { Request } from 'express';\nimport { JwtPayload, JwtTokenService } from '../services/jwt-token.service';\nimport type { IOAuthStore } from '../stores/oauth-store.interface';\nimport type { McpOptions } from '../../mcp';\n\nexport interface AuthenticatedRequest extends Request {\n user: JwtPayload;\n}\n\n@Injectable()\nexport class McpAuthJwtGuard implements CanActivate {\n constructor(\n @Optional() private readonly jwtTokenService: JwtTokenService | null,\n @Optional()\n @Inject('IOAuthStore')\n private readonly store: IOAuthStore | null,\n private readonly moduleRef: ModuleRef,\n @Optional()\n @Inject('MCP_OPTIONS')\n private readonly options?: McpOptions,\n ) {}\n\n async canActivate(context: ExecutionContext): Promise<boolean> {\n const request = context.switchToHttp().getRequest<AuthenticatedRequest>();\n const token = this.extractTokenFromHeader(request);\n\n // Check if unauthenticated access is allowed\n const allowUnauthenticated =\n this.options?.allowUnauthenticatedAccess ?? false;\n\n if (!token) {\n if (allowUnauthenticated) {\n // Allow unauthenticated sessions\n // Per-tool authorization will decide what's accessible (@PublicTool() tools only)\n return true;\n } else {\n // Standard OAuth flow: Reject and trigger authorization\n throw new UnauthorizedException('Access token required');\n }\n }\n\n // Resolve services dynamically if not injected directly\n const jwtTokenService =\n this.jwtTokenService ||\n this.moduleRef.get(JwtTokenService, { strict: false });\n const store =\n this.store ||\n this.moduleRef.get<IOAuthStore>('IOAuthStore', { strict: false });\n\n if (!jwtTokenService || !store) {\n throw new UnauthorizedException('Authentication service not available');\n }\n\n // If a token is provided, it must be valid\n const payload = jwtTokenService.validateToken(token);\n\n if (!payload) {\n throw new UnauthorizedException('Invalid or expired access token');\n }\n\n // Enrich request.user with friendly fields for tools\n const enriched: any = { ...payload };\n try {\n if (!enriched.user_data && enriched.user_profile_id) {\n const profile = await store.getUserProfileById(\n enriched.user_profile_id,\n );\n if (profile) {\n enriched.user_data = profile;\n }\n }\n const ud = enriched.user_data || {};\n // Provide convenient top-level fields commonly used by tools\n enriched.username =\n enriched.username || ud.username || ud.id || enriched.sub;\n enriched.email = enriched.email || ud.email;\n enriched.displayName = enriched.displayName || ud.displayName;\n enriched.avatarUrl = enriched.avatarUrl || ud.avatarUrl;\n enriched.name =\n enriched.name ||\n ud.displayName ||\n ud.username ||\n ud.email ||\n enriched.sub;\n\n // Parse scopes: OAuth 2.0 standard is space-delimited string in 'scope' field\n if (enriched.scope && typeof enriched.scope === 'string') {\n enriched.scopes = enriched.scope\n .split(' ')\n .filter((s: string) => s.length > 0);\n } else if (!enriched.scopes) {\n enriched.scopes = [];\n }\n\n // Extract roles from user_data if present\n if (!enriched.roles && ud.roles && Array.isArray(ud.roles)) {\n enriched.roles = ud.roles;\n } else if (!enriched.roles) {\n enriched.roles = [];\n }\n } catch {\n // Non-fatal; proceed with raw payload\n }\n\n request.user = enriched as JwtPayload;\n return true;\n }\n\n private extractTokenFromHeader(request: Request): string | undefined {\n const authHeader = request.headers.authorization;\n if (!authHeader) {\n return undefined;\n }\n\n const [type, token] = authHeader.split(' ');\n return type === 'Bearer' ? token : undefined;\n }\n}\n"]}
|
package/dist/authz/index.d.ts
DELETED
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
export * from './mcp-oauth.controller';
|
|
2
|
-
export * from './mcp-oauth.module';
|
|
3
|
-
export * from './providers/oauth-provider.interface';
|
|
4
|
-
export * from './providers/google.provider';
|
|
5
|
-
export * from './providers/github.provider';
|
|
6
|
-
export * from './providers/azure-ad.provider';
|
|
7
|
-
export * from './stores/oauth-store.interface';
|
|
8
|
-
export * from './stores/memory-store.service';
|
|
9
|
-
export * from './interfaces/request-with-user';
|
|
10
|
-
export * from './guards/jwt-auth.guard';
|
|
11
|
-
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/authz/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,sCAAsC,CAAC;AACrD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC"}
|
package/dist/authz/index.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/authz/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yDAAuC;AACvC,qDAAmC;AACnC,uEAAqD;AACrD,8DAA4C;AAC5C,8DAA4C;AAC5C,gEAA8C;AAC9C,iEAA+C;AAC/C,gEAA8C;AAC9C,iEAA+C;AAC/C,0DAAwC","sourcesContent":["export * from './mcp-oauth.controller';\nexport * from './mcp-oauth.module';\nexport * from './providers/oauth-provider.interface';\nexport * from './providers/google.provider';\nexport * from './providers/github.provider';\nexport * from './providers/azure-ad.provider';\nexport * from './stores/oauth-store.interface';\nexport * from './stores/memory-store.service';\nexport * from './interfaces/request-with-user';\nexport * from './guards/jwt-auth.guard';\n"]}
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
export interface OAuthUserProfile {
|
|
2
|
-
id: string;
|
|
3
|
-
username: string;
|
|
4
|
-
email?: string;
|
|
5
|
-
displayName?: string;
|
|
6
|
-
avatarUrl?: string;
|
|
7
|
-
raw?: any;
|
|
8
|
-
}
|
|
9
|
-
export interface OAuthSession {
|
|
10
|
-
sessionId: string;
|
|
11
|
-
state: string;
|
|
12
|
-
clientId?: string;
|
|
13
|
-
redirectUri?: string;
|
|
14
|
-
codeChallenge?: string;
|
|
15
|
-
codeChallengeMethod?: string;
|
|
16
|
-
oauthState?: string;
|
|
17
|
-
scope?: string;
|
|
18
|
-
resource?: string;
|
|
19
|
-
expiresAt: number;
|
|
20
|
-
}
|
|
21
|
-
//# sourceMappingURL=oauth-common.interface.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-common.interface.d.ts","sourceRoot":"","sources":["../../../src/authz/interfaces/oauth-common.interface.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,GAAG,CAAC;CACX;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-common.interface.js","sourceRoot":"","sources":["../../../src/authz/interfaces/oauth-common.interface.ts"],"names":[],"mappings":"","sourcesContent":["export interface OAuthUserProfile {\n id: string;\n username: string;\n email?: string;\n displayName?: string;\n avatarUrl?: string;\n raw?: any; // Original profile data\n}\n\nexport interface OAuthSession {\n sessionId: string;\n state: string;\n clientId?: string;\n redirectUri?: string;\n codeChallenge?: string;\n codeChallengeMethod?: string;\n oauthState?: string;\n scope?: string;\n resource?: string;\n expiresAt: number;\n}\n"]}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import type { Request } from 'express';
|
|
2
|
-
import type { JwtPayload } from '../services/jwt-token.service';
|
|
3
|
-
export type McpUserPayload = JwtPayload & {
|
|
4
|
-
name?: string;
|
|
5
|
-
username?: string;
|
|
6
|
-
email?: string;
|
|
7
|
-
displayName?: string;
|
|
8
|
-
avatarUrl?: string;
|
|
9
|
-
};
|
|
10
|
-
export type McpRequestWithUser = Request & {
|
|
11
|
-
user: McpUserPayload;
|
|
12
|
-
};
|
|
13
|
-
//# sourceMappingURL=request-with-user.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"request-with-user.d.ts","sourceRoot":"","sources":["../../../src/authz/interfaces/request-with-user.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAGhE,MAAM,MAAM,cAAc,GAAG,UAAU,GAAG;IACxC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG;IACzC,IAAI,EAAE,cAAc,CAAC;CACtB,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"request-with-user.js","sourceRoot":"","sources":["../../../src/authz/interfaces/request-with-user.ts"],"names":[],"mappings":"","sourcesContent":["import type { Request } from 'express';\nimport type { JwtPayload } from '../services/jwt-token.service';\n\n// Enriched user payload placed on request.user by McpAuthJwtGuard\nexport type McpUserPayload = JwtPayload & {\n name?: string;\n username?: string;\n email?: string;\n displayName?: string;\n avatarUrl?: string;\n};\n\n// Express Request with enriched user information\nexport type McpRequestWithUser = Request & {\n user: McpUserPayload;\n};\n"]}
|
|
@@ -1,81 +0,0 @@
|
|
|
1
|
-
import { Logger } from '@nestjs/common';
|
|
2
|
-
import type { Request as ExpressRequest, NextFunction, Response } from 'express';
|
|
3
|
-
import type { OAuthEndpointConfiguration, OAuthModuleOptions, OAuthUserProfile } from './providers/oauth-provider.interface';
|
|
4
|
-
import { ClientService } from './services/client.service';
|
|
5
|
-
import { JwtTokenService, TokenPair } from './services/jwt-token.service';
|
|
6
|
-
import { OAuthStrategyService } from './services/oauth-strategy.service';
|
|
7
|
-
import type { IOAuthStore } from './stores/oauth-store.interface';
|
|
8
|
-
interface OAuthCallbackRequest extends ExpressRequest {
|
|
9
|
-
user?: {
|
|
10
|
-
profile: OAuthUserProfile;
|
|
11
|
-
accessToken: string;
|
|
12
|
-
provider: string;
|
|
13
|
-
};
|
|
14
|
-
}
|
|
15
|
-
interface RequestWithRawBody extends ExpressRequest {
|
|
16
|
-
rawBody?: Buffer;
|
|
17
|
-
textBody?: string;
|
|
18
|
-
}
|
|
19
|
-
export declare function createMcpOAuthController(endpoints?: OAuthEndpointConfiguration, options?: {
|
|
20
|
-
disableWellKnownProtectedResourceMetadata?: boolean;
|
|
21
|
-
disableWellKnownAuthorizationServerMetadata?: boolean;
|
|
22
|
-
}, authModuleId?: string): {
|
|
23
|
-
new (options: OAuthModuleOptions, store: IOAuthStore, jwtTokenService: JwtTokenService, clientService: ClientService, oauthStrategyService: OAuthStrategyService): {
|
|
24
|
-
readonly logger: Logger;
|
|
25
|
-
readonly serverUrl: string;
|
|
26
|
-
readonly isProduction: boolean;
|
|
27
|
-
readonly options: OAuthModuleOptions;
|
|
28
|
-
readonly strategyName: string;
|
|
29
|
-
readonly store: IOAuthStore;
|
|
30
|
-
readonly jwtTokenService: JwtTokenService;
|
|
31
|
-
readonly clientService: ClientService;
|
|
32
|
-
readonly oauthStrategyService: OAuthStrategyService;
|
|
33
|
-
parseRequestBody(body: any, req?: RequestWithRawBody): Record<string, any>;
|
|
34
|
-
captureRawBody(req: RequestWithRawBody, res: Response, next: NextFunction): void;
|
|
35
|
-
getProtectedResourceMetadata(): {
|
|
36
|
-
authorization_servers: string[];
|
|
37
|
-
resource: string;
|
|
38
|
-
scopes_supported: string[];
|
|
39
|
-
bearer_methods_supported: string[];
|
|
40
|
-
mcp_versions_supported: string[];
|
|
41
|
-
};
|
|
42
|
-
getAuthorizationServerMetadata(): {
|
|
43
|
-
issuer: string;
|
|
44
|
-
authorization_endpoint: string;
|
|
45
|
-
token_endpoint: string;
|
|
46
|
-
registration_endpoint: string;
|
|
47
|
-
response_types_supported: string[];
|
|
48
|
-
response_modes_supported: string[];
|
|
49
|
-
grant_types_supported: string[];
|
|
50
|
-
token_endpoint_auth_methods_supported: string[];
|
|
51
|
-
scopes_supported: string[];
|
|
52
|
-
revocation_endpoint: string;
|
|
53
|
-
code_challenge_methods_supported: string[];
|
|
54
|
-
};
|
|
55
|
-
registerClient(registrationDto: any): Promise<import("./stores/oauth-store.interface").OAuthClient>;
|
|
56
|
-
authorize(query: any, req: any, res: Response, next: NextFunction): Promise<void>;
|
|
57
|
-
handleProviderCallback(req: OAuthCallbackRequest, res: Response, next: NextFunction): void;
|
|
58
|
-
processAuthenticationSuccess(req: OAuthCallbackRequest, res: Response): Promise<void>;
|
|
59
|
-
exchangeToken(body: any, req: RequestWithRawBody, res: Response): Promise<TokenPair>;
|
|
60
|
-
processTokenExchange(parsedBody: Record<string, any>, req: RequestWithRawBody): Promise<TokenPair>;
|
|
61
|
-
extractClientCredentials(req: RequestWithRawBody, body: any): {
|
|
62
|
-
client_id: string;
|
|
63
|
-
client_secret?: string;
|
|
64
|
-
};
|
|
65
|
-
validateClientAuthentication(client: any, clientCredentials: {
|
|
66
|
-
client_id: string;
|
|
67
|
-
client_secret?: string;
|
|
68
|
-
}): void;
|
|
69
|
-
handleAuthorizationCodeGrant(code: string, code_verifier: string, _redirect_uri: string, clientCredentials: {
|
|
70
|
-
client_id: string;
|
|
71
|
-
client_secret?: string;
|
|
72
|
-
}): Promise<TokenPair>;
|
|
73
|
-
handleRefreshTokenGrant(refresh_token: string, clientCredentials: {
|
|
74
|
-
client_id: string;
|
|
75
|
-
client_secret?: string;
|
|
76
|
-
}): Promise<TokenPair>;
|
|
77
|
-
validatePKCE(code_verifier: string, code_challenge: string, method: string): boolean;
|
|
78
|
-
};
|
|
79
|
-
};
|
|
80
|
-
export {};
|
|
81
|
-
//# sourceMappingURL=mcp-oauth.controller.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-oauth.controller.d.ts","sourceRoot":"","sources":["../../src/authz/mcp-oauth.controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAQL,MAAM,EAMP,MAAM,gBAAgB,CAAC;AAExB,OAAO,KAAK,EACV,OAAO,IAAI,cAAc,EACzB,YAAY,EACZ,QAAQ,EACT,MAAM,SAAS,CAAC;AAGjB,OAAO,KAAK,EACV,0BAA0B,EAC1B,kBAAkB,EAElB,gBAAgB,EACjB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAElE,UAAU,oBAAqB,SAAQ,cAAc;IACnD,IAAI,CAAC,EAAE;QACL,OAAO,EAAE,gBAAgB,CAAC;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAGD,UAAU,kBAAmB,SAAQ,cAAc;IACjD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,wBAAwB,CACtC,SAAS,GAAE,0BAA+B,EAC1C,OAAO,CAAC,EAAE;IACR,yCAAyC,CAAC,EAAE,OAAO,CAAC;IACpD,2CAA2C,CAAC,EAAE,OAAO,CAAC;CACvD,EACD,YAAY,CAAC,EAAE,MAAM;kBAsCR,kBAAkB,SAEX,WAAW,mBACD,eAAe,iBACjB,aAAa,wBACN,oBAAoB;;4BAhBjC,MAAM;+BACH,OAAO;0BACZ,kBAAkB;+BACb,MAAM;wBAUX,WAAW;kCACD,eAAe;gCACjB,aAAa;uCACN,oBAAoB;+BAY9B,GAAG,QAAQ,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;4BA+CtD,kBAAkB,OAAO,QAAQ,QAAQ,YAAY;;;;;;;;;;;;;;;;;;;;;wCAoI3B,GAAG;yBAM/B,GAAG,OAEd,GAAG,OACI,QAAQ,QACN,YAAY;oCA2Ed,oBAAoB,OACpB,QAAQ,QACN,YAAY;0CA2BrB,oBAAoB,OACpB,QAAQ;4BAkFC,GAAG,OACL,kBAAkB,OACG,QAAQ,GACxC,OAAO,CAAC,SAAS,CAAC;yCA6CP,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,OAC1B,kBAAkB,GACtB,OAAO,CAAC,SAAS,CAAC;sCA4Dd,kBAAkB,QACjB,GAAG,GACR;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE;6CA+BtC,GAAG,qBACQ;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE,GAC/D,IAAI;2CAqCC,MAAM,iBACG,MAAM,iBACN,MAAM,qBACF;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE,GAC/D,OAAO,CAAC,SAAS,CAAC;+CA4FJ,MAAM,qBACF;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE,GAC/D,OAAO,CAAC,SAAS,CAAC;oCA6EJ,MAAM,kBACL,MAAM,UACd,MAAM,GACb,OAAO;;EAcb"}
|