@rekog/mcp-nest 1.9.10 → 2.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (364) hide show
  1. package/README.md +76 -29
  2. package/dist/index.d.ts +0 -1
  3. package/dist/index.d.ts.map +1 -1
  4. package/dist/index.js +0 -1
  5. package/dist/index.js.map +1 -1
  6. package/dist/mcp/decorators/constants.d.ts +1 -0
  7. package/dist/mcp/decorators/constants.d.ts.map +1 -1
  8. package/dist/mcp/decorators/constants.js +2 -1
  9. package/dist/mcp/decorators/constants.js.map +1 -1
  10. package/dist/mcp/decorators/index.d.ts +3 -1
  11. package/dist/mcp/decorators/index.d.ts.map +1 -1
  12. package/dist/mcp/decorators/index.js +3 -1
  13. package/dist/mcp/decorators/index.js.map +1 -1
  14. package/dist/mcp/decorators/mcp-controller.decorator.d.ts +6 -0
  15. package/dist/mcp/decorators/mcp-controller.decorator.d.ts.map +1 -0
  16. package/dist/mcp/decorators/mcp-controller.decorator.js +43 -0
  17. package/dist/mcp/decorators/mcp-controller.decorator.js.map +1 -0
  18. package/dist/mcp/decorators/mcp-message-pattern.d.ts +3 -0
  19. package/dist/mcp/decorators/mcp-message-pattern.d.ts.map +1 -0
  20. package/dist/mcp/decorators/mcp-message-pattern.js +13 -0
  21. package/dist/mcp/decorators/mcp-message-pattern.js.map +1 -0
  22. package/dist/mcp/decorators/prompt.decorator.d.ts +1 -1
  23. package/dist/mcp/decorators/prompt.decorator.d.ts.map +1 -1
  24. package/dist/mcp/decorators/prompt.decorator.js +2 -1
  25. package/dist/mcp/decorators/prompt.decorator.js.map +1 -1
  26. package/dist/mcp/decorators/public.decorator.js.map +1 -1
  27. package/dist/mcp/decorators/raw-request.decorator.d.ts +2 -0
  28. package/dist/mcp/decorators/raw-request.decorator.d.ts.map +1 -0
  29. package/dist/mcp/decorators/raw-request.decorator.js +6 -0
  30. package/dist/mcp/decorators/raw-request.decorator.js.map +1 -0
  31. package/dist/mcp/decorators/resource-template.decorator.d.ts +1 -1
  32. package/dist/mcp/decorators/resource-template.decorator.d.ts.map +1 -1
  33. package/dist/mcp/decorators/resource-template.decorator.js +2 -1
  34. package/dist/mcp/decorators/resource-template.decorator.js.map +1 -1
  35. package/dist/mcp/decorators/resource.decorator.d.ts +1 -1
  36. package/dist/mcp/decorators/resource.decorator.d.ts.map +1 -1
  37. package/dist/mcp/decorators/resource.decorator.js +2 -1
  38. package/dist/mcp/decorators/resource.decorator.js.map +1 -1
  39. package/dist/mcp/decorators/tool.decorator.d.ts +1 -3
  40. package/dist/mcp/decorators/tool.decorator.d.ts.map +1 -1
  41. package/dist/mcp/decorators/tool.decorator.js +2 -1
  42. package/dist/mcp/decorators/tool.decorator.js.map +1 -1
  43. package/dist/mcp/filters/mcp-exception.filter.d.ts +6 -0
  44. package/dist/mcp/filters/mcp-exception.filter.d.ts.map +1 -0
  45. package/dist/mcp/filters/mcp-exception.filter.js +26 -0
  46. package/dist/mcp/filters/mcp-exception.filter.js.map +1 -0
  47. package/dist/mcp/index.d.ts +11 -7
  48. package/dist/mcp/index.d.ts.map +1 -1
  49. package/dist/mcp/index.js +11 -7
  50. package/dist/mcp/index.js.map +1 -1
  51. package/dist/mcp/interfaces/authenticated-user.interface.d.ts +9 -0
  52. package/dist/mcp/interfaces/authenticated-user.interface.d.ts.map +1 -0
  53. package/dist/{authz/interfaces/request-with-user.js → mcp/interfaces/authenticated-user.interface.js} +1 -1
  54. package/dist/mcp/interfaces/authenticated-user.interface.js.map +1 -0
  55. package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts +1 -1
  56. package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts.map +1 -1
  57. package/dist/mcp/interfaces/dynamic-prompt.interface.js.map +1 -1
  58. package/dist/mcp/interfaces/dynamic-resource.interface.d.ts +1 -1
  59. package/dist/mcp/interfaces/dynamic-resource.interface.d.ts.map +1 -1
  60. package/dist/mcp/interfaces/dynamic-resource.interface.js.map +1 -1
  61. package/dist/mcp/interfaces/dynamic-tool.interface.d.ts +1 -1
  62. package/dist/mcp/interfaces/dynamic-tool.interface.d.ts.map +1 -1
  63. package/dist/mcp/interfaces/dynamic-tool.interface.js.map +1 -1
  64. package/dist/mcp/interfaces/index.d.ts +2 -2
  65. package/dist/mcp/interfaces/index.d.ts.map +1 -1
  66. package/dist/mcp/interfaces/index.js +0 -3
  67. package/dist/mcp/interfaces/index.js.map +1 -1
  68. package/dist/mcp/services/tool-authorization.service.d.ts +7 -5
  69. package/dist/mcp/services/tool-authorization.service.d.ts.map +1 -1
  70. package/dist/mcp/services/tool-authorization.service.js +9 -6
  71. package/dist/mcp/services/tool-authorization.service.js.map +1 -1
  72. package/dist/mcp/transport/mcp-context.d.ts +34 -0
  73. package/dist/mcp/transport/mcp-context.d.ts.map +1 -0
  74. package/dist/mcp/transport/mcp-context.js +74 -0
  75. package/dist/mcp/transport/mcp-context.js.map +1 -0
  76. package/dist/mcp/transport/mcp-http-handler.d.ts +7 -0
  77. package/dist/mcp/transport/mcp-http-handler.d.ts.map +1 -0
  78. package/dist/mcp/transport/mcp-http-handler.js +5 -0
  79. package/dist/mcp/transport/mcp-http-handler.js.map +1 -0
  80. package/dist/mcp/transport/mcp-server-options.interface.d.ts +23 -0
  81. package/dist/mcp/transport/mcp-server-options.interface.d.ts.map +1 -0
  82. package/dist/{authz/providers/oauth-provider.interface.js → mcp/transport/mcp-server-options.interface.js} +1 -1
  83. package/dist/mcp/transport/mcp-server-options.interface.js.map +1 -0
  84. package/dist/mcp/transport/mcp-transport.constants.d.ts +19 -0
  85. package/dist/mcp/transport/mcp-transport.constants.d.ts.map +1 -0
  86. package/dist/mcp/transport/mcp-transport.constants.js +21 -0
  87. package/dist/mcp/transport/mcp-transport.constants.js.map +1 -0
  88. package/dist/mcp/transport/mcp-transport.interface.d.ts +17 -0
  89. package/dist/mcp/transport/mcp-transport.interface.d.ts.map +1 -0
  90. package/dist/{authz/interfaces/oauth-common.interface.js → mcp/transport/mcp-transport.interface.js} +1 -1
  91. package/dist/mcp/transport/mcp-transport.interface.js.map +1 -0
  92. package/dist/mcp/transport/mcp.strategy.d.ts +56 -0
  93. package/dist/mcp/transport/mcp.strategy.d.ts.map +1 -0
  94. package/dist/mcp/transport/mcp.strategy.js +446 -0
  95. package/dist/mcp/transport/mcp.strategy.js.map +1 -0
  96. package/dist/mcp/transport/resource-matcher.d.ts +13 -0
  97. package/dist/mcp/transport/resource-matcher.d.ts.map +1 -0
  98. package/dist/mcp/transport/resource-matcher.js +83 -0
  99. package/dist/mcp/transport/resource-matcher.js.map +1 -0
  100. package/dist/mcp/transport/streamable-http.controller.d.ts +16 -0
  101. package/dist/mcp/transport/streamable-http.controller.d.ts.map +1 -0
  102. package/dist/mcp/transport/streamable-http.controller.js +98 -0
  103. package/dist/mcp/transport/streamable-http.controller.js.map +1 -0
  104. package/dist/mcp/transport/transports/index.d.ts +3 -0
  105. package/dist/mcp/transport/transports/index.d.ts.map +1 -0
  106. package/dist/{authz → mcp/transport/transports}/index.js +2 -10
  107. package/dist/mcp/transport/transports/index.js.map +1 -0
  108. package/dist/mcp/transport/transports/read-body.d.ts +3 -0
  109. package/dist/mcp/transport/transports/read-body.d.ts.map +1 -0
  110. package/dist/mcp/transport/transports/read-body.js +32 -0
  111. package/dist/mcp/transport/transports/read-body.js.map +1 -0
  112. package/dist/mcp/transport/transports/stdio.transport.d.ts +9 -0
  113. package/dist/mcp/transport/transports/stdio.transport.d.ts.map +1 -0
  114. package/dist/mcp/transport/transports/stdio.transport.js +27 -0
  115. package/dist/mcp/transport/transports/stdio.transport.js.map +1 -0
  116. package/dist/mcp/transport/transports/streamable-http.transport.d.ts +33 -0
  117. package/dist/mcp/transport/transports/streamable-http.transport.d.ts.map +1 -0
  118. package/dist/mcp/transport/transports/streamable-http.transport.js +216 -0
  119. package/dist/mcp/transport/transports/streamable-http.transport.js.map +1 -0
  120. package/dist/mcp/utils/mcp-logger.factory.d.ts +6 -2
  121. package/dist/mcp/utils/mcp-logger.factory.d.ts.map +1 -1
  122. package/dist/mcp/utils/mcp-logger.factory.js.map +1 -1
  123. package/package.json +3 -66
  124. package/src/index.ts +0 -1
  125. package/src/mcp/decorators/constants.ts +1 -0
  126. package/src/mcp/decorators/index.ts +3 -1
  127. package/src/mcp/decorators/mcp-controller.decorator.ts +126 -0
  128. package/src/mcp/decorators/mcp-message-pattern.ts +38 -0
  129. package/src/mcp/decorators/prompt.decorator.ts +6 -2
  130. package/src/mcp/decorators/public.decorator.ts +3 -3
  131. package/src/mcp/decorators/raw-request.decorator.ts +32 -0
  132. package/src/mcp/decorators/resource-template.decorator.ts +6 -2
  133. package/src/mcp/decorators/resource.decorator.ts +6 -2
  134. package/src/mcp/decorators/tool.decorator.ts +6 -3
  135. package/src/mcp/filters/mcp-exception.filter.ts +47 -0
  136. package/src/mcp/index.ts +13 -7
  137. package/src/mcp/interfaces/authenticated-user.interface.ts +22 -0
  138. package/src/mcp/interfaces/dynamic-prompt.interface.ts +1 -1
  139. package/src/mcp/interfaces/dynamic-resource.interface.ts +1 -1
  140. package/src/mcp/interfaces/dynamic-tool.interface.ts +2 -2
  141. package/src/mcp/interfaces/index.ts +3 -7
  142. package/src/mcp/services/tool-authorization.service.ts +52 -72
  143. package/src/mcp/transport/mcp-context.ts +138 -0
  144. package/src/mcp/transport/mcp-http-handler.ts +32 -0
  145. package/src/mcp/transport/mcp-server-options.interface.ts +75 -0
  146. package/src/mcp/transport/mcp-transport.constants.ts +99 -0
  147. package/src/mcp/transport/mcp-transport.interface.ts +50 -0
  148. package/src/mcp/transport/mcp.strategy.ts +752 -0
  149. package/src/mcp/transport/resource-matcher.ts +107 -0
  150. package/src/mcp/transport/streamable-http.controller.ts +114 -0
  151. package/src/mcp/transport/transports/index.ts +2 -0
  152. package/src/mcp/transport/transports/read-body.ts +39 -0
  153. package/src/mcp/transport/transports/stdio.transport.ts +35 -0
  154. package/src/mcp/transport/transports/streamable-http.transport.ts +384 -0
  155. package/src/mcp/utils/mcp-logger.factory.spec.ts +8 -22
  156. package/src/mcp/utils/mcp-logger.factory.ts +13 -2
  157. package/dist/authz/guards/jwt-auth.guard.d.ts +0 -19
  158. package/dist/authz/guards/jwt-auth.guard.d.ts.map +0 -1
  159. package/dist/authz/guards/jwt-auth.guard.js +0 -108
  160. package/dist/authz/guards/jwt-auth.guard.js.map +0 -1
  161. package/dist/authz/index.d.ts +0 -11
  162. package/dist/authz/index.d.ts.map +0 -1
  163. package/dist/authz/index.js.map +0 -1
  164. package/dist/authz/interfaces/oauth-common.interface.d.ts +0 -21
  165. package/dist/authz/interfaces/oauth-common.interface.d.ts.map +0 -1
  166. package/dist/authz/interfaces/oauth-common.interface.js.map +0 -1
  167. package/dist/authz/interfaces/request-with-user.d.ts +0 -13
  168. package/dist/authz/interfaces/request-with-user.d.ts.map +0 -1
  169. package/dist/authz/interfaces/request-with-user.js.map +0 -1
  170. package/dist/authz/mcp-oauth.controller.d.ts +0 -81
  171. package/dist/authz/mcp-oauth.controller.d.ts.map +0 -1
  172. package/dist/authz/mcp-oauth.controller.js +0 -540
  173. package/dist/authz/mcp-oauth.controller.js.map +0 -1
  174. package/dist/authz/mcp-oauth.module.d.ts +0 -12
  175. package/dist/authz/mcp-oauth.module.d.ts.map +0 -1
  176. package/dist/authz/mcp-oauth.module.js +0 -271
  177. package/dist/authz/mcp-oauth.module.js.map +0 -1
  178. package/dist/authz/providers/azure-ad.provider.d.ts +0 -3
  179. package/dist/authz/providers/azure-ad.provider.d.ts.map +0 -1
  180. package/dist/authz/providers/azure-ad.provider.js +0 -37
  181. package/dist/authz/providers/azure-ad.provider.js.map +0 -1
  182. package/dist/authz/providers/github.provider.d.ts +0 -3
  183. package/dist/authz/providers/github.provider.d.ts.map +0 -1
  184. package/dist/authz/providers/github.provider.js +0 -24
  185. package/dist/authz/providers/github.provider.js.map +0 -1
  186. package/dist/authz/providers/google.provider.d.ts +0 -3
  187. package/dist/authz/providers/google.provider.d.ts.map +0 -1
  188. package/dist/authz/providers/google.provider.js +0 -25
  189. package/dist/authz/providers/google.provider.js.map +0 -1
  190. package/dist/authz/providers/oauth-provider.interface.d.ts +0 -107
  191. package/dist/authz/providers/oauth-provider.interface.d.ts.map +0 -1
  192. package/dist/authz/providers/oauth-provider.interface.js.map +0 -1
  193. package/dist/authz/services/client.service.d.ts +0 -12
  194. package/dist/authz/services/client.service.d.ts.map +0 -1
  195. package/dist/authz/services/client.service.js +0 -81
  196. package/dist/authz/services/client.service.js.map +0 -1
  197. package/dist/authz/services/jwt-token.service.d.ts +0 -37
  198. package/dist/authz/services/jwt-token.service.d.ts.map +0 -1
  199. package/dist/authz/services/jwt-token.service.js +0 -182
  200. package/dist/authz/services/jwt-token.service.js.map +0 -1
  201. package/dist/authz/services/oauth-strategy.service.d.ts +0 -13
  202. package/dist/authz/services/oauth-strategy.service.d.ts.map +0 -1
  203. package/dist/authz/services/oauth-strategy.service.js +0 -71
  204. package/dist/authz/services/oauth-strategy.service.js.map +0 -1
  205. package/dist/authz/stores/memory-store.service.d.ts +0 -27
  206. package/dist/authz/stores/memory-store.service.d.ts.map +0 -1
  207. package/dist/authz/stores/memory-store.service.js +0 -107
  208. package/dist/authz/stores/memory-store.service.js.map +0 -1
  209. package/dist/authz/stores/oauth-store.interface.d.ts +0 -61
  210. package/dist/authz/stores/oauth-store.interface.d.ts.map +0 -1
  211. package/dist/authz/stores/oauth-store.interface.js +0 -5
  212. package/dist/authz/stores/oauth-store.interface.js.map +0 -1
  213. package/dist/authz/stores/typeorm/constants.d.ts +0 -3
  214. package/dist/authz/stores/typeorm/constants.d.ts.map +0 -1
  215. package/dist/authz/stores/typeorm/constants.js +0 -6
  216. package/dist/authz/stores/typeorm/constants.js.map +0 -1
  217. package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts +0 -15
  218. package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts.map +0 -1
  219. package/dist/authz/stores/typeorm/entities/authorization-code.entity.js +0 -69
  220. package/dist/authz/stores/typeorm/entities/authorization-code.entity.js.map +0 -1
  221. package/dist/authz/stores/typeorm/entities/index.d.ts +0 -5
  222. package/dist/authz/stores/typeorm/entities/index.d.ts.map +0 -1
  223. package/dist/authz/stores/typeorm/entities/index.js +0 -12
  224. package/dist/authz/stores/typeorm/entities/index.js.map +0 -1
  225. package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts +0 -17
  226. package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts.map +0 -1
  227. package/dist/authz/stores/typeorm/entities/oauth-client.entity.js +0 -77
  228. package/dist/authz/stores/typeorm/entities/oauth-client.entity.js.map +0 -1
  229. package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts +0 -14
  230. package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts.map +0 -1
  231. package/dist/authz/stores/typeorm/entities/oauth-session.entity.js +0 -65
  232. package/dist/authz/stores/typeorm/entities/oauth-session.entity.js.map +0 -1
  233. package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts +0 -13
  234. package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts.map +0 -1
  235. package/dist/authz/stores/typeorm/entities/user-profile.entity.js +0 -62
  236. package/dist/authz/stores/typeorm/entities/user-profile.entity.js.map +0 -1
  237. package/dist/authz/stores/typeorm/typeorm-store.service.d.ts +0 -28
  238. package/dist/authz/stores/typeorm/typeorm-store.service.d.ts.map +0 -1
  239. package/dist/authz/stores/typeorm/typeorm-store.service.js +0 -138
  240. package/dist/authz/stores/typeorm/typeorm-store.service.js.map +0 -1
  241. package/dist/mcp/constants/feature-registration.constants.d.ts +0 -7
  242. package/dist/mcp/constants/feature-registration.constants.d.ts.map +0 -1
  243. package/dist/mcp/constants/feature-registration.constants.js +0 -5
  244. package/dist/mcp/constants/feature-registration.constants.js.map +0 -1
  245. package/dist/mcp/decorators/tool-guards.decorator.d.ts +0 -12
  246. package/dist/mcp/decorators/tool-guards.decorator.d.ts.map +0 -1
  247. package/dist/mcp/decorators/tool-guards.decorator.js +0 -13
  248. package/dist/mcp/decorators/tool-guards.decorator.js.map +0 -1
  249. package/dist/mcp/interfaces/mcp-options.interface.d.ts +0 -53
  250. package/dist/mcp/interfaces/mcp-options.interface.d.ts.map +0 -1
  251. package/dist/mcp/interfaces/mcp-options.interface.js +0 -10
  252. package/dist/mcp/interfaces/mcp-options.interface.js.map +0 -1
  253. package/dist/mcp/mcp.module.d.ts +0 -15
  254. package/dist/mcp/mcp.module.d.ts.map +0 -1
  255. package/dist/mcp/mcp.module.js +0 -248
  256. package/dist/mcp/mcp.module.js.map +0 -1
  257. package/dist/mcp/services/handlers/mcp-handler.base.d.ts +0 -117
  258. package/dist/mcp/services/handlers/mcp-handler.base.d.ts.map +0 -1
  259. package/dist/mcp/services/handlers/mcp-handler.base.js +0 -125
  260. package/dist/mcp/services/handlers/mcp-handler.base.js.map +0 -1
  261. package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts +0 -12
  262. package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts.map +0 -1
  263. package/dist/mcp/services/handlers/mcp-prompts.handler.js +0 -98
  264. package/dist/mcp/services/handlers/mcp-prompts.handler.js.map +0 -1
  265. package/dist/mcp/services/handlers/mcp-resources.handler.d.ts +0 -13
  266. package/dist/mcp/services/handlers/mcp-resources.handler.d.ts.map +0 -1
  267. package/dist/mcp/services/handlers/mcp-resources.handler.js +0 -117
  268. package/dist/mcp/services/handlers/mcp-resources.handler.js.map +0 -1
  269. package/dist/mcp/services/handlers/mcp-tools.handler.d.ts +0 -22
  270. package/dist/mcp/services/handlers/mcp-tools.handler.d.ts.map +0 -1
  271. package/dist/mcp/services/handlers/mcp-tools.handler.js +0 -258
  272. package/dist/mcp/services/handlers/mcp-tools.handler.js.map +0 -1
  273. package/dist/mcp/services/mcp-dynamic-registry.service.d.ts +0 -26
  274. package/dist/mcp/services/mcp-dynamic-registry.service.d.ts.map +0 -1
  275. package/dist/mcp/services/mcp-dynamic-registry.service.js +0 -133
  276. package/dist/mcp/services/mcp-dynamic-registry.service.js.map +0 -1
  277. package/dist/mcp/services/mcp-executor.service.d.ts +0 -15
  278. package/dist/mcp/services/mcp-executor.service.d.ts.map +0 -1
  279. package/dist/mcp/services/mcp-executor.service.js +0 -47
  280. package/dist/mcp/services/mcp-executor.service.js.map +0 -1
  281. package/dist/mcp/services/mcp-registry-discovery.service.d.ts +0 -63
  282. package/dist/mcp/services/mcp-registry-discovery.service.d.ts.map +0 -1
  283. package/dist/mcp/services/mcp-registry-discovery.service.js +0 -397
  284. package/dist/mcp/services/mcp-registry-discovery.service.js.map +0 -1
  285. package/dist/mcp/services/mcp-sse.service.d.ts +0 -20
  286. package/dist/mcp/services/mcp-sse.service.d.ts.map +0 -1
  287. package/dist/mcp/services/mcp-sse.service.js +0 -91
  288. package/dist/mcp/services/mcp-sse.service.js.map +0 -1
  289. package/dist/mcp/services/mcp-streamable-http.service.d.ts +0 -32
  290. package/dist/mcp/services/mcp-streamable-http.service.d.ts.map +0 -1
  291. package/dist/mcp/services/mcp-streamable-http.service.js +0 -327
  292. package/dist/mcp/services/mcp-streamable-http.service.js.map +0 -1
  293. package/dist/mcp/services/sse-ping.service.d.ts +0 -23
  294. package/dist/mcp/services/sse-ping.service.d.ts.map +0 -1
  295. package/dist/mcp/services/sse-ping.service.js +0 -99
  296. package/dist/mcp/services/sse-ping.service.js.map +0 -1
  297. package/dist/mcp/transport/sse.controller.factory.d.ts +0 -14
  298. package/dist/mcp/transport/sse.controller.factory.d.ts.map +0 -1
  299. package/dist/mcp/transport/sse.controller.factory.js +0 -67
  300. package/dist/mcp/transport/sse.controller.factory.js.map +0 -1
  301. package/dist/mcp/transport/stdio.service.d.ts +0 -14
  302. package/dist/mcp/transport/stdio.service.d.ts.map +0 -1
  303. package/dist/mcp/transport/stdio.service.js +0 -66
  304. package/dist/mcp/transport/stdio.service.js.map +0 -1
  305. package/dist/mcp/transport/streamable-http.controller.factory.d.ts +0 -14
  306. package/dist/mcp/transport/streamable-http.controller.factory.d.ts.map +0 -1
  307. package/dist/mcp/transport/streamable-http.controller.factory.js +0 -74
  308. package/dist/mcp/transport/streamable-http.controller.factory.js.map +0 -1
  309. package/dist/mcp/utils/capabilities-builder.d.ts +0 -5
  310. package/dist/mcp/utils/capabilities-builder.d.ts.map +0 -1
  311. package/dist/mcp/utils/capabilities-builder.js +0 -25
  312. package/dist/mcp/utils/capabilities-builder.js.map +0 -1
  313. package/dist/mcp/utils/mcp-server.factory.d.ts +0 -6
  314. package/dist/mcp/utils/mcp-server.factory.d.ts.map +0 -1
  315. package/dist/mcp/utils/mcp-server.factory.js +0 -22
  316. package/dist/mcp/utils/mcp-server.factory.js.map +0 -1
  317. package/src/authz/guards/jwt-auth.guard.ts +0 -127
  318. package/src/authz/index.ts +0 -10
  319. package/src/authz/interfaces/oauth-common.interface.ts +0 -21
  320. package/src/authz/interfaces/request-with-user.ts +0 -16
  321. package/src/authz/mcp-oauth.controller.ts +0 -860
  322. package/src/authz/mcp-oauth.module.ts +0 -384
  323. package/src/authz/providers/azure-ad.provider.ts +0 -40
  324. package/src/authz/providers/github.provider.ts +0 -22
  325. package/src/authz/providers/google.provider.ts +0 -23
  326. package/src/authz/providers/oauth-provider.interface.ts +0 -147
  327. package/src/authz/services/client.service.ts +0 -125
  328. package/src/authz/services/jwt-token.service.spec.ts +0 -67
  329. package/src/authz/services/jwt-token.service.ts +0 -188
  330. package/src/authz/services/oauth-strategy.service.ts +0 -64
  331. package/src/authz/stores/memory-store.service.spec.ts +0 -475
  332. package/src/authz/stores/memory-store.service.ts +0 -141
  333. package/src/authz/stores/oauth-store.interface.ts +0 -131
  334. package/src/authz/stores/typeorm/README.md +0 -140
  335. package/src/authz/stores/typeorm/constants.ts +0 -6
  336. package/src/authz/stores/typeorm/entities/authorization-code.entity.ts +0 -41
  337. package/src/authz/stores/typeorm/entities/index.ts +0 -4
  338. package/src/authz/stores/typeorm/entities/oauth-client.entity.ts +0 -53
  339. package/src/authz/stores/typeorm/entities/oauth-session.entity.ts +0 -38
  340. package/src/authz/stores/typeorm/entities/user-profile.entity.ts +0 -46
  341. package/src/authz/stores/typeorm/typeorm-store.service.spec.ts +0 -494
  342. package/src/authz/stores/typeorm/typeorm-store.service.ts +0 -165
  343. package/src/mcp/constants/feature-registration.constants.ts +0 -24
  344. package/src/mcp/decorators/tool-guards.decorator.ts +0 -82
  345. package/src/mcp/interfaces/mcp-options.interface.ts +0 -95
  346. package/src/mcp/mcp.module.ts +0 -349
  347. package/src/mcp/services/handlers/mcp-handler.base.ts +0 -203
  348. package/src/mcp/services/handlers/mcp-prompts.handler.ts +0 -143
  349. package/src/mcp/services/handlers/mcp-resources.handler.ts +0 -183
  350. package/src/mcp/services/handlers/mcp-tools.handler.spec.ts +0 -41
  351. package/src/mcp/services/handlers/mcp-tools.handler.ts +0 -436
  352. package/src/mcp/services/mcp-dynamic-registry.service.ts +0 -236
  353. package/src/mcp/services/mcp-executor.service.ts +0 -64
  354. package/src/mcp/services/mcp-registry-discovery.service.spec.ts +0 -306
  355. package/src/mcp/services/mcp-registry-discovery.service.ts +0 -849
  356. package/src/mcp/services/mcp-sse.service.ts +0 -124
  357. package/src/mcp/services/mcp-streamable-http.service.ts +0 -472
  358. package/src/mcp/services/sse-ping.service.ts +0 -144
  359. package/src/mcp/transport/custom-decorator.spec.ts +0 -75
  360. package/src/mcp/transport/sse.controller.factory.ts +0 -84
  361. package/src/mcp/transport/stdio.service.ts +0 -75
  362. package/src/mcp/transport/streamable-http.controller.factory.ts +0 -80
  363. package/src/mcp/utils/capabilities-builder.ts +0 -43
  364. package/src/mcp/utils/mcp-server.factory.ts +0 -33
@@ -1,12 +0,0 @@
1
- import { DynamicModule } from '@nestjs/common';
2
- import type { OAuthUserModuleOptions as AuthUserModuleOptions, OAuthModuleDefaults } from './providers/oauth-provider.interface';
3
- export declare const DEFAULT_OPTIONS: OAuthModuleDefaults;
4
- export declare class McpAuthModule {
5
- readonly __isMcpAuthModule = true;
6
- static forRoot(options: AuthUserModuleOptions): DynamicModule;
7
- private static mergeAndValidateOptions;
8
- private static validateRequiredOptions;
9
- private static validateResolvedOptions;
10
- private static createStoreProvider;
11
- }
12
- //# sourceMappingURL=mcp-oauth.module.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"mcp-oauth.module.d.ts","sourceRoot":"","sources":["../../src/authz/mcp-oauth.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAU,MAAM,gBAAgB,CAAC;AAMvD,OAAO,KAAK,EACV,sBAAsB,IAAI,qBAAqB,EAE/C,mBAAmB,EAEpB,MAAM,sCAAsC,CAAC;AAW9C,eAAO,MAAM,eAAe,EAAE,mBA4C7B,CAAC;AAEF,qBACa,aAAa;IAIxB,QAAQ,CAAC,iBAAiB,QAAQ;IAElC,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,qBAAqB,GAAG,aAAa;IA4J7D,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAkDtC,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAiBtC,OAAO,CAAC,MAAM,CAAC,uBAAuB;IA0BtC,OAAO,CAAC,MAAM,CAAC,mBAAmB;CAoCnC"}
@@ -1,271 +0,0 @@
1
- "use strict";
2
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
- return c > 3 && r && Object.defineProperty(target, key, r), r;
7
- };
8
- var McpAuthModule_1;
9
- Object.defineProperty(exports, "__esModule", { value: true });
10
- exports.McpAuthModule = exports.DEFAULT_OPTIONS = void 0;
11
- const common_1 = require("@nestjs/common");
12
- const config_1 = require("@nestjs/config");
13
- const jwt_1 = require("@nestjs/jwt");
14
- const passport_1 = require("@nestjs/passport");
15
- const jwt_auth_guard_1 = require("./guards/jwt-auth.guard");
16
- const mcp_oauth_controller_1 = require("./mcp-oauth.controller");
17
- const client_service_1 = require("./services/client.service");
18
- const jwt_token_service_1 = require("./services/jwt-token.service");
19
- const oauth_strategy_service_1 = require("./services/oauth-strategy.service");
20
- const memory_store_service_1 = require("./stores/memory-store.service");
21
- const normalize_endpoint_1 = require("../mcp/utils/normalize-endpoint");
22
- const constants_1 = require("./stores/typeorm/constants");
23
- let authInstanceIdCounter = 0;
24
- exports.DEFAULT_OPTIONS = {
25
- serverUrl: 'http://localhost:3000',
26
- resource: 'http://localhost:3000/mcp',
27
- jwtIssuer: 'http://localhost:3000',
28
- jwtAudience: 'mcp-client',
29
- jwtAccessTokenExpiresIn: '1d',
30
- jwtRefreshTokenExpiresIn: '30d',
31
- enableRefreshTokens: true,
32
- cookieMaxAge: 24 * 60 * 60 * 1000,
33
- oauthSessionExpiresIn: 10 * 60 * 1000,
34
- authCodeExpiresIn: 10 * 60 * 1000,
35
- nodeEnv: 'development',
36
- apiPrefix: '',
37
- endpoints: {
38
- wellKnownAuthorizationServerMetadata: '/.well-known/oauth-authorization-server',
39
- wellKnownProtectedResourceMetadata: '/.well-known/oauth-protected-resource',
40
- register: '/register',
41
- authorize: '/authorize',
42
- callback: '/callback',
43
- token: '/token',
44
- revoke: '/revoke',
45
- },
46
- disableEndpoints: {
47
- wellKnownAuthorizationServerMetadata: false,
48
- wellKnownProtectedResourceMetadata: false,
49
- },
50
- protectedResourceMetadata: {
51
- scopesSupported: ['offline_access'],
52
- bearerMethodsSupported: ['header'],
53
- mcpVersionsSupported: ['2025-06-18'],
54
- },
55
- authorizationServerMetadata: {
56
- responseTypesSupported: ['code'],
57
- responseModesSupported: ['query'],
58
- grantTypesSupported: ['authorization_code', 'refresh_token'],
59
- tokenEndpointAuthMethodsSupported: [
60
- 'client_secret_basic',
61
- 'client_secret_post',
62
- 'none',
63
- ],
64
- scopesSupported: ['offline_access'],
65
- codeChallengeMethodsSupported: ['plain', 'S256'],
66
- },
67
- };
68
- let McpAuthModule = McpAuthModule_1 = class McpAuthModule {
69
- constructor() {
70
- this.__isMcpAuthModule = true;
71
- }
72
- static forRoot(options) {
73
- const authModuleId = `mcp-auth-module-${authInstanceIdCounter++}`;
74
- const resolvedOptions = this.mergeAndValidateOptions(exports.DEFAULT_OPTIONS, options);
75
- resolvedOptions.endpoints = prepareEndpoints(resolvedOptions.apiPrefix, exports.DEFAULT_OPTIONS.endpoints, options.endpoints || {});
76
- const oauthModuleOptionsToken = `OAUTH_MODULE_OPTIONS_${authModuleId}`;
77
- const oauthModuleOptions = {
78
- provide: oauthModuleOptionsToken,
79
- useValue: resolvedOptions,
80
- };
81
- const imports = [
82
- config_1.ConfigModule,
83
- passport_1.PassportModule.register({
84
- defaultStrategy: 'jwt',
85
- session: false,
86
- }),
87
- jwt_1.JwtModule.register({
88
- secret: resolvedOptions.jwtSecret,
89
- signOptions: {
90
- issuer: resolvedOptions.jwtIssuer,
91
- audience: resolvedOptions.jwtAudience,
92
- },
93
- }),
94
- ];
95
- const storeConfig = resolvedOptions.storeConfiguration;
96
- const isTypeOrmStore = storeConfig?.type === 'typeorm';
97
- if (isTypeOrmStore) {
98
- const typeormOptions = storeConfig.options;
99
- try {
100
- const { TypeOrmModule } = require('@nestjs/typeorm');
101
- const { OAuthClientEntity, AuthorizationCodeEntity, OAuthSessionEntity, OAuthUserProfileEntity, } = require('./stores/typeorm/entities');
102
- imports.push(TypeOrmModule.forRoot({
103
- ...typeormOptions,
104
- name: constants_1.OAUTH_TYPEORM_CONNECTION_NAME,
105
- entities: [
106
- OAuthClientEntity,
107
- AuthorizationCodeEntity,
108
- OAuthSessionEntity,
109
- OAuthUserProfileEntity,
110
- ],
111
- }), TypeOrmModule.forFeature([
112
- OAuthClientEntity,
113
- AuthorizationCodeEntity,
114
- OAuthSessionEntity,
115
- OAuthUserProfileEntity,
116
- ], constants_1.OAUTH_TYPEORM_CONNECTION_NAME));
117
- }
118
- catch (err) {
119
- throw new Error("To use the TypeORM store, please install '@nestjs/typeorm' and 'typeorm'.");
120
- }
121
- }
122
- const oauthStoreToken = `IOAuthStore_${authModuleId}`;
123
- const oauthStoreProvider = this.createStoreProvider(resolvedOptions.storeConfiguration, oauthStoreToken);
124
- const oauthStoreAliasProvider = {
125
- provide: memory_store_service_1.MemoryStore,
126
- useExisting: oauthStoreToken,
127
- };
128
- const providers = [
129
- {
130
- provide: 'OAUTH_MODULE_ID',
131
- useValue: authModuleId,
132
- },
133
- oauthModuleOptions,
134
- oauthStoreProvider,
135
- oauthStoreAliasProvider,
136
- {
137
- provide: 'OAUTH_MODULE_OPTIONS',
138
- useExisting: oauthModuleOptionsToken,
139
- },
140
- {
141
- provide: 'IOAuthStore',
142
- useExisting: oauthStoreToken,
143
- },
144
- oauth_strategy_service_1.OAuthStrategyService,
145
- client_service_1.ClientService,
146
- jwt_token_service_1.JwtTokenService,
147
- jwt_auth_guard_1.McpAuthJwtGuard,
148
- ];
149
- const OAuthControllerClass = (0, mcp_oauth_controller_1.createMcpOAuthController)(resolvedOptions.endpoints, {
150
- disableWellKnownAuthorizationServerMetadata: resolvedOptions.disableEndpoints
151
- .wellKnownAuthorizationServerMetadata ?? false,
152
- disableWellKnownProtectedResourceMetadata: resolvedOptions.disableEndpoints.wellKnownProtectedResourceMetadata ??
153
- false,
154
- }, authModuleId);
155
- return {
156
- module: McpAuthModule_1,
157
- imports,
158
- controllers: [OAuthControllerClass],
159
- providers,
160
- exports: [
161
- 'OAUTH_MODULE_ID',
162
- 'OAUTH_MODULE_OPTIONS',
163
- 'IOAuthStore',
164
- jwt_token_service_1.JwtTokenService,
165
- client_service_1.ClientService,
166
- oauth_strategy_service_1.OAuthStrategyService,
167
- jwt_auth_guard_1.McpAuthJwtGuard,
168
- memory_store_service_1.MemoryStore,
169
- ],
170
- };
171
- }
172
- static mergeAndValidateOptions(defaults, options) {
173
- this.validateRequiredOptions(options);
174
- const resolvedOptions = {
175
- ...defaults,
176
- ...options,
177
- jwtIssuer: options.jwtIssuer || options.serverUrl || exports.DEFAULT_OPTIONS.jwtIssuer,
178
- cookieSecure: options.cookieSecure || process.env.NODE_ENV === 'production',
179
- protectedResourceMetadata: {
180
- ...defaults.protectedResourceMetadata,
181
- ...options.protectedResourceMetadata,
182
- },
183
- authorizationServerMetadata: {
184
- ...defaults.authorizationServerMetadata,
185
- ...options.authorizationServerMetadata,
186
- },
187
- disableEndpoints: {
188
- ...defaults.disableEndpoints,
189
- ...(options.disableEndpoints || {}),
190
- },
191
- };
192
- if (!resolvedOptions.enableRefreshTokens) {
193
- resolvedOptions.authorizationServerMetadata.grantTypesSupported =
194
- resolvedOptions.authorizationServerMetadata.grantTypesSupported.filter((g) => g !== 'refresh_token');
195
- resolvedOptions.protectedResourceMetadata.scopesSupported =
196
- resolvedOptions.protectedResourceMetadata.scopesSupported.filter((s) => s !== 'offline_access');
197
- }
198
- this.validateResolvedOptions(resolvedOptions);
199
- return resolvedOptions;
200
- }
201
- static validateRequiredOptions(options) {
202
- const requiredFields = [
203
- 'provider',
204
- 'clientId',
205
- 'clientSecret',
206
- 'jwtSecret',
207
- ];
208
- for (const field of requiredFields) {
209
- if (!options[field]) {
210
- throw new Error(`OAuthModuleOptions: ${String(field)} is required and must be provided by the user`);
211
- }
212
- }
213
- }
214
- static validateResolvedOptions(options) {
215
- if (options.jwtSecret.length < 32) {
216
- throw new Error('OAuthModuleOptions: jwtSecret must be at least 32 characters long');
217
- }
218
- try {
219
- new URL(options.serverUrl);
220
- new URL(options.jwtIssuer);
221
- }
222
- catch {
223
- throw new Error('OAuthModuleOptions: serverUrl and jwtIssuer must be valid URLs');
224
- }
225
- if (!options.provider.name || !options.provider.strategy) {
226
- throw new Error('OAuthModuleOptions: provider must have name and strategy');
227
- }
228
- }
229
- static createStoreProvider(storeConfiguration, provideToken) {
230
- if (!storeConfiguration || storeConfiguration.type === 'memory') {
231
- return {
232
- provide: provideToken,
233
- useValue: new memory_store_service_1.MemoryStore(),
234
- };
235
- }
236
- if (storeConfiguration.type === 'typeorm') {
237
- const { TypeOrmStore, } = require('./stores/typeorm/typeorm-store.service');
238
- return {
239
- provide: provideToken,
240
- useClass: TypeOrmStore,
241
- };
242
- }
243
- if (storeConfiguration.type === 'custom') {
244
- return {
245
- provide: provideToken,
246
- useValue: storeConfiguration.store,
247
- };
248
- }
249
- throw new Error(`Unknown store configuration type: ${storeConfiguration.type}`);
250
- }
251
- };
252
- exports.McpAuthModule = McpAuthModule;
253
- exports.McpAuthModule = McpAuthModule = McpAuthModule_1 = __decorate([
254
- (0, common_1.Module)({})
255
- ], McpAuthModule);
256
- function prepareEndpoints(apiPrefix, defaultEndpoints, configuredEndpoints) {
257
- const updatedDefaultEndpoints = {
258
- wellKnownAuthorizationServerMetadata: defaultEndpoints.wellKnownAuthorizationServerMetadata,
259
- wellKnownProtectedResourceMetadata: defaultEndpoints.wellKnownProtectedResourceMetadata,
260
- callback: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.callback}`),
261
- token: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.token}`),
262
- revoke: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.revoke}`),
263
- authorize: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.authorize}`),
264
- register: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.register}`),
265
- };
266
- return {
267
- ...updatedDefaultEndpoints,
268
- ...configuredEndpoints,
269
- };
270
- }
271
- //# sourceMappingURL=mcp-oauth.module.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"mcp-oauth.module.js","sourceRoot":"","sources":["../../src/authz/mcp-oauth.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAuD;AACvD,2CAA8C;AAC9C,qCAAwC;AACxC,+CAAkD;AAClD,4DAA0D;AAC1D,iEAAkE;AAOlE,8DAA0D;AAC1D,oEAA+D;AAC/D,8EAAyE;AACzE,wEAA4D;AAC5D,wEAAoE;AACpE,0DAA2E;AAE3E,IAAI,qBAAqB,GAAG,CAAC,CAAC;AAGjB,QAAA,eAAe,GAAwB;IAClD,SAAS,EAAE,uBAAuB;IAClC,QAAQ,EAAE,2BAA2B;IACrC,SAAS,EAAE,uBAAuB;IAClC,WAAW,EAAE,YAAY;IACzB,uBAAuB,EAAE,IAAI;IAC7B,wBAAwB,EAAE,KAAK;IAC/B,mBAAmB,EAAE,IAAI;IACzB,YAAY,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;IACjC,qBAAqB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;IACrC,iBAAiB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;IACjC,OAAO,EAAE,aAAa;IACtB,SAAS,EAAE,EAAE;IACb,SAAS,EAAE;QACT,oCAAoC,EAClC,yCAAyC;QAC3C,kCAAkC,EAAE,uCAAuC;QAC3E,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,YAAY;QACvB,QAAQ,EAAE,WAAW;QACrB,KAAK,EAAE,QAAQ;QACf,MAAM,EAAE,SAAS;KAClB;IACD,gBAAgB,EAAE;QAChB,oCAAoC,EAAE,KAAK;QAC3C,kCAAkC,EAAE,KAAK;KAC1C;IACD,yBAAyB,EAAE;QACzB,eAAe,EAAE,CAAC,gBAAgB,CAAC;QACnC,sBAAsB,EAAE,CAAC,QAAQ,CAAC;QAClC,oBAAoB,EAAE,CAAC,YAAY,CAAC;KACrC;IACD,2BAA2B,EAAE;QAC3B,sBAAsB,EAAE,CAAC,MAAM,CAAC;QAChC,sBAAsB,EAAE,CAAC,OAAO,CAAC;QACjC,mBAAmB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QAC5D,iCAAiC,EAAE;YACjC,qBAAqB;YACrB,oBAAoB;YACpB,MAAM;SACP;QACD,eAAe,EAAE,CAAC,gBAAgB,CAAC;QACnC,6BAA6B,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;KACjD;CACF,CAAC;AAGK,IAAM,aAAa,qBAAnB,MAAM,aAAa;IAAnB;QAII,sBAAiB,GAAG,IAAI,CAAC;IA+RpC,CAAC;IA7RC,MAAM,CAAC,OAAO,CAAC,OAA8B;QAE3C,MAAM,YAAY,GAAG,mBAAmB,qBAAqB,EAAE,EAAE,CAAC;QAGlE,MAAM,eAAe,GAAG,IAAI,CAAC,uBAAuB,CAClD,uBAAe,EACf,OAAO,CACR,CAAC;QAEF,eAAe,CAAC,SAAS,GAAG,gBAAgB,CAC1C,eAAe,CAAC,SAAS,EACzB,uBAAe,CAAC,SAAS,EACzB,OAAO,CAAC,SAAS,IAAI,EAAE,CACxB,CAAC;QAGF,MAAM,uBAAuB,GAAG,wBAAwB,YAAY,EAAE,CAAC;QACvE,MAAM,kBAAkB,GAAG;YACzB,OAAO,EAAE,uBAAuB;YAChC,QAAQ,EAAE,eAAe;SAC1B,CAAC;QAGF,MAAM,OAAO,GAAG;YACd,qBAAY;YACZ,yBAAc,CAAC,QAAQ,CAAC;gBACtB,eAAe,EAAE,KAAK;gBACtB,OAAO,EAAE,KAAK;aACf,CAAC;YACF,eAAS,CAAC,QAAQ,CAAC;gBACjB,MAAM,EAAE,eAAe,CAAC,SAAS;gBACjC,WAAW,EAAE;oBACX,MAAM,EAAE,eAAe,CAAC,SAAS;oBACjC,QAAQ,EAAE,eAAe,CAAC,WAAW;iBACtC;aACF,CAAC;SACH,CAAC;QAGF,MAAM,WAAW,GAAG,eAAe,CAAC,kBAAkB,CAAC;QACvD,MAAM,cAAc,GAAG,WAAW,EAAE,IAAI,KAAK,SAAS,CAAC;QACvD,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC;YAC3C,IAAI,CAAC;gBAGH,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;gBACrD,MAAM,EACJ,iBAAiB,EACjB,uBAAuB,EACvB,kBAAkB,EAClB,sBAAsB,GAEvB,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAAC;gBAEzC,OAAO,CAAC,IAAI,CACV,aAAa,CAAC,OAAO,CAAC;oBACpB,GAAG,cAAc;oBAEjB,IAAI,EAAE,yCAA6B;oBACnC,QAAQ,EAAE;wBACR,iBAAiB;wBACjB,uBAAuB;wBACvB,kBAAkB;wBAClB,sBAAsB;qBACvB;iBACF,CAAC,EACF,aAAa,CAAC,UAAU,CACtB;oBACE,iBAAiB;oBACjB,uBAAuB;oBACvB,kBAAkB;oBAClB,sBAAsB;iBACvB,EACD,yCAA6B,CAC9B,CACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;YACJ,CAAC;QACH,CAAC;QAGD,MAAM,eAAe,GAAG,eAAe,YAAY,EAAE,CAAC;QACtD,MAAM,kBAAkB,GAAG,IAAI,CAAC,mBAAmB,CACjD,eAAe,CAAC,kBAAkB,EAClC,eAAe,CAChB,CAAC;QAGF,MAAM,uBAAuB,GAAG;YAC9B,OAAO,EAAE,kCAAW;YACpB,WAAW,EAAE,eAAe;SAC7B,CAAC;QAEF,MAAM,SAAS,GAAU;YACvB;gBACE,OAAO,EAAE,iBAAiB;gBAC1B,QAAQ,EAAE,YAAY;aACvB;YACD,kBAAkB;YAClB,kBAAkB;YAClB,uBAAuB;YAEvB;gBACE,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,uBAAuB;aACrC;YACD;gBACE,OAAO,EAAE,aAAa;gBACtB,WAAW,EAAE,eAAe;aAC7B;YAED,6CAAoB;YACpB,8BAAa;YACb,mCAAe;YACf,gCAAe;SAChB,CAAC;QAKF,MAAM,oBAAoB,GAAG,IAAA,+CAAwB,EACnD,eAAe,CAAC,SAAS,EACzB;YACE,2CAA2C,EACzC,eAAe,CAAC,gBAAgB;iBAC7B,oCAAoC,IAAI,KAAK;YAClD,yCAAyC,EACvC,eAAe,CAAC,gBAAgB,CAAC,kCAAkC;gBACnE,KAAK;SACR,EACD,YAAY,CACb,CAAC;QAEF,OAAO;YACL,MAAM,EAAE,eAAa;YACrB,OAAO;YACP,WAAW,EAAE,CAAC,oBAAoB,CAAC;YACnC,SAAS;YACT,OAAO,EAAE;gBACP,iBAAiB;gBACjB,sBAAsB;gBACtB,aAAa;gBACb,mCAAe;gBACf,8BAAa;gBACb,6CAAoB;gBACpB,gCAAe;gBACf,kCAAW;aACZ;SACF,CAAC;IACJ,CAAC;IAEO,MAAM,CAAC,uBAAuB,CACpC,QAA6B,EAC7B,OAA8B;QAG9B,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QAGtC,MAAM,eAAe,GAAuB;YAC1C,GAAG,QAAQ;YACX,GAAG,OAAO;YAEV,SAAS,EACP,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,IAAI,uBAAe,CAAC,SAAS;YACrE,YAAY,EACV,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAE/D,yBAAyB,EAAE;gBACzB,GAAG,QAAQ,CAAC,yBAAyB;gBACrC,GAAG,OAAO,CAAC,yBAAyB;aACrC;YAED,2BAA2B,EAAE;gBAC3B,GAAG,QAAQ,CAAC,2BAA2B;gBACvC,GAAG,OAAO,CAAC,2BAA2B;aACvC;YAED,gBAAgB,EAAE;gBAChB,GAAG,QAAQ,CAAC,gBAAgB;gBAC5B,GAAG,CAAC,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC;aACpC;SACF,CAAC;QAEF,IAAI,CAAC,eAAe,CAAC,mBAAmB,EAAE,CAAC;YACzC,eAAe,CAAC,2BAA2B,CAAC,mBAAmB;gBAC7D,eAAe,CAAC,2BAA2B,CAAC,mBAAmB,CAAC,MAAM,CACpE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,eAAe,CAC7B,CAAC;YACJ,eAAe,CAAC,yBAAyB,CAAC,eAAe;gBACvD,eAAe,CAAC,yBAAyB,CAAC,eAAe,CAAC,MAAM,CAC9D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,gBAAgB,CAC9B,CAAC;QACN,CAAC;QAGD,IAAI,CAAC,uBAAuB,CAAC,eAAe,CAAC,CAAC;QAE9C,OAAO,eAAe,CAAC;IACzB,CAAC;IAEO,MAAM,CAAC,uBAAuB,CAAC,OAA8B;QACnE,MAAM,cAAc,GAAoC;YACtD,UAAU;YACV,UAAU;YACV,cAAc;YACd,WAAW;SACZ,CAAC;QAEF,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,uBAAuB,MAAM,CAAC,KAAK,CAAC,+CAA+C,CACpF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,uBAAuB,CAAC,OAA2B;QAEhE,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;QACJ,CAAC;QAGD,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC3B,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;QACJ,CAAC;QAGD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,mBAAmB,CAChC,kBAA4D,EAC5D,YAAoB;QAEpB,IAAI,CAAC,kBAAkB,IAAI,kBAAkB,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAEhE,OAAO;gBACL,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,IAAI,kCAAW,EAAE;aAC5B,CAAC;QACJ,CAAC;QAED,IAAI,kBAAkB,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAE1C,MAAM,EACJ,YAAY,GAEb,GAAG,OAAO,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO;gBACL,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,YAAY;aACvB,CAAC;QACJ,CAAC;QAED,IAAI,kBAAkB,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAEzC,OAAO;gBACL,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,kBAAkB,CAAC,KAAK;aACnC,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,KAAK,CACb,qCAAsC,kBAA0B,CAAC,IAAI,EAAE,CACxE,CAAC;IACJ,CAAC;CACF,CAAA;AAnSY,sCAAa;wBAAb,aAAa;IADzB,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,aAAa,CAmSzB;AAED,SAAS,gBAAgB,CACvB,SAAiB,EACjB,gBAA4C,EAC5C,mBAA+C;IAE/C,MAAM,uBAAuB,GAAG;QAC9B,oCAAoC,EAClC,gBAAgB,CAAC,oCAAoC;QACvD,kCAAkC,EAChC,gBAAgB,CAAC,kCAAkC;QACrD,QAAQ,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,QAAQ,EAAE,CAAC;QACzE,KAAK,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,KAAK,EAAE,CAAC;QACnE,MAAM,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,SAAS,EAAE,CAAC;QAC3E,QAAQ,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,QAAQ,EAAE,CAAC;KAC5C,CAAC;IAEhC,OAAO;QACL,GAAG,uBAAuB;QAC1B,GAAG,mBAAmB;KACvB,CAAC;AACJ,CAAC","sourcesContent":["import { DynamicModule, Module } from '@nestjs/common';\nimport { ConfigModule } from '@nestjs/config';\nimport { JwtModule } from '@nestjs/jwt';\nimport { PassportModule } from '@nestjs/passport';\nimport { McpAuthJwtGuard } from './guards/jwt-auth.guard';\nimport { createMcpOAuthController } from './mcp-oauth.controller';\nimport type {\n OAuthUserModuleOptions as AuthUserModuleOptions,\n OAuthEndpointConfiguration,\n OAuthModuleDefaults,\n OAuthModuleOptions,\n} from './providers/oauth-provider.interface';\nimport { ClientService } from './services/client.service';\nimport { JwtTokenService } from './services/jwt-token.service';\nimport { OAuthStrategyService } from './services/oauth-strategy.service';\nimport { MemoryStore } from './stores/memory-store.service';\nimport { normalizeEndpoint } from '../mcp/utils/normalize-endpoint';\nimport { OAUTH_TYPEORM_CONNECTION_NAME } from './stores/typeorm/constants';\n\nlet authInstanceIdCounter = 0;\n\n// Default configuration values\nexport const DEFAULT_OPTIONS: OAuthModuleDefaults = {\n serverUrl: 'http://localhost:3000',\n resource: 'http://localhost:3000/mcp',\n jwtIssuer: 'http://localhost:3000',\n jwtAudience: 'mcp-client',\n jwtAccessTokenExpiresIn: '1d',\n jwtRefreshTokenExpiresIn: '30d',\n enableRefreshTokens: true,\n cookieMaxAge: 24 * 60 * 60 * 1000, // 24 hours\n oauthSessionExpiresIn: 10 * 60 * 1000, // 10 minutes\n authCodeExpiresIn: 10 * 60 * 1000, // 10 minutes\n nodeEnv: 'development',\n apiPrefix: '',\n endpoints: {\n wellKnownAuthorizationServerMetadata:\n '/.well-known/oauth-authorization-server',\n wellKnownProtectedResourceMetadata: '/.well-known/oauth-protected-resource',\n register: '/register',\n authorize: '/authorize',\n callback: '/callback',\n token: '/token',\n revoke: '/revoke',\n },\n disableEndpoints: {\n wellKnownAuthorizationServerMetadata: false,\n wellKnownProtectedResourceMetadata: false,\n },\n protectedResourceMetadata: {\n scopesSupported: ['offline_access'],\n bearerMethodsSupported: ['header'],\n mcpVersionsSupported: ['2025-06-18'],\n },\n authorizationServerMetadata: {\n responseTypesSupported: ['code'],\n responseModesSupported: ['query'],\n grantTypesSupported: ['authorization_code', 'refresh_token'],\n tokenEndpointAuthMethodsSupported: [\n 'client_secret_basic',\n 'client_secret_post',\n 'none',\n ],\n scopesSupported: ['offline_access'],\n codeChallengeMethodsSupported: ['plain', 'S256'],\n },\n};\n\n@Module({})\nexport class McpAuthModule {\n /**\n * To avoid import circular dependency issues, we use a marker property.\n */\n readonly __isMcpAuthModule = true;\n\n static forRoot(options: AuthUserModuleOptions): DynamicModule {\n // Create a unique instance ID for this auth module\n const authModuleId = `mcp-auth-module-${authInstanceIdCounter++}`;\n\n // Merge user options with defaults and validate\n const resolvedOptions = this.mergeAndValidateOptions(\n DEFAULT_OPTIONS,\n options,\n );\n\n resolvedOptions.endpoints = prepareEndpoints(\n resolvedOptions.apiPrefix,\n DEFAULT_OPTIONS.endpoints,\n options.endpoints || {},\n );\n\n // Use instance-scoped token for OAuth options\n const oauthModuleOptionsToken = `OAUTH_MODULE_OPTIONS_${authModuleId}`;\n const oauthModuleOptions = {\n provide: oauthModuleOptionsToken,\n useValue: resolvedOptions,\n };\n\n // Determine imports based on configuration\n const imports = [\n ConfigModule,\n PassportModule.register({\n defaultStrategy: 'jwt',\n session: false,\n }),\n JwtModule.register({\n secret: resolvedOptions.jwtSecret,\n signOptions: {\n issuer: resolvedOptions.jwtIssuer,\n audience: resolvedOptions.jwtAudience,\n },\n }),\n ];\n\n // Add TypeORM configuration if using TypeORM store\n const storeConfig = resolvedOptions.storeConfiguration;\n const isTypeOrmStore = storeConfig?.type === 'typeorm';\n if (isTypeOrmStore) {\n const typeormOptions = storeConfig.options;\n try {\n // Require TypeORM-related modules only when needed\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n const { TypeOrmModule } = require('@nestjs/typeorm');\n const {\n OAuthClientEntity,\n AuthorizationCodeEntity,\n OAuthSessionEntity,\n OAuthUserProfileEntity,\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n } = require('./stores/typeorm/entities');\n\n imports.push(\n TypeOrmModule.forRoot({\n ...typeormOptions,\n // Use a unique connection name for the OAuth store to avoid clashes\n name: OAUTH_TYPEORM_CONNECTION_NAME,\n entities: [\n OAuthClientEntity,\n AuthorizationCodeEntity,\n OAuthSessionEntity,\n OAuthUserProfileEntity,\n ],\n }),\n TypeOrmModule.forFeature(\n [\n OAuthClientEntity,\n AuthorizationCodeEntity,\n OAuthSessionEntity,\n OAuthUserProfileEntity,\n ],\n OAUTH_TYPEORM_CONNECTION_NAME,\n ),\n );\n } catch (err) {\n throw new Error(\n \"To use the TypeORM store, please install '@nestjs/typeorm' and 'typeorm'.\",\n );\n }\n }\n\n // Create store provider based on configuration with instance-scoped token\n const oauthStoreToken = `IOAuthStore_${authModuleId}`;\n const oauthStoreProvider = this.createStoreProvider(\n resolvedOptions.storeConfiguration,\n oauthStoreToken,\n );\n\n // Create alias for compatibility with injection\n const oauthStoreAliasProvider = {\n provide: MemoryStore,\n useExisting: oauthStoreToken,\n };\n\n const providers: any[] = [\n {\n provide: 'OAUTH_MODULE_ID',\n useValue: authModuleId,\n },\n oauthModuleOptions,\n oauthStoreProvider,\n oauthStoreAliasProvider,\n // Provide backward-compatible tokens as aliases\n {\n provide: 'OAUTH_MODULE_OPTIONS',\n useExisting: oauthModuleOptionsToken,\n },\n {\n provide: 'IOAuthStore',\n useExisting: oauthStoreToken,\n },\n // Provide services using their class tokens\n OAuthStrategyService,\n ClientService,\n JwtTokenService,\n McpAuthJwtGuard,\n ];\n\n // No additional providers needed for TypeORM store - provider is created dynamically\n\n // Create controller with apiPrefix, passing the instance-scoped tokens\n const OAuthControllerClass = createMcpOAuthController(\n resolvedOptions.endpoints,\n {\n disableWellKnownAuthorizationServerMetadata:\n resolvedOptions.disableEndpoints\n .wellKnownAuthorizationServerMetadata ?? false,\n disableWellKnownProtectedResourceMetadata:\n resolvedOptions.disableEndpoints.wellKnownProtectedResourceMetadata ??\n false,\n },\n authModuleId,\n );\n\n return {\n module: McpAuthModule,\n imports,\n controllers: [OAuthControllerClass],\n providers,\n exports: [\n 'OAUTH_MODULE_ID',\n 'OAUTH_MODULE_OPTIONS',\n 'IOAuthStore',\n JwtTokenService,\n ClientService,\n OAuthStrategyService,\n McpAuthJwtGuard,\n MemoryStore,\n ],\n };\n }\n\n private static mergeAndValidateOptions(\n defaults: OAuthModuleDefaults,\n options: AuthUserModuleOptions,\n ): OAuthModuleOptions {\n // Validate required options first\n this.validateRequiredOptions(options);\n\n // Merge with defaults\n const resolvedOptions: OAuthModuleOptions = {\n ...defaults,\n ...options,\n // Ensure jwtIssuer defaults to serverUrl if not provided\n jwtIssuer:\n options.jwtIssuer || options.serverUrl || DEFAULT_OPTIONS.jwtIssuer,\n cookieSecure:\n options.cookieSecure || process.env.NODE_ENV === 'production',\n // Merge protectedResourceMetadata with defaults\n protectedResourceMetadata: {\n ...defaults.protectedResourceMetadata,\n ...options.protectedResourceMetadata,\n },\n // Merge authorizationServerMetadata with defaults\n authorizationServerMetadata: {\n ...defaults.authorizationServerMetadata,\n ...options.authorizationServerMetadata,\n },\n // Merge disableEndpoints with defaults\n disableEndpoints: {\n ...defaults.disableEndpoints,\n ...(options.disableEndpoints || {}),\n },\n };\n\n if (!resolvedOptions.enableRefreshTokens) {\n resolvedOptions.authorizationServerMetadata.grantTypesSupported =\n resolvedOptions.authorizationServerMetadata.grantTypesSupported.filter(\n (g) => g !== 'refresh_token',\n );\n resolvedOptions.protectedResourceMetadata.scopesSupported =\n resolvedOptions.protectedResourceMetadata.scopesSupported.filter(\n (s) => s !== 'offline_access',\n );\n }\n\n // Final validation of resolved options\n this.validateResolvedOptions(resolvedOptions);\n\n return resolvedOptions;\n }\n\n private static validateRequiredOptions(options: AuthUserModuleOptions): void {\n const requiredFields: (keyof AuthUserModuleOptions)[] = [\n 'provider',\n 'clientId',\n 'clientSecret',\n 'jwtSecret',\n ];\n\n for (const field of requiredFields) {\n if (!options[field]) {\n throw new Error(\n `OAuthModuleOptions: ${String(field)} is required and must be provided by the user`,\n );\n }\n }\n }\n\n private static validateResolvedOptions(options: OAuthModuleOptions): void {\n // Validate JWT secret is strong enough\n if (options.jwtSecret.length < 32) {\n throw new Error(\n 'OAuthModuleOptions: jwtSecret must be at least 32 characters long',\n );\n }\n\n // Validate URLs are proper format\n try {\n new URL(options.serverUrl);\n new URL(options.jwtIssuer);\n } catch {\n throw new Error(\n 'OAuthModuleOptions: serverUrl and jwtIssuer must be valid URLs',\n );\n }\n\n // Validate provider configuration\n if (!options.provider.name || !options.provider.strategy) {\n throw new Error(\n 'OAuthModuleOptions: provider must have name and strategy',\n );\n }\n }\n\n private static createStoreProvider(\n storeConfiguration: OAuthModuleOptions['storeConfiguration'],\n provideToken: string,\n ) {\n if (!storeConfiguration || storeConfiguration.type === 'memory') {\n // Default memory store\n return {\n provide: provideToken,\n useValue: new MemoryStore(),\n };\n }\n\n if (storeConfiguration.type === 'typeorm') {\n // TypeORM store\n const {\n TypeOrmStore,\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n } = require('./stores/typeorm/typeorm-store.service');\n return {\n provide: provideToken,\n useClass: TypeOrmStore,\n };\n }\n\n if (storeConfiguration.type === 'custom') {\n // Custom store\n return {\n provide: provideToken,\n useValue: storeConfiguration.store,\n };\n }\n\n throw new Error(\n `Unknown store configuration type: ${(storeConfiguration as any).type}`,\n );\n }\n}\n\nfunction prepareEndpoints(\n apiPrefix: string,\n defaultEndpoints: OAuthEndpointConfiguration,\n configuredEndpoints: OAuthEndpointConfiguration,\n) {\n const updatedDefaultEndpoints = {\n wellKnownAuthorizationServerMetadata:\n defaultEndpoints.wellKnownAuthorizationServerMetadata,\n wellKnownProtectedResourceMetadata:\n defaultEndpoints.wellKnownProtectedResourceMetadata,\n callback: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.callback}`),\n token: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.token}`),\n revoke: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.revoke}`),\n authorize: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.authorize}`),\n register: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.register}`),\n } as OAuthEndpointConfiguration;\n\n return {\n ...updatedDefaultEndpoints,\n ...configuredEndpoints,\n };\n}\n"]}
@@ -1,3 +0,0 @@
1
- import { OAuthProviderConfig } from './oauth-provider.interface';
2
- export declare const AzureADOAuthProvider: OAuthProviderConfig;
3
- //# sourceMappingURL=azure-ad.provider.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"azure-ad.provider.d.ts","sourceRoot":"","sources":["../../../src/authz/providers/azure-ad.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,eAAO,MAAM,oBAAoB,EAAE,mBAmClC,CAAC"}
@@ -1,37 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.AzureADOAuthProvider = void 0;
4
- const passport_azure_ad_oauth2_1 = require("passport-azure-ad-oauth2");
5
- const normalize_endpoint_1 = require("../../mcp/utils/normalize-endpoint");
6
- exports.AzureADOAuthProvider = {
7
- name: 'azure-ad',
8
- displayName: 'Microsoft Azure AD',
9
- strategy: passport_azure_ad_oauth2_1.Strategy,
10
- strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({
11
- clientID: clientId,
12
- clientSecret: clientSecret,
13
- callbackURL: (0, normalize_endpoint_1.normalizeEndpoint)(`${serverUrl}/${callbackPath}`),
14
- tenant: 'common',
15
- resource: 'https://graph.microsoft.com/',
16
- }),
17
- scope: ['openid', 'profile', 'email', 'User.Read'],
18
- profileMapper: (profile) => {
19
- const azureProfile = profile._json || profile;
20
- return {
21
- id: azureProfile.id || azureProfile.oid || profile.id,
22
- username: azureProfile.preferred_username ||
23
- azureProfile.userPrincipalName ||
24
- azureProfile.mail ||
25
- azureProfile.email ||
26
- profile.username,
27
- email: azureProfile.mail ||
28
- azureProfile.userPrincipalName ||
29
- azureProfile.email ||
30
- profile.emails?.[0]?.value,
31
- displayName: azureProfile.displayName || azureProfile.name || profile.displayName,
32
- avatarUrl: azureProfile.photo || profile.photos?.[0]?.value,
33
- raw: profile,
34
- };
35
- },
36
- };
37
- //# sourceMappingURL=azure-ad.provider.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"azure-ad.provider.js","sourceRoot":"","sources":["../../../src/authz/providers/azure-ad.provider.ts"],"names":[],"mappings":";;;AAAA,uEAAoD;AACpD,2EAAuE;AAG1D,QAAA,oBAAoB,GAAwB;IACvD,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,oBAAoB;IACjC,QAAQ,EAAE,mCAAQ;IAClB,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC;QACzE,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,IAAA,sCAAiB,EAAC,GAAG,SAAS,IAAI,YAAY,EAAE,CAAC;QAC9D,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,8BAA8B;KACzC,CAAC;IACF,KAAK,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,CAAC;IAClD,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QAEzB,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC;QAE9C,OAAO;YACL,EAAE,EAAE,YAAY,CAAC,EAAE,IAAI,YAAY,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE;YACrD,QAAQ,EACN,YAAY,CAAC,kBAAkB;gBAC/B,YAAY,CAAC,iBAAiB;gBAC9B,YAAY,CAAC,IAAI;gBACjB,YAAY,CAAC,KAAK;gBAClB,OAAO,CAAC,QAAQ;YAClB,KAAK,EACH,YAAY,CAAC,IAAI;gBACjB,YAAY,CAAC,iBAAiB;gBAC9B,YAAY,CAAC,KAAK;gBAClB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;YAC5B,WAAW,EACT,YAAY,CAAC,WAAW,IAAI,YAAY,CAAC,IAAI,IAAI,OAAO,CAAC,WAAW;YACtE,SAAS,EAAE,YAAY,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;YAC3D,GAAG,EAAE,OAAO;SACb,CAAC;IACJ,CAAC;CACF,CAAC","sourcesContent":["import { Strategy } from 'passport-azure-ad-oauth2';\nimport { normalizeEndpoint } from '../../mcp/utils/normalize-endpoint';\nimport { OAuthProviderConfig } from './oauth-provider.interface';\n\nexport const AzureADOAuthProvider: OAuthProviderConfig = {\n name: 'azure-ad',\n displayName: 'Microsoft Azure AD',\n strategy: Strategy,\n strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({\n clientID: clientId,\n clientSecret: clientSecret,\n callbackURL: normalizeEndpoint(`${serverUrl}/${callbackPath}`),\n tenant: 'common', // Can be overridden via custom configuration\n resource: 'https://graph.microsoft.com/', // Microsoft Graph API\n }),\n scope: ['openid', 'profile', 'email', 'User.Read'],\n profileMapper: (profile) => {\n // Azure AD profile structure from Microsoft Graph\n const azureProfile = profile._json || profile;\n\n return {\n id: azureProfile.id || azureProfile.oid || profile.id,\n username:\n azureProfile.preferred_username ||\n azureProfile.userPrincipalName ||\n azureProfile.mail ||\n azureProfile.email ||\n profile.username,\n email:\n azureProfile.mail ||\n azureProfile.userPrincipalName ||\n azureProfile.email ||\n profile.emails?.[0]?.value,\n displayName:\n azureProfile.displayName || azureProfile.name || profile.displayName,\n avatarUrl: azureProfile.photo || profile.photos?.[0]?.value,\n raw: profile,\n };\n },\n};\n"]}
@@ -1,3 +0,0 @@
1
- import { OAuthProviderConfig } from './oauth-provider.interface';
2
- export declare const GitHubOAuthProvider: OAuthProviderConfig;
3
- //# sourceMappingURL=github.provider.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"github.provider.d.ts","sourceRoot":"","sources":["../../../src/authz/providers/github.provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAGjE,eAAO,MAAM,mBAAmB,EAAE,mBAiBjC,CAAC"}
@@ -1,24 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.GitHubOAuthProvider = void 0;
4
- const normalize_endpoint_1 = require("../../mcp/utils/normalize-endpoint");
5
- const passport_github_1 = require("passport-github");
6
- exports.GitHubOAuthProvider = {
7
- name: 'github',
8
- strategy: passport_github_1.Strategy,
9
- strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({
10
- clientID: clientId,
11
- clientSecret: clientSecret,
12
- callbackURL: (0, normalize_endpoint_1.normalizeEndpoint)(`${serverUrl}/${callbackPath}`),
13
- }),
14
- scope: ['user:email'],
15
- profileMapper: (profile) => ({
16
- id: profile.id,
17
- username: profile.username || profile.login,
18
- email: profile.emails?.[0]?.value,
19
- displayName: profile.displayName || profile.name,
20
- avatarUrl: profile.photos?.[0]?.value || profile.avatar_url,
21
- raw: profile,
22
- }),
23
- };
24
- //# sourceMappingURL=github.provider.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"github.provider.js","sourceRoot":"","sources":["../../../src/authz/providers/github.provider.ts"],"names":[],"mappings":";;;AAAA,2EAAuE;AAEvE,qDAA2C;AAE9B,QAAA,mBAAmB,GAAwB;IACtD,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,0BAAQ;IAClB,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC;QACzE,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,IAAA,sCAAiB,EAAC,GAAG,SAAS,IAAI,YAAY,EAAE,CAAC;KAC/D,CAAC;IACF,KAAK,EAAE,CAAC,YAAY,CAAC;IACrB,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC3B,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,KAAK;QAC3C,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;QACjC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI;QAChD,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,OAAO,CAAC,UAAU;QAC3D,GAAG,EAAE,OAAO;KACb,CAAC;CACH,CAAC","sourcesContent":["import { normalizeEndpoint } from '../../mcp/utils/normalize-endpoint';\nimport { OAuthProviderConfig } from './oauth-provider.interface';\nimport { Strategy } from 'passport-github';\n\nexport const GitHubOAuthProvider: OAuthProviderConfig = {\n name: 'github',\n strategy: Strategy,\n strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({\n clientID: clientId,\n clientSecret: clientSecret,\n callbackURL: normalizeEndpoint(`${serverUrl}/${callbackPath}`),\n }),\n scope: ['user:email'],\n profileMapper: (profile) => ({\n id: profile.id,\n username: profile.username || profile.login,\n email: profile.emails?.[0]?.value,\n displayName: profile.displayName || profile.name,\n avatarUrl: profile.photos?.[0]?.value || profile.avatar_url,\n raw: profile,\n }),\n};\n"]}
@@ -1,3 +0,0 @@
1
- import { OAuthProviderConfig } from './oauth-provider.interface';
2
- export declare const GoogleOAuthProvider: OAuthProviderConfig;
3
- //# sourceMappingURL=google.provider.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"google.provider.d.ts","sourceRoot":"","sources":["../../../src/authz/providers/google.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,eAAO,MAAM,mBAAmB,EAAE,mBAkBjC,CAAC"}
@@ -1,25 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.GoogleOAuthProvider = void 0;
4
- const passport_google_oauth20_1 = require("passport-google-oauth20");
5
- const normalize_endpoint_1 = require("../../mcp/utils/normalize-endpoint");
6
- exports.GoogleOAuthProvider = {
7
- name: 'google',
8
- strategy: passport_google_oauth20_1.Strategy,
9
- strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({
10
- clientID: clientId,
11
- clientSecret: clientSecret,
12
- callbackURL: (0, normalize_endpoint_1.normalizeEndpoint)(`${serverUrl}/${callbackPath}`),
13
- scope: ['profile', 'email'],
14
- }),
15
- scope: ['profile', 'email'],
16
- profileMapper: (profile) => ({
17
- id: profile.id,
18
- username: profile.emails?.[0]?.value?.split('@')[0] || profile.id,
19
- email: profile.emails?.[0]?.value,
20
- displayName: profile.displayName,
21
- avatarUrl: profile.photos?.[0]?.value,
22
- raw: profile,
23
- }),
24
- };
25
- //# sourceMappingURL=google.provider.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"google.provider.js","sourceRoot":"","sources":["../../../src/authz/providers/google.provider.ts"],"names":[],"mappings":";;;AAAA,qEAAmD;AACnD,2EAAuE;AAG1D,QAAA,mBAAmB,GAAwB;IACtD,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,kCAAQ;IAClB,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC;QACzE,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,IAAA,sCAAiB,EAAC,GAAG,SAAS,IAAI,YAAY,EAAE,CAAC;QAC9D,KAAK,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF,KAAK,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC3B,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,EAAE;QACjE,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;QACjC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;QACrC,GAAG,EAAE,OAAO;KACb,CAAC;CACH,CAAC","sourcesContent":["import { Strategy } from 'passport-google-oauth20';\nimport { normalizeEndpoint } from '../../mcp/utils/normalize-endpoint';\nimport { OAuthProviderConfig } from './oauth-provider.interface';\n\nexport const GoogleOAuthProvider: OAuthProviderConfig = {\n name: 'google',\n strategy: Strategy,\n strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({\n clientID: clientId,\n clientSecret: clientSecret,\n callbackURL: normalizeEndpoint(`${serverUrl}/${callbackPath}`),\n scope: ['profile', 'email'],\n }),\n scope: ['profile', 'email'],\n profileMapper: (profile) => ({\n id: profile.id,\n username: profile.emails?.[0]?.value?.split('@')[0] || profile.id,\n email: profile.emails?.[0]?.value,\n displayName: profile.displayName,\n avatarUrl: profile.photos?.[0]?.value,\n raw: profile,\n }),\n};\n"]}
@@ -1,107 +0,0 @@
1
- import type { IOAuthStore } from '../stores/oauth-store.interface';
2
- import type { OAuthSession, OAuthUserProfile } from '../interfaces/oauth-common.interface';
3
- export type { OAuthSession, OAuthUserProfile };
4
- type TypeOrmModuleOptions = Record<string, unknown>;
5
- export interface OAuthProviderConfig {
6
- name: string;
7
- displayName?: string;
8
- strategy: any;
9
- strategyOptions: (options: {
10
- serverUrl: string;
11
- clientId: string;
12
- clientSecret: string;
13
- callbackPath?: string;
14
- }) => any;
15
- scope?: string[];
16
- profileMapper: (profile: any) => OAuthUserProfile;
17
- }
18
- export type StoreConfiguration = {
19
- type: 'typeorm';
20
- options: TypeOrmModuleOptions;
21
- } | {
22
- type: 'custom';
23
- store: IOAuthStore;
24
- } | {
25
- type: 'memory';
26
- } | undefined;
27
- export interface OAuthEndpointConfiguration {
28
- wellKnownAuthorizationServerMetadata?: string;
29
- wellKnownProtectedResourceMetadata?: string | string[];
30
- register?: string;
31
- authorize?: string;
32
- callback?: string;
33
- token?: string;
34
- revoke?: string;
35
- }
36
- export interface OAuthEndpointDisableOptions {
37
- wellKnownAuthorizationServerMetadata?: boolean;
38
- wellKnownProtectedResourceMetadata?: boolean;
39
- }
40
- export interface OAuthUserModuleOptions {
41
- provider: OAuthProviderConfig;
42
- clientId: string;
43
- clientSecret: string;
44
- jwtSecret: string;
45
- serverUrl?: string;
46
- resource?: string;
47
- jwtIssuer?: string;
48
- jwtAudience?: string;
49
- jwtAccessTokenExpiresIn?: string;
50
- jwtRefreshTokenExpiresIn?: string;
51
- enableRefreshTokens?: boolean;
52
- cookieSecure?: boolean;
53
- cookieMaxAge?: number;
54
- oauthSessionExpiresIn?: number;
55
- authCodeExpiresIn?: number;
56
- protectedResourceMetadata?: {
57
- scopesSupported?: string[];
58
- bearerMethodsSupported?: string[];
59
- mcpVersionsSupported?: string[];
60
- };
61
- authorizationServerMetadata?: {
62
- responseTypesSupported?: string[];
63
- responseModesSupported?: string[];
64
- grantTypesSupported?: string[];
65
- tokenEndpointAuthMethodsSupported?: string[];
66
- scopesSupported?: string[];
67
- codeChallengeMethodsSupported?: string[];
68
- };
69
- storeConfiguration?: StoreConfiguration;
70
- apiPrefix?: string;
71
- endpoints?: OAuthEndpointConfiguration;
72
- disableEndpoints?: OAuthEndpointDisableOptions;
73
- }
74
- export interface OAuthModuleDefaults {
75
- serverUrl: string;
76
- resource: string;
77
- jwtIssuer: string;
78
- jwtAudience: string;
79
- jwtAccessTokenExpiresIn: string;
80
- jwtRefreshTokenExpiresIn: string;
81
- enableRefreshTokens: boolean;
82
- cookieMaxAge: number;
83
- oauthSessionExpiresIn: number;
84
- authCodeExpiresIn: number;
85
- nodeEnv: string;
86
- apiPrefix: string;
87
- endpoints: OAuthEndpointConfiguration;
88
- disableEndpoints: OAuthEndpointDisableOptions;
89
- protectedResourceMetadata: {
90
- scopesSupported: string[];
91
- bearerMethodsSupported: string[];
92
- mcpVersionsSupported: string[];
93
- };
94
- authorizationServerMetadata: {
95
- responseTypesSupported: string[];
96
- responseModesSupported: string[];
97
- grantTypesSupported: string[];
98
- tokenEndpointAuthMethodsSupported: string[];
99
- scopesSupported: string[];
100
- codeChallengeMethodsSupported: string[];
101
- };
102
- }
103
- export type OAuthModuleOptions = Required<Pick<OAuthUserModuleOptions, 'provider' | 'clientId' | 'clientSecret' | 'jwtSecret'>> & Required<OAuthModuleDefaults> & {
104
- cookieSecure: boolean;
105
- storeConfiguration?: StoreConfiguration;
106
- };
107
- //# sourceMappingURL=oauth-provider.interface.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-provider.interface.d.ts","sourceRoot":"","sources":["../../../src/authz/providers/oauth-provider.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EACjB,MAAM,sCAAsC,CAAC;AAG9C,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,CAAC;AAM/C,KAAK,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEpD,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,GAAG,CAAC;IACd,eAAe,EAAE,CAAC,OAAO,EAAE;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,KAAK,GAAG,CAAC;IACV,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,aAAa,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,gBAAgB,CAAC;CACnD;AAGD,MAAM,MAAM,kBAAkB,GAC1B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,oBAAoB,CAAA;CAAE,GAClD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,KAAK,EAAE,WAAW,CAAA;CAAE,GACtC;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,GAClB,SAAS,CAAC;AAEd,MAAM,WAAW,0BAA0B;IACzC,oCAAoC,CAAC,EAAE,MAAM,CAAC;IAC9C,kCAAkC,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,2BAA2B;IAC1C,oCAAoC,CAAC,EAAE,OAAO,CAAC;IAC/C,kCAAkC,CAAC,EAAE,OAAO,CAAC;CAC9C;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,mBAAmB,CAAC;IAG9B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IAGrB,SAAS,EAAE,MAAM,CAAC;IAGlB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAG9B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IAGtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAG3B,yBAAyB,CAAC,EAAE;QAC1B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;QAClC,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC;IAGF,2BAA2B,CAAC,EAAE;QAC5B,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;QAClC,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;QAClC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC/B,iCAAiC,CAAC,EAAE,MAAM,EAAE,CAAC;QAC7C,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,6BAA6B,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1C,CAAC;IAGF,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IAGnB,SAAS,CAAC,EAAE,0BAA0B,CAAC;IACvC,gBAAgB,CAAC,EAAE,2BAA2B,CAAC;CAChD;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB,EAAE,MAAM,CAAC;IAChC,wBAAwB,EAAE,MAAM,CAAC;IACjC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,0BAA0B,CAAC;IACtC,gBAAgB,EAAE,2BAA2B,CAAC;IAC9C,yBAAyB,EAAE;QACzB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,sBAAsB,EAAE,MAAM,EAAE,CAAC;QACjC,oBAAoB,EAAE,MAAM,EAAE,CAAC;KAChC,CAAC;IACF,2BAA2B,EAAE;QAC3B,sBAAsB,EAAE,MAAM,EAAE,CAAC;QACjC,sBAAsB,EAAE,MAAM,EAAE,CAAC;QACjC,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,iCAAiC,EAAE,MAAM,EAAE,CAAC;QAC5C,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,6BAA6B,EAAE,MAAM,EAAE,CAAC;KACzC,CAAC;CACH;AAGD,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CACvC,IAAI,CACF,sBAAsB,EACtB,UAAU,GAAG,UAAU,GAAG,cAAc,GAAG,WAAW,CACvD,CACF,GACC,QAAQ,CAAC,mBAAmB,CAAC,GAAG;IAE9B,YAAY,EAAE,OAAO,CAAC;IACtB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;CACzC,CAAC"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-provider.interface.js","sourceRoot":"","sources":["../../../src/authz/providers/oauth-provider.interface.ts"],"names":[],"mappings":"","sourcesContent":["import type { IOAuthStore } from '../stores/oauth-store.interface';\nimport type {\n OAuthSession,\n OAuthUserProfile,\n} from '../interfaces/oauth-common.interface';\n\n// Re-export common interfaces\nexport type { OAuthSession, OAuthUserProfile };\n\n// Define a minimal placeholder for TypeORM options so the type remains\n// available without requiring the optional `@nestjs/typeorm` package.\n// Consumers who use the TypeORM store should install the package to get\n// the full type definitions.\ntype TypeOrmModuleOptions = Record<string, unknown>;\n\nexport interface OAuthProviderConfig {\n name: string;\n displayName?: string;\n strategy: any; // Passport Strategy constructor\n strategyOptions: (options: {\n serverUrl: string;\n clientId: string;\n clientSecret: string;\n callbackPath?: string; // Optional custom callback path\n }) => any;\n scope?: string[];\n profileMapper: (profile: any) => OAuthUserProfile;\n}\n\n// Store configuration union type\nexport type StoreConfiguration =\n | { type: 'typeorm'; options: TypeOrmModuleOptions }\n | { type: 'custom'; store: IOAuthStore }\n | { type: 'memory' }\n | undefined; // Default to memory store\n\nexport interface OAuthEndpointConfiguration {\n wellKnownAuthorizationServerMetadata?: string; // Default: '/.well-known/oauth-authorization-server'\n wellKnownProtectedResourceMetadata?: string | string[]; // Default: '/.well-known/oauth-protected-resource'\n register?: string; // Default: '/register'\n authorize?: string; // Default: '/authorize'\n callback?: string; // Default: '/callback'\n token?: string; // Default: '/token'\n revoke?: string; // Default: '/revoke'\n}\n\nexport interface OAuthEndpointDisableOptions {\n wellKnownAuthorizationServerMetadata?: boolean;\n wellKnownProtectedResourceMetadata?: boolean;\n}\n\nexport interface OAuthUserModuleOptions {\n provider: OAuthProviderConfig;\n\n // Required OAuth Provider Credentials\n clientId: string;\n clientSecret: string;\n\n // Required JWT Configuration\n jwtSecret: string;\n\n // Server Configuration\n serverUrl?: string;\n resource?: string; // should be the endpoint clients connect to, e.g.: 'https://localhost:3000/mcp'\n // JWT Configuration\n jwtIssuer?: string;\n jwtAudience?: string;\n jwtAccessTokenExpiresIn?: string;\n jwtRefreshTokenExpiresIn?: string;\n enableRefreshTokens?: boolean;\n\n // Cookie Configuration\n cookieSecure?: boolean;\n cookieMaxAge?: number;\n\n // OAuth Session Configuration\n oauthSessionExpiresIn?: number; // in milliseconds\n authCodeExpiresIn?: number; // in milliseconds\n\n // Protected Resource Metadata Configuration\n protectedResourceMetadata?: {\n scopesSupported?: string[];\n bearerMethodsSupported?: string[];\n mcpVersionsSupported?: string[];\n };\n\n // Authorization Server Metadata Configuration\n authorizationServerMetadata?: {\n responseTypesSupported?: string[];\n responseModesSupported?: string[];\n grantTypesSupported?: string[];\n tokenEndpointAuthMethodsSupported?: string[];\n scopesSupported?: string[];\n codeChallengeMethodsSupported?: string[];\n };\n\n // Storage Configuration - single property for all storage options\n storeConfiguration?: StoreConfiguration;\n apiPrefix?: string;\n\n // Endpoint Configuration\n endpoints?: OAuthEndpointConfiguration;\n disableEndpoints?: OAuthEndpointDisableOptions;\n}\n\nexport interface OAuthModuleDefaults {\n serverUrl: string;\n resource: string; // Default resource URL\n jwtIssuer: string;\n jwtAudience: string;\n jwtAccessTokenExpiresIn: string;\n jwtRefreshTokenExpiresIn: string;\n enableRefreshTokens: boolean;\n cookieMaxAge: number;\n oauthSessionExpiresIn: number;\n authCodeExpiresIn: number;\n nodeEnv: string;\n apiPrefix: string;\n endpoints: OAuthEndpointConfiguration;\n disableEndpoints: OAuthEndpointDisableOptions;\n protectedResourceMetadata: {\n scopesSupported: string[];\n bearerMethodsSupported: string[];\n mcpVersionsSupported: string[];\n };\n authorizationServerMetadata: {\n responseTypesSupported: string[];\n responseModesSupported: string[];\n grantTypesSupported: string[];\n tokenEndpointAuthMethodsSupported: string[];\n scopesSupported: string[];\n codeChallengeMethodsSupported: string[];\n };\n}\n\n// Resolved options after merging with defaults\nexport type OAuthModuleOptions = Required<\n Pick<\n OAuthUserModuleOptions,\n 'provider' | 'clientId' | 'clientSecret' | 'jwtSecret'\n >\n> &\n Required<OAuthModuleDefaults> & {\n // Optional fields that may remain undefined\n cookieSecure: boolean;\n storeConfiguration?: StoreConfiguration;\n };\n"]}
@@ -1,12 +0,0 @@
1
- import type { ClientRegistrationDto, IOAuthStore, OAuthClient } from '../stores/oauth-store.interface';
2
- import type { OAuthModuleOptions } from '../providers/oauth-provider.interface';
3
- export declare class ClientService {
4
- private readonly store;
5
- private readonly options;
6
- constructor(store: IOAuthStore, options: OAuthModuleOptions);
7
- registerClient(registrationDto: ClientRegistrationDto): Promise<OAuthClient>;
8
- protected preRegistrationChecks(_dto: ClientRegistrationDto): Promise<void>;
9
- getClient(clientId: string): Promise<OAuthClient | null>;
10
- validateRedirectUri(clientId: string, redirectUri: string): Promise<boolean>;
11
- }
12
- //# sourceMappingURL=client.service.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"client.service.d.ts","sourceRoot":"","sources":["../../../src/authz/services/client.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,qBAAqB,EACrB,WAAW,EACX,WAAW,EACZ,MAAM,iCAAiC,CAAC;AAEzC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAEhF,qBACa,aAAa;IAEC,OAAO,CAAC,QAAQ,CAAC,KAAK;IAE7C,OAAO,CAAC,QAAQ,CAAC,OAAO;gBAFgB,KAAK,EAAE,WAAW,EAEzC,OAAO,EAAE,kBAAkB;IAUxC,cAAc,CAClB,eAAe,EAAE,qBAAqB,GACrC,OAAO,CAAC,WAAW,CAAC;cAuEP,qBAAqB,CACnC,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,IAAI,CAAC;IAIV,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAcxD,mBAAmB,CACvB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC;CAIpB"}