@rekog/mcp-nest 1.9.10 → 2.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (364) hide show
  1. package/README.md +76 -29
  2. package/dist/index.d.ts +0 -1
  3. package/dist/index.d.ts.map +1 -1
  4. package/dist/index.js +0 -1
  5. package/dist/index.js.map +1 -1
  6. package/dist/mcp/decorators/constants.d.ts +1 -0
  7. package/dist/mcp/decorators/constants.d.ts.map +1 -1
  8. package/dist/mcp/decorators/constants.js +2 -1
  9. package/dist/mcp/decorators/constants.js.map +1 -1
  10. package/dist/mcp/decorators/index.d.ts +3 -1
  11. package/dist/mcp/decorators/index.d.ts.map +1 -1
  12. package/dist/mcp/decorators/index.js +3 -1
  13. package/dist/mcp/decorators/index.js.map +1 -1
  14. package/dist/mcp/decorators/mcp-controller.decorator.d.ts +6 -0
  15. package/dist/mcp/decorators/mcp-controller.decorator.d.ts.map +1 -0
  16. package/dist/mcp/decorators/mcp-controller.decorator.js +43 -0
  17. package/dist/mcp/decorators/mcp-controller.decorator.js.map +1 -0
  18. package/dist/mcp/decorators/mcp-message-pattern.d.ts +3 -0
  19. package/dist/mcp/decorators/mcp-message-pattern.d.ts.map +1 -0
  20. package/dist/mcp/decorators/mcp-message-pattern.js +13 -0
  21. package/dist/mcp/decorators/mcp-message-pattern.js.map +1 -0
  22. package/dist/mcp/decorators/prompt.decorator.d.ts +1 -1
  23. package/dist/mcp/decorators/prompt.decorator.d.ts.map +1 -1
  24. package/dist/mcp/decorators/prompt.decorator.js +2 -1
  25. package/dist/mcp/decorators/prompt.decorator.js.map +1 -1
  26. package/dist/mcp/decorators/public.decorator.js.map +1 -1
  27. package/dist/mcp/decorators/raw-request.decorator.d.ts +2 -0
  28. package/dist/mcp/decorators/raw-request.decorator.d.ts.map +1 -0
  29. package/dist/mcp/decorators/raw-request.decorator.js +6 -0
  30. package/dist/mcp/decorators/raw-request.decorator.js.map +1 -0
  31. package/dist/mcp/decorators/resource-template.decorator.d.ts +1 -1
  32. package/dist/mcp/decorators/resource-template.decorator.d.ts.map +1 -1
  33. package/dist/mcp/decorators/resource-template.decorator.js +2 -1
  34. package/dist/mcp/decorators/resource-template.decorator.js.map +1 -1
  35. package/dist/mcp/decorators/resource.decorator.d.ts +1 -1
  36. package/dist/mcp/decorators/resource.decorator.d.ts.map +1 -1
  37. package/dist/mcp/decorators/resource.decorator.js +2 -1
  38. package/dist/mcp/decorators/resource.decorator.js.map +1 -1
  39. package/dist/mcp/decorators/tool.decorator.d.ts +1 -3
  40. package/dist/mcp/decorators/tool.decorator.d.ts.map +1 -1
  41. package/dist/mcp/decorators/tool.decorator.js +2 -1
  42. package/dist/mcp/decorators/tool.decorator.js.map +1 -1
  43. package/dist/mcp/filters/mcp-exception.filter.d.ts +6 -0
  44. package/dist/mcp/filters/mcp-exception.filter.d.ts.map +1 -0
  45. package/dist/mcp/filters/mcp-exception.filter.js +26 -0
  46. package/dist/mcp/filters/mcp-exception.filter.js.map +1 -0
  47. package/dist/mcp/index.d.ts +11 -7
  48. package/dist/mcp/index.d.ts.map +1 -1
  49. package/dist/mcp/index.js +11 -7
  50. package/dist/mcp/index.js.map +1 -1
  51. package/dist/mcp/interfaces/authenticated-user.interface.d.ts +9 -0
  52. package/dist/mcp/interfaces/authenticated-user.interface.d.ts.map +1 -0
  53. package/dist/{authz/interfaces/request-with-user.js → mcp/interfaces/authenticated-user.interface.js} +1 -1
  54. package/dist/mcp/interfaces/authenticated-user.interface.js.map +1 -0
  55. package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts +1 -1
  56. package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts.map +1 -1
  57. package/dist/mcp/interfaces/dynamic-prompt.interface.js.map +1 -1
  58. package/dist/mcp/interfaces/dynamic-resource.interface.d.ts +1 -1
  59. package/dist/mcp/interfaces/dynamic-resource.interface.d.ts.map +1 -1
  60. package/dist/mcp/interfaces/dynamic-resource.interface.js.map +1 -1
  61. package/dist/mcp/interfaces/dynamic-tool.interface.d.ts +1 -1
  62. package/dist/mcp/interfaces/dynamic-tool.interface.d.ts.map +1 -1
  63. package/dist/mcp/interfaces/dynamic-tool.interface.js.map +1 -1
  64. package/dist/mcp/interfaces/index.d.ts +2 -2
  65. package/dist/mcp/interfaces/index.d.ts.map +1 -1
  66. package/dist/mcp/interfaces/index.js +0 -3
  67. package/dist/mcp/interfaces/index.js.map +1 -1
  68. package/dist/mcp/services/tool-authorization.service.d.ts +7 -5
  69. package/dist/mcp/services/tool-authorization.service.d.ts.map +1 -1
  70. package/dist/mcp/services/tool-authorization.service.js +9 -6
  71. package/dist/mcp/services/tool-authorization.service.js.map +1 -1
  72. package/dist/mcp/transport/mcp-context.d.ts +34 -0
  73. package/dist/mcp/transport/mcp-context.d.ts.map +1 -0
  74. package/dist/mcp/transport/mcp-context.js +74 -0
  75. package/dist/mcp/transport/mcp-context.js.map +1 -0
  76. package/dist/mcp/transport/mcp-http-handler.d.ts +7 -0
  77. package/dist/mcp/transport/mcp-http-handler.d.ts.map +1 -0
  78. package/dist/mcp/transport/mcp-http-handler.js +5 -0
  79. package/dist/mcp/transport/mcp-http-handler.js.map +1 -0
  80. package/dist/mcp/transport/mcp-server-options.interface.d.ts +23 -0
  81. package/dist/mcp/transport/mcp-server-options.interface.d.ts.map +1 -0
  82. package/dist/{authz/providers/oauth-provider.interface.js → mcp/transport/mcp-server-options.interface.js} +1 -1
  83. package/dist/mcp/transport/mcp-server-options.interface.js.map +1 -0
  84. package/dist/mcp/transport/mcp-transport.constants.d.ts +19 -0
  85. package/dist/mcp/transport/mcp-transport.constants.d.ts.map +1 -0
  86. package/dist/mcp/transport/mcp-transport.constants.js +21 -0
  87. package/dist/mcp/transport/mcp-transport.constants.js.map +1 -0
  88. package/dist/mcp/transport/mcp-transport.interface.d.ts +17 -0
  89. package/dist/mcp/transport/mcp-transport.interface.d.ts.map +1 -0
  90. package/dist/{authz/interfaces/oauth-common.interface.js → mcp/transport/mcp-transport.interface.js} +1 -1
  91. package/dist/mcp/transport/mcp-transport.interface.js.map +1 -0
  92. package/dist/mcp/transport/mcp.strategy.d.ts +56 -0
  93. package/dist/mcp/transport/mcp.strategy.d.ts.map +1 -0
  94. package/dist/mcp/transport/mcp.strategy.js +446 -0
  95. package/dist/mcp/transport/mcp.strategy.js.map +1 -0
  96. package/dist/mcp/transport/resource-matcher.d.ts +13 -0
  97. package/dist/mcp/transport/resource-matcher.d.ts.map +1 -0
  98. package/dist/mcp/transport/resource-matcher.js +83 -0
  99. package/dist/mcp/transport/resource-matcher.js.map +1 -0
  100. package/dist/mcp/transport/streamable-http.controller.d.ts +16 -0
  101. package/dist/mcp/transport/streamable-http.controller.d.ts.map +1 -0
  102. package/dist/mcp/transport/streamable-http.controller.js +98 -0
  103. package/dist/mcp/transport/streamable-http.controller.js.map +1 -0
  104. package/dist/mcp/transport/transports/index.d.ts +3 -0
  105. package/dist/mcp/transport/transports/index.d.ts.map +1 -0
  106. package/dist/{authz → mcp/transport/transports}/index.js +2 -10
  107. package/dist/mcp/transport/transports/index.js.map +1 -0
  108. package/dist/mcp/transport/transports/read-body.d.ts +3 -0
  109. package/dist/mcp/transport/transports/read-body.d.ts.map +1 -0
  110. package/dist/mcp/transport/transports/read-body.js +32 -0
  111. package/dist/mcp/transport/transports/read-body.js.map +1 -0
  112. package/dist/mcp/transport/transports/stdio.transport.d.ts +9 -0
  113. package/dist/mcp/transport/transports/stdio.transport.d.ts.map +1 -0
  114. package/dist/mcp/transport/transports/stdio.transport.js +27 -0
  115. package/dist/mcp/transport/transports/stdio.transport.js.map +1 -0
  116. package/dist/mcp/transport/transports/streamable-http.transport.d.ts +33 -0
  117. package/dist/mcp/transport/transports/streamable-http.transport.d.ts.map +1 -0
  118. package/dist/mcp/transport/transports/streamable-http.transport.js +216 -0
  119. package/dist/mcp/transport/transports/streamable-http.transport.js.map +1 -0
  120. package/dist/mcp/utils/mcp-logger.factory.d.ts +6 -2
  121. package/dist/mcp/utils/mcp-logger.factory.d.ts.map +1 -1
  122. package/dist/mcp/utils/mcp-logger.factory.js.map +1 -1
  123. package/package.json +3 -66
  124. package/src/index.ts +0 -1
  125. package/src/mcp/decorators/constants.ts +1 -0
  126. package/src/mcp/decorators/index.ts +3 -1
  127. package/src/mcp/decorators/mcp-controller.decorator.ts +126 -0
  128. package/src/mcp/decorators/mcp-message-pattern.ts +38 -0
  129. package/src/mcp/decorators/prompt.decorator.ts +6 -2
  130. package/src/mcp/decorators/public.decorator.ts +3 -3
  131. package/src/mcp/decorators/raw-request.decorator.ts +32 -0
  132. package/src/mcp/decorators/resource-template.decorator.ts +6 -2
  133. package/src/mcp/decorators/resource.decorator.ts +6 -2
  134. package/src/mcp/decorators/tool.decorator.ts +6 -3
  135. package/src/mcp/filters/mcp-exception.filter.ts +47 -0
  136. package/src/mcp/index.ts +13 -7
  137. package/src/mcp/interfaces/authenticated-user.interface.ts +22 -0
  138. package/src/mcp/interfaces/dynamic-prompt.interface.ts +1 -1
  139. package/src/mcp/interfaces/dynamic-resource.interface.ts +1 -1
  140. package/src/mcp/interfaces/dynamic-tool.interface.ts +2 -2
  141. package/src/mcp/interfaces/index.ts +3 -7
  142. package/src/mcp/services/tool-authorization.service.ts +52 -72
  143. package/src/mcp/transport/mcp-context.ts +138 -0
  144. package/src/mcp/transport/mcp-http-handler.ts +32 -0
  145. package/src/mcp/transport/mcp-server-options.interface.ts +75 -0
  146. package/src/mcp/transport/mcp-transport.constants.ts +99 -0
  147. package/src/mcp/transport/mcp-transport.interface.ts +50 -0
  148. package/src/mcp/transport/mcp.strategy.ts +752 -0
  149. package/src/mcp/transport/resource-matcher.ts +107 -0
  150. package/src/mcp/transport/streamable-http.controller.ts +114 -0
  151. package/src/mcp/transport/transports/index.ts +2 -0
  152. package/src/mcp/transport/transports/read-body.ts +39 -0
  153. package/src/mcp/transport/transports/stdio.transport.ts +35 -0
  154. package/src/mcp/transport/transports/streamable-http.transport.ts +384 -0
  155. package/src/mcp/utils/mcp-logger.factory.spec.ts +8 -22
  156. package/src/mcp/utils/mcp-logger.factory.ts +13 -2
  157. package/dist/authz/guards/jwt-auth.guard.d.ts +0 -19
  158. package/dist/authz/guards/jwt-auth.guard.d.ts.map +0 -1
  159. package/dist/authz/guards/jwt-auth.guard.js +0 -108
  160. package/dist/authz/guards/jwt-auth.guard.js.map +0 -1
  161. package/dist/authz/index.d.ts +0 -11
  162. package/dist/authz/index.d.ts.map +0 -1
  163. package/dist/authz/index.js.map +0 -1
  164. package/dist/authz/interfaces/oauth-common.interface.d.ts +0 -21
  165. package/dist/authz/interfaces/oauth-common.interface.d.ts.map +0 -1
  166. package/dist/authz/interfaces/oauth-common.interface.js.map +0 -1
  167. package/dist/authz/interfaces/request-with-user.d.ts +0 -13
  168. package/dist/authz/interfaces/request-with-user.d.ts.map +0 -1
  169. package/dist/authz/interfaces/request-with-user.js.map +0 -1
  170. package/dist/authz/mcp-oauth.controller.d.ts +0 -81
  171. package/dist/authz/mcp-oauth.controller.d.ts.map +0 -1
  172. package/dist/authz/mcp-oauth.controller.js +0 -540
  173. package/dist/authz/mcp-oauth.controller.js.map +0 -1
  174. package/dist/authz/mcp-oauth.module.d.ts +0 -12
  175. package/dist/authz/mcp-oauth.module.d.ts.map +0 -1
  176. package/dist/authz/mcp-oauth.module.js +0 -271
  177. package/dist/authz/mcp-oauth.module.js.map +0 -1
  178. package/dist/authz/providers/azure-ad.provider.d.ts +0 -3
  179. package/dist/authz/providers/azure-ad.provider.d.ts.map +0 -1
  180. package/dist/authz/providers/azure-ad.provider.js +0 -37
  181. package/dist/authz/providers/azure-ad.provider.js.map +0 -1
  182. package/dist/authz/providers/github.provider.d.ts +0 -3
  183. package/dist/authz/providers/github.provider.d.ts.map +0 -1
  184. package/dist/authz/providers/github.provider.js +0 -24
  185. package/dist/authz/providers/github.provider.js.map +0 -1
  186. package/dist/authz/providers/google.provider.d.ts +0 -3
  187. package/dist/authz/providers/google.provider.d.ts.map +0 -1
  188. package/dist/authz/providers/google.provider.js +0 -25
  189. package/dist/authz/providers/google.provider.js.map +0 -1
  190. package/dist/authz/providers/oauth-provider.interface.d.ts +0 -107
  191. package/dist/authz/providers/oauth-provider.interface.d.ts.map +0 -1
  192. package/dist/authz/providers/oauth-provider.interface.js.map +0 -1
  193. package/dist/authz/services/client.service.d.ts +0 -12
  194. package/dist/authz/services/client.service.d.ts.map +0 -1
  195. package/dist/authz/services/client.service.js +0 -81
  196. package/dist/authz/services/client.service.js.map +0 -1
  197. package/dist/authz/services/jwt-token.service.d.ts +0 -37
  198. package/dist/authz/services/jwt-token.service.d.ts.map +0 -1
  199. package/dist/authz/services/jwt-token.service.js +0 -182
  200. package/dist/authz/services/jwt-token.service.js.map +0 -1
  201. package/dist/authz/services/oauth-strategy.service.d.ts +0 -13
  202. package/dist/authz/services/oauth-strategy.service.d.ts.map +0 -1
  203. package/dist/authz/services/oauth-strategy.service.js +0 -71
  204. package/dist/authz/services/oauth-strategy.service.js.map +0 -1
  205. package/dist/authz/stores/memory-store.service.d.ts +0 -27
  206. package/dist/authz/stores/memory-store.service.d.ts.map +0 -1
  207. package/dist/authz/stores/memory-store.service.js +0 -107
  208. package/dist/authz/stores/memory-store.service.js.map +0 -1
  209. package/dist/authz/stores/oauth-store.interface.d.ts +0 -61
  210. package/dist/authz/stores/oauth-store.interface.d.ts.map +0 -1
  211. package/dist/authz/stores/oauth-store.interface.js +0 -5
  212. package/dist/authz/stores/oauth-store.interface.js.map +0 -1
  213. package/dist/authz/stores/typeorm/constants.d.ts +0 -3
  214. package/dist/authz/stores/typeorm/constants.d.ts.map +0 -1
  215. package/dist/authz/stores/typeorm/constants.js +0 -6
  216. package/dist/authz/stores/typeorm/constants.js.map +0 -1
  217. package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts +0 -15
  218. package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts.map +0 -1
  219. package/dist/authz/stores/typeorm/entities/authorization-code.entity.js +0 -69
  220. package/dist/authz/stores/typeorm/entities/authorization-code.entity.js.map +0 -1
  221. package/dist/authz/stores/typeorm/entities/index.d.ts +0 -5
  222. package/dist/authz/stores/typeorm/entities/index.d.ts.map +0 -1
  223. package/dist/authz/stores/typeorm/entities/index.js +0 -12
  224. package/dist/authz/stores/typeorm/entities/index.js.map +0 -1
  225. package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts +0 -17
  226. package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts.map +0 -1
  227. package/dist/authz/stores/typeorm/entities/oauth-client.entity.js +0 -77
  228. package/dist/authz/stores/typeorm/entities/oauth-client.entity.js.map +0 -1
  229. package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts +0 -14
  230. package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts.map +0 -1
  231. package/dist/authz/stores/typeorm/entities/oauth-session.entity.js +0 -65
  232. package/dist/authz/stores/typeorm/entities/oauth-session.entity.js.map +0 -1
  233. package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts +0 -13
  234. package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts.map +0 -1
  235. package/dist/authz/stores/typeorm/entities/user-profile.entity.js +0 -62
  236. package/dist/authz/stores/typeorm/entities/user-profile.entity.js.map +0 -1
  237. package/dist/authz/stores/typeorm/typeorm-store.service.d.ts +0 -28
  238. package/dist/authz/stores/typeorm/typeorm-store.service.d.ts.map +0 -1
  239. package/dist/authz/stores/typeorm/typeorm-store.service.js +0 -138
  240. package/dist/authz/stores/typeorm/typeorm-store.service.js.map +0 -1
  241. package/dist/mcp/constants/feature-registration.constants.d.ts +0 -7
  242. package/dist/mcp/constants/feature-registration.constants.d.ts.map +0 -1
  243. package/dist/mcp/constants/feature-registration.constants.js +0 -5
  244. package/dist/mcp/constants/feature-registration.constants.js.map +0 -1
  245. package/dist/mcp/decorators/tool-guards.decorator.d.ts +0 -12
  246. package/dist/mcp/decorators/tool-guards.decorator.d.ts.map +0 -1
  247. package/dist/mcp/decorators/tool-guards.decorator.js +0 -13
  248. package/dist/mcp/decorators/tool-guards.decorator.js.map +0 -1
  249. package/dist/mcp/interfaces/mcp-options.interface.d.ts +0 -53
  250. package/dist/mcp/interfaces/mcp-options.interface.d.ts.map +0 -1
  251. package/dist/mcp/interfaces/mcp-options.interface.js +0 -10
  252. package/dist/mcp/interfaces/mcp-options.interface.js.map +0 -1
  253. package/dist/mcp/mcp.module.d.ts +0 -15
  254. package/dist/mcp/mcp.module.d.ts.map +0 -1
  255. package/dist/mcp/mcp.module.js +0 -248
  256. package/dist/mcp/mcp.module.js.map +0 -1
  257. package/dist/mcp/services/handlers/mcp-handler.base.d.ts +0 -117
  258. package/dist/mcp/services/handlers/mcp-handler.base.d.ts.map +0 -1
  259. package/dist/mcp/services/handlers/mcp-handler.base.js +0 -125
  260. package/dist/mcp/services/handlers/mcp-handler.base.js.map +0 -1
  261. package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts +0 -12
  262. package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts.map +0 -1
  263. package/dist/mcp/services/handlers/mcp-prompts.handler.js +0 -98
  264. package/dist/mcp/services/handlers/mcp-prompts.handler.js.map +0 -1
  265. package/dist/mcp/services/handlers/mcp-resources.handler.d.ts +0 -13
  266. package/dist/mcp/services/handlers/mcp-resources.handler.d.ts.map +0 -1
  267. package/dist/mcp/services/handlers/mcp-resources.handler.js +0 -117
  268. package/dist/mcp/services/handlers/mcp-resources.handler.js.map +0 -1
  269. package/dist/mcp/services/handlers/mcp-tools.handler.d.ts +0 -22
  270. package/dist/mcp/services/handlers/mcp-tools.handler.d.ts.map +0 -1
  271. package/dist/mcp/services/handlers/mcp-tools.handler.js +0 -258
  272. package/dist/mcp/services/handlers/mcp-tools.handler.js.map +0 -1
  273. package/dist/mcp/services/mcp-dynamic-registry.service.d.ts +0 -26
  274. package/dist/mcp/services/mcp-dynamic-registry.service.d.ts.map +0 -1
  275. package/dist/mcp/services/mcp-dynamic-registry.service.js +0 -133
  276. package/dist/mcp/services/mcp-dynamic-registry.service.js.map +0 -1
  277. package/dist/mcp/services/mcp-executor.service.d.ts +0 -15
  278. package/dist/mcp/services/mcp-executor.service.d.ts.map +0 -1
  279. package/dist/mcp/services/mcp-executor.service.js +0 -47
  280. package/dist/mcp/services/mcp-executor.service.js.map +0 -1
  281. package/dist/mcp/services/mcp-registry-discovery.service.d.ts +0 -63
  282. package/dist/mcp/services/mcp-registry-discovery.service.d.ts.map +0 -1
  283. package/dist/mcp/services/mcp-registry-discovery.service.js +0 -397
  284. package/dist/mcp/services/mcp-registry-discovery.service.js.map +0 -1
  285. package/dist/mcp/services/mcp-sse.service.d.ts +0 -20
  286. package/dist/mcp/services/mcp-sse.service.d.ts.map +0 -1
  287. package/dist/mcp/services/mcp-sse.service.js +0 -91
  288. package/dist/mcp/services/mcp-sse.service.js.map +0 -1
  289. package/dist/mcp/services/mcp-streamable-http.service.d.ts +0 -32
  290. package/dist/mcp/services/mcp-streamable-http.service.d.ts.map +0 -1
  291. package/dist/mcp/services/mcp-streamable-http.service.js +0 -327
  292. package/dist/mcp/services/mcp-streamable-http.service.js.map +0 -1
  293. package/dist/mcp/services/sse-ping.service.d.ts +0 -23
  294. package/dist/mcp/services/sse-ping.service.d.ts.map +0 -1
  295. package/dist/mcp/services/sse-ping.service.js +0 -99
  296. package/dist/mcp/services/sse-ping.service.js.map +0 -1
  297. package/dist/mcp/transport/sse.controller.factory.d.ts +0 -14
  298. package/dist/mcp/transport/sse.controller.factory.d.ts.map +0 -1
  299. package/dist/mcp/transport/sse.controller.factory.js +0 -67
  300. package/dist/mcp/transport/sse.controller.factory.js.map +0 -1
  301. package/dist/mcp/transport/stdio.service.d.ts +0 -14
  302. package/dist/mcp/transport/stdio.service.d.ts.map +0 -1
  303. package/dist/mcp/transport/stdio.service.js +0 -66
  304. package/dist/mcp/transport/stdio.service.js.map +0 -1
  305. package/dist/mcp/transport/streamable-http.controller.factory.d.ts +0 -14
  306. package/dist/mcp/transport/streamable-http.controller.factory.d.ts.map +0 -1
  307. package/dist/mcp/transport/streamable-http.controller.factory.js +0 -74
  308. package/dist/mcp/transport/streamable-http.controller.factory.js.map +0 -1
  309. package/dist/mcp/utils/capabilities-builder.d.ts +0 -5
  310. package/dist/mcp/utils/capabilities-builder.d.ts.map +0 -1
  311. package/dist/mcp/utils/capabilities-builder.js +0 -25
  312. package/dist/mcp/utils/capabilities-builder.js.map +0 -1
  313. package/dist/mcp/utils/mcp-server.factory.d.ts +0 -6
  314. package/dist/mcp/utils/mcp-server.factory.d.ts.map +0 -1
  315. package/dist/mcp/utils/mcp-server.factory.js +0 -22
  316. package/dist/mcp/utils/mcp-server.factory.js.map +0 -1
  317. package/src/authz/guards/jwt-auth.guard.ts +0 -127
  318. package/src/authz/index.ts +0 -10
  319. package/src/authz/interfaces/oauth-common.interface.ts +0 -21
  320. package/src/authz/interfaces/request-with-user.ts +0 -16
  321. package/src/authz/mcp-oauth.controller.ts +0 -860
  322. package/src/authz/mcp-oauth.module.ts +0 -384
  323. package/src/authz/providers/azure-ad.provider.ts +0 -40
  324. package/src/authz/providers/github.provider.ts +0 -22
  325. package/src/authz/providers/google.provider.ts +0 -23
  326. package/src/authz/providers/oauth-provider.interface.ts +0 -147
  327. package/src/authz/services/client.service.ts +0 -125
  328. package/src/authz/services/jwt-token.service.spec.ts +0 -67
  329. package/src/authz/services/jwt-token.service.ts +0 -188
  330. package/src/authz/services/oauth-strategy.service.ts +0 -64
  331. package/src/authz/stores/memory-store.service.spec.ts +0 -475
  332. package/src/authz/stores/memory-store.service.ts +0 -141
  333. package/src/authz/stores/oauth-store.interface.ts +0 -131
  334. package/src/authz/stores/typeorm/README.md +0 -140
  335. package/src/authz/stores/typeorm/constants.ts +0 -6
  336. package/src/authz/stores/typeorm/entities/authorization-code.entity.ts +0 -41
  337. package/src/authz/stores/typeorm/entities/index.ts +0 -4
  338. package/src/authz/stores/typeorm/entities/oauth-client.entity.ts +0 -53
  339. package/src/authz/stores/typeorm/entities/oauth-session.entity.ts +0 -38
  340. package/src/authz/stores/typeorm/entities/user-profile.entity.ts +0 -46
  341. package/src/authz/stores/typeorm/typeorm-store.service.spec.ts +0 -494
  342. package/src/authz/stores/typeorm/typeorm-store.service.ts +0 -165
  343. package/src/mcp/constants/feature-registration.constants.ts +0 -24
  344. package/src/mcp/decorators/tool-guards.decorator.ts +0 -82
  345. package/src/mcp/interfaces/mcp-options.interface.ts +0 -95
  346. package/src/mcp/mcp.module.ts +0 -349
  347. package/src/mcp/services/handlers/mcp-handler.base.ts +0 -203
  348. package/src/mcp/services/handlers/mcp-prompts.handler.ts +0 -143
  349. package/src/mcp/services/handlers/mcp-resources.handler.ts +0 -183
  350. package/src/mcp/services/handlers/mcp-tools.handler.spec.ts +0 -41
  351. package/src/mcp/services/handlers/mcp-tools.handler.ts +0 -436
  352. package/src/mcp/services/mcp-dynamic-registry.service.ts +0 -236
  353. package/src/mcp/services/mcp-executor.service.ts +0 -64
  354. package/src/mcp/services/mcp-registry-discovery.service.spec.ts +0 -306
  355. package/src/mcp/services/mcp-registry-discovery.service.ts +0 -849
  356. package/src/mcp/services/mcp-sse.service.ts +0 -124
  357. package/src/mcp/services/mcp-streamable-http.service.ts +0 -472
  358. package/src/mcp/services/sse-ping.service.ts +0 -144
  359. package/src/mcp/transport/custom-decorator.spec.ts +0 -75
  360. package/src/mcp/transport/sse.controller.factory.ts +0 -84
  361. package/src/mcp/transport/stdio.service.ts +0 -75
  362. package/src/mcp/transport/streamable-http.controller.factory.ts +0 -80
  363. package/src/mcp/utils/capabilities-builder.ts +0 -43
  364. package/src/mcp/utils/mcp-server.factory.ts +0 -33
@@ -1,81 +0,0 @@
1
- "use strict";
2
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
- return c > 3 && r && Object.defineProperty(target, key, r), r;
7
- };
8
- var __metadata = (this && this.__metadata) || function (k, v) {
9
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
- };
11
- var __param = (this && this.__param) || function (paramIndex, decorator) {
12
- return function (target, key) { decorator(target, key, paramIndex); }
13
- };
14
- Object.defineProperty(exports, "__esModule", { value: true });
15
- exports.ClientService = void 0;
16
- const common_1 = require("@nestjs/common");
17
- const crypto_1 = require("crypto");
18
- let ClientService = class ClientService {
19
- constructor(store, options) {
20
- this.store = store;
21
- this.options = options;
22
- }
23
- async registerClient(registrationDto) {
24
- if (!registrationDto.redirect_uris ||
25
- !Array.isArray(registrationDto.redirect_uris)) {
26
- throw new common_1.BadRequestException('redirect_uris is required and must be an array');
27
- }
28
- const supportedAuthMethods = [
29
- 'client_secret_basic',
30
- 'client_secret_post',
31
- 'none',
32
- ];
33
- if (registrationDto.token_endpoint_auth_method &&
34
- !supportedAuthMethods.includes(registrationDto.token_endpoint_auth_method)) {
35
- throw new common_1.BadRequestException(`Unsupported token_endpoint_auth_method. Supported methods: ${supportedAuthMethods.join(', ')}`);
36
- }
37
- const defaultClientValues = {
38
- grant_types: ['authorization_code', 'refresh_token'],
39
- response_types: ['code'],
40
- token_endpoint_auth_method: registrationDto.token_endpoint_auth_method || 'none',
41
- };
42
- await this.preRegistrationChecks(registrationDto);
43
- const now = new Date();
44
- const client_id = this.store.generateClientId(registrationDto);
45
- const authMethod = registrationDto.token_endpoint_auth_method || 'none';
46
- const client_secret = authMethod !== 'none' ? (0, crypto_1.randomBytes)(32).toString('hex') : undefined;
47
- const newClient = {
48
- ...defaultClientValues,
49
- ...registrationDto,
50
- client_id,
51
- client_secret,
52
- created_at: now,
53
- updated_at: now,
54
- };
55
- const client = await this.store.storeClient(newClient);
56
- const filteredClient = Object.fromEntries(Object.entries(client).filter(([, value]) => value !== null));
57
- return filteredClient;
58
- }
59
- async preRegistrationChecks(_dto) {
60
- }
61
- async getClient(clientId) {
62
- const client = await this.store.getClient(clientId);
63
- if (!client) {
64
- return null;
65
- }
66
- const filteredClient = Object.fromEntries(Object.entries(client).filter(([, value]) => value !== null));
67
- return filteredClient;
68
- }
69
- async validateRedirectUri(clientId, redirectUri) {
70
- const client = await this.getClient(clientId);
71
- return client ? client.redirect_uris.includes(redirectUri) : false;
72
- }
73
- };
74
- exports.ClientService = ClientService;
75
- exports.ClientService = ClientService = __decorate([
76
- (0, common_1.Injectable)(),
77
- __param(0, (0, common_1.Inject)('IOAuthStore')),
78
- __param(1, (0, common_1.Inject)('OAUTH_MODULE_OPTIONS')),
79
- __metadata("design:paramtypes", [Object, Object])
80
- ], ClientService);
81
- //# sourceMappingURL=client.service.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"client.service.js","sourceRoot":"","sources":["../../../src/authz/services/client.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAyE;AAMzE,mCAAqC;AAI9B,IAAM,aAAa,GAAnB,MAAM,aAAa;IACxB,YAC0C,KAAkB,EAEzC,OAA2B;QAFJ,UAAK,GAAL,KAAK,CAAa;QAEzC,YAAO,GAAP,OAAO,CAAoB;IAC3C,CAAC;IASJ,KAAK,CAAC,cAAc,CAClB,eAAsC;QAGtC,IACE,CAAC,eAAe,CAAC,aAAa;YAC9B,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,EAC7C,CAAC;YACD,MAAM,IAAI,4BAAmB,CAC3B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAGD,MAAM,oBAAoB,GAAG;YAC3B,qBAAqB;YACrB,oBAAoB;YACpB,MAAM;SACP,CAAC;QACF,IACE,eAAe,CAAC,0BAA0B;YAC1C,CAAC,oBAAoB,CAAC,QAAQ,CAAC,eAAe,CAAC,0BAA0B,CAAC,EAC1E,CAAC;YACD,MAAM,IAAI,4BAAmB,CAC3B,8DAA8D,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChG,CAAC;QACJ,CAAC;QAGD,MAAM,mBAAmB,GAAG;YAC1B,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,0BAA0B,EACxB,eAAe,CAAC,0BAA0B,IAAI,MAAM;SACvD,CAAC;QAGF,MAAM,IAAI,CAAC,qBAAqB,CAAC,eAAe,CAAC,CAAC;QAElD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAGvB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAC3C,eAA8B,CAC/B,CAAC;QAGF,MAAM,UAAU,GAAG,eAAe,CAAC,0BAA0B,IAAI,MAAM,CAAC;QACxE,MAAM,aAAa,GACjB,UAAU,KAAK,MAAM,CAAC,CAAC,CAAC,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEtE,MAAM,SAAS,GAAgB;YAC7B,GAAG,mBAAmB;YACtB,GAAG,eAAe;YAClB,SAAS;YACT,aAAa;YACb,UAAU,EAAE,GAAG;YACf,UAAU,EAAE,GAAG;SAChB,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACvD,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CACvC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAC9C,CAAC;QAEjB,OAAO,cAAc,CAAC;IACxB,CAAC;IAQS,KAAK,CAAC,qBAAqB,CACnC,IAA2B;IAG7B,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAGD,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CACvC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAC9C,CAAC;QAEjB,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,QAAgB,EAChB,WAAmB;QAEnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC9C,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACrE,CAAC;CACF,CAAA;AAlHY,sCAAa;wBAAb,aAAa;IADzB,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,aAAa,CAAC,CAAA;IACrB,WAAA,IAAA,eAAM,EAAC,sBAAsB,CAAC,CAAA;;GAHtB,aAAa,CAkHzB","sourcesContent":["import { BadRequestException, Injectable, Inject } from '@nestjs/common';\nimport type {\n ClientRegistrationDto,\n IOAuthStore,\n OAuthClient,\n} from '../stores/oauth-store.interface';\nimport { randomBytes } from 'crypto';\nimport type { OAuthModuleOptions } from '../providers/oauth-provider.interface';\n\n@Injectable()\nexport class ClientService {\n constructor(\n @Inject('IOAuthStore') private readonly store: IOAuthStore,\n @Inject('OAUTH_MODULE_OPTIONS')\n private readonly options: OAuthModuleOptions,\n ) {}\n\n /**\n * Register a client application.\n * Always creates a new client record. client_name is not treated as unique.\n *\n * Note: Left open for future enhancements (e.g., software statements,\n * URL-based Client ID Metadata Documents) via preRegistrationChecks().\n */\n async registerClient(\n registrationDto: ClientRegistrationDto,\n ): Promise<OAuthClient> {\n // Validate required fields\n if (\n !registrationDto.redirect_uris ||\n !Array.isArray(registrationDto.redirect_uris)\n ) {\n throw new BadRequestException(\n 'redirect_uris is required and must be an array',\n );\n }\n\n // Validate token_endpoint_auth_method if provided\n const supportedAuthMethods = [\n 'client_secret_basic',\n 'client_secret_post',\n 'none',\n ];\n if (\n registrationDto.token_endpoint_auth_method &&\n !supportedAuthMethods.includes(registrationDto.token_endpoint_auth_method)\n ) {\n throw new BadRequestException(\n `Unsupported token_endpoint_auth_method. Supported methods: ${supportedAuthMethods.join(', ')}`,\n );\n }\n\n // Default values for new clients\n const defaultClientValues = {\n grant_types: ['authorization_code', 'refresh_token'],\n response_types: ['code'],\n token_endpoint_auth_method:\n registrationDto.token_endpoint_auth_method || 'none',\n };\n\n // Future-proofing: hook for software statements / metadata URL validations\n await this.preRegistrationChecks(registrationDto);\n\n const now = new Date();\n\n // Create new client - merge defaults with registration data\n const client_id = this.store.generateClientId(\n registrationDto as OAuthClient,\n );\n\n // Only generate client_secret for methods that require it\n const authMethod = registrationDto.token_endpoint_auth_method || 'none';\n const client_secret =\n authMethod !== 'none' ? randomBytes(32).toString('hex') : undefined;\n\n const newClient: OAuthClient = {\n ...defaultClientValues,\n ...registrationDto,\n client_id,\n client_secret,\n created_at: now,\n updated_at: now,\n };\n const client = await this.store.storeClient(newClient);\n const filteredClient = Object.fromEntries(\n Object.entries(client).filter(([, value]) => value !== null),\n ) as OAuthClient;\n\n return filteredClient;\n }\n\n /**\n * Hook for future registration policies (e.g., software statements per RFC 7591/7592,\n * or URL-based Client Registration using Client ID Metadata Documents).\n * Currently a no-op to keep behavior: always create a new client.\n */\n\n protected async preRegistrationChecks(\n _dto: ClientRegistrationDto,\n ): Promise<void> {\n // Intentionally left blank. Implement validations/attestations in the future.\n }\n\n async getClient(clientId: string): Promise<OAuthClient | null> {\n const client = await this.store.getClient(clientId);\n if (!client) {\n return null;\n }\n\n // Remove null fields from the client object\n const filteredClient = Object.fromEntries(\n Object.entries(client).filter(([, value]) => value !== null),\n ) as OAuthClient;\n\n return filteredClient;\n }\n\n async validateRedirectUri(\n clientId: string,\n redirectUri: string,\n ): Promise<boolean> {\n const client = await this.getClient(clientId);\n return client ? client.redirect_uris.includes(redirectUri) : false;\n }\n}\n"]}
@@ -1,37 +0,0 @@
1
- import type { OAuthModuleOptions } from '../providers/oauth-provider.interface';
2
- export interface JwtPayload {
3
- sub: string;
4
- azp?: string;
5
- client_id?: string;
6
- scope?: string;
7
- resource?: string;
8
- type: 'access' | 'refresh' | 'user';
9
- user_data?: any;
10
- user_profile_id?: string;
11
- iat?: number;
12
- exp?: number;
13
- }
14
- export interface TokenPair {
15
- access_token: string;
16
- token_type: string;
17
- expires_in: number;
18
- refresh_token?: string;
19
- scope?: string;
20
- }
21
- export declare class JwtTokenService {
22
- private jwtSecret;
23
- private issuer;
24
- private accessTokenExpiresIn;
25
- private refreshTokenExpiresIn;
26
- private enableRefreshTokens;
27
- constructor(options: OAuthModuleOptions);
28
- generateTokenPair(userId: string, clientId: string, scope?: string, resource?: string, extras?: {
29
- user_profile_id?: string;
30
- user_data?: any;
31
- }): TokenPair;
32
- validateToken(token: string): JwtPayload | null;
33
- refreshAccessToken(refreshToken: string): TokenPair | null;
34
- generateUserToken(userId: string, userData: any): string;
35
- private parseDurationToSeconds;
36
- }
37
- //# sourceMappingURL=jwt-token.service.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"jwt-token.service.d.ts","sourceRoot":"","sources":["../../../src/authz/services/jwt-token.service.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAEhF,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,QAAQ,GAAG,SAAS,GAAG,MAAM,CAAC;IACpC,SAAS,CAAC,EAAE,GAAG,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,SAAS;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBACa,eAAe;IAC1B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,oBAAoB,CAAS;IACrC,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,mBAAmB,CAAU;gBAEO,OAAO,EAAE,kBAAkB;IAgBvE,iBAAiB,CACf,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,KAAK,SAAK,EACV,QAAQ,CAAC,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE;QAAE,eAAe,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,GAAG,CAAA;KAAE,GACrD,SAAS;IA2DZ,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAU/C,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI;IAuB1D,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM;IAmBxD,OAAO,CAAC,sBAAsB;CAoB/B"}
@@ -1,182 +0,0 @@
1
- "use strict";
2
- var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
- if (k2 === undefined) k2 = k;
4
- var desc = Object.getOwnPropertyDescriptor(m, k);
5
- if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
- desc = { enumerable: true, get: function() { return m[k]; } };
7
- }
8
- Object.defineProperty(o, k2, desc);
9
- }) : (function(o, m, k, k2) {
10
- if (k2 === undefined) k2 = k;
11
- o[k2] = m[k];
12
- }));
13
- var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
- Object.defineProperty(o, "default", { enumerable: true, value: v });
15
- }) : function(o, v) {
16
- o["default"] = v;
17
- });
18
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
19
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
20
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
21
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
22
- return c > 3 && r && Object.defineProperty(target, key, r), r;
23
- };
24
- var __importStar = (this && this.__importStar) || (function () {
25
- var ownKeys = function(o) {
26
- ownKeys = Object.getOwnPropertyNames || function (o) {
27
- var ar = [];
28
- for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
29
- return ar;
30
- };
31
- return ownKeys(o);
32
- };
33
- return function (mod) {
34
- if (mod && mod.__esModule) return mod;
35
- var result = {};
36
- if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
37
- __setModuleDefault(result, mod);
38
- return result;
39
- };
40
- })();
41
- var __metadata = (this && this.__metadata) || function (k, v) {
42
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
43
- };
44
- var __param = (this && this.__param) || function (paramIndex, decorator) {
45
- return function (target, key) { decorator(target, key, paramIndex); }
46
- };
47
- Object.defineProperty(exports, "__esModule", { value: true });
48
- exports.JwtTokenService = void 0;
49
- const common_1 = require("@nestjs/common");
50
- const crypto_1 = require("crypto");
51
- const jwt = __importStar(require("jsonwebtoken"));
52
- let JwtTokenService = class JwtTokenService {
53
- constructor(options) {
54
- const jwtSecret = options.jwtSecret;
55
- if (!jwtSecret) {
56
- throw new Error('JWT_SECRET must be set in environment variables.');
57
- }
58
- this.jwtSecret = jwtSecret;
59
- this.issuer =
60
- options.jwtIssuer || options.serverUrl || 'https://localhost:3000';
61
- this.accessTokenExpiresIn = options.jwtAccessTokenExpiresIn;
62
- this.refreshTokenExpiresIn = options.jwtRefreshTokenExpiresIn;
63
- this.enableRefreshTokens = options.enableRefreshTokens;
64
- }
65
- generateTokenPair(userId, clientId, scope = '', resource, extras) {
66
- if (!resource) {
67
- throw new Error('Resource is required for token generation');
68
- }
69
- const jti = (0, crypto_1.randomBytes)(16).toString('hex');
70
- const accessTokenPayload = {
71
- sub: userId,
72
- azp: clientId,
73
- iss: this.issuer,
74
- aud: resource,
75
- resource: resource,
76
- type: 'access',
77
- };
78
- if (extras?.user_profile_id) {
79
- accessTokenPayload.user_profile_id = extras.user_profile_id;
80
- }
81
- if (extras?.user_data) {
82
- accessTokenPayload.user_data = extras.user_data;
83
- }
84
- accessTokenPayload.scope = scope || '';
85
- const accessToken = jwt.sign(accessTokenPayload, this.jwtSecret, {
86
- algorithm: 'HS256',
87
- expiresIn: this.accessTokenExpiresIn,
88
- });
89
- let refreshToken = undefined;
90
- if (this.enableRefreshTokens) {
91
- const refreshTokenPayload = {
92
- sub: userId,
93
- client_id: clientId,
94
- scope,
95
- resource,
96
- type: 'refresh',
97
- jti: `refresh_${jti}`,
98
- iss: this.issuer,
99
- aud: resource,
100
- };
101
- if (extras?.user_profile_id) {
102
- refreshTokenPayload.user_profile_id = extras.user_profile_id;
103
- }
104
- refreshToken = jwt.sign(refreshTokenPayload, this.jwtSecret, {
105
- algorithm: 'HS256',
106
- expiresIn: this.refreshTokenExpiresIn,
107
- });
108
- }
109
- return {
110
- access_token: accessToken,
111
- token_type: 'bearer',
112
- expires_in: this.parseDurationToSeconds(this.accessTokenExpiresIn),
113
- ...(refreshToken ? { refresh_token: refreshToken } : {}),
114
- };
115
- }
116
- validateToken(token) {
117
- try {
118
- return jwt.verify(token, this.jwtSecret, {
119
- algorithms: ['HS256'],
120
- });
121
- }
122
- catch {
123
- return null;
124
- }
125
- }
126
- refreshAccessToken(refreshToken) {
127
- if (!this.enableRefreshTokens) {
128
- return null;
129
- }
130
- const payload = this.validateToken(refreshToken);
131
- if (!payload || payload.type !== 'refresh') {
132
- return null;
133
- }
134
- return this.generateTokenPair(payload.sub, payload.client_id, payload.scope, payload.resource, {
135
- user_profile_id: payload.user_profile_id,
136
- user_data: payload.user_data,
137
- });
138
- }
139
- generateUserToken(userId, userData) {
140
- const jti = (0, crypto_1.randomBytes)(16).toString('hex');
141
- const serverUrl = process.env.SERVER_URL || 'https://localhost:3000';
142
- const payload = {
143
- sub: userId,
144
- type: 'user',
145
- user_data: userData,
146
- jti: `user_${jti}`,
147
- iss: serverUrl,
148
- aud: 'mcp-client',
149
- };
150
- return jwt.sign(payload, this.jwtSecret, {
151
- algorithm: 'HS256',
152
- expiresIn: '24h',
153
- });
154
- }
155
- parseDurationToSeconds(duration) {
156
- const match = duration.match(/^(\d+)([smhd])$/);
157
- if (!match) {
158
- throw new Error(`Invalid duration format: ${duration}`);
159
- }
160
- const value = parseInt(match[1], 10);
161
- const unit = match[2];
162
- switch (unit) {
163
- case 's':
164
- return value;
165
- case 'm':
166
- return value * 60;
167
- case 'h':
168
- return value * 60 * 60;
169
- case 'd':
170
- return value * 60 * 60 * 24;
171
- default:
172
- throw new Error(`Unsupported duration unit: ${unit}`);
173
- }
174
- }
175
- };
176
- exports.JwtTokenService = JwtTokenService;
177
- exports.JwtTokenService = JwtTokenService = __decorate([
178
- (0, common_1.Injectable)(),
179
- __param(0, (0, common_1.Inject)('OAUTH_MODULE_OPTIONS')),
180
- __metadata("design:paramtypes", [Object])
181
- ], JwtTokenService);
182
- //# sourceMappingURL=jwt-token.service.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"jwt-token.service.js","sourceRoot":"","sources":["../../../src/authz/services/jwt-token.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,mCAAqC;AACrC,kDAAoC;AAyB7B,IAAM,eAAe,GAArB,MAAM,eAAe;IAO1B,YAA4C,OAA2B;QAErE,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEpC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM;YACT,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC;QACrE,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,uBAAuB,CAAC;QAC5D,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC;QAC9D,IAAI,CAAC,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IACzD,CAAC;IAED,iBAAiB,CACf,MAAc,EACd,QAAgB,EAChB,KAAK,GAAG,EAAE,EACV,QAAiB,EACjB,MAAsD;QAEtD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,GAAG,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE5C,MAAM,kBAAkB,GAAQ;YAC9B,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,IAAI,CAAC,MAAM;YAChB,GAAG,EAAE,QAAQ;YACb,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,QAAiB;SACxB,CAAC;QACF,IAAI,MAAM,EAAE,eAAe,EAAE,CAAC;YAC5B,kBAAkB,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QAC9D,CAAC;QACD,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;YACtB,kBAAkB,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;QAClD,CAAC;QAGD,kBAAkB,CAAC,KAAK,GAAG,KAAK,IAAI,EAAE,CAAC;QAEvC,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,EAAE;YAC/D,SAAS,EAAE,OAAO;YAClB,SAAS,EAAE,IAAI,CAAC,oBAAoB;SACrC,CAAC,CAAC;QAEH,IAAI,YAAY,GAAuB,SAAS,CAAC;QACjD,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7B,MAAM,mBAAmB,GAAQ;gBAC/B,GAAG,EAAE,MAAM;gBACX,SAAS,EAAE,QAAQ;gBACnB,KAAK;gBACL,QAAQ;gBACR,IAAI,EAAE,SAAkB;gBACxB,GAAG,EAAE,WAAW,GAAG,EAAE;gBACrB,GAAG,EAAE,IAAI,CAAC,MAAM;gBAChB,GAAG,EAAE,QAAQ;aACd,CAAC;YACF,IAAI,MAAM,EAAE,eAAe,EAAE,CAAC;gBAC5B,mBAAmB,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;YAC/D,CAAC;YACD,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,SAAS,EAAE;gBAC3D,SAAS,EAAE,OAAO;gBAClB,SAAS,EAAE,IAAI,CAAC,qBAAqB;aACtC,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,oBAAoB,CAAC;YAClE,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzD,CAAC;IACJ,CAAC;IAED,aAAa,CAAC,KAAa;QACzB,IAAI,CAAC;YACH,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;gBACvC,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAe,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,kBAAkB,CAAC,YAAoB;QACrC,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QAEjD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,iBAAiB,CAC3B,OAAO,CAAC,GAAG,EACX,OAAO,CAAC,SAAU,EAClB,OAAO,CAAC,KAAK,EACb,OAAO,CAAC,QAAQ,EAChB;YACE,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CACF,CAAC;IACJ,CAAC;IAED,iBAAiB,CAAC,MAAc,EAAE,QAAa;QAC7C,MAAM,GAAG,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,wBAAwB,CAAC;QAErE,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,MAAM;YACX,IAAI,EAAE,MAAM;YACZ,SAAS,EAAE,QAAQ;YACnB,GAAG,EAAE,QAAQ,GAAG,EAAE;YAClB,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,YAAY;SAClB,CAAC;QAEF,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE;YACvC,SAAS,EAAE,OAAO;YAClB,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;IACL,CAAC;IAEO,sBAAsB,CAAC,QAAgB;QAC7C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAChD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,GAAG;gBACN,OAAO,KAAK,CAAC;YACf,KAAK,GAAG;gBACN,OAAO,KAAK,GAAG,EAAE,CAAC;YACpB,KAAK,GAAG;gBACN,OAAO,KAAK,GAAG,EAAE,GAAG,EAAE,CAAC;YACzB,KAAK,GAAG;gBACN,OAAO,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;YAC9B;gBACE,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;CACF,CAAA;AAhKY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAQE,WAAA,IAAA,eAAM,EAAC,sBAAsB,CAAC,CAAA;;GAPhC,eAAe,CAgK3B","sourcesContent":["import { Inject, Injectable } from '@nestjs/common';\nimport { randomBytes } from 'crypto';\nimport * as jwt from 'jsonwebtoken';\nimport type { OAuthModuleOptions } from '../providers/oauth-provider.interface';\n\nexport interface JwtPayload {\n sub: string; // user_id\n azp?: string; // authorized party (client_id for access tokens)\n client_id?: string; // only for refresh tokens\n scope?: string;\n resource?: string; // MCP server resource identifier\n type: 'access' | 'refresh' | 'user';\n user_data?: any;\n user_profile_id?: string;\n iat?: number;\n exp?: number;\n}\n\nexport interface TokenPair {\n access_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n scope?: string;\n}\n\n@Injectable()\nexport class JwtTokenService {\n private jwtSecret: string;\n private issuer: string;\n private accessTokenExpiresIn: string;\n private refreshTokenExpiresIn: string;\n private enableRefreshTokens: boolean;\n\n constructor(@Inject('OAUTH_MODULE_OPTIONS') options: OAuthModuleOptions) {\n // Use JWT secret from environment variable\n const jwtSecret = options.jwtSecret;\n\n if (!jwtSecret) {\n throw new Error('JWT_SECRET must be set in environment variables.');\n }\n\n this.jwtSecret = jwtSecret;\n this.issuer =\n options.jwtIssuer || options.serverUrl || 'https://localhost:3000';\n this.accessTokenExpiresIn = options.jwtAccessTokenExpiresIn;\n this.refreshTokenExpiresIn = options.jwtRefreshTokenExpiresIn;\n this.enableRefreshTokens = options.enableRefreshTokens;\n }\n\n generateTokenPair(\n userId: string,\n clientId: string,\n scope = '',\n resource?: string,\n extras?: { user_profile_id?: string; user_data?: any },\n ): TokenPair {\n if (!resource) {\n throw new Error('Resource is required for token generation');\n }\n\n const jti = randomBytes(16).toString('hex'); // JWT ID for tracking\n\n const accessTokenPayload: any = {\n sub: userId,\n azp: clientId, // Use azp instead of client_id\n iss: this.issuer,\n aud: resource,\n resource: resource, // Always include resource\n type: 'access' as const,\n };\n if (extras?.user_profile_id) {\n accessTokenPayload.user_profile_id = extras.user_profile_id;\n }\n if (extras?.user_data) {\n accessTokenPayload.user_data = extras.user_data;\n }\n\n // Always include scope to ensure parity with refresh token claims\n accessTokenPayload.scope = scope || '';\n\n const accessToken = jwt.sign(accessTokenPayload, this.jwtSecret, {\n algorithm: 'HS256',\n expiresIn: this.accessTokenExpiresIn,\n });\n\n let refreshToken: string | undefined = undefined;\n if (this.enableRefreshTokens) {\n const refreshTokenPayload: any = {\n sub: userId,\n client_id: clientId,\n scope,\n resource,\n type: 'refresh' as const,\n jti: `refresh_${jti}`,\n iss: this.issuer,\n aud: resource,\n };\n if (extras?.user_profile_id) {\n refreshTokenPayload.user_profile_id = extras.user_profile_id;\n }\n refreshToken = jwt.sign(refreshTokenPayload, this.jwtSecret, {\n algorithm: 'HS256',\n expiresIn: this.refreshTokenExpiresIn,\n });\n }\n\n return {\n access_token: accessToken,\n token_type: 'bearer',\n expires_in: this.parseDurationToSeconds(this.accessTokenExpiresIn),\n ...(refreshToken ? { refresh_token: refreshToken } : {}),\n };\n }\n\n validateToken(token: string): JwtPayload | null {\n try {\n return jwt.verify(token, this.jwtSecret, {\n algorithms: ['HS256'],\n }) as JwtPayload;\n } catch {\n return null;\n }\n }\n\n refreshAccessToken(refreshToken: string): TokenPair | null {\n if (!this.enableRefreshTokens) {\n return null;\n }\n\n const payload = this.validateToken(refreshToken);\n\n if (!payload || payload.type !== 'refresh') {\n return null;\n }\n\n return this.generateTokenPair(\n payload.sub,\n payload.client_id!,\n payload.scope,\n payload.resource,\n {\n user_profile_id: payload.user_profile_id,\n user_data: payload.user_data,\n },\n );\n }\n\n generateUserToken(userId: string, userData: any): string {\n const jti = randomBytes(16).toString('hex');\n const serverUrl = process.env.SERVER_URL || 'https://localhost:3000';\n\n const payload = {\n sub: userId,\n type: 'user',\n user_data: userData,\n jti: `user_${jti}`,\n iss: serverUrl,\n aud: 'mcp-client',\n };\n\n return jwt.sign(payload, this.jwtSecret, {\n algorithm: 'HS256',\n expiresIn: '24h',\n });\n }\n\n private parseDurationToSeconds(duration: string): number {\n const match = duration.match(/^(\\d+)([smhd])$/);\n if (!match) {\n throw new Error(`Invalid duration format: ${duration}`);\n }\n const value = parseInt(match[1], 10);\n const unit = match[2];\n switch (unit) {\n case 's':\n return value;\n case 'm':\n return value * 60;\n case 'h':\n return value * 60 * 60;\n case 'd':\n return value * 60 * 60 * 24;\n default:\n throw new Error(`Unsupported duration unit: ${unit}`);\n }\n }\n}\n"]}
@@ -1,13 +0,0 @@
1
- import { OnModuleInit } from '@nestjs/common';
2
- import type { OAuthModuleOptions } from '../providers/oauth-provider.interface';
3
- export declare const STRATEGY_NAME = "oauth-provider";
4
- export declare class OAuthStrategyService implements OnModuleInit {
5
- private options;
6
- private authModuleId?;
7
- private strategyName;
8
- constructor(options: OAuthModuleOptions, authModuleId?: string | undefined);
9
- onModuleInit(): void;
10
- private registerStrategy;
11
- getStrategyName(): string;
12
- }
13
- //# sourceMappingURL=oauth-strategy.service.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-strategy.service.d.ts","sourceRoot":"","sources":["../../../src/authz/services/oauth-strategy.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,YAAY,EAAoB,MAAM,gBAAgB,CAAC;AAE5E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAEhF,eAAO,MAAM,aAAa,mBAAmB,CAAC;AAE9C,qBACa,oBAAqB,YAAW,YAAY;IAIrB,OAAO,CAAC,OAAO;IACR,OAAO,CAAC,YAAY,CAAC;IAJ9D,OAAO,CAAC,YAAY,CAAS;gBAGa,OAAO,EAAE,kBAAkB,EACpB,YAAY,CAAC,EAAE,MAAM,YAAA;IAQtE,YAAY;IAIZ,OAAO,CAAC,gBAAgB;IAoCxB,eAAe,IAAI,MAAM;CAG1B"}
@@ -1,71 +0,0 @@
1
- "use strict";
2
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
- return c > 3 && r && Object.defineProperty(target, key, r), r;
7
- };
8
- var __metadata = (this && this.__metadata) || function (k, v) {
9
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
- };
11
- var __param = (this && this.__param) || function (paramIndex, decorator) {
12
- return function (target, key) { decorator(target, key, paramIndex); }
13
- };
14
- var __importDefault = (this && this.__importDefault) || function (mod) {
15
- return (mod && mod.__esModule) ? mod : { "default": mod };
16
- };
17
- Object.defineProperty(exports, "__esModule", { value: true });
18
- exports.OAuthStrategyService = exports.STRATEGY_NAME = void 0;
19
- const common_1 = require("@nestjs/common");
20
- const passport_1 = __importDefault(require("passport"));
21
- exports.STRATEGY_NAME = 'oauth-provider';
22
- let OAuthStrategyService = class OAuthStrategyService {
23
- constructor(options, authModuleId) {
24
- this.options = options;
25
- this.authModuleId = authModuleId;
26
- this.strategyName = authModuleId
27
- ? `${exports.STRATEGY_NAME}-${authModuleId}`
28
- : exports.STRATEGY_NAME;
29
- }
30
- onModuleInit() {
31
- this.registerStrategy();
32
- }
33
- registerStrategy() {
34
- const provider = this.options.provider;
35
- const clientId = this.options.clientId;
36
- const clientSecret = this.options.clientSecret;
37
- const serverUrl = this.options.serverUrl;
38
- const strategyOptions = provider.strategyOptions({
39
- serverUrl,
40
- clientId,
41
- clientSecret,
42
- callbackPath: this.options.endpoints.callback,
43
- });
44
- const strategy = new provider.strategy(strategyOptions, (accessToken, refreshToken, profile, done) => {
45
- try {
46
- const mappedProfile = provider.profileMapper(profile);
47
- return done(null, {
48
- profile: mappedProfile,
49
- accessToken,
50
- provider: provider.name,
51
- });
52
- }
53
- catch (error) {
54
- return done(error, null);
55
- }
56
- });
57
- passport_1.default.use(this.strategyName, strategy);
58
- }
59
- getStrategyName() {
60
- return this.strategyName;
61
- }
62
- };
63
- exports.OAuthStrategyService = OAuthStrategyService;
64
- exports.OAuthStrategyService = OAuthStrategyService = __decorate([
65
- (0, common_1.Injectable)(),
66
- __param(0, (0, common_1.Inject)('OAUTH_MODULE_OPTIONS')),
67
- __param(1, (0, common_1.Optional)()),
68
- __param(1, (0, common_1.Inject)('OAUTH_MODULE_ID')),
69
- __metadata("design:paramtypes", [Object, String])
70
- ], OAuthStrategyService);
71
- //# sourceMappingURL=oauth-strategy.service.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-strategy.service.js","sourceRoot":"","sources":["../../../src/authz/services/oauth-strategy.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,2CAA4E;AAC5E,wDAAgC;AAGnB,QAAA,aAAa,GAAG,gBAAgB,CAAC;AAGvC,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAG/B,YAC0C,OAA2B,EACpB,YAAqB;QAD5B,YAAO,GAAP,OAAO,CAAoB;QACpB,iBAAY,GAAZ,YAAY,CAAS;QAGpE,IAAI,CAAC,YAAY,GAAG,YAAY;YAC9B,CAAC,CAAC,GAAG,qBAAa,IAAI,YAAY,EAAE;YACpC,CAAC,CAAC,qBAAa,CAAC;IACpB,CAAC;IAED,YAAY;QACV,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAC1B,CAAC;IAEO,gBAAgB;QACtB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAGvC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QACvC,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;QAG/C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QAEzC,MAAM,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC;YAC/C,SAAS;YACT,QAAQ;YACR,YAAY;YACZ,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ;SAC9C,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,QAAQ,CACpC,eAAe,EACf,CAAC,WAAmB,EAAE,YAAoB,EAAE,OAAY,EAAE,IAAS,EAAE,EAAE;YACrE,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBACtD,OAAO,IAAI,CAAC,IAAI,EAAE;oBAChB,OAAO,EAAE,aAAa;oBACtB,WAAW;oBACX,QAAQ,EAAE,QAAQ,CAAC,IAAI;iBACxB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC,CACF,CAAC;QAEF,kBAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;CACF,CAAA;AAxDY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,eAAM,EAAC,sBAAsB,CAAC,CAAA;IAC9B,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,iBAAiB,CAAC,CAAA;;GAL7B,oBAAoB,CAwDhC","sourcesContent":["import { Injectable, OnModuleInit, Inject, Optional } from '@nestjs/common';\nimport passport from 'passport';\nimport type { OAuthModuleOptions } from '../providers/oauth-provider.interface';\n\nexport const STRATEGY_NAME = 'oauth-provider';\n\n@Injectable()\nexport class OAuthStrategyService implements OnModuleInit {\n private strategyName: string;\n\n constructor(\n @Inject('OAUTH_MODULE_OPTIONS') private options: OAuthModuleOptions,\n @Optional() @Inject('OAUTH_MODULE_ID') private authModuleId?: string,\n ) {\n // Use instance-specific strategy name if authModuleId is provided\n this.strategyName = authModuleId\n ? `${STRATEGY_NAME}-${authModuleId}`\n : STRATEGY_NAME;\n }\n\n onModuleInit() {\n this.registerStrategy();\n }\n\n private registerStrategy() {\n const provider = this.options.provider;\n\n // Use client credentials from resolved options\n const clientId = this.options.clientId;\n const clientSecret = this.options.clientSecret;\n\n // Use resolved serverUrl (no fallbacks needed)\n const serverUrl = this.options.serverUrl;\n\n const strategyOptions = provider.strategyOptions({\n serverUrl,\n clientId,\n clientSecret,\n callbackPath: this.options.endpoints.callback,\n });\n\n const strategy = new provider.strategy(\n strategyOptions,\n (accessToken: string, refreshToken: string, profile: any, done: any) => {\n try {\n const mappedProfile = provider.profileMapper(profile);\n return done(null, {\n profile: mappedProfile,\n accessToken,\n provider: provider.name,\n });\n } catch (error) {\n return done(error, null);\n }\n },\n );\n\n passport.use(this.strategyName, strategy);\n }\n\n getStrategyName(): string {\n return this.strategyName;\n }\n}\n"]}
@@ -1,27 +0,0 @@
1
- import { OAuthSession, OAuthUserProfile } from '../providers/oauth-provider.interface';
2
- import type { AuthorizationCode, IOAuthStore, OAuthClient } from './oauth-store.interface';
3
- export declare class MemoryStore implements IOAuthStore {
4
- private clients;
5
- private authCodes;
6
- private oauthSessions;
7
- private userProfiles;
8
- private providerUserIndex;
9
- storeClient(client: OAuthClient): Promise<OAuthClient>;
10
- getClient(client_id: string): Promise<OAuthClient | undefined>;
11
- findClient(client_name: string): Promise<OAuthClient | undefined>;
12
- storeAuthCode(code: AuthorizationCode): Promise<void>;
13
- getAuthCode(code: string): Promise<AuthorizationCode | undefined>;
14
- removeAuthCode(code: string): Promise<void>;
15
- storeOAuthSession(sessionId: string, session: OAuthSession): Promise<void>;
16
- getOAuthSession(sessionId: string): Promise<OAuthSession | undefined>;
17
- removeOAuthSession(sessionId: string): Promise<void>;
18
- generateClientId(client: OAuthClient): string;
19
- private normalizeClientObject;
20
- upsertUserProfile(profile: OAuthUserProfile, provider: string): Promise<string>;
21
- getUserProfileById(profileId: string): Promise<(OAuthUserProfile & {
22
- profile_id: string;
23
- provider: string;
24
- }) | undefined>;
25
- private generateProfileId;
26
- }
27
- //# sourceMappingURL=memory-store.service.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"memory-store.service.d.ts","sourceRoot":"","sources":["../../../src/authz/stores/memory-store.service.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,gBAAgB,EACjB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,KAAK,EACV,iBAAiB,EACjB,WAAW,EACX,WAAW,EACZ,MAAM,yBAAyB,CAAC;AAGjC,qBACa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,OAAO,CAAkC;IACjD,OAAO,CAAC,SAAS,CAAwC;IACzD,OAAO,CAAC,aAAa,CAAmC;IACxD,OAAO,CAAC,YAAY,CAGhB;IACJ,OAAO,CAAC,iBAAiB,CAA6B;IAEhD,WAAW,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IAKtD,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAI9D,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IASjE,aAAa,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIrD,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,SAAS,CAAC;IAIjE,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK3C,iBAAiB,CACrB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC;IAIV,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IASrE,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI1D,gBAAgB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM;IAa7C,OAAO,CAAC,qBAAqB;IAqBvB,iBAAiB,CACrB,OAAO,EAAE,gBAAgB,EACzB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,CAAC;IAgBZ,kBAAkB,CACtB,SAAS,EAAE,MAAM,GAChB,OAAO,CACR,CAAC,gBAAgB,GAAG;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,SAAS,CAC1E;IAID,OAAO,CAAC,iBAAiB;CAI1B"}
@@ -1,107 +0,0 @@
1
- "use strict";
2
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
- return c > 3 && r && Object.defineProperty(target, key, r), r;
7
- };
8
- Object.defineProperty(exports, "__esModule", { value: true });
9
- exports.MemoryStore = void 0;
10
- const common_1 = require("@nestjs/common");
11
- const crypto_1 = require("crypto");
12
- let MemoryStore = class MemoryStore {
13
- constructor() {
14
- this.clients = new Map();
15
- this.authCodes = new Map();
16
- this.oauthSessions = new Map();
17
- this.userProfiles = new Map();
18
- this.providerUserIndex = new Map();
19
- }
20
- async storeClient(client) {
21
- this.clients.set(client.client_id, client);
22
- return client;
23
- }
24
- async getClient(client_id) {
25
- return this.clients.get(client_id);
26
- }
27
- async findClient(client_name) {
28
- for (const client of this.clients.values()) {
29
- if (client.client_name === client_name) {
30
- return client;
31
- }
32
- }
33
- return undefined;
34
- }
35
- async storeAuthCode(code) {
36
- this.authCodes.set(code.code, code);
37
- }
38
- async getAuthCode(code) {
39
- return this.authCodes.get(code);
40
- }
41
- async removeAuthCode(code) {
42
- this.authCodes.delete(code);
43
- }
44
- async storeOAuthSession(sessionId, session) {
45
- this.oauthSessions.set(sessionId, session);
46
- }
47
- async getOAuthSession(sessionId) {
48
- const session = this.oauthSessions.get(sessionId);
49
- if (session && session.expiresAt < Date.now()) {
50
- this.oauthSessions.delete(sessionId);
51
- return undefined;
52
- }
53
- return session;
54
- }
55
- async removeOAuthSession(sessionId) {
56
- this.oauthSessions.delete(sessionId);
57
- }
58
- generateClientId(client) {
59
- const normalizedClient = this.normalizeClientObject(client);
60
- const clientString = JSON.stringify(normalizedClient);
61
- const hash = (0, crypto_1.createHash)('sha256').update(clientString).digest('hex');
62
- const normalizedName = client.client_name
63
- .toLowerCase()
64
- .replace(/[^a-z0-9]/g, '');
65
- return `${normalizedName}_${hash.substring(0, 16)}`;
66
- }
67
- normalizeClientObject(client) {
68
- const normalized = {};
69
- const sortedKeys = Object.keys(client).sort();
70
- for (const key of sortedKeys) {
71
- const value = client[key];
72
- if (Array.isArray(value)) {
73
- normalized[key] = [...value].sort();
74
- }
75
- else {
76
- normalized[key] = value;
77
- }
78
- }
79
- return normalized;
80
- }
81
- async upsertUserProfile(profile, provider) {
82
- const key = `${provider}:${profile.id}`;
83
- let profileId = this.providerUserIndex.get(key);
84
- if (!profileId) {
85
- profileId = this.generateProfileId(provider, profile.id);
86
- this.providerUserIndex.set(key, profileId);
87
- }
88
- this.userProfiles.set(profileId, {
89
- profile_id: profileId,
90
- provider,
91
- ...profile,
92
- });
93
- return profileId;
94
- }
95
- async getUserProfileById(profileId) {
96
- return this.userProfiles.get(profileId);
97
- }
98
- generateProfileId(provider, providerUserId) {
99
- const input = `${provider}:${providerUserId}`;
100
- return (0, crypto_1.createHash)('sha256').update(input).digest('hex').slice(0, 24);
101
- }
102
- };
103
- exports.MemoryStore = MemoryStore;
104
- exports.MemoryStore = MemoryStore = __decorate([
105
- (0, common_1.Injectable)()
106
- ], MemoryStore);
107
- //# sourceMappingURL=memory-store.service.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"memory-store.service.js","sourceRoot":"","sources":["../../../src/authz/stores/memory-store.service.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA4C;AAC5C,mCAAoC;AAa7B,IAAM,WAAW,GAAjB,MAAM,WAAW;IAAjB;QACG,YAAO,GAAG,IAAI,GAAG,EAAuB,CAAC;QACzC,cAAS,GAAG,IAAI,GAAG,EAA6B,CAAC;QACjD,kBAAa,GAAG,IAAI,GAAG,EAAwB,CAAC;QAChD,iBAAY,GAAG,IAAI,GAAG,EAG3B,CAAC;QACI,sBAAiB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAsHxD,CAAC;IApHC,KAAK,CAAC,WAAW,CAAC,MAAmB;QACnC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC3C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,SAAiB;QAC/B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,WAAmB;QAClC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,MAAM,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;gBACvC,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAuB;QACzC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,IAAY;QAC5B,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAY;QAC/B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAGD,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,OAAqB;QAErB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,SAAiB;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,OAAO,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC9C,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACrC,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,SAAiB;QACxC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACvC,CAAC;IAED,gBAAgB,CAAC,MAAmB;QAElC,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QACtD,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAGrE,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW;aACtC,WAAW,EAAE;aACb,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC7B,OAAO,GAAG,cAAc,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IACtD,CAAC;IAEO,qBAAqB,CAAC,MAAmB;QAE/C,MAAM,UAAU,GAAQ,EAAE,CAAC;QAG3B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAE9C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAI,MAAc,CAAC,GAAG,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAEzB,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAGD,KAAK,CAAC,iBAAiB,CACrB,OAAyB,EACzB,QAAgB;QAEhB,MAAM,GAAG,GAAG,GAAG,QAAQ,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;QACxC,IAAI,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,EAAE,CAAC;YAEf,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;YACzD,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE;YAC/B,UAAU,EAAE,SAAS;YACrB,QAAQ;YACR,GAAG,OAAO;SACX,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,SAAiB;QAIjB,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC1C,CAAC;IAEO,iBAAiB,CAAC,QAAgB,EAAE,cAAsB;QAChE,MAAM,KAAK,GAAG,GAAG,QAAQ,IAAI,cAAc,EAAE,CAAC;QAC9C,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;CACF,CAAA;AA9HY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;GACA,WAAW,CA8HvB","sourcesContent":["import { Injectable } from '@nestjs/common';\nimport { createHash } from 'crypto';\nimport {\n OAuthSession,\n OAuthUserProfile,\n} from '../providers/oauth-provider.interface';\nimport type {\n AuthorizationCode,\n IOAuthStore,\n OAuthClient,\n} from './oauth-store.interface';\n\n// In-memory storage (in production, use a database)\n@Injectable()\nexport class MemoryStore implements IOAuthStore {\n private clients = new Map<string, OAuthClient>();\n private authCodes = new Map<string, AuthorizationCode>();\n private oauthSessions = new Map<string, OAuthSession>();\n private userProfiles = new Map<\n string,\n OAuthUserProfile & { profile_id: string; provider: string }\n >(); // profile_id -> profile\n private providerUserIndex = new Map<string, string>(); // key(provider:userId) -> profile_id\n\n async storeClient(client: OAuthClient): Promise<OAuthClient> {\n this.clients.set(client.client_id, client);\n return client;\n }\n\n async getClient(client_id: string): Promise<OAuthClient | undefined> {\n return this.clients.get(client_id);\n }\n\n async findClient(client_name: string): Promise<OAuthClient | undefined> {\n for (const client of this.clients.values()) {\n if (client.client_name === client_name) {\n return client;\n }\n }\n return undefined;\n }\n\n async storeAuthCode(code: AuthorizationCode): Promise<void> {\n this.authCodes.set(code.code, code);\n }\n\n async getAuthCode(code: string): Promise<AuthorizationCode | undefined> {\n return this.authCodes.get(code);\n }\n\n async removeAuthCode(code: string): Promise<void> {\n this.authCodes.delete(code);\n }\n\n // New OAuth session methods for provider-agnostic flow\n async storeOAuthSession(\n sessionId: string,\n session: OAuthSession,\n ): Promise<void> {\n this.oauthSessions.set(sessionId, session);\n }\n\n async getOAuthSession(sessionId: string): Promise<OAuthSession | undefined> {\n const session = this.oauthSessions.get(sessionId);\n if (session && session.expiresAt < Date.now()) {\n this.oauthSessions.delete(sessionId);\n return undefined;\n }\n return session;\n }\n\n async removeOAuthSession(sessionId: string): Promise<void> {\n this.oauthSessions.delete(sessionId);\n }\n\n generateClientId(client: OAuthClient): string {\n // Create deterministic client ID based on entire client object\n const normalizedClient = this.normalizeClientObject(client);\n const clientString = JSON.stringify(normalizedClient);\n const hash = createHash('sha256').update(clientString).digest('hex');\n\n // Use first 16 characters of hash with client name prefix for readability\n const normalizedName = client.client_name\n .toLowerCase()\n .replace(/[^a-z0-9]/g, '');\n return `${normalizedName}_${hash.substring(0, 16)}`;\n }\n\n private normalizeClientObject(client: OAuthClient): any {\n // Create a normalized version of the client object for consistent hashing\n const normalized: any = {};\n\n // Sort object keys to ensure consistent ordering\n const sortedKeys = Object.keys(client).sort();\n\n for (const key of sortedKeys) {\n const value = (client as any)[key];\n if (Array.isArray(value)) {\n // Sort arrays to ensure consistent ordering\n normalized[key] = [...value].sort();\n } else {\n normalized[key] = value;\n }\n }\n\n return normalized;\n }\n\n // User profile management\n async upsertUserProfile(\n profile: OAuthUserProfile,\n provider: string,\n ): Promise<string> {\n const key = `${provider}:${profile.id}`;\n let profileId = this.providerUserIndex.get(key);\n if (!profileId) {\n // create new\n profileId = this.generateProfileId(provider, profile.id);\n this.providerUserIndex.set(key, profileId);\n }\n this.userProfiles.set(profileId, {\n profile_id: profileId,\n provider,\n ...profile,\n });\n return profileId;\n }\n\n async getUserProfileById(\n profileId: string,\n ): Promise<\n (OAuthUserProfile & { profile_id: string; provider: string }) | undefined\n > {\n return this.userProfiles.get(profileId);\n }\n\n private generateProfileId(provider: string, providerUserId: string): string {\n const input = `${provider}:${providerUserId}`;\n return createHash('sha256').update(input).digest('hex').slice(0, 24);\n }\n}\n"]}