@rekog/mcp-nest 1.9.10 → 2.0.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +76 -29
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -1
- package/dist/index.js.map +1 -1
- package/dist/mcp/decorators/constants.d.ts +1 -0
- package/dist/mcp/decorators/constants.d.ts.map +1 -1
- package/dist/mcp/decorators/constants.js +2 -1
- package/dist/mcp/decorators/constants.js.map +1 -1
- package/dist/mcp/decorators/index.d.ts +3 -1
- package/dist/mcp/decorators/index.d.ts.map +1 -1
- package/dist/mcp/decorators/index.js +3 -1
- package/dist/mcp/decorators/index.js.map +1 -1
- package/dist/mcp/decorators/mcp-controller.decorator.d.ts +6 -0
- package/dist/mcp/decorators/mcp-controller.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/mcp-controller.decorator.js +43 -0
- package/dist/mcp/decorators/mcp-controller.decorator.js.map +1 -0
- package/dist/mcp/decorators/mcp-message-pattern.d.ts +3 -0
- package/dist/mcp/decorators/mcp-message-pattern.d.ts.map +1 -0
- package/dist/mcp/decorators/mcp-message-pattern.js +13 -0
- package/dist/mcp/decorators/mcp-message-pattern.js.map +1 -0
- package/dist/mcp/decorators/prompt.decorator.d.ts +1 -1
- package/dist/mcp/decorators/prompt.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/prompt.decorator.js +2 -1
- package/dist/mcp/decorators/prompt.decorator.js.map +1 -1
- package/dist/mcp/decorators/public.decorator.js.map +1 -1
- package/dist/mcp/decorators/raw-request.decorator.d.ts +2 -0
- package/dist/mcp/decorators/raw-request.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/raw-request.decorator.js +6 -0
- package/dist/mcp/decorators/raw-request.decorator.js.map +1 -0
- package/dist/mcp/decorators/resource-template.decorator.d.ts +1 -1
- package/dist/mcp/decorators/resource-template.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/resource-template.decorator.js +2 -1
- package/dist/mcp/decorators/resource-template.decorator.js.map +1 -1
- package/dist/mcp/decorators/resource.decorator.d.ts +1 -1
- package/dist/mcp/decorators/resource.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/resource.decorator.js +2 -1
- package/dist/mcp/decorators/resource.decorator.js.map +1 -1
- package/dist/mcp/decorators/tool.decorator.d.ts +1 -3
- package/dist/mcp/decorators/tool.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/tool.decorator.js +2 -1
- package/dist/mcp/decorators/tool.decorator.js.map +1 -1
- package/dist/mcp/filters/mcp-exception.filter.d.ts +6 -0
- package/dist/mcp/filters/mcp-exception.filter.d.ts.map +1 -0
- package/dist/mcp/filters/mcp-exception.filter.js +26 -0
- package/dist/mcp/filters/mcp-exception.filter.js.map +1 -0
- package/dist/mcp/index.d.ts +11 -7
- package/dist/mcp/index.d.ts.map +1 -1
- package/dist/mcp/index.js +11 -7
- package/dist/mcp/index.js.map +1 -1
- package/dist/mcp/interfaces/authenticated-user.interface.d.ts +9 -0
- package/dist/mcp/interfaces/authenticated-user.interface.d.ts.map +1 -0
- package/dist/{authz/interfaces/request-with-user.js → mcp/interfaces/authenticated-user.interface.js} +1 -1
- package/dist/mcp/interfaces/authenticated-user.interface.js.map +1 -0
- package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-prompt.interface.js.map +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.js.map +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.js.map +1 -1
- package/dist/mcp/interfaces/index.d.ts +2 -2
- package/dist/mcp/interfaces/index.d.ts.map +1 -1
- package/dist/mcp/interfaces/index.js +0 -3
- package/dist/mcp/interfaces/index.js.map +1 -1
- package/dist/mcp/services/tool-authorization.service.d.ts +7 -5
- package/dist/mcp/services/tool-authorization.service.d.ts.map +1 -1
- package/dist/mcp/services/tool-authorization.service.js +9 -6
- package/dist/mcp/services/tool-authorization.service.js.map +1 -1
- package/dist/mcp/transport/mcp-context.d.ts +34 -0
- package/dist/mcp/transport/mcp-context.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-context.js +74 -0
- package/dist/mcp/transport/mcp-context.js.map +1 -0
- package/dist/mcp/transport/mcp-http-handler.d.ts +7 -0
- package/dist/mcp/transport/mcp-http-handler.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-http-handler.js +5 -0
- package/dist/mcp/transport/mcp-http-handler.js.map +1 -0
- package/dist/mcp/transport/mcp-server-options.interface.d.ts +23 -0
- package/dist/mcp/transport/mcp-server-options.interface.d.ts.map +1 -0
- package/dist/{authz/providers/oauth-provider.interface.js → mcp/transport/mcp-server-options.interface.js} +1 -1
- package/dist/mcp/transport/mcp-server-options.interface.js.map +1 -0
- package/dist/mcp/transport/mcp-transport.constants.d.ts +19 -0
- package/dist/mcp/transport/mcp-transport.constants.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-transport.constants.js +21 -0
- package/dist/mcp/transport/mcp-transport.constants.js.map +1 -0
- package/dist/mcp/transport/mcp-transport.interface.d.ts +17 -0
- package/dist/mcp/transport/mcp-transport.interface.d.ts.map +1 -0
- package/dist/{authz/interfaces/oauth-common.interface.js → mcp/transport/mcp-transport.interface.js} +1 -1
- package/dist/mcp/transport/mcp-transport.interface.js.map +1 -0
- package/dist/mcp/transport/mcp.strategy.d.ts +56 -0
- package/dist/mcp/transport/mcp.strategy.d.ts.map +1 -0
- package/dist/mcp/transport/mcp.strategy.js +446 -0
- package/dist/mcp/transport/mcp.strategy.js.map +1 -0
- package/dist/mcp/transport/resource-matcher.d.ts +13 -0
- package/dist/mcp/transport/resource-matcher.d.ts.map +1 -0
- package/dist/mcp/transport/resource-matcher.js +83 -0
- package/dist/mcp/transport/resource-matcher.js.map +1 -0
- package/dist/mcp/transport/streamable-http.controller.d.ts +16 -0
- package/dist/mcp/transport/streamable-http.controller.d.ts.map +1 -0
- package/dist/mcp/transport/streamable-http.controller.js +98 -0
- package/dist/mcp/transport/streamable-http.controller.js.map +1 -0
- package/dist/mcp/transport/transports/index.d.ts +3 -0
- package/dist/mcp/transport/transports/index.d.ts.map +1 -0
- package/dist/{authz → mcp/transport/transports}/index.js +2 -10
- package/dist/mcp/transport/transports/index.js.map +1 -0
- package/dist/mcp/transport/transports/read-body.d.ts +3 -0
- package/dist/mcp/transport/transports/read-body.d.ts.map +1 -0
- package/dist/mcp/transport/transports/read-body.js +32 -0
- package/dist/mcp/transport/transports/read-body.js.map +1 -0
- package/dist/mcp/transport/transports/stdio.transport.d.ts +9 -0
- package/dist/mcp/transport/transports/stdio.transport.d.ts.map +1 -0
- package/dist/mcp/transport/transports/stdio.transport.js +27 -0
- package/dist/mcp/transport/transports/stdio.transport.js.map +1 -0
- package/dist/mcp/transport/transports/streamable-http.transport.d.ts +33 -0
- package/dist/mcp/transport/transports/streamable-http.transport.d.ts.map +1 -0
- package/dist/mcp/transport/transports/streamable-http.transport.js +216 -0
- package/dist/mcp/transport/transports/streamable-http.transport.js.map +1 -0
- package/dist/mcp/utils/mcp-logger.factory.d.ts +6 -2
- package/dist/mcp/utils/mcp-logger.factory.d.ts.map +1 -1
- package/dist/mcp/utils/mcp-logger.factory.js.map +1 -1
- package/package.json +3 -66
- package/src/index.ts +0 -1
- package/src/mcp/decorators/constants.ts +1 -0
- package/src/mcp/decorators/index.ts +3 -1
- package/src/mcp/decorators/mcp-controller.decorator.ts +126 -0
- package/src/mcp/decorators/mcp-message-pattern.ts +38 -0
- package/src/mcp/decorators/prompt.decorator.ts +6 -2
- package/src/mcp/decorators/public.decorator.ts +3 -3
- package/src/mcp/decorators/raw-request.decorator.ts +32 -0
- package/src/mcp/decorators/resource-template.decorator.ts +6 -2
- package/src/mcp/decorators/resource.decorator.ts +6 -2
- package/src/mcp/decorators/tool.decorator.ts +6 -3
- package/src/mcp/filters/mcp-exception.filter.ts +47 -0
- package/src/mcp/index.ts +13 -7
- package/src/mcp/interfaces/authenticated-user.interface.ts +22 -0
- package/src/mcp/interfaces/dynamic-prompt.interface.ts +1 -1
- package/src/mcp/interfaces/dynamic-resource.interface.ts +1 -1
- package/src/mcp/interfaces/dynamic-tool.interface.ts +2 -2
- package/src/mcp/interfaces/index.ts +3 -7
- package/src/mcp/services/tool-authorization.service.ts +52 -72
- package/src/mcp/transport/mcp-context.ts +138 -0
- package/src/mcp/transport/mcp-http-handler.ts +32 -0
- package/src/mcp/transport/mcp-server-options.interface.ts +75 -0
- package/src/mcp/transport/mcp-transport.constants.ts +99 -0
- package/src/mcp/transport/mcp-transport.interface.ts +50 -0
- package/src/mcp/transport/mcp.strategy.ts +752 -0
- package/src/mcp/transport/resource-matcher.ts +107 -0
- package/src/mcp/transport/streamable-http.controller.ts +114 -0
- package/src/mcp/transport/transports/index.ts +2 -0
- package/src/mcp/transport/transports/read-body.ts +39 -0
- package/src/mcp/transport/transports/stdio.transport.ts +35 -0
- package/src/mcp/transport/transports/streamable-http.transport.ts +384 -0
- package/src/mcp/utils/mcp-logger.factory.spec.ts +8 -22
- package/src/mcp/utils/mcp-logger.factory.ts +13 -2
- package/dist/authz/guards/jwt-auth.guard.d.ts +0 -19
- package/dist/authz/guards/jwt-auth.guard.d.ts.map +0 -1
- package/dist/authz/guards/jwt-auth.guard.js +0 -108
- package/dist/authz/guards/jwt-auth.guard.js.map +0 -1
- package/dist/authz/index.d.ts +0 -11
- package/dist/authz/index.d.ts.map +0 -1
- package/dist/authz/index.js.map +0 -1
- package/dist/authz/interfaces/oauth-common.interface.d.ts +0 -21
- package/dist/authz/interfaces/oauth-common.interface.d.ts.map +0 -1
- package/dist/authz/interfaces/oauth-common.interface.js.map +0 -1
- package/dist/authz/interfaces/request-with-user.d.ts +0 -13
- package/dist/authz/interfaces/request-with-user.d.ts.map +0 -1
- package/dist/authz/interfaces/request-with-user.js.map +0 -1
- package/dist/authz/mcp-oauth.controller.d.ts +0 -81
- package/dist/authz/mcp-oauth.controller.d.ts.map +0 -1
- package/dist/authz/mcp-oauth.controller.js +0 -540
- package/dist/authz/mcp-oauth.controller.js.map +0 -1
- package/dist/authz/mcp-oauth.module.d.ts +0 -12
- package/dist/authz/mcp-oauth.module.d.ts.map +0 -1
- package/dist/authz/mcp-oauth.module.js +0 -271
- package/dist/authz/mcp-oauth.module.js.map +0 -1
- package/dist/authz/providers/azure-ad.provider.d.ts +0 -3
- package/dist/authz/providers/azure-ad.provider.d.ts.map +0 -1
- package/dist/authz/providers/azure-ad.provider.js +0 -37
- package/dist/authz/providers/azure-ad.provider.js.map +0 -1
- package/dist/authz/providers/github.provider.d.ts +0 -3
- package/dist/authz/providers/github.provider.d.ts.map +0 -1
- package/dist/authz/providers/github.provider.js +0 -24
- package/dist/authz/providers/github.provider.js.map +0 -1
- package/dist/authz/providers/google.provider.d.ts +0 -3
- package/dist/authz/providers/google.provider.d.ts.map +0 -1
- package/dist/authz/providers/google.provider.js +0 -25
- package/dist/authz/providers/google.provider.js.map +0 -1
- package/dist/authz/providers/oauth-provider.interface.d.ts +0 -107
- package/dist/authz/providers/oauth-provider.interface.d.ts.map +0 -1
- package/dist/authz/providers/oauth-provider.interface.js.map +0 -1
- package/dist/authz/services/client.service.d.ts +0 -12
- package/dist/authz/services/client.service.d.ts.map +0 -1
- package/dist/authz/services/client.service.js +0 -81
- package/dist/authz/services/client.service.js.map +0 -1
- package/dist/authz/services/jwt-token.service.d.ts +0 -37
- package/dist/authz/services/jwt-token.service.d.ts.map +0 -1
- package/dist/authz/services/jwt-token.service.js +0 -182
- package/dist/authz/services/jwt-token.service.js.map +0 -1
- package/dist/authz/services/oauth-strategy.service.d.ts +0 -13
- package/dist/authz/services/oauth-strategy.service.d.ts.map +0 -1
- package/dist/authz/services/oauth-strategy.service.js +0 -71
- package/dist/authz/services/oauth-strategy.service.js.map +0 -1
- package/dist/authz/stores/memory-store.service.d.ts +0 -27
- package/dist/authz/stores/memory-store.service.d.ts.map +0 -1
- package/dist/authz/stores/memory-store.service.js +0 -107
- package/dist/authz/stores/memory-store.service.js.map +0 -1
- package/dist/authz/stores/oauth-store.interface.d.ts +0 -61
- package/dist/authz/stores/oauth-store.interface.d.ts.map +0 -1
- package/dist/authz/stores/oauth-store.interface.js +0 -5
- package/dist/authz/stores/oauth-store.interface.js.map +0 -1
- package/dist/authz/stores/typeorm/constants.d.ts +0 -3
- package/dist/authz/stores/typeorm/constants.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/constants.js +0 -6
- package/dist/authz/stores/typeorm/constants.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts +0 -15
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js +0 -69
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/index.d.ts +0 -5
- package/dist/authz/stores/typeorm/entities/index.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/index.js +0 -12
- package/dist/authz/stores/typeorm/entities/index.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts +0 -17
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js +0 -77
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts +0 -14
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js +0 -65
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts +0 -13
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js +0 -62
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts +0 -28
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/typeorm-store.service.js +0 -138
- package/dist/authz/stores/typeorm/typeorm-store.service.js.map +0 -1
- package/dist/mcp/constants/feature-registration.constants.d.ts +0 -7
- package/dist/mcp/constants/feature-registration.constants.d.ts.map +0 -1
- package/dist/mcp/constants/feature-registration.constants.js +0 -5
- package/dist/mcp/constants/feature-registration.constants.js.map +0 -1
- package/dist/mcp/decorators/tool-guards.decorator.d.ts +0 -12
- package/dist/mcp/decorators/tool-guards.decorator.d.ts.map +0 -1
- package/dist/mcp/decorators/tool-guards.decorator.js +0 -13
- package/dist/mcp/decorators/tool-guards.decorator.js.map +0 -1
- package/dist/mcp/interfaces/mcp-options.interface.d.ts +0 -53
- package/dist/mcp/interfaces/mcp-options.interface.d.ts.map +0 -1
- package/dist/mcp/interfaces/mcp-options.interface.js +0 -10
- package/dist/mcp/interfaces/mcp-options.interface.js.map +0 -1
- package/dist/mcp/mcp.module.d.ts +0 -15
- package/dist/mcp/mcp.module.d.ts.map +0 -1
- package/dist/mcp/mcp.module.js +0 -248
- package/dist/mcp/mcp.module.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts +0 -117
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-handler.base.js +0 -125
- package/dist/mcp/services/handlers/mcp-handler.base.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts +0 -12
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.js +0 -98
- package/dist/mcp/services/handlers/mcp-prompts.handler.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts +0 -13
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.js +0 -117
- package/dist/mcp/services/handlers/mcp-resources.handler.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts +0 -22
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.js +0 -258
- package/dist/mcp/services/handlers/mcp-tools.handler.js.map +0 -1
- package/dist/mcp/services/mcp-dynamic-registry.service.d.ts +0 -26
- package/dist/mcp/services/mcp-dynamic-registry.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-dynamic-registry.service.js +0 -133
- package/dist/mcp/services/mcp-dynamic-registry.service.js.map +0 -1
- package/dist/mcp/services/mcp-executor.service.d.ts +0 -15
- package/dist/mcp/services/mcp-executor.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-executor.service.js +0 -47
- package/dist/mcp/services/mcp-executor.service.js.map +0 -1
- package/dist/mcp/services/mcp-registry-discovery.service.d.ts +0 -63
- package/dist/mcp/services/mcp-registry-discovery.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-registry-discovery.service.js +0 -397
- package/dist/mcp/services/mcp-registry-discovery.service.js.map +0 -1
- package/dist/mcp/services/mcp-sse.service.d.ts +0 -20
- package/dist/mcp/services/mcp-sse.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-sse.service.js +0 -91
- package/dist/mcp/services/mcp-sse.service.js.map +0 -1
- package/dist/mcp/services/mcp-streamable-http.service.d.ts +0 -32
- package/dist/mcp/services/mcp-streamable-http.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-streamable-http.service.js +0 -327
- package/dist/mcp/services/mcp-streamable-http.service.js.map +0 -1
- package/dist/mcp/services/sse-ping.service.d.ts +0 -23
- package/dist/mcp/services/sse-ping.service.d.ts.map +0 -1
- package/dist/mcp/services/sse-ping.service.js +0 -99
- package/dist/mcp/services/sse-ping.service.js.map +0 -1
- package/dist/mcp/transport/sse.controller.factory.d.ts +0 -14
- package/dist/mcp/transport/sse.controller.factory.d.ts.map +0 -1
- package/dist/mcp/transport/sse.controller.factory.js +0 -67
- package/dist/mcp/transport/sse.controller.factory.js.map +0 -1
- package/dist/mcp/transport/stdio.service.d.ts +0 -14
- package/dist/mcp/transport/stdio.service.d.ts.map +0 -1
- package/dist/mcp/transport/stdio.service.js +0 -66
- package/dist/mcp/transport/stdio.service.js.map +0 -1
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts +0 -14
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts.map +0 -1
- package/dist/mcp/transport/streamable-http.controller.factory.js +0 -74
- package/dist/mcp/transport/streamable-http.controller.factory.js.map +0 -1
- package/dist/mcp/utils/capabilities-builder.d.ts +0 -5
- package/dist/mcp/utils/capabilities-builder.d.ts.map +0 -1
- package/dist/mcp/utils/capabilities-builder.js +0 -25
- package/dist/mcp/utils/capabilities-builder.js.map +0 -1
- package/dist/mcp/utils/mcp-server.factory.d.ts +0 -6
- package/dist/mcp/utils/mcp-server.factory.d.ts.map +0 -1
- package/dist/mcp/utils/mcp-server.factory.js +0 -22
- package/dist/mcp/utils/mcp-server.factory.js.map +0 -1
- package/src/authz/guards/jwt-auth.guard.ts +0 -127
- package/src/authz/index.ts +0 -10
- package/src/authz/interfaces/oauth-common.interface.ts +0 -21
- package/src/authz/interfaces/request-with-user.ts +0 -16
- package/src/authz/mcp-oauth.controller.ts +0 -860
- package/src/authz/mcp-oauth.module.ts +0 -384
- package/src/authz/providers/azure-ad.provider.ts +0 -40
- package/src/authz/providers/github.provider.ts +0 -22
- package/src/authz/providers/google.provider.ts +0 -23
- package/src/authz/providers/oauth-provider.interface.ts +0 -147
- package/src/authz/services/client.service.ts +0 -125
- package/src/authz/services/jwt-token.service.spec.ts +0 -67
- package/src/authz/services/jwt-token.service.ts +0 -188
- package/src/authz/services/oauth-strategy.service.ts +0 -64
- package/src/authz/stores/memory-store.service.spec.ts +0 -475
- package/src/authz/stores/memory-store.service.ts +0 -141
- package/src/authz/stores/oauth-store.interface.ts +0 -131
- package/src/authz/stores/typeorm/README.md +0 -140
- package/src/authz/stores/typeorm/constants.ts +0 -6
- package/src/authz/stores/typeorm/entities/authorization-code.entity.ts +0 -41
- package/src/authz/stores/typeorm/entities/index.ts +0 -4
- package/src/authz/stores/typeorm/entities/oauth-client.entity.ts +0 -53
- package/src/authz/stores/typeorm/entities/oauth-session.entity.ts +0 -38
- package/src/authz/stores/typeorm/entities/user-profile.entity.ts +0 -46
- package/src/authz/stores/typeorm/typeorm-store.service.spec.ts +0 -494
- package/src/authz/stores/typeorm/typeorm-store.service.ts +0 -165
- package/src/mcp/constants/feature-registration.constants.ts +0 -24
- package/src/mcp/decorators/tool-guards.decorator.ts +0 -82
- package/src/mcp/interfaces/mcp-options.interface.ts +0 -95
- package/src/mcp/mcp.module.ts +0 -349
- package/src/mcp/services/handlers/mcp-handler.base.ts +0 -203
- package/src/mcp/services/handlers/mcp-prompts.handler.ts +0 -143
- package/src/mcp/services/handlers/mcp-resources.handler.ts +0 -183
- package/src/mcp/services/handlers/mcp-tools.handler.spec.ts +0 -41
- package/src/mcp/services/handlers/mcp-tools.handler.ts +0 -436
- package/src/mcp/services/mcp-dynamic-registry.service.ts +0 -236
- package/src/mcp/services/mcp-executor.service.ts +0 -64
- package/src/mcp/services/mcp-registry-discovery.service.spec.ts +0 -306
- package/src/mcp/services/mcp-registry-discovery.service.ts +0 -849
- package/src/mcp/services/mcp-sse.service.ts +0 -124
- package/src/mcp/services/mcp-streamable-http.service.ts +0 -472
- package/src/mcp/services/sse-ping.service.ts +0 -144
- package/src/mcp/transport/custom-decorator.spec.ts +0 -75
- package/src/mcp/transport/sse.controller.factory.ts +0 -84
- package/src/mcp/transport/stdio.service.ts +0 -75
- package/src/mcp/transport/streamable-http.controller.factory.ts +0 -80
- package/src/mcp/utils/capabilities-builder.ts +0 -43
- package/src/mcp/utils/mcp-server.factory.ts +0 -33
|
@@ -1,384 +0,0 @@
|
|
|
1
|
-
import { DynamicModule, Module } from '@nestjs/common';
|
|
2
|
-
import { ConfigModule } from '@nestjs/config';
|
|
3
|
-
import { JwtModule } from '@nestjs/jwt';
|
|
4
|
-
import { PassportModule } from '@nestjs/passport';
|
|
5
|
-
import { McpAuthJwtGuard } from './guards/jwt-auth.guard';
|
|
6
|
-
import { createMcpOAuthController } from './mcp-oauth.controller';
|
|
7
|
-
import type {
|
|
8
|
-
OAuthUserModuleOptions as AuthUserModuleOptions,
|
|
9
|
-
OAuthEndpointConfiguration,
|
|
10
|
-
OAuthModuleDefaults,
|
|
11
|
-
OAuthModuleOptions,
|
|
12
|
-
} from './providers/oauth-provider.interface';
|
|
13
|
-
import { ClientService } from './services/client.service';
|
|
14
|
-
import { JwtTokenService } from './services/jwt-token.service';
|
|
15
|
-
import { OAuthStrategyService } from './services/oauth-strategy.service';
|
|
16
|
-
import { MemoryStore } from './stores/memory-store.service';
|
|
17
|
-
import { normalizeEndpoint } from '../mcp/utils/normalize-endpoint';
|
|
18
|
-
import { OAUTH_TYPEORM_CONNECTION_NAME } from './stores/typeorm/constants';
|
|
19
|
-
|
|
20
|
-
let authInstanceIdCounter = 0;
|
|
21
|
-
|
|
22
|
-
// Default configuration values
|
|
23
|
-
export const DEFAULT_OPTIONS: OAuthModuleDefaults = {
|
|
24
|
-
serverUrl: 'http://localhost:3000',
|
|
25
|
-
resource: 'http://localhost:3000/mcp',
|
|
26
|
-
jwtIssuer: 'http://localhost:3000',
|
|
27
|
-
jwtAudience: 'mcp-client',
|
|
28
|
-
jwtAccessTokenExpiresIn: '1d',
|
|
29
|
-
jwtRefreshTokenExpiresIn: '30d',
|
|
30
|
-
enableRefreshTokens: true,
|
|
31
|
-
cookieMaxAge: 24 * 60 * 60 * 1000, // 24 hours
|
|
32
|
-
oauthSessionExpiresIn: 10 * 60 * 1000, // 10 minutes
|
|
33
|
-
authCodeExpiresIn: 10 * 60 * 1000, // 10 minutes
|
|
34
|
-
nodeEnv: 'development',
|
|
35
|
-
apiPrefix: '',
|
|
36
|
-
endpoints: {
|
|
37
|
-
wellKnownAuthorizationServerMetadata:
|
|
38
|
-
'/.well-known/oauth-authorization-server',
|
|
39
|
-
wellKnownProtectedResourceMetadata: '/.well-known/oauth-protected-resource',
|
|
40
|
-
register: '/register',
|
|
41
|
-
authorize: '/authorize',
|
|
42
|
-
callback: '/callback',
|
|
43
|
-
token: '/token',
|
|
44
|
-
revoke: '/revoke',
|
|
45
|
-
},
|
|
46
|
-
disableEndpoints: {
|
|
47
|
-
wellKnownAuthorizationServerMetadata: false,
|
|
48
|
-
wellKnownProtectedResourceMetadata: false,
|
|
49
|
-
},
|
|
50
|
-
protectedResourceMetadata: {
|
|
51
|
-
scopesSupported: ['offline_access'],
|
|
52
|
-
bearerMethodsSupported: ['header'],
|
|
53
|
-
mcpVersionsSupported: ['2025-06-18'],
|
|
54
|
-
},
|
|
55
|
-
authorizationServerMetadata: {
|
|
56
|
-
responseTypesSupported: ['code'],
|
|
57
|
-
responseModesSupported: ['query'],
|
|
58
|
-
grantTypesSupported: ['authorization_code', 'refresh_token'],
|
|
59
|
-
tokenEndpointAuthMethodsSupported: [
|
|
60
|
-
'client_secret_basic',
|
|
61
|
-
'client_secret_post',
|
|
62
|
-
'none',
|
|
63
|
-
],
|
|
64
|
-
scopesSupported: ['offline_access'],
|
|
65
|
-
codeChallengeMethodsSupported: ['plain', 'S256'],
|
|
66
|
-
},
|
|
67
|
-
};
|
|
68
|
-
|
|
69
|
-
@Module({})
|
|
70
|
-
export class McpAuthModule {
|
|
71
|
-
/**
|
|
72
|
-
* To avoid import circular dependency issues, we use a marker property.
|
|
73
|
-
*/
|
|
74
|
-
readonly __isMcpAuthModule = true;
|
|
75
|
-
|
|
76
|
-
static forRoot(options: AuthUserModuleOptions): DynamicModule {
|
|
77
|
-
// Create a unique instance ID for this auth module
|
|
78
|
-
const authModuleId = `mcp-auth-module-${authInstanceIdCounter++}`;
|
|
79
|
-
|
|
80
|
-
// Merge user options with defaults and validate
|
|
81
|
-
const resolvedOptions = this.mergeAndValidateOptions(
|
|
82
|
-
DEFAULT_OPTIONS,
|
|
83
|
-
options,
|
|
84
|
-
);
|
|
85
|
-
|
|
86
|
-
resolvedOptions.endpoints = prepareEndpoints(
|
|
87
|
-
resolvedOptions.apiPrefix,
|
|
88
|
-
DEFAULT_OPTIONS.endpoints,
|
|
89
|
-
options.endpoints || {},
|
|
90
|
-
);
|
|
91
|
-
|
|
92
|
-
// Use instance-scoped token for OAuth options
|
|
93
|
-
const oauthModuleOptionsToken = `OAUTH_MODULE_OPTIONS_${authModuleId}`;
|
|
94
|
-
const oauthModuleOptions = {
|
|
95
|
-
provide: oauthModuleOptionsToken,
|
|
96
|
-
useValue: resolvedOptions,
|
|
97
|
-
};
|
|
98
|
-
|
|
99
|
-
// Determine imports based on configuration
|
|
100
|
-
const imports = [
|
|
101
|
-
ConfigModule,
|
|
102
|
-
PassportModule.register({
|
|
103
|
-
defaultStrategy: 'jwt',
|
|
104
|
-
session: false,
|
|
105
|
-
}),
|
|
106
|
-
JwtModule.register({
|
|
107
|
-
secret: resolvedOptions.jwtSecret,
|
|
108
|
-
signOptions: {
|
|
109
|
-
issuer: resolvedOptions.jwtIssuer,
|
|
110
|
-
audience: resolvedOptions.jwtAudience,
|
|
111
|
-
},
|
|
112
|
-
}),
|
|
113
|
-
];
|
|
114
|
-
|
|
115
|
-
// Add TypeORM configuration if using TypeORM store
|
|
116
|
-
const storeConfig = resolvedOptions.storeConfiguration;
|
|
117
|
-
const isTypeOrmStore = storeConfig?.type === 'typeorm';
|
|
118
|
-
if (isTypeOrmStore) {
|
|
119
|
-
const typeormOptions = storeConfig.options;
|
|
120
|
-
try {
|
|
121
|
-
// Require TypeORM-related modules only when needed
|
|
122
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
123
|
-
const { TypeOrmModule } = require('@nestjs/typeorm');
|
|
124
|
-
const {
|
|
125
|
-
OAuthClientEntity,
|
|
126
|
-
AuthorizationCodeEntity,
|
|
127
|
-
OAuthSessionEntity,
|
|
128
|
-
OAuthUserProfileEntity,
|
|
129
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
130
|
-
} = require('./stores/typeorm/entities');
|
|
131
|
-
|
|
132
|
-
imports.push(
|
|
133
|
-
TypeOrmModule.forRoot({
|
|
134
|
-
...typeormOptions,
|
|
135
|
-
// Use a unique connection name for the OAuth store to avoid clashes
|
|
136
|
-
name: OAUTH_TYPEORM_CONNECTION_NAME,
|
|
137
|
-
entities: [
|
|
138
|
-
OAuthClientEntity,
|
|
139
|
-
AuthorizationCodeEntity,
|
|
140
|
-
OAuthSessionEntity,
|
|
141
|
-
OAuthUserProfileEntity,
|
|
142
|
-
],
|
|
143
|
-
}),
|
|
144
|
-
TypeOrmModule.forFeature(
|
|
145
|
-
[
|
|
146
|
-
OAuthClientEntity,
|
|
147
|
-
AuthorizationCodeEntity,
|
|
148
|
-
OAuthSessionEntity,
|
|
149
|
-
OAuthUserProfileEntity,
|
|
150
|
-
],
|
|
151
|
-
OAUTH_TYPEORM_CONNECTION_NAME,
|
|
152
|
-
),
|
|
153
|
-
);
|
|
154
|
-
} catch (err) {
|
|
155
|
-
throw new Error(
|
|
156
|
-
"To use the TypeORM store, please install '@nestjs/typeorm' and 'typeorm'.",
|
|
157
|
-
);
|
|
158
|
-
}
|
|
159
|
-
}
|
|
160
|
-
|
|
161
|
-
// Create store provider based on configuration with instance-scoped token
|
|
162
|
-
const oauthStoreToken = `IOAuthStore_${authModuleId}`;
|
|
163
|
-
const oauthStoreProvider = this.createStoreProvider(
|
|
164
|
-
resolvedOptions.storeConfiguration,
|
|
165
|
-
oauthStoreToken,
|
|
166
|
-
);
|
|
167
|
-
|
|
168
|
-
// Create alias for compatibility with injection
|
|
169
|
-
const oauthStoreAliasProvider = {
|
|
170
|
-
provide: MemoryStore,
|
|
171
|
-
useExisting: oauthStoreToken,
|
|
172
|
-
};
|
|
173
|
-
|
|
174
|
-
const providers: any[] = [
|
|
175
|
-
{
|
|
176
|
-
provide: 'OAUTH_MODULE_ID',
|
|
177
|
-
useValue: authModuleId,
|
|
178
|
-
},
|
|
179
|
-
oauthModuleOptions,
|
|
180
|
-
oauthStoreProvider,
|
|
181
|
-
oauthStoreAliasProvider,
|
|
182
|
-
// Provide backward-compatible tokens as aliases
|
|
183
|
-
{
|
|
184
|
-
provide: 'OAUTH_MODULE_OPTIONS',
|
|
185
|
-
useExisting: oauthModuleOptionsToken,
|
|
186
|
-
},
|
|
187
|
-
{
|
|
188
|
-
provide: 'IOAuthStore',
|
|
189
|
-
useExisting: oauthStoreToken,
|
|
190
|
-
},
|
|
191
|
-
// Provide services using their class tokens
|
|
192
|
-
OAuthStrategyService,
|
|
193
|
-
ClientService,
|
|
194
|
-
JwtTokenService,
|
|
195
|
-
McpAuthJwtGuard,
|
|
196
|
-
];
|
|
197
|
-
|
|
198
|
-
// No additional providers needed for TypeORM store - provider is created dynamically
|
|
199
|
-
|
|
200
|
-
// Create controller with apiPrefix, passing the instance-scoped tokens
|
|
201
|
-
const OAuthControllerClass = createMcpOAuthController(
|
|
202
|
-
resolvedOptions.endpoints,
|
|
203
|
-
{
|
|
204
|
-
disableWellKnownAuthorizationServerMetadata:
|
|
205
|
-
resolvedOptions.disableEndpoints
|
|
206
|
-
.wellKnownAuthorizationServerMetadata ?? false,
|
|
207
|
-
disableWellKnownProtectedResourceMetadata:
|
|
208
|
-
resolvedOptions.disableEndpoints.wellKnownProtectedResourceMetadata ??
|
|
209
|
-
false,
|
|
210
|
-
},
|
|
211
|
-
authModuleId,
|
|
212
|
-
);
|
|
213
|
-
|
|
214
|
-
return {
|
|
215
|
-
module: McpAuthModule,
|
|
216
|
-
imports,
|
|
217
|
-
controllers: [OAuthControllerClass],
|
|
218
|
-
providers,
|
|
219
|
-
exports: [
|
|
220
|
-
'OAUTH_MODULE_ID',
|
|
221
|
-
'OAUTH_MODULE_OPTIONS',
|
|
222
|
-
'IOAuthStore',
|
|
223
|
-
JwtTokenService,
|
|
224
|
-
ClientService,
|
|
225
|
-
OAuthStrategyService,
|
|
226
|
-
McpAuthJwtGuard,
|
|
227
|
-
MemoryStore,
|
|
228
|
-
],
|
|
229
|
-
};
|
|
230
|
-
}
|
|
231
|
-
|
|
232
|
-
private static mergeAndValidateOptions(
|
|
233
|
-
defaults: OAuthModuleDefaults,
|
|
234
|
-
options: AuthUserModuleOptions,
|
|
235
|
-
): OAuthModuleOptions {
|
|
236
|
-
// Validate required options first
|
|
237
|
-
this.validateRequiredOptions(options);
|
|
238
|
-
|
|
239
|
-
// Merge with defaults
|
|
240
|
-
const resolvedOptions: OAuthModuleOptions = {
|
|
241
|
-
...defaults,
|
|
242
|
-
...options,
|
|
243
|
-
// Ensure jwtIssuer defaults to serverUrl if not provided
|
|
244
|
-
jwtIssuer:
|
|
245
|
-
options.jwtIssuer || options.serverUrl || DEFAULT_OPTIONS.jwtIssuer,
|
|
246
|
-
cookieSecure:
|
|
247
|
-
options.cookieSecure || process.env.NODE_ENV === 'production',
|
|
248
|
-
// Merge protectedResourceMetadata with defaults
|
|
249
|
-
protectedResourceMetadata: {
|
|
250
|
-
...defaults.protectedResourceMetadata,
|
|
251
|
-
...options.protectedResourceMetadata,
|
|
252
|
-
},
|
|
253
|
-
// Merge authorizationServerMetadata with defaults
|
|
254
|
-
authorizationServerMetadata: {
|
|
255
|
-
...defaults.authorizationServerMetadata,
|
|
256
|
-
...options.authorizationServerMetadata,
|
|
257
|
-
},
|
|
258
|
-
// Merge disableEndpoints with defaults
|
|
259
|
-
disableEndpoints: {
|
|
260
|
-
...defaults.disableEndpoints,
|
|
261
|
-
...(options.disableEndpoints || {}),
|
|
262
|
-
},
|
|
263
|
-
};
|
|
264
|
-
|
|
265
|
-
if (!resolvedOptions.enableRefreshTokens) {
|
|
266
|
-
resolvedOptions.authorizationServerMetadata.grantTypesSupported =
|
|
267
|
-
resolvedOptions.authorizationServerMetadata.grantTypesSupported.filter(
|
|
268
|
-
(g) => g !== 'refresh_token',
|
|
269
|
-
);
|
|
270
|
-
resolvedOptions.protectedResourceMetadata.scopesSupported =
|
|
271
|
-
resolvedOptions.protectedResourceMetadata.scopesSupported.filter(
|
|
272
|
-
(s) => s !== 'offline_access',
|
|
273
|
-
);
|
|
274
|
-
}
|
|
275
|
-
|
|
276
|
-
// Final validation of resolved options
|
|
277
|
-
this.validateResolvedOptions(resolvedOptions);
|
|
278
|
-
|
|
279
|
-
return resolvedOptions;
|
|
280
|
-
}
|
|
281
|
-
|
|
282
|
-
private static validateRequiredOptions(options: AuthUserModuleOptions): void {
|
|
283
|
-
const requiredFields: (keyof AuthUserModuleOptions)[] = [
|
|
284
|
-
'provider',
|
|
285
|
-
'clientId',
|
|
286
|
-
'clientSecret',
|
|
287
|
-
'jwtSecret',
|
|
288
|
-
];
|
|
289
|
-
|
|
290
|
-
for (const field of requiredFields) {
|
|
291
|
-
if (!options[field]) {
|
|
292
|
-
throw new Error(
|
|
293
|
-
`OAuthModuleOptions: ${String(field)} is required and must be provided by the user`,
|
|
294
|
-
);
|
|
295
|
-
}
|
|
296
|
-
}
|
|
297
|
-
}
|
|
298
|
-
|
|
299
|
-
private static validateResolvedOptions(options: OAuthModuleOptions): void {
|
|
300
|
-
// Validate JWT secret is strong enough
|
|
301
|
-
if (options.jwtSecret.length < 32) {
|
|
302
|
-
throw new Error(
|
|
303
|
-
'OAuthModuleOptions: jwtSecret must be at least 32 characters long',
|
|
304
|
-
);
|
|
305
|
-
}
|
|
306
|
-
|
|
307
|
-
// Validate URLs are proper format
|
|
308
|
-
try {
|
|
309
|
-
new URL(options.serverUrl);
|
|
310
|
-
new URL(options.jwtIssuer);
|
|
311
|
-
} catch {
|
|
312
|
-
throw new Error(
|
|
313
|
-
'OAuthModuleOptions: serverUrl and jwtIssuer must be valid URLs',
|
|
314
|
-
);
|
|
315
|
-
}
|
|
316
|
-
|
|
317
|
-
// Validate provider configuration
|
|
318
|
-
if (!options.provider.name || !options.provider.strategy) {
|
|
319
|
-
throw new Error(
|
|
320
|
-
'OAuthModuleOptions: provider must have name and strategy',
|
|
321
|
-
);
|
|
322
|
-
}
|
|
323
|
-
}
|
|
324
|
-
|
|
325
|
-
private static createStoreProvider(
|
|
326
|
-
storeConfiguration: OAuthModuleOptions['storeConfiguration'],
|
|
327
|
-
provideToken: string,
|
|
328
|
-
) {
|
|
329
|
-
if (!storeConfiguration || storeConfiguration.type === 'memory') {
|
|
330
|
-
// Default memory store
|
|
331
|
-
return {
|
|
332
|
-
provide: provideToken,
|
|
333
|
-
useValue: new MemoryStore(),
|
|
334
|
-
};
|
|
335
|
-
}
|
|
336
|
-
|
|
337
|
-
if (storeConfiguration.type === 'typeorm') {
|
|
338
|
-
// TypeORM store
|
|
339
|
-
const {
|
|
340
|
-
TypeOrmStore,
|
|
341
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
342
|
-
} = require('./stores/typeorm/typeorm-store.service');
|
|
343
|
-
return {
|
|
344
|
-
provide: provideToken,
|
|
345
|
-
useClass: TypeOrmStore,
|
|
346
|
-
};
|
|
347
|
-
}
|
|
348
|
-
|
|
349
|
-
if (storeConfiguration.type === 'custom') {
|
|
350
|
-
// Custom store
|
|
351
|
-
return {
|
|
352
|
-
provide: provideToken,
|
|
353
|
-
useValue: storeConfiguration.store,
|
|
354
|
-
};
|
|
355
|
-
}
|
|
356
|
-
|
|
357
|
-
throw new Error(
|
|
358
|
-
`Unknown store configuration type: ${(storeConfiguration as any).type}`,
|
|
359
|
-
);
|
|
360
|
-
}
|
|
361
|
-
}
|
|
362
|
-
|
|
363
|
-
function prepareEndpoints(
|
|
364
|
-
apiPrefix: string,
|
|
365
|
-
defaultEndpoints: OAuthEndpointConfiguration,
|
|
366
|
-
configuredEndpoints: OAuthEndpointConfiguration,
|
|
367
|
-
) {
|
|
368
|
-
const updatedDefaultEndpoints = {
|
|
369
|
-
wellKnownAuthorizationServerMetadata:
|
|
370
|
-
defaultEndpoints.wellKnownAuthorizationServerMetadata,
|
|
371
|
-
wellKnownProtectedResourceMetadata:
|
|
372
|
-
defaultEndpoints.wellKnownProtectedResourceMetadata,
|
|
373
|
-
callback: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.callback}`),
|
|
374
|
-
token: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.token}`),
|
|
375
|
-
revoke: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.revoke}`),
|
|
376
|
-
authorize: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.authorize}`),
|
|
377
|
-
register: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.register}`),
|
|
378
|
-
} as OAuthEndpointConfiguration;
|
|
379
|
-
|
|
380
|
-
return {
|
|
381
|
-
...updatedDefaultEndpoints,
|
|
382
|
-
...configuredEndpoints,
|
|
383
|
-
};
|
|
384
|
-
}
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
import { Strategy } from 'passport-azure-ad-oauth2';
|
|
2
|
-
import { normalizeEndpoint } from '../../mcp/utils/normalize-endpoint';
|
|
3
|
-
import { OAuthProviderConfig } from './oauth-provider.interface';
|
|
4
|
-
|
|
5
|
-
export const AzureADOAuthProvider: OAuthProviderConfig = {
|
|
6
|
-
name: 'azure-ad',
|
|
7
|
-
displayName: 'Microsoft Azure AD',
|
|
8
|
-
strategy: Strategy,
|
|
9
|
-
strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({
|
|
10
|
-
clientID: clientId,
|
|
11
|
-
clientSecret: clientSecret,
|
|
12
|
-
callbackURL: normalizeEndpoint(`${serverUrl}/${callbackPath}`),
|
|
13
|
-
tenant: 'common', // Can be overridden via custom configuration
|
|
14
|
-
resource: 'https://graph.microsoft.com/', // Microsoft Graph API
|
|
15
|
-
}),
|
|
16
|
-
scope: ['openid', 'profile', 'email', 'User.Read'],
|
|
17
|
-
profileMapper: (profile) => {
|
|
18
|
-
// Azure AD profile structure from Microsoft Graph
|
|
19
|
-
const azureProfile = profile._json || profile;
|
|
20
|
-
|
|
21
|
-
return {
|
|
22
|
-
id: azureProfile.id || azureProfile.oid || profile.id,
|
|
23
|
-
username:
|
|
24
|
-
azureProfile.preferred_username ||
|
|
25
|
-
azureProfile.userPrincipalName ||
|
|
26
|
-
azureProfile.mail ||
|
|
27
|
-
azureProfile.email ||
|
|
28
|
-
profile.username,
|
|
29
|
-
email:
|
|
30
|
-
azureProfile.mail ||
|
|
31
|
-
azureProfile.userPrincipalName ||
|
|
32
|
-
azureProfile.email ||
|
|
33
|
-
profile.emails?.[0]?.value,
|
|
34
|
-
displayName:
|
|
35
|
-
azureProfile.displayName || azureProfile.name || profile.displayName,
|
|
36
|
-
avatarUrl: azureProfile.photo || profile.photos?.[0]?.value,
|
|
37
|
-
raw: profile,
|
|
38
|
-
};
|
|
39
|
-
},
|
|
40
|
-
};
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
import { normalizeEndpoint } from '../../mcp/utils/normalize-endpoint';
|
|
2
|
-
import { OAuthProviderConfig } from './oauth-provider.interface';
|
|
3
|
-
import { Strategy } from 'passport-github';
|
|
4
|
-
|
|
5
|
-
export const GitHubOAuthProvider: OAuthProviderConfig = {
|
|
6
|
-
name: 'github',
|
|
7
|
-
strategy: Strategy,
|
|
8
|
-
strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({
|
|
9
|
-
clientID: clientId,
|
|
10
|
-
clientSecret: clientSecret,
|
|
11
|
-
callbackURL: normalizeEndpoint(`${serverUrl}/${callbackPath}`),
|
|
12
|
-
}),
|
|
13
|
-
scope: ['user:email'],
|
|
14
|
-
profileMapper: (profile) => ({
|
|
15
|
-
id: profile.id,
|
|
16
|
-
username: profile.username || profile.login,
|
|
17
|
-
email: profile.emails?.[0]?.value,
|
|
18
|
-
displayName: profile.displayName || profile.name,
|
|
19
|
-
avatarUrl: profile.photos?.[0]?.value || profile.avatar_url,
|
|
20
|
-
raw: profile,
|
|
21
|
-
}),
|
|
22
|
-
};
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
import { Strategy } from 'passport-google-oauth20';
|
|
2
|
-
import { normalizeEndpoint } from '../../mcp/utils/normalize-endpoint';
|
|
3
|
-
import { OAuthProviderConfig } from './oauth-provider.interface';
|
|
4
|
-
|
|
5
|
-
export const GoogleOAuthProvider: OAuthProviderConfig = {
|
|
6
|
-
name: 'google',
|
|
7
|
-
strategy: Strategy,
|
|
8
|
-
strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({
|
|
9
|
-
clientID: clientId,
|
|
10
|
-
clientSecret: clientSecret,
|
|
11
|
-
callbackURL: normalizeEndpoint(`${serverUrl}/${callbackPath}`),
|
|
12
|
-
scope: ['profile', 'email'],
|
|
13
|
-
}),
|
|
14
|
-
scope: ['profile', 'email'],
|
|
15
|
-
profileMapper: (profile) => ({
|
|
16
|
-
id: profile.id,
|
|
17
|
-
username: profile.emails?.[0]?.value?.split('@')[0] || profile.id,
|
|
18
|
-
email: profile.emails?.[0]?.value,
|
|
19
|
-
displayName: profile.displayName,
|
|
20
|
-
avatarUrl: profile.photos?.[0]?.value,
|
|
21
|
-
raw: profile,
|
|
22
|
-
}),
|
|
23
|
-
};
|
|
@@ -1,147 +0,0 @@
|
|
|
1
|
-
import type { IOAuthStore } from '../stores/oauth-store.interface';
|
|
2
|
-
import type {
|
|
3
|
-
OAuthSession,
|
|
4
|
-
OAuthUserProfile,
|
|
5
|
-
} from '../interfaces/oauth-common.interface';
|
|
6
|
-
|
|
7
|
-
// Re-export common interfaces
|
|
8
|
-
export type { OAuthSession, OAuthUserProfile };
|
|
9
|
-
|
|
10
|
-
// Define a minimal placeholder for TypeORM options so the type remains
|
|
11
|
-
// available without requiring the optional `@nestjs/typeorm` package.
|
|
12
|
-
// Consumers who use the TypeORM store should install the package to get
|
|
13
|
-
// the full type definitions.
|
|
14
|
-
type TypeOrmModuleOptions = Record<string, unknown>;
|
|
15
|
-
|
|
16
|
-
export interface OAuthProviderConfig {
|
|
17
|
-
name: string;
|
|
18
|
-
displayName?: string;
|
|
19
|
-
strategy: any; // Passport Strategy constructor
|
|
20
|
-
strategyOptions: (options: {
|
|
21
|
-
serverUrl: string;
|
|
22
|
-
clientId: string;
|
|
23
|
-
clientSecret: string;
|
|
24
|
-
callbackPath?: string; // Optional custom callback path
|
|
25
|
-
}) => any;
|
|
26
|
-
scope?: string[];
|
|
27
|
-
profileMapper: (profile: any) => OAuthUserProfile;
|
|
28
|
-
}
|
|
29
|
-
|
|
30
|
-
// Store configuration union type
|
|
31
|
-
export type StoreConfiguration =
|
|
32
|
-
| { type: 'typeorm'; options: TypeOrmModuleOptions }
|
|
33
|
-
| { type: 'custom'; store: IOAuthStore }
|
|
34
|
-
| { type: 'memory' }
|
|
35
|
-
| undefined; // Default to memory store
|
|
36
|
-
|
|
37
|
-
export interface OAuthEndpointConfiguration {
|
|
38
|
-
wellKnownAuthorizationServerMetadata?: string; // Default: '/.well-known/oauth-authorization-server'
|
|
39
|
-
wellKnownProtectedResourceMetadata?: string | string[]; // Default: '/.well-known/oauth-protected-resource'
|
|
40
|
-
register?: string; // Default: '/register'
|
|
41
|
-
authorize?: string; // Default: '/authorize'
|
|
42
|
-
callback?: string; // Default: '/callback'
|
|
43
|
-
token?: string; // Default: '/token'
|
|
44
|
-
revoke?: string; // Default: '/revoke'
|
|
45
|
-
}
|
|
46
|
-
|
|
47
|
-
export interface OAuthEndpointDisableOptions {
|
|
48
|
-
wellKnownAuthorizationServerMetadata?: boolean;
|
|
49
|
-
wellKnownProtectedResourceMetadata?: boolean;
|
|
50
|
-
}
|
|
51
|
-
|
|
52
|
-
export interface OAuthUserModuleOptions {
|
|
53
|
-
provider: OAuthProviderConfig;
|
|
54
|
-
|
|
55
|
-
// Required OAuth Provider Credentials
|
|
56
|
-
clientId: string;
|
|
57
|
-
clientSecret: string;
|
|
58
|
-
|
|
59
|
-
// Required JWT Configuration
|
|
60
|
-
jwtSecret: string;
|
|
61
|
-
|
|
62
|
-
// Server Configuration
|
|
63
|
-
serverUrl?: string;
|
|
64
|
-
resource?: string; // should be the endpoint clients connect to, e.g.: 'https://localhost:3000/mcp'
|
|
65
|
-
// JWT Configuration
|
|
66
|
-
jwtIssuer?: string;
|
|
67
|
-
jwtAudience?: string;
|
|
68
|
-
jwtAccessTokenExpiresIn?: string;
|
|
69
|
-
jwtRefreshTokenExpiresIn?: string;
|
|
70
|
-
enableRefreshTokens?: boolean;
|
|
71
|
-
|
|
72
|
-
// Cookie Configuration
|
|
73
|
-
cookieSecure?: boolean;
|
|
74
|
-
cookieMaxAge?: number;
|
|
75
|
-
|
|
76
|
-
// OAuth Session Configuration
|
|
77
|
-
oauthSessionExpiresIn?: number; // in milliseconds
|
|
78
|
-
authCodeExpiresIn?: number; // in milliseconds
|
|
79
|
-
|
|
80
|
-
// Protected Resource Metadata Configuration
|
|
81
|
-
protectedResourceMetadata?: {
|
|
82
|
-
scopesSupported?: string[];
|
|
83
|
-
bearerMethodsSupported?: string[];
|
|
84
|
-
mcpVersionsSupported?: string[];
|
|
85
|
-
};
|
|
86
|
-
|
|
87
|
-
// Authorization Server Metadata Configuration
|
|
88
|
-
authorizationServerMetadata?: {
|
|
89
|
-
responseTypesSupported?: string[];
|
|
90
|
-
responseModesSupported?: string[];
|
|
91
|
-
grantTypesSupported?: string[];
|
|
92
|
-
tokenEndpointAuthMethodsSupported?: string[];
|
|
93
|
-
scopesSupported?: string[];
|
|
94
|
-
codeChallengeMethodsSupported?: string[];
|
|
95
|
-
};
|
|
96
|
-
|
|
97
|
-
// Storage Configuration - single property for all storage options
|
|
98
|
-
storeConfiguration?: StoreConfiguration;
|
|
99
|
-
apiPrefix?: string;
|
|
100
|
-
|
|
101
|
-
// Endpoint Configuration
|
|
102
|
-
endpoints?: OAuthEndpointConfiguration;
|
|
103
|
-
disableEndpoints?: OAuthEndpointDisableOptions;
|
|
104
|
-
}
|
|
105
|
-
|
|
106
|
-
export interface OAuthModuleDefaults {
|
|
107
|
-
serverUrl: string;
|
|
108
|
-
resource: string; // Default resource URL
|
|
109
|
-
jwtIssuer: string;
|
|
110
|
-
jwtAudience: string;
|
|
111
|
-
jwtAccessTokenExpiresIn: string;
|
|
112
|
-
jwtRefreshTokenExpiresIn: string;
|
|
113
|
-
enableRefreshTokens: boolean;
|
|
114
|
-
cookieMaxAge: number;
|
|
115
|
-
oauthSessionExpiresIn: number;
|
|
116
|
-
authCodeExpiresIn: number;
|
|
117
|
-
nodeEnv: string;
|
|
118
|
-
apiPrefix: string;
|
|
119
|
-
endpoints: OAuthEndpointConfiguration;
|
|
120
|
-
disableEndpoints: OAuthEndpointDisableOptions;
|
|
121
|
-
protectedResourceMetadata: {
|
|
122
|
-
scopesSupported: string[];
|
|
123
|
-
bearerMethodsSupported: string[];
|
|
124
|
-
mcpVersionsSupported: string[];
|
|
125
|
-
};
|
|
126
|
-
authorizationServerMetadata: {
|
|
127
|
-
responseTypesSupported: string[];
|
|
128
|
-
responseModesSupported: string[];
|
|
129
|
-
grantTypesSupported: string[];
|
|
130
|
-
tokenEndpointAuthMethodsSupported: string[];
|
|
131
|
-
scopesSupported: string[];
|
|
132
|
-
codeChallengeMethodsSupported: string[];
|
|
133
|
-
};
|
|
134
|
-
}
|
|
135
|
-
|
|
136
|
-
// Resolved options after merging with defaults
|
|
137
|
-
export type OAuthModuleOptions = Required<
|
|
138
|
-
Pick<
|
|
139
|
-
OAuthUserModuleOptions,
|
|
140
|
-
'provider' | 'clientId' | 'clientSecret' | 'jwtSecret'
|
|
141
|
-
>
|
|
142
|
-
> &
|
|
143
|
-
Required<OAuthModuleDefaults> & {
|
|
144
|
-
// Optional fields that may remain undefined
|
|
145
|
-
cookieSecure: boolean;
|
|
146
|
-
storeConfiguration?: StoreConfiguration;
|
|
147
|
-
};
|