@rekog/mcp-nest 1.9.10 → 2.0.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +76 -29
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -1
- package/dist/index.js.map +1 -1
- package/dist/mcp/decorators/constants.d.ts +1 -0
- package/dist/mcp/decorators/constants.d.ts.map +1 -1
- package/dist/mcp/decorators/constants.js +2 -1
- package/dist/mcp/decorators/constants.js.map +1 -1
- package/dist/mcp/decorators/index.d.ts +3 -1
- package/dist/mcp/decorators/index.d.ts.map +1 -1
- package/dist/mcp/decorators/index.js +3 -1
- package/dist/mcp/decorators/index.js.map +1 -1
- package/dist/mcp/decorators/mcp-controller.decorator.d.ts +6 -0
- package/dist/mcp/decorators/mcp-controller.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/mcp-controller.decorator.js +43 -0
- package/dist/mcp/decorators/mcp-controller.decorator.js.map +1 -0
- package/dist/mcp/decorators/mcp-message-pattern.d.ts +3 -0
- package/dist/mcp/decorators/mcp-message-pattern.d.ts.map +1 -0
- package/dist/mcp/decorators/mcp-message-pattern.js +13 -0
- package/dist/mcp/decorators/mcp-message-pattern.js.map +1 -0
- package/dist/mcp/decorators/prompt.decorator.d.ts +4 -1
- package/dist/mcp/decorators/prompt.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/prompt.decorator.js +2 -1
- package/dist/mcp/decorators/prompt.decorator.js.map +1 -1
- package/dist/mcp/decorators/public.decorator.js.map +1 -1
- package/dist/mcp/decorators/raw-request.decorator.d.ts +2 -0
- package/dist/mcp/decorators/raw-request.decorator.d.ts.map +1 -0
- package/dist/mcp/decorators/raw-request.decorator.js +6 -0
- package/dist/mcp/decorators/raw-request.decorator.js.map +1 -0
- package/dist/mcp/decorators/resource-template.decorator.d.ts +1 -1
- package/dist/mcp/decorators/resource-template.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/resource-template.decorator.js +2 -1
- package/dist/mcp/decorators/resource-template.decorator.js.map +1 -1
- package/dist/mcp/decorators/resource.decorator.d.ts +1 -1
- package/dist/mcp/decorators/resource.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/resource.decorator.js +2 -1
- package/dist/mcp/decorators/resource.decorator.js.map +1 -1
- package/dist/mcp/decorators/tool.decorator.d.ts +1 -3
- package/dist/mcp/decorators/tool.decorator.d.ts.map +1 -1
- package/dist/mcp/decorators/tool.decorator.js +2 -1
- package/dist/mcp/decorators/tool.decorator.js.map +1 -1
- package/dist/mcp/filters/mcp-exception.filter.d.ts +6 -0
- package/dist/mcp/filters/mcp-exception.filter.d.ts.map +1 -0
- package/dist/mcp/filters/mcp-exception.filter.js +26 -0
- package/dist/mcp/filters/mcp-exception.filter.js.map +1 -0
- package/dist/mcp/index.d.ts +11 -7
- package/dist/mcp/index.d.ts.map +1 -1
- package/dist/mcp/index.js +11 -7
- package/dist/mcp/index.js.map +1 -1
- package/dist/mcp/interfaces/authenticated-user.interface.d.ts +9 -0
- package/dist/mcp/interfaces/authenticated-user.interface.d.ts.map +1 -0
- package/dist/{authz/interfaces/request-with-user.js → mcp/interfaces/authenticated-user.interface.js} +1 -1
- package/dist/mcp/interfaces/authenticated-user.interface.js.map +1 -0
- package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-prompt.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-prompt.interface.js.map +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-resource.interface.js.map +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.d.ts +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.d.ts.map +1 -1
- package/dist/mcp/interfaces/dynamic-tool.interface.js.map +1 -1
- package/dist/mcp/interfaces/index.d.ts +2 -2
- package/dist/mcp/interfaces/index.d.ts.map +1 -1
- package/dist/mcp/interfaces/index.js +0 -3
- package/dist/mcp/interfaces/index.js.map +1 -1
- package/dist/mcp/services/tool-authorization.service.d.ts +7 -5
- package/dist/mcp/services/tool-authorization.service.d.ts.map +1 -1
- package/dist/mcp/services/tool-authorization.service.js +9 -6
- package/dist/mcp/services/tool-authorization.service.js.map +1 -1
- package/dist/mcp/transport/mcp-context.d.ts +34 -0
- package/dist/mcp/transport/mcp-context.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-context.js +74 -0
- package/dist/mcp/transport/mcp-context.js.map +1 -0
- package/dist/mcp/transport/mcp-http-handler.d.ts +7 -0
- package/dist/mcp/transport/mcp-http-handler.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-http-handler.js +5 -0
- package/dist/mcp/transport/mcp-http-handler.js.map +1 -0
- package/dist/mcp/transport/mcp-server-options.interface.d.ts +23 -0
- package/dist/mcp/transport/mcp-server-options.interface.d.ts.map +1 -0
- package/dist/{authz/providers/oauth-provider.interface.js → mcp/transport/mcp-server-options.interface.js} +1 -1
- package/dist/mcp/transport/mcp-server-options.interface.js.map +1 -0
- package/dist/mcp/transport/mcp-transport.constants.d.ts +19 -0
- package/dist/mcp/transport/mcp-transport.constants.d.ts.map +1 -0
- package/dist/mcp/transport/mcp-transport.constants.js +21 -0
- package/dist/mcp/transport/mcp-transport.constants.js.map +1 -0
- package/dist/mcp/transport/mcp-transport.interface.d.ts +17 -0
- package/dist/mcp/transport/mcp-transport.interface.d.ts.map +1 -0
- package/dist/{authz/interfaces/oauth-common.interface.js → mcp/transport/mcp-transport.interface.js} +1 -1
- package/dist/mcp/transport/mcp-transport.interface.js.map +1 -0
- package/dist/mcp/transport/mcp.strategy.d.ts +56 -0
- package/dist/mcp/transport/mcp.strategy.d.ts.map +1 -0
- package/dist/mcp/transport/mcp.strategy.js +446 -0
- package/dist/mcp/transport/mcp.strategy.js.map +1 -0
- package/dist/mcp/transport/resource-matcher.d.ts +13 -0
- package/dist/mcp/transport/resource-matcher.d.ts.map +1 -0
- package/dist/mcp/transport/resource-matcher.js +83 -0
- package/dist/mcp/transport/resource-matcher.js.map +1 -0
- package/dist/mcp/transport/streamable-http.controller.d.ts +16 -0
- package/dist/mcp/transport/streamable-http.controller.d.ts.map +1 -0
- package/dist/mcp/transport/streamable-http.controller.js +98 -0
- package/dist/mcp/transport/streamable-http.controller.js.map +1 -0
- package/dist/mcp/transport/transports/index.d.ts +3 -0
- package/dist/mcp/transport/transports/index.d.ts.map +1 -0
- package/dist/{authz → mcp/transport/transports}/index.js +2 -10
- package/dist/mcp/transport/transports/index.js.map +1 -0
- package/dist/mcp/transport/transports/read-body.d.ts +3 -0
- package/dist/mcp/transport/transports/read-body.d.ts.map +1 -0
- package/dist/mcp/transport/transports/read-body.js +32 -0
- package/dist/mcp/transport/transports/read-body.js.map +1 -0
- package/dist/mcp/transport/transports/stdio.transport.d.ts +9 -0
- package/dist/mcp/transport/transports/stdio.transport.d.ts.map +1 -0
- package/dist/mcp/transport/transports/stdio.transport.js +27 -0
- package/dist/mcp/transport/transports/stdio.transport.js.map +1 -0
- package/dist/mcp/transport/transports/streamable-http.transport.d.ts +33 -0
- package/dist/mcp/transport/transports/streamable-http.transport.d.ts.map +1 -0
- package/dist/mcp/transport/transports/streamable-http.transport.js +216 -0
- package/dist/mcp/transport/transports/streamable-http.transport.js.map +1 -0
- package/dist/mcp/utils/mcp-logger.factory.d.ts +6 -2
- package/dist/mcp/utils/mcp-logger.factory.d.ts.map +1 -1
- package/dist/mcp/utils/mcp-logger.factory.js.map +1 -1
- package/package.json +3 -66
- package/src/index.ts +0 -1
- package/src/mcp/decorators/constants.ts +1 -0
- package/src/mcp/decorators/index.ts +3 -1
- package/src/mcp/decorators/mcp-controller.decorator.ts +126 -0
- package/src/mcp/decorators/mcp-message-pattern.ts +38 -0
- package/src/mcp/decorators/prompt.decorator.ts +32 -2
- package/src/mcp/decorators/public.decorator.ts +3 -3
- package/src/mcp/decorators/raw-request.decorator.ts +32 -0
- package/src/mcp/decorators/resource-template.decorator.ts +6 -2
- package/src/mcp/decorators/resource.decorator.ts +6 -2
- package/src/mcp/decorators/tool.decorator.ts +6 -3
- package/src/mcp/filters/mcp-exception.filter.ts +47 -0
- package/src/mcp/index.ts +13 -7
- package/src/mcp/interfaces/authenticated-user.interface.ts +22 -0
- package/src/mcp/interfaces/dynamic-prompt.interface.ts +1 -1
- package/src/mcp/interfaces/dynamic-resource.interface.ts +1 -1
- package/src/mcp/interfaces/dynamic-tool.interface.ts +2 -2
- package/src/mcp/interfaces/index.ts +3 -7
- package/src/mcp/services/tool-authorization.service.ts +52 -72
- package/src/mcp/transport/mcp-context.ts +138 -0
- package/src/mcp/transport/mcp-http-handler.ts +32 -0
- package/src/mcp/transport/mcp-server-options.interface.ts +75 -0
- package/src/mcp/transport/mcp-transport.constants.ts +99 -0
- package/src/mcp/transport/mcp-transport.interface.ts +50 -0
- package/src/mcp/transport/mcp.strategy.ts +752 -0
- package/src/mcp/transport/resource-matcher.ts +107 -0
- package/src/mcp/transport/streamable-http.controller.ts +114 -0
- package/src/mcp/transport/transports/index.ts +2 -0
- package/src/mcp/transport/transports/read-body.ts +39 -0
- package/src/mcp/transport/transports/stdio.transport.ts +35 -0
- package/src/mcp/transport/transports/streamable-http.transport.ts +384 -0
- package/src/mcp/utils/mcp-logger.factory.spec.ts +8 -22
- package/src/mcp/utils/mcp-logger.factory.ts +13 -2
- package/dist/authz/guards/jwt-auth.guard.d.ts +0 -19
- package/dist/authz/guards/jwt-auth.guard.d.ts.map +0 -1
- package/dist/authz/guards/jwt-auth.guard.js +0 -108
- package/dist/authz/guards/jwt-auth.guard.js.map +0 -1
- package/dist/authz/index.d.ts +0 -11
- package/dist/authz/index.d.ts.map +0 -1
- package/dist/authz/index.js.map +0 -1
- package/dist/authz/interfaces/oauth-common.interface.d.ts +0 -21
- package/dist/authz/interfaces/oauth-common.interface.d.ts.map +0 -1
- package/dist/authz/interfaces/oauth-common.interface.js.map +0 -1
- package/dist/authz/interfaces/request-with-user.d.ts +0 -13
- package/dist/authz/interfaces/request-with-user.d.ts.map +0 -1
- package/dist/authz/interfaces/request-with-user.js.map +0 -1
- package/dist/authz/mcp-oauth.controller.d.ts +0 -81
- package/dist/authz/mcp-oauth.controller.d.ts.map +0 -1
- package/dist/authz/mcp-oauth.controller.js +0 -540
- package/dist/authz/mcp-oauth.controller.js.map +0 -1
- package/dist/authz/mcp-oauth.module.d.ts +0 -12
- package/dist/authz/mcp-oauth.module.d.ts.map +0 -1
- package/dist/authz/mcp-oauth.module.js +0 -271
- package/dist/authz/mcp-oauth.module.js.map +0 -1
- package/dist/authz/providers/azure-ad.provider.d.ts +0 -3
- package/dist/authz/providers/azure-ad.provider.d.ts.map +0 -1
- package/dist/authz/providers/azure-ad.provider.js +0 -37
- package/dist/authz/providers/azure-ad.provider.js.map +0 -1
- package/dist/authz/providers/github.provider.d.ts +0 -3
- package/dist/authz/providers/github.provider.d.ts.map +0 -1
- package/dist/authz/providers/github.provider.js +0 -24
- package/dist/authz/providers/github.provider.js.map +0 -1
- package/dist/authz/providers/google.provider.d.ts +0 -3
- package/dist/authz/providers/google.provider.d.ts.map +0 -1
- package/dist/authz/providers/google.provider.js +0 -25
- package/dist/authz/providers/google.provider.js.map +0 -1
- package/dist/authz/providers/oauth-provider.interface.d.ts +0 -107
- package/dist/authz/providers/oauth-provider.interface.d.ts.map +0 -1
- package/dist/authz/providers/oauth-provider.interface.js.map +0 -1
- package/dist/authz/services/client.service.d.ts +0 -12
- package/dist/authz/services/client.service.d.ts.map +0 -1
- package/dist/authz/services/client.service.js +0 -81
- package/dist/authz/services/client.service.js.map +0 -1
- package/dist/authz/services/jwt-token.service.d.ts +0 -37
- package/dist/authz/services/jwt-token.service.d.ts.map +0 -1
- package/dist/authz/services/jwt-token.service.js +0 -182
- package/dist/authz/services/jwt-token.service.js.map +0 -1
- package/dist/authz/services/oauth-strategy.service.d.ts +0 -13
- package/dist/authz/services/oauth-strategy.service.d.ts.map +0 -1
- package/dist/authz/services/oauth-strategy.service.js +0 -71
- package/dist/authz/services/oauth-strategy.service.js.map +0 -1
- package/dist/authz/stores/memory-store.service.d.ts +0 -27
- package/dist/authz/stores/memory-store.service.d.ts.map +0 -1
- package/dist/authz/stores/memory-store.service.js +0 -107
- package/dist/authz/stores/memory-store.service.js.map +0 -1
- package/dist/authz/stores/oauth-store.interface.d.ts +0 -61
- package/dist/authz/stores/oauth-store.interface.d.ts.map +0 -1
- package/dist/authz/stores/oauth-store.interface.js +0 -5
- package/dist/authz/stores/oauth-store.interface.js.map +0 -1
- package/dist/authz/stores/typeorm/constants.d.ts +0 -3
- package/dist/authz/stores/typeorm/constants.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/constants.js +0 -6
- package/dist/authz/stores/typeorm/constants.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts +0 -15
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js +0 -69
- package/dist/authz/stores/typeorm/entities/authorization-code.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/index.d.ts +0 -5
- package/dist/authz/stores/typeorm/entities/index.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/index.js +0 -12
- package/dist/authz/stores/typeorm/entities/index.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts +0 -17
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js +0 -77
- package/dist/authz/stores/typeorm/entities/oauth-client.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts +0 -14
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js +0 -65
- package/dist/authz/stores/typeorm/entities/oauth-session.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts +0 -13
- package/dist/authz/stores/typeorm/entities/user-profile.entity.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js +0 -62
- package/dist/authz/stores/typeorm/entities/user-profile.entity.js.map +0 -1
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts +0 -28
- package/dist/authz/stores/typeorm/typeorm-store.service.d.ts.map +0 -1
- package/dist/authz/stores/typeorm/typeorm-store.service.js +0 -138
- package/dist/authz/stores/typeorm/typeorm-store.service.js.map +0 -1
- package/dist/mcp/constants/feature-registration.constants.d.ts +0 -7
- package/dist/mcp/constants/feature-registration.constants.d.ts.map +0 -1
- package/dist/mcp/constants/feature-registration.constants.js +0 -5
- package/dist/mcp/constants/feature-registration.constants.js.map +0 -1
- package/dist/mcp/decorators/tool-guards.decorator.d.ts +0 -12
- package/dist/mcp/decorators/tool-guards.decorator.d.ts.map +0 -1
- package/dist/mcp/decorators/tool-guards.decorator.js +0 -13
- package/dist/mcp/decorators/tool-guards.decorator.js.map +0 -1
- package/dist/mcp/interfaces/mcp-options.interface.d.ts +0 -53
- package/dist/mcp/interfaces/mcp-options.interface.d.ts.map +0 -1
- package/dist/mcp/interfaces/mcp-options.interface.js +0 -10
- package/dist/mcp/interfaces/mcp-options.interface.js.map +0 -1
- package/dist/mcp/mcp.module.d.ts +0 -15
- package/dist/mcp/mcp.module.d.ts.map +0 -1
- package/dist/mcp/mcp.module.js +0 -248
- package/dist/mcp/mcp.module.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts +0 -117
- package/dist/mcp/services/handlers/mcp-handler.base.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-handler.base.js +0 -125
- package/dist/mcp/services/handlers/mcp-handler.base.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts +0 -12
- package/dist/mcp/services/handlers/mcp-prompts.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-prompts.handler.js +0 -98
- package/dist/mcp/services/handlers/mcp-prompts.handler.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts +0 -13
- package/dist/mcp/services/handlers/mcp-resources.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-resources.handler.js +0 -117
- package/dist/mcp/services/handlers/mcp-resources.handler.js.map +0 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts +0 -22
- package/dist/mcp/services/handlers/mcp-tools.handler.d.ts.map +0 -1
- package/dist/mcp/services/handlers/mcp-tools.handler.js +0 -258
- package/dist/mcp/services/handlers/mcp-tools.handler.js.map +0 -1
- package/dist/mcp/services/mcp-dynamic-registry.service.d.ts +0 -26
- package/dist/mcp/services/mcp-dynamic-registry.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-dynamic-registry.service.js +0 -133
- package/dist/mcp/services/mcp-dynamic-registry.service.js.map +0 -1
- package/dist/mcp/services/mcp-executor.service.d.ts +0 -15
- package/dist/mcp/services/mcp-executor.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-executor.service.js +0 -47
- package/dist/mcp/services/mcp-executor.service.js.map +0 -1
- package/dist/mcp/services/mcp-registry-discovery.service.d.ts +0 -63
- package/dist/mcp/services/mcp-registry-discovery.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-registry-discovery.service.js +0 -397
- package/dist/mcp/services/mcp-registry-discovery.service.js.map +0 -1
- package/dist/mcp/services/mcp-sse.service.d.ts +0 -20
- package/dist/mcp/services/mcp-sse.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-sse.service.js +0 -91
- package/dist/mcp/services/mcp-sse.service.js.map +0 -1
- package/dist/mcp/services/mcp-streamable-http.service.d.ts +0 -32
- package/dist/mcp/services/mcp-streamable-http.service.d.ts.map +0 -1
- package/dist/mcp/services/mcp-streamable-http.service.js +0 -327
- package/dist/mcp/services/mcp-streamable-http.service.js.map +0 -1
- package/dist/mcp/services/sse-ping.service.d.ts +0 -23
- package/dist/mcp/services/sse-ping.service.d.ts.map +0 -1
- package/dist/mcp/services/sse-ping.service.js +0 -99
- package/dist/mcp/services/sse-ping.service.js.map +0 -1
- package/dist/mcp/transport/sse.controller.factory.d.ts +0 -14
- package/dist/mcp/transport/sse.controller.factory.d.ts.map +0 -1
- package/dist/mcp/transport/sse.controller.factory.js +0 -67
- package/dist/mcp/transport/sse.controller.factory.js.map +0 -1
- package/dist/mcp/transport/stdio.service.d.ts +0 -14
- package/dist/mcp/transport/stdio.service.d.ts.map +0 -1
- package/dist/mcp/transport/stdio.service.js +0 -66
- package/dist/mcp/transport/stdio.service.js.map +0 -1
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts +0 -14
- package/dist/mcp/transport/streamable-http.controller.factory.d.ts.map +0 -1
- package/dist/mcp/transport/streamable-http.controller.factory.js +0 -74
- package/dist/mcp/transport/streamable-http.controller.factory.js.map +0 -1
- package/dist/mcp/utils/capabilities-builder.d.ts +0 -5
- package/dist/mcp/utils/capabilities-builder.d.ts.map +0 -1
- package/dist/mcp/utils/capabilities-builder.js +0 -25
- package/dist/mcp/utils/capabilities-builder.js.map +0 -1
- package/dist/mcp/utils/mcp-server.factory.d.ts +0 -6
- package/dist/mcp/utils/mcp-server.factory.d.ts.map +0 -1
- package/dist/mcp/utils/mcp-server.factory.js +0 -22
- package/dist/mcp/utils/mcp-server.factory.js.map +0 -1
- package/src/authz/guards/jwt-auth.guard.ts +0 -127
- package/src/authz/index.ts +0 -10
- package/src/authz/interfaces/oauth-common.interface.ts +0 -21
- package/src/authz/interfaces/request-with-user.ts +0 -16
- package/src/authz/mcp-oauth.controller.ts +0 -860
- package/src/authz/mcp-oauth.module.ts +0 -384
- package/src/authz/providers/azure-ad.provider.ts +0 -40
- package/src/authz/providers/github.provider.ts +0 -22
- package/src/authz/providers/google.provider.ts +0 -23
- package/src/authz/providers/oauth-provider.interface.ts +0 -147
- package/src/authz/services/client.service.ts +0 -125
- package/src/authz/services/jwt-token.service.spec.ts +0 -67
- package/src/authz/services/jwt-token.service.ts +0 -188
- package/src/authz/services/oauth-strategy.service.ts +0 -64
- package/src/authz/stores/memory-store.service.spec.ts +0 -475
- package/src/authz/stores/memory-store.service.ts +0 -141
- package/src/authz/stores/oauth-store.interface.ts +0 -131
- package/src/authz/stores/typeorm/README.md +0 -140
- package/src/authz/stores/typeorm/constants.ts +0 -6
- package/src/authz/stores/typeorm/entities/authorization-code.entity.ts +0 -41
- package/src/authz/stores/typeorm/entities/index.ts +0 -4
- package/src/authz/stores/typeorm/entities/oauth-client.entity.ts +0 -53
- package/src/authz/stores/typeorm/entities/oauth-session.entity.ts +0 -38
- package/src/authz/stores/typeorm/entities/user-profile.entity.ts +0 -46
- package/src/authz/stores/typeorm/typeorm-store.service.spec.ts +0 -494
- package/src/authz/stores/typeorm/typeorm-store.service.ts +0 -165
- package/src/mcp/constants/feature-registration.constants.ts +0 -24
- package/src/mcp/decorators/tool-guards.decorator.ts +0 -82
- package/src/mcp/interfaces/mcp-options.interface.ts +0 -95
- package/src/mcp/mcp.module.ts +0 -349
- package/src/mcp/services/handlers/mcp-handler.base.ts +0 -203
- package/src/mcp/services/handlers/mcp-prompts.handler.ts +0 -143
- package/src/mcp/services/handlers/mcp-resources.handler.ts +0 -183
- package/src/mcp/services/handlers/mcp-tools.handler.spec.ts +0 -41
- package/src/mcp/services/handlers/mcp-tools.handler.ts +0 -436
- package/src/mcp/services/mcp-dynamic-registry.service.ts +0 -236
- package/src/mcp/services/mcp-executor.service.ts +0 -64
- package/src/mcp/services/mcp-registry-discovery.service.spec.ts +0 -306
- package/src/mcp/services/mcp-registry-discovery.service.ts +0 -849
- package/src/mcp/services/mcp-sse.service.ts +0 -124
- package/src/mcp/services/mcp-streamable-http.service.ts +0 -472
- package/src/mcp/services/sse-ping.service.ts +0 -144
- package/src/mcp/transport/custom-decorator.spec.ts +0 -75
- package/src/mcp/transport/sse.controller.factory.ts +0 -84
- package/src/mcp/transport/stdio.service.ts +0 -75
- package/src/mcp/transport/streamable-http.controller.factory.ts +0 -80
- package/src/mcp/utils/capabilities-builder.ts +0 -43
- package/src/mcp/utils/mcp-server.factory.ts +0 -33
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import { DynamicModule } from '@nestjs/common';
|
|
2
|
-
import type { OAuthUserModuleOptions as AuthUserModuleOptions, OAuthModuleDefaults } from './providers/oauth-provider.interface';
|
|
3
|
-
export declare const DEFAULT_OPTIONS: OAuthModuleDefaults;
|
|
4
|
-
export declare class McpAuthModule {
|
|
5
|
-
readonly __isMcpAuthModule = true;
|
|
6
|
-
static forRoot(options: AuthUserModuleOptions): DynamicModule;
|
|
7
|
-
private static mergeAndValidateOptions;
|
|
8
|
-
private static validateRequiredOptions;
|
|
9
|
-
private static validateResolvedOptions;
|
|
10
|
-
private static createStoreProvider;
|
|
11
|
-
}
|
|
12
|
-
//# sourceMappingURL=mcp-oauth.module.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-oauth.module.d.ts","sourceRoot":"","sources":["../../src/authz/mcp-oauth.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAU,MAAM,gBAAgB,CAAC;AAMvD,OAAO,KAAK,EACV,sBAAsB,IAAI,qBAAqB,EAE/C,mBAAmB,EAEpB,MAAM,sCAAsC,CAAC;AAW9C,eAAO,MAAM,eAAe,EAAE,mBA4C7B,CAAC;AAEF,qBACa,aAAa;IAIxB,QAAQ,CAAC,iBAAiB,QAAQ;IAElC,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,qBAAqB,GAAG,aAAa;IA4J7D,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAkDtC,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAiBtC,OAAO,CAAC,MAAM,CAAC,uBAAuB;IA0BtC,OAAO,CAAC,MAAM,CAAC,mBAAmB;CAoCnC"}
|
|
@@ -1,271 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
-
};
|
|
8
|
-
var McpAuthModule_1;
|
|
9
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
-
exports.McpAuthModule = exports.DEFAULT_OPTIONS = void 0;
|
|
11
|
-
const common_1 = require("@nestjs/common");
|
|
12
|
-
const config_1 = require("@nestjs/config");
|
|
13
|
-
const jwt_1 = require("@nestjs/jwt");
|
|
14
|
-
const passport_1 = require("@nestjs/passport");
|
|
15
|
-
const jwt_auth_guard_1 = require("./guards/jwt-auth.guard");
|
|
16
|
-
const mcp_oauth_controller_1 = require("./mcp-oauth.controller");
|
|
17
|
-
const client_service_1 = require("./services/client.service");
|
|
18
|
-
const jwt_token_service_1 = require("./services/jwt-token.service");
|
|
19
|
-
const oauth_strategy_service_1 = require("./services/oauth-strategy.service");
|
|
20
|
-
const memory_store_service_1 = require("./stores/memory-store.service");
|
|
21
|
-
const normalize_endpoint_1 = require("../mcp/utils/normalize-endpoint");
|
|
22
|
-
const constants_1 = require("./stores/typeorm/constants");
|
|
23
|
-
let authInstanceIdCounter = 0;
|
|
24
|
-
exports.DEFAULT_OPTIONS = {
|
|
25
|
-
serverUrl: 'http://localhost:3000',
|
|
26
|
-
resource: 'http://localhost:3000/mcp',
|
|
27
|
-
jwtIssuer: 'http://localhost:3000',
|
|
28
|
-
jwtAudience: 'mcp-client',
|
|
29
|
-
jwtAccessTokenExpiresIn: '1d',
|
|
30
|
-
jwtRefreshTokenExpiresIn: '30d',
|
|
31
|
-
enableRefreshTokens: true,
|
|
32
|
-
cookieMaxAge: 24 * 60 * 60 * 1000,
|
|
33
|
-
oauthSessionExpiresIn: 10 * 60 * 1000,
|
|
34
|
-
authCodeExpiresIn: 10 * 60 * 1000,
|
|
35
|
-
nodeEnv: 'development',
|
|
36
|
-
apiPrefix: '',
|
|
37
|
-
endpoints: {
|
|
38
|
-
wellKnownAuthorizationServerMetadata: '/.well-known/oauth-authorization-server',
|
|
39
|
-
wellKnownProtectedResourceMetadata: '/.well-known/oauth-protected-resource',
|
|
40
|
-
register: '/register',
|
|
41
|
-
authorize: '/authorize',
|
|
42
|
-
callback: '/callback',
|
|
43
|
-
token: '/token',
|
|
44
|
-
revoke: '/revoke',
|
|
45
|
-
},
|
|
46
|
-
disableEndpoints: {
|
|
47
|
-
wellKnownAuthorizationServerMetadata: false,
|
|
48
|
-
wellKnownProtectedResourceMetadata: false,
|
|
49
|
-
},
|
|
50
|
-
protectedResourceMetadata: {
|
|
51
|
-
scopesSupported: ['offline_access'],
|
|
52
|
-
bearerMethodsSupported: ['header'],
|
|
53
|
-
mcpVersionsSupported: ['2025-06-18'],
|
|
54
|
-
},
|
|
55
|
-
authorizationServerMetadata: {
|
|
56
|
-
responseTypesSupported: ['code'],
|
|
57
|
-
responseModesSupported: ['query'],
|
|
58
|
-
grantTypesSupported: ['authorization_code', 'refresh_token'],
|
|
59
|
-
tokenEndpointAuthMethodsSupported: [
|
|
60
|
-
'client_secret_basic',
|
|
61
|
-
'client_secret_post',
|
|
62
|
-
'none',
|
|
63
|
-
],
|
|
64
|
-
scopesSupported: ['offline_access'],
|
|
65
|
-
codeChallengeMethodsSupported: ['plain', 'S256'],
|
|
66
|
-
},
|
|
67
|
-
};
|
|
68
|
-
let McpAuthModule = McpAuthModule_1 = class McpAuthModule {
|
|
69
|
-
constructor() {
|
|
70
|
-
this.__isMcpAuthModule = true;
|
|
71
|
-
}
|
|
72
|
-
static forRoot(options) {
|
|
73
|
-
const authModuleId = `mcp-auth-module-${authInstanceIdCounter++}`;
|
|
74
|
-
const resolvedOptions = this.mergeAndValidateOptions(exports.DEFAULT_OPTIONS, options);
|
|
75
|
-
resolvedOptions.endpoints = prepareEndpoints(resolvedOptions.apiPrefix, exports.DEFAULT_OPTIONS.endpoints, options.endpoints || {});
|
|
76
|
-
const oauthModuleOptionsToken = `OAUTH_MODULE_OPTIONS_${authModuleId}`;
|
|
77
|
-
const oauthModuleOptions = {
|
|
78
|
-
provide: oauthModuleOptionsToken,
|
|
79
|
-
useValue: resolvedOptions,
|
|
80
|
-
};
|
|
81
|
-
const imports = [
|
|
82
|
-
config_1.ConfigModule,
|
|
83
|
-
passport_1.PassportModule.register({
|
|
84
|
-
defaultStrategy: 'jwt',
|
|
85
|
-
session: false,
|
|
86
|
-
}),
|
|
87
|
-
jwt_1.JwtModule.register({
|
|
88
|
-
secret: resolvedOptions.jwtSecret,
|
|
89
|
-
signOptions: {
|
|
90
|
-
issuer: resolvedOptions.jwtIssuer,
|
|
91
|
-
audience: resolvedOptions.jwtAudience,
|
|
92
|
-
},
|
|
93
|
-
}),
|
|
94
|
-
];
|
|
95
|
-
const storeConfig = resolvedOptions.storeConfiguration;
|
|
96
|
-
const isTypeOrmStore = storeConfig?.type === 'typeorm';
|
|
97
|
-
if (isTypeOrmStore) {
|
|
98
|
-
const typeormOptions = storeConfig.options;
|
|
99
|
-
try {
|
|
100
|
-
const { TypeOrmModule } = require('@nestjs/typeorm');
|
|
101
|
-
const { OAuthClientEntity, AuthorizationCodeEntity, OAuthSessionEntity, OAuthUserProfileEntity, } = require('./stores/typeorm/entities');
|
|
102
|
-
imports.push(TypeOrmModule.forRoot({
|
|
103
|
-
...typeormOptions,
|
|
104
|
-
name: constants_1.OAUTH_TYPEORM_CONNECTION_NAME,
|
|
105
|
-
entities: [
|
|
106
|
-
OAuthClientEntity,
|
|
107
|
-
AuthorizationCodeEntity,
|
|
108
|
-
OAuthSessionEntity,
|
|
109
|
-
OAuthUserProfileEntity,
|
|
110
|
-
],
|
|
111
|
-
}), TypeOrmModule.forFeature([
|
|
112
|
-
OAuthClientEntity,
|
|
113
|
-
AuthorizationCodeEntity,
|
|
114
|
-
OAuthSessionEntity,
|
|
115
|
-
OAuthUserProfileEntity,
|
|
116
|
-
], constants_1.OAUTH_TYPEORM_CONNECTION_NAME));
|
|
117
|
-
}
|
|
118
|
-
catch (err) {
|
|
119
|
-
throw new Error("To use the TypeORM store, please install '@nestjs/typeorm' and 'typeorm'.");
|
|
120
|
-
}
|
|
121
|
-
}
|
|
122
|
-
const oauthStoreToken = `IOAuthStore_${authModuleId}`;
|
|
123
|
-
const oauthStoreProvider = this.createStoreProvider(resolvedOptions.storeConfiguration, oauthStoreToken);
|
|
124
|
-
const oauthStoreAliasProvider = {
|
|
125
|
-
provide: memory_store_service_1.MemoryStore,
|
|
126
|
-
useExisting: oauthStoreToken,
|
|
127
|
-
};
|
|
128
|
-
const providers = [
|
|
129
|
-
{
|
|
130
|
-
provide: 'OAUTH_MODULE_ID',
|
|
131
|
-
useValue: authModuleId,
|
|
132
|
-
},
|
|
133
|
-
oauthModuleOptions,
|
|
134
|
-
oauthStoreProvider,
|
|
135
|
-
oauthStoreAliasProvider,
|
|
136
|
-
{
|
|
137
|
-
provide: 'OAUTH_MODULE_OPTIONS',
|
|
138
|
-
useExisting: oauthModuleOptionsToken,
|
|
139
|
-
},
|
|
140
|
-
{
|
|
141
|
-
provide: 'IOAuthStore',
|
|
142
|
-
useExisting: oauthStoreToken,
|
|
143
|
-
},
|
|
144
|
-
oauth_strategy_service_1.OAuthStrategyService,
|
|
145
|
-
client_service_1.ClientService,
|
|
146
|
-
jwt_token_service_1.JwtTokenService,
|
|
147
|
-
jwt_auth_guard_1.McpAuthJwtGuard,
|
|
148
|
-
];
|
|
149
|
-
const OAuthControllerClass = (0, mcp_oauth_controller_1.createMcpOAuthController)(resolvedOptions.endpoints, {
|
|
150
|
-
disableWellKnownAuthorizationServerMetadata: resolvedOptions.disableEndpoints
|
|
151
|
-
.wellKnownAuthorizationServerMetadata ?? false,
|
|
152
|
-
disableWellKnownProtectedResourceMetadata: resolvedOptions.disableEndpoints.wellKnownProtectedResourceMetadata ??
|
|
153
|
-
false,
|
|
154
|
-
}, authModuleId);
|
|
155
|
-
return {
|
|
156
|
-
module: McpAuthModule_1,
|
|
157
|
-
imports,
|
|
158
|
-
controllers: [OAuthControllerClass],
|
|
159
|
-
providers,
|
|
160
|
-
exports: [
|
|
161
|
-
'OAUTH_MODULE_ID',
|
|
162
|
-
'OAUTH_MODULE_OPTIONS',
|
|
163
|
-
'IOAuthStore',
|
|
164
|
-
jwt_token_service_1.JwtTokenService,
|
|
165
|
-
client_service_1.ClientService,
|
|
166
|
-
oauth_strategy_service_1.OAuthStrategyService,
|
|
167
|
-
jwt_auth_guard_1.McpAuthJwtGuard,
|
|
168
|
-
memory_store_service_1.MemoryStore,
|
|
169
|
-
],
|
|
170
|
-
};
|
|
171
|
-
}
|
|
172
|
-
static mergeAndValidateOptions(defaults, options) {
|
|
173
|
-
this.validateRequiredOptions(options);
|
|
174
|
-
const resolvedOptions = {
|
|
175
|
-
...defaults,
|
|
176
|
-
...options,
|
|
177
|
-
jwtIssuer: options.jwtIssuer || options.serverUrl || exports.DEFAULT_OPTIONS.jwtIssuer,
|
|
178
|
-
cookieSecure: options.cookieSecure || process.env.NODE_ENV === 'production',
|
|
179
|
-
protectedResourceMetadata: {
|
|
180
|
-
...defaults.protectedResourceMetadata,
|
|
181
|
-
...options.protectedResourceMetadata,
|
|
182
|
-
},
|
|
183
|
-
authorizationServerMetadata: {
|
|
184
|
-
...defaults.authorizationServerMetadata,
|
|
185
|
-
...options.authorizationServerMetadata,
|
|
186
|
-
},
|
|
187
|
-
disableEndpoints: {
|
|
188
|
-
...defaults.disableEndpoints,
|
|
189
|
-
...(options.disableEndpoints || {}),
|
|
190
|
-
},
|
|
191
|
-
};
|
|
192
|
-
if (!resolvedOptions.enableRefreshTokens) {
|
|
193
|
-
resolvedOptions.authorizationServerMetadata.grantTypesSupported =
|
|
194
|
-
resolvedOptions.authorizationServerMetadata.grantTypesSupported.filter((g) => g !== 'refresh_token');
|
|
195
|
-
resolvedOptions.protectedResourceMetadata.scopesSupported =
|
|
196
|
-
resolvedOptions.protectedResourceMetadata.scopesSupported.filter((s) => s !== 'offline_access');
|
|
197
|
-
}
|
|
198
|
-
this.validateResolvedOptions(resolvedOptions);
|
|
199
|
-
return resolvedOptions;
|
|
200
|
-
}
|
|
201
|
-
static validateRequiredOptions(options) {
|
|
202
|
-
const requiredFields = [
|
|
203
|
-
'provider',
|
|
204
|
-
'clientId',
|
|
205
|
-
'clientSecret',
|
|
206
|
-
'jwtSecret',
|
|
207
|
-
];
|
|
208
|
-
for (const field of requiredFields) {
|
|
209
|
-
if (!options[field]) {
|
|
210
|
-
throw new Error(`OAuthModuleOptions: ${String(field)} is required and must be provided by the user`);
|
|
211
|
-
}
|
|
212
|
-
}
|
|
213
|
-
}
|
|
214
|
-
static validateResolvedOptions(options) {
|
|
215
|
-
if (options.jwtSecret.length < 32) {
|
|
216
|
-
throw new Error('OAuthModuleOptions: jwtSecret must be at least 32 characters long');
|
|
217
|
-
}
|
|
218
|
-
try {
|
|
219
|
-
new URL(options.serverUrl);
|
|
220
|
-
new URL(options.jwtIssuer);
|
|
221
|
-
}
|
|
222
|
-
catch {
|
|
223
|
-
throw new Error('OAuthModuleOptions: serverUrl and jwtIssuer must be valid URLs');
|
|
224
|
-
}
|
|
225
|
-
if (!options.provider.name || !options.provider.strategy) {
|
|
226
|
-
throw new Error('OAuthModuleOptions: provider must have name and strategy');
|
|
227
|
-
}
|
|
228
|
-
}
|
|
229
|
-
static createStoreProvider(storeConfiguration, provideToken) {
|
|
230
|
-
if (!storeConfiguration || storeConfiguration.type === 'memory') {
|
|
231
|
-
return {
|
|
232
|
-
provide: provideToken,
|
|
233
|
-
useValue: new memory_store_service_1.MemoryStore(),
|
|
234
|
-
};
|
|
235
|
-
}
|
|
236
|
-
if (storeConfiguration.type === 'typeorm') {
|
|
237
|
-
const { TypeOrmStore, } = require('./stores/typeorm/typeorm-store.service');
|
|
238
|
-
return {
|
|
239
|
-
provide: provideToken,
|
|
240
|
-
useClass: TypeOrmStore,
|
|
241
|
-
};
|
|
242
|
-
}
|
|
243
|
-
if (storeConfiguration.type === 'custom') {
|
|
244
|
-
return {
|
|
245
|
-
provide: provideToken,
|
|
246
|
-
useValue: storeConfiguration.store,
|
|
247
|
-
};
|
|
248
|
-
}
|
|
249
|
-
throw new Error(`Unknown store configuration type: ${storeConfiguration.type}`);
|
|
250
|
-
}
|
|
251
|
-
};
|
|
252
|
-
exports.McpAuthModule = McpAuthModule;
|
|
253
|
-
exports.McpAuthModule = McpAuthModule = McpAuthModule_1 = __decorate([
|
|
254
|
-
(0, common_1.Module)({})
|
|
255
|
-
], McpAuthModule);
|
|
256
|
-
function prepareEndpoints(apiPrefix, defaultEndpoints, configuredEndpoints) {
|
|
257
|
-
const updatedDefaultEndpoints = {
|
|
258
|
-
wellKnownAuthorizationServerMetadata: defaultEndpoints.wellKnownAuthorizationServerMetadata,
|
|
259
|
-
wellKnownProtectedResourceMetadata: defaultEndpoints.wellKnownProtectedResourceMetadata,
|
|
260
|
-
callback: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.callback}`),
|
|
261
|
-
token: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.token}`),
|
|
262
|
-
revoke: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.revoke}`),
|
|
263
|
-
authorize: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.authorize}`),
|
|
264
|
-
register: (0, normalize_endpoint_1.normalizeEndpoint)(`/${apiPrefix}/${defaultEndpoints.register}`),
|
|
265
|
-
};
|
|
266
|
-
return {
|
|
267
|
-
...updatedDefaultEndpoints,
|
|
268
|
-
...configuredEndpoints,
|
|
269
|
-
};
|
|
270
|
-
}
|
|
271
|
-
//# sourceMappingURL=mcp-oauth.module.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-oauth.module.js","sourceRoot":"","sources":["../../src/authz/mcp-oauth.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAuD;AACvD,2CAA8C;AAC9C,qCAAwC;AACxC,+CAAkD;AAClD,4DAA0D;AAC1D,iEAAkE;AAOlE,8DAA0D;AAC1D,oEAA+D;AAC/D,8EAAyE;AACzE,wEAA4D;AAC5D,wEAAoE;AACpE,0DAA2E;AAE3E,IAAI,qBAAqB,GAAG,CAAC,CAAC;AAGjB,QAAA,eAAe,GAAwB;IAClD,SAAS,EAAE,uBAAuB;IAClC,QAAQ,EAAE,2BAA2B;IACrC,SAAS,EAAE,uBAAuB;IAClC,WAAW,EAAE,YAAY;IACzB,uBAAuB,EAAE,IAAI;IAC7B,wBAAwB,EAAE,KAAK;IAC/B,mBAAmB,EAAE,IAAI;IACzB,YAAY,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;IACjC,qBAAqB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;IACrC,iBAAiB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;IACjC,OAAO,EAAE,aAAa;IACtB,SAAS,EAAE,EAAE;IACb,SAAS,EAAE;QACT,oCAAoC,EAClC,yCAAyC;QAC3C,kCAAkC,EAAE,uCAAuC;QAC3E,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,YAAY;QACvB,QAAQ,EAAE,WAAW;QACrB,KAAK,EAAE,QAAQ;QACf,MAAM,EAAE,SAAS;KAClB;IACD,gBAAgB,EAAE;QAChB,oCAAoC,EAAE,KAAK;QAC3C,kCAAkC,EAAE,KAAK;KAC1C;IACD,yBAAyB,EAAE;QACzB,eAAe,EAAE,CAAC,gBAAgB,CAAC;QACnC,sBAAsB,EAAE,CAAC,QAAQ,CAAC;QAClC,oBAAoB,EAAE,CAAC,YAAY,CAAC;KACrC;IACD,2BAA2B,EAAE;QAC3B,sBAAsB,EAAE,CAAC,MAAM,CAAC;QAChC,sBAAsB,EAAE,CAAC,OAAO,CAAC;QACjC,mBAAmB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QAC5D,iCAAiC,EAAE;YACjC,qBAAqB;YACrB,oBAAoB;YACpB,MAAM;SACP;QACD,eAAe,EAAE,CAAC,gBAAgB,CAAC;QACnC,6BAA6B,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;KACjD;CACF,CAAC;AAGK,IAAM,aAAa,qBAAnB,MAAM,aAAa;IAAnB;QAII,sBAAiB,GAAG,IAAI,CAAC;IA+RpC,CAAC;IA7RC,MAAM,CAAC,OAAO,CAAC,OAA8B;QAE3C,MAAM,YAAY,GAAG,mBAAmB,qBAAqB,EAAE,EAAE,CAAC;QAGlE,MAAM,eAAe,GAAG,IAAI,CAAC,uBAAuB,CAClD,uBAAe,EACf,OAAO,CACR,CAAC;QAEF,eAAe,CAAC,SAAS,GAAG,gBAAgB,CAC1C,eAAe,CAAC,SAAS,EACzB,uBAAe,CAAC,SAAS,EACzB,OAAO,CAAC,SAAS,IAAI,EAAE,CACxB,CAAC;QAGF,MAAM,uBAAuB,GAAG,wBAAwB,YAAY,EAAE,CAAC;QACvE,MAAM,kBAAkB,GAAG;YACzB,OAAO,EAAE,uBAAuB;YAChC,QAAQ,EAAE,eAAe;SAC1B,CAAC;QAGF,MAAM,OAAO,GAAG;YACd,qBAAY;YACZ,yBAAc,CAAC,QAAQ,CAAC;gBACtB,eAAe,EAAE,KAAK;gBACtB,OAAO,EAAE,KAAK;aACf,CAAC;YACF,eAAS,CAAC,QAAQ,CAAC;gBACjB,MAAM,EAAE,eAAe,CAAC,SAAS;gBACjC,WAAW,EAAE;oBACX,MAAM,EAAE,eAAe,CAAC,SAAS;oBACjC,QAAQ,EAAE,eAAe,CAAC,WAAW;iBACtC;aACF,CAAC;SACH,CAAC;QAGF,MAAM,WAAW,GAAG,eAAe,CAAC,kBAAkB,CAAC;QACvD,MAAM,cAAc,GAAG,WAAW,EAAE,IAAI,KAAK,SAAS,CAAC;QACvD,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC;YAC3C,IAAI,CAAC;gBAGH,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;gBACrD,MAAM,EACJ,iBAAiB,EACjB,uBAAuB,EACvB,kBAAkB,EAClB,sBAAsB,GAEvB,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAAC;gBAEzC,OAAO,CAAC,IAAI,CACV,aAAa,CAAC,OAAO,CAAC;oBACpB,GAAG,cAAc;oBAEjB,IAAI,EAAE,yCAA6B;oBACnC,QAAQ,EAAE;wBACR,iBAAiB;wBACjB,uBAAuB;wBACvB,kBAAkB;wBAClB,sBAAsB;qBACvB;iBACF,CAAC,EACF,aAAa,CAAC,UAAU,CACtB;oBACE,iBAAiB;oBACjB,uBAAuB;oBACvB,kBAAkB;oBAClB,sBAAsB;iBACvB,EACD,yCAA6B,CAC9B,CACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;YACJ,CAAC;QACH,CAAC;QAGD,MAAM,eAAe,GAAG,eAAe,YAAY,EAAE,CAAC;QACtD,MAAM,kBAAkB,GAAG,IAAI,CAAC,mBAAmB,CACjD,eAAe,CAAC,kBAAkB,EAClC,eAAe,CAChB,CAAC;QAGF,MAAM,uBAAuB,GAAG;YAC9B,OAAO,EAAE,kCAAW;YACpB,WAAW,EAAE,eAAe;SAC7B,CAAC;QAEF,MAAM,SAAS,GAAU;YACvB;gBACE,OAAO,EAAE,iBAAiB;gBAC1B,QAAQ,EAAE,YAAY;aACvB;YACD,kBAAkB;YAClB,kBAAkB;YAClB,uBAAuB;YAEvB;gBACE,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,uBAAuB;aACrC;YACD;gBACE,OAAO,EAAE,aAAa;gBACtB,WAAW,EAAE,eAAe;aAC7B;YAED,6CAAoB;YACpB,8BAAa;YACb,mCAAe;YACf,gCAAe;SAChB,CAAC;QAKF,MAAM,oBAAoB,GAAG,IAAA,+CAAwB,EACnD,eAAe,CAAC,SAAS,EACzB;YACE,2CAA2C,EACzC,eAAe,CAAC,gBAAgB;iBAC7B,oCAAoC,IAAI,KAAK;YAClD,yCAAyC,EACvC,eAAe,CAAC,gBAAgB,CAAC,kCAAkC;gBACnE,KAAK;SACR,EACD,YAAY,CACb,CAAC;QAEF,OAAO;YACL,MAAM,EAAE,eAAa;YACrB,OAAO;YACP,WAAW,EAAE,CAAC,oBAAoB,CAAC;YACnC,SAAS;YACT,OAAO,EAAE;gBACP,iBAAiB;gBACjB,sBAAsB;gBACtB,aAAa;gBACb,mCAAe;gBACf,8BAAa;gBACb,6CAAoB;gBACpB,gCAAe;gBACf,kCAAW;aACZ;SACF,CAAC;IACJ,CAAC;IAEO,MAAM,CAAC,uBAAuB,CACpC,QAA6B,EAC7B,OAA8B;QAG9B,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;QAGtC,MAAM,eAAe,GAAuB;YAC1C,GAAG,QAAQ;YACX,GAAG,OAAO;YAEV,SAAS,EACP,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,IAAI,uBAAe,CAAC,SAAS;YACrE,YAAY,EACV,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAE/D,yBAAyB,EAAE;gBACzB,GAAG,QAAQ,CAAC,yBAAyB;gBACrC,GAAG,OAAO,CAAC,yBAAyB;aACrC;YAED,2BAA2B,EAAE;gBAC3B,GAAG,QAAQ,CAAC,2BAA2B;gBACvC,GAAG,OAAO,CAAC,2BAA2B;aACvC;YAED,gBAAgB,EAAE;gBAChB,GAAG,QAAQ,CAAC,gBAAgB;gBAC5B,GAAG,CAAC,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC;aACpC;SACF,CAAC;QAEF,IAAI,CAAC,eAAe,CAAC,mBAAmB,EAAE,CAAC;YACzC,eAAe,CAAC,2BAA2B,CAAC,mBAAmB;gBAC7D,eAAe,CAAC,2BAA2B,CAAC,mBAAmB,CAAC,MAAM,CACpE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,eAAe,CAC7B,CAAC;YACJ,eAAe,CAAC,yBAAyB,CAAC,eAAe;gBACvD,eAAe,CAAC,yBAAyB,CAAC,eAAe,CAAC,MAAM,CAC9D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,gBAAgB,CAC9B,CAAC;QACN,CAAC;QAGD,IAAI,CAAC,uBAAuB,CAAC,eAAe,CAAC,CAAC;QAE9C,OAAO,eAAe,CAAC;IACzB,CAAC;IAEO,MAAM,CAAC,uBAAuB,CAAC,OAA8B;QACnE,MAAM,cAAc,GAAoC;YACtD,UAAU;YACV,UAAU;YACV,cAAc;YACd,WAAW;SACZ,CAAC;QAEF,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,uBAAuB,MAAM,CAAC,KAAK,CAAC,+CAA+C,CACpF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,uBAAuB,CAAC,OAA2B;QAEhE,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;QACJ,CAAC;QAGD,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC3B,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;QACJ,CAAC;QAGD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,mBAAmB,CAChC,kBAA4D,EAC5D,YAAoB;QAEpB,IAAI,CAAC,kBAAkB,IAAI,kBAAkB,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAEhE,OAAO;gBACL,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,IAAI,kCAAW,EAAE;aAC5B,CAAC;QACJ,CAAC;QAED,IAAI,kBAAkB,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAE1C,MAAM,EACJ,YAAY,GAEb,GAAG,OAAO,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO;gBACL,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,YAAY;aACvB,CAAC;QACJ,CAAC;QAED,IAAI,kBAAkB,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAEzC,OAAO;gBACL,OAAO,EAAE,YAAY;gBACrB,QAAQ,EAAE,kBAAkB,CAAC,KAAK;aACnC,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,KAAK,CACb,qCAAsC,kBAA0B,CAAC,IAAI,EAAE,CACxE,CAAC;IACJ,CAAC;CACF,CAAA;AAnSY,sCAAa;wBAAb,aAAa;IADzB,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,aAAa,CAmSzB;AAED,SAAS,gBAAgB,CACvB,SAAiB,EACjB,gBAA4C,EAC5C,mBAA+C;IAE/C,MAAM,uBAAuB,GAAG;QAC9B,oCAAoC,EAClC,gBAAgB,CAAC,oCAAoC;QACvD,kCAAkC,EAChC,gBAAgB,CAAC,kCAAkC;QACrD,QAAQ,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,QAAQ,EAAE,CAAC;QACzE,KAAK,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,KAAK,EAAE,CAAC;QACnE,MAAM,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,SAAS,EAAE,CAAC;QAC3E,QAAQ,EAAE,IAAA,sCAAiB,EAAC,IAAI,SAAS,IAAI,gBAAgB,CAAC,QAAQ,EAAE,CAAC;KAC5C,CAAC;IAEhC,OAAO;QACL,GAAG,uBAAuB;QAC1B,GAAG,mBAAmB;KACvB,CAAC;AACJ,CAAC","sourcesContent":["import { DynamicModule, Module } from '@nestjs/common';\nimport { ConfigModule } from '@nestjs/config';\nimport { JwtModule } from '@nestjs/jwt';\nimport { PassportModule } from '@nestjs/passport';\nimport { McpAuthJwtGuard } from './guards/jwt-auth.guard';\nimport { createMcpOAuthController } from './mcp-oauth.controller';\nimport type {\n OAuthUserModuleOptions as AuthUserModuleOptions,\n OAuthEndpointConfiguration,\n OAuthModuleDefaults,\n OAuthModuleOptions,\n} from './providers/oauth-provider.interface';\nimport { ClientService } from './services/client.service';\nimport { JwtTokenService } from './services/jwt-token.service';\nimport { OAuthStrategyService } from './services/oauth-strategy.service';\nimport { MemoryStore } from './stores/memory-store.service';\nimport { normalizeEndpoint } from '../mcp/utils/normalize-endpoint';\nimport { OAUTH_TYPEORM_CONNECTION_NAME } from './stores/typeorm/constants';\n\nlet authInstanceIdCounter = 0;\n\n// Default configuration values\nexport const DEFAULT_OPTIONS: OAuthModuleDefaults = {\n serverUrl: 'http://localhost:3000',\n resource: 'http://localhost:3000/mcp',\n jwtIssuer: 'http://localhost:3000',\n jwtAudience: 'mcp-client',\n jwtAccessTokenExpiresIn: '1d',\n jwtRefreshTokenExpiresIn: '30d',\n enableRefreshTokens: true,\n cookieMaxAge: 24 * 60 * 60 * 1000, // 24 hours\n oauthSessionExpiresIn: 10 * 60 * 1000, // 10 minutes\n authCodeExpiresIn: 10 * 60 * 1000, // 10 minutes\n nodeEnv: 'development',\n apiPrefix: '',\n endpoints: {\n wellKnownAuthorizationServerMetadata:\n '/.well-known/oauth-authorization-server',\n wellKnownProtectedResourceMetadata: '/.well-known/oauth-protected-resource',\n register: '/register',\n authorize: '/authorize',\n callback: '/callback',\n token: '/token',\n revoke: '/revoke',\n },\n disableEndpoints: {\n wellKnownAuthorizationServerMetadata: false,\n wellKnownProtectedResourceMetadata: false,\n },\n protectedResourceMetadata: {\n scopesSupported: ['offline_access'],\n bearerMethodsSupported: ['header'],\n mcpVersionsSupported: ['2025-06-18'],\n },\n authorizationServerMetadata: {\n responseTypesSupported: ['code'],\n responseModesSupported: ['query'],\n grantTypesSupported: ['authorization_code', 'refresh_token'],\n tokenEndpointAuthMethodsSupported: [\n 'client_secret_basic',\n 'client_secret_post',\n 'none',\n ],\n scopesSupported: ['offline_access'],\n codeChallengeMethodsSupported: ['plain', 'S256'],\n },\n};\n\n@Module({})\nexport class McpAuthModule {\n /**\n * To avoid import circular dependency issues, we use a marker property.\n */\n readonly __isMcpAuthModule = true;\n\n static forRoot(options: AuthUserModuleOptions): DynamicModule {\n // Create a unique instance ID for this auth module\n const authModuleId = `mcp-auth-module-${authInstanceIdCounter++}`;\n\n // Merge user options with defaults and validate\n const resolvedOptions = this.mergeAndValidateOptions(\n DEFAULT_OPTIONS,\n options,\n );\n\n resolvedOptions.endpoints = prepareEndpoints(\n resolvedOptions.apiPrefix,\n DEFAULT_OPTIONS.endpoints,\n options.endpoints || {},\n );\n\n // Use instance-scoped token for OAuth options\n const oauthModuleOptionsToken = `OAUTH_MODULE_OPTIONS_${authModuleId}`;\n const oauthModuleOptions = {\n provide: oauthModuleOptionsToken,\n useValue: resolvedOptions,\n };\n\n // Determine imports based on configuration\n const imports = [\n ConfigModule,\n PassportModule.register({\n defaultStrategy: 'jwt',\n session: false,\n }),\n JwtModule.register({\n secret: resolvedOptions.jwtSecret,\n signOptions: {\n issuer: resolvedOptions.jwtIssuer,\n audience: resolvedOptions.jwtAudience,\n },\n }),\n ];\n\n // Add TypeORM configuration if using TypeORM store\n const storeConfig = resolvedOptions.storeConfiguration;\n const isTypeOrmStore = storeConfig?.type === 'typeorm';\n if (isTypeOrmStore) {\n const typeormOptions = storeConfig.options;\n try {\n // Require TypeORM-related modules only when needed\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n const { TypeOrmModule } = require('@nestjs/typeorm');\n const {\n OAuthClientEntity,\n AuthorizationCodeEntity,\n OAuthSessionEntity,\n OAuthUserProfileEntity,\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n } = require('./stores/typeorm/entities');\n\n imports.push(\n TypeOrmModule.forRoot({\n ...typeormOptions,\n // Use a unique connection name for the OAuth store to avoid clashes\n name: OAUTH_TYPEORM_CONNECTION_NAME,\n entities: [\n OAuthClientEntity,\n AuthorizationCodeEntity,\n OAuthSessionEntity,\n OAuthUserProfileEntity,\n ],\n }),\n TypeOrmModule.forFeature(\n [\n OAuthClientEntity,\n AuthorizationCodeEntity,\n OAuthSessionEntity,\n OAuthUserProfileEntity,\n ],\n OAUTH_TYPEORM_CONNECTION_NAME,\n ),\n );\n } catch (err) {\n throw new Error(\n \"To use the TypeORM store, please install '@nestjs/typeorm' and 'typeorm'.\",\n );\n }\n }\n\n // Create store provider based on configuration with instance-scoped token\n const oauthStoreToken = `IOAuthStore_${authModuleId}`;\n const oauthStoreProvider = this.createStoreProvider(\n resolvedOptions.storeConfiguration,\n oauthStoreToken,\n );\n\n // Create alias for compatibility with injection\n const oauthStoreAliasProvider = {\n provide: MemoryStore,\n useExisting: oauthStoreToken,\n };\n\n const providers: any[] = [\n {\n provide: 'OAUTH_MODULE_ID',\n useValue: authModuleId,\n },\n oauthModuleOptions,\n oauthStoreProvider,\n oauthStoreAliasProvider,\n // Provide backward-compatible tokens as aliases\n {\n provide: 'OAUTH_MODULE_OPTIONS',\n useExisting: oauthModuleOptionsToken,\n },\n {\n provide: 'IOAuthStore',\n useExisting: oauthStoreToken,\n },\n // Provide services using their class tokens\n OAuthStrategyService,\n ClientService,\n JwtTokenService,\n McpAuthJwtGuard,\n ];\n\n // No additional providers needed for TypeORM store - provider is created dynamically\n\n // Create controller with apiPrefix, passing the instance-scoped tokens\n const OAuthControllerClass = createMcpOAuthController(\n resolvedOptions.endpoints,\n {\n disableWellKnownAuthorizationServerMetadata:\n resolvedOptions.disableEndpoints\n .wellKnownAuthorizationServerMetadata ?? false,\n disableWellKnownProtectedResourceMetadata:\n resolvedOptions.disableEndpoints.wellKnownProtectedResourceMetadata ??\n false,\n },\n authModuleId,\n );\n\n return {\n module: McpAuthModule,\n imports,\n controllers: [OAuthControllerClass],\n providers,\n exports: [\n 'OAUTH_MODULE_ID',\n 'OAUTH_MODULE_OPTIONS',\n 'IOAuthStore',\n JwtTokenService,\n ClientService,\n OAuthStrategyService,\n McpAuthJwtGuard,\n MemoryStore,\n ],\n };\n }\n\n private static mergeAndValidateOptions(\n defaults: OAuthModuleDefaults,\n options: AuthUserModuleOptions,\n ): OAuthModuleOptions {\n // Validate required options first\n this.validateRequiredOptions(options);\n\n // Merge with defaults\n const resolvedOptions: OAuthModuleOptions = {\n ...defaults,\n ...options,\n // Ensure jwtIssuer defaults to serverUrl if not provided\n jwtIssuer:\n options.jwtIssuer || options.serverUrl || DEFAULT_OPTIONS.jwtIssuer,\n cookieSecure:\n options.cookieSecure || process.env.NODE_ENV === 'production',\n // Merge protectedResourceMetadata with defaults\n protectedResourceMetadata: {\n ...defaults.protectedResourceMetadata,\n ...options.protectedResourceMetadata,\n },\n // Merge authorizationServerMetadata with defaults\n authorizationServerMetadata: {\n ...defaults.authorizationServerMetadata,\n ...options.authorizationServerMetadata,\n },\n // Merge disableEndpoints with defaults\n disableEndpoints: {\n ...defaults.disableEndpoints,\n ...(options.disableEndpoints || {}),\n },\n };\n\n if (!resolvedOptions.enableRefreshTokens) {\n resolvedOptions.authorizationServerMetadata.grantTypesSupported =\n resolvedOptions.authorizationServerMetadata.grantTypesSupported.filter(\n (g) => g !== 'refresh_token',\n );\n resolvedOptions.protectedResourceMetadata.scopesSupported =\n resolvedOptions.protectedResourceMetadata.scopesSupported.filter(\n (s) => s !== 'offline_access',\n );\n }\n\n // Final validation of resolved options\n this.validateResolvedOptions(resolvedOptions);\n\n return resolvedOptions;\n }\n\n private static validateRequiredOptions(options: AuthUserModuleOptions): void {\n const requiredFields: (keyof AuthUserModuleOptions)[] = [\n 'provider',\n 'clientId',\n 'clientSecret',\n 'jwtSecret',\n ];\n\n for (const field of requiredFields) {\n if (!options[field]) {\n throw new Error(\n `OAuthModuleOptions: ${String(field)} is required and must be provided by the user`,\n );\n }\n }\n }\n\n private static validateResolvedOptions(options: OAuthModuleOptions): void {\n // Validate JWT secret is strong enough\n if (options.jwtSecret.length < 32) {\n throw new Error(\n 'OAuthModuleOptions: jwtSecret must be at least 32 characters long',\n );\n }\n\n // Validate URLs are proper format\n try {\n new URL(options.serverUrl);\n new URL(options.jwtIssuer);\n } catch {\n throw new Error(\n 'OAuthModuleOptions: serverUrl and jwtIssuer must be valid URLs',\n );\n }\n\n // Validate provider configuration\n if (!options.provider.name || !options.provider.strategy) {\n throw new Error(\n 'OAuthModuleOptions: provider must have name and strategy',\n );\n }\n }\n\n private static createStoreProvider(\n storeConfiguration: OAuthModuleOptions['storeConfiguration'],\n provideToken: string,\n ) {\n if (!storeConfiguration || storeConfiguration.type === 'memory') {\n // Default memory store\n return {\n provide: provideToken,\n useValue: new MemoryStore(),\n };\n }\n\n if (storeConfiguration.type === 'typeorm') {\n // TypeORM store\n const {\n TypeOrmStore,\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n } = require('./stores/typeorm/typeorm-store.service');\n return {\n provide: provideToken,\n useClass: TypeOrmStore,\n };\n }\n\n if (storeConfiguration.type === 'custom') {\n // Custom store\n return {\n provide: provideToken,\n useValue: storeConfiguration.store,\n };\n }\n\n throw new Error(\n `Unknown store configuration type: ${(storeConfiguration as any).type}`,\n );\n }\n}\n\nfunction prepareEndpoints(\n apiPrefix: string,\n defaultEndpoints: OAuthEndpointConfiguration,\n configuredEndpoints: OAuthEndpointConfiguration,\n) {\n const updatedDefaultEndpoints = {\n wellKnownAuthorizationServerMetadata:\n defaultEndpoints.wellKnownAuthorizationServerMetadata,\n wellKnownProtectedResourceMetadata:\n defaultEndpoints.wellKnownProtectedResourceMetadata,\n callback: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.callback}`),\n token: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.token}`),\n revoke: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.revoke}`),\n authorize: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.authorize}`),\n register: normalizeEndpoint(`/${apiPrefix}/${defaultEndpoints.register}`),\n } as OAuthEndpointConfiguration;\n\n return {\n ...updatedDefaultEndpoints,\n ...configuredEndpoints,\n };\n}\n"]}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"azure-ad.provider.d.ts","sourceRoot":"","sources":["../../../src/authz/providers/azure-ad.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,eAAO,MAAM,oBAAoB,EAAE,mBAmClC,CAAC"}
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.AzureADOAuthProvider = void 0;
|
|
4
|
-
const passport_azure_ad_oauth2_1 = require("passport-azure-ad-oauth2");
|
|
5
|
-
const normalize_endpoint_1 = require("../../mcp/utils/normalize-endpoint");
|
|
6
|
-
exports.AzureADOAuthProvider = {
|
|
7
|
-
name: 'azure-ad',
|
|
8
|
-
displayName: 'Microsoft Azure AD',
|
|
9
|
-
strategy: passport_azure_ad_oauth2_1.Strategy,
|
|
10
|
-
strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({
|
|
11
|
-
clientID: clientId,
|
|
12
|
-
clientSecret: clientSecret,
|
|
13
|
-
callbackURL: (0, normalize_endpoint_1.normalizeEndpoint)(`${serverUrl}/${callbackPath}`),
|
|
14
|
-
tenant: 'common',
|
|
15
|
-
resource: 'https://graph.microsoft.com/',
|
|
16
|
-
}),
|
|
17
|
-
scope: ['openid', 'profile', 'email', 'User.Read'],
|
|
18
|
-
profileMapper: (profile) => {
|
|
19
|
-
const azureProfile = profile._json || profile;
|
|
20
|
-
return {
|
|
21
|
-
id: azureProfile.id || azureProfile.oid || profile.id,
|
|
22
|
-
username: azureProfile.preferred_username ||
|
|
23
|
-
azureProfile.userPrincipalName ||
|
|
24
|
-
azureProfile.mail ||
|
|
25
|
-
azureProfile.email ||
|
|
26
|
-
profile.username,
|
|
27
|
-
email: azureProfile.mail ||
|
|
28
|
-
azureProfile.userPrincipalName ||
|
|
29
|
-
azureProfile.email ||
|
|
30
|
-
profile.emails?.[0]?.value,
|
|
31
|
-
displayName: azureProfile.displayName || azureProfile.name || profile.displayName,
|
|
32
|
-
avatarUrl: azureProfile.photo || profile.photos?.[0]?.value,
|
|
33
|
-
raw: profile,
|
|
34
|
-
};
|
|
35
|
-
},
|
|
36
|
-
};
|
|
37
|
-
//# sourceMappingURL=azure-ad.provider.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"azure-ad.provider.js","sourceRoot":"","sources":["../../../src/authz/providers/azure-ad.provider.ts"],"names":[],"mappings":";;;AAAA,uEAAoD;AACpD,2EAAuE;AAG1D,QAAA,oBAAoB,GAAwB;IACvD,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,oBAAoB;IACjC,QAAQ,EAAE,mCAAQ;IAClB,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC;QACzE,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,IAAA,sCAAiB,EAAC,GAAG,SAAS,IAAI,YAAY,EAAE,CAAC;QAC9D,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,8BAA8B;KACzC,CAAC;IACF,KAAK,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,CAAC;IAClD,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QAEzB,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC;QAE9C,OAAO;YACL,EAAE,EAAE,YAAY,CAAC,EAAE,IAAI,YAAY,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE;YACrD,QAAQ,EACN,YAAY,CAAC,kBAAkB;gBAC/B,YAAY,CAAC,iBAAiB;gBAC9B,YAAY,CAAC,IAAI;gBACjB,YAAY,CAAC,KAAK;gBAClB,OAAO,CAAC,QAAQ;YAClB,KAAK,EACH,YAAY,CAAC,IAAI;gBACjB,YAAY,CAAC,iBAAiB;gBAC9B,YAAY,CAAC,KAAK;gBAClB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;YAC5B,WAAW,EACT,YAAY,CAAC,WAAW,IAAI,YAAY,CAAC,IAAI,IAAI,OAAO,CAAC,WAAW;YACtE,SAAS,EAAE,YAAY,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;YAC3D,GAAG,EAAE,OAAO;SACb,CAAC;IACJ,CAAC;CACF,CAAC","sourcesContent":["import { Strategy } from 'passport-azure-ad-oauth2';\nimport { normalizeEndpoint } from '../../mcp/utils/normalize-endpoint';\nimport { OAuthProviderConfig } from './oauth-provider.interface';\n\nexport const AzureADOAuthProvider: OAuthProviderConfig = {\n name: 'azure-ad',\n displayName: 'Microsoft Azure AD',\n strategy: Strategy,\n strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({\n clientID: clientId,\n clientSecret: clientSecret,\n callbackURL: normalizeEndpoint(`${serverUrl}/${callbackPath}`),\n tenant: 'common', // Can be overridden via custom configuration\n resource: 'https://graph.microsoft.com/', // Microsoft Graph API\n }),\n scope: ['openid', 'profile', 'email', 'User.Read'],\n profileMapper: (profile) => {\n // Azure AD profile structure from Microsoft Graph\n const azureProfile = profile._json || profile;\n\n return {\n id: azureProfile.id || azureProfile.oid || profile.id,\n username:\n azureProfile.preferred_username ||\n azureProfile.userPrincipalName ||\n azureProfile.mail ||\n azureProfile.email ||\n profile.username,\n email:\n azureProfile.mail ||\n azureProfile.userPrincipalName ||\n azureProfile.email ||\n profile.emails?.[0]?.value,\n displayName:\n azureProfile.displayName || azureProfile.name || profile.displayName,\n avatarUrl: azureProfile.photo || profile.photos?.[0]?.value,\n raw: profile,\n };\n },\n};\n"]}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"github.provider.d.ts","sourceRoot":"","sources":["../../../src/authz/providers/github.provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAGjE,eAAO,MAAM,mBAAmB,EAAE,mBAiBjC,CAAC"}
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.GitHubOAuthProvider = void 0;
|
|
4
|
-
const normalize_endpoint_1 = require("../../mcp/utils/normalize-endpoint");
|
|
5
|
-
const passport_github_1 = require("passport-github");
|
|
6
|
-
exports.GitHubOAuthProvider = {
|
|
7
|
-
name: 'github',
|
|
8
|
-
strategy: passport_github_1.Strategy,
|
|
9
|
-
strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({
|
|
10
|
-
clientID: clientId,
|
|
11
|
-
clientSecret: clientSecret,
|
|
12
|
-
callbackURL: (0, normalize_endpoint_1.normalizeEndpoint)(`${serverUrl}/${callbackPath}`),
|
|
13
|
-
}),
|
|
14
|
-
scope: ['user:email'],
|
|
15
|
-
profileMapper: (profile) => ({
|
|
16
|
-
id: profile.id,
|
|
17
|
-
username: profile.username || profile.login,
|
|
18
|
-
email: profile.emails?.[0]?.value,
|
|
19
|
-
displayName: profile.displayName || profile.name,
|
|
20
|
-
avatarUrl: profile.photos?.[0]?.value || profile.avatar_url,
|
|
21
|
-
raw: profile,
|
|
22
|
-
}),
|
|
23
|
-
};
|
|
24
|
-
//# sourceMappingURL=github.provider.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"github.provider.js","sourceRoot":"","sources":["../../../src/authz/providers/github.provider.ts"],"names":[],"mappings":";;;AAAA,2EAAuE;AAEvE,qDAA2C;AAE9B,QAAA,mBAAmB,GAAwB;IACtD,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,0BAAQ;IAClB,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC;QACzE,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,IAAA,sCAAiB,EAAC,GAAG,SAAS,IAAI,YAAY,EAAE,CAAC;KAC/D,CAAC;IACF,KAAK,EAAE,CAAC,YAAY,CAAC;IACrB,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC3B,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,KAAK;QAC3C,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;QACjC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI;QAChD,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,OAAO,CAAC,UAAU;QAC3D,GAAG,EAAE,OAAO;KACb,CAAC;CACH,CAAC","sourcesContent":["import { normalizeEndpoint } from '../../mcp/utils/normalize-endpoint';\nimport { OAuthProviderConfig } from './oauth-provider.interface';\nimport { Strategy } from 'passport-github';\n\nexport const GitHubOAuthProvider: OAuthProviderConfig = {\n name: 'github',\n strategy: Strategy,\n strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({\n clientID: clientId,\n clientSecret: clientSecret,\n callbackURL: normalizeEndpoint(`${serverUrl}/${callbackPath}`),\n }),\n scope: ['user:email'],\n profileMapper: (profile) => ({\n id: profile.id,\n username: profile.username || profile.login,\n email: profile.emails?.[0]?.value,\n displayName: profile.displayName || profile.name,\n avatarUrl: profile.photos?.[0]?.value || profile.avatar_url,\n raw: profile,\n }),\n};\n"]}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"google.provider.d.ts","sourceRoot":"","sources":["../../../src/authz/providers/google.provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,eAAO,MAAM,mBAAmB,EAAE,mBAkBjC,CAAC"}
|
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.GoogleOAuthProvider = void 0;
|
|
4
|
-
const passport_google_oauth20_1 = require("passport-google-oauth20");
|
|
5
|
-
const normalize_endpoint_1 = require("../../mcp/utils/normalize-endpoint");
|
|
6
|
-
exports.GoogleOAuthProvider = {
|
|
7
|
-
name: 'google',
|
|
8
|
-
strategy: passport_google_oauth20_1.Strategy,
|
|
9
|
-
strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({
|
|
10
|
-
clientID: clientId,
|
|
11
|
-
clientSecret: clientSecret,
|
|
12
|
-
callbackURL: (0, normalize_endpoint_1.normalizeEndpoint)(`${serverUrl}/${callbackPath}`),
|
|
13
|
-
scope: ['profile', 'email'],
|
|
14
|
-
}),
|
|
15
|
-
scope: ['profile', 'email'],
|
|
16
|
-
profileMapper: (profile) => ({
|
|
17
|
-
id: profile.id,
|
|
18
|
-
username: profile.emails?.[0]?.value?.split('@')[0] || profile.id,
|
|
19
|
-
email: profile.emails?.[0]?.value,
|
|
20
|
-
displayName: profile.displayName,
|
|
21
|
-
avatarUrl: profile.photos?.[0]?.value,
|
|
22
|
-
raw: profile,
|
|
23
|
-
}),
|
|
24
|
-
};
|
|
25
|
-
//# sourceMappingURL=google.provider.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"google.provider.js","sourceRoot":"","sources":["../../../src/authz/providers/google.provider.ts"],"names":[],"mappings":";;;AAAA,qEAAmD;AACnD,2EAAuE;AAG1D,QAAA,mBAAmB,GAAwB;IACtD,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,kCAAQ;IAClB,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC;QACzE,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,IAAA,sCAAiB,EAAC,GAAG,SAAS,IAAI,YAAY,EAAE,CAAC;QAC9D,KAAK,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF,KAAK,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC3B,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,EAAE;QACjE,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;QACjC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;QACrC,GAAG,EAAE,OAAO;KACb,CAAC;CACH,CAAC","sourcesContent":["import { Strategy } from 'passport-google-oauth20';\nimport { normalizeEndpoint } from '../../mcp/utils/normalize-endpoint';\nimport { OAuthProviderConfig } from './oauth-provider.interface';\n\nexport const GoogleOAuthProvider: OAuthProviderConfig = {\n name: 'google',\n strategy: Strategy,\n strategyOptions: ({ serverUrl, clientId, clientSecret, callbackPath }) => ({\n clientID: clientId,\n clientSecret: clientSecret,\n callbackURL: normalizeEndpoint(`${serverUrl}/${callbackPath}`),\n scope: ['profile', 'email'],\n }),\n scope: ['profile', 'email'],\n profileMapper: (profile) => ({\n id: profile.id,\n username: profile.emails?.[0]?.value?.split('@')[0] || profile.id,\n email: profile.emails?.[0]?.value,\n displayName: profile.displayName,\n avatarUrl: profile.photos?.[0]?.value,\n raw: profile,\n }),\n};\n"]}
|
|
@@ -1,107 +0,0 @@
|
|
|
1
|
-
import type { IOAuthStore } from '../stores/oauth-store.interface';
|
|
2
|
-
import type { OAuthSession, OAuthUserProfile } from '../interfaces/oauth-common.interface';
|
|
3
|
-
export type { OAuthSession, OAuthUserProfile };
|
|
4
|
-
type TypeOrmModuleOptions = Record<string, unknown>;
|
|
5
|
-
export interface OAuthProviderConfig {
|
|
6
|
-
name: string;
|
|
7
|
-
displayName?: string;
|
|
8
|
-
strategy: any;
|
|
9
|
-
strategyOptions: (options: {
|
|
10
|
-
serverUrl: string;
|
|
11
|
-
clientId: string;
|
|
12
|
-
clientSecret: string;
|
|
13
|
-
callbackPath?: string;
|
|
14
|
-
}) => any;
|
|
15
|
-
scope?: string[];
|
|
16
|
-
profileMapper: (profile: any) => OAuthUserProfile;
|
|
17
|
-
}
|
|
18
|
-
export type StoreConfiguration = {
|
|
19
|
-
type: 'typeorm';
|
|
20
|
-
options: TypeOrmModuleOptions;
|
|
21
|
-
} | {
|
|
22
|
-
type: 'custom';
|
|
23
|
-
store: IOAuthStore;
|
|
24
|
-
} | {
|
|
25
|
-
type: 'memory';
|
|
26
|
-
} | undefined;
|
|
27
|
-
export interface OAuthEndpointConfiguration {
|
|
28
|
-
wellKnownAuthorizationServerMetadata?: string;
|
|
29
|
-
wellKnownProtectedResourceMetadata?: string | string[];
|
|
30
|
-
register?: string;
|
|
31
|
-
authorize?: string;
|
|
32
|
-
callback?: string;
|
|
33
|
-
token?: string;
|
|
34
|
-
revoke?: string;
|
|
35
|
-
}
|
|
36
|
-
export interface OAuthEndpointDisableOptions {
|
|
37
|
-
wellKnownAuthorizationServerMetadata?: boolean;
|
|
38
|
-
wellKnownProtectedResourceMetadata?: boolean;
|
|
39
|
-
}
|
|
40
|
-
export interface OAuthUserModuleOptions {
|
|
41
|
-
provider: OAuthProviderConfig;
|
|
42
|
-
clientId: string;
|
|
43
|
-
clientSecret: string;
|
|
44
|
-
jwtSecret: string;
|
|
45
|
-
serverUrl?: string;
|
|
46
|
-
resource?: string;
|
|
47
|
-
jwtIssuer?: string;
|
|
48
|
-
jwtAudience?: string;
|
|
49
|
-
jwtAccessTokenExpiresIn?: string;
|
|
50
|
-
jwtRefreshTokenExpiresIn?: string;
|
|
51
|
-
enableRefreshTokens?: boolean;
|
|
52
|
-
cookieSecure?: boolean;
|
|
53
|
-
cookieMaxAge?: number;
|
|
54
|
-
oauthSessionExpiresIn?: number;
|
|
55
|
-
authCodeExpiresIn?: number;
|
|
56
|
-
protectedResourceMetadata?: {
|
|
57
|
-
scopesSupported?: string[];
|
|
58
|
-
bearerMethodsSupported?: string[];
|
|
59
|
-
mcpVersionsSupported?: string[];
|
|
60
|
-
};
|
|
61
|
-
authorizationServerMetadata?: {
|
|
62
|
-
responseTypesSupported?: string[];
|
|
63
|
-
responseModesSupported?: string[];
|
|
64
|
-
grantTypesSupported?: string[];
|
|
65
|
-
tokenEndpointAuthMethodsSupported?: string[];
|
|
66
|
-
scopesSupported?: string[];
|
|
67
|
-
codeChallengeMethodsSupported?: string[];
|
|
68
|
-
};
|
|
69
|
-
storeConfiguration?: StoreConfiguration;
|
|
70
|
-
apiPrefix?: string;
|
|
71
|
-
endpoints?: OAuthEndpointConfiguration;
|
|
72
|
-
disableEndpoints?: OAuthEndpointDisableOptions;
|
|
73
|
-
}
|
|
74
|
-
export interface OAuthModuleDefaults {
|
|
75
|
-
serverUrl: string;
|
|
76
|
-
resource: string;
|
|
77
|
-
jwtIssuer: string;
|
|
78
|
-
jwtAudience: string;
|
|
79
|
-
jwtAccessTokenExpiresIn: string;
|
|
80
|
-
jwtRefreshTokenExpiresIn: string;
|
|
81
|
-
enableRefreshTokens: boolean;
|
|
82
|
-
cookieMaxAge: number;
|
|
83
|
-
oauthSessionExpiresIn: number;
|
|
84
|
-
authCodeExpiresIn: number;
|
|
85
|
-
nodeEnv: string;
|
|
86
|
-
apiPrefix: string;
|
|
87
|
-
endpoints: OAuthEndpointConfiguration;
|
|
88
|
-
disableEndpoints: OAuthEndpointDisableOptions;
|
|
89
|
-
protectedResourceMetadata: {
|
|
90
|
-
scopesSupported: string[];
|
|
91
|
-
bearerMethodsSupported: string[];
|
|
92
|
-
mcpVersionsSupported: string[];
|
|
93
|
-
};
|
|
94
|
-
authorizationServerMetadata: {
|
|
95
|
-
responseTypesSupported: string[];
|
|
96
|
-
responseModesSupported: string[];
|
|
97
|
-
grantTypesSupported: string[];
|
|
98
|
-
tokenEndpointAuthMethodsSupported: string[];
|
|
99
|
-
scopesSupported: string[];
|
|
100
|
-
codeChallengeMethodsSupported: string[];
|
|
101
|
-
};
|
|
102
|
-
}
|
|
103
|
-
export type OAuthModuleOptions = Required<Pick<OAuthUserModuleOptions, 'provider' | 'clientId' | 'clientSecret' | 'jwtSecret'>> & Required<OAuthModuleDefaults> & {
|
|
104
|
-
cookieSecure: boolean;
|
|
105
|
-
storeConfiguration?: StoreConfiguration;
|
|
106
|
-
};
|
|
107
|
-
//# sourceMappingURL=oauth-provider.interface.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-provider.interface.d.ts","sourceRoot":"","sources":["../../../src/authz/providers/oauth-provider.interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EACjB,MAAM,sCAAsC,CAAC;AAG9C,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,CAAC;AAM/C,KAAK,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEpD,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,GAAG,CAAC;IACd,eAAe,EAAE,CAAC,OAAO,EAAE;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,KAAK,GAAG,CAAC;IACV,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,aAAa,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,gBAAgB,CAAC;CACnD;AAGD,MAAM,MAAM,kBAAkB,GAC1B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,oBAAoB,CAAA;CAAE,GAClD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,KAAK,EAAE,WAAW,CAAA;CAAE,GACtC;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,GAClB,SAAS,CAAC;AAEd,MAAM,WAAW,0BAA0B;IACzC,oCAAoC,CAAC,EAAE,MAAM,CAAC;IAC9C,kCAAkC,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,2BAA2B;IAC1C,oCAAoC,CAAC,EAAE,OAAO,CAAC;IAC/C,kCAAkC,CAAC,EAAE,OAAO,CAAC;CAC9C;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,mBAAmB,CAAC;IAG9B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IAGrB,SAAS,EAAE,MAAM,CAAC;IAGlB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAG9B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IAGtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAG3B,yBAAyB,CAAC,EAAE;QAC1B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;QAClC,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC;IAGF,2BAA2B,CAAC,EAAE;QAC5B,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;QAClC,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;QAClC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC/B,iCAAiC,CAAC,EAAE,MAAM,EAAE,CAAC;QAC7C,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,6BAA6B,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1C,CAAC;IAGF,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IAGnB,SAAS,CAAC,EAAE,0BAA0B,CAAC;IACvC,gBAAgB,CAAC,EAAE,2BAA2B,CAAC;CAChD;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB,EAAE,MAAM,CAAC;IAChC,wBAAwB,EAAE,MAAM,CAAC;IACjC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,0BAA0B,CAAC;IACtC,gBAAgB,EAAE,2BAA2B,CAAC;IAC9C,yBAAyB,EAAE;QACzB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,sBAAsB,EAAE,MAAM,EAAE,CAAC;QACjC,oBAAoB,EAAE,MAAM,EAAE,CAAC;KAChC,CAAC;IACF,2BAA2B,EAAE;QAC3B,sBAAsB,EAAE,MAAM,EAAE,CAAC;QACjC,sBAAsB,EAAE,MAAM,EAAE,CAAC;QACjC,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,iCAAiC,EAAE,MAAM,EAAE,CAAC;QAC5C,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,6BAA6B,EAAE,MAAM,EAAE,CAAC;KACzC,CAAC;CACH;AAGD,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CACvC,IAAI,CACF,sBAAsB,EACtB,UAAU,GAAG,UAAU,GAAG,cAAc,GAAG,WAAW,CACvD,CACF,GACC,QAAQ,CAAC,mBAAmB,CAAC,GAAG;IAE9B,YAAY,EAAE,OAAO,CAAC;IACtB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;CACzC,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-provider.interface.js","sourceRoot":"","sources":["../../../src/authz/providers/oauth-provider.interface.ts"],"names":[],"mappings":"","sourcesContent":["import type { IOAuthStore } from '../stores/oauth-store.interface';\nimport type {\n OAuthSession,\n OAuthUserProfile,\n} from '../interfaces/oauth-common.interface';\n\n// Re-export common interfaces\nexport type { OAuthSession, OAuthUserProfile };\n\n// Define a minimal placeholder for TypeORM options so the type remains\n// available without requiring the optional `@nestjs/typeorm` package.\n// Consumers who use the TypeORM store should install the package to get\n// the full type definitions.\ntype TypeOrmModuleOptions = Record<string, unknown>;\n\nexport interface OAuthProviderConfig {\n name: string;\n displayName?: string;\n strategy: any; // Passport Strategy constructor\n strategyOptions: (options: {\n serverUrl: string;\n clientId: string;\n clientSecret: string;\n callbackPath?: string; // Optional custom callback path\n }) => any;\n scope?: string[];\n profileMapper: (profile: any) => OAuthUserProfile;\n}\n\n// Store configuration union type\nexport type StoreConfiguration =\n | { type: 'typeorm'; options: TypeOrmModuleOptions }\n | { type: 'custom'; store: IOAuthStore }\n | { type: 'memory' }\n | undefined; // Default to memory store\n\nexport interface OAuthEndpointConfiguration {\n wellKnownAuthorizationServerMetadata?: string; // Default: '/.well-known/oauth-authorization-server'\n wellKnownProtectedResourceMetadata?: string | string[]; // Default: '/.well-known/oauth-protected-resource'\n register?: string; // Default: '/register'\n authorize?: string; // Default: '/authorize'\n callback?: string; // Default: '/callback'\n token?: string; // Default: '/token'\n revoke?: string; // Default: '/revoke'\n}\n\nexport interface OAuthEndpointDisableOptions {\n wellKnownAuthorizationServerMetadata?: boolean;\n wellKnownProtectedResourceMetadata?: boolean;\n}\n\nexport interface OAuthUserModuleOptions {\n provider: OAuthProviderConfig;\n\n // Required OAuth Provider Credentials\n clientId: string;\n clientSecret: string;\n\n // Required JWT Configuration\n jwtSecret: string;\n\n // Server Configuration\n serverUrl?: string;\n resource?: string; // should be the endpoint clients connect to, e.g.: 'https://localhost:3000/mcp'\n // JWT Configuration\n jwtIssuer?: string;\n jwtAudience?: string;\n jwtAccessTokenExpiresIn?: string;\n jwtRefreshTokenExpiresIn?: string;\n enableRefreshTokens?: boolean;\n\n // Cookie Configuration\n cookieSecure?: boolean;\n cookieMaxAge?: number;\n\n // OAuth Session Configuration\n oauthSessionExpiresIn?: number; // in milliseconds\n authCodeExpiresIn?: number; // in milliseconds\n\n // Protected Resource Metadata Configuration\n protectedResourceMetadata?: {\n scopesSupported?: string[];\n bearerMethodsSupported?: string[];\n mcpVersionsSupported?: string[];\n };\n\n // Authorization Server Metadata Configuration\n authorizationServerMetadata?: {\n responseTypesSupported?: string[];\n responseModesSupported?: string[];\n grantTypesSupported?: string[];\n tokenEndpointAuthMethodsSupported?: string[];\n scopesSupported?: string[];\n codeChallengeMethodsSupported?: string[];\n };\n\n // Storage Configuration - single property for all storage options\n storeConfiguration?: StoreConfiguration;\n apiPrefix?: string;\n\n // Endpoint Configuration\n endpoints?: OAuthEndpointConfiguration;\n disableEndpoints?: OAuthEndpointDisableOptions;\n}\n\nexport interface OAuthModuleDefaults {\n serverUrl: string;\n resource: string; // Default resource URL\n jwtIssuer: string;\n jwtAudience: string;\n jwtAccessTokenExpiresIn: string;\n jwtRefreshTokenExpiresIn: string;\n enableRefreshTokens: boolean;\n cookieMaxAge: number;\n oauthSessionExpiresIn: number;\n authCodeExpiresIn: number;\n nodeEnv: string;\n apiPrefix: string;\n endpoints: OAuthEndpointConfiguration;\n disableEndpoints: OAuthEndpointDisableOptions;\n protectedResourceMetadata: {\n scopesSupported: string[];\n bearerMethodsSupported: string[];\n mcpVersionsSupported: string[];\n };\n authorizationServerMetadata: {\n responseTypesSupported: string[];\n responseModesSupported: string[];\n grantTypesSupported: string[];\n tokenEndpointAuthMethodsSupported: string[];\n scopesSupported: string[];\n codeChallengeMethodsSupported: string[];\n };\n}\n\n// Resolved options after merging with defaults\nexport type OAuthModuleOptions = Required<\n Pick<\n OAuthUserModuleOptions,\n 'provider' | 'clientId' | 'clientSecret' | 'jwtSecret'\n >\n> &\n Required<OAuthModuleDefaults> & {\n // Optional fields that may remain undefined\n cookieSecure: boolean;\n storeConfiguration?: StoreConfiguration;\n };\n"]}
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import type { ClientRegistrationDto, IOAuthStore, OAuthClient } from '../stores/oauth-store.interface';
|
|
2
|
-
import type { OAuthModuleOptions } from '../providers/oauth-provider.interface';
|
|
3
|
-
export declare class ClientService {
|
|
4
|
-
private readonly store;
|
|
5
|
-
private readonly options;
|
|
6
|
-
constructor(store: IOAuthStore, options: OAuthModuleOptions);
|
|
7
|
-
registerClient(registrationDto: ClientRegistrationDto): Promise<OAuthClient>;
|
|
8
|
-
protected preRegistrationChecks(_dto: ClientRegistrationDto): Promise<void>;
|
|
9
|
-
getClient(clientId: string): Promise<OAuthClient | null>;
|
|
10
|
-
validateRedirectUri(clientId: string, redirectUri: string): Promise<boolean>;
|
|
11
|
-
}
|
|
12
|
-
//# sourceMappingURL=client.service.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"client.service.d.ts","sourceRoot":"","sources":["../../../src/authz/services/client.service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,qBAAqB,EACrB,WAAW,EACX,WAAW,EACZ,MAAM,iCAAiC,CAAC;AAEzC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAEhF,qBACa,aAAa;IAEC,OAAO,CAAC,QAAQ,CAAC,KAAK;IAE7C,OAAO,CAAC,QAAQ,CAAC,OAAO;gBAFgB,KAAK,EAAE,WAAW,EAEzC,OAAO,EAAE,kBAAkB;IAUxC,cAAc,CAClB,eAAe,EAAE,qBAAqB,GACrC,OAAO,CAAC,WAAW,CAAC;cAuEP,qBAAqB,CACnC,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,IAAI,CAAC;IAIV,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAcxD,mBAAmB,CACvB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC;CAIpB"}
|