@silkweave/nestjs 2.4.0 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +155 -9
- package/build/index-C1W-O7EX.d.mts +46 -0
- package/build/index-C1W-O7EX.d.mts.map +1 -0
- package/build/index.d.mts +138 -208
- package/build/index.d.mts.map +1 -1
- package/build/index.mjs +348 -8725
- package/build/index.mjs.map +1 -1
- package/build/mcp.d.mts +35 -0
- package/build/mcp.d.mts.map +1 -0
- package/build/mcp.mjs +61 -0
- package/build/mcp.mjs.map +1 -0
- package/build/trpc.d.mts +39 -0
- package/build/trpc.d.mts.map +1 -0
- package/build/trpc.mjs +59 -0
- package/build/trpc.mjs.map +1 -0
- package/build/typegen.d.mts +32 -0
- package/build/typegen.d.mts.map +1 -0
- package/build/typegen.mjs +36 -0
- package/build/typegen.mjs.map +1 -0
- package/build/types-wmI5n_7i.d.mts +172 -0
- package/build/types-wmI5n_7i.d.mts.map +1 -0
- package/package.json +41 -6
package/README.md
CHANGED
|
@@ -1,16 +1,30 @@
|
|
|
1
1
|
# @silkweave/nestjs
|
|
2
2
|
|
|
3
|
-
NestJS adapter for [Silkweave](https://github.com/silkweave/silkweave). Expose your **existing NestJS controllers** as MCP (Model Context Protocol) tools by adding a single `@Mcp()` decorator to a route handler. The
|
|
3
|
+
NestJS adapter for [Silkweave](https://github.com/silkweave/silkweave). Expose your **existing NestJS controllers** as MCP (Model Context Protocol) tools by adding a single `@Mcp()` decorator to a route handler - or as **end-to-end-typed tRPC procedures** with the sibling `@Trpc()` decorator. The name, description, and input schema are **reflected** from the route, the `@Param`/`@Query`/`@Body` decorators, and any `@nestjs/swagger` / `class-validator` metadata the method already carries - nothing is re-declared. On a call the validated input is split back into the method's positional arguments and the handler is invoked directly, with `@UseGuards()` guards applied first.
|
|
4
4
|
|
|
5
|
-
It is **additive**: controllers keep serving HTTP exactly as before, and removing `@Mcp()`
|
|
5
|
+
It is **additive**: controllers keep serving HTTP exactly as before, and removing the decorator fully reverts a method. The same method can carry both `@Mcp()` (for agents) and `@Trpc()` (for your frontend) alongside `@UseGuards()`.
|
|
6
6
|
|
|
7
7
|
## Install
|
|
8
8
|
|
|
9
9
|
```bash
|
|
10
10
|
pnpm add @silkweave/core @silkweave/nestjs @nestjs/common @nestjs/core @nestjs/platform-express reflect-metadata
|
|
11
|
+
|
|
12
|
+
# then add only the adapter packages you use (each is an optional peer):
|
|
13
|
+
pnpm add @silkweave/mcp # if you use mcp()
|
|
14
|
+
pnpm add @silkweave/trpc # if you use trpc()
|
|
15
|
+
pnpm add @silkweave/typegen # if you use typegen()
|
|
16
|
+
```
|
|
17
|
+
|
|
18
|
+
The adapters live behind **subpath exports** and their stacks are **optional peer dependencies**, so an MCP-only app never pulls in `@trpc/server`, and a tRPC-only app never pulls in the MCP SDK / OAuth stack. The decorators and module come from the root; each adapter from its subpath:
|
|
19
|
+
|
|
20
|
+
```ts
|
|
21
|
+
import { Mcp, Trpc, SilkweaveModule } from '@silkweave/nestjs'
|
|
22
|
+
import { mcp } from '@silkweave/nestjs/mcp'
|
|
23
|
+
import { trpc } from '@silkweave/nestjs/trpc'
|
|
24
|
+
import { typegen } from '@silkweave/nestjs/typegen'
|
|
11
25
|
```
|
|
12
26
|
|
|
13
|
-
`@nestjs/swagger` and `class-validator` are **optional** peers - install whichever your DTOs already use; the reflector reads both and falls back to TypeScript `design:type` when neither is present.
|
|
27
|
+
`@nestjs/swagger` and `class-validator` are **optional** peers too - install whichever your DTOs already use; the reflector reads both and falls back to TypeScript `design:type` when neither is present.
|
|
14
28
|
|
|
15
29
|
> NestJS needs decorator-aware transforms with `emitDecoratorMetadata`. Use `@swc-node/register` (`node --import @swc-node/register/esm-register src/main.ts`) or the `nest start` CLI; plain `tsx` does not emit decorator metadata.
|
|
16
30
|
|
|
@@ -70,7 +84,8 @@ export class UsersController {
|
|
|
70
84
|
```ts
|
|
71
85
|
// app.module.ts
|
|
72
86
|
import { Module } from '@nestjs/common'
|
|
73
|
-
import {
|
|
87
|
+
import { SilkweaveModule } from '@silkweave/nestjs'
|
|
88
|
+
import { mcp } from '@silkweave/nestjs/mcp'
|
|
74
89
|
import { AdminGuard } from './admin.guard.js'
|
|
75
90
|
import { UsersController } from './users.controller.js'
|
|
76
91
|
|
|
@@ -115,7 +130,7 @@ Exposes the decorated controller route as an MCP tool. Every option is optional.
|
|
|
115
130
|
|--------|------|---------|-------------|
|
|
116
131
|
| `name` | `string` | `${ControllerBase}${MethodName}` (e.g. `UsersGet`) | MCP tool name override |
|
|
117
132
|
| `description` | `string` | `@ApiOperation` summary/description, else generated | Tool description |
|
|
118
|
-
| `input` | `Record<string, z.ZodType
|
|
133
|
+
| `input` | `Record<string, z.ZodType> \| z.ZodObject` | - | Zod override merged over the reflected fields (per-field). A raw shape (`{ field: z.string() }`) **or** a whole `z.object({ ... })` (its `.shape` is unwrapped). The escape hatch for shapes reflection can't express - discriminated unions, custom validators, `@Transform`. It **adds to** the reflected fields; it does not replace them (see the warning below) |
|
|
119
134
|
| `pipes` | `'apply' \| 'skip'` | `'apply'` | Whether to run parameter-bound pipes (`@Param('id', ParseIntPipe)`) when re-binding |
|
|
120
135
|
| `result` | `'json' \| 'smart'` | `'smart'` | Default MCP result format - `'json'` returns compact JSON text (`jsonToolResult`); `'smart'` inlines small payloads and offloads large ones to an embedded resource (`smartToolResult`). A client that sends `_meta.disposition` on the call overrides it |
|
|
121
136
|
|
|
@@ -141,7 +156,7 @@ For each `@Mcp` method the adapter builds **one flat Zod input object** by mergi
|
|
|
141
156
|
2. `class-validator` decorators (`@IsString`, `@MinLength`, `@IsOptional`, `@IsEnum`, ...) - **optional** peer
|
|
142
157
|
3. `@nestjs/swagger` decorators - `@ApiParam`/`@ApiQuery` for scalar path/query params, `@ApiProperty` for whole-DTO properties - **optional** peer
|
|
143
158
|
4. An ingested OpenAPI document, matched by HTTP verb + path (`SilkweaveModule.forRoot({ openapi })`)
|
|
144
|
-
5. `@Mcp({ input })` raw
|
|
159
|
+
5. `@Mcp({ input })` override (a raw shape or a `z.object({ ... })`)
|
|
145
160
|
|
|
146
161
|
Field sources are derived from the parameter decorators:
|
|
147
162
|
|
|
@@ -153,10 +168,17 @@ Field sources are derived from the parameter decorators:
|
|
|
153
168
|
| `@Query() dto: ListDto` | each property of `ListDto`, flattened to top level |
|
|
154
169
|
| `@Body('x') x` | scalar field `x` |
|
|
155
170
|
| `@Body() dto: CreateDto` | each property of `CreateDto`, flattened to top level |
|
|
156
|
-
| `@Req`/`@
|
|
171
|
+
| `@Req`/`@Headers`/`@Ip`/`@Session`/files | not exposed; bound at call time (headers/req from the MCP request stand-in, the rest `undefined`) |
|
|
172
|
+
| `@Res() res` | not exposed; bound to the **real Express response over tRPC** (so `@Res({ passthrough: true })` can set cookies/headers), `undefined` over MCP (no HTTP response) |
|
|
157
173
|
|
|
158
174
|
On a tool call the validated input is split back into the handler's positional arguments per the same parameter map, parameter-bound pipes run (unless `pipes: 'skip'`), and the method is invoked directly.
|
|
159
175
|
|
|
176
|
+
> **Unreflectable parameter warning.** A whole-DTO `@Body()`/`@Query()` whose type can't be reflected logs a `Silkweave` warning at boot naming the controller method and parameter. The usual cause is an **intersection/union** type (e.g. `@Body() input: CreateDto & z.infer<typeof Extra>`): TypeScript erases it to `Object` under `design:type`, so the DTO class reference is lost and **none** of its `@ApiProperty`/`class-validator` fields reflect. A `@Mcp`/`@Trpc({ input })` override on the same method does **not** silence this - the override *adds* fields, it doesn't recover the dropped ones. Fix it by using a single DTO class, or by declaring every field via `({ input })`.
|
|
177
|
+
|
|
178
|
+
### Nullable fields
|
|
179
|
+
|
|
180
|
+
`@ApiProperty({ nullable: true })` (and OpenAPI `nullable: true`) reflect to a `.nullable()` Zod field (`string | null`). `class-validator`'s `@IsOptional()` only yields `string | undefined` (optional, not nullable) - it has no `null` signal - so for a `string | null` field add `@ApiProperty({ nullable: true })` or override the field via `({ input })`.
|
|
181
|
+
|
|
160
182
|
### Optional OpenAPI ingestion
|
|
161
183
|
|
|
162
184
|
Pass a pre-built OpenAPI document (e.g. a committed `openapi.json`, or one built in a two-phase bootstrap) to use it as the authoritative schema source. It is matched to each `@Mcp` method by verb + path and overrides decorator reflection for the fields it covers; unmatched operations/fields fall back to reflection.
|
|
@@ -183,9 +205,133 @@ Mounts the MCP Streamable HTTP transport directly at `basePath`, with sideload (
|
|
|
183
205
|
| `sideloadResources` | `boolean` | `true` | Mount `{basePath}/resource/:id` |
|
|
184
206
|
| `resourceDir` | `string` | `'resources'` | Directory the sideload route reads from |
|
|
185
207
|
|
|
208
|
+
## tRPC
|
|
209
|
+
|
|
210
|
+
`@Trpc()` is the tRPC sibling of `@Mcp()`. It exposes a controller route as a tRPC procedure, reflecting its key, input, and kind from exactly the same sources `@Mcp` uses - so a single method can serve REST, MCP, and tRPC at once. Two things differ because tRPC consumers need them: **precise output types** in the generated router, and **subscriptions** for `async *` routes.
|
|
211
|
+
|
|
212
|
+
```ts
|
|
213
|
+
import { Mcp, Trpc } from '@silkweave/nestjs'
|
|
214
|
+
import { ApiOkResponse, ApiOperation } from '@nestjs/swagger'
|
|
215
|
+
|
|
216
|
+
class ListUsersResponse {
|
|
217
|
+
@ApiProperty({ type: [UserDto] }) users!: UserDto[]
|
|
218
|
+
}
|
|
219
|
+
|
|
220
|
+
@Controller('users')
|
|
221
|
+
export class UsersController {
|
|
222
|
+
@Get('list-by-space')
|
|
223
|
+
@ApiOperation({ summary: 'List the users in a space' })
|
|
224
|
+
@ApiOkResponse({ type: ListUsersResponse }) // ← drives the generated output type
|
|
225
|
+
@UseGuards(AuthGuard) // ← reads the real Express request (cookies/headers)
|
|
226
|
+
@Trpc() // → query `usersListBySpace`
|
|
227
|
+
@Mcp() // → MCP tool `UsersListBySpace`
|
|
228
|
+
listBySpace(@Query() q: ListBySpaceQuery, @Req() req: AppRequest) {
|
|
229
|
+
return this.users.listForSpace(req.user, q.spaceId)
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
```
|
|
233
|
+
|
|
234
|
+
### `@Trpc(options?)` (method decorator)
|
|
235
|
+
|
|
236
|
+
| Option | Type | Default | Description |
|
|
237
|
+
|--------|------|---------|-------------|
|
|
238
|
+
| `name` | `string` | `${ControllerBase}.${MethodName}` | Procedure-name override (before camelCasing) |
|
|
239
|
+
| `description` | `string` | `@ApiOperation` summary/description, else generated | Procedure description |
|
|
240
|
+
| `input` | `Record<string, z.ZodType> \| z.ZodObject` | - | Zod override merged over reflected fields - a raw shape or a `z.object({ ... })` (same as `@Mcp({ input })`) |
|
|
241
|
+
| `output` | `z.ZodType \| DtoClass \| Record<string, z.ZodType>` | reflected from `@ApiOkResponse` | Explicit output schema driving the generated output type (wins over reflection) |
|
|
242
|
+
| `chunk` | `z.ZodType \| DtoClass` | `unknown` | Element type for a subscription's `async *` stream |
|
|
243
|
+
| `kind` | `'query' \| 'mutation' \| 'subscription'` | inferred | `@Get` ⇒ query, others ⇒ mutation, `async *` ⇒ subscription |
|
|
244
|
+
| `pipes` | `'apply' \| 'skip'` | `'apply'` | Whether to run parameter-bound pipes when re-binding |
|
|
245
|
+
|
|
246
|
+
### Naming & kind
|
|
247
|
+
|
|
248
|
+
Procedure keys are `camelCase(`${ControllerBase}.${MethodName}`)` - `UsersController.listBySpace` → `usersListBySpace` - matching the dotted-name → camelCase convention of the core tRPC adapter. Pin any exception with `@Trpc({ name })`. `kind` is inferred from the HTTP verb (`@Get` ⇒ `query`, otherwise `mutation`) or the method body (`async *` ⇒ `subscription`); override with `@Trpc({ kind })`.
|
|
249
|
+
|
|
250
|
+
### Output types (the precise part)
|
|
251
|
+
|
|
252
|
+
tRPC carries output types end-to-end, so the generated `AppRouter` needs them. In preference order:
|
|
253
|
+
|
|
254
|
+
1. **`@ApiOkResponse({ type: Dto })`** (or any 2xx `@ApiResponse`) - the response DTO is flattened like an input DTO into the procedure's output type.
|
|
255
|
+
2. **`@Trpc({ output })`** - an explicit Zod schema, DTO class, or raw shape. Wins over reflection. Use it when the return shape can't be reflected losslessly (e.g. **nested** DTOs and `Dto[]` arrays degrade to `unknown`/`unknown[]` - reflection is one level deep). For a precise nested shape, hand `@Trpc({ output })` a Zod schema.
|
|
256
|
+
|
|
257
|
+
When a reflected output field degrades to `unknown`/`unknown[]`, the adapter logs a `Silkweave` warning at boot naming the controller method and the field(s) - so a silently-`unknown` grid/list/report output is visible instead of surfacing only at the client. The warning fires only for **reflected** outputs; an explicit `@Trpc({ output })` Zod schema is your own typing and is never flagged.
|
|
258
|
+
|
|
259
|
+
### zod v3 / v4 interop
|
|
260
|
+
|
|
261
|
+
The reflector builds schemas with Zod v4 internally, but `@Trpc({ input })`/`@Trpc({ output })`/`@Trpc({ chunk })` (and the `@Mcp({ input })` override) accept a schema from **either** Zod v3 or v4 - including `zod/v4` schemas from an app already migrated off Zod v3. The generated `AppRouter` input/output types resolve correctly across the boundary. Override detection is duck-typed (`safeParse`/`.shape`), so it does not depend on a shared Zod instance.
|
|
262
|
+
|
|
263
|
+
### Subscriptions (`async *` ⇒ SSE)
|
|
264
|
+
|
|
265
|
+
An `async *` method is registered as a tRPC **subscription** served over SSE. It needs no HTTP verb - a verb-less `@Trpc({ kind: 'subscription', chunk })` exposes it over tRPC **without** creating a public REST route (see [tRPC/MCP without REST](#trpcmcp-without-a-public-rest-route)). Guards run before the first chunk.
|
|
266
|
+
|
|
267
|
+
```ts
|
|
268
|
+
@Trpc({ kind: 'subscription', chunk: BoardTick }) // → subscription `usersWatch`
|
|
269
|
+
async *watch(@Query() q: WatchQuery, @Req() req: AppRequest): AsyncGenerator<BoardTick> {
|
|
270
|
+
for await (const tick of this.board.stream(req.user, q)) { yield tick }
|
|
271
|
+
}
|
|
272
|
+
```
|
|
273
|
+
|
|
274
|
+
### `trpc(options?)` adapter
|
|
275
|
+
|
|
276
|
+
Mounts a single tRPC HTTP handler (httpBatch for queries/mutations, SSE for subscriptions) on Nest's HTTP adapter at `basePath`, built from every `@Trpc` route.
|
|
277
|
+
|
|
278
|
+
| Option | Type | Default | Description |
|
|
279
|
+
|--------|------|---------|-------------|
|
|
280
|
+
| `basePath` | `string` | `'/trpc'` | URL prefix the handler mounts on |
|
|
281
|
+
| `cors` | `CorsOptions \| boolean` | `true` | CORS. For cookie auth pass `{ origin: '<spa-origin>', credentials: true }` |
|
|
282
|
+
| `auth` | `AuthConfig` | - | Optional transport-edge bearer validation. Usually omitted - `@Trpc` routes authenticate via their own `@UseGuards()` |
|
|
283
|
+
|
|
284
|
+
**Guards + cookie auth, no separate config.** Each procedure runs the method's `@UseGuards()` first, with the guard receiving a real `ExecutionContext` whose `switchToHttp().getRequest()` is the **actual Express request** (cookies, headers, `req.user`). So an `AuthGuard` reading an HttpOnly session cookie works with no auth config - the client just sends `credentials: 'include'` / `withCredentials`. A denying guard surfaces to the client as a `TRPCError` whose `data.httpStatus` is the guard's HTTP status (e.g. `401`/`403`), so a `splitLink`/`errorLink` can react.
|
|
285
|
+
|
|
286
|
+
Reach the authenticated principal + silkweave context from a handler with `@Req() req` (read `req.user`, set by the guard - works identically over REST, tRPC, and MCP).
|
|
287
|
+
|
|
288
|
+
### `typegen(options?)` adapter
|
|
289
|
+
|
|
290
|
+
On bootstrap, writes a `.ts` file containing the tRPC `AppRouter` type covering every `@Trpc` procedure - the exact `TRPCBuiltRouter` contract `createTRPCClient<AppRouter>()` and `inferRouterInputs`/`inferRouterOutputs` consume. It only sees `@Trpc` actions (MCP tools are gated out), so the emitted router matches what `trpc()` serves.
|
|
291
|
+
|
|
292
|
+
| Option | Type | Default | Description |
|
|
293
|
+
|--------|------|---------|-------------|
|
|
294
|
+
| `path` | `string` | - | Output file path (resolved against `process.cwd()`; parent dirs created) |
|
|
295
|
+
| `format` | `'trpc-router' \| 'interfaces' \| 'all'` | `'trpc-router'` | `'trpc-router'` emits `AppRouter`; `'interfaces'` emits `{Name}Input`/`{Name}Output`; `'all'` both |
|
|
296
|
+
|
|
297
|
+
```ts
|
|
298
|
+
// app.module.ts
|
|
299
|
+
import { SilkweaveModule } from '@silkweave/nestjs'
|
|
300
|
+
import { mcp } from '@silkweave/nestjs/mcp'
|
|
301
|
+
import { trpc } from '@silkweave/nestjs/trpc'
|
|
302
|
+
import { typegen } from '@silkweave/nestjs/typegen'
|
|
303
|
+
|
|
304
|
+
SilkweaveModule.forRoot({
|
|
305
|
+
silkweave: { name: 'my-app', description: 'My App', version: '1.0.0' },
|
|
306
|
+
adapters: [
|
|
307
|
+
mcp({ basePath: '/mcp', auth: mcpAuth }), // @Mcp methods → MCP tools (bearer/OAuth)
|
|
308
|
+
trpc({ basePath: '/trpc' }), // @Trpc methods → tRPC procedures (cookie/guard auth)
|
|
309
|
+
typegen({ path: '../app/src/types/appRouter.ts' })// @Trpc procedures → AppRouter type
|
|
310
|
+
]
|
|
311
|
+
})
|
|
312
|
+
```
|
|
313
|
+
|
|
314
|
+
```ts
|
|
315
|
+
// client - the emitted AppRouter is the only import you need
|
|
316
|
+
import { createTRPCClient, httpBatchLink, httpSubscriptionLink, splitLink } from '@trpc/client'
|
|
317
|
+
import type { AppRouter } from './types/appRouter.js'
|
|
318
|
+
|
|
319
|
+
export const trpc = createTRPCClient<AppRouter>({
|
|
320
|
+
links: [splitLink({
|
|
321
|
+
condition: (op) => op.type === 'subscription',
|
|
322
|
+
true: httpSubscriptionLink({ url: '/trpc' }), // SSE, withCredentials for cookies
|
|
323
|
+
false: httpBatchLink({ url: '/trpc', fetch: (u, o) => fetch(u, { ...o, credentials: 'include' }) })
|
|
324
|
+
})]
|
|
325
|
+
})
|
|
326
|
+
```
|
|
327
|
+
|
|
328
|
+
### tRPC/MCP without a public REST route
|
|
329
|
+
|
|
330
|
+
A `@Get`/`@Post` is inherently a public REST route. To expose a method over **tRPC and/or MCP only**, omit the HTTP-verb decorator: Nest never maps it as REST, and `@Trpc({ kind })` (or `@Mcp()`) still picks it up. This is how subscriptions (which are verb-less `async *` methods) and any internal-only procedure stay off the public REST surface.
|
|
331
|
+
|
|
186
332
|
## Guards & DI
|
|
187
333
|
|
|
188
|
-
Native NestJS `@UseGuards()` on `@Mcp` methods run before the handler is invoked. Guards receive an `ExecutionContext` with the request in `switchToHttp().getRequest()`, and the `Reflector` is wired up so guards can read custom metadata.
|
|
334
|
+
Native NestJS `@UseGuards()` on `@Mcp`/`@Trpc` methods run before the handler is invoked. Guards receive an `ExecutionContext` with the request in `switchToHttp().getRequest()`, and the `Reflector` is wired up so guards can read custom metadata.
|
|
189
335
|
|
|
190
336
|
**Headers over MCP.** The inbound tool-call request is surfaced as a stand-in `{ headers, url, params, query }` object built from the MCP SDK's `extra.requestInfo`, so a header-based guard - e.g. one reading `getRequest().headers['x-api-key']` - works unchanged. `ExecutionContext.getType()` is `'http'` whenever a request is available (and `'rpc'` for transports with none, e.g. MCP stdio). Caveats:
|
|
191
337
|
|
|
@@ -217,7 +363,7 @@ Because the handler is invoked directly (not through Nest's HTTP request pipelin
|
|
|
217
363
|
|
|
218
364
|
## Notes
|
|
219
365
|
|
|
220
|
-
- **Opt-in.** Only methods carrying `@Mcp()` are exposed - controllers are never auto-published.
|
|
366
|
+
- **Opt-in.** Only methods carrying `@Mcp()`/`@Trpc()` are exposed - controllers are never auto-published.
|
|
221
367
|
- **Express only by default.** `@nestjs/platform-fastify` requires `@fastify/express` registered upfront.
|
|
222
368
|
- **`reflect-metadata`** must be imported once at the top of your entry file.
|
|
223
369
|
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
import { SilkweaveContext } from "@silkweave/core";
|
|
2
|
+
|
|
3
|
+
//#region ../auth/build/index.d.mts
|
|
4
|
+
//#endregion
|
|
5
|
+
//#region src/provider/types.d.ts
|
|
6
|
+
interface AuthInfo {
|
|
7
|
+
token: string;
|
|
8
|
+
clientId?: string;
|
|
9
|
+
scopes?: string[];
|
|
10
|
+
expiresAt?: number;
|
|
11
|
+
[key: string]: unknown;
|
|
12
|
+
}
|
|
13
|
+
interface OAuthRequest {
|
|
14
|
+
method: string;
|
|
15
|
+
url: URL;
|
|
16
|
+
headers: Record<string, string | undefined>;
|
|
17
|
+
body?: Record<string, string>;
|
|
18
|
+
}
|
|
19
|
+
interface OAuthResponse {
|
|
20
|
+
status: number;
|
|
21
|
+
headers: Record<string, string>;
|
|
22
|
+
body?: string | Record<string, unknown>;
|
|
23
|
+
}
|
|
24
|
+
interface OAuthProvider {
|
|
25
|
+
authorize(req: OAuthRequest): Promise<OAuthResponse>;
|
|
26
|
+
callback(req: OAuthRequest): Promise<OAuthResponse>;
|
|
27
|
+
token(req: OAuthRequest): Promise<OAuthResponse>;
|
|
28
|
+
register(req: OAuthRequest): Promise<OAuthResponse>;
|
|
29
|
+
metadata(): OAuthResponse;
|
|
30
|
+
verifyToken(token: string): Promise<AuthInfo | undefined>;
|
|
31
|
+
} //#endregion
|
|
32
|
+
//#region src/types.d.ts
|
|
33
|
+
type VerifyToken = (token: string, context: SilkweaveContext) => Promise<AuthInfo | undefined>;
|
|
34
|
+
interface AuthConfig {
|
|
35
|
+
verifyToken: VerifyToken;
|
|
36
|
+
required?: boolean;
|
|
37
|
+
resourceUrl?: string;
|
|
38
|
+
authorizationServers?: string[];
|
|
39
|
+
requiredScopes?: string[];
|
|
40
|
+
provider?: OAuthProvider;
|
|
41
|
+
callbackPath?: string;
|
|
42
|
+
} //#endregion
|
|
43
|
+
//#region src/provider/store.d.ts
|
|
44
|
+
//#endregion
|
|
45
|
+
export { AuthConfig as t };
|
|
46
|
+
//# sourceMappingURL=index-C1W-O7EX.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index-C1W-O7EX.d.mts","names":["SilkweaveContext","AuthError","Error","code","statusCode","constructor","message","invalidToken","insufficientScope","extractBearerToken","header","buildWWWAuthenticate","error","description","resourceMetadataUrl","ProtectedResourceMetadata","resource","authorization_servers","scopes_supported","bearer_methods_supported","generateProtectedResourceMetadata","resourceUrl","authorizationServers","AuthInfo","token","clientId","scopes","expiresAt","key","OAuthRequest","URL","Record","method","url","headers","body","OAuthResponse","status","OAuthProvider","Promise","authorize","req","callback","register","metadata","verifyToken","VerifyToken","context","AuthConfig","required","requiredScopes","provider","callbackPath","AuthCodeData","redirectUri","codeChallenge","codeChallengeMethod","upstreamAccessToken","upstreamIdToken","email","sub","PendingAuthData","scope","clientState","ClientRegistration","clientSecret","redirectUris","clientName","createdAt","RefreshTokenData","OAuthStore","saveAuthCode","data","getAuthCode","deleteAuthCode","savePendingAuth","state","getPendingAuth","deletePendingAuth","savePkceVerifier","verifier","getPkceVerifier","deletePkceVerifier","saveClient","getClient","saveRefreshToken","getRefreshToken","deleteRefreshToken","GoogleOAuthOptions","signingKey","tokenTtl","store","google","options","OAuthProxyConfig","authorizeUrl","tokenUrl","userinfoUrl","createOAuthProxy","config","matchRedirectUri","uri","patterns","createJsonStore","path","createMemoryStore","RedisClient","get","set","value","ex","del","RedisStoreOptions","client","prefix","createRedisStore","ValidateResult","auth","error_description","validateToken","authorizationHeader"],"sources":["../../auth/build/index.d.mts"],"mappings":";;;;;UAyBUuB,QAAAA;EACRC,KAAAA;EACAC,QAAAA;EACAC,MAAAA;EACAC,SAAAA;EAAAA,CACCC,GAAAA;AAAAA;AAAAA,UAEOC,YAAAA;EACRG,MAAAA;EACAC,GAAAA,EAAKH,GAAAA;EACLI,OAAAA,EAASH,MAAAA;EACTI,IAAAA,GAAOJ,MAAAA;AAAAA;AAAAA,UAECK,aAAAA;EACRC,MAAAA;EACAH,OAAAA,EAASH,MAAAA;EACTI,IAAAA,YAAgBJ,MAAAA;AAAAA;AAAAA,UAERO,aAAAA;EACRE,SAAAA,CAAUC,GAAAA,EAAKZ,YAAAA,GAAeU,OAAAA,CAAQH,aAAAA;EACtCM,QAAAA,CAASD,GAAAA,EAAKZ,YAAAA,GAAeU,OAAAA,CAAQH,aAAAA;EACrCZ,KAAAA,CAAMiB,GAAAA,EAAKZ,YAAAA,GAAeU,OAAAA,CAAQH,aAAAA;EAClCO,QAAAA,CAASF,GAAAA,EAAKZ,YAAAA,GAAeU,OAAAA,CAAQH,aAAAA;EACrCQ,QAAAA,IAAYR,aAAAA;EACZS,WAAAA,CAAYrB,KAAAA,WAAgBe,OAAAA,CAAQhB,QAAAA;AAAAA;AAAAA;AAAAA,KAIjCuB,WAAAA,IAAetB,KAAAA,UAAeuB,OAAAA,EAAS/C,gBAAAA,KAAqBuC,OAAAA,CAAQhB,QAAAA;AAAAA,UAC/DyB,UAAAA;EACRH,WAAAA,EAAaC,WAAAA;EACbG,QAAAA;EACA5B,WAAAA;EACAC,oBAAAA;EACA4B,cAAAA;EACAC,QAAAA,GAAWb,aAAAA;EACXc,YAAAA;AAAAA;AAAAA"}
|