@softeria/ms-365-mcp-server 0.127.0 → 0.128.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/microsoft-auth.js +17 -4
- package/dist/server.js +9 -6
- package/package.json +1 -1
|
@@ -1,9 +1,17 @@
|
|
|
1
1
|
import logger from "../logger.js";
|
|
2
2
|
import { getCloudEndpoints } from "../cloud-config.js";
|
|
3
|
-
function
|
|
3
|
+
function buildResourceMetadataUrl(req, publicUrl) {
|
|
4
|
+
if (publicUrl) {
|
|
5
|
+
const parsed = new URL(publicUrl);
|
|
6
|
+
const path = parsed.pathname.replace(/\/$/, "");
|
|
7
|
+
return `${parsed.origin}/.well-known/oauth-protected-resource${path}`;
|
|
8
|
+
}
|
|
4
9
|
const protocol = req.secure ? "https" : "http";
|
|
5
10
|
const origin = `${protocol}://${req.get("host")}`;
|
|
6
|
-
|
|
11
|
+
return `${origin}/.well-known/oauth-protected-resource`;
|
|
12
|
+
}
|
|
13
|
+
function buildWwwAuthenticate(req, error, description, publicUrl) {
|
|
14
|
+
const resourceMetadata = buildResourceMetadataUrl(req, publicUrl);
|
|
7
15
|
return `Bearer resource_metadata="${resourceMetadata}", error="${error}", error_description="${description}"`;
|
|
8
16
|
}
|
|
9
17
|
function isJwtExpired(token) {
|
|
@@ -46,7 +54,12 @@ const microsoftBearerTokenAuthMiddleware = (opts = {}) => (req, res, next) => {
|
|
|
46
54
|
}
|
|
47
55
|
res.status(401).set(
|
|
48
56
|
"WWW-Authenticate",
|
|
49
|
-
buildWwwAuthenticate(
|
|
57
|
+
buildWwwAuthenticate(
|
|
58
|
+
req,
|
|
59
|
+
"invalid_token",
|
|
60
|
+
"Missing or malformed Authorization header",
|
|
61
|
+
opts.publicUrl
|
|
62
|
+
)
|
|
50
63
|
).json({
|
|
51
64
|
error: "invalid_token",
|
|
52
65
|
error_description: "Missing or malformed Authorization header"
|
|
@@ -57,7 +70,7 @@ const microsoftBearerTokenAuthMiddleware = (opts = {}) => (req, res, next) => {
|
|
|
57
70
|
if (isJwtExpired(accessToken)) {
|
|
58
71
|
res.status(401).set(
|
|
59
72
|
"WWW-Authenticate",
|
|
60
|
-
buildWwwAuthenticate(req, "invalid_token", "The access token has expired")
|
|
73
|
+
buildWwwAuthenticate(req, "invalid_token", "The access token has expired", opts.publicUrl)
|
|
61
74
|
).json({ error: "invalid_token", error_description: "The access token has expired" });
|
|
62
75
|
return;
|
|
63
76
|
}
|
package/dist/server.js
CHANGED
|
@@ -229,7 +229,7 @@ class MicrosoftGraphServer {
|
|
|
229
229
|
const metadata = {
|
|
230
230
|
issuer: browserBase,
|
|
231
231
|
authorization_endpoint: `${browserBase}/authorize`,
|
|
232
|
-
token_endpoint: `${
|
|
232
|
+
token_endpoint: `${browserBase}/token`,
|
|
233
233
|
response_types_supported: ["code"],
|
|
234
234
|
response_modes_supported: ["query"],
|
|
235
235
|
grant_types_supported: ["authorization_code", "refresh_token"],
|
|
@@ -238,23 +238,25 @@ class MicrosoftGraphServer {
|
|
|
238
238
|
scopes_supported: scopes
|
|
239
239
|
};
|
|
240
240
|
if (this.options.enableDynamicRegistration) {
|
|
241
|
-
metadata.registration_endpoint = `${
|
|
241
|
+
metadata.registration_endpoint = `${browserBase}/register`;
|
|
242
242
|
}
|
|
243
243
|
res.json(metadata);
|
|
244
244
|
});
|
|
245
|
-
|
|
245
|
+
const protectedResourcesHandler = async (req, res) => {
|
|
246
246
|
const protocol = req.secure ? "https" : "http";
|
|
247
247
|
const requestOrigin = `${protocol}://${req.get("host")}`;
|
|
248
248
|
const browserBase = publicBase ?? requestOrigin;
|
|
249
249
|
const scopes = this.options.obo ? [`${this.secrets.clientId}/access_as_user`] : resolveAuthScopes(this.options);
|
|
250
250
|
res.json({
|
|
251
|
-
resource: `${
|
|
251
|
+
resource: `${browserBase}/mcp`,
|
|
252
252
|
authorization_servers: [browserBase],
|
|
253
253
|
scopes_supported: scopes,
|
|
254
254
|
bearer_methods_supported: ["header"],
|
|
255
255
|
resource_documentation: browserBase
|
|
256
256
|
});
|
|
257
|
-
}
|
|
257
|
+
};
|
|
258
|
+
app.get("/.well-known/oauth-protected-resource", protectedResourcesHandler);
|
|
259
|
+
app.get("/.well-known/oauth-protected-resource/*path", protectedResourcesHandler);
|
|
258
260
|
if (this.options.enableDynamicRegistration) {
|
|
259
261
|
app.post("/register", async (req, res) => {
|
|
260
262
|
const body = req.body;
|
|
@@ -470,7 +472,8 @@ class MicrosoftGraphServer {
|
|
|
470
472
|
);
|
|
471
473
|
const mcpAuth = microsoftBearerTokenAuthMiddleware({
|
|
472
474
|
trustProxyAuth: this.options.trustProxyAuth,
|
|
473
|
-
allowUnauthenticatedDiscovery: this.options.allowUnauthenticatedDiscovery
|
|
475
|
+
allowUnauthenticatedDiscovery: this.options.allowUnauthenticatedDiscovery,
|
|
476
|
+
publicUrl: publicBase
|
|
474
477
|
});
|
|
475
478
|
app.get(
|
|
476
479
|
"/mcp",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@softeria/ms-365-mcp-server",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.128.0",
|
|
4
4
|
"description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|