npm - @softeria/ms-365-mcp-server - Versions diffs - 0.79.2 → 0.79.3 - Mend

@softeria/ms-365-mcp-server 0.79.2 → 0.79.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/server.js +18 -6
package/package.json +1 -1

package/dist/server.js CHANGED Viewed

@@ -225,18 +225,30 @@ class MicrosoftGraphServer {
         if (clientCodeChallenge && state) {
           const serverCodeVerifier = crypto.randomBytes(32).toString("base64url");
           const serverCodeChallenge = crypto.createHash("sha256").update(serverCodeVerifier).digest("base64url");
+          const now = Date.now();
+          const maxAge = 10 * 60 * 1e3;
+          const maxEntries = 1e3;
+          for (const [key, value] of this.pkceStore) {
+            if (now - value.createdAt > maxAge) {
+              this.pkceStore.delete(key);
+            }
+          }
+          if (this.pkceStore.size >= maxEntries) {
+            logger.warn(
+              `PKCE store at capacity (${maxEntries} entries) \u2014 rejecting new authorization request`
+            );
+            res.status(503).json({
+              error: "server_busy",
+              error_description: "Too many pending authorization requests. Try again later."
+            });
+            return;
+          }
           this.pkceStore.set(state, {
             clientCodeChallenge,
             clientCodeChallengeMethod: clientCodeChallengeMethod || "S256",
             serverCodeVerifier,
             createdAt: Date.now()
           });
-          const now = Date.now();
-          for (const [key, value] of this.pkceStore) {
-            if (now - value.createdAt > 10 * 60 * 1e3) {
-              this.pkceStore.delete(key);
-            }
-          }
           microsoftAuthUrl.searchParams.set("code_challenge", serverCodeChallenge);
           microsoftAuthUrl.searchParams.set("code_challenge_method", "S256");
           logger.info("Two-leg PKCE: stored client challenge, generated server challenge", {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.79.2",
+  "version": "0.79.3",
   "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
   "type": "module",
   "main": "dist/index.js",