npm - @starfysh/gdrive-mcp - Versions diffs - 1.0.0 - Mend

@starfysh/gdrive-mcp 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/LICENSE +7 -0
package/README.md +521 -0
package/dist/auth.js +148 -0
package/dist/googleDocsApiHelpers.js +618 -0
package/dist/googleSheetsApiHelpers.js +356 -0
package/dist/server.js +2451 -0
package/dist/types.js +107 -0
package/package.json +53 -0

package/dist/auth.js ADDED Viewed

@@ -0,0 +1,148 @@
+// src/auth.ts
+import { google } from 'googleapis';
+import { JWT } from 'google-auth-library'; // ADDED: Import for Service Account client
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import * as readline from 'readline/promises';
+import { fileURLToPath } from 'url';
+// --- Calculate paths relative to this script file (ESM way) ---
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const projectRootDir = path.resolve(__dirname, '..');
+const TOKEN_PATH = path.join(projectRootDir, 'token.json');
+const CREDENTIALS_PATH = path.join(projectRootDir, 'credentials.json');
+// --- End of path calculation ---
+const SCOPES = [
+    'https://www.googleapis.com/auth/documents',
+    'https://www.googleapis.com/auth/drive', // Full Drive access for listing, searching, and document discovery
+    'https://www.googleapis.com/auth/spreadsheets' // Google Sheets API access
+];
+// --- NEW FUNCTION: Handles Service Account Authentication ---
+// This entire function is new. It is called only when the
+// SERVICE_ACCOUNT_PATH environment variable is set.
+// Supports domain-wide delegation via GOOGLE_IMPERSONATE_USER env var.
+async function authorizeWithServiceAccount() {
+    const serviceAccountPath = process.env.SERVICE_ACCOUNT_PATH; // We know this is set if we are in this function
+    const impersonateUser = process.env.GOOGLE_IMPERSONATE_USER; // Optional: email of user to impersonate
+    try {
+        const keyFileContent = await fs.readFile(serviceAccountPath, 'utf8');
+        const serviceAccountKey = JSON.parse(keyFileContent);
+        const auth = new JWT({
+            email: serviceAccountKey.client_email,
+            key: serviceAccountKey.private_key,
+            scopes: SCOPES,
+            subject: impersonateUser, // Enables domain-wide delegation when set
+        });
+        await auth.authorize();
+        if (impersonateUser) {
+            console.error(`Service Account authentication successful, impersonating: ${impersonateUser}`);
+        }
+        else {
+            console.error('Service Account authentication successful!');
+        }
+        return auth;
+    }
+    catch (error) {
+        if (error.code === 'ENOENT') {
+            console.error(`FATAL: Service account key file not found at path: ${serviceAccountPath}`);
+            throw new Error(`Service account key file not found. Please check the path in SERVICE_ACCOUNT_PATH.`);
+        }
+        console.error('FATAL: Error loading or authorizing the service account key:', error.message);
+        throw new Error('Failed to authorize using the service account. Ensure the key file is valid and the path is correct.');
+    }
+}
+// --- END OF NEW FUNCTION---
+async function loadSavedCredentialsIfExist() {
+    try {
+        const content = await fs.readFile(TOKEN_PATH);
+        const credentials = JSON.parse(content.toString());
+        const { client_secret, client_id, redirect_uris } = await loadClientSecrets();
+        const client = new google.auth.OAuth2(client_id, client_secret, redirect_uris?.[0]);
+        client.setCredentials(credentials);
+        return client;
+    }
+    catch (err) {
+        return null;
+    }
+}
+async function loadClientSecrets() {
+    const content = await fs.readFile(CREDENTIALS_PATH);
+    const keys = JSON.parse(content.toString());
+    const key = keys.installed || keys.web;
+    if (!key)
+        throw new Error("Could not find client secrets in credentials.json.");
+    return {
+        client_id: key.client_id,
+        client_secret: key.client_secret,
+        redirect_uris: key.redirect_uris || ['http://localhost:3000/'], // Default for web clients
+        client_type: keys.web ? 'web' : 'installed'
+    };
+}
+async function saveCredentials(client) {
+    const { client_secret, client_id } = await loadClientSecrets();
+    const payload = JSON.stringify({
+        type: 'authorized_user',
+        client_id: client_id,
+        client_secret: client_secret,
+        refresh_token: client.credentials.refresh_token,
+    });
+    await fs.writeFile(TOKEN_PATH, payload);
+    console.error('Token stored to', TOKEN_PATH);
+}
+async function authenticate() {
+    const { client_secret, client_id, redirect_uris, client_type } = await loadClientSecrets();
+    // For web clients, use the configured redirect URI; for desktop clients, use 'urn:ietf:wg:oauth:2.0:oob'
+    const redirectUri = client_type === 'web' ? redirect_uris[0] : 'urn:ietf:wg:oauth:2.0:oob';
+    console.error(`DEBUG: Using redirect URI: ${redirectUri}`);
+    console.error(`DEBUG: Client type: ${client_type}`);
+    const oAuth2Client = new google.auth.OAuth2(client_id, client_secret, redirectUri);
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    const authorizeUrl = oAuth2Client.generateAuthUrl({
+        access_type: 'offline',
+        scope: SCOPES.join(' '),
+    });
+    console.error('DEBUG: Generated auth URL:', authorizeUrl);
+    console.error('Authorize this app by visiting this url:', authorizeUrl);
+    const code = await rl.question('Enter the code from that page here: ');
+    rl.close();
+    try {
+        const { tokens } = await oAuth2Client.getToken(code);
+        oAuth2Client.setCredentials(tokens);
+        if (tokens.refresh_token) { // Save only if we got a refresh token
+            await saveCredentials(oAuth2Client);
+        }
+        else {
+            console.error("Did not receive refresh token. Token might expire.");
+        }
+        console.error('Authentication successful!');
+        return oAuth2Client;
+    }
+    catch (err) {
+        console.error('Error retrieving access token', err);
+        throw new Error('Authentication failed');
+    }
+}
+// --- MODIFIED: The Main Exported Function ---
+// This function now acts as a router. It checks for the environment
+// variable and decides which authentication method to use.
+export async function authorize() {
+    // Check if the Service Account environment variable is set.
+    if (process.env.SERVICE_ACCOUNT_PATH) {
+        console.error('Service account path detected. Attempting service account authentication...');
+        return authorizeWithServiceAccount();
+    }
+    else {
+        // If not, execute the original OAuth 2.0 flow exactly as it was.
+        console.error('No service account path detected. Falling back to standard OAuth 2.0 flow...');
+        let client = await loadSavedCredentialsIfExist();
+        if (client) {
+            // Optional: Add token refresh logic here if needed, though library often handles it.
+            console.error('Using saved credentials.');
+            return client;
+        }
+        console.error('Starting authentication flow...');
+        client = await authenticate();
+        return client;
+    }
+}
+// --- END OF MODIFIED: The Main Exported Function ---