@structured-world/gitlab-mcp 5.7.0 → 5.8.0

package/dist/oauth/gitlab-device-flow.d.ts

@@ -0,0 +1,8 @@
+import { OAuthConfig } from "./config";
+import { GitLabDeviceResponse, GitLabTokenResponse, GitLabUserInfo } from "./types";
+export declare function initiateDeviceFlow(config: OAuthConfig): Promise<GitLabDeviceResponse>;
+export declare function pollDeviceFlowOnce(deviceCode: string, config: OAuthConfig): Promise<GitLabTokenResponse | null>;
+export declare function pollForToken(deviceCode: string, config: OAuthConfig, onPending?: () => void): Promise<GitLabTokenResponse>;
+export declare function refreshGitLabToken(refreshToken: string, config: OAuthConfig): Promise<GitLabTokenResponse>;
+export declare function getGitLabUser(accessToken: string): Promise<GitLabUserInfo>;
+export declare function validateGitLabToken(accessToken: string): Promise<boolean>;

package/dist/oauth/gitlab-device-flow.js

@@ -0,0 +1,172 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initiateDeviceFlow = initiateDeviceFlow;
+exports.pollDeviceFlowOnce = pollDeviceFlowOnce;
+exports.pollForToken = pollForToken;
+exports.refreshGitLabToken = refreshGitLabToken;
+exports.getGitLabUser = getGitLabUser;
+exports.validateGitLabToken = validateGitLabToken;
+const config_1 = require("../config");
+const logger_1 = require("../logger");
+async function initiateDeviceFlow(config) {
+    const url = `${config_1.GITLAB_BASE_URL}/oauth/authorize_device`;
+    logger_1.logger.debug({ url, clientId: config.gitlabClientId }, "Initiating GitLab device flow");
+    const response = await fetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+            Accept: "application/json",
+        },
+        body: new URLSearchParams({
+            client_id: config.gitlabClientId,
+            scope: config.gitlabScopes,
+        }),
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        logger_1.logger.error({ status: response.status, error: errorText }, "Failed to initiate device flow");
+        throw new Error(`Failed to initiate device flow: ${response.status} ${errorText}`);
+    }
+    const data = (await response.json());
+    logger_1.logger.info({
+        userCode: data.user_code,
+        verificationUri: data.verification_uri,
+        expiresIn: data.expires_in,
+    }, "Device flow initiated");
+    return data;
+}
+async function pollDeviceFlowOnce(deviceCode, config) {
+    const url = `${config_1.GITLAB_BASE_URL}/oauth/token`;
+    const params = {
+        client_id: config.gitlabClientId,
+        device_code: deviceCode,
+        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+    };
+    if (config.gitlabClientSecret) {
+        params.client_secret = config.gitlabClientSecret;
+    }
+    const response = await fetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+            Accept: "application/json",
+        },
+        body: new URLSearchParams(params),
+    });
+    if (response.ok) {
+        const data = (await response.json());
+        logger_1.logger.info("Device flow authorization completed successfully");
+        return data;
+    }
+    const error = (await response.json());
+    switch (error.error) {
+        case "authorization_pending":
+            return null;
+        case "slow_down":
+            logger_1.logger.debug("Device flow: slow_down received, should increase poll interval");
+            return null;
+        case "expired_token":
+            throw new Error("Device code expired. Please start a new authorization.");
+        case "access_denied":
+            throw new Error("User denied the authorization request.");
+        case "invalid_grant":
+            throw new Error("Invalid device code or grant.");
+        default:
+            throw new Error(`Device flow error: ${error.error_description ?? error.error}`);
+    }
+}
+async function pollForToken(deviceCode, config, onPending) {
+    const startTime = Date.now();
+    const timeout = config.deviceTimeout * 1000;
+    let interval = config.devicePollInterval * 1000;
+    while (Date.now() - startTime < timeout) {
+        await sleep(interval);
+        try {
+            const result = await pollDeviceFlowOnce(deviceCode, config);
+            if (result) {
+                return result;
+            }
+            onPending?.();
+        }
+        catch (error) {
+            if (error instanceof Error) {
+                if (error.message.includes("expired") ||
+                    error.message.includes("denied") ||
+                    error.message.includes("invalid")) {
+                    throw error;
+                }
+            }
+            logger_1.logger.warn({ err: error }, "Device flow poll error, will retry");
+        }
+    }
+    throw new Error(`Device flow timeout after ${config.deviceTimeout} seconds`);
+}
+async function refreshGitLabToken(refreshToken, config) {
+    const url = `${config_1.GITLAB_BASE_URL}/oauth/token`;
+    const params = {
+        client_id: config.gitlabClientId,
+        refresh_token: refreshToken,
+        grant_type: "refresh_token",
+    };
+    if (config.gitlabClientSecret) {
+        params.client_secret = config.gitlabClientSecret;
+    }
+    logger_1.logger.debug("Refreshing GitLab token");
+    const response = await fetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+            Accept: "application/json",
+        },
+        body: new URLSearchParams(params),
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        logger_1.logger.error({ status: response.status, error: errorText }, "Failed to refresh GitLab token");
+        throw new Error(`Failed to refresh token: ${response.status} ${errorText}`);
+    }
+    const data = (await response.json());
+    logger_1.logger.info("GitLab token refreshed successfully");
+    return data;
+}
+async function getGitLabUser(accessToken) {
+    const url = `${config_1.GITLAB_BASE_URL}/api/v4/user`;
+    const response = await fetch(url, {
+        headers: {
+            Authorization: `Bearer ${accessToken}`,
+            Accept: "application/json",
+        },
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        logger_1.logger.error({ status: response.status, error: errorText }, "Failed to get GitLab user info");
+        throw new Error(`Failed to get GitLab user info: ${response.status}`);
+    }
+    const user = (await response.json());
+    logger_1.logger.debug({ userId: user.id, username: user.username }, "Retrieved GitLab user info");
+    return {
+        id: user.id,
+        username: user.username,
+        name: user.name,
+        email: user.email,
+    };
+}
+async function validateGitLabToken(accessToken) {
+    try {
+        const url = `${config_1.GITLAB_BASE_URL}/api/v4/user`;
+        const response = await fetch(url, {
+            method: "HEAD",
+            headers: {
+                Authorization: `Bearer ${accessToken}`,
+            },
+        });
+        return response.ok;
+    }
+    catch {
+        return false;
+    }
+}
+function sleep(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+}
+//# sourceMappingURL=gitlab-device-flow.js.map

package/dist/oauth/gitlab-device-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gitlab-device-flow.js","sourceRoot":"","sources":["../../src/oauth/gitlab-device-flow.ts"],"names":[],"mappings":";;AA6CA,gDAmCC;AAaD,gDA0DC;AAcD,oCAwCC;AAaD,gDAqCC;AAWD,sCA0BC;AAUD,kDAeC;AAnTD,sCAA4C;AAG5C,sCAAmC;AAgC5B,KAAK,UAAU,kBAAkB,CAAC,MAAmB;IAC1D,MAAM,GAAG,GAAG,GAAG,wBAAe,yBAAyB,CAAC;IAExD,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,cAAc,EAAE,EAAE,+BAA+B,CAAC,CAAC;IAExF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,MAAM,CAAC,cAAc;YAChC,KAAK,EAAE,MAAM,CAAC,YAAY;SAC3B,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAC9F,MAAM,IAAI,KAAK,CAAC,mCAAmC,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAyB,CAAC;IAE7D,eAAM,CAAC,IAAI,CACT;QACE,QAAQ,EAAE,IAAI,CAAC,SAAS;QACxB,eAAe,EAAE,IAAI,CAAC,gBAAgB;QACtC,SAAS,EAAE,IAAI,CAAC,UAAU;KAC3B,EACD,uBAAuB,CACxB,CAAC;IAEF,OAAO,IAAI,CAAC;AACd,CAAC;AAaM,KAAK,UAAU,kBAAkB,CACtC,UAAkB,EAClB,MAAmB;IAEnB,MAAM,GAAG,GAAG,GAAG,wBAAe,cAAc,CAAC;IAE7C,MAAM,MAAM,GAA2B;QACrC,SAAS,EAAE,MAAM,CAAC,cAAc;QAChC,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,8CAA8C;KAC3D,CAAC;IAGF,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC9B,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,kBAAkB,CAAC;IACnD,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC;KAClC,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;QAChB,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;QAC5D,eAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;IAEjE,QAAQ,KAAK,CAAC,KAAK,EAAE,CAAC;QACpB,KAAK,uBAAuB;YAE1B,OAAO,IAAI,CAAC;QAEd,KAAK,WAAW;YAGd,eAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;YAC/E,OAAO,IAAI,CAAC;QAEd,KAAK,eAAe;YAClB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAE5E,KAAK,eAAe;YAClB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAE5D,KAAK,eAAe;YAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAEnD;YACE,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAK,CAAC,iBAAiB,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IACpF,CAAC;AACH,CAAC;AAcM,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,MAAmB,EACnB,SAAsB;IAEtB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5C,IAAI,QAAQ,GAAG,MAAM,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAEhD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,OAAO,EAAE,CAAC;QAExC,MAAM,KAAK,CAAC,QAAQ,CAAC,CAAC;QAEtB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAE5D,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC;YAChB,CAAC;YAGD,SAAS,EAAE,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,IACE,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;oBACjC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAChC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EACjC,CAAC;oBACD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;YAGD,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAc,EAAE,EAAE,oCAAoC,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,CAAC,aAAa,UAAU,CAAC,CAAC;AAC/E,CAAC;AAaM,KAAK,UAAU,kBAAkB,CACtC,YAAoB,EACpB,MAAmB;IAEnB,MAAM,GAAG,GAAG,GAAG,wBAAe,cAAc,CAAC;IAE7C,MAAM,MAAM,GAA2B;QACrC,SAAS,EAAE,MAAM,CAAC,cAAc;QAChC,aAAa,EAAE,YAAY;QAC3B,UAAU,EAAE,eAAe;KAC5B,CAAC;IAGF,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC9B,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,kBAAkB,CAAC;IACnD,CAAC;IAED,eAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAExC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC;KAClC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAC9F,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;IAC5D,eAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC;AACd,CAAC;AAWM,KAAK,UAAU,aAAa,CAAC,WAAmB;IACrD,MAAM,GAAG,GAAG,GAAG,wBAAe,cAAc,CAAC;IAE7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,MAAM,EAAE,kBAAkB;SAC3B;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAC9F,MAAM,IAAI,KAAK,CAAC,mCAAmC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;IAEvD,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,4BAA4B,CAAC,CAAC;IAEzF,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC;AACJ,CAAC;AAUM,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IAC3D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,wBAAe,cAAc,CAAC;QAE7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;SACF,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC,EAAE,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAKD,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AACzD,CAAC"}

package/dist/oauth/index.d.ts

@@ -0,0 +1,8 @@
+export { loadOAuthConfig, validateStaticConfig, isOAuthEnabled, getAuthModeDescription, resetOAuthConfigCache, } from "./config";
+export type { OAuthConfig } from "./config";
+export type { OAuthSession, DeviceFlowState, AuthorizationCode, GitLabTokenResponse, GitLabDeviceResponse, TokenContext, GitLabUserInfo, MCPTokenResponse, OAuthErrorResponse, DeviceFlowPollStatus, DeviceFlowPollResponse, MCPTokenPayload, } from "./types";
+export { sessionStore } from "./session-store";
+export { runWithTokenContext, getTokenContext, getGitLabTokenFromContext, getGitLabUserIdFromContext, getGitLabUsernameFromContext, getSessionIdFromContext, isInOAuthContext, } from "./token-context";
+export { createJWT, verifyJWT, verifyMCPToken, generateCodeVerifier, generateCodeChallenge, verifyCodeChallenge, generateRandomString, generateUUID, generateAuthorizationCode, generateSessionId, generateRefreshToken, isTokenExpiringSoon, calculateTokenExpiry, } from "./token-utils";
+export { initiateDeviceFlow, pollDeviceFlowOnce, pollForToken, refreshGitLabToken, getGitLabUser, validateGitLabToken, } from "./gitlab-device-flow";
+export { metadataHandler, healthHandler, getBaseUrl, authorizeHandler, pollHandler, tokenHandler, } from "./endpoints/index";

package/dist/oauth/index.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tokenHandler = exports.pollHandler = exports.authorizeHandler = exports.getBaseUrl = exports.healthHandler = exports.metadataHandler = exports.validateGitLabToken = exports.getGitLabUser = exports.refreshGitLabToken = exports.pollForToken = exports.pollDeviceFlowOnce = exports.initiateDeviceFlow = exports.calculateTokenExpiry = exports.isTokenExpiringSoon = exports.generateRefreshToken = exports.generateSessionId = exports.generateAuthorizationCode = exports.generateUUID = exports.generateRandomString = exports.verifyCodeChallenge = exports.generateCodeChallenge = exports.generateCodeVerifier = exports.verifyMCPToken = exports.verifyJWT = exports.createJWT = exports.isInOAuthContext = exports.getSessionIdFromContext = exports.getGitLabUsernameFromContext = exports.getGitLabUserIdFromContext = exports.getGitLabTokenFromContext = exports.getTokenContext = exports.runWithTokenContext = exports.sessionStore = exports.resetOAuthConfigCache = exports.getAuthModeDescription = exports.isOAuthEnabled = exports.validateStaticConfig = exports.loadOAuthConfig = void 0;
+var config_1 = require("./config");
+Object.defineProperty(exports, "loadOAuthConfig", { enumerable: true, get: function () { return config_1.loadOAuthConfig; } });
+Object.defineProperty(exports, "validateStaticConfig", { enumerable: true, get: function () { return config_1.validateStaticConfig; } });
+Object.defineProperty(exports, "isOAuthEnabled", { enumerable: true, get: function () { return config_1.isOAuthEnabled; } });
+Object.defineProperty(exports, "getAuthModeDescription", { enumerable: true, get: function () { return config_1.getAuthModeDescription; } });
+Object.defineProperty(exports, "resetOAuthConfigCache", { enumerable: true, get: function () { return config_1.resetOAuthConfigCache; } });
+var session_store_1 = require("./session-store");
+Object.defineProperty(exports, "sessionStore", { enumerable: true, get: function () { return session_store_1.sessionStore; } });
+var token_context_1 = require("./token-context");
+Object.defineProperty(exports, "runWithTokenContext", { enumerable: true, get: function () { return token_context_1.runWithTokenContext; } });
+Object.defineProperty(exports, "getTokenContext", { enumerable: true, get: function () { return token_context_1.getTokenContext; } });
+Object.defineProperty(exports, "getGitLabTokenFromContext", { enumerable: true, get: function () { return token_context_1.getGitLabTokenFromContext; } });
+Object.defineProperty(exports, "getGitLabUserIdFromContext", { enumerable: true, get: function () { return token_context_1.getGitLabUserIdFromContext; } });
+Object.defineProperty(exports, "getGitLabUsernameFromContext", { enumerable: true, get: function () { return token_context_1.getGitLabUsernameFromContext; } });
+Object.defineProperty(exports, "getSessionIdFromContext", { enumerable: true, get: function () { return token_context_1.getSessionIdFromContext; } });
+Object.defineProperty(exports, "isInOAuthContext", { enumerable: true, get: function () { return token_context_1.isInOAuthContext; } });
+var token_utils_1 = require("./token-utils");
+Object.defineProperty(exports, "createJWT", { enumerable: true, get: function () { return token_utils_1.createJWT; } });
+Object.defineProperty(exports, "verifyJWT", { enumerable: true, get: function () { return token_utils_1.verifyJWT; } });
+Object.defineProperty(exports, "verifyMCPToken", { enumerable: true, get: function () { return token_utils_1.verifyMCPToken; } });
+Object.defineProperty(exports, "generateCodeVerifier", { enumerable: true, get: function () { return token_utils_1.generateCodeVerifier; } });
+Object.defineProperty(exports, "generateCodeChallenge", { enumerable: true, get: function () { return token_utils_1.generateCodeChallenge; } });
+Object.defineProperty(exports, "verifyCodeChallenge", { enumerable: true, get: function () { return token_utils_1.verifyCodeChallenge; } });
+Object.defineProperty(exports, "generateRandomString", { enumerable: true, get: function () { return token_utils_1.generateRandomString; } });
+Object.defineProperty(exports, "generateUUID", { enumerable: true, get: function () { return token_utils_1.generateUUID; } });
+Object.defineProperty(exports, "generateAuthorizationCode", { enumerable: true, get: function () { return token_utils_1.generateAuthorizationCode; } });
+Object.defineProperty(exports, "generateSessionId", { enumerable: true, get: function () { return token_utils_1.generateSessionId; } });
+Object.defineProperty(exports, "generateRefreshToken", { enumerable: true, get: function () { return token_utils_1.generateRefreshToken; } });
+Object.defineProperty(exports, "isTokenExpiringSoon", { enumerable: true, get: function () { return token_utils_1.isTokenExpiringSoon; } });
+Object.defineProperty(exports, "calculateTokenExpiry", { enumerable: true, get: function () { return token_utils_1.calculateTokenExpiry; } });
+var gitlab_device_flow_1 = require("./gitlab-device-flow");
+Object.defineProperty(exports, "initiateDeviceFlow", { enumerable: true, get: function () { return gitlab_device_flow_1.initiateDeviceFlow; } });
+Object.defineProperty(exports, "pollDeviceFlowOnce", { enumerable: true, get: function () { return gitlab_device_flow_1.pollDeviceFlowOnce; } });
+Object.defineProperty(exports, "pollForToken", { enumerable: true, get: function () { return gitlab_device_flow_1.pollForToken; } });
+Object.defineProperty(exports, "refreshGitLabToken", { enumerable: true, get: function () { return gitlab_device_flow_1.refreshGitLabToken; } });
+Object.defineProperty(exports, "getGitLabUser", { enumerable: true, get: function () { return gitlab_device_flow_1.getGitLabUser; } });
+Object.defineProperty(exports, "validateGitLabToken", { enumerable: true, get: function () { return gitlab_device_flow_1.validateGitLabToken; } });
+var index_1 = require("./endpoints/index");
+Object.defineProperty(exports, "metadataHandler", { enumerable: true, get: function () { return index_1.metadataHandler; } });
+Object.defineProperty(exports, "healthHandler", { enumerable: true, get: function () { return index_1.healthHandler; } });
+Object.defineProperty(exports, "getBaseUrl", { enumerable: true, get: function () { return index_1.getBaseUrl; } });
+Object.defineProperty(exports, "authorizeHandler", { enumerable: true, get: function () { return index_1.authorizeHandler; } });
+Object.defineProperty(exports, "pollHandler", { enumerable: true, get: function () { return index_1.pollHandler; } });
+Object.defineProperty(exports, "tokenHandler", { enumerable: true, get: function () { return index_1.tokenHandler; } });
+//# sourceMappingURL=index.js.map

package/dist/oauth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/oauth/index.ts"],"names":[],"mappings":";;;AAQA,mCAMkB;AALhB,yGAAA,eAAe,OAAA;AACf,8GAAA,oBAAoB,OAAA;AACpB,wGAAA,cAAc,OAAA;AACd,gHAAA,sBAAsB,OAAA;AACtB,+GAAA,qBAAqB,OAAA;AAqBvB,iDAA+C;AAAtC,6GAAA,YAAY,OAAA;AAGrB,iDAQyB;AAPvB,oHAAA,mBAAmB,OAAA;AACnB,gHAAA,eAAe,OAAA;AACf,0HAAA,yBAAyB,OAAA;AACzB,2HAAA,0BAA0B,OAAA;AAC1B,6HAAA,4BAA4B,OAAA;AAC5B,wHAAA,uBAAuB,OAAA;AACvB,iHAAA,gBAAgB,OAAA;AAIlB,6CAcuB;AAbrB,wGAAA,SAAS,OAAA;AACT,wGAAA,SAAS,OAAA;AACT,6GAAA,cAAc,OAAA;AACd,mHAAA,oBAAoB,OAAA;AACpB,oHAAA,qBAAqB,OAAA;AACrB,kHAAA,mBAAmB,OAAA;AACnB,mHAAA,oBAAoB,OAAA;AACpB,2GAAA,YAAY,OAAA;AACZ,wHAAA,yBAAyB,OAAA;AACzB,gHAAA,iBAAiB,OAAA;AACjB,mHAAA,oBAAoB,OAAA;AACpB,kHAAA,mBAAmB,OAAA;AACnB,mHAAA,oBAAoB,OAAA;AAItB,2DAO8B;AAN5B,wHAAA,kBAAkB,OAAA;AAClB,wHAAA,kBAAkB,OAAA;AAClB,kHAAA,YAAY,OAAA;AACZ,wHAAA,kBAAkB,OAAA;AAClB,mHAAA,aAAa,OAAA;AACb,yHAAA,mBAAmB,OAAA;AAIrB,2CAO2B;AANzB,wGAAA,eAAe,OAAA;AACf,sGAAA,aAAa,OAAA;AACb,mGAAA,UAAU,OAAA;AACV,yGAAA,gBAAgB,OAAA;AAChB,oGAAA,WAAW,OAAA;AACX,qGAAA,YAAY,OAAA"}

package/dist/oauth/session-store.d.ts

@@ -0,0 +1,37 @@
+import { OAuthSession, DeviceFlowState, AuthorizationCode } from "./types";
+export declare class SessionStore {
+    private sessions;
+    private deviceFlows;
+    private authCodes;
+    private tokenToSession;
+    private refreshTokenToSession;
+    private cleanupIntervalId;
+    constructor();
+    createSession(session: OAuthSession): void;
+    getSession(sessionId: string): OAuthSession | undefined;
+    getSessionByToken(token: string): OAuthSession | undefined;
+    getSessionByRefreshToken(refreshToken: string): OAuthSession | undefined;
+    updateSession(sessionId: string, updates: Partial<OAuthSession>): boolean;
+    deleteSession(sessionId: string): boolean;
+    getAllSessions(): IterableIterator<OAuthSession>;
+    getSessionCount(): number;
+    storeDeviceFlow(state: string, flow: DeviceFlowState): void;
+    getDeviceFlow(state: string): DeviceFlowState | undefined;
+    getDeviceFlowByDeviceCode(deviceCode: string): DeviceFlowState | undefined;
+    deleteDeviceFlow(state: string): boolean;
+    getDeviceFlowCount(): number;
+    storeAuthCode(code: AuthorizationCode): void;
+    getAuthCode(code: string): AuthorizationCode | undefined;
+    deleteAuthCode(code: string): boolean;
+    getAuthCodeCount(): number;
+    cleanup(): void;
+    private startCleanupInterval;
+    stopCleanupInterval(): void;
+    clear(): void;
+    getStats(): {
+        sessions: number;
+        deviceFlows: number;
+        authCodes: number;
+    };
+}
+export declare const sessionStore: SessionStore;

package/dist/oauth/session-store.js

@@ -0,0 +1,182 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sessionStore = exports.SessionStore = void 0;
+const logger_1 = require("../logger");
+class SessionStore {
+    sessions = new Map();
+    deviceFlows = new Map();
+    authCodes = new Map();
+    tokenToSession = new Map();
+    refreshTokenToSession = new Map();
+    cleanupIntervalId = null;
+    constructor() {
+        this.startCleanupInterval();
+    }
+    createSession(session) {
+        this.sessions.set(session.id, session);
+        if (session.mcpAccessToken) {
+            this.tokenToSession.set(session.mcpAccessToken, session.id);
+        }
+        if (session.mcpRefreshToken) {
+            this.refreshTokenToSession.set(session.mcpRefreshToken, session.id);
+        }
+        logger_1.logger.debug({ sessionId: session.id, userId: session.gitlabUserId }, "Session created");
+    }
+    getSession(sessionId) {
+        return this.sessions.get(sessionId);
+    }
+    getSessionByToken(token) {
+        const sessionId = this.tokenToSession.get(token);
+        return sessionId ? this.sessions.get(sessionId) : undefined;
+    }
+    getSessionByRefreshToken(refreshToken) {
+        const sessionId = this.refreshTokenToSession.get(refreshToken);
+        return sessionId ? this.sessions.get(sessionId) : undefined;
+    }
+    updateSession(sessionId, updates) {
+        const session = this.sessions.get(sessionId);
+        if (!session) {
+            logger_1.logger.warn({ sessionId }, "Attempted to update non-existent session");
+            return false;
+        }
+        if (updates.mcpAccessToken && updates.mcpAccessToken !== session.mcpAccessToken) {
+            this.tokenToSession.delete(session.mcpAccessToken);
+            this.tokenToSession.set(updates.mcpAccessToken, sessionId);
+        }
+        if (updates.mcpRefreshToken && updates.mcpRefreshToken !== session.mcpRefreshToken) {
+            this.refreshTokenToSession.delete(session.mcpRefreshToken);
+            this.refreshTokenToSession.set(updates.mcpRefreshToken, sessionId);
+        }
+        Object.assign(session, updates, { updatedAt: Date.now() });
+        logger_1.logger.debug({ sessionId }, "Session updated");
+        return true;
+    }
+    deleteSession(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session) {
+            return false;
+        }
+        if (session.mcpAccessToken) {
+            this.tokenToSession.delete(session.mcpAccessToken);
+        }
+        if (session.mcpRefreshToken) {
+            this.refreshTokenToSession.delete(session.mcpRefreshToken);
+        }
+        this.sessions.delete(sessionId);
+        logger_1.logger.debug({ sessionId }, "Session deleted");
+        return true;
+    }
+    getAllSessions() {
+        return this.sessions.values();
+    }
+    getSessionCount() {
+        return this.sessions.size;
+    }
+    storeDeviceFlow(state, flow) {
+        this.deviceFlows.set(state, flow);
+        logger_1.logger.debug({ state, userCode: flow.userCode }, "Device flow stored");
+    }
+    getDeviceFlow(state) {
+        return this.deviceFlows.get(state);
+    }
+    getDeviceFlowByDeviceCode(deviceCode) {
+        for (const flow of this.deviceFlows.values()) {
+            if (flow.deviceCode === deviceCode) {
+                return flow;
+            }
+        }
+        return undefined;
+    }
+    deleteDeviceFlow(state) {
+        const deleted = this.deviceFlows.delete(state);
+        if (deleted) {
+            logger_1.logger.debug({ state }, "Device flow deleted");
+        }
+        return deleted;
+    }
+    getDeviceFlowCount() {
+        return this.deviceFlows.size;
+    }
+    storeAuthCode(code) {
+        this.authCodes.set(code.code, code);
+        logger_1.logger.debug({ code: code.code.substring(0, 8) + "..." }, "Auth code stored");
+    }
+    getAuthCode(code) {
+        return this.authCodes.get(code);
+    }
+    deleteAuthCode(code) {
+        const deleted = this.authCodes.delete(code);
+        if (deleted) {
+            logger_1.logger.debug({ code: code.substring(0, 8) + "..." }, "Auth code deleted");
+        }
+        return deleted;
+    }
+    getAuthCodeCount() {
+        return this.authCodes.size;
+    }
+    cleanup() {
+        const now = Date.now();
+        let expiredSessions = 0;
+        let expiredDeviceFlows = 0;
+        let expiredAuthCodes = 0;
+        for (const [id, session] of this.sessions) {
+            const maxAge = 7 * 24 * 60 * 60 * 1000;
+            if (session.createdAt + maxAge < now) {
+                this.deleteSession(id);
+                expiredSessions++;
+            }
+        }
+        for (const [state, flow] of this.deviceFlows) {
+            if (flow.expiresAt < now) {
+                this.deviceFlows.delete(state);
+                expiredDeviceFlows++;
+            }
+        }
+        for (const [code, auth] of this.authCodes) {
+            if (auth.expiresAt < now) {
+                this.authCodes.delete(code);
+                expiredAuthCodes++;
+            }
+        }
+        if (expiredSessions > 0 || expiredDeviceFlows > 0 || expiredAuthCodes > 0) {
+            logger_1.logger.debug({
+                expiredSessions,
+                expiredDeviceFlows,
+                expiredAuthCodes,
+                remainingSessions: this.sessions.size,
+            }, "Session store cleanup completed");
+        }
+    }
+    startCleanupInterval() {
+        this.cleanupIntervalId = setInterval(() => {
+            this.cleanup();
+        }, 5 * 60 * 1000);
+        if (this.cleanupIntervalId.unref) {
+            this.cleanupIntervalId.unref();
+        }
+    }
+    stopCleanupInterval() {
+        if (this.cleanupIntervalId) {
+            clearInterval(this.cleanupIntervalId);
+            this.cleanupIntervalId = null;
+        }
+    }
+    clear() {
+        this.sessions.clear();
+        this.deviceFlows.clear();
+        this.authCodes.clear();
+        this.tokenToSession.clear();
+        this.refreshTokenToSession.clear();
+        logger_1.logger.debug("Session store cleared");
+    }
+    getStats() {
+        return {
+            sessions: this.sessions.size,
+            deviceFlows: this.deviceFlows.size,
+            authCodes: this.authCodes.size,
+        };
+    }
+}
+exports.SessionStore = SessionStore;
+exports.sessionStore = new SessionStore();
+//# sourceMappingURL=session-store.js.map

package/dist/oauth/session-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-store.js","sourceRoot":"","sources":["../../src/oauth/session-store.ts"],"names":[],"mappings":";;;AAQA,sCAAmC;AAUnC,MAAa,YAAY;IAEf,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IAG3C,WAAW,GAAG,IAAI,GAAG,EAA2B,CAAC;IAGjD,SAAS,GAAG,IAAI,GAAG,EAA6B,CAAC;IAGjD,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IAG3C,qBAAqB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAGlD,iBAAiB,GAA0C,IAAI,CAAC;IAExE;QAEE,IAAI,CAAC,oBAAoB,EAAE,CAAC;IAC9B,CAAC;IASD,aAAa,CAAC,OAAqB;QACjC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAGvC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;YAC5B,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC3F,CAAC;IAKD,UAAU,CAAC,SAAiB;QAC1B,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAKD,iBAAiB,CAAC,KAAa;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACjD,OAAO,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,CAAC;IAKD,wBAAwB,CAAC,YAAoB;QAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC/D,OAAO,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,CAAC;IAKD,aAAa,CAAC,SAAiB,EAAE,OAA8B;QAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,eAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,0CAA0C,CAAC,CAAC;YACvE,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,KAAK,OAAO,CAAC,cAAc,EAAE,CAAC;YAChF,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YACnD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,eAAe,KAAK,OAAO,CAAC,eAAe,EAAE,CAAC;YACnF,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAC3D,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QACrE,CAAC;QAGD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC3D,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,iBAAiB,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAKD,aAAa,CAAC,SAAiB;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;YAC5B,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAChC,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,iBAAiB,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAKD,cAAc;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;IAChC,CAAC;IAKD,eAAe;QACb,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IASD,eAAe,CAAC,KAAa,EAAE,IAAqB;QAClD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAClC,eAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,oBAAoB,CAAC,CAAC;IACzE,CAAC;IAKD,aAAa,CAAC,KAAa;QACzB,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAKD,yBAAyB,CAAC,UAAkB;QAC1C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC7C,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;gBACnC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAKD,gBAAgB,CAAC,KAAa;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,OAAO,EAAE,CAAC;YACZ,eAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,qBAAqB,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAKD,kBAAkB;QAChB,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/B,CAAC;IASD,aAAa,CAAC,IAAuB;QACnC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACpC,eAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAChF,CAAC;IAKD,WAAW,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAKD,cAAc,CAAC,IAAY;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,OAAO,EAAE,CAAC;YACZ,eAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAC5E,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAKD,gBAAgB;QACd,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;IAC7B,CAAC;IASD,OAAO;QACL,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,IAAI,kBAAkB,GAAG,CAAC,CAAC;QAC3B,IAAI,gBAAgB,GAAG,CAAC,CAAC;QAIzB,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAG1C,MAAM,MAAM,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;YACvC,IAAI,OAAO,CAAC,SAAS,GAAG,MAAM,GAAG,GAAG,EAAE,CAAC;gBACrC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;gBACvB,eAAe,EAAE,CAAC;YACpB,CAAC;QACH,CAAC;QAGD,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBACzB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC/B,kBAAkB,EAAE,CAAC;YACvB,CAAC;QACH,CAAC;QAGD,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBACzB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC5B,gBAAgB,EAAE,CAAC;YACrB,CAAC;QACH,CAAC;QAED,IAAI,eAAe,GAAG,CAAC,IAAI,kBAAkB,GAAG,CAAC,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;YAC1E,eAAM,CAAC,KAAK,CACV;gBACE,eAAe;gBACf,kBAAkB;gBAClB,gBAAgB;gBAChB,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;aACtC,EACD,iCAAiC,CAClC,CAAC;QACJ,CAAC;IACH,CAAC;IAKO,oBAAoB;QAE1B,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAClC,GAAG,EAAE;YACH,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC,EACD,CAAC,GAAG,EAAE,GAAG,IAAI,CACd,CAAC;QAGF,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAKD,mBAAmB;QACjB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,aAAa,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACtC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAChC,CAAC;IACH,CAAC;IAKD,KAAK;QACH,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC5B,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,CAAC;QACnC,eAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACxC,CAAC;IAKD,QAAQ;QAKN,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YAC5B,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;YAClC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;SAC/B,CAAC;IACJ,CAAC;CACF;AApUD,oCAoUC;AAKY,QAAA,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC"}

package/dist/oauth/token-context.d.ts

@@ -0,0 +1,8 @@
+import { TokenContext } from "./types";
+export declare function runWithTokenContext<T>(context: TokenContext, fn: () => T | Promise<T>): T | Promise<T>;
+export declare function getTokenContext(): TokenContext | undefined;
+export declare function getGitLabTokenFromContext(): string;
+export declare function getGitLabUserIdFromContext(): number | undefined;
+export declare function getGitLabUsernameFromContext(): string | undefined;
+export declare function getSessionIdFromContext(): string | undefined;
+export declare function isInOAuthContext(): boolean;

package/dist/oauth/token-context.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runWithTokenContext = runWithTokenContext;
+exports.getTokenContext = getTokenContext;
+exports.getGitLabTokenFromContext = getGitLabTokenFromContext;
+exports.getGitLabUserIdFromContext = getGitLabUserIdFromContext;
+exports.getGitLabUsernameFromContext = getGitLabUsernameFromContext;
+exports.getSessionIdFromContext = getSessionIdFromContext;
+exports.isInOAuthContext = isInOAuthContext;
+const async_hooks_1 = require("async_hooks");
+const asyncLocalStorage = new async_hooks_1.AsyncLocalStorage();
+function runWithTokenContext(context, fn) {
+    return asyncLocalStorage.run(context, fn);
+}
+function getTokenContext() {
+    return asyncLocalStorage.getStore();
+}
+function getGitLabTokenFromContext() {
+    const context = asyncLocalStorage.getStore();
+    if (!context) {
+        throw new Error("No OAuth token context available - this code must be called within an authenticated request");
+    }
+    return context.gitlabToken;
+}
+function getGitLabUserIdFromContext() {
+    const context = asyncLocalStorage.getStore();
+    return context?.gitlabUserId;
+}
+function getGitLabUsernameFromContext() {
+    const context = asyncLocalStorage.getStore();
+    return context?.gitlabUsername;
+}
+function getSessionIdFromContext() {
+    const context = asyncLocalStorage.getStore();
+    return context?.sessionId;
+}
+function isInOAuthContext() {
+    return asyncLocalStorage.getStore() !== undefined;
+}
+//# sourceMappingURL=token-context.js.map

package/dist/oauth/token-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-context.js","sourceRoot":"","sources":["../../src/oauth/token-context.ts"],"names":[],"mappings":";;AA0CA,kDAKC;AAUD,0CAEC;AAWD,8DAQC;AAOD,gEAGC;AAOD,oEAGC;AAOD,0DAGC;AAOD,4CAEC;AA3GD,6CAAgD;AAShD,MAAM,iBAAiB,GAAG,IAAI,+BAAiB,EAAgB,CAAC;AAuBhE,SAAgB,mBAAmB,CACjC,OAAqB,EACrB,EAAwB;IAExB,OAAO,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAC5C,CAAC;AAUD,SAAgB,eAAe;IAC7B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,CAAC;AACtC,CAAC;AAWD,SAAgB,yBAAyB;IACvC,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,CAAC,WAAW,CAAC;AAC7B,CAAC;AAOD,SAAgB,0BAA0B;IACxC,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,EAAE,CAAC;IAC7C,OAAO,OAAO,EAAE,YAAY,CAAC;AAC/B,CAAC;AAOD,SAAgB,4BAA4B;IAC1C,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,EAAE,CAAC;IAC7C,OAAO,OAAO,EAAE,cAAc,CAAC;AACjC,CAAC;AAOD,SAAgB,uBAAuB;IACrC,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,EAAE,CAAC;IAC7C,OAAO,OAAO,EAAE,SAAS,CAAC;AAC5B,CAAC;AAOD,SAAgB,gBAAgB;IAC9B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,KAAK,SAAS,CAAC;AACpD,CAAC"}

package/dist/oauth/token-utils.d.ts

@@ -0,0 +1,14 @@
+import { MCPTokenPayload } from "./types";
+export declare function createJWT(payload: Record<string, unknown>, secret: string, expiresIn: number): string;
+export declare function verifyJWT(token: string, secret: string): Record<string, unknown> | null;
+export declare function verifyMCPToken(token: string, secret: string): MCPTokenPayload | null;
+export declare function generateCodeVerifier(): string;
+export declare function generateCodeChallenge(verifier: string): string;
+export declare function verifyCodeChallenge(verifier: string, challenge: string, method: string): boolean;
+export declare function generateRandomString(length?: number): string;
+export declare function generateUUID(): string;
+export declare function generateAuthorizationCode(): string;
+export declare function generateSessionId(): string;
+export declare function generateRefreshToken(): string;
+export declare function isTokenExpiringSoon(expiryMs: number, bufferMs?: number): boolean;
+export declare function calculateTokenExpiry(expiresIn: number): number;