@structured-world/gitlab-mcp 5.7.0 → 6.0.0

package/dist/src/oauth/index.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tokenHandler = exports.callbackHandler = exports.pollHandler = exports.authorizeHandler = exports.getBaseUrl = exports.protectedResourceHandler = exports.healthHandler = exports.metadataHandler = exports.buildGitLabAuthUrl = exports.exchangeGitLabAuthCode = exports.validateGitLabToken = exports.getGitLabUser = exports.refreshGitLabToken = exports.pollForToken = exports.pollDeviceFlowOnce = exports.initiateDeviceFlow = exports.calculateTokenExpiry = exports.isTokenExpiringSoon = exports.generateRefreshToken = exports.generateSessionId = exports.generateAuthorizationCode = exports.generateUUID = exports.generateRandomString = exports.verifyCodeChallenge = exports.generateCodeChallenge = exports.generateCodeVerifier = exports.verifyMCPToken = exports.verifyJWT = exports.createJWT = exports.isInOAuthContext = exports.getSessionIdFromContext = exports.getGitLabUsernameFromContext = exports.getGitLabUserIdFromContext = exports.getGitLabTokenFromContext = exports.getTokenContext = exports.runWithTokenContext = exports.STORAGE_DATA_VERSION = exports.PostgreSQLStorageBackend = exports.FileStorageBackend = exports.MemoryStorageBackend = exports.validateStorageConfig = exports.getStorageType = exports.createStorageBackend = exports.SessionStore = exports.sessionStore = exports.resetOAuthConfigCache = exports.getAuthModeDescription = exports.isOAuthEnabled = exports.validateStaticConfig = exports.loadOAuthConfig = void 0;
+exports.isValidRedirectUri = exports.getRegisteredClient = exports.registerHandler = void 0;
+var config_1 = require("./config");
+Object.defineProperty(exports, "loadOAuthConfig", { enumerable: true, get: function () { return config_1.loadOAuthConfig; } });
+Object.defineProperty(exports, "validateStaticConfig", { enumerable: true, get: function () { return config_1.validateStaticConfig; } });
+Object.defineProperty(exports, "isOAuthEnabled", { enumerable: true, get: function () { return config_1.isOAuthEnabled; } });
+Object.defineProperty(exports, "getAuthModeDescription", { enumerable: true, get: function () { return config_1.getAuthModeDescription; } });
+Object.defineProperty(exports, "resetOAuthConfigCache", { enumerable: true, get: function () { return config_1.resetOAuthConfigCache; } });
+var session_store_1 = require("./session-store");
+Object.defineProperty(exports, "sessionStore", { enumerable: true, get: function () { return session_store_1.sessionStore; } });
+Object.defineProperty(exports, "SessionStore", { enumerable: true, get: function () { return session_store_1.SessionStore; } });
+var storage_1 = require("./storage");
+Object.defineProperty(exports, "createStorageBackend", { enumerable: true, get: function () { return storage_1.createStorageBackend; } });
+Object.defineProperty(exports, "getStorageType", { enumerable: true, get: function () { return storage_1.getStorageType; } });
+Object.defineProperty(exports, "validateStorageConfig", { enumerable: true, get: function () { return storage_1.validateStorageConfig; } });
+Object.defineProperty(exports, "MemoryStorageBackend", { enumerable: true, get: function () { return storage_1.MemoryStorageBackend; } });
+Object.defineProperty(exports, "FileStorageBackend", { enumerable: true, get: function () { return storage_1.FileStorageBackend; } });
+Object.defineProperty(exports, "PostgreSQLStorageBackend", { enumerable: true, get: function () { return storage_1.PostgreSQLStorageBackend; } });
+Object.defineProperty(exports, "STORAGE_DATA_VERSION", { enumerable: true, get: function () { return storage_1.STORAGE_DATA_VERSION; } });
+var token_context_1 = require("./token-context");
+Object.defineProperty(exports, "runWithTokenContext", { enumerable: true, get: function () { return token_context_1.runWithTokenContext; } });
+Object.defineProperty(exports, "getTokenContext", { enumerable: true, get: function () { return token_context_1.getTokenContext; } });
+Object.defineProperty(exports, "getGitLabTokenFromContext", { enumerable: true, get: function () { return token_context_1.getGitLabTokenFromContext; } });
+Object.defineProperty(exports, "getGitLabUserIdFromContext", { enumerable: true, get: function () { return token_context_1.getGitLabUserIdFromContext; } });
+Object.defineProperty(exports, "getGitLabUsernameFromContext", { enumerable: true, get: function () { return token_context_1.getGitLabUsernameFromContext; } });
+Object.defineProperty(exports, "getSessionIdFromContext", { enumerable: true, get: function () { return token_context_1.getSessionIdFromContext; } });
+Object.defineProperty(exports, "isInOAuthContext", { enumerable: true, get: function () { return token_context_1.isInOAuthContext; } });
+var token_utils_1 = require("./token-utils");
+Object.defineProperty(exports, "createJWT", { enumerable: true, get: function () { return token_utils_1.createJWT; } });
+Object.defineProperty(exports, "verifyJWT", { enumerable: true, get: function () { return token_utils_1.verifyJWT; } });
+Object.defineProperty(exports, "verifyMCPToken", { enumerable: true, get: function () { return token_utils_1.verifyMCPToken; } });
+Object.defineProperty(exports, "generateCodeVerifier", { enumerable: true, get: function () { return token_utils_1.generateCodeVerifier; } });
+Object.defineProperty(exports, "generateCodeChallenge", { enumerable: true, get: function () { return token_utils_1.generateCodeChallenge; } });
+Object.defineProperty(exports, "verifyCodeChallenge", { enumerable: true, get: function () { return token_utils_1.verifyCodeChallenge; } });
+Object.defineProperty(exports, "generateRandomString", { enumerable: true, get: function () { return token_utils_1.generateRandomString; } });
+Object.defineProperty(exports, "generateUUID", { enumerable: true, get: function () { return token_utils_1.generateUUID; } });
+Object.defineProperty(exports, "generateAuthorizationCode", { enumerable: true, get: function () { return token_utils_1.generateAuthorizationCode; } });
+Object.defineProperty(exports, "generateSessionId", { enumerable: true, get: function () { return token_utils_1.generateSessionId; } });
+Object.defineProperty(exports, "generateRefreshToken", { enumerable: true, get: function () { return token_utils_1.generateRefreshToken; } });
+Object.defineProperty(exports, "isTokenExpiringSoon", { enumerable: true, get: function () { return token_utils_1.isTokenExpiringSoon; } });
+Object.defineProperty(exports, "calculateTokenExpiry", { enumerable: true, get: function () { return token_utils_1.calculateTokenExpiry; } });
+var gitlab_device_flow_1 = require("./gitlab-device-flow");
+Object.defineProperty(exports, "initiateDeviceFlow", { enumerable: true, get: function () { return gitlab_device_flow_1.initiateDeviceFlow; } });
+Object.defineProperty(exports, "pollDeviceFlowOnce", { enumerable: true, get: function () { return gitlab_device_flow_1.pollDeviceFlowOnce; } });
+Object.defineProperty(exports, "pollForToken", { enumerable: true, get: function () { return gitlab_device_flow_1.pollForToken; } });
+Object.defineProperty(exports, "refreshGitLabToken", { enumerable: true, get: function () { return gitlab_device_flow_1.refreshGitLabToken; } });
+Object.defineProperty(exports, "getGitLabUser", { enumerable: true, get: function () { return gitlab_device_flow_1.getGitLabUser; } });
+Object.defineProperty(exports, "validateGitLabToken", { enumerable: true, get: function () { return gitlab_device_flow_1.validateGitLabToken; } });
+Object.defineProperty(exports, "exchangeGitLabAuthCode", { enumerable: true, get: function () { return gitlab_device_flow_1.exchangeGitLabAuthCode; } });
+Object.defineProperty(exports, "buildGitLabAuthUrl", { enumerable: true, get: function () { return gitlab_device_flow_1.buildGitLabAuthUrl; } });
+var index_1 = require("./endpoints/index");
+Object.defineProperty(exports, "metadataHandler", { enumerable: true, get: function () { return index_1.metadataHandler; } });
+Object.defineProperty(exports, "healthHandler", { enumerable: true, get: function () { return index_1.healthHandler; } });
+Object.defineProperty(exports, "protectedResourceHandler", { enumerable: true, get: function () { return index_1.protectedResourceHandler; } });
+Object.defineProperty(exports, "getBaseUrl", { enumerable: true, get: function () { return index_1.getBaseUrl; } });
+Object.defineProperty(exports, "authorizeHandler", { enumerable: true, get: function () { return index_1.authorizeHandler; } });
+Object.defineProperty(exports, "pollHandler", { enumerable: true, get: function () { return index_1.pollHandler; } });
+Object.defineProperty(exports, "callbackHandler", { enumerable: true, get: function () { return index_1.callbackHandler; } });
+Object.defineProperty(exports, "tokenHandler", { enumerable: true, get: function () { return index_1.tokenHandler; } });
+Object.defineProperty(exports, "registerHandler", { enumerable: true, get: function () { return index_1.registerHandler; } });
+Object.defineProperty(exports, "getRegisteredClient", { enumerable: true, get: function () { return index_1.getRegisteredClient; } });
+Object.defineProperty(exports, "isValidRedirectUri", { enumerable: true, get: function () { return index_1.isValidRedirectUri; } });
+//# sourceMappingURL=index.js.map

package/dist/src/oauth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/oauth/index.ts"],"names":[],"mappings":";;;;AAQA,mCAMkB;AALhB,yGAAA,eAAe,OAAA;AACf,8GAAA,oBAAoB,OAAA;AACpB,wGAAA,cAAc,OAAA;AACd,gHAAA,sBAAsB,OAAA;AACtB,+GAAA,qBAAqB,OAAA;AAsBvB,iDAA6D;AAApD,6GAAA,YAAY,OAAA;AAAE,6GAAA,YAAY,OAAA;AAGnC,qCAQmB;AAPjB,+GAAA,oBAAoB,OAAA;AACpB,yGAAA,cAAc,OAAA;AACd,gHAAA,qBAAqB,OAAA;AACrB,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,mHAAA,wBAAwB,OAAA;AACxB,+GAAA,oBAAoB,OAAA;AAUtB,iDAQyB;AAPvB,oHAAA,mBAAmB,OAAA;AACnB,gHAAA,eAAe,OAAA;AACf,0HAAA,yBAAyB,OAAA;AACzB,2HAAA,0BAA0B,OAAA;AAC1B,6HAAA,4BAA4B,OAAA;AAC5B,wHAAA,uBAAuB,OAAA;AACvB,iHAAA,gBAAgB,OAAA;AAIlB,6CAcuB;AAbrB,wGAAA,SAAS,OAAA;AACT,wGAAA,SAAS,OAAA;AACT,6GAAA,cAAc,OAAA;AACd,mHAAA,oBAAoB,OAAA;AACpB,oHAAA,qBAAqB,OAAA;AACrB,kHAAA,mBAAmB,OAAA;AACnB,mHAAA,oBAAoB,OAAA;AACpB,2GAAA,YAAY,OAAA;AACZ,wHAAA,yBAAyB,OAAA;AACzB,gHAAA,iBAAiB,OAAA;AACjB,mHAAA,oBAAoB,OAAA;AACpB,kHAAA,mBAAmB,OAAA;AACnB,mHAAA,oBAAoB,OAAA;AAItB,2DAS8B;AAR5B,wHAAA,kBAAkB,OAAA;AAClB,wHAAA,kBAAkB,OAAA;AAClB,kHAAA,YAAY,OAAA;AACZ,wHAAA,kBAAkB,OAAA;AAClB,mHAAA,aAAa,OAAA;AACb,yHAAA,mBAAmB,OAAA;AACnB,4HAAA,sBAAsB,OAAA;AACtB,wHAAA,kBAAkB,OAAA;AAIpB,2CAY2B;AAXzB,wGAAA,eAAe,OAAA;AACf,sGAAA,aAAa,OAAA;AACb,iHAAA,wBAAwB,OAAA;AACxB,mGAAA,UAAU,OAAA;AACV,yGAAA,gBAAgB,OAAA;AAChB,oGAAA,WAAW,OAAA;AACX,wGAAA,eAAe,OAAA;AACf,qGAAA,YAAY,OAAA;AACZ,wGAAA,eAAe,OAAA;AACf,4GAAA,mBAAmB,OAAA;AACnB,2GAAA,kBAAkB,OAAA"}

package/dist/src/oauth/session-store.d.ts

@@ -0,0 +1,54 @@
+import { OAuthSession, DeviceFlowState, AuthorizationCode, AuthCodeFlowState } from "./types";
+import { SessionStorageBackend } from "./storage";
+export declare class SessionStore {
+    private backend;
+    private initialized;
+    private sessions;
+    private deviceFlows;
+    private authCodeFlows;
+    private authCodes;
+    private tokenToSession;
+    private refreshTokenToSession;
+    private mcpSessionToOAuthSession;
+    private cleanupIntervalId;
+    constructor(backend?: SessionStorageBackend);
+    initialize(): Promise<void>;
+    getBackendType(): string;
+    createSession(session: OAuthSession): void;
+    getSession(sessionId: string): OAuthSession | undefined;
+    getSessionByToken(token: string): OAuthSession | undefined;
+    getSessionByRefreshToken(refreshToken: string): OAuthSession | undefined;
+    updateSession(sessionId: string, updates: Partial<OAuthSession>): boolean;
+    deleteSession(sessionId: string): boolean;
+    getAllSessions(): IterableIterator<OAuthSession>;
+    getSessionCount(): number;
+    storeDeviceFlow(state: string, flow: DeviceFlowState): void;
+    getDeviceFlow(state: string): DeviceFlowState | undefined;
+    getDeviceFlowByDeviceCode(deviceCode: string): DeviceFlowState | undefined;
+    deleteDeviceFlow(state: string): boolean;
+    getDeviceFlowCount(): number;
+    storeAuthCodeFlow(internalState: string, flow: AuthCodeFlowState): void;
+    getAuthCodeFlow(internalState: string): AuthCodeFlowState | undefined;
+    deleteAuthCodeFlow(internalState: string): boolean;
+    getAuthCodeFlowCount(): number;
+    storeAuthCode(code: AuthorizationCode): void;
+    getAuthCode(code: string): AuthorizationCode | undefined;
+    deleteAuthCode(code: string): boolean;
+    getAuthCodeCount(): number;
+    associateMcpSession(mcpSessionId: string, oauthSessionId: string): void;
+    getSessionByMcpSessionId(mcpSessionId: string): OAuthSession | undefined;
+    getGitLabTokenByMcpSessionId(mcpSessionId: string): string | undefined;
+    removeMcpSessionAssociation(mcpSessionId: string): boolean;
+    cleanup(): void;
+    private startCleanupInterval;
+    stopCleanupInterval(): void;
+    clear(): void;
+    close(): Promise<void>;
+    getStats(): {
+        sessions: number;
+        deviceFlows: number;
+        authCodeFlows: number;
+        authCodes: number;
+    };
+}
+export declare const sessionStore: SessionStore;

package/dist/src/oauth/session-store.js

@@ -0,0 +1,302 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sessionStore = exports.SessionStore = void 0;
+const storage_1 = require("./storage");
+const logger_1 = require("../logger");
+class SessionStore {
+    backend;
+    initialized = false;
+    sessions = new Map();
+    deviceFlows = new Map();
+    authCodeFlows = new Map();
+    authCodes = new Map();
+    tokenToSession = new Map();
+    refreshTokenToSession = new Map();
+    mcpSessionToOAuthSession = new Map();
+    cleanupIntervalId = null;
+    constructor(backend) {
+        this.backend = backend ?? (0, storage_1.createStorageBackend)();
+    }
+    async initialize() {
+        if (this.initialized)
+            return;
+        await this.backend.initialize();
+        if (this.backend.type !== "memory") {
+            const sessions = await this.backend.getAllSessions();
+            for (const session of sessions) {
+                this.sessions.set(session.id, session);
+                if (session.mcpAccessToken) {
+                    this.tokenToSession.set(session.mcpAccessToken, session.id);
+                }
+                if (session.mcpRefreshToken) {
+                    this.refreshTokenToSession.set(session.mcpRefreshToken, session.id);
+                }
+            }
+            logger_1.logger.info({ loadedSessions: sessions.length }, "Loaded sessions from storage backend");
+        }
+        this.startCleanupInterval();
+        this.initialized = true;
+        logger_1.logger.info({ backendType: this.backend.type }, "Session store initialized");
+    }
+    getBackendType() {
+        return this.backend.type;
+    }
+    createSession(session) {
+        this.sessions.set(session.id, session);
+        if (session.mcpAccessToken) {
+            this.tokenToSession.set(session.mcpAccessToken, session.id);
+        }
+        if (session.mcpRefreshToken) {
+            this.refreshTokenToSession.set(session.mcpRefreshToken, session.id);
+        }
+        this.backend.createSession(session).catch(err => {
+            logger_1.logger.error({ err, sessionId: session.id }, "Failed to persist session to backend");
+        });
+        logger_1.logger.debug({ sessionId: session.id, userId: session.gitlabUserId }, "Session created");
+    }
+    getSession(sessionId) {
+        return this.sessions.get(sessionId);
+    }
+    getSessionByToken(token) {
+        const sessionId = this.tokenToSession.get(token);
+        return sessionId ? this.sessions.get(sessionId) : undefined;
+    }
+    getSessionByRefreshToken(refreshToken) {
+        const sessionId = this.refreshTokenToSession.get(refreshToken);
+        return sessionId ? this.sessions.get(sessionId) : undefined;
+    }
+    updateSession(sessionId, updates) {
+        const session = this.sessions.get(sessionId);
+        if (!session) {
+            logger_1.logger.warn({ sessionId }, "Attempted to update non-existent session");
+            return false;
+        }
+        if (updates.mcpAccessToken && updates.mcpAccessToken !== session.mcpAccessToken) {
+            this.tokenToSession.delete(session.mcpAccessToken);
+            this.tokenToSession.set(updates.mcpAccessToken, sessionId);
+        }
+        if (updates.mcpRefreshToken && updates.mcpRefreshToken !== session.mcpRefreshToken) {
+            this.refreshTokenToSession.delete(session.mcpRefreshToken);
+            this.refreshTokenToSession.set(updates.mcpRefreshToken, sessionId);
+        }
+        Object.assign(session, updates, { updatedAt: Date.now() });
+        this.backend.updateSession(sessionId, updates).catch(err => {
+            logger_1.logger.error({ err, sessionId }, "Failed to update session in backend");
+        });
+        logger_1.logger.debug({ sessionId }, "Session updated");
+        return true;
+    }
+    deleteSession(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session) {
+            return false;
+        }
+        if (session.mcpAccessToken) {
+            this.tokenToSession.delete(session.mcpAccessToken);
+        }
+        if (session.mcpRefreshToken) {
+            this.refreshTokenToSession.delete(session.mcpRefreshToken);
+        }
+        this.sessions.delete(sessionId);
+        this.backend.deleteSession(sessionId).catch(err => {
+            logger_1.logger.error({ err, sessionId }, "Failed to delete session from backend");
+        });
+        logger_1.logger.debug({ sessionId }, "Session deleted");
+        return true;
+    }
+    getAllSessions() {
+        return this.sessions.values();
+    }
+    getSessionCount() {
+        return this.sessions.size;
+    }
+    storeDeviceFlow(state, flow) {
+        this.deviceFlows.set(state, flow);
+        this.backend.storeDeviceFlow(state, flow).catch(err => {
+            logger_1.logger.error({ err, state }, "Failed to persist device flow to backend");
+        });
+        logger_1.logger.debug({ state, userCode: flow.userCode }, "Device flow stored");
+    }
+    getDeviceFlow(state) {
+        return this.deviceFlows.get(state);
+    }
+    getDeviceFlowByDeviceCode(deviceCode) {
+        for (const flow of this.deviceFlows.values()) {
+            if (flow.deviceCode === deviceCode) {
+                return flow;
+            }
+        }
+        return undefined;
+    }
+    deleteDeviceFlow(state) {
+        const deleted = this.deviceFlows.delete(state);
+        if (deleted) {
+            this.backend.deleteDeviceFlow(state).catch(err => {
+                logger_1.logger.error({ err, state }, "Failed to delete device flow from backend");
+            });
+            logger_1.logger.debug({ state }, "Device flow deleted");
+        }
+        return deleted;
+    }
+    getDeviceFlowCount() {
+        return this.deviceFlows.size;
+    }
+    storeAuthCodeFlow(internalState, flow) {
+        this.authCodeFlows.set(internalState, flow);
+        this.backend.storeAuthCodeFlow(internalState, flow).catch(err => {
+            logger_1.logger.error({ err, internalState: internalState.substring(0, 8) + "..." }, "Failed to persist auth code flow");
+        });
+        logger_1.logger.debug({ internalState: internalState.substring(0, 8) + "..." }, "Auth code flow stored");
+    }
+    getAuthCodeFlow(internalState) {
+        return this.authCodeFlows.get(internalState);
+    }
+    deleteAuthCodeFlow(internalState) {
+        const deleted = this.authCodeFlows.delete(internalState);
+        if (deleted) {
+            this.backend.deleteAuthCodeFlow(internalState).catch(err => {
+                logger_1.logger.error({ err, internalState: internalState.substring(0, 8) + "..." }, "Failed to delete auth code flow");
+            });
+            logger_1.logger.debug({ internalState: internalState.substring(0, 8) + "..." }, "Auth code flow deleted");
+        }
+        return deleted;
+    }
+    getAuthCodeFlowCount() {
+        return this.authCodeFlows.size;
+    }
+    storeAuthCode(code) {
+        this.authCodes.set(code.code, code);
+        this.backend.storeAuthCode(code).catch(err => {
+            logger_1.logger.error({ err, code: code.code.substring(0, 8) + "..." }, "Failed to persist auth code");
+        });
+        logger_1.logger.debug({ code: code.code.substring(0, 8) + "..." }, "Auth code stored");
+    }
+    getAuthCode(code) {
+        return this.authCodes.get(code);
+    }
+    deleteAuthCode(code) {
+        const deleted = this.authCodes.delete(code);
+        if (deleted) {
+            this.backend.deleteAuthCode(code).catch(err => {
+                logger_1.logger.error({ err, code: code.substring(0, 8) + "..." }, "Failed to delete auth code");
+            });
+            logger_1.logger.debug({ code: code.substring(0, 8) + "..." }, "Auth code deleted");
+        }
+        return deleted;
+    }
+    getAuthCodeCount() {
+        return this.authCodes.size;
+    }
+    associateMcpSession(mcpSessionId, oauthSessionId) {
+        this.mcpSessionToOAuthSession.set(mcpSessionId, oauthSessionId);
+        this.backend.associateMcpSession(mcpSessionId, oauthSessionId).catch(err => {
+            logger_1.logger.error({ err, mcpSessionId }, "Failed to persist MCP session association");
+        });
+        logger_1.logger.debug({ mcpSessionId, oauthSessionId: oauthSessionId.substring(0, 8) + "..." }, "MCP session associated with OAuth session");
+    }
+    getSessionByMcpSessionId(mcpSessionId) {
+        const oauthSessionId = this.mcpSessionToOAuthSession.get(mcpSessionId);
+        if (!oauthSessionId) {
+            return undefined;
+        }
+        return this.sessions.get(oauthSessionId);
+    }
+    getGitLabTokenByMcpSessionId(mcpSessionId) {
+        const session = this.getSessionByMcpSessionId(mcpSessionId);
+        return session?.gitlabAccessToken;
+    }
+    removeMcpSessionAssociation(mcpSessionId) {
+        const deleted = this.mcpSessionToOAuthSession.delete(mcpSessionId);
+        if (deleted) {
+            this.backend.removeMcpSessionAssociation(mcpSessionId).catch(err => {
+                logger_1.logger.error({ err, mcpSessionId }, "Failed to remove MCP session association from backend");
+            });
+            logger_1.logger.debug({ mcpSessionId }, "MCP session association removed");
+        }
+        return deleted;
+    }
+    cleanup() {
+        const now = Date.now();
+        let expiredSessions = 0;
+        let expiredDeviceFlows = 0;
+        let expiredAuthCodeFlows = 0;
+        let expiredAuthCodes = 0;
+        const maxAge = 7 * 24 * 60 * 60 * 1000;
+        for (const [id, session] of this.sessions) {
+            if (session.createdAt + maxAge < now) {
+                this.deleteSession(id);
+                expiredSessions++;
+            }
+        }
+        for (const [state, flow] of this.deviceFlows) {
+            if (flow.expiresAt < now) {
+                this.deleteDeviceFlow(state);
+                expiredDeviceFlows++;
+            }
+        }
+        for (const [state, flow] of this.authCodeFlows) {
+            if (flow.expiresAt < now) {
+                this.deleteAuthCodeFlow(state);
+                expiredAuthCodeFlows++;
+            }
+        }
+        for (const [code, auth] of this.authCodes) {
+            if (auth.expiresAt < now) {
+                this.deleteAuthCode(code);
+                expiredAuthCodes++;
+            }
+        }
+        if (expiredSessions > 0 ||
+            expiredDeviceFlows > 0 ||
+            expiredAuthCodeFlows > 0 ||
+            expiredAuthCodes > 0) {
+            logger_1.logger.debug({
+                expiredSessions,
+                expiredDeviceFlows,
+                expiredAuthCodeFlows,
+                expiredAuthCodes,
+                remainingSessions: this.sessions.size,
+            }, "Session store cleanup completed");
+        }
+    }
+    startCleanupInterval() {
+        this.cleanupIntervalId = setInterval(() => {
+            this.cleanup();
+        }, 5 * 60 * 1000);
+        if (this.cleanupIntervalId.unref) {
+            this.cleanupIntervalId.unref();
+        }
+    }
+    stopCleanupInterval() {
+        if (this.cleanupIntervalId) {
+            clearInterval(this.cleanupIntervalId);
+            this.cleanupIntervalId = null;
+        }
+    }
+    clear() {
+        this.sessions.clear();
+        this.deviceFlows.clear();
+        this.authCodeFlows.clear();
+        this.authCodes.clear();
+        this.tokenToSession.clear();
+        this.refreshTokenToSession.clear();
+        this.mcpSessionToOAuthSession.clear();
+        logger_1.logger.debug("Session store cleared");
+    }
+    async close() {
+        this.stopCleanupInterval();
+        await this.backend.close();
+        logger_1.logger.info("Session store closed");
+    }
+    getStats() {
+        return {
+            sessions: this.sessions.size,
+            deviceFlows: this.deviceFlows.size,
+            authCodeFlows: this.authCodeFlows.size,
+            authCodes: this.authCodes.size,
+        };
+    }
+}
+exports.SessionStore = SessionStore;
+exports.sessionStore = new SessionStore();
+//# sourceMappingURL=session-store.js.map

package/dist/src/oauth/session-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-store.js","sourceRoot":"","sources":["../../../src/oauth/session-store.ts"],"names":[],"mappings":";;;AAaA,uCAAwE;AACxE,sCAAmC;AAQnC,MAAa,YAAY;IACf,OAAO,CAAwB;IAC/B,WAAW,GAAG,KAAK,CAAC;IAGpB,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC3C,WAAW,GAAG,IAAI,GAAG,EAA2B,CAAC;IACjD,aAAa,GAAG,IAAI,GAAG,EAA6B,CAAC;IACrD,SAAS,GAAG,IAAI,GAAG,EAA6B,CAAC;IACjD,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC3C,qBAAqB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAClD,wBAAwB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAErD,iBAAiB,GAA0C,IAAI,CAAC;IAExE,YAAY,OAA+B;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,IAAA,8BAAoB,GAAE,CAAC;IACnD,CAAC;IAMD,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QAGhC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YACrD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;gBACvC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;oBAC3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;gBAC9D,CAAC;gBACD,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;oBAC5B,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;YACD,eAAM,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,QAAQ,CAAC,MAAM,EAAE,EAAE,sCAAsC,CAAC,CAAC;QAC3F,CAAC;QAGD,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE5B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,eAAM,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,2BAA2B,CAAC,CAAC;IAC/E,CAAC;IAKD,cAAc;QACZ,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IASD,aAAa,CAAC,OAAqB;QACjC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAEvC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;YAC5B,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QACtE,CAAC;QAGD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YAC9C,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,sCAAsC,CAAC,CAAC;QACvF,CAAC,CAAC,CAAC;QAEH,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC3F,CAAC;IAKD,UAAU,CAAC,SAAiB;QAC1B,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAKD,iBAAiB,CAAC,KAAa;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACjD,OAAO,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,CAAC;IAKD,wBAAwB,CAAC,YAAoB;QAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC/D,OAAO,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,CAAC;IAKD,aAAa,CAAC,SAAiB,EAAE,OAA8B;QAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,eAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,0CAA0C,CAAC,CAAC;YACvE,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,KAAK,OAAO,CAAC,cAAc,EAAE,CAAC;YAChF,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YACnD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,eAAe,KAAK,OAAO,CAAC,eAAe,EAAE,CAAC;YACnF,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAC3D,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QACrE,CAAC;QAGD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAG3D,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YACzD,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,qCAAqC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QAEH,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,iBAAiB,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAKD,aAAa,CAAC,SAAiB;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;YAC5B,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAGhC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YAChD,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,uCAAuC,CAAC,CAAC;QAC5E,CAAC,CAAC,CAAC;QAEH,eAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,EAAE,iBAAiB,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAKD,cAAc;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;IAChC,CAAC;IAKD,eAAe;QACb,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IASD,eAAe,CAAC,KAAa,EAAE,IAAqB;QAClD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAElC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YACpD,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,0CAA0C,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;QAEH,eAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,oBAAoB,CAAC,CAAC;IACzE,CAAC;IAKD,aAAa,CAAC,KAAa;QACzB,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAKD,yBAAyB,CAAC,UAAkB;QAC1C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC7C,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;gBACnC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAKD,gBAAgB,CAAC,KAAa;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;gBAC/C,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,2CAA2C,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;YACH,eAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,qBAAqB,CAAC,CAAC;QACjD,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAKD,kBAAkB;QAChB,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/B,CAAC;IASD,iBAAiB,CAAC,aAAqB,EAAE,IAAuB;QAC9D,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QAE5C,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YAC9D,eAAM,CAAC,KAAK,CACV,EAAE,GAAG,EAAE,aAAa,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EAC7D,kCAAkC,CACnC,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,eAAM,CAAC,KAAK,CAAC,EAAE,aAAa,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EAAE,uBAAuB,CAAC,CAAC;IAClG,CAAC;IAKD,eAAe,CAAC,aAAqB;QACnC,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC/C,CAAC;IAKD,kBAAkB,CAAC,aAAqB;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAEzD,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;gBACzD,eAAM,CAAC,KAAK,CACV,EAAE,GAAG,EAAE,aAAa,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EAC7D,iCAAiC,CAClC,CAAC;YACJ,CAAC,CAAC,CAAC;YACH,eAAM,CAAC,KAAK,CACV,EAAE,aAAa,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EACxD,wBAAwB,CACzB,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAKD,oBAAoB;QAClB,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;IACjC,CAAC;IASD,aAAa,CAAC,IAAuB;QACnC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAEpC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YAC3C,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EAAE,6BAA6B,CAAC,CAAC;QAChG,CAAC,CAAC,CAAC;QAEH,eAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAChF,CAAC;IAKD,WAAW,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAKD,cAAc,CAAC,IAAY;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAE5C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;gBAC5C,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EAAE,4BAA4B,CAAC,CAAC;YAC1F,CAAC,CAAC,CAAC;YACH,eAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAC5E,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAKD,gBAAgB;QACd,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;IAC7B,CAAC;IASD,mBAAmB,CAAC,YAAoB,EAAE,cAAsB;QAC9D,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;QAEhE,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YACzE,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,EAAE,2CAA2C,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QAEH,eAAM,CAAC,KAAK,CACV,EAAE,YAAY,EAAE,cAAc,EAAE,cAAc,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,EAAE,EACxE,2CAA2C,CAC5C,CAAC;IACJ,CAAC;IAKD,wBAAwB,CAAC,YAAoB;QAC3C,MAAM,cAAc,GAAG,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACvE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC3C,CAAC;IAKD,4BAA4B,CAAC,YAAoB;QAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,wBAAwB,CAAC,YAAY,CAAC,CAAC;QAC5D,OAAO,OAAO,EAAE,iBAAiB,CAAC;IACpC,CAAC;IAKD,2BAA2B,CAAC,YAAoB;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAEnE,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,CAAC,2BAA2B,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;gBACjE,eAAM,CAAC,KAAK,CACV,EAAE,GAAG,EAAE,YAAY,EAAE,EACrB,uDAAuD,CACxD,CAAC;YACJ,CAAC,CAAC,CAAC;YACH,eAAM,CAAC,KAAK,CAAC,EAAE,YAAY,EAAE,EAAE,iCAAiC,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IASD,OAAO;QACL,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,IAAI,kBAAkB,GAAG,CAAC,CAAC;QAC3B,IAAI,oBAAoB,GAAG,CAAC,CAAC;QAC7B,IAAI,gBAAgB,GAAG,CAAC,CAAC;QAGzB,MAAM,MAAM,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACvC,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1C,IAAI,OAAO,CAAC,SAAS,GAAG,MAAM,GAAG,GAAG,EAAE,CAAC;gBACrC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;gBACvB,eAAe,EAAE,CAAC;YACpB,CAAC;QACH,CAAC;QAGD,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBACzB,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBAC7B,kBAAkB,EAAE,CAAC;YACvB,CAAC;QACH,CAAC;QAGD,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC/C,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBACzB,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBAC/B,oBAAoB,EAAE,CAAC;YACzB,CAAC;QACH,CAAC;QAGD,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBACzB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;gBAC1B,gBAAgB,EAAE,CAAC;YACrB,CAAC;QACH,CAAC;QAED,IACE,eAAe,GAAG,CAAC;YACnB,kBAAkB,GAAG,CAAC;YACtB,oBAAoB,GAAG,CAAC;YACxB,gBAAgB,GAAG,CAAC,EACpB,CAAC;YACD,eAAM,CAAC,KAAK,CACV;gBACE,eAAe;gBACf,kBAAkB;gBAClB,oBAAoB;gBACpB,gBAAgB;gBAChB,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;aACtC,EACD,iCAAiC,CAClC,CAAC;QACJ,CAAC;IACH,CAAC;IAKO,oBAAoB;QAC1B,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAClC,GAAG,EAAE;YACH,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC,EACD,CAAC,GAAG,EAAE,GAAG,IAAI,CACd,CAAC;QAEF,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAKD,mBAAmB;QACjB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,aAAa,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACtC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAChC,CAAC;IACH,CAAC;IAKD,KAAK;QACH,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC5B,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,CAAC;QACnC,IAAI,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QACtC,eAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACxC,CAAC;IAKD,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC3B,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAC3B,eAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACtC,CAAC;IAKD,QAAQ;QAMN,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YAC5B,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;YAClC,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;YACtC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;SAC/B,CAAC;IACJ,CAAC;CACF;AAjhBD,oCAihBC;AAOY,QAAA,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC"}

package/dist/src/oauth/storage/factory.d.ts

@@ -0,0 +1,4 @@
+import { SessionStorageBackend, StorageConfig } from "./types";
+export declare function createStorageBackend(config?: StorageConfig): SessionStorageBackend;
+export declare function getStorageType(config?: StorageConfig): "memory" | "file" | "postgresql";
+export declare function validateStorageConfig(config?: StorageConfig): string[];

package/dist/src/oauth/storage/factory.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createStorageBackend = createStorageBackend;
+exports.getStorageType = getStorageType;
+exports.validateStorageConfig = validateStorageConfig;
+const memory_1 = require("./memory");
+const file_1 = require("./file");
+const postgresql_1 = require("./postgresql");
+const logger_1 = require("../../logger");
+function createStorageBackend(config) {
+    const storageType = config?.type ?? getEnvStorageType();
+    switch (storageType) {
+        case "file":
+            return createFileBackend(config);
+        case "postgresql":
+            return createPostgreSQLBackend();
+        case "memory":
+        default:
+            return createMemoryBackend();
+    }
+}
+function getEnvStorageType() {
+    const type = process.env.OAUTH_STORAGE_TYPE?.toLowerCase();
+    if (type === "file" || type === "postgresql") {
+        return type;
+    }
+    return "memory";
+}
+function createMemoryBackend() {
+    logger_1.logger.info("Using in-memory session storage (sessions will be lost on restart)");
+    return new memory_1.MemoryStorageBackend();
+}
+function createFileBackend(config) {
+    const filePath = config?.file?.path ?? process.env.OAUTH_STORAGE_FILE_PATH ?? "./data/oauth-sessions.json";
+    const saveInterval = config?.file?.saveInterval ?? parseInt(process.env.OAUTH_STORAGE_SAVE_INTERVAL ?? "30000", 10);
+    const prettyPrint = config?.file?.prettyPrint ?? process.env.OAUTH_STORAGE_PRETTY_PRINT === "true";
+    logger_1.logger.info({ filePath, saveInterval }, "Using file-based session storage");
+    return new file_1.FileStorageBackend({
+        filePath,
+        saveInterval,
+        prettyPrint,
+    });
+}
+function createPostgreSQLBackend() {
+    const connectionString = process.env.OAUTH_STORAGE_POSTGRESQL_URL ?? process.env.DATABASE_URL;
+    if (!connectionString) {
+        throw new Error("PostgreSQL storage requires a connection string. " +
+            "Set OAUTH_STORAGE_POSTGRESQL_URL or DATABASE_URL environment variable");
+    }
+    logger_1.logger.info("Using PostgreSQL session storage (via Prisma)");
+    return new postgresql_1.PostgreSQLStorageBackend();
+}
+function getStorageType(config) {
+    return config?.type ?? getEnvStorageType();
+}
+function validateStorageConfig(config) {
+    const errors = [];
+    const type = getStorageType(config);
+    if (type === "postgresql") {
+        const connectionString = process.env.OAUTH_STORAGE_POSTGRESQL_URL ?? process.env.DATABASE_URL;
+        if (!connectionString) {
+            errors.push("PostgreSQL storage requires OAUTH_STORAGE_POSTGRESQL_URL or DATABASE_URL environment variable");
+        }
+    }
+    if (type === "file") {
+        const filePath = config?.file?.path ?? process.env.OAUTH_STORAGE_FILE_PATH;
+        if (filePath) {
+            if (filePath.includes("..")) {
+                errors.push("File storage path must not contain '..'");
+            }
+        }
+    }
+    return errors;
+}
+//# sourceMappingURL=factory.js.map

package/dist/src/oauth/storage/factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.js","sourceRoot":"","sources":["../../../../src/oauth/storage/factory.ts"],"names":[],"mappings":";;AAyBA,oDAaC;AAqDD,wCAEC;AAKD,sDA2BC;AAtHD,qCAAgD;AAChD,iCAA4C;AAC5C,6CAAwD;AACxD,yCAAsC;AAetC,SAAgB,oBAAoB,CAAC,MAAsB;IAEzD,MAAM,WAAW,GAAG,MAAM,EAAE,IAAI,IAAI,iBAAiB,EAAE,CAAC;IAExD,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACnC,KAAK,YAAY;YACf,OAAO,uBAAuB,EAAE,CAAC;QACnC,KAAK,QAAQ,CAAC;QACd;YACE,OAAO,mBAAmB,EAAE,CAAC;IACjC,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,WAAW,EAAE,CAAC;IAC3D,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,mBAAmB;IAC1B,eAAM,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;IAClF,OAAO,IAAI,6BAAoB,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAsB;IAC/C,MAAM,QAAQ,GACZ,MAAM,EAAE,IAAI,EAAE,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,4BAA4B,CAAC;IAE5F,MAAM,YAAY,GAChB,MAAM,EAAE,IAAI,EAAE,YAAY,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;IAEjG,MAAM,WAAW,GACf,MAAM,EAAE,IAAI,EAAE,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,0BAA0B,KAAK,MAAM,CAAC;IAEjF,eAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,kCAAkC,CAAC,CAAC;IAE5E,OAAO,IAAI,yBAAkB,CAAC;QAC5B,QAAQ;QACR,YAAY;QACZ,WAAW;KACZ,CAAC,CAAC;AACL,CAAC;AAED,SAAS,uBAAuB;IAE9B,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IAE9F,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,mDAAmD;YACjD,uEAAuE,CAC1E,CAAC;IACJ,CAAC;IAED,eAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IAE7D,OAAO,IAAI,qCAAwB,EAAE,CAAC;AACxC,CAAC;AAKD,SAAgB,cAAc,CAAC,MAAsB;IACnD,OAAO,MAAM,EAAE,IAAI,IAAI,iBAAiB,EAAE,CAAC;AAC7C,CAAC;AAKD,SAAgB,qBAAqB,CAAC,MAAsB;IAC1D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAEpC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAE1B,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAE9F,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CACT,+FAA+F,CAChG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,MAAM,EAAE,IAAI,EAAE,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QAE3E,IAAI,QAAQ,EAAE,CAAC;YAEb,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/src/oauth/storage/file.d.ts

@@ -0,0 +1,50 @@
+import { OAuthSession, DeviceFlowState, AuthCodeFlowState, AuthorizationCode } from "../types";
+import { SessionStorageBackend, SessionStorageStats } from "./types";
+export interface FileStorageOptions {
+    filePath: string;
+    saveInterval?: number;
+    prettyPrint?: boolean;
+    saveDebounce?: number;
+}
+export declare class FileStorageBackend implements SessionStorageBackend {
+    readonly type: "file";
+    private memory;
+    private filePath;
+    private saveInterval;
+    private prettyPrint;
+    private saveDebounce;
+    private saveIntervalId;
+    private saveDebounceId;
+    private pendingSave;
+    private initialized;
+    constructor(options: FileStorageOptions);
+    initialize(): Promise<void>;
+    private loadFromFile;
+    private saveToFile;
+    private scheduleSave;
+    private startSaveInterval;
+    createSession(session: OAuthSession): Promise<void>;
+    getSession(sessionId: string): Promise<OAuthSession | undefined>;
+    getSessionByToken(token: string): Promise<OAuthSession | undefined>;
+    getSessionByRefreshToken(refreshToken: string): Promise<OAuthSession | undefined>;
+    updateSession(sessionId: string, updates: Partial<OAuthSession>): Promise<boolean>;
+    deleteSession(sessionId: string): Promise<boolean>;
+    getAllSessions(): Promise<OAuthSession[]>;
+    storeDeviceFlow(state: string, flow: DeviceFlowState): Promise<void>;
+    getDeviceFlow(state: string): Promise<DeviceFlowState | undefined>;
+    getDeviceFlowByDeviceCode(deviceCode: string): Promise<DeviceFlowState | undefined>;
+    deleteDeviceFlow(state: string): Promise<boolean>;
+    storeAuthCodeFlow(internalState: string, flow: AuthCodeFlowState): Promise<void>;
+    getAuthCodeFlow(internalState: string): Promise<AuthCodeFlowState | undefined>;
+    deleteAuthCodeFlow(internalState: string): Promise<boolean>;
+    storeAuthCode(code: AuthorizationCode): Promise<void>;
+    getAuthCode(code: string): Promise<AuthorizationCode | undefined>;
+    deleteAuthCode(code: string): Promise<boolean>;
+    associateMcpSession(mcpSessionId: string, oauthSessionId: string): Promise<void>;
+    getSessionByMcpSessionId(mcpSessionId: string): Promise<OAuthSession | undefined>;
+    removeMcpSessionAssociation(mcpSessionId: string): Promise<boolean>;
+    cleanup(): Promise<void>;
+    close(): Promise<void>;
+    getStats(): Promise<SessionStorageStats>;
+    forceSave(): Promise<void>;
+}