@structured-world/gitlab-mcp 6.62.1 → 6.62.2

package/dist/src/oauth/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/oauth/config.ts"],"names":[],"mappings":";;;AAqDA,0CAoCC;AA2CD,oDAKC;AAOD,wCAEC;AAKD,sDAEC;AAOD,wDAQC;AAOD,0DAEC;AAOD,gEAEC;AAnLD,6BAAwB;AACxB,sCAA8C;AAM9C,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IAEjC,OAAO,EAAE,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IAExB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,qDAAqD,CAAC;IAExF,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,oCAAoC,CAAC;IAEvE,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEzC,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC;IAEjD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE7C,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAEtD,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAEpD,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;CAClD,CAAC,CAAC;AAUH,IAAI,iBAAiB,GAAmC,SAAS,CAAC;AAUlE,SAAgB,eAAe;IAE7B,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;QACpC,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAGD,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;QACzC,iBAAiB,GAAG,IAAI,CAAC;QACzB,IAAA,iBAAQ,EAAC,gDAAgD,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC;QACzC,OAAO,EAAE,IAAa;QACtB,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAC/C,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAClD,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B;QAC1D,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,eAAe;QAChE,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,MAAM,EAAE,EAAE,CAAC;QAC7D,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,QAAQ,EAAE,EAAE,CAAC;QAC9E,kBAAkB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,GAAG,EAAE,EAAE,CAAC;QAC/E,aAAa,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,KAAK,EAAE,EAAE,CAAC;KACvE,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;aACtC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC7C,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,aAAa,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC;IAChC,IAAA,gBAAO,EAAC,6CAA6C,CAAC,CAAC;IACvD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAOD,MAAa,kBAAmB,SAAQ,KAAK;IAC3B,QAAQ,CAAS;IAEjC,YAAY,QAAgB;QAC1B,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AARD,gDAQC;AAGD,MAAM,sBAAsB,GAAG;;;;;;;;;;;;;;;;;CAiB9B,CAAC;AAQF,SAAgB,oBAAoB;IAClC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAC9B,MAAM,IAAI,kBAAkB,CAAC,sBAAsB,CAAC,CAAC;IACvD,CAAC;IACD,IAAA,iBAAQ,EAAC,4CAA4C,CAAC,CAAC;AACzD,CAAC;AAOD,SAAgB,cAAc;IAC5B,OAAO,eAAe,EAAE,KAAK,IAAI,CAAC;AACpC,CAAC;AAKD,SAAgB,qBAAqB;IACnC,iBAAiB,GAAG,SAAS,CAAC;AAChC,CAAC;AAOD,SAAgB,sBAAsB;IACpC,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,OAAO,6DAA6D,CAAC;IACvE,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAC7B,OAAO,yCAAyC,CAAC;IACnD,CAAC;IACD,OAAO,yEAAyE,CAAC;AACnF,CAAC;AAOD,SAAgB,uBAAuB;IACrC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AACpC,CAAC;AAOD,SAAgB,0BAA0B;IACxC,OAAO,cAAc,EAAE,IAAI,uBAAuB,EAAE,CAAC;AACvD,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/oauth/config.ts"],"names":[],"mappings":";;;AAqDA,0CAoCC;AA2CD,oDAKC;AAOD,wCAEC;AAKD,sDAEC;AAOD,wDAQC;AAOD,0DAEC;AAOD,gEAEC;AAnLD,6BAAwB;AACxB,sCAA8C;AAM9C,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IAEjC,OAAO,EAAE,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IAExB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,qDAAqD,CAAC;IAExF,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,oCAAoC,CAAC;IAEvE,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEzC,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC;IAEjD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE7C,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAEtD,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAEpD,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;CAClD,CAAC,CAAC;AAUH,IAAI,iBAAiB,GAAmC,SAAS,CAAC;AAUlE,SAAgB,eAAe;IAE7B,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;QACpC,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAGD,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;QACzC,iBAAiB,GAAG,IAAI,CAAC;QACzB,IAAA,iBAAQ,EAAC,gDAAgD,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC;QACzC,OAAO,EAAE,IAAa;QACtB,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAC/C,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAClD,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B;QAC1D,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,eAAe;QAChE,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,MAAM,EAAE,EAAE,CAAC;QAC7D,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,QAAQ,EAAE,EAAE,CAAC;QAC9E,kBAAkB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,GAAG,EAAE,EAAE,CAAC;QAC/E,aAAa,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,KAAK,EAAE,EAAE,CAAC;KACvE,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM;aACtC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC/C,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,aAAa,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC;IAChC,IAAA,gBAAO,EAAC,6CAA6C,CAAC,CAAC;IACvD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAOD,MAAa,kBAAmB,SAAQ,KAAK;IAC3B,QAAQ,CAAS;IAEjC,YAAY,QAAgB;QAC1B,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AARD,gDAQC;AAGD,MAAM,sBAAsB,GAAG;;;;;;;;;;;;;;;;;CAiB9B,CAAC;AAQF,SAAgB,oBAAoB;IAClC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAC9B,MAAM,IAAI,kBAAkB,CAAC,sBAAsB,CAAC,CAAC;IACvD,CAAC;IACD,IAAA,iBAAQ,EAAC,4CAA4C,CAAC,CAAC;AACzD,CAAC;AAOD,SAAgB,cAAc;IAC5B,OAAO,eAAe,EAAE,KAAK,IAAI,CAAC;AACpC,CAAC;AAKD,SAAgB,qBAAqB;IACnC,iBAAiB,GAAG,SAAS,CAAC;AAChC,CAAC;AAOD,SAAgB,sBAAsB;IACpC,IAAI,cAAc,EAAE,EAAE,CAAC;QACrB,OAAO,6DAA6D,CAAC;IACvE,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QAC7B,OAAO,yCAAyC,CAAC;IACnD,CAAC;IACD,OAAO,yEAAyE,CAAC;AACnF,CAAC;AAOD,SAAgB,uBAAuB;IACrC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AACpC,CAAC;AAOD,SAAgB,0BAA0B;IACxC,OAAO,cAAc,EAAE,IAAI,uBAAuB,EAAE,CAAC;AACvD,CAAC"}

package/dist/src/oauth/endpoints/authorize.d.ts

@@ -1,3 +1,3 @@
-import { Request, Response } from "express";
+import { Request, Response } from 'express';
 export declare function authorizeHandler(req: Request, res: Response): Promise<void>;
 export declare function pollHandler(req: Request, res: Response): Promise<void>;

package/dist/src/oauth/endpoints/authorize.js

@@ -13,31 +13,31 @@ const request_logger_1 = require("../../utils/request-logger");
 async function authorizeHandler(req, res) {
     const config = (0, config_1.loadOAuthConfig)();
     if (!config) {
-        sendError(req, res, 500, "server_error", "OAuth not configured");
+        sendError(req, res, 500, 'server_error', 'OAuth not configured');
         return;
     }
     const { client_id, redirect_uri, response_type, state, code_challenge, code_challenge_method } = req.query;
-    if (response_type !== "code") {
-        sendError(req, res, 400, "unsupported_response_type", 'Only "code" response type is supported');
+    if (response_type !== 'code') {
+        sendError(req, res, 400, 'unsupported_response_type', 'Only "code" response type is supported');
         return;
     }
     if (!client_id) {
-        sendError(req, res, 400, "invalid_request", "client_id is required");
+        sendError(req, res, 400, 'invalid_request', 'client_id is required');
         return;
     }
     if (!code_challenge) {
-        sendError(req, res, 400, "invalid_request", "code_challenge is required (PKCE)");
+        sendError(req, res, 400, 'invalid_request', 'code_challenge is required (PKCE)');
         return;
     }
-    if (code_challenge_method !== "S256") {
-        sendError(req, res, 400, "invalid_request", 'code_challenge_method must be "S256"');
+    if (code_challenge_method !== 'S256') {
+        sendError(req, res, 400, 'invalid_request', 'code_challenge_method must be "S256"');
         return;
     }
     if (redirect_uri) {
         await handleAuthorizationCodeFlow(req, res, config, {
             clientId: client_id,
             redirectUri: redirect_uri,
-            state: state ?? "",
+            state: state ?? '',
             codeChallenge: code_challenge,
             codeChallengeMethod: code_challenge_method,
         });
@@ -45,7 +45,7 @@ async function authorizeHandler(req, res) {
     else {
         await handleDeviceFlow(req, res, config, {
             clientId: client_id,
-            state: state ?? "",
+            state: state ?? '',
             codeChallenge: code_challenge,
             codeChallengeMethod: code_challenge_method,
         });
@@ -66,7 +66,7 @@ async function handleAuthorizationCodeFlow(req, res, config, params) {
         expiresAt: Date.now() + 10 * 60 * 1000,
     });
     const gitlabAuthUrl = (0, gitlab_device_flow_1.buildGitLabAuthUrl)(config, callbackUri, internalState);
-    (0, logger_1.logInfo)("Authorization Code Flow initiated, redirecting to GitLab", {
+    (0, logger_1.logInfo)('Authorization Code Flow initiated, redirecting to GitLab', {
         internalState: (0, logger_1.truncateId)(internalState),
         clientRedirectUri: params.redirectUri,
     });
@@ -89,7 +89,7 @@ async function handleDeviceFlow(req, res, config, params) {
             state: params.state,
             redirectUri: undefined,
         });
-        (0, logger_1.logInfo)("Device flow initiated for authorization", {
+        (0, logger_1.logInfo)('Device flow initiated for authorization', {
             flowState: (0, logger_1.truncateId)(flowState),
             userCode: deviceResponse.user_code,
         });
@@ -102,37 +102,37 @@ async function handleDeviceFlow(req, res, config, params) {
             pollUrl: `${baseUrl}/oauth/poll`,
             expiresIn: deviceResponse.expires_in,
         });
-        res.setHeader("Content-Type", "text/html");
+        res.setHeader('Content-Type', 'text/html');
         res.send(html);
     }
     catch (error) {
-        (0, logger_1.logError)("Failed to initiate device flow", { err: error });
-        sendError(req, res, 500, "server_error", "Failed to initiate authentication");
+        (0, logger_1.logError)('Failed to initiate device flow', { err: error });
+        sendError(req, res, 500, 'server_error', 'Failed to initiate authentication');
     }
 }
 async function pollHandler(req, res) {
     const config = (0, config_1.loadOAuthConfig)();
     if (!config) {
-        res.status(500).json({ error: "server_error" });
+        res.status(500).json({ error: 'server_error' });
         return;
     }
     const { flow_state } = req.query;
     if (!flow_state) {
         res
             .status(400)
-            .json({ status: "failed", error: "Missing flow_state" });
+            .json({ status: 'failed', error: 'Missing flow_state' });
         return;
     }
     const flow = session_store_1.sessionStore.getDeviceFlow(flow_state);
     if (!flow) {
-        res.status(400).json({ status: "expired", error: "Flow not found" });
+        res.status(400).json({ status: 'expired', error: 'Flow not found' });
         return;
     }
     if (Date.now() > flow.expiresAt) {
         session_store_1.sessionStore.deleteDeviceFlow(flow_state);
         res
             .status(400)
-            .json({ status: "expired", error: "Device code expired" });
+            .json({ status: 'expired', error: 'Device code expired' });
         return;
     }
     try {
@@ -153,8 +153,8 @@ async function pollHandler(req, res) {
             });
             session_store_1.sessionStore.createSession({
                 id: sessionId,
-                mcpAccessToken: "",
-                mcpRefreshToken: "",
+                mcpAccessToken: '',
+                mcpRefreshToken: '',
                 mcpTokenExpiry: 0,
                 gitlabAccessToken: tokenResponse.access_token,
                 gitlabRefreshToken: tokenResponse.refresh_token,
@@ -164,18 +164,18 @@ async function pollHandler(req, res) {
                 gitlabApiUrl: flow.selectedInstance ?? config_2.GITLAB_BASE_URL,
                 instanceLabel: flow.selectedInstanceLabel,
                 clientId: flow.clientId,
-                scopes: ["mcp:tools", "mcp:resources"],
+                scopes: ['mcp:tools', 'mcp:resources'],
                 createdAt: now,
                 updatedAt: now,
             });
             session_store_1.sessionStore.deleteDeviceFlow(flow_state);
-            (0, logger_1.logInfo)("Device flow authorization completed", {
+            (0, logger_1.logInfo)('Device flow authorization completed', {
                 sessionId: (0, logger_1.truncateId)(sessionId),
                 userId: userInfo.id,
                 username: userInfo.username,
             });
             const response = {
-                status: "complete",
+                status: 'complete',
                 redirect_uri: flow.redirectUri,
                 code: authCode,
                 state: flow.state ? flow.state : undefined,
@@ -183,25 +183,25 @@ async function pollHandler(req, res) {
             res.json(response);
         }
         else {
-            res.json({ status: "pending" });
+            res.json({ status: 'pending' });
         }
     }
     catch (error) {
-        const message = error instanceof Error ? error.message : "Unknown error";
-        if (message.includes("expired") || message.includes("denied") || message.includes("invalid")) {
+        const message = error instanceof Error ? error.message : 'Unknown error';
+        if (message.includes('expired') || message.includes('denied') || message.includes('invalid')) {
             session_store_1.sessionStore.deleteDeviceFlow(flow_state);
-            res.json({ status: "failed", error: message });
+            res.json({ status: 'failed', error: message });
         }
         else {
-            (0, logger_1.logWarn)("Device flow poll error", { err: error });
-            res.json({ status: "pending" });
+            (0, logger_1.logWarn)('Device flow poll error', { err: error });
+            res.json({ status: 'pending' });
         }
     }
 }
 function sendError(req, res, status, error, description) {
-    (0, logger_1.logWarn)("OAuth authorize request failed", {
-        event: "oauth_error",
-        endpoint: "/authorize",
+    (0, logger_1.logWarn)('OAuth authorize request failed', {
+        event: 'oauth_error',
+        endpoint: '/authorize',
         ip: (0, request_logger_1.getIpAddress)(req),
         error,
         description,

package/dist/src/oauth/endpoints/callback.d.ts

@@ -1,2 +1,2 @@
-import { Request, Response } from "express";
+import { Request, Response } from 'express';
 export declare function callbackHandler(req: Request, res: Response): Promise<void>;

package/dist/src/oauth/endpoints/callback.js

@@ -11,25 +11,25 @@ async function callbackHandler(req, res) {
     const config = (0, config_1.loadOAuthConfig)();
     if (!config) {
         res.status(500).json({
-            error: "server_error",
-            error_description: "OAuth not configured",
+            error: 'server_error',
+            error_description: 'OAuth not configured',
         });
         return;
     }
     const { code, state, error, error_description } = req.query;
     if (error) {
-        (0, logger_1.logWarn)("GitLab authorization error", { error, error_description });
+        (0, logger_1.logWarn)('GitLab authorization error', { error, error_description });
         if (state) {
             const flow = session_store_1.sessionStore.getAuthCodeFlow(state);
             if (flow) {
                 session_store_1.sessionStore.deleteAuthCodeFlow(state);
                 const redirectUrl = new URL(flow.clientRedirectUri);
-                redirectUrl.searchParams.set("error", error);
+                redirectUrl.searchParams.set('error', error);
                 if (error_description) {
-                    redirectUrl.searchParams.set("error_description", error_description);
+                    redirectUrl.searchParams.set('error_description', error_description);
                 }
                 if (flow.clientState) {
-                    redirectUrl.searchParams.set("state", flow.clientState);
+                    redirectUrl.searchParams.set('state', flow.clientState);
                 }
                 res.redirect(redirectUrl.toString());
                 return;
@@ -37,37 +37,37 @@ async function callbackHandler(req, res) {
         }
         res.status(400).json({
             error: error,
-            error_description: error_description ?? "GitLab authorization failed",
+            error_description: error_description ?? 'GitLab authorization failed',
         });
         return;
     }
     if (!code) {
         res.status(400).json({
-            error: "invalid_request",
-            error_description: "Missing authorization code from GitLab",
+            error: 'invalid_request',
+            error_description: 'Missing authorization code from GitLab',
         });
         return;
     }
     if (!state) {
         res.status(400).json({
-            error: "invalid_request",
-            error_description: "Missing state parameter",
+            error: 'invalid_request',
+            error_description: 'Missing state parameter',
         });
         return;
     }
     const flow = session_store_1.sessionStore.getAuthCodeFlow(state);
     if (!flow) {
         res.status(400).json({
-            error: "invalid_request",
-            error_description: "Invalid or expired state. Please start authorization again.",
+            error: 'invalid_request',
+            error_description: 'Invalid or expired state. Please start authorization again.',
         });
         return;
     }
     if (Date.now() > flow.expiresAt) {
         session_store_1.sessionStore.deleteAuthCodeFlow(state);
         res.status(400).json({
-            error: "invalid_request",
-            error_description: "Authorization flow expired. Please start again.",
+            error: 'invalid_request',
+            error_description: 'Authorization flow expired. Please start again.',
         });
         return;
     }
@@ -88,8 +88,8 @@ async function callbackHandler(req, res) {
         });
         session_store_1.sessionStore.createSession({
             id: sessionId,
-            mcpAccessToken: "",
-            mcpRefreshToken: "",
+            mcpAccessToken: '',
+            mcpRefreshToken: '',
             mcpTokenExpiry: 0,
             gitlabAccessToken: gitlabTokens.access_token,
             gitlabRefreshToken: gitlabTokens.refresh_token,
@@ -99,34 +99,34 @@ async function callbackHandler(req, res) {
             gitlabApiUrl: flow.selectedInstance ?? config_2.GITLAB_BASE_URL,
             instanceLabel: flow.selectedInstanceLabel,
             clientId: flow.clientId,
-            scopes: ["mcp:tools", "mcp:resources"],
+            scopes: ['mcp:tools', 'mcp:resources'],
             createdAt: now,
             updatedAt: now,
         });
         session_store_1.sessionStore.deleteAuthCodeFlow(state);
-        (0, logger_1.logInfo)("Authorization Code Flow completed successfully", {
+        (0, logger_1.logInfo)('Authorization Code Flow completed successfully', {
             sessionId: (0, logger_1.truncateId)(sessionId),
             userId: userInfo.id,
             username: userInfo.username,
         });
         const redirectUrl = new URL(flow.clientRedirectUri);
-        redirectUrl.searchParams.set("code", mcpAuthCode);
+        redirectUrl.searchParams.set('code', mcpAuthCode);
         if (flow.clientState) {
-            redirectUrl.searchParams.set("state", flow.clientState);
+            redirectUrl.searchParams.set('state', flow.clientState);
         }
-        (0, logger_1.logDebug)("Redirecting to client with authorization code", {
+        (0, logger_1.logDebug)('Redirecting to client with authorization code', {
             redirectUri: flow.clientRedirectUri,
         });
         res.redirect(redirectUrl.toString());
     }
     catch (error) {
-        (0, logger_1.logError)("Failed to complete authorization code flow", { err: error });
+        (0, logger_1.logError)('Failed to complete authorization code flow', { err: error });
         session_store_1.sessionStore.deleteAuthCodeFlow(state);
         const redirectUrl = new URL(flow.clientRedirectUri);
-        redirectUrl.searchParams.set("error", "server_error");
-        redirectUrl.searchParams.set("error_description", error instanceof Error ? error.message : "Failed to complete authorization");
+        redirectUrl.searchParams.set('error', 'server_error');
+        redirectUrl.searchParams.set('error_description', error instanceof Error ? error.message : 'Failed to complete authorization');
         if (flow.clientState) {
-            redirectUrl.searchParams.set("state", flow.clientState);
+            redirectUrl.searchParams.set('state', flow.clientState);
         }
         res.redirect(redirectUrl.toString());
     }

package/dist/src/oauth/endpoints/index.d.ts

@@ -1,5 +1,5 @@
-export { metadataHandler, protectedResourceHandler, getBaseUrl } from "./metadata";
-export { authorizeHandler, pollHandler } from "./authorize";
-export { callbackHandler } from "./callback";
-export { tokenHandler } from "./token";
-export { registerHandler, getRegisteredClient, isValidRedirectUri } from "./register";
+export { metadataHandler, protectedResourceHandler, getBaseUrl } from './metadata';
+export { authorizeHandler, pollHandler } from './authorize';
+export { callbackHandler } from './callback';
+export { tokenHandler } from './token';
+export { registerHandler, getRegisteredClient, isValidRedirectUri } from './register';

package/dist/src/oauth/endpoints/metadata.d.ts

@@ -1,4 +1,4 @@
-import { Request, Response } from "express";
+import { Request, Response } from 'express';
 export declare const MCP_PROTOCOL_VERSION = "2025-03-26";
 export declare function getBaseUrl(req: Request): string;
 export declare function metadataHandler(req: Request, res: Response): void;

package/dist/src/oauth/endpoints/metadata.js

@@ -5,12 +5,12 @@ exports.getBaseUrl = getBaseUrl;
 exports.metadataHandler = metadataHandler;
 exports.protectedResourceHandler = protectedResourceHandler;
 const config_1 = require("../../config");
-exports.MCP_PROTOCOL_VERSION = "2025-03-26";
+exports.MCP_PROTOCOL_VERSION = '2025-03-26';
 function getBaseUrl(req) {
-    const forwardedProto = req.get("x-forwarded-proto");
-    const protocol = forwardedProto ?? req.protocol ?? "http";
-    const forwardedHost = req.get("x-forwarded-host");
-    const host = forwardedHost ?? req.get("host") ?? `${config_1.HOST}:${config_1.PORT}`;
+    const forwardedProto = req.get('x-forwarded-proto');
+    const protocol = forwardedProto ?? req.protocol ?? 'http';
+    const forwardedHost = req.get('x-forwarded-host');
+    const host = forwardedHost ?? req.get('host') ?? `${config_1.HOST}:${config_1.PORT}`;
     return `${protocol}://${host}`;
 }
 function metadataHandler(req, res) {
@@ -19,11 +19,11 @@ function metadataHandler(req, res) {
         issuer: baseUrl,
         authorization_endpoint: `${baseUrl}/authorize`,
         token_endpoint: `${baseUrl}/token`,
-        response_types_supported: ["code"],
-        grant_types_supported: ["authorization_code", "refresh_token"],
-        code_challenge_methods_supported: ["S256"],
-        token_endpoint_auth_methods_supported: ["none"],
-        scopes_supported: ["mcp:tools", "mcp:resources"],
+        response_types_supported: ['code'],
+        grant_types_supported: ['authorization_code', 'refresh_token'],
+        code_challenge_methods_supported: ['S256'],
+        token_endpoint_auth_methods_supported: ['none'],
+        scopes_supported: ['mcp:tools', 'mcp:resources'],
         registration_endpoint: `${baseUrl}/register`,
         mcp_version: exports.MCP_PROTOCOL_VERSION,
     };
@@ -34,8 +34,8 @@ function protectedResourceHandler(req, res) {
     const metadata = {
         resource: baseUrl,
         authorization_servers: [baseUrl],
-        scopes_supported: ["mcp:tools", "mcp:resources"],
-        bearer_methods_supported: ["header"],
+        scopes_supported: ['mcp:tools', 'mcp:resources'],
+        bearer_methods_supported: ['header'],
     };
     res.json(metadata);
 }

package/dist/src/oauth/endpoints/register.d.ts

@@ -1,4 +1,4 @@
-import { Request, Response } from "express";
+import { Request, Response } from 'express';
 interface RegisteredClient {
     client_id: string;
     client_secret?: string;

package/dist/src/oauth/endpoints/register.js

@@ -9,11 +9,11 @@ const registeredClients = new Map();
 async function registerHandler(req, res) {
     try {
         const body = req.body;
-        const { redirect_uris, client_name, token_endpoint_auth_method = "none", grant_types = ["authorization_code", "refresh_token"], response_types = ["code"], } = body;
+        const { redirect_uris, client_name, token_endpoint_auth_method = 'none', grant_types = ['authorization_code', 'refresh_token'], response_types = ['code'], } = body;
         if (!redirect_uris || !Array.isArray(redirect_uris) || redirect_uris.length === 0) {
             res.status(400).json({
-                error: "invalid_client_metadata",
-                error_description: "redirect_uris is required and must be a non-empty array",
+                error: 'invalid_client_metadata',
+                error_description: 'redirect_uris is required and must be a non-empty array',
             });
             return;
         }
@@ -23,7 +23,7 @@ async function registerHandler(req, res) {
             }
             catch {
                 res.status(400).json({
-                    error: "invalid_redirect_uri",
+                    error: 'invalid_redirect_uri',
                     error_description: `Invalid redirect URI: ${uri}`,
                 });
                 return;
@@ -31,7 +31,7 @@ async function registerHandler(req, res) {
         }
         const client_id = (0, crypto_1.randomUUID)();
         let client_secret;
-        if (token_endpoint_auth_method !== "none") {
+        if (token_endpoint_auth_method !== 'none') {
             client_secret = (0, crypto_1.randomUUID)() + (0, crypto_1.randomUUID)();
         }
         const clientData = {
@@ -45,7 +45,7 @@ async function registerHandler(req, res) {
             created_at: Date.now(),
         };
         registeredClients.set(client_id, clientData);
-        (0, logger_1.logInfo)("New OAuth client registered via DCR", {
+        (0, logger_1.logInfo)('New OAuth client registered via DCR', {
             client_id,
             client_name,
             redirect_uris,
@@ -65,10 +65,10 @@ async function registerHandler(req, res) {
         res.status(201).json(response);
     }
     catch (error) {
-        (0, logger_1.logError)("Error in dynamic client registration", { err: error });
+        (0, logger_1.logError)('Error in dynamic client registration', { err: error });
         res.status(500).json({
-            error: "server_error",
-            error_description: "Failed to register client",
+            error: 'server_error',
+            error_description: 'Failed to register client',
         });
     }
 }

package/dist/src/oauth/endpoints/token.d.ts

@@ -1,2 +1,2 @@
-import { Request, Response } from "express";
+import { Request, Response } from 'express';
 export declare function tokenHandler(req: Request, res: Response): Promise<void>;

package/dist/src/oauth/endpoints/token.js

@@ -11,52 +11,52 @@ const request_logger_1 = require("../../utils/request-logger");
 async function tokenHandler(req, res) {
     const config = (0, config_1.loadOAuthConfig)();
     if (!config) {
-        sendError(req, res, 500, "server_error", "OAuth not configured");
+        sendError(req, res, 500, 'server_error', 'OAuth not configured');
         return;
     }
     const { grant_type } = req.body;
     switch (grant_type) {
-        case "authorization_code":
+        case 'authorization_code':
             await handleAuthorizationCode(req, res, config);
             break;
-        case "refresh_token":
+        case 'refresh_token':
             await handleRefreshToken(req, res, config);
             break;
         default:
-            sendError(req, res, 400, "unsupported_grant_type", `Grant type "${grant_type}" is not supported`);
+            sendError(req, res, 400, 'unsupported_grant_type', `Grant type "${grant_type}" is not supported`);
     }
 }
 async function handleAuthorizationCode(req, res, config) {
     const { code, code_verifier, redirect_uri } = req.body;
     if (!code) {
-        sendError(req, res, 400, "invalid_request", "Missing authorization code");
+        sendError(req, res, 400, 'invalid_request', 'Missing authorization code');
         return;
     }
     if (!code_verifier) {
-        sendError(req, res, 400, "invalid_request", "Missing code_verifier (PKCE required)");
+        sendError(req, res, 400, 'invalid_request', 'Missing code_verifier (PKCE required)');
         return;
     }
     const authCode = session_store_1.sessionStore.getAuthCode(code);
     if (!authCode) {
-        sendError(req, res, 400, "invalid_grant", "Invalid or expired authorization code");
+        sendError(req, res, 400, 'invalid_grant', 'Invalid or expired authorization code');
         return;
     }
     if (Date.now() > authCode.expiresAt) {
         session_store_1.sessionStore.deleteAuthCode(code);
-        sendError(req, res, 400, "invalid_grant", "Authorization code has expired");
+        sendError(req, res, 400, 'invalid_grant', 'Authorization code has expired');
         return;
     }
     if (!(0, token_utils_1.verifyCodeChallenge)(code_verifier, authCode.codeChallenge, authCode.codeChallengeMethod)) {
-        sendError(req, res, 400, "invalid_grant", "Invalid code_verifier");
+        sendError(req, res, 400, 'invalid_grant', 'Invalid code_verifier');
         return;
     }
     if (authCode.redirectUri && redirect_uri !== authCode.redirectUri) {
-        sendError(req, res, 400, "invalid_grant", "redirect_uri does not match");
+        sendError(req, res, 400, 'invalid_grant', 'redirect_uri does not match');
         return;
     }
     const session = session_store_1.sessionStore.getSession(authCode.sessionId);
     if (!session) {
-        sendError(req, res, 400, "invalid_grant", "Session not found");
+        sendError(req, res, 400, 'invalid_grant', 'Session not found');
         return;
     }
     const baseUrl = (0, metadata_1.getBaseUrl)(req);
@@ -65,7 +65,7 @@ async function handleAuthorizationCode(req, res, config) {
         sub: session.gitlabUserId.toString(),
         aud: authCode.clientId,
         sid: session.id,
-        scope: session.scopes.join(" "),
+        scope: session.scopes.join(' '),
         gitlab_user: session.gitlabUsername,
     }, config.sessionSecret, config.tokenTtl);
     const refreshToken = (0, token_utils_1.generateRefreshToken)();
@@ -75,28 +75,28 @@ async function handleAuthorizationCode(req, res, config) {
         mcpTokenExpiry: (0, token_utils_1.calculateTokenExpiry)(config.tokenTtl),
     });
     session_store_1.sessionStore.deleteAuthCode(code);
-    (0, logger_1.logInfo)("MCP tokens issued via authorization_code grant", {
+    (0, logger_1.logInfo)('MCP tokens issued via authorization_code grant', {
         sessionId: (0, logger_1.truncateId)(session.id),
         userId: session.gitlabUserId,
     });
     const response = {
         access_token: accessToken,
-        token_type: "Bearer",
+        token_type: 'Bearer',
         expires_in: config.tokenTtl,
         refresh_token: refreshToken,
-        scope: session.scopes.join(" "),
+        scope: session.scopes.join(' '),
     };
     res.json(response);
 }
 async function handleRefreshToken(req, res, config) {
     const { refresh_token } = req.body;
     if (!refresh_token) {
-        sendError(req, res, 400, "invalid_request", "Missing refresh_token");
+        sendError(req, res, 400, 'invalid_request', 'Missing refresh_token');
         return;
     }
     const session = session_store_1.sessionStore.getSessionByRefreshToken(refresh_token);
     if (!session) {
-        sendError(req, res, 400, "invalid_grant", "Invalid refresh token");
+        sendError(req, res, 400, 'invalid_grant', 'Invalid refresh token');
         return;
     }
     let updatedSession = session;
@@ -110,15 +110,15 @@ async function handleRefreshToken(req, res, config) {
             });
             const refreshedSession = session_store_1.sessionStore.getSession(session.id);
             if (!refreshedSession) {
-                sendError(req, res, 400, "invalid_grant", "Session lost during refresh");
+                sendError(req, res, 400, 'invalid_grant', 'Session lost during refresh');
                 return;
             }
             updatedSession = refreshedSession;
-            (0, logger_1.logDebug)("GitLab token refreshed", { sessionId: (0, logger_1.truncateId)(session.id) });
+            (0, logger_1.logDebug)('GitLab token refreshed', { sessionId: (0, logger_1.truncateId)(session.id) });
         }
         catch (error) {
-            (0, logger_1.logError)("Failed to refresh GitLab token", { err: error });
-            sendError(req, res, 400, "invalid_grant", "Failed to refresh underlying GitLab token");
+            (0, logger_1.logError)('Failed to refresh GitLab token', { err: error });
+            sendError(req, res, 400, 'invalid_grant', 'Failed to refresh underlying GitLab token');
             return;
         }
     }
@@ -128,7 +128,7 @@ async function handleRefreshToken(req, res, config) {
         sub: updatedSession.gitlabUserId.toString(),
         aud: updatedSession.clientId,
         sid: updatedSession.id,
-        scope: updatedSession.scopes.join(" "),
+        scope: updatedSession.scopes.join(' '),
         gitlab_user: updatedSession.gitlabUsername,
     }, config.sessionSecret, config.tokenTtl);
     const newRefreshToken = (0, token_utils_1.generateRefreshToken)();
@@ -137,23 +137,23 @@ async function handleRefreshToken(req, res, config) {
         mcpRefreshToken: newRefreshToken,
         mcpTokenExpiry: (0, token_utils_1.calculateTokenExpiry)(config.tokenTtl),
     });
-    (0, logger_1.logInfo)("MCP tokens refreshed via refresh_token grant", {
+    (0, logger_1.logInfo)('MCP tokens refreshed via refresh_token grant', {
         sessionId: (0, logger_1.truncateId)(updatedSession.id),
         userId: updatedSession.gitlabUserId,
     });
     const response = {
         access_token: accessToken,
-        token_type: "Bearer",
+        token_type: 'Bearer',
         expires_in: config.tokenTtl,
         refresh_token: newRefreshToken,
-        scope: updatedSession.scopes.join(" "),
+        scope: updatedSession.scopes.join(' '),
     };
     res.json(response);
 }
 function sendError(req, res, status, error, description) {
-    (0, logger_1.logWarn)("OAuth token request failed", {
-        event: "oauth_error",
-        endpoint: "/token",
+    (0, logger_1.logWarn)('OAuth token request failed', {
+        event: 'oauth_error',
+        endpoint: '/token',
         ip: (0, request_logger_1.getIpAddress)(req),
         error,
         description,