@structured-world/gitlab-mcp 6.62.1 → 7.0.1

package/dist/src/oauth/endpoints/callback.js

@@ -11,25 +11,25 @@ async function callbackHandler(req, res) {
     const config = (0, config_1.loadOAuthConfig)();
     if (!config) {
         res.status(500).json({
-            error: "server_error",
-            error_description: "OAuth not configured",
+            error: 'server_error',
+            error_description: 'OAuth not configured',
         });
         return;
     }
     const { code, state, error, error_description } = req.query;
     if (error) {
-        (0, logger_1.logWarn)("GitLab authorization error", { error, error_description });
+        (0, logger_1.logWarn)('GitLab authorization error', { error, error_description });
         if (state) {
             const flow = session_store_1.sessionStore.getAuthCodeFlow(state);
             if (flow) {
                 session_store_1.sessionStore.deleteAuthCodeFlow(state);
                 const redirectUrl = new URL(flow.clientRedirectUri);
-                redirectUrl.searchParams.set("error", error);
+                redirectUrl.searchParams.set('error', error);
                 if (error_description) {
-                    redirectUrl.searchParams.set("error_description", error_description);
+                    redirectUrl.searchParams.set('error_description', error_description);
                 }
                 if (flow.clientState) {
-                    redirectUrl.searchParams.set("state", flow.clientState);
+                    redirectUrl.searchParams.set('state', flow.clientState);
                 }
                 res.redirect(redirectUrl.toString());
                 return;
@@ -37,37 +37,37 @@ async function callbackHandler(req, res) {
         }
         res.status(400).json({
             error: error,
-            error_description: error_description ?? "GitLab authorization failed",
+            error_description: error_description ?? 'GitLab authorization failed',
         });
         return;
     }
     if (!code) {
         res.status(400).json({
-            error: "invalid_request",
-            error_description: "Missing authorization code from GitLab",
+            error: 'invalid_request',
+            error_description: 'Missing authorization code from GitLab',
         });
         return;
     }
     if (!state) {
         res.status(400).json({
-            error: "invalid_request",
-            error_description: "Missing state parameter",
+            error: 'invalid_request',
+            error_description: 'Missing state parameter',
         });
         return;
     }
     const flow = session_store_1.sessionStore.getAuthCodeFlow(state);
     if (!flow) {
         res.status(400).json({
-            error: "invalid_request",
-            error_description: "Invalid or expired state. Please start authorization again.",
+            error: 'invalid_request',
+            error_description: 'Invalid or expired state. Please start authorization again.',
         });
         return;
     }
     if (Date.now() > flow.expiresAt) {
         session_store_1.sessionStore.deleteAuthCodeFlow(state);
         res.status(400).json({
-            error: "invalid_request",
-            error_description: "Authorization flow expired. Please start again.",
+            error: 'invalid_request',
+            error_description: 'Authorization flow expired. Please start again.',
         });
         return;
     }
@@ -88,8 +88,8 @@ async function callbackHandler(req, res) {
         });
         session_store_1.sessionStore.createSession({
             id: sessionId,
-            mcpAccessToken: "",
-            mcpRefreshToken: "",
+            mcpAccessToken: '',
+            mcpRefreshToken: '',
             mcpTokenExpiry: 0,
             gitlabAccessToken: gitlabTokens.access_token,
             gitlabRefreshToken: gitlabTokens.refresh_token,
@@ -99,34 +99,34 @@ async function callbackHandler(req, res) {
             gitlabApiUrl: flow.selectedInstance ?? config_2.GITLAB_BASE_URL,
             instanceLabel: flow.selectedInstanceLabel,
             clientId: flow.clientId,
-            scopes: ["mcp:tools", "mcp:resources"],
+            scopes: ['mcp:tools', 'mcp:resources'],
             createdAt: now,
             updatedAt: now,
         });
         session_store_1.sessionStore.deleteAuthCodeFlow(state);
-        (0, logger_1.logInfo)("Authorization Code Flow completed successfully", {
+        (0, logger_1.logInfo)('Authorization Code Flow completed successfully', {
             sessionId: (0, logger_1.truncateId)(sessionId),
             userId: userInfo.id,
             username: userInfo.username,
         });
         const redirectUrl = new URL(flow.clientRedirectUri);
-        redirectUrl.searchParams.set("code", mcpAuthCode);
+        redirectUrl.searchParams.set('code', mcpAuthCode);
         if (flow.clientState) {
-            redirectUrl.searchParams.set("state", flow.clientState);
+            redirectUrl.searchParams.set('state', flow.clientState);
         }
-        (0, logger_1.logDebug)("Redirecting to client with authorization code", {
+        (0, logger_1.logDebug)('Redirecting to client with authorization code', {
             redirectUri: flow.clientRedirectUri,
         });
         res.redirect(redirectUrl.toString());
     }
     catch (error) {
-        (0, logger_1.logError)("Failed to complete authorization code flow", { err: error });
+        (0, logger_1.logError)('Failed to complete authorization code flow', { err: error });
         session_store_1.sessionStore.deleteAuthCodeFlow(state);
         const redirectUrl = new URL(flow.clientRedirectUri);
-        redirectUrl.searchParams.set("error", "server_error");
-        redirectUrl.searchParams.set("error_description", error instanceof Error ? error.message : "Failed to complete authorization");
+        redirectUrl.searchParams.set('error', 'server_error');
+        redirectUrl.searchParams.set('error_description', error instanceof Error ? error.message : 'Failed to complete authorization');
         if (flow.clientState) {
-            redirectUrl.searchParams.set("state", flow.clientState);
+            redirectUrl.searchParams.set('state', flow.clientState);
         }
         res.redirect(redirectUrl.toString());
     }

package/dist/src/oauth/endpoints/index.d.ts

@@ -1,5 +1,5 @@
-export { metadataHandler, protectedResourceHandler, getBaseUrl } from "./metadata";
-export { authorizeHandler, pollHandler } from "./authorize";
-export { callbackHandler } from "./callback";
-export { tokenHandler } from "./token";
-export { registerHandler, getRegisteredClient, isValidRedirectUri } from "./register";
+export { metadataHandler, protectedResourceHandler, getBaseUrl } from './metadata';
+export { authorizeHandler, pollHandler } from './authorize';
+export { callbackHandler } from './callback';
+export { tokenHandler } from './token';
+export { registerHandler, getRegisteredClient, isValidRedirectUri } from './register';

package/dist/src/oauth/endpoints/metadata.d.ts

@@ -1,4 +1,4 @@
-import { Request, Response } from "express";
+import { Request, Response } from 'express';
 export declare const MCP_PROTOCOL_VERSION = "2025-03-26";
 export declare function getBaseUrl(req: Request): string;
 export declare function metadataHandler(req: Request, res: Response): void;

package/dist/src/oauth/endpoints/metadata.js

@@ -5,12 +5,12 @@ exports.getBaseUrl = getBaseUrl;
 exports.metadataHandler = metadataHandler;
 exports.protectedResourceHandler = protectedResourceHandler;
 const config_1 = require("../../config");
-exports.MCP_PROTOCOL_VERSION = "2025-03-26";
+exports.MCP_PROTOCOL_VERSION = '2025-03-26';
 function getBaseUrl(req) {
-    const forwardedProto = req.get("x-forwarded-proto");
-    const protocol = forwardedProto ?? req.protocol ?? "http";
-    const forwardedHost = req.get("x-forwarded-host");
-    const host = forwardedHost ?? req.get("host") ?? `${config_1.HOST}:${config_1.PORT}`;
+    const forwardedProto = req.get('x-forwarded-proto');
+    const protocol = forwardedProto ?? req.protocol ?? 'http';
+    const forwardedHost = req.get('x-forwarded-host');
+    const host = forwardedHost ?? req.get('host') ?? `${config_1.HOST}:${config_1.PORT}`;
     return `${protocol}://${host}`;
 }
 function metadataHandler(req, res) {
@@ -19,11 +19,11 @@ function metadataHandler(req, res) {
         issuer: baseUrl,
         authorization_endpoint: `${baseUrl}/authorize`,
         token_endpoint: `${baseUrl}/token`,
-        response_types_supported: ["code"],
-        grant_types_supported: ["authorization_code", "refresh_token"],
-        code_challenge_methods_supported: ["S256"],
-        token_endpoint_auth_methods_supported: ["none"],
-        scopes_supported: ["mcp:tools", "mcp:resources"],
+        response_types_supported: ['code'],
+        grant_types_supported: ['authorization_code', 'refresh_token'],
+        code_challenge_methods_supported: ['S256'],
+        token_endpoint_auth_methods_supported: ['none'],
+        scopes_supported: ['mcp:tools', 'mcp:resources'],
         registration_endpoint: `${baseUrl}/register`,
         mcp_version: exports.MCP_PROTOCOL_VERSION,
     };
@@ -34,8 +34,8 @@ function protectedResourceHandler(req, res) {
     const metadata = {
         resource: baseUrl,
         authorization_servers: [baseUrl],
-        scopes_supported: ["mcp:tools", "mcp:resources"],
-        bearer_methods_supported: ["header"],
+        scopes_supported: ['mcp:tools', 'mcp:resources'],
+        bearer_methods_supported: ['header'],
     };
     res.json(metadata);
 }

package/dist/src/oauth/endpoints/register.d.ts

@@ -1,4 +1,4 @@
-import { Request, Response } from "express";
+import { Request, Response } from 'express';
 interface RegisteredClient {
     client_id: string;
     client_secret?: string;

package/dist/src/oauth/endpoints/register.js

@@ -9,11 +9,11 @@ const registeredClients = new Map();
 async function registerHandler(req, res) {
     try {
         const body = req.body;
-        const { redirect_uris, client_name, token_endpoint_auth_method = "none", grant_types = ["authorization_code", "refresh_token"], response_types = ["code"], } = body;
+        const { redirect_uris, client_name, token_endpoint_auth_method = 'none', grant_types = ['authorization_code', 'refresh_token'], response_types = ['code'], } = body;
         if (!redirect_uris || !Array.isArray(redirect_uris) || redirect_uris.length === 0) {
             res.status(400).json({
-                error: "invalid_client_metadata",
-                error_description: "redirect_uris is required and must be a non-empty array",
+                error: 'invalid_client_metadata',
+                error_description: 'redirect_uris is required and must be a non-empty array',
             });
             return;
         }
@@ -23,7 +23,7 @@ async function registerHandler(req, res) {
             }
             catch {
                 res.status(400).json({
-                    error: "invalid_redirect_uri",
+                    error: 'invalid_redirect_uri',
                     error_description: `Invalid redirect URI: ${uri}`,
                 });
                 return;
@@ -31,7 +31,7 @@ async function registerHandler(req, res) {
         }
         const client_id = (0, crypto_1.randomUUID)();
         let client_secret;
-        if (token_endpoint_auth_method !== "none") {
+        if (token_endpoint_auth_method !== 'none') {
             client_secret = (0, crypto_1.randomUUID)() + (0, crypto_1.randomUUID)();
         }
         const clientData = {
@@ -45,7 +45,7 @@ async function registerHandler(req, res) {
             created_at: Date.now(),
         };
         registeredClients.set(client_id, clientData);
-        (0, logger_1.logInfo)("New OAuth client registered via DCR", {
+        (0, logger_1.logInfo)('New OAuth client registered via DCR', {
             client_id,
             client_name,
             redirect_uris,
@@ -65,10 +65,10 @@ async function registerHandler(req, res) {
         res.status(201).json(response);
     }
     catch (error) {
-        (0, logger_1.logError)("Error in dynamic client registration", { err: error });
+        (0, logger_1.logError)('Error in dynamic client registration', { err: error });
         res.status(500).json({
-            error: "server_error",
-            error_description: "Failed to register client",
+            error: 'server_error',
+            error_description: 'Failed to register client',
         });
     }
 }

package/dist/src/oauth/endpoints/token.d.ts

@@ -1,2 +1,2 @@
-import { Request, Response } from "express";
+import { Request, Response } from 'express';
 export declare function tokenHandler(req: Request, res: Response): Promise<void>;

package/dist/src/oauth/endpoints/token.js

@@ -11,52 +11,52 @@ const request_logger_1 = require("../../utils/request-logger");
 async function tokenHandler(req, res) {
     const config = (0, config_1.loadOAuthConfig)();
     if (!config) {
-        sendError(req, res, 500, "server_error", "OAuth not configured");
+        sendError(req, res, 500, 'server_error', 'OAuth not configured');
         return;
     }
     const { grant_type } = req.body;
     switch (grant_type) {
-        case "authorization_code":
+        case 'authorization_code':
             await handleAuthorizationCode(req, res, config);
             break;
-        case "refresh_token":
+        case 'refresh_token':
             await handleRefreshToken(req, res, config);
             break;
         default:
-            sendError(req, res, 400, "unsupported_grant_type", `Grant type "${grant_type}" is not supported`);
+            sendError(req, res, 400, 'unsupported_grant_type', `Grant type "${grant_type}" is not supported`);
     }
 }
 async function handleAuthorizationCode(req, res, config) {
     const { code, code_verifier, redirect_uri } = req.body;
     if (!code) {
-        sendError(req, res, 400, "invalid_request", "Missing authorization code");
+        sendError(req, res, 400, 'invalid_request', 'Missing authorization code');
         return;
     }
     if (!code_verifier) {
-        sendError(req, res, 400, "invalid_request", "Missing code_verifier (PKCE required)");
+        sendError(req, res, 400, 'invalid_request', 'Missing code_verifier (PKCE required)');
         return;
     }
     const authCode = session_store_1.sessionStore.getAuthCode(code);
     if (!authCode) {
-        sendError(req, res, 400, "invalid_grant", "Invalid or expired authorization code");
+        sendError(req, res, 400, 'invalid_grant', 'Invalid or expired authorization code');
         return;
     }
     if (Date.now() > authCode.expiresAt) {
         session_store_1.sessionStore.deleteAuthCode(code);
-        sendError(req, res, 400, "invalid_grant", "Authorization code has expired");
+        sendError(req, res, 400, 'invalid_grant', 'Authorization code has expired');
         return;
     }
     if (!(0, token_utils_1.verifyCodeChallenge)(code_verifier, authCode.codeChallenge, authCode.codeChallengeMethod)) {
-        sendError(req, res, 400, "invalid_grant", "Invalid code_verifier");
+        sendError(req, res, 400, 'invalid_grant', 'Invalid code_verifier');
         return;
     }
     if (authCode.redirectUri && redirect_uri !== authCode.redirectUri) {
-        sendError(req, res, 400, "invalid_grant", "redirect_uri does not match");
+        sendError(req, res, 400, 'invalid_grant', 'redirect_uri does not match');
         return;
     }
     const session = session_store_1.sessionStore.getSession(authCode.sessionId);
     if (!session) {
-        sendError(req, res, 400, "invalid_grant", "Session not found");
+        sendError(req, res, 400, 'invalid_grant', 'Session not found');
         return;
     }
     const baseUrl = (0, metadata_1.getBaseUrl)(req);
@@ -65,7 +65,7 @@ async function handleAuthorizationCode(req, res, config) {
         sub: session.gitlabUserId.toString(),
         aud: authCode.clientId,
         sid: session.id,
-        scope: session.scopes.join(" "),
+        scope: session.scopes.join(' '),
         gitlab_user: session.gitlabUsername,
     }, config.sessionSecret, config.tokenTtl);
     const refreshToken = (0, token_utils_1.generateRefreshToken)();
@@ -75,28 +75,28 @@ async function handleAuthorizationCode(req, res, config) {
         mcpTokenExpiry: (0, token_utils_1.calculateTokenExpiry)(config.tokenTtl),
     });
     session_store_1.sessionStore.deleteAuthCode(code);
-    (0, logger_1.logInfo)("MCP tokens issued via authorization_code grant", {
+    (0, logger_1.logInfo)('MCP tokens issued via authorization_code grant', {
         sessionId: (0, logger_1.truncateId)(session.id),
         userId: session.gitlabUserId,
     });
     const response = {
         access_token: accessToken,
-        token_type: "Bearer",
+        token_type: 'Bearer',
         expires_in: config.tokenTtl,
         refresh_token: refreshToken,
-        scope: session.scopes.join(" "),
+        scope: session.scopes.join(' '),
     };
     res.json(response);
 }
 async function handleRefreshToken(req, res, config) {
     const { refresh_token } = req.body;
     if (!refresh_token) {
-        sendError(req, res, 400, "invalid_request", "Missing refresh_token");
+        sendError(req, res, 400, 'invalid_request', 'Missing refresh_token');
         return;
     }
     const session = session_store_1.sessionStore.getSessionByRefreshToken(refresh_token);
     if (!session) {
-        sendError(req, res, 400, "invalid_grant", "Invalid refresh token");
+        sendError(req, res, 400, 'invalid_grant', 'Invalid refresh token');
         return;
     }
     let updatedSession = session;
@@ -110,15 +110,15 @@ async function handleRefreshToken(req, res, config) {
             });
             const refreshedSession = session_store_1.sessionStore.getSession(session.id);
             if (!refreshedSession) {
-                sendError(req, res, 400, "invalid_grant", "Session lost during refresh");
+                sendError(req, res, 400, 'invalid_grant', 'Session lost during refresh');
                 return;
             }
             updatedSession = refreshedSession;
-            (0, logger_1.logDebug)("GitLab token refreshed", { sessionId: (0, logger_1.truncateId)(session.id) });
+            (0, logger_1.logDebug)('GitLab token refreshed', { sessionId: (0, logger_1.truncateId)(session.id) });
         }
         catch (error) {
-            (0, logger_1.logError)("Failed to refresh GitLab token", { err: error });
-            sendError(req, res, 400, "invalid_grant", "Failed to refresh underlying GitLab token");
+            (0, logger_1.logError)('Failed to refresh GitLab token', { err: error });
+            sendError(req, res, 400, 'invalid_grant', 'Failed to refresh underlying GitLab token');
             return;
         }
     }
@@ -128,7 +128,7 @@ async function handleRefreshToken(req, res, config) {
         sub: updatedSession.gitlabUserId.toString(),
         aud: updatedSession.clientId,
         sid: updatedSession.id,
-        scope: updatedSession.scopes.join(" "),
+        scope: updatedSession.scopes.join(' '),
         gitlab_user: updatedSession.gitlabUsername,
     }, config.sessionSecret, config.tokenTtl);
     const newRefreshToken = (0, token_utils_1.generateRefreshToken)();
@@ -137,23 +137,23 @@ async function handleRefreshToken(req, res, config) {
         mcpRefreshToken: newRefreshToken,
         mcpTokenExpiry: (0, token_utils_1.calculateTokenExpiry)(config.tokenTtl),
     });
-    (0, logger_1.logInfo)("MCP tokens refreshed via refresh_token grant", {
+    (0, logger_1.logInfo)('MCP tokens refreshed via refresh_token grant', {
         sessionId: (0, logger_1.truncateId)(updatedSession.id),
         userId: updatedSession.gitlabUserId,
     });
     const response = {
         access_token: accessToken,
-        token_type: "Bearer",
+        token_type: 'Bearer',
         expires_in: config.tokenTtl,
         refresh_token: newRefreshToken,
-        scope: updatedSession.scopes.join(" "),
+        scope: updatedSession.scopes.join(' '),
     };
     res.json(response);
 }
 function sendError(req, res, status, error, description) {
-    (0, logger_1.logWarn)("OAuth token request failed", {
-        event: "oauth_error",
-        endpoint: "/token",
+    (0, logger_1.logWarn)('OAuth token request failed', {
+        event: 'oauth_error',
+        endpoint: '/token',
         ip: (0, request_logger_1.getIpAddress)(req),
         error,
         description,

package/dist/src/oauth/gitlab-device-flow.d.ts

@@ -1,5 +1,5 @@
-import { OAuthConfig } from "./config";
-import { GitLabDeviceResponse, GitLabTokenResponse, GitLabUserInfo } from "./types";
+import { OAuthConfig } from './config';
+import { GitLabDeviceResponse, GitLabTokenResponse, GitLabUserInfo } from './types';
 export declare function initiateDeviceFlow(config: OAuthConfig): Promise<GitLabDeviceResponse>;
 export declare function pollDeviceFlowOnce(deviceCode: string, config: OAuthConfig): Promise<GitLabTokenResponse | null>;
 export declare function pollForToken(deviceCode: string, config: OAuthConfig, onPending?: () => void): Promise<GitLabTokenResponse>;