@tgai96/outlook-mcp 1.0.0

package/auth/token-manager.js

@@ -0,0 +1,139 @@
+/**
+ * Token management for Microsoft Graph API authentication
+ */
+const fs = require('fs');
+const path = require('path');
+const config = require('../config');
+
+// Global variable to store tokens
+let cachedTokens = null;
+
+/**
+ * Loads authentication tokens from the token file
+ * @returns {object|null} - The loaded tokens or null if not available
+ */
+function loadTokenCache() {
+  try {
+    const tokenPath = config.AUTH_CONFIG.tokenStorePath;
+    console.error(`[DEBUG] Attempting to load tokens from: ${tokenPath}`);
+    console.error(`[DEBUG] HOME directory: ${process.env.HOME}`);
+    console.error(`[DEBUG] Full resolved path: ${tokenPath}`);
+    
+    // Log file existence and details
+    if (!fs.existsSync(tokenPath)) {
+      console.error('[DEBUG] Token file does not exist');
+      return null;
+    }
+    
+    const stats = fs.statSync(tokenPath);
+    console.error(`[DEBUG] Token file stats:
+      Size: ${stats.size} bytes
+      Created: ${stats.birthtime}
+      Modified: ${stats.mtime}`);
+    
+    const tokenData = fs.readFileSync(tokenPath, 'utf8');
+    console.error('[DEBUG] Token file contents length:', tokenData.length);
+    console.error('[DEBUG] Token file first 200 characters:', tokenData.slice(0, 200));
+    
+    try {
+      const tokens = JSON.parse(tokenData);
+      console.error('[DEBUG] Parsed tokens keys:', Object.keys(tokens));
+      
+      // Log each key's value to see what's present
+      Object.keys(tokens).forEach(key => {
+        console.error(`[DEBUG] ${key}: ${typeof tokens[key]}`);
+      });
+      
+      // Check for access token presence
+      if (!tokens.access_token) {
+        console.error('[DEBUG] No access_token found in tokens');
+        return null;
+      }
+      
+      // Check token expiration
+      const now = Date.now();
+      const expiresAt = tokens.expires_at || 0;
+      
+      console.error(`[DEBUG] Current time: ${now}`);
+      console.error(`[DEBUG] Token expires at: ${expiresAt}`);
+      
+      if (now > expiresAt) {
+        console.error('[DEBUG] Token has expired');
+        return null;
+      }
+      
+      // Update the cache
+      cachedTokens = tokens;
+      return tokens;
+    } catch (parseError) {
+      console.error('[DEBUG] Error parsing token JSON:', parseError);
+      return null;
+    }
+  } catch (error) {
+    console.error('[DEBUG] Error loading token cache:', error);
+    return null;
+  }
+}
+
+/**
+ * Saves authentication tokens to the token file
+ * @param {object} tokens - The tokens to save
+ * @returns {boolean} - Whether the save was successful
+ */
+function saveTokenCache(tokens) {
+  try {
+    const tokenPath = config.AUTH_CONFIG.tokenStorePath;
+    console.error(`Saving tokens to: ${tokenPath}`);
+    
+    // Ensure the directory exists
+    const tokenDir = path.dirname(tokenPath);
+    if (!fs.existsSync(tokenDir)) {
+      fs.mkdirSync(tokenDir, { recursive: true });
+    }
+    
+    fs.writeFileSync(tokenPath, JSON.stringify(tokens, null, 2));
+    console.error('Tokens saved successfully');
+    
+    // Update the cache
+    cachedTokens = tokens;
+    return true;
+  } catch (error) {
+    console.error('Error saving token cache:', error);
+    return false;
+  }
+}
+
+/**
+ * Gets the current access token, loading from cache if necessary
+ * @returns {string|null} - The access token or null if not available
+ */
+function getAccessToken() {
+  if (cachedTokens && cachedTokens.access_token) {
+    return cachedTokens.access_token;
+  }
+  
+  const tokens = loadTokenCache();
+  return tokens ? tokens.access_token : null;
+}
+
+/**
+ * Creates a test access token for use in test mode
+ * @returns {object} - The test tokens
+ */
+function createTestTokens() {
+  const testTokens = {
+    access_token: "test_access_token_" + Date.now(),
+    refresh_token: "test_refresh_token_" + Date.now(),
+    expires_at: Date.now() + (3600 * 1000) // 1 hour
+  };
+  
+  saveTokenCache(testTokens);
+  return testTokens;
+}
+
+module.exports = {
+  loadTokenCache,
+  saveTokenCache,
+  getAccessToken,
+  createTestTokens
+};

package/auth/token-storage.js

@@ -0,0 +1,317 @@
+const fs = require('fs').promises;
+const path = require('path');
+const https = require('https');
+const querystring = require('querystring');
+
+class TokenStorage {
+  constructor(config) {
+    this.config = {
+      tokenStorePath: path.join(process.env.HOME || process.env.USERPROFILE || '/tmp', '.outlook-mcp', 'tokens.json'),
+      clientId: process.env.MS_CLIENT_ID,
+      redirectUri: process.env.MS_REDIRECT_URI || 'http://localhost:3333/auth/callback',
+      scopes: (process.env.MS_SCOPES || 'offline_access User.Read Mail.Read').split(' '),
+      tokenEndpoint: process.env.MS_TOKEN_ENDPOINT || 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
+      refreshTokenBuffer: 5 * 60 * 1000, // 5 minutes buffer for token refresh
+      ...config // Allow overriding default config
+    };
+    this.tokens = null;
+    this._loadPromise = null;
+    this._refreshPromise = null;
+
+    if (!this.config.clientId) {
+      console.warn("TokenStorage: MS_CLIENT_ID is not configured. Token operations might fail.");
+    }
+  }
+
+  async _loadTokensFromFile() {
+    try {
+      const tokenData = await fs.readFile(this.config.tokenStorePath, 'utf8');
+      this.tokens = JSON.parse(tokenData);
+      console.error('Tokens loaded from file.');
+      return this.tokens;
+    } catch (error) {
+      if (error.code === 'ENOENT') {
+        console.error('Token file not found. No tokens loaded.');
+      } else {
+        console.error('Error loading token cache:', error);
+      }
+      this.tokens = null;
+      return null;
+    }
+  }
+
+  async _saveTokensToFile() {
+    if (!this.tokens) {
+      console.warn('No tokens to save.');
+      return false;
+    }
+    try {
+      // Ensure the directory exists
+      const tokenDir = path.dirname(this.config.tokenStorePath);
+      await fs.mkdir(tokenDir, { recursive: true });
+      
+      await fs.writeFile(this.config.tokenStorePath, JSON.stringify(this.tokens, null, 2));
+      console.error('Tokens saved successfully.');
+      // return true; // No longer returning boolean, will throw on error.
+    } catch (error) {
+      console.error('Error saving token cache:', error);
+      throw error; // Propagate the error
+    }
+  }
+
+  async getTokens() {
+    if (this.tokens) {
+      return this.tokens;
+    }
+    if (!this._loadPromise) {
+        this._loadPromise = this._loadTokensFromFile().finally(() => {
+            this._loadPromise = null; // Reset promise once completed
+        });
+    }
+    return this._loadPromise;
+  }
+
+  getExpiryTime() {
+    return this.tokens && this.tokens.expires_at ? this.tokens.expires_at : 0;
+  }
+
+  isTokenExpired() {
+    if (!this.tokens || !this.tokens.expires_at) {
+      return true; // No token or no expiry means it's effectively expired or invalid
+    }
+    // Check if current time is past expiry time, considering a buffer
+    return Date.now() >= (this.tokens.expires_at - this.config.refreshTokenBuffer);
+  }
+
+  async getValidAccessToken() {
+    await this.getTokens(); // Ensure tokens are loaded
+
+    if (!this.tokens || !this.tokens.access_token) {
+      console.error('[TokenStorage] No access token available.');
+      return null;
+    }
+
+    if (this.isTokenExpired()) {
+      console.error('[TokenStorage] Access token expired or nearing expiration. Attempting refresh.');
+      console.error(`[TokenStorage] Client ID configured: ${this.config.clientId ? 'YES' : 'NO'}`);
+      if (this.tokens.refresh_token) {
+        try {
+          return await this.refreshAccessToken();
+        } catch (refreshError) {
+          console.error('[TokenStorage] Failed to refresh access token:', refreshError.message);
+          this.tokens = null; // Invalidate tokens on refresh failure
+          await this._saveTokensToFile(); // Persist invalidation
+          return null;
+        }
+      } else {
+        console.error('[TokenStorage] No refresh token available. Cannot refresh access token.');
+        this.tokens = null; // Invalidate tokens as they are expired and cannot be refreshed
+        await this._saveTokensToFile(); // Persist invalidation
+        return null;
+      }
+    }
+    console.error('[TokenStorage] Access token is still valid');
+    return this.tokens.access_token;
+  }
+
+  async refreshAccessToken() {
+    if (!this.tokens || !this.tokens.refresh_token) {
+      throw new Error('No refresh token available to refresh the access token.');
+    }
+
+    if (!this.config.clientId) {
+      throw new Error('MS_CLIENT_ID is not configured. Cannot refresh access token.');
+    }
+
+    // Prevent multiple concurrent refresh attempts
+    if (this._refreshPromise) {
+        console.error("[TokenStorage] Refresh already in progress, returning existing promise.");
+        return this._refreshPromise.then(tokens => tokens.access_token);
+    }
+
+    console.error('[TokenStorage] Attempting to refresh access token...');
+    console.error(`[TokenStorage] Using client ID: ${this.config.clientId.substring(0, 8)}...`);
+    
+    // Use scopes from existing token if available (preserves original permissions),
+    // otherwise use config scopes. This ensures we don't lose permissions on refresh.
+    let refreshScopes = this.config.scopes;
+    if (this.tokens.scope) {
+      // If token has scope as string, use it; if array, join it
+      refreshScopes = typeof this.tokens.scope === 'string' 
+        ? this.tokens.scope.split(' ') 
+        : this.tokens.scope;
+      console.error(`[TokenStorage] Using scopes from existing token: ${refreshScopes.join(' ')}`);
+    } else {
+      console.error(`[TokenStorage] Using scopes from config: ${refreshScopes.join(' ')}`);
+    }
+    
+    // For public clients (PKCE), refresh tokens don't require client_secret
+    const postData = querystring.stringify({
+      client_id: this.config.clientId,
+      grant_type: 'refresh_token',
+      refresh_token: this.tokens.refresh_token,
+      scope: refreshScopes.join(' ')
+    });
+
+    const requestOptions = {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Content-Length': Buffer.byteLength(postData)
+      }
+    };
+
+    this._refreshPromise = new Promise((resolve, reject) => {
+        const req = https.request(this.config.tokenEndpoint, requestOptions, (res) => {
+            let data = '';
+            res.on('data', (chunk) => data += chunk);
+            res.on('end', async () => {
+                try {
+                    const responseBody = JSON.parse(data);
+                    const statusCode = res.statusCode || 500;
+                    if (statusCode >= 200 && statusCode < 300) {
+                        this.tokens.access_token = responseBody.access_token;
+                        // Microsoft Graph API refresh tokens may or may not return a new refresh_token
+                        if (responseBody.refresh_token) {
+                            this.tokens.refresh_token = responseBody.refresh_token;
+                        }
+                        this.tokens.expires_in = responseBody.expires_in;
+                        this.tokens.expires_at = Date.now() + (responseBody.expires_in * 1000);
+                        try {
+                            await this._saveTokensToFile();
+                            console.error('Access token refreshed and saved successfully.');
+                            resolve(this.tokens);
+                        } catch (saveError) {
+                            console.error('Failed to save refreshed tokens:', saveError);
+                            // Even if save fails, tokens are updated in memory.
+                            // Depending on desired strictness, could reject here.
+                            // For now, resolve with in-memory tokens but log critical error.
+                            // Or, to be stricter and align with re-throwing:
+                            reject(new Error(`Access token refreshed but failed to save: ${saveError.message}`));
+                        }
+                    } else {
+                        console.error('Error refreshing token:', responseBody);
+                        reject(new Error(responseBody.error_description || `Token refresh failed with status ${statusCode}`));
+                    }
+                } catch (e) { // Catch any error during parsing or saving
+                    console.error('Error processing refresh token response or saving tokens:', e);
+                    reject(e);
+                } finally {
+                    this._refreshPromise = null; // Clear promise after completion
+                }
+            });
+        });
+        req.on('error', (error) => {
+            console.error('HTTP error during token refresh:', error);
+            reject(error);
+            this._refreshPromise = null; // Clear promise on error
+        });
+        req.write(postData);
+        req.end();
+    });
+
+    return this._refreshPromise.then(tokens => tokens.access_token);
+  }
+
+
+  async exchangeCodeForTokens(authCode, codeVerifier = null) {
+    if (!this.config.clientId) {
+        throw new Error("Client ID is not configured. Cannot exchange code for tokens.");
+    }
+    console.error('Exchanging authorization code for tokens...');
+    
+    // Build token exchange request - use PKCE if codeVerifier is provided, otherwise assume client_secret (for backward compatibility)
+    const tokenData = {
+      client_id: this.config.clientId,
+      grant_type: 'authorization_code',
+      code: authCode,
+      redirect_uri: this.config.redirectUri
+    };
+    
+    // For PKCE (public client), use code_verifier instead of client_secret
+    if (codeVerifier) {
+      tokenData.code_verifier = codeVerifier;
+    } else {
+      // Fallback for confidential clients (if client_secret is still configured)
+      const clientSecret = process.env.MS_CLIENT_SECRET;
+      if (clientSecret) {
+        tokenData.client_secret = clientSecret;
+      } else {
+        throw new Error("Either code_verifier (for PKCE) or client_secret must be provided for token exchange.");
+      }
+    }
+    
+    const postData = querystring.stringify(tokenData);
+
+    const requestOptions = {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Content-Length': Buffer.byteLength(postData)
+      }
+    };
+
+    return new Promise((resolve, reject) => {
+      const req = https.request(this.config.tokenEndpoint, requestOptions, (res) => {
+        let data = '';
+        res.on('data', (chunk) => data += chunk);
+        res.on('end', async () => {
+          try {
+            const responseBody = JSON.parse(data);
+            const statusCode = res.statusCode || 500;
+            if (statusCode >= 200 && statusCode < 300) {
+              this.tokens = {
+                access_token: responseBody.access_token,
+                refresh_token: responseBody.refresh_token,
+                expires_in: responseBody.expires_in,
+                expires_at: Date.now() + (responseBody.expires_in * 1000),
+                scope: responseBody.scope,
+                token_type: responseBody.token_type
+              };
+              try {
+                await this._saveTokensToFile();
+                console.error('Tokens exchanged and saved successfully.');
+                resolve(this.tokens);
+              } catch (saveError) {
+                console.error('Failed to save exchanged tokens:', saveError);
+                // Similar to refresh, tokens are in memory but not persisted.
+                // Rejecting to indicate the operation wasn't fully successful.
+                reject(new Error(`Tokens exchanged but failed to save: ${saveError.message}`));
+              }
+            } else {
+              console.error('Error exchanging code for tokens:', responseBody);
+              reject(new Error(responseBody.error_description || `Token exchange failed with status ${statusCode}`));
+            }
+          } catch (e) { // Catch any error during parsing or saving
+            console.error('Error processing token exchange response or saving tokens:', e, "Raw data:", data);
+            reject(new Error(`Error processing token response: ${e.message}. Response data: ${data}`));
+          }
+        });
+      });
+      req.on('error', (error) => {
+        console.error('HTTP error during code exchange:', error);
+        reject(error);
+      });
+      req.write(postData);
+      req.end();
+    });
+  }
+
+  // Utility to clear tokens, e.g., for logout or forcing re-auth
+  async clearTokens() {
+    this.tokens = null;
+    try {
+      await fs.unlink(this.config.tokenStorePath);
+      console.error('Token file deleted successfully.');
+    } catch (error) {
+      if (error.code === 'ENOENT') {
+        console.error('Token file not found, nothing to delete.');
+      } else {
+        console.error('Error deleting token file:', error);
+      }
+    }
+  }
+}
+
+module.exports = TokenStorage;
+// Adding a newline at the end of the file as requested by Gemini Code Assist

package/auth/tools.js

@@ -0,0 +1,171 @@
+/**
+ * Authentication-related tools for the Outlook MCP server
+ */
+const config = require('../config');
+const tokenManager = require('./token-manager');
+const { ensureAuthenticated, tokenStorage } = require('./index');
+
+/**
+ * About tool handler
+ * @returns {object} - MCP response
+ */
+async function handleAbout() {
+  return {
+    content: [{
+      type: "text",
+      text: `📧 MODULAR Outlook Assistant MCP Server v${config.SERVER_VERSION} 📧\n\nProvides access to Microsoft Outlook email, calendar, and contacts through Microsoft Graph API.\nImplemented with a modular architecture for improved maintainability.`
+    }]
+  };
+}
+
+/**
+ * Authentication tool handler
+ * @param {object} args - Tool arguments
+ * @returns {object} - MCP response
+ */
+async function handleAuthenticate(args) {
+  const force = args && args.force === true;
+  
+  // For test mode, create a test token
+  if (config.USE_TEST_MODE) {
+    // Create a test token with a 1-hour expiry
+    tokenManager.createTestTokens();
+    
+    return {
+      content: [{
+        type: "text",
+        text: 'Successfully authenticated with Microsoft Graph API (test mode)'
+      }]
+    };
+  }
+  
+  // If not forcing, try to get a valid token first (will auto-refresh if needed)
+  if (!force) {
+    try {
+      const accessToken = await ensureAuthenticated();
+      if (accessToken) {
+        console.error('[AUTHENTICATE] Successfully obtained valid access token (may have been refreshed)');
+        return {
+          content: [{
+            type: "text",
+            text: 'Successfully authenticated with Microsoft Graph API. Access token is valid and ready to use.'
+          }]
+        };
+      }
+    } catch (error) {
+      console.error('[AUTHENTICATE] Failed to get valid token:', error.message);
+      // Continue to show auth URL if token refresh failed
+    }
+  }
+  
+  // If force=true or token refresh failed, generate an auth URL and instruct the user to visit it
+  const authUrl = `${config.AUTH_CONFIG.authServerUrl}/auth?client_id=${config.AUTH_CONFIG.clientId}`;
+  
+  return {
+    content: [{
+      type: "text",
+      text: `Authentication required. Please visit the following URL to authenticate with Microsoft: ${authUrl}\n\nAfter authentication, you will be redirected back to this application.`
+    }]
+  };
+}
+
+/**
+ * Check authentication status tool handler
+ * @returns {object} - MCP response
+ */
+async function handleCheckAuthStatus() {
+  console.error('[CHECK-AUTH-STATUS] Starting authentication status check');
+  
+  const tokens = tokenManager.loadTokenCache();
+  
+  console.error(`[CHECK-AUTH-STATUS] Tokens loaded: ${tokens ? 'YES' : 'NO'}`);
+  
+  if (!tokens || !tokens.access_token) {
+    console.error('[CHECK-AUTH-STATUS] No valid access token found');
+    return {
+      content: [{ type: "text", text: "Not authenticated" }]
+    };
+  }
+  
+  console.error('[CHECK-AUTH-STATUS] Access token present');
+  
+  // Format timestamps in human-readable format
+  const now = Date.now();
+  const expiresAt = tokens.expires_at || 0;
+  const currentTime = new Date(now).toLocaleString();
+  const expiresTime = new Date(expiresAt).toLocaleString();
+  
+  // Calculate time until expiration
+  const timeUntilExpiry = expiresAt - now;
+  const minutesUntilExpiry = Math.floor(timeUntilExpiry / (1000 * 60));
+  const hoursUntilExpiry = Math.floor(minutesUntilExpiry / 60);
+  const daysUntilExpiry = Math.floor(hoursUntilExpiry / 24);
+  
+  let expiryMessage;
+  if (timeUntilExpiry < 0) {
+    expiryMessage = 'EXPIRED';
+  } else if (daysUntilExpiry > 0) {
+    expiryMessage = `${daysUntilExpiry} day(s) and ${hoursUntilExpiry % 24} hour(s) from now`;
+  } else if (hoursUntilExpiry > 0) {
+    expiryMessage = `${hoursUntilExpiry} hour(s) and ${minutesUntilExpiry % 60} minute(s) from now`;
+  } else {
+    expiryMessage = `${minutesUntilExpiry} minute(s) from now`;
+  }
+  
+  console.error(`[CHECK-AUTH-STATUS] Current time: ${currentTime}`);
+  console.error(`[CHECK-AUTH-STATUS] Token expires at: ${expiresTime} (${expiryMessage})`);
+  
+  const statusText = timeUntilExpiry < 0 
+    ? `Authenticated but token has expired. Will auto-refresh on next use.`
+    : `Authenticated and ready. Token expires ${expiryMessage}.`;
+  
+  return {
+    content: [{ type: "text", text: statusText }]
+  };
+}
+
+// Tool definitions
+const authTools = [
+  {
+    name: "about",
+    description: "Returns information about this Outlook Assistant server",
+    inputSchema: {
+      type: "object",
+      properties: {},
+      required: []
+    },
+    handler: handleAbout
+  },
+  {
+    name: "authenticate",
+    description: "Authenticate with Microsoft Graph API to access Outlook data",
+    inputSchema: {
+      type: "object",
+      properties: {
+        force: {
+          type: "boolean",
+          description: "Force re-authentication even if already authenticated"
+        }
+      },
+      required: []
+    },
+    handler: handleAuthenticate
+  },
+  {
+    name: "check-auth-status",
+    description: "Check the current authentication status with Microsoft Graph API",
+    inputSchema: {
+      type: "object",
+      properties: {},
+      required: []
+    },
+    handler: handleCheckAuthStatus
+  }
+];
+
+module.exports = {
+  authTools,
+  handleAbout,
+  handleAuthenticate,
+  handleCheckAuthStatus
+};

package/calendar/accept.js

@@ -0,0 +1,64 @@
+/**
+ * Accept event functionality
+ */
+const { callGraphAPI } = require('../utils/graph-api');
+const { ensureAuthenticated } = require('../auth');
+
+/**
+ * Accept event handler
+ * @param {object} args - Tool arguments
+ * @returns {object} - MCP response
+ */
+async function handleAcceptEvent(args) {
+  const { eventId, comment } = args;
+
+  if (!eventId) {
+    return {
+      content: [{
+        type: "text",
+        text: "Event ID is required to accept an event."
+      }]
+    };
+  }
+
+  try {
+    // Get access token
+    const accessToken = await ensureAuthenticated();
+
+    // Build API endpoint
+    const endpoint = `me/events/${eventId}/accept`;
+
+    // Request body
+    const body = {
+      comment: comment || "Accepted via API"
+    };
+
+    // Make API call
+    await callGraphAPI(accessToken, 'POST', endpoint, body);
+
+    return {
+      content: [{
+        type: "text",
+        text: `Event with ID ${eventId} has been successfully accepted.`
+      }]
+    };
+  } catch (error) {
+    if (error.message === 'Authentication required') {
+      return {
+        content: [{
+          type: "text",
+          text: "Authentication required. Please use the 'authenticate' tool first."
+        }]
+      };
+    }
+
+    return {
+      content: [{
+        type: "text",
+        text: `Error accepting event: ${error.message}`
+      }]
+    };
+  }
+}
+
+module.exports = handleAcceptEvent;