@trops/dash-core 0.1.337 → 0.1.340
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/mcp/servers/google-drive.js +20 -10
- package/package.json +2 -2
|
@@ -4,9 +4,9 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Tools: search, list_folder, create_folder, read_file, write_file, resolve_path
|
|
6
6
|
*
|
|
7
|
-
* OAuth uses PKCE with
|
|
8
|
-
* GCP project setup
|
|
9
|
-
* Drive access via browser.
|
|
7
|
+
* OAuth uses PKCE with bundled app credentials (client_id + obfuscated
|
|
8
|
+
* client_secret). No per-user GCP project setup — users just click
|
|
9
|
+
* "Connect Google Drive" to grant access via browser.
|
|
10
10
|
*
|
|
11
11
|
* Usage:
|
|
12
12
|
* MCP server: node google-drive.js (stdio transport)
|
|
@@ -33,17 +33,25 @@ const credentialsPath = (process.env.GDRIVE_CREDENTIALS_PATH || "").replace(
|
|
|
33
33
|
process.env.HOME || "",
|
|
34
34
|
);
|
|
35
35
|
|
|
36
|
-
// Bundled OAuth
|
|
37
|
-
//
|
|
38
|
-
//
|
|
39
|
-
//
|
|
36
|
+
// Bundled OAuth credentials for the Dash platform's GCP project.
|
|
37
|
+
// client_id is public (identifier, not a secret).
|
|
38
|
+
// client_secret is injected at build time from GitHub Secrets — the
|
|
39
|
+
// placeholder below is replaced in dist/ during `npm run build`.
|
|
40
|
+
// Desktop OAuth client_secrets are not confidential per Google's docs —
|
|
41
|
+
// the consent screen is the security boundary, not this value.
|
|
40
42
|
const BUNDLED_CLIENT_ID =
|
|
41
43
|
"785070273499-mr9b0vup4u24he8duh3c6j5gpk7qj54j.apps.googleusercontent.com";
|
|
44
|
+
const BUNDLED_CLIENT_SECRET =
|
|
45
|
+
process.env.GDRIVE_CLIENT_SECRET || "__GDRIVE_CLIENT_SECRET__";
|
|
42
46
|
|
|
43
47
|
function getClientId() {
|
|
44
48
|
return BUNDLED_CLIENT_ID;
|
|
45
49
|
}
|
|
46
50
|
|
|
51
|
+
function getClientSecret() {
|
|
52
|
+
return BUNDLED_CLIENT_SECRET;
|
|
53
|
+
}
|
|
54
|
+
|
|
47
55
|
/**
|
|
48
56
|
* Read stored credentials (access_token, refresh_token, expiry_date).
|
|
49
57
|
*/
|
|
@@ -63,9 +71,10 @@ async function getAccessToken() {
|
|
|
63
71
|
return creds.access_token;
|
|
64
72
|
}
|
|
65
73
|
|
|
66
|
-
// Refresh —
|
|
74
|
+
// Refresh token — Google requires client_secret even for desktop apps
|
|
67
75
|
const postData = [
|
|
68
76
|
`client_id=${encodeURIComponent(clientId)}`,
|
|
77
|
+
`client_secret=${encodeURIComponent(getClientSecret())}`,
|
|
69
78
|
`refresh_token=${encodeURIComponent(creds.refresh_token)}`,
|
|
70
79
|
"grant_type=refresh_token",
|
|
71
80
|
].join("&");
|
|
@@ -291,7 +300,7 @@ if (process.argv[2] === "auth") {
|
|
|
291
300
|
|
|
292
301
|
const scopes = ["https://www.googleapis.com/auth/drive"];
|
|
293
302
|
|
|
294
|
-
// PKCE: generate code verifier + challenge (
|
|
303
|
+
// PKCE: generate code verifier + challenge (additional security layer)
|
|
295
304
|
const codeVerifier = crypto.randomBytes(32).toString("base64url");
|
|
296
305
|
const codeChallenge = crypto
|
|
297
306
|
.createHash("sha256")
|
|
@@ -310,10 +319,11 @@ if (process.argv[2] === "auth") {
|
|
|
310
319
|
return;
|
|
311
320
|
}
|
|
312
321
|
|
|
313
|
-
// Exchange code for tokens
|
|
322
|
+
// Exchange code for tokens (PKCE code_verifier + client_secret)
|
|
314
323
|
const postData = [
|
|
315
324
|
`code=${encodeURIComponent(code)}`,
|
|
316
325
|
`client_id=${encodeURIComponent(clientId)}`,
|
|
326
|
+
`client_secret=${encodeURIComponent(getClientSecret())}`,
|
|
317
327
|
`code_verifier=${encodeURIComponent(codeVerifier)}`,
|
|
318
328
|
`redirect_uri=${encodeURIComponent(redirectUri)}`,
|
|
319
329
|
`grant_type=authorization_code`,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@trops/dash-core",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.340",
|
|
4
4
|
"description": "Core framework for Dash dashboard applications",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.esm.js",
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"scripts": {
|
|
20
20
|
"build": "npm run build:renderer && npm run build:electron",
|
|
21
21
|
"build:renderer": "rollup -c rollup.config.renderer.mjs",
|
|
22
|
-
"build:electron": "rollup -c rollup.config.electron.mjs && mkdir -p dist/mcp && cp electron/mcp/mcpServerCatalog.json dist/mcp/ && rm -rf dist/mcp/servers && cp -r electron/mcp/servers dist/mcp/",
|
|
22
|
+
"build:electron": "rollup -c rollup.config.electron.mjs && mkdir -p dist/mcp && cp electron/mcp/mcpServerCatalog.json dist/mcp/ && rm -rf dist/mcp/servers && cp -r electron/mcp/servers dist/mcp/ && node scripts/inject-secrets.js",
|
|
23
23
|
"clean": "rm -rf dist",
|
|
24
24
|
"prepublishOnly": "npm run clean && npm run build",
|
|
25
25
|
"test:mcp": "node --test electron/controller/mcpController.test.js electron/mcp/mcpServerCatalog.test.js",
|