@waishnav/devspace 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +103 -29
- package/dist/cli.js +5 -2
- package/dist/db/client.js +10 -3
- package/dist/db/migrations.js +123 -0
- package/dist/db/schema.js +24 -1
- package/dist/oauth-provider.js +35 -64
- package/dist/oauth-store.js +138 -0
- package/dist/server.js +23 -4
- package/dist/ui/.vite/manifest.json +281 -281
- package/dist/ui/assets/{angular-html-B_77pPm_.js → angular-html-Dj4LysSE.js} +1 -1
- package/dist/ui/assets/{angular-ts-tGBi7sOr.js → angular-ts-CxuC_FFh.js} +1 -1
- package/dist/ui/assets/{apl-CtVPpGgP.js → apl-RwuvNFFo.js} +1 -1
- package/dist/ui/assets/{astro-CALPYvnG.js → astro-ncoaUbsO.js} +1 -1
- package/dist/ui/assets/{blade-Bh4eBXdk.js → blade-Dw8-Lzux.js} +1 -1
- package/dist/ui/assets/{c-BGkebjQE.js → c-Dpbbo_f2.js} +1 -1
- package/dist/ui/assets/{cobol-f7rP2PjR.js → cobol-4ddX3THy.js} +1 -1
- package/dist/ui/assets/{coffee-E4OhMc7W.js → coffee-Bn-a5KqK.js} +1 -1
- package/dist/ui/assets/{cpp-Cr_J6lB2.js → cpp-DoRrlM_T.js} +1 -1
- package/dist/ui/assets/{crystal-B_TFXhon.js → crystal-DiZfCxn-.js} +1 -1
- package/dist/ui/assets/{css-DDMxq-4J.js → css-DiQoSjDH.js} +1 -1
- package/dist/ui/assets/{edge-Bxqhgg5I.js → edge-wEhCUoEt.js} +1 -1
- package/dist/ui/assets/{elixir-WrSbgJJ1.js → elixir-C3obhm0H.js} +1 -1
- package/dist/ui/assets/{elm-BXBWJ4Kz.js → elm-DyTBfh1L.js} +1 -1
- package/dist/ui/assets/{erb-D0iMw9rO.js → erb-f4TnXRuY.js} +1 -1
- package/dist/ui/assets/{git-rebase-BOrZ-_iR.js → git-rebase-vhZbWNfp.js} +1 -1
- package/dist/ui/assets/{glimmer-js-PCWk96O8.js → glimmer-js-BG7puL6Y.js} +1 -1
- package/dist/ui/assets/{glimmer-ts-4pYwX8pC.js → glimmer-ts-CNCfLLL1.js} +1 -1
- package/dist/ui/assets/{glsl-CDyKZvZX.js → glsl-DhT76AL5.js} +1 -1
- package/dist/ui/assets/{graphql-8sIw92YT.js → graphql-CJX08w8y.js} +1 -1
- package/dist/ui/assets/{hack-Ci96Zcew.js → hack-DY4NGCCL.js} +1 -1
- package/dist/ui/assets/{haml-4uzh6End.js → haml-DwSkmVcG.js} +1 -1
- package/dist/ui/assets/{handlebars-B6Eq7QV8.js → handlebars-CQ_1dEmi.js} +1 -1
- package/dist/ui/assets/{heavy-payload--bwRtRpo.js → heavy-payload-2rGBiitA.js} +1 -1
- package/dist/ui/assets/{html-C29wL7bm.js → html-B_e3Njif.js} +1 -1
- package/dist/ui/assets/{html-derivative-Cmd90ilz.js → html-derivative-_nHZ_Bk-.js} +1 -1
- package/dist/ui/assets/{http-Bdr_R0Kw.js → http-CfcvPIru.js} +1 -1
- package/dist/ui/assets/{hurl-CiTPn-zH.js → hurl-9vWDQIMO.js} +1 -1
- package/dist/ui/assets/{java-C03kBuJH.js → java-C4S5r6L5.js} +1 -1
- package/dist/ui/assets/{javascript-135g9Wwx.js → javascript-BRwqbMMC.js} +1 -1
- package/dist/ui/assets/{jinja-CPpiEHqV.js → jinja-DHxzMMc5.js} +1 -1
- package/dist/ui/assets/{jison-qabCQzwp.js → jison-B1DqeWXb.js} +1 -1
- package/dist/ui/assets/{json-CtRj9Trp.js → json-DcFTkEdd.js} +1 -1
- package/dist/ui/assets/{jsx-Ccuy5Wm3.js → jsx-DgfmYa9f.js} +1 -1
- package/dist/ui/assets/{julia-Fwya-MwM.js → julia-3M8SJ8iF.js} +1 -1
- package/dist/ui/assets/{just-c9YEH7Gf.js → just-UyH7_DNz.js} +1 -1
- package/dist/ui/assets/{latex-D9xoD6UX.js → latex-wUbha6EX.js} +1 -1
- package/dist/ui/assets/{liquid-BKZLZSHN.js → liquid-DqNTB9kN.js} +1 -1
- package/dist/ui/assets/{lua-CBD2zNyC.js → lua-DrEQ1QTW.js} +1 -1
- package/dist/ui/assets/{marko-Dkgf9bj3.js → marko-B3GJw9Md.js} +1 -1
- package/dist/ui/assets/{mdc-BUgUKiX3.js → mdc-BnThk82m.js} +1 -1
- package/dist/ui/assets/{nginx-CAaav4Zh.js → nginx-B5IeSsOX.js} +1 -1
- package/dist/ui/assets/{nim-CTjWWztL.js → nim-BJraatnS.js} +1 -1
- package/dist/ui/assets/{perl-DTM5zgH4.js → perl-BAhrR4gt.js} +1 -1
- package/dist/ui/assets/{php-dqfFDbWm.js → php-BKRCk_wX.js} +1 -1
- package/dist/ui/assets/{pug-4f_clTm2.js → pug-B8gmSV7z.js} +1 -1
- package/dist/ui/assets/{qml-BFeWjFRL.js → qml-DKrxIjHR.js} +1 -1
- package/dist/ui/assets/{r-ei1iNvHm.js → r-YASBZvTH.js} +1 -1
- package/dist/ui/assets/{razor-jj95jncJ.js → razor-P-XFZqh6.js} +1 -1
- package/dist/ui/assets/{regexp-0joUf3Cn.js → regexp-CCpiH6nO.js} +1 -1
- package/dist/ui/assets/{review-payload-DxI2fTnP.js → review-payload-BLYwg6t8.js} +1 -1
- package/dist/ui/assets/{rst-BMbcN8--.js → rst-CFAzckbn.js} +1 -1
- package/dist/ui/assets/{ruby-BQx0xtOB.js → ruby-Dyp_Rx-S.js} +1 -1
- package/dist/ui/assets/{sas-C_Fl1EyP.js → sas-YkWZIXxT.js} +1 -1
- package/dist/ui/assets/{scss-5vaLJPJl.js → scss-Cf89idGl.js} +1 -1
- package/dist/ui/assets/{shellscript-p_y7YCYP.js → shellscript-BFMb52q8.js} +1 -1
- package/dist/ui/assets/{shellsession-ChZkMp2K.js → shellsession-DuthW-5v.js} +1 -1
- package/dist/ui/assets/{soy-im25cA8U.js → soy-BohVVlJU.js} +1 -1
- package/dist/ui/assets/{sql-BzvG6ssm.js → sql-CnK9R2Gt.js} +1 -1
- package/dist/ui/assets/{stata-CwSzNM20.js → stata-D-sV4Vbr.js} +1 -1
- package/dist/ui/assets/{surrealql-BWzKhI6S.js → surrealql-ChAy0gHv.js} +1 -1
- package/dist/ui/assets/{svelte-NMlQHjaa.js → svelte-3HBVqG-H.js} +1 -1
- package/dist/ui/assets/{templ-1W11KGSL.js → templ-BixlV4Cp.js} +1 -1
- package/dist/ui/assets/{tex-CTxN8q2c.js → tex-DWoJKHvD.js} +1 -1
- package/dist/ui/assets/{ts-tags-B6prphu-.js → ts-tags-DLA8eH13.js} +1 -1
- package/dist/ui/assets/{tsx-Daks24y9.js → tsx-BYWa5JUz.js} +1 -1
- package/dist/ui/assets/{twig-C0KeCxch.js → twig-CnY65vAo.js} +1 -1
- package/dist/ui/assets/{typescript-37-dkCwp.js → typescript-ByInUsro.js} +1 -1
- package/dist/ui/assets/{useFileDiffInstance--R0_ywL_.js → useFileDiffInstance-Dg0pWcJV.js} +3 -3
- package/dist/ui/assets/{vue-Ba-v02vP.js → vue-Qngt2rkz.js} +1 -1
- package/dist/ui/assets/{vue-html-D2UmbuN7.js → vue-html-DDue9upr.js} +1 -1
- package/dist/ui/assets/{vue-vine-ZftUW_ID.js → vue-vine-DBcAKsA6.js} +1 -1
- package/dist/ui/assets/workspace-app-DGD9R89D.css +1 -0
- package/dist/ui/assets/{workspace-app-CsMiGtz9.js → workspace-app-DuzpU4Hf.js} +5 -5
- package/dist/ui/assets/{xml-DrhRYxTS.js → xml-CRLR5jiL.js} +1 -1
- package/dist/ui/assets/{xsl-DvbIvBcQ.js → xsl-CmcwyXbm.js} +1 -1
- package/dist/ui/assets/{yaml-oktUYAzQ.js → yaml-Dpe6Eg-k.js} +1 -1
- package/dist/ui/workspace-app.html +2 -2
- package/dist/workspace-store.js +0 -50
- package/package.json +2 -2
- package/dist/ui/assets/workspace-app-8--oTbCd.css +0 -1
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
import { randomUUID } from "node:crypto";
|
|
2
|
+
import { InvalidRequestError } from "@modelcontextprotocol/sdk/server/auth/errors.js";
|
|
3
|
+
import { openDatabase } from "./db/client.js";
|
|
4
|
+
function redirectHostAllowed(redirectUri, allowedHosts) {
|
|
5
|
+
let parsed;
|
|
6
|
+
try {
|
|
7
|
+
parsed = new URL(redirectUri);
|
|
8
|
+
}
|
|
9
|
+
catch {
|
|
10
|
+
return false;
|
|
11
|
+
}
|
|
12
|
+
if (["localhost", "127.0.0.1", "[::1]"].includes(parsed.hostname))
|
|
13
|
+
return true;
|
|
14
|
+
return allowedHosts.includes(parsed.hostname);
|
|
15
|
+
}
|
|
16
|
+
export class SqliteOAuthStore {
|
|
17
|
+
database;
|
|
18
|
+
constructor(stateDir) {
|
|
19
|
+
this.database = openDatabase(stateDir);
|
|
20
|
+
this.deleteExpiredTokens(Math.floor(Date.now() / 1000));
|
|
21
|
+
}
|
|
22
|
+
getClient(clientId) {
|
|
23
|
+
const row = this.database.sqlite
|
|
24
|
+
.prepare("select client_json from oauth_clients where client_id = ?")
|
|
25
|
+
.get(clientId);
|
|
26
|
+
return row ? JSON.parse(row.client_json) : undefined;
|
|
27
|
+
}
|
|
28
|
+
registerClient(client, allowedRedirectHosts) {
|
|
29
|
+
if (!client.redirect_uris.every((uri) => redirectHostAllowed(String(uri), allowedRedirectHosts))) {
|
|
30
|
+
throw new InvalidRequestError("Client redirect_uri is not allowed for this DevSpace server");
|
|
31
|
+
}
|
|
32
|
+
const now = Math.floor(Date.now() / 1000);
|
|
33
|
+
const registered = {
|
|
34
|
+
...client,
|
|
35
|
+
client_id: `devspace-${randomUUID()}`,
|
|
36
|
+
client_id_issued_at: now,
|
|
37
|
+
token_endpoint_auth_method: client.token_endpoint_auth_method ?? "none",
|
|
38
|
+
grant_types: client.grant_types ?? ["authorization_code", "refresh_token"],
|
|
39
|
+
response_types: client.response_types ?? ["code"],
|
|
40
|
+
};
|
|
41
|
+
this.database.sqlite
|
|
42
|
+
.prepare("insert into oauth_clients (client_id, client_json, issued_at) values (?, ?, ?)")
|
|
43
|
+
.run(registered.client_id, JSON.stringify(registered), now);
|
|
44
|
+
return registered;
|
|
45
|
+
}
|
|
46
|
+
saveAccessToken(tokenHash, record) {
|
|
47
|
+
this.database.sqlite
|
|
48
|
+
.prepare(`insert into oauth_access_tokens (token_hash, client_id, scopes_json, expires_at, resource)
|
|
49
|
+
values (?, ?, ?, ?, ?)
|
|
50
|
+
on conflict(token_hash) do update set
|
|
51
|
+
client_id = excluded.client_id,
|
|
52
|
+
scopes_json = excluded.scopes_json,
|
|
53
|
+
expires_at = excluded.expires_at,
|
|
54
|
+
resource = excluded.resource`)
|
|
55
|
+
.run(tokenHash, record.clientId, JSON.stringify(record.scopes), record.expiresAt, record.resource ?? null);
|
|
56
|
+
}
|
|
57
|
+
getAccessToken(tokenHash) {
|
|
58
|
+
const row = this.database.sqlite
|
|
59
|
+
.prepare("select client_id, scopes_json, expires_at, resource from oauth_access_tokens where token_hash = ?")
|
|
60
|
+
.get(tokenHash);
|
|
61
|
+
return row ? rowToAccessTokenRecord(row) : undefined;
|
|
62
|
+
}
|
|
63
|
+
deleteAccessToken(tokenHash) {
|
|
64
|
+
this.database.sqlite.prepare("delete from oauth_access_tokens where token_hash = ?").run(tokenHash);
|
|
65
|
+
}
|
|
66
|
+
saveRefreshToken(tokenHash, record) {
|
|
67
|
+
this.database.sqlite
|
|
68
|
+
.prepare(`insert into oauth_refresh_tokens (token_hash, client_id, scopes_json, expires_at, resource)
|
|
69
|
+
values (?, ?, ?, ?, ?)
|
|
70
|
+
on conflict(token_hash) do update set
|
|
71
|
+
client_id = excluded.client_id,
|
|
72
|
+
scopes_json = excluded.scopes_json,
|
|
73
|
+
expires_at = excluded.expires_at,
|
|
74
|
+
resource = excluded.resource`)
|
|
75
|
+
.run(tokenHash, record.clientId, JSON.stringify(record.scopes), record.expiresAt, record.resource ?? null);
|
|
76
|
+
}
|
|
77
|
+
saveTokenPair(pair, consumedRefreshTokenHash) {
|
|
78
|
+
const save = this.database.sqlite.transaction(() => {
|
|
79
|
+
if (consumedRefreshTokenHash) {
|
|
80
|
+
const result = this.database.sqlite
|
|
81
|
+
.prepare("delete from oauth_refresh_tokens where token_hash = ?")
|
|
82
|
+
.run(consumedRefreshTokenHash);
|
|
83
|
+
if (result.changes !== 1)
|
|
84
|
+
return false;
|
|
85
|
+
}
|
|
86
|
+
this.saveAccessToken(pair.accessTokenHash, pair.accessToken);
|
|
87
|
+
this.saveRefreshToken(pair.refreshTokenHash, pair.refreshToken);
|
|
88
|
+
return true;
|
|
89
|
+
});
|
|
90
|
+
return save.immediate();
|
|
91
|
+
}
|
|
92
|
+
getRefreshToken(tokenHash) {
|
|
93
|
+
const row = this.database.sqlite
|
|
94
|
+
.prepare("select client_id, scopes_json, expires_at, resource from oauth_refresh_tokens where token_hash = ?")
|
|
95
|
+
.get(tokenHash);
|
|
96
|
+
return row ? rowToRefreshTokenRecord(row) : undefined;
|
|
97
|
+
}
|
|
98
|
+
deleteRefreshToken(tokenHash) {
|
|
99
|
+
this.database.sqlite.prepare("delete from oauth_refresh_tokens where token_hash = ?").run(tokenHash);
|
|
100
|
+
}
|
|
101
|
+
close() {
|
|
102
|
+
this.database.close();
|
|
103
|
+
}
|
|
104
|
+
deleteExpiredTokens(nowSeconds) {
|
|
105
|
+
this.database.sqlite.prepare("delete from oauth_access_tokens where expires_at < ?").run(nowSeconds);
|
|
106
|
+
this.database.sqlite.prepare("delete from oauth_refresh_tokens where expires_at < ?").run(nowSeconds);
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
export class SqliteOAuthClientsStore {
|
|
110
|
+
store;
|
|
111
|
+
allowedRedirectHosts;
|
|
112
|
+
constructor(store, allowedRedirectHosts) {
|
|
113
|
+
this.store = store;
|
|
114
|
+
this.allowedRedirectHosts = allowedRedirectHosts;
|
|
115
|
+
}
|
|
116
|
+
getClient(clientId) {
|
|
117
|
+
return this.store.getClient(clientId);
|
|
118
|
+
}
|
|
119
|
+
registerClient(client) {
|
|
120
|
+
return this.store.registerClient(client, this.allowedRedirectHosts);
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
function rowToAccessTokenRecord(row) {
|
|
124
|
+
return {
|
|
125
|
+
clientId: row.client_id,
|
|
126
|
+
scopes: JSON.parse(row.scopes_json),
|
|
127
|
+
expiresAt: row.expires_at,
|
|
128
|
+
resource: row.resource ?? undefined,
|
|
129
|
+
};
|
|
130
|
+
}
|
|
131
|
+
function rowToRefreshTokenRecord(row) {
|
|
132
|
+
return {
|
|
133
|
+
clientId: row.client_id,
|
|
134
|
+
scopes: JSON.parse(row.scopes_json),
|
|
135
|
+
expiresAt: row.expires_at,
|
|
136
|
+
resource: row.resource ?? undefined,
|
|
137
|
+
};
|
|
138
|
+
}
|
package/dist/server.js
CHANGED
|
@@ -989,7 +989,7 @@ export function createServer(config = loadConfig()) {
|
|
|
989
989
|
const transports = new Map();
|
|
990
990
|
const mcpUrl = new URL("/mcp", config.publicBaseUrl);
|
|
991
991
|
const resourceServerUrl = resourceUrlFromServerUrl(mcpUrl);
|
|
992
|
-
const oauthProvider = new SingleUserOAuthProvider(config.oauth, mcpUrl);
|
|
992
|
+
const oauthProvider = new SingleUserOAuthProvider(config.oauth, mcpUrl, config.stateDir);
|
|
993
993
|
const bearerAuth = requireBearerAuth({
|
|
994
994
|
verifier: oauthProvider,
|
|
995
995
|
requiredScopes: [config.oauth.scopes[0] ?? "devspace"],
|
|
@@ -1125,7 +1125,18 @@ export function createServer(config = loadConfig()) {
|
|
|
1125
1125
|
}
|
|
1126
1126
|
}
|
|
1127
1127
|
});
|
|
1128
|
-
|
|
1128
|
+
let closed = false;
|
|
1129
|
+
return {
|
|
1130
|
+
app,
|
|
1131
|
+
config,
|
|
1132
|
+
close: () => {
|
|
1133
|
+
if (closed)
|
|
1134
|
+
return;
|
|
1135
|
+
closed = true;
|
|
1136
|
+
oauthProvider.close();
|
|
1137
|
+
workspaceStore.close?.();
|
|
1138
|
+
},
|
|
1139
|
+
};
|
|
1129
1140
|
}
|
|
1130
1141
|
async function isMainModule() {
|
|
1131
1142
|
if (!process.argv[1])
|
|
@@ -1135,8 +1146,8 @@ async function isMainModule() {
|
|
|
1135
1146
|
return modulePath === entrypointPath;
|
|
1136
1147
|
}
|
|
1137
1148
|
if (await isMainModule()) {
|
|
1138
|
-
const { app, config } = createServer();
|
|
1139
|
-
app.listen(config.port, config.host, () => {
|
|
1149
|
+
const { app, config, close } = createServer();
|
|
1150
|
+
const httpServer = app.listen(config.port, config.host, () => {
|
|
1140
1151
|
console.log(`devspace listening on http://${config.host}:${config.port}/mcp`);
|
|
1141
1152
|
console.log(`allowed roots: ${config.allowedRoots.join(", ")}`);
|
|
1142
1153
|
console.log("auth: oauth owner-token flow required");
|
|
@@ -1145,4 +1156,12 @@ if (await isMainModule()) {
|
|
|
1145
1156
|
console.log(`asset logging: ${config.logging.assets ? "enabled" : "disabled"}`);
|
|
1146
1157
|
console.log(`trust proxy: ${config.logging.trustProxy ? "enabled" : "disabled"}`);
|
|
1147
1158
|
});
|
|
1159
|
+
const shutdown = () => {
|
|
1160
|
+
httpServer.close(() => {
|
|
1161
|
+
close();
|
|
1162
|
+
process.exit(0);
|
|
1163
|
+
});
|
|
1164
|
+
};
|
|
1165
|
+
process.once("SIGINT", shutdown);
|
|
1166
|
+
process.once("SIGTERM", shutdown);
|
|
1148
1167
|
}
|