@waishnav/devspace 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (90) hide show
  1. package/README.md +103 -29
  2. package/dist/cli.js +5 -2
  3. package/dist/db/client.js +10 -3
  4. package/dist/db/migrations.js +123 -0
  5. package/dist/db/schema.js +24 -1
  6. package/dist/oauth-provider.js +35 -64
  7. package/dist/oauth-store.js +138 -0
  8. package/dist/server.js +23 -4
  9. package/dist/ui/.vite/manifest.json +281 -281
  10. package/dist/ui/assets/{angular-html-B_77pPm_.js → angular-html-Dj4LysSE.js} +1 -1
  11. package/dist/ui/assets/{angular-ts-tGBi7sOr.js → angular-ts-CxuC_FFh.js} +1 -1
  12. package/dist/ui/assets/{apl-CtVPpGgP.js → apl-RwuvNFFo.js} +1 -1
  13. package/dist/ui/assets/{astro-CALPYvnG.js → astro-ncoaUbsO.js} +1 -1
  14. package/dist/ui/assets/{blade-Bh4eBXdk.js → blade-Dw8-Lzux.js} +1 -1
  15. package/dist/ui/assets/{c-BGkebjQE.js → c-Dpbbo_f2.js} +1 -1
  16. package/dist/ui/assets/{cobol-f7rP2PjR.js → cobol-4ddX3THy.js} +1 -1
  17. package/dist/ui/assets/{coffee-E4OhMc7W.js → coffee-Bn-a5KqK.js} +1 -1
  18. package/dist/ui/assets/{cpp-Cr_J6lB2.js → cpp-DoRrlM_T.js} +1 -1
  19. package/dist/ui/assets/{crystal-B_TFXhon.js → crystal-DiZfCxn-.js} +1 -1
  20. package/dist/ui/assets/{css-DDMxq-4J.js → css-DiQoSjDH.js} +1 -1
  21. package/dist/ui/assets/{edge-Bxqhgg5I.js → edge-wEhCUoEt.js} +1 -1
  22. package/dist/ui/assets/{elixir-WrSbgJJ1.js → elixir-C3obhm0H.js} +1 -1
  23. package/dist/ui/assets/{elm-BXBWJ4Kz.js → elm-DyTBfh1L.js} +1 -1
  24. package/dist/ui/assets/{erb-D0iMw9rO.js → erb-f4TnXRuY.js} +1 -1
  25. package/dist/ui/assets/{git-rebase-BOrZ-_iR.js → git-rebase-vhZbWNfp.js} +1 -1
  26. package/dist/ui/assets/{glimmer-js-PCWk96O8.js → glimmer-js-BG7puL6Y.js} +1 -1
  27. package/dist/ui/assets/{glimmer-ts-4pYwX8pC.js → glimmer-ts-CNCfLLL1.js} +1 -1
  28. package/dist/ui/assets/{glsl-CDyKZvZX.js → glsl-DhT76AL5.js} +1 -1
  29. package/dist/ui/assets/{graphql-8sIw92YT.js → graphql-CJX08w8y.js} +1 -1
  30. package/dist/ui/assets/{hack-Ci96Zcew.js → hack-DY4NGCCL.js} +1 -1
  31. package/dist/ui/assets/{haml-4uzh6End.js → haml-DwSkmVcG.js} +1 -1
  32. package/dist/ui/assets/{handlebars-B6Eq7QV8.js → handlebars-CQ_1dEmi.js} +1 -1
  33. package/dist/ui/assets/{heavy-payload--bwRtRpo.js → heavy-payload-2rGBiitA.js} +1 -1
  34. package/dist/ui/assets/{html-C29wL7bm.js → html-B_e3Njif.js} +1 -1
  35. package/dist/ui/assets/{html-derivative-Cmd90ilz.js → html-derivative-_nHZ_Bk-.js} +1 -1
  36. package/dist/ui/assets/{http-Bdr_R0Kw.js → http-CfcvPIru.js} +1 -1
  37. package/dist/ui/assets/{hurl-CiTPn-zH.js → hurl-9vWDQIMO.js} +1 -1
  38. package/dist/ui/assets/{java-C03kBuJH.js → java-C4S5r6L5.js} +1 -1
  39. package/dist/ui/assets/{javascript-135g9Wwx.js → javascript-BRwqbMMC.js} +1 -1
  40. package/dist/ui/assets/{jinja-CPpiEHqV.js → jinja-DHxzMMc5.js} +1 -1
  41. package/dist/ui/assets/{jison-qabCQzwp.js → jison-B1DqeWXb.js} +1 -1
  42. package/dist/ui/assets/{json-CtRj9Trp.js → json-DcFTkEdd.js} +1 -1
  43. package/dist/ui/assets/{jsx-Ccuy5Wm3.js → jsx-DgfmYa9f.js} +1 -1
  44. package/dist/ui/assets/{julia-Fwya-MwM.js → julia-3M8SJ8iF.js} +1 -1
  45. package/dist/ui/assets/{just-c9YEH7Gf.js → just-UyH7_DNz.js} +1 -1
  46. package/dist/ui/assets/{latex-D9xoD6UX.js → latex-wUbha6EX.js} +1 -1
  47. package/dist/ui/assets/{liquid-BKZLZSHN.js → liquid-DqNTB9kN.js} +1 -1
  48. package/dist/ui/assets/{lua-CBD2zNyC.js → lua-DrEQ1QTW.js} +1 -1
  49. package/dist/ui/assets/{marko-Dkgf9bj3.js → marko-B3GJw9Md.js} +1 -1
  50. package/dist/ui/assets/{mdc-BUgUKiX3.js → mdc-BnThk82m.js} +1 -1
  51. package/dist/ui/assets/{nginx-CAaav4Zh.js → nginx-B5IeSsOX.js} +1 -1
  52. package/dist/ui/assets/{nim-CTjWWztL.js → nim-BJraatnS.js} +1 -1
  53. package/dist/ui/assets/{perl-DTM5zgH4.js → perl-BAhrR4gt.js} +1 -1
  54. package/dist/ui/assets/{php-dqfFDbWm.js → php-BKRCk_wX.js} +1 -1
  55. package/dist/ui/assets/{pug-4f_clTm2.js → pug-B8gmSV7z.js} +1 -1
  56. package/dist/ui/assets/{qml-BFeWjFRL.js → qml-DKrxIjHR.js} +1 -1
  57. package/dist/ui/assets/{r-ei1iNvHm.js → r-YASBZvTH.js} +1 -1
  58. package/dist/ui/assets/{razor-jj95jncJ.js → razor-P-XFZqh6.js} +1 -1
  59. package/dist/ui/assets/{regexp-0joUf3Cn.js → regexp-CCpiH6nO.js} +1 -1
  60. package/dist/ui/assets/{review-payload-DxI2fTnP.js → review-payload-BLYwg6t8.js} +1 -1
  61. package/dist/ui/assets/{rst-BMbcN8--.js → rst-CFAzckbn.js} +1 -1
  62. package/dist/ui/assets/{ruby-BQx0xtOB.js → ruby-Dyp_Rx-S.js} +1 -1
  63. package/dist/ui/assets/{sas-C_Fl1EyP.js → sas-YkWZIXxT.js} +1 -1
  64. package/dist/ui/assets/{scss-5vaLJPJl.js → scss-Cf89idGl.js} +1 -1
  65. package/dist/ui/assets/{shellscript-p_y7YCYP.js → shellscript-BFMb52q8.js} +1 -1
  66. package/dist/ui/assets/{shellsession-ChZkMp2K.js → shellsession-DuthW-5v.js} +1 -1
  67. package/dist/ui/assets/{soy-im25cA8U.js → soy-BohVVlJU.js} +1 -1
  68. package/dist/ui/assets/{sql-BzvG6ssm.js → sql-CnK9R2Gt.js} +1 -1
  69. package/dist/ui/assets/{stata-CwSzNM20.js → stata-D-sV4Vbr.js} +1 -1
  70. package/dist/ui/assets/{surrealql-BWzKhI6S.js → surrealql-ChAy0gHv.js} +1 -1
  71. package/dist/ui/assets/{svelte-NMlQHjaa.js → svelte-3HBVqG-H.js} +1 -1
  72. package/dist/ui/assets/{templ-1W11KGSL.js → templ-BixlV4Cp.js} +1 -1
  73. package/dist/ui/assets/{tex-CTxN8q2c.js → tex-DWoJKHvD.js} +1 -1
  74. package/dist/ui/assets/{ts-tags-B6prphu-.js → ts-tags-DLA8eH13.js} +1 -1
  75. package/dist/ui/assets/{tsx-Daks24y9.js → tsx-BYWa5JUz.js} +1 -1
  76. package/dist/ui/assets/{twig-C0KeCxch.js → twig-CnY65vAo.js} +1 -1
  77. package/dist/ui/assets/{typescript-37-dkCwp.js → typescript-ByInUsro.js} +1 -1
  78. package/dist/ui/assets/{useFileDiffInstance--R0_ywL_.js → useFileDiffInstance-Dg0pWcJV.js} +3 -3
  79. package/dist/ui/assets/{vue-Ba-v02vP.js → vue-Qngt2rkz.js} +1 -1
  80. package/dist/ui/assets/{vue-html-D2UmbuN7.js → vue-html-DDue9upr.js} +1 -1
  81. package/dist/ui/assets/{vue-vine-ZftUW_ID.js → vue-vine-DBcAKsA6.js} +1 -1
  82. package/dist/ui/assets/workspace-app-DGD9R89D.css +1 -0
  83. package/dist/ui/assets/{workspace-app-CsMiGtz9.js → workspace-app-DuzpU4Hf.js} +5 -5
  84. package/dist/ui/assets/{xml-DrhRYxTS.js → xml-CRLR5jiL.js} +1 -1
  85. package/dist/ui/assets/{xsl-DvbIvBcQ.js → xsl-CmcwyXbm.js} +1 -1
  86. package/dist/ui/assets/{yaml-oktUYAzQ.js → yaml-Dpe6Eg-k.js} +1 -1
  87. package/dist/ui/workspace-app.html +2 -2
  88. package/dist/workspace-store.js +0 -50
  89. package/package.json +2 -2
  90. package/dist/ui/assets/workspace-app-8--oTbCd.css +0 -1
@@ -0,0 +1,138 @@
1
+ import { randomUUID } from "node:crypto";
2
+ import { InvalidRequestError } from "@modelcontextprotocol/sdk/server/auth/errors.js";
3
+ import { openDatabase } from "./db/client.js";
4
+ function redirectHostAllowed(redirectUri, allowedHosts) {
5
+ let parsed;
6
+ try {
7
+ parsed = new URL(redirectUri);
8
+ }
9
+ catch {
10
+ return false;
11
+ }
12
+ if (["localhost", "127.0.0.1", "[::1]"].includes(parsed.hostname))
13
+ return true;
14
+ return allowedHosts.includes(parsed.hostname);
15
+ }
16
+ export class SqliteOAuthStore {
17
+ database;
18
+ constructor(stateDir) {
19
+ this.database = openDatabase(stateDir);
20
+ this.deleteExpiredTokens(Math.floor(Date.now() / 1000));
21
+ }
22
+ getClient(clientId) {
23
+ const row = this.database.sqlite
24
+ .prepare("select client_json from oauth_clients where client_id = ?")
25
+ .get(clientId);
26
+ return row ? JSON.parse(row.client_json) : undefined;
27
+ }
28
+ registerClient(client, allowedRedirectHosts) {
29
+ if (!client.redirect_uris.every((uri) => redirectHostAllowed(String(uri), allowedRedirectHosts))) {
30
+ throw new InvalidRequestError("Client redirect_uri is not allowed for this DevSpace server");
31
+ }
32
+ const now = Math.floor(Date.now() / 1000);
33
+ const registered = {
34
+ ...client,
35
+ client_id: `devspace-${randomUUID()}`,
36
+ client_id_issued_at: now,
37
+ token_endpoint_auth_method: client.token_endpoint_auth_method ?? "none",
38
+ grant_types: client.grant_types ?? ["authorization_code", "refresh_token"],
39
+ response_types: client.response_types ?? ["code"],
40
+ };
41
+ this.database.sqlite
42
+ .prepare("insert into oauth_clients (client_id, client_json, issued_at) values (?, ?, ?)")
43
+ .run(registered.client_id, JSON.stringify(registered), now);
44
+ return registered;
45
+ }
46
+ saveAccessToken(tokenHash, record) {
47
+ this.database.sqlite
48
+ .prepare(`insert into oauth_access_tokens (token_hash, client_id, scopes_json, expires_at, resource)
49
+ values (?, ?, ?, ?, ?)
50
+ on conflict(token_hash) do update set
51
+ client_id = excluded.client_id,
52
+ scopes_json = excluded.scopes_json,
53
+ expires_at = excluded.expires_at,
54
+ resource = excluded.resource`)
55
+ .run(tokenHash, record.clientId, JSON.stringify(record.scopes), record.expiresAt, record.resource ?? null);
56
+ }
57
+ getAccessToken(tokenHash) {
58
+ const row = this.database.sqlite
59
+ .prepare("select client_id, scopes_json, expires_at, resource from oauth_access_tokens where token_hash = ?")
60
+ .get(tokenHash);
61
+ return row ? rowToAccessTokenRecord(row) : undefined;
62
+ }
63
+ deleteAccessToken(tokenHash) {
64
+ this.database.sqlite.prepare("delete from oauth_access_tokens where token_hash = ?").run(tokenHash);
65
+ }
66
+ saveRefreshToken(tokenHash, record) {
67
+ this.database.sqlite
68
+ .prepare(`insert into oauth_refresh_tokens (token_hash, client_id, scopes_json, expires_at, resource)
69
+ values (?, ?, ?, ?, ?)
70
+ on conflict(token_hash) do update set
71
+ client_id = excluded.client_id,
72
+ scopes_json = excluded.scopes_json,
73
+ expires_at = excluded.expires_at,
74
+ resource = excluded.resource`)
75
+ .run(tokenHash, record.clientId, JSON.stringify(record.scopes), record.expiresAt, record.resource ?? null);
76
+ }
77
+ saveTokenPair(pair, consumedRefreshTokenHash) {
78
+ const save = this.database.sqlite.transaction(() => {
79
+ if (consumedRefreshTokenHash) {
80
+ const result = this.database.sqlite
81
+ .prepare("delete from oauth_refresh_tokens where token_hash = ?")
82
+ .run(consumedRefreshTokenHash);
83
+ if (result.changes !== 1)
84
+ return false;
85
+ }
86
+ this.saveAccessToken(pair.accessTokenHash, pair.accessToken);
87
+ this.saveRefreshToken(pair.refreshTokenHash, pair.refreshToken);
88
+ return true;
89
+ });
90
+ return save.immediate();
91
+ }
92
+ getRefreshToken(tokenHash) {
93
+ const row = this.database.sqlite
94
+ .prepare("select client_id, scopes_json, expires_at, resource from oauth_refresh_tokens where token_hash = ?")
95
+ .get(tokenHash);
96
+ return row ? rowToRefreshTokenRecord(row) : undefined;
97
+ }
98
+ deleteRefreshToken(tokenHash) {
99
+ this.database.sqlite.prepare("delete from oauth_refresh_tokens where token_hash = ?").run(tokenHash);
100
+ }
101
+ close() {
102
+ this.database.close();
103
+ }
104
+ deleteExpiredTokens(nowSeconds) {
105
+ this.database.sqlite.prepare("delete from oauth_access_tokens where expires_at < ?").run(nowSeconds);
106
+ this.database.sqlite.prepare("delete from oauth_refresh_tokens where expires_at < ?").run(nowSeconds);
107
+ }
108
+ }
109
+ export class SqliteOAuthClientsStore {
110
+ store;
111
+ allowedRedirectHosts;
112
+ constructor(store, allowedRedirectHosts) {
113
+ this.store = store;
114
+ this.allowedRedirectHosts = allowedRedirectHosts;
115
+ }
116
+ getClient(clientId) {
117
+ return this.store.getClient(clientId);
118
+ }
119
+ registerClient(client) {
120
+ return this.store.registerClient(client, this.allowedRedirectHosts);
121
+ }
122
+ }
123
+ function rowToAccessTokenRecord(row) {
124
+ return {
125
+ clientId: row.client_id,
126
+ scopes: JSON.parse(row.scopes_json),
127
+ expiresAt: row.expires_at,
128
+ resource: row.resource ?? undefined,
129
+ };
130
+ }
131
+ function rowToRefreshTokenRecord(row) {
132
+ return {
133
+ clientId: row.client_id,
134
+ scopes: JSON.parse(row.scopes_json),
135
+ expiresAt: row.expires_at,
136
+ resource: row.resource ?? undefined,
137
+ };
138
+ }
package/dist/server.js CHANGED
@@ -989,7 +989,7 @@ export function createServer(config = loadConfig()) {
989
989
  const transports = new Map();
990
990
  const mcpUrl = new URL("/mcp", config.publicBaseUrl);
991
991
  const resourceServerUrl = resourceUrlFromServerUrl(mcpUrl);
992
- const oauthProvider = new SingleUserOAuthProvider(config.oauth, mcpUrl);
992
+ const oauthProvider = new SingleUserOAuthProvider(config.oauth, mcpUrl, config.stateDir);
993
993
  const bearerAuth = requireBearerAuth({
994
994
  verifier: oauthProvider,
995
995
  requiredScopes: [config.oauth.scopes[0] ?? "devspace"],
@@ -1125,7 +1125,18 @@ export function createServer(config = loadConfig()) {
1125
1125
  }
1126
1126
  }
1127
1127
  });
1128
- return { app, config };
1128
+ let closed = false;
1129
+ return {
1130
+ app,
1131
+ config,
1132
+ close: () => {
1133
+ if (closed)
1134
+ return;
1135
+ closed = true;
1136
+ oauthProvider.close();
1137
+ workspaceStore.close?.();
1138
+ },
1139
+ };
1129
1140
  }
1130
1141
  async function isMainModule() {
1131
1142
  if (!process.argv[1])
@@ -1135,8 +1146,8 @@ async function isMainModule() {
1135
1146
  return modulePath === entrypointPath;
1136
1147
  }
1137
1148
  if (await isMainModule()) {
1138
- const { app, config } = createServer();
1139
- app.listen(config.port, config.host, () => {
1149
+ const { app, config, close } = createServer();
1150
+ const httpServer = app.listen(config.port, config.host, () => {
1140
1151
  console.log(`devspace listening on http://${config.host}:${config.port}/mcp`);
1141
1152
  console.log(`allowed roots: ${config.allowedRoots.join(", ")}`);
1142
1153
  console.log("auth: oauth owner-token flow required");
@@ -1145,4 +1156,12 @@ if (await isMainModule()) {
1145
1156
  console.log(`asset logging: ${config.logging.assets ? "enabled" : "disabled"}`);
1146
1157
  console.log(`trust proxy: ${config.logging.trustProxy ? "enabled" : "disabled"}`);
1147
1158
  });
1159
+ const shutdown = () => {
1160
+ httpServer.close(() => {
1161
+ close();
1162
+ process.exit(0);
1163
+ });
1164
+ };
1165
+ process.once("SIGINT", shutdown);
1166
+ process.once("SIGTERM", shutdown);
1148
1167
  }