@wonderwhy-er/desktop-commander 0.2.38 → 0.2.39

package/dist/oauth/oauth-routes.js

@@ -1,377 +0,0 @@
-import { Router } from 'express';
-export function createOAuthRoutes(oauthManager, baseUrl) {
-    const router = Router();
-    // ==================== DISCOVERY ENDPOINTS ====================
-    /**
-     * OAuth Authorization Server Metadata
-     * https://tools.ietf.org/html/rfc8414
-     */
-    router.get('/.well-known/oauth-authorization-server', (req, res) => {
-        res.json({
-            issuer: baseUrl,
-            authorization_endpoint: `${baseUrl}/authorize`,
-            token_endpoint: `${baseUrl}/token`,
-            registration_endpoint: `${baseUrl}/register`,
-            response_types_supported: ['code'],
-            grant_types_supported: ['authorization_code'],
-            code_challenge_methods_supported: ['S256'],
-            token_endpoint_auth_methods_supported: ['none'],
-            scopes_supported: ['mcp:tools']
-        });
-    });
-    /**
-     * MCP-specific OAuth Authorization Server Metadata
-     * ChatGPT requires this endpoint with pre-registered client_id
-     */
-    router.get('/.well-known/oauth-authorization-server/mcp', (req, res) => {
-        res.json({
-            issuer: baseUrl,
-            authorization_endpoint: `${baseUrl}/authorize`,
-            token_endpoint: `${baseUrl}/token`,
-            registration_endpoint: `${baseUrl}/register`,
-            response_types_supported: ['code'],
-            grant_types_supported: ['authorization_code'],
-            code_challenge_methods_supported: ['S256'],
-            token_endpoint_auth_methods_supported: ['none'],
-            scopes_supported: ['mcp:tools'],
-            // MCP-specific: Pre-registered client for ChatGPT
-            mcp: {
-                client_id: 'chatgpt-fixed-client-id',
-                redirect_uri: `${baseUrl}/callback`
-            }
-        });
-    });
-    /**
-     * OAuth Protected Resource Metadata
-     * https://tools.ietf.org/html/rfc8707
-     */
-    router.get('/.well-known/oauth-protected-resource', (req, res) => {
-        res.json({
-            resource: baseUrl,
-            authorization_servers: [baseUrl],
-            scopes_supported: ['mcp:tools'],
-            bearer_methods_supported: ['header']
-        });
-    });
-    /**
-     * MCP-specific OAuth Protected Resource Metadata
-     * ChatGPT queries this variant
-     */
-    router.get('/.well-known/oauth-protected-resource/mcp', (req, res) => {
-        res.json({
-            resource: baseUrl,
-            authorization_servers: [baseUrl],
-            scopes_supported: ['mcp:tools'],
-            bearer_methods_supported: ['header']
-        });
-    });
-    // ==================== CLIENT REGISTRATION ====================
-    /**
-     * Dynamic Client Registration
-     * https://tools.ietf.org/html/rfc7591
-     */
-    router.post('/register', (req, res) => {
-        const { redirect_uris, client_name } = req.body;
-        console.log(`\n🔐 CLIENT REGISTRATION`);
-        console.log(`   Client Name: ${client_name || 'Unnamed'}`);
-        console.log(`   Redirect URIs:`, redirect_uris);
-        if (!redirect_uris || !Array.isArray(redirect_uris) || redirect_uris.length === 0) {
-            return res.status(400).json({
-                error: 'invalid_redirect_uri',
-                error_description: 'redirect_uris must be a non-empty array'
-            });
-        }
-        // Check if this looks like ChatGPT
-        const isChatGPT = redirect_uris.some(uri => uri.includes('chatgpt.com') || uri.includes('openai.com'));
-        // Check if this looks like Claude
-        const isClaude = redirect_uris.some(uri => uri.includes('claude.ai') || uri.includes('anthropic.com'));
-        let client;
-        if (isChatGPT) {
-            // Return pre-registered ChatGPT client
-            client = oauthManager.getClient('chatgpt-fixed-client-id');
-            console.log(`✅ Using pre-registered ChatGPT client`);
-            // Add any new redirect URIs they're using
-            redirect_uris.forEach(uri => {
-                if (!client.redirect_uris.includes(uri)) {
-                    client.redirect_uris.push(uri);
-                    console.log(`   📝 Added redirect_uri: ${uri}`);
-                }
-            });
-        }
-        else if (isClaude) {
-            // Return pre-registered Claude client
-            client = oauthManager.getClient('claude-fixed-client-id');
-            console.log(`✅ Using pre-registered Claude client`);
-            // Add any new redirect URIs they're using
-            redirect_uris.forEach(uri => {
-                if (!client.redirect_uris.includes(uri)) {
-                    client.redirect_uris.push(uri);
-                    console.log(`   📝 Added redirect_uri: ${uri}`);
-                }
-            });
-        }
-        else {
-            // Register new client for other tools
-            client = oauthManager.registerClient(redirect_uris, client_name);
-            console.log(`✅ Registered new client: ${client.client_id}`);
-        }
-        res.status(201).json({
-            client_id: client.client_id,
-            client_name: client.client_name,
-            redirect_uris: client.redirect_uris,
-            grant_types: client.grant_types,
-            response_types: client.response_types,
-            token_endpoint_auth_method: 'none'
-        });
-    });
-    // ==================== AUTHORIZATION ====================
-    /**
-     * Authorization Endpoint (GET) - Display login page
-     */
-    router.get('/authorize', (req, res) => {
-        const { client_id, redirect_uri, response_type, state, code_challenge, code_challenge_method, scope } = req.query;
-        console.log(`\n🔐 AUTHORIZATION REQUEST`);
-        console.log(`   Client ID: ${client_id}`);
-        console.log(`   Redirect URI: ${redirect_uri}`);
-        console.log(`   Response Type: ${response_type}`);
-        console.log(`   State: ${state}`);
-        console.log(`   Code Challenge: ${code_challenge ? 'present' : 'missing'}`);
-        console.log(`   Scope: ${scope}`);
-        // Validate client
-        const client = oauthManager.getClient(client_id);
-        if (!client) {
-            console.log(`❌ Client ${client_id} not found. Was /register called?`);
-            console.log(`   Registered clients: ${oauthManager.listClients()}`);
-            return res.status(400).send(`
-        <html>
-          <head><title>Error</title></head>
-          <body style="font-family: system-ui; max-width: 400px; margin: 50px auto; padding: 20px;">
-            <h2>❌ Invalid Client</h2>
-            <p>The client_id <code>${client_id}</code> is not recognized.</p>
-            <p><small>The client must register at <code>/register</code> first.</small></p>
-          </body>
-        </html>
-      `);
-        }
-        console.log(`✅ Client validated: ${client.client_name}`);
-        // Validate redirect_uri
-        if (!client.redirect_uris.includes(redirect_uri)) {
-            console.log(`❌ Invalid redirect_uri: ${redirect_uri}`);
-            console.log(`   Registered URIs:`, client.redirect_uris);
-            return res.status(400).send(`
-        <html>
-          <head><title>Error</title></head>
-          <body style="font-family: system-ui; max-width: 400px; margin: 50px auto; padding: 20px;">
-            <h2>❌ Invalid Redirect URI</h2>
-            <p>The redirect_uri <code>${redirect_uri}</code> is not registered for this client.</p>
-            <p><strong>Registered URIs for ${client.client_name}:</strong></p>
-            <ul>
-              ${client.redirect_uris.map(uri => `<li><code>${uri}</code></li>`).join('')}
-            </ul>
-          </body>
-        </html>
-      `);
-        }
-        // Display login page
-        res.send(`
-      <html>
-        <head>
-          <title>Desktop Commander - Login</title>
-          <style>
-            body {
-              font-family: system-ui, -apple-system, sans-serif;
-              max-width: 400px;
-              margin: 50px auto;
-              padding: 20px;
-              background: #f5f5f5;
-            }
-            .container {
-              background: white;
-              padding: 30px;
-              border-radius: 10px;
-              box-shadow: 0 2px 10px rgba(0,0,0,0.1);
-            }
-            h2 {
-              margin-top: 0;
-              color: #333;
-            }
-            .info {
-              background: #f0f0f0;
-              padding: 15px;
-              margin: 20px 0;
-              border-radius: 5px;
-              font-size: 14px;
-            }
-            input {
-              width: 100%;
-              padding: 12px;
-              margin: 10px 0;
-              box-sizing: border-box;
-              border: 1px solid #ddd;
-              border-radius: 5px;
-              font-size: 16px;
-            }
-            button {
-              width: 100%;
-              padding: 14px;
-              background: #0066cc;
-              color: white;
-              border: none;
-              border-radius: 5px;
-              cursor: pointer;
-              font-size: 16px;
-              font-weight: 600;
-            }
-            button:hover {
-              background: #0052a3;
-            }
-            .demo-creds {
-              text-align: center;
-              color: #666;
-              margin-top: 20px;
-              font-size: 14px;
-            }
-          </style>
-        </head>
-        <body>
-          <div class="container">
-            <h2>🔐 Login to Desktop Commander</h2>
-            <div class="info">
-              <strong>Client:</strong> ${client.client_name}
-            </div>
-            <form method="POST" action="/authorize">
-              <input type="hidden" name="client_id" value="${client_id}">
-              <input type="hidden" name="redirect_uri" value="${redirect_uri}">
-              <input type="hidden" name="response_type" value="${response_type}">
-              <input type="hidden" name="state" value="${state || ''}">
-              <input type="hidden" name="code_challenge" value="${code_challenge || ''}">
-              <input type="hidden" name="code_challenge_method" value="${code_challenge_method || ''}">
-              <input type="hidden" name="scope" value="${scope || 'mcp:tools'}">
-              
-              <input type="text" name="username" placeholder="Username" required autofocus>
-              <input type="password" name="password" placeholder="Password" required>
-              
-              <button type="submit">Login & Authorize</button>
-            </form>
-            <div class="demo-creds">
-              Demo credentials:<br>
-              <strong>admin</strong> / <strong>password123</strong>
-            </div>
-          </div>
-        </body>
-      </html>
-    `);
-    });
-    /**
-     * Authorization Endpoint (POST) - Process login
-     */
-    router.post('/authorize', (req, res) => {
-        const { username, password, client_id, redirect_uri, state, code_challenge, code_challenge_method, scope } = req.body;
-        console.log(`\n🔐 PROCESSING LOGIN`);
-        console.log(`   Username: ${username}`);
-        console.log(`   Client ID: ${client_id}`);
-        // Validate credentials
-        if (!oauthManager.validateUser(username, password)) {
-            return res.send(`
-        <html>
-          <head><title>Login Failed</title></head>
-          <body style="font-family: system-ui; max-width: 400px; margin: 50px auto; padding: 20px;">
-            <h2>❌ Invalid Credentials</h2>
-            <p>The username or password is incorrect.</p>
-            <a href="/authorize?client_id=${client_id}&redirect_uri=${encodeURIComponent(redirect_uri)}&response_type=code&state=${state || ''}&code_challenge=${code_challenge || ''}&code_challenge_method=${code_challenge_method || ''}&scope=${scope || 'mcp:tools'}">Try Again</a>
-          </body>
-        </html>
-      `);
-        }
-        // Create authorization code
-        const code = oauthManager.createAuthCode({
-            username,
-            client_id,
-            redirect_uri,
-            code_challenge,
-            code_challenge_method,
-            scope: scope || 'mcp:tools'
-        });
-        console.log(`✅ User ${username} authorized, redirecting...`);
-        // Redirect back to client with authorization code
-        const redirectUrl = new URL(redirect_uri);
-        redirectUrl.searchParams.set('code', code);
-        if (state) {
-            redirectUrl.searchParams.set('state', state);
-        }
-        res.redirect(redirectUrl.toString());
-    });
-    // ==================== TOKEN ENDPOINT ====================
-    /**
-     * Callback endpoint - for compatibility with MCP discovery
-     * This redirects to the client's actual redirect_uri with the code
-     */
-    router.get('/callback', (req, res) => {
-        const { code, state, error, error_description } = req.query;
-        console.log(`\n🔄 CALLBACK`);
-        console.log(`   Code: ${code ? 'present' : 'missing'}`);
-        console.log(`   State: ${state}`);
-        if (error) {
-            return res.send(`
-        <html>
-          <head><title>OAuth Error</title></head>
-          <body style="font-family: system-ui; max-width: 400px; margin: 50px auto; padding: 20px;">
-            <h2>❌ OAuth Error</h2>
-            <p><strong>Error:</strong> ${error}</p>
-            <p><strong>Description:</strong> ${error_description || 'No description provided'}</p>
-          </body>
-        </html>
-      `);
-        }
-        // This endpoint shouldn't really be called directly
-        // It's here for compatibility with the MCP discovery document
-        res.send(`
-      <html>
-        <head><title>OAuth Callback</title></head>
-        <body style="font-family: system-ui; max-width: 400px; margin: 50px auto; padding: 20px;">
-          <h2>✅ Authorization Successful</h2>
-          <p>You can close this window and return to the application.</p>
-        </body>
-      </html>
-    `);
-    });
-    /**
-     * Token Endpoint - Exchange authorization code for access token
-     */
-    router.post('/token', (req, res) => {
-        const { grant_type, code, redirect_uri, client_id, code_verifier } = req.body;
-        console.log(`\n🎫 TOKEN REQUEST`);
-        console.log(`   Grant Type: ${grant_type}`);
-        console.log(`   Client ID: ${client_id}`);
-        // Validate grant type
-        if (grant_type !== 'authorization_code') {
-            return res.status(400).json({
-                error: 'unsupported_grant_type',
-                error_description: 'Only authorization_code grant type is supported'
-            });
-        }
-        // Validate authorization code
-        const validation = oauthManager.validateAuthCode(code, client_id, redirect_uri, code_verifier);
-        if (!validation.valid) {
-            console.log(`❌ Token request failed: ${validation.error}`);
-            return res.status(400).json({
-                error: 'invalid_grant',
-                error_description: validation.error
-            });
-        }
-        // Create access token
-        const accessToken = oauthManager.createJWT({
-            sub: validation.data.username,
-            client_id: validation.data.client_id,
-            scope: validation.data.scope
-        });
-        console.log(`✅ Issued token for ${validation.data.username}`);
-        res.json({
-            access_token: accessToken,
-            token_type: 'Bearer',
-            expires_in: 3600,
-            scope: validation.data.scope
-        });
-    });
-    return router;
-}

package/dist/oauth/provider.d.ts

@@ -1,22 +0,0 @@
-import type { OAuthConfig, AuthorizationServerMetadata, TokenResponse, AccessToken, AuthorizationRequest, TokenRequest } from './types.js';
-export declare class OAuthProvider {
-    private config;
-    private users;
-    private authCodes;
-    private accessTokens;
-    constructor(config: OAuthConfig);
-    static generatePKCE(): {
-        codeVerifier: string;
-        codeChallenge: string;
-    };
-    getAuthorizationServerMetadata(): AuthorizationServerMetadata;
-    handleAuthorizationRequest(params: AuthorizationRequest): {
-        authUrl: string;
-        authCode?: string;
-        error?: string;
-    };
-    handleTokenRequest(params: TokenRequest): Promise<TokenResponse | {
-        error: string;
-    }>;
-    validateAccessToken(token: string): AccessToken | null;
-}

package/dist/oauth/provider.js

@@ -1,124 +0,0 @@
-import crypto from 'crypto';
-export class OAuthProvider {
-    constructor(config) {
-        this.users = new Map();
-        this.authCodes = new Map();
-        this.accessTokens = new Map();
-        this.config = config;
-        // Add a default user for testing
-        this.users.set('admin', {
-            email: 'admin@localhost',
-            password: 'admin123' // In production, hash this!
-        });
-    }
-    // Generate PKCE code verifier and challenge
-    static generatePKCE() {
-        const codeVerifier = crypto.randomBytes(32).toString('base64url');
-        const codeChallenge = crypto
-            .createHash('sha256')
-            .update(codeVerifier)
-            .digest('base64url');
-        return { codeVerifier, codeChallenge };
-    }
-    // Get Authorization Server Metadata (required by MCP spec)
-    getAuthorizationServerMetadata() {
-        const baseUrl = this.config.issuer;
-        return {
-            issuer: baseUrl,
-            authorization_endpoint: `${baseUrl}/authorize`,
-            token_endpoint: `${baseUrl}/token`,
-            registration_endpoint: `${baseUrl}/register`,
-            revocation_endpoint: `${baseUrl}/revoke`,
-            jwks_uri: `${baseUrl}/.well-known/jwks.json`,
-            response_types_supported: ['code'],
-            grant_types_supported: ['authorization_code', 'refresh_token'],
-            token_endpoint_auth_methods_supported: ['none', 'client_secret_basic'],
-            code_challenge_methods_supported: ['S256'],
-            scopes_supported: ['mcp:access', 'mcp:tools', 'mcp:resources']
-        };
-    }
-    // Handle authorization request
-    handleAuthorizationRequest(params) {
-        if (!params.client_id || !params.redirect_uri || !params.code_challenge) {
-            return { authUrl: '', error: 'Missing required parameters' };
-        }
-        if (params.code_challenge_method !== 'S256') {
-            return { authUrl: '', error: 'Unsupported code_challenge_method' };
-        }
-        // Generate authorization code
-        const authCode = crypto.randomBytes(32).toString('hex');
-        const expiresAt = Date.now() + 10 * 60 * 1000; // 10 minutes
-        // Store authorization code
-        this.authCodes.set(authCode, {
-            userId: 'admin', // For simplicity, auto-approve for admin user
-            clientId: params.client_id,
-            redirectUri: params.redirect_uri,
-            scope: params.scope || 'mcp:access',
-            codeChallenge: params.code_challenge,
-            codeChallengeMethod: params.code_challenge_method,
-            expiresAt
-        });
-        // Build redirect URL with auth code
-        const redirectUrl = new URL(params.redirect_uri);
-        redirectUrl.searchParams.set('code', authCode);
-        if (params.state) {
-            redirectUrl.searchParams.set('state', params.state);
-        }
-        return { authUrl: redirectUrl.toString(), authCode };
-    }
-    // Exchange authorization code for access token
-    async handleTokenRequest(params) {
-        const authCodeData = this.authCodes.get(params.code);
-        if (!authCodeData) {
-            return { error: 'Invalid authorization code' };
-        }
-        if (Date.now() > authCodeData.expiresAt) {
-            this.authCodes.delete(params.code);
-            return { error: 'Authorization code expired' };
-        }
-        // Verify PKCE
-        const computedChallenge = crypto
-            .createHash('sha256')
-            .update(params.code_verifier)
-            .digest('base64url');
-        if (computedChallenge !== authCodeData.codeChallenge) {
-            return { error: 'Invalid code_verifier' };
-        }
-        // Verify client and redirect URI
-        if (params.client_id !== authCodeData.clientId ||
-            params.redirect_uri !== authCodeData.redirectUri) {
-            return { error: 'Invalid client_id or redirect_uri' };
-        }
-        // Generate access token
-        const accessToken = crypto.randomBytes(32).toString('hex');
-        const expiresIn = 3600; // 1 hour
-        const tokenData = {
-            sub: authCodeData.userId,
-            aud: params.client_id,
-            iss: this.config.issuer,
-            exp: Math.floor(Date.now() / 1000) + expiresIn,
-            iat: Math.floor(Date.now() / 1000),
-            scope: authCodeData.scope
-        };
-        this.accessTokens.set(accessToken, tokenData);
-        this.authCodes.delete(params.code);
-        return {
-            access_token: accessToken,
-            token_type: 'Bearer',
-            expires_in: expiresIn,
-            scope: authCodeData.scope
-        };
-    }
-    // Validate access token
-    validateAccessToken(token) {
-        const tokenData = this.accessTokens.get(token);
-        if (!tokenData) {
-            return null;
-        }
-        if (Date.now() / 1000 > tokenData.exp) {
-            this.accessTokens.delete(token);
-            return null;
-        }
-        return tokenData;
-    }
-}

package/dist/oauth/server.d.ts

@@ -1,18 +0,0 @@
-import http from 'http';
-import type { OAuthConfig } from './types.js';
-export declare class OAuthHttpServer {
-    private server;
-    private oauthProvider;
-    private mcpHandler;
-    constructor(config: OAuthConfig, mcpHandler: (req: http.IncomingMessage, res: http.ServerResponse) => void);
-    private handleRequest;
-    private setCorsHeaders;
-    private handleAuthServerMetadata;
-    private handleAuthorize;
-    private handleToken;
-    private handleCallback;
-    private sendUnauthorized;
-    private getRequestBody;
-    listen(port: number, callback?: () => void): void;
-    close(callback?: () => void): void;
-}