backend-manager 5.0.182 → 5.0.183

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/mcp/handler.js +6 -6
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "backend-manager",
3
- "version": "5.0.182",
3
+ "version": "5.0.183",
4
4
  "description": "Quick tools for developing Firebase functions",
5
5
  "main": "src/manager/index.js",
6
6
  "bin": {
package/src/mcp/handler.js CHANGED
@@ -93,7 +93,7 @@ function handleAuthorize(req, res, options) {
93
93
  const Manager = options.Manager;
94
94
 
95
95
  // Auto-approve if client_id matches the BEM key
96
- if (isValidKey(client_id, Manager) && redirect_uri) {
96
+ if (isValidKey(client_id) && redirect_uri) {
97
97
  const url = new URL(redirect_uri);
98
98
  url.searchParams.set('code', client_id);
99
99
  if (state) {
@@ -151,7 +151,7 @@ function handleAuthorize(req, res, options) {
151
151
  const redirectUri = body.redirect_uri || '';
152
152
  const postState = body.state || '';
153
153
 
154
- if (!isValidKey(key, Manager)) {
154
+ if (!isValidKey(key)) {
155
155
  res.writeHead(403, { 'Content-Type': 'text/html' });
156
156
  res.end('<html><body style="background:#111;color:#e55;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh"><h2>Invalid key. Go back and try again.</h2></body></html>');
157
157
  return;
@@ -188,7 +188,7 @@ function handleToken(req, res, options) {
188
188
  const Manager = options.Manager;
189
189
 
190
190
  // The code, client_secret, or client_id IS the backendManagerKey — validate any
191
- if (!isValidKey(code, Manager)) {
191
+ if (!isValidKey(code)) {
192
192
  return sendJson(res, 401, {
193
193
  error: 'invalid_grant',
194
194
  error_description: 'Invalid authorization code.',
@@ -213,7 +213,7 @@ async function handleMcpProtocol(req, res, options) {
213
213
  const authHeader = req.headers.authorization || '';
214
214
  const key = authHeader.replace(/^Bearer\s+/i, '');
215
215
 
216
- if (!isValidKey(key, Manager)) {
216
+ if (!isValidKey(key)) {
217
217
  // Return 401 with OAuth discovery hint
218
218
  const protocol = req.headers['x-forwarded-proto'] || req.protocol || 'https';
219
219
  const host = req.headers['x-forwarded-host'] || req.headers.host || '';
@@ -321,8 +321,8 @@ async function handleMcpProtocol(req, res, options) {
321
321
  * Validate a key against the configured backendManagerKey.
322
322
  * Returns false if either the key or the config key is empty/missing.
323
323
  */
324
- function isValidKey(key, Manager) {
325
- const configKey = Manager.config?.backendManagerKey;
324
+ function isValidKey(key) {
325
+ const configKey = process.env.BACKEND_MANAGER_KEY || '';
326
326
  return !!key && !!configKey && key === configKey;
327
327
  }
328
328