couchloop-eq-mcp 1.0.3 → 1.0.5

package/dist/server/oauth/authServer.js

@@ -1,283 +0,0 @@
-import { config } from 'dotenv';
-// Load environment variables before class initialization
-config({ path: '.env.local' });
-import { v4 as uuidv4 } from 'uuid';
-import jwt from 'jsonwebtoken';
-import bcrypt from 'bcryptjs';
-import { getDb } from '../../db/client.js';
-import { users, oauthClients, oauthTokens, authorizationCodes } from '../../db/schema.js';
-import { eq, and } from 'drizzle-orm';
-import { logger } from '../../utils/logger.js';
-export class OAuthServer {
-    jwtSecret;
-    jwtExpiresIn;
-    constructor() {
-        this.jwtSecret = process.env.JWT_SECRET || 'dev-secret-change-in-production';
-        this.jwtExpiresIn = process.env.JWT_EXPIRES_IN || '24h';
-        if (!process.env.JWT_SECRET) {
-            logger.warn('Using default JWT secret - CHANGE IN PRODUCTION!');
-        }
-    }
-    /**
-     * Validate client credentials
-     */
-    async validateClient(clientId, clientSecret) {
-        const db = getDb();
-        try {
-            const [client] = await db
-                .select()
-                .from(oauthClients)
-                .where(eq(oauthClients.clientId, clientId))
-                .limit(1);
-            if (!client) {
-                logger.warn(`Invalid client ID: ${clientId}`);
-                return false;
-            }
-            // If secret provided, verify it
-            if (clientSecret) {
-                const validSecret = await bcrypt.compare(clientSecret, client.clientSecret);
-                if (!validSecret) {
-                    logger.warn(`Invalid client secret for client: ${clientId}`);
-                    return false;
-                }
-            }
-            return true;
-        }
-        catch (error) {
-            logger.error('Error validating client:', error);
-            return false;
-        }
-    }
-    /**
-     * Generate authorization code for OAuth flow
-     */
-    async generateAuthCode(clientId, userId, redirectUri, scope = 'read write') {
-        const db = getDb();
-        const code = uuidv4();
-        const expiresAt = new Date(Date.now() + 10 * 60 * 1000); // 10 minutes
-        try {
-            await db.insert(authorizationCodes).values({
-                code,
-                userId,
-                clientId,
-                redirectUri,
-                scope,
-                expiresAt,
-                used: false,
-            });
-            logger.info(`Generated auth code for user ${userId}, client ${clientId}`);
-            return code;
-        }
-        catch (error) {
-            logger.error('Error generating auth code:', error);
-            throw new Error('Failed to generate authorization code');
-        }
-    }
-    /**
-     * Exchange authorization code for access token
-     */
-    async exchangeCodeForToken(code, clientId, clientSecret, redirectUri) {
-        const db = getDb();
-        try {
-            // Validate client
-            const validClient = await this.validateClient(clientId, clientSecret);
-            if (!validClient) {
-                throw new Error('Invalid client credentials');
-            }
-            // Get and validate auth code
-            const [authCode] = await db
-                .select()
-                .from(authorizationCodes)
-                .where(and(eq(authorizationCodes.code, code), eq(authorizationCodes.clientId, clientId)))
-                .limit(1);
-            if (!authCode) {
-                throw new Error('Invalid authorization code');
-            }
-            // Check if code is expired
-            if (new Date() > authCode.expiresAt) {
-                throw new Error('Authorization code expired');
-            }
-            // Check if code was already used
-            if (authCode.used) {
-                throw new Error('Authorization code already used');
-            }
-            // Validate redirect URI
-            if (authCode.redirectUri !== redirectUri) {
-                throw new Error('Redirect URI mismatch');
-            }
-            // Mark code as used
-            await db
-                .update(authorizationCodes)
-                .set({ used: true })
-                .where(eq(authorizationCodes.code, code));
-            // Generate tokens
-            const accessToken = this.generateAccessToken(authCode.userId, clientId, authCode.scope || 'read write');
-            const refreshToken = this.generateRefreshToken(authCode.userId, clientId, authCode.scope || 'read write');
-            // Store tokens in database
-            const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000); // 24 hours
-            await db.insert(oauthTokens).values({
-                userId: authCode.userId,
-                accessToken,
-                refreshToken,
-                expiresAt,
-                scope: authCode.scope,
-                tokenType: 'Bearer',
-            });
-            logger.info(`Issued tokens for user ${authCode.userId}, client ${clientId}`);
-            return {
-                access_token: accessToken,
-                refresh_token: refreshToken,
-                token_type: 'Bearer',
-                expires_in: 86400, // 24 hours in seconds
-                scope: authCode.scope || 'read write',
-            };
-        }
-        catch (error) {
-            logger.error('Error exchanging code for token:', error);
-            throw error;
-        }
-    }
-    /**
-     * Generate access token (JWT)
-     */
-    generateAccessToken(userId, clientId, scope) {
-        const payload = {
-            sub: userId,
-            client_id: clientId,
-            scope,
-        };
-        return jwt.sign(payload, this.jwtSecret, {
-            expiresIn: this.jwtExpiresIn,
-        });
-    }
-    /**
-     * Generate refresh token
-     */
-    generateRefreshToken(userId, clientId, scope) {
-        const payload = {
-            sub: userId,
-            client_id: clientId,
-            scope,
-        };
-        return jwt.sign(payload, this.jwtSecret, {
-            expiresIn: '30d', // Refresh tokens last longer
-        });
-    }
-    /**
-     * Validate access token
-     */
-    async validateAccessToken(token) {
-        try {
-            // Verify JWT signature
-            const decoded = jwt.verify(token, this.jwtSecret);
-            // Check if token exists in database and is not expired
-            const db = getDb();
-            const [dbToken] = await db
-                .select()
-                .from(oauthTokens)
-                .where(eq(oauthTokens.accessToken, token))
-                .limit(1);
-            if (!dbToken || new Date() > dbToken.expiresAt) {
-                return null;
-            }
-            return decoded;
-        }
-        catch (error) {
-            logger.debug('Invalid access token:', error);
-            return null;
-        }
-    }
-    /**
-     * Refresh access token using refresh token
-     */
-    async refreshAccessToken(refreshToken) {
-        const db = getDb();
-        try {
-            // Verify refresh token
-            const decoded = jwt.verify(refreshToken, this.jwtSecret);
-            // Find existing token
-            const [existingToken] = await db
-                .select()
-                .from(oauthTokens)
-                .where(eq(oauthTokens.refreshToken, refreshToken))
-                .limit(1);
-            if (!existingToken) {
-                throw new Error('Invalid refresh token');
-            }
-            // Generate new access token
-            const newAccessToken = this.generateAccessToken(decoded.sub, decoded.client_id, decoded.scope);
-            // Update token in database
-            const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000);
-            await db
-                .update(oauthTokens)
-                .set({
-                accessToken: newAccessToken,
-                expiresAt,
-                updatedAt: new Date(),
-            })
-                .where(eq(oauthTokens.id, existingToken.id));
-            logger.info(`Refreshed token for user ${decoded.sub}`);
-            return {
-                access_token: newAccessToken,
-                token_type: 'Bearer',
-                expires_in: 86400,
-            };
-        }
-        catch (error) {
-            logger.error('Error refreshing token:', error);
-            throw new Error('Failed to refresh token');
-        }
-    }
-    /**
-     * Revoke token
-     */
-    async revokeToken(token) {
-        const db = getDb();
-        try {
-            await db
-                .delete(oauthTokens)
-                .where(eq(oauthTokens.accessToken, token));
-            logger.info('Revoked token');
-        }
-        catch (error) {
-            logger.error('Error revoking token:', error);
-            throw new Error('Failed to revoke token');
-        }
-    }
-    /**
-     * Create or get user from external ID
-     */
-    async getOrCreateUser(externalId) {
-        const db = getDb();
-        try {
-            // Check if user exists
-            const [existingUser] = await db
-                .select()
-                .from(users)
-                .where(eq(users.externalId, externalId))
-                .limit(1);
-            if (existingUser) {
-                return existingUser.id;
-            }
-            // Create new user
-            const [newUser] = await db
-                .insert(users)
-                .values({
-                externalId,
-            })
-                .returning();
-            if (!newUser) {
-                throw new Error('Failed to create user');
-            }
-            logger.info(`Created new user with external ID: ${externalId}`);
-            return newUser.id;
-        }
-        catch (error) {
-            logger.error('Error getting/creating user:', error);
-            throw new Error('Failed to get or create user');
-        }
-    }
-}
-// Export singleton instance
-export const oauthServer = new OAuthServer();
-//# sourceMappingURL=authServer.js.map

package/dist/server/oauth/authServer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"authServer.js","sourceRoot":"","sources":["../../../src/server/oauth/authServer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,yDAAyD;AACzD,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;AAE/B,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,MAAM,MAAM,UAAU,CAAC;AAC9B,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAU/C,MAAM,OAAO,WAAW;IACL,SAAS,CAAS;IAClB,YAAY,CAAS;IAEtC;QACE,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,iCAAiC,CAAC;QAC7E,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,KAAK,CAAC;QAExD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,YAAqB;QAC1D,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QAEnB,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,EAAE;iBACtB,MAAM,EAAE;iBACR,IAAI,CAAC,YAAY,CAAC;iBAClB,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;iBAC1C,KAAK,CAAC,CAAC,CAAC,CAAC;YAEZ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC,sBAAsB,QAAQ,EAAE,CAAC,CAAC;gBAC9C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,gCAAgC;YAChC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC5E,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,CAAC,IAAI,CAAC,qCAAqC,QAAQ,EAAE,CAAC,CAAC;oBAC7D,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YAChD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CACpB,QAAgB,EAChB,MAAc,EACd,WAAmB,EACnB,QAAgB,YAAY;QAE5B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,aAAa;QAEtE,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC;gBACzC,IAAI;gBACJ,MAAM;gBACN,QAAQ;gBACR,WAAW;gBACX,KAAK;gBACL,SAAS;gBACT,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,gCAAgC,MAAM,YAAY,QAAQ,EAAE,CAAC,CAAC;YAC1E,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CACxB,IAAY,EACZ,QAAgB,EAChB,YAAoB,EACpB,WAAmB;QAQnB,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QAEnB,IAAI,CAAC;YACH,kBAAkB;YAClB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YACtE,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,6BAA6B;YAC7B,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;iBACxB,MAAM,EAAE;iBACR,IAAI,CAAC,kBAAkB,CAAC;iBACxB,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,kBAAkB,CAAC,IAAI,EAAE,IAAI,CAAC,EACjC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAC1C,CACF;iBACA,KAAK,CAAC,CAAC,CAAC,CAAC;YAEZ,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,2BAA2B;YAC3B,IAAI,IAAI,IAAI,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,iCAAiC;YACjC,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YAED,wBAAwB;YACxB,IAAI,QAAQ,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YAED,oBAAoB;YACpB,MAAM,EAAE;iBACL,MAAM,CAAC,kBAAkB,CAAC;iBAC1B,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;iBACnB,KAAK,CAAC,EAAE,CAAC,kBAAkB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;YAE5C,kBAAkB;YAClB,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAC1C,QAAQ,CAAC,MAAM,EACf,QAAQ,EACR,QAAQ,CAAC,KAAK,IAAI,YAAY,CAC/B,CAAC;YAEF,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,CAC5C,QAAQ,CAAC,MAAM,EACf,QAAQ,EACR,QAAQ,CAAC,KAAK,IAAI,YAAY,CAC/B,CAAC;YAEF,2BAA2B;YAC3B,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,WAAW;YAEzE,MAAM,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;gBAClC,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,WAAW;gBACX,YAAY;gBACZ,SAAS;gBACT,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,0BAA0B,QAAQ,CAAC,MAAM,YAAY,QAAQ,EAAE,CAAC,CAAC;YAE7E,OAAO;gBACL,YAAY,EAAE,WAAW;gBACzB,aAAa,EAAE,YAAY;gBAC3B,UAAU,EAAE,QAAQ;gBACpB,UAAU,EAAE,KAAK,EAAE,sBAAsB;gBACzC,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,YAAY;aACtC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;YACxD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,MAAc,EAAE,QAAgB,EAAE,KAAa;QACzE,MAAM,OAAO,GAAiB;YAC5B,GAAG,EAAE,MAAM;YACX,SAAS,EAAE,QAAQ;YACnB,KAAK;SACN,CAAC;QAEF,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE;YACvC,SAAS,EAAE,IAAI,CAAC,YAAmB;SACpC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,MAAc,EAAE,QAAgB,EAAE,KAAa;QAC1E,MAAM,OAAO,GAAiB;YAC5B,GAAG,EAAE,MAAM;YACX,SAAS,EAAE,QAAQ;YACnB,KAAK;SACN,CAAC;QAEF,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE;YACvC,SAAS,EAAE,KAAY,EAAE,6BAA6B;SACvD,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,KAAa;QACrC,IAAI,CAAC;YACH,uBAAuB;YACvB,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAiB,CAAC;YAElE,uDAAuD;YACvD,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;YACnB,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,EAAE;iBACvB,MAAM,EAAE;iBACR,IAAI,CAAC,WAAW,CAAC;iBACjB,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;iBACzC,KAAK,CAAC,CAAC,CAAC,CAAC;YAEZ,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,YAAoB;QAK3C,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QAEnB,IAAI,CAAC;YACH,uBAAuB;YACvB,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAiB,CAAC;YAEzE,sBAAsB;YACtB,MAAM,CAAC,aAAa,CAAC,GAAG,MAAM,EAAE;iBAC7B,MAAM,EAAE;iBACR,IAAI,CAAC,WAAW,CAAC;iBACjB,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;iBACjD,KAAK,CAAC,CAAC,CAAC,CAAC;YAEZ,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YAED,4BAA4B;YAC5B,MAAM,cAAc,GAAG,IAAI,CAAC,mBAAmB,CAC7C,OAAO,CAAC,GAAG,EACX,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,KAAK,CACd,CAAC;YAEF,2BAA2B;YAC3B,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAE7D,MAAM,EAAE;iBACL,MAAM,CAAC,WAAW,CAAC;iBACnB,GAAG,CAAC;gBACH,WAAW,EAAE,cAAc;gBAC3B,SAAS;gBACT,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC;iBACD,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC;YAE/C,MAAM,CAAC,IAAI,CAAC,4BAA4B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;YAEvD,OAAO;gBACL,YAAY,EAAE,cAAc;gBAC5B,UAAU,EAAE,QAAQ;gBACpB,UAAU,EAAE,KAAK;aAClB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QAEnB,IAAI,CAAC;YACH,MAAM,EAAE;iBACL,MAAM,CAAC,WAAW,CAAC;iBACnB,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;YAE7C,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,UAAkB;QACtC,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QAEnB,IAAI,CAAC;YACH,uBAAuB;YACvB,MAAM,CAAC,YAAY,CAAC,GAAG,MAAM,EAAE;iBAC5B,MAAM,EAAE;iBACR,IAAI,CAAC,KAAK,CAAC;iBACX,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;iBACvC,KAAK,CAAC,CAAC,CAAC,CAAC;YAEZ,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,YAAY,CAAC,EAAE,CAAC;YACzB,CAAC;YAED,kBAAkB;YAClB,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,EAAE;iBACvB,MAAM,CAAC,KAAK,CAAC;iBACb,MAAM,CAAC;gBACN,UAAU;aACX,CAAC;iBACD,SAAS,EAAE,CAAC;YAEf,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAC;YAChE,OAAO,OAAO,CAAC,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;CACF;AAED,4BAA4B;AAC5B,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC"}

package/dist/server/oauth/dpop.d.ts

@@ -1,135 +0,0 @@
-import { KeyObject } from 'crypto';
-import { JWK } from 'jose';
-/**
- * DPoP Proof structure according to RFC draft
- */
-export interface DPoPProof {
-    typ: 'dpop+jwt';
-    alg: 'RS256' | 'ES256';
-    jwk: JWK;
-}
-/**
- * DPoP Proof payload
- */
-export interface DPoPPayload {
-    jti: string;
-    htm: string;
-    htu: string;
-    iat: number;
-    ath?: string;
-    nonce?: string;
-}
-/**
- * DPoP Token binding
- */
-export interface DPoPBinding {
-    jkt: string;
-    cnf?: {
-        jkt: string;
-    };
-}
-/**
- * DPoP Manager for Demonstration of Proof of Possession
- * Implements sender-constrained tokens to prevent token theft
- * Based on OAuth 2.0 DPoP draft specification
- */
-export declare class DPoPManager {
-    private readonly jtiCache;
-    private readonly nonceCache;
-    private readonly JTI_TTL;
-    private readonly NONCE_TTL;
-    private readonly MAX_TIME_SKEW;
-    /**
-     * Generate a DPoP key pair for client
-     */
-    generateKeyPair(algorithm?: 'RS256' | 'ES256'): {
-        publicKey: KeyObject;
-        privateKey: KeyObject;
-        jwk: JWK;
-    };
-    /**
-     * Create a DPoP proof JWT
-     */
-    createDPoPProof(privateKey: KeyObject, httpMethod: string, httpUri: string, options?: {
-        accessToken?: string;
-        nonce?: string;
-        algorithm?: 'RS256' | 'ES256';
-    }): Promise<string>;
-    /**
-     * Validate a DPoP proof
-     */
-    validateDPoPProof(dpopProof: string, httpMethod: string, httpUri: string, options?: {
-        accessToken?: string;
-        expectedNonce?: string;
-        requireNonce?: boolean;
-    }): Promise<{
-        valid: boolean;
-        jkt?: string;
-        error?: string;
-    }>;
-    /**
-     * Generate a server nonce for enhanced security
-     */
-    generateNonce(): string;
-    /**
-     * Validate a nonce
-     */
-    validateNonce(nonce: string): Promise<boolean>;
-    /**
-     * Bind an access token to a DPoP key
-     */
-    createDPoPBoundToken(token: any, jkt: string): any;
-    /**
-     * Validate that a token is bound to the correct DPoP key
-     */
-    validateTokenBinding(token: any, dpopJkt: string): boolean;
-    /**
-     * Hash a token for the 'ath' claim
-     */
-    private hashToken;
-    /**
-     * Calculate JWK thumbprint (RFC 7638)
-     */
-    private calculateJwkThumbprint;
-    /**
-     * Normalize URI for comparison
-     */
-    private normalizeUri;
-    /**
-     * Generate unique JTI
-     */
-    private generateJti;
-    /**
-     * Check if JTI has been used
-     */
-    private isJtiUsed;
-    /**
-     * Store JTI to prevent replay
-     */
-    private storeJti;
-    /**
-     * Clean up expired JTIs
-     */
-    private cleanupExpiredJtis;
-    /**
-     * Clean up expired nonces
-     */
-    private cleanupExpiredNonces;
-    /**
-     * Middleware for Express to validate DPoP proofs
-     */
-    middleware(options?: {
-        requireDPoP?: boolean;
-        requireNonce?: boolean;
-    }): (req: any, res: any, next: any) => Promise<any>;
-    /**
-     * Get statistics about DPoP usage
-     */
-    getStats(): {
-        activeJtis: number;
-        activeNonces: number;
-        totalValidations: number;
-    };
-}
-export declare const dpopManager: DPoPManager;
-//# sourceMappingURL=dpop.d.ts.map

package/dist/server/oauth/dpop.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiD,SAAS,EAAE,MAAM,QAAQ,CAAC;AAClF,OAAO,EAAiC,GAAG,EAAa,MAAM,MAAM,CAAC;AAGrE;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,UAAU,CAAC;IAChB,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;IACvB,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAED;;;;GAIG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA6B;IACtD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6B;IACxD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAU;IACpC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAO;IAErC;;OAEG;IACH,eAAe,CAAC,SAAS,GAAE,OAAO,GAAG,OAAiB,GAAG;QACvD,SAAS,EAAE,SAAS,CAAC;QACrB,UAAU,EAAE,SAAS,CAAC;QACtB,GAAG,EAAE,GAAG,CAAC;KACV;IA6BD;;OAEG;IACG,eAAe,CACnB,UAAU,EAAE,SAAS,EACrB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QACR,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;KAC/B,GACA,OAAO,CAAC,MAAM,CAAC;IAsClB;;OAEG;IACG,iBAAiB,CACrB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QACR,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,GACA,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAmF5D;;OAEG;IACH,aAAa,IAAI,MAAM;IAWvB;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAiBpD;;OAEG;IACH,oBAAoB,CAClB,KAAK,EAAE,GAAG,EACV,GAAG,EAAE,MAAM,GACV,GAAG;IAUN;;OAEG;IACH,oBAAoB,CAClB,KAAK,EAAE,GAAG,EACV,OAAO,EAAE,MAAM,GACd,OAAO;IAcV;;OAEG;YACW,SAAS;IAOvB;;OAEG;YACW,sBAAsB;IAwBpC;;OAEG;IACH,OAAO,CAAC,YAAY;IAMpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAInB;;OAEG;YACW,SAAS;IAIvB;;OAEG;YACW,QAAQ;IAMtB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAS1B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAS5B;;OAEG;IACH,UAAU,CAAC,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAC;QAAC,YAAY,CAAC,EAAE,OAAO,CAAA;KAAE,IACtD,KAAK,GAAG,EAAE,KAAK,GAAG,EAAE,MAAM,GAAG;IAgD7C;;OAEG;IACH,QAAQ,IAAI;QACV,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,gBAAgB,EAAE,MAAM,CAAC;KAC1B;CAUF;AAGD,eAAO,MAAM,WAAW,aAAoB,CAAC"}