fa-mcp-sdk 0.2.146 → 0.2.174
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/bin/fa-mcp.js +66 -54
- package/cli-template/.env.example +2 -2
- package/cli-template/README.md +2 -2
- package/cli-template/fa-mcp-sdk-spec.md +122 -41
- package/cli-template/package.json +3 -3
- package/cli-template/r/TEST HTTP.xml +9 -0
- package/cli-template/{run/TEST SSE.run.xml → r/TEST SSE.xml } +2 -2
- package/cli-template/{run/TEST STDIO.run.xml → r/TEST STDIO.xml } +2 -2
- package/cli-template/r/generate-token.xml +14 -0
- package/cli-template/{run/kill-server.run.xml → r/kill-server.xml} +2 -2
- package/cli-template/{run/kill-token-gen-server.xml → r/remove-nul.xml} +4 -5
- package/{cli-template/config → config}/_local.yaml +28 -14
- package/{cli-template/config → config}/custom-environment-variables.yaml +3 -0
- package/{cli-template/config → config}/default.yaml +50 -10
- package/{cli-template/config → config}/development.yaml +4 -4
- package/config/local.yaml +81 -0
- package/{cli-template/config → config}/production.yaml +4 -4
- package/dist/core/_types_/active-directory-config.d.ts +3 -0
- package/dist/core/_types_/active-directory-config.d.ts.map +1 -1
- package/dist/core/_types_/config.d.ts +5 -1
- package/dist/core/_types_/config.d.ts.map +1 -1
- package/dist/core/_types_/types.d.ts +5 -1
- package/dist/core/_types_/types.d.ts.map +1 -1
- package/dist/core/ad/group-checker.d.ts +13 -0
- package/dist/core/ad/group-checker.d.ts.map +1 -0
- package/dist/core/ad/group-checker.js +86 -0
- package/dist/core/ad/group-checker.js.map +1 -0
- package/dist/core/auth/admin-auth.d.ts +16 -0
- package/dist/core/auth/admin-auth.d.ts.map +1 -0
- package/dist/core/auth/admin-auth.js +159 -0
- package/dist/core/auth/admin-auth.js.map +1 -0
- package/dist/core/auth/basic.d.ts +6 -0
- package/dist/core/auth/basic.d.ts.map +1 -0
- package/dist/core/auth/basic.js +26 -0
- package/dist/core/auth/basic.js.map +1 -0
- package/dist/core/auth/{jwt-validation.d.ts → jwt.d.ts} +4 -3
- package/dist/core/auth/jwt.d.ts.map +1 -0
- package/dist/core/auth/{jwt-validation.js → jwt.js} +9 -19
- package/dist/core/auth/jwt.js.map +1 -0
- package/dist/core/auth/middleware.d.ts.map +1 -1
- package/dist/core/auth/middleware.js +3 -3
- package/dist/core/auth/middleware.js.map +1 -1
- package/dist/core/auth/multi-auth.d.ts +14 -6
- package/dist/core/auth/multi-auth.d.ts.map +1 -1
- package/dist/core/auth/multi-auth.js +151 -141
- package/dist/core/auth/multi-auth.js.map +1 -1
- package/dist/core/auth/permanent.d.ts +6 -0
- package/dist/core/auth/permanent.d.ts.map +1 -0
- package/dist/core/auth/permanent.js +15 -0
- package/dist/core/auth/permanent.js.map +1 -0
- package/dist/core/auth/token-generator/ntlm/ntlm-domain-config.d.ts +1 -1
- package/dist/core/auth/token-generator/ntlm/ntlm-domain-config.d.ts.map +1 -1
- package/dist/core/auth/token-generator/ntlm/ntlm-domain-config.js +8 -10
- package/dist/core/auth/token-generator/ntlm/ntlm-domain-config.js.map +1 -1
- package/dist/core/auth/token-generator/ntlm/ntlm-integration.d.ts.map +1 -1
- package/dist/core/auth/token-generator/ntlm/ntlm-integration.js +9 -2
- package/dist/core/auth/token-generator/ntlm/ntlm-integration.js.map +1 -1
- package/dist/core/auth/token-generator/server.d.ts.map +1 -1
- package/dist/core/auth/token-generator/server.js +59 -25
- package/dist/core/auth/token-generator/server.js.map +1 -1
- package/dist/core/auth/types.d.ts +4 -3
- package/dist/core/auth/types.d.ts.map +1 -1
- package/dist/core/bootstrap/startup-info.d.ts.map +1 -1
- package/dist/core/bootstrap/startup-info.js +19 -0
- package/dist/core/bootstrap/startup-info.js.map +1 -1
- package/dist/core/consul/access-points-updater.js +1 -1
- package/dist/core/consul/access-points-updater.js.map +1 -1
- package/dist/core/consul/get-consul-api.d.ts +1 -1
- package/dist/core/consul/get-consul-api.d.ts.map +1 -1
- package/dist/core/consul/get-consul-api.js +1 -1
- package/dist/core/consul/get-consul-api.js.map +1 -1
- package/dist/core/consul/register.d.ts +1 -1
- package/dist/core/consul/register.d.ts.map +1 -1
- package/dist/core/index.d.ts +3 -1
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +3 -1
- package/dist/core/index.js.map +1 -1
- package/dist/core/init-mcp-server.d.ts.map +1 -1
- package/dist/core/init-mcp-server.js +1 -1
- package/dist/core/init-mcp-server.js.map +1 -1
- package/dist/core/utils/testing/McpSseClient.js.map +1 -1
- package/dist/core/web/admin-router.d.ts +10 -0
- package/dist/core/web/admin-router.d.ts.map +1 -0
- package/dist/core/web/admin-router.js +227 -0
- package/dist/core/web/admin-router.js.map +1 -0
- package/dist/core/web/favicon-svg.d.ts +1 -1
- package/dist/core/web/favicon-svg.d.ts.map +1 -1
- package/dist/core/web/favicon-svg.js +21 -3
- package/dist/core/web/favicon-svg.js.map +1 -1
- package/dist/core/web/home-api.d.ts +7 -0
- package/dist/core/web/home-api.d.ts.map +1 -0
- package/dist/core/web/home-api.js +93 -0
- package/dist/core/web/home-api.js.map +1 -0
- package/dist/core/web/server-http.d.ts +1 -0
- package/dist/core/web/server-http.d.ts.map +1 -1
- package/dist/core/web/server-http.js +60 -25
- package/dist/core/web/server-http.js.map +1 -1
- package/dist/core/web/static/home/index.html +206 -0
- package/dist/core/web/static/home/script.js +636 -0
- package/dist/core/web/{about-page/css.js → static/styles.css} +435 -105
- package/dist/core/web/static/token-gen/index.html +82 -0
- package/dist/core/web/static/token-gen/jwt-icon.svg +3 -0
- package/dist/core/web/static/token-gen/logout.svg +4 -0
- package/dist/core/web/static/token-gen/script.js +365 -0
- package/dist/core/web/static/token-gen/user.svg +4 -0
- package/dist/core/web/svg-icons.d.ts +7 -0
- package/dist/core/web/svg-icons.d.ts.map +1 -0
- package/dist/core/web/svg-icons.js +78 -0
- package/dist/core/web/svg-icons.js.map +1 -0
- package/package.json +7 -3
- package/scripts/copy-static.js +31 -0
- package/src/template/_examples/multi-auth-examples.ts +14 -47
- package/src/template/_types_/custom-config.ts +83 -0
- package/src/template/asset/logo.svg +4 -0
- package/src/template/start.ts +3 -3
- package/src/template/tools/handle-tool-call.ts +2 -1
- package/src/tests/mcp/test-http.js +10 -2
- package/src/tests/mcp/test-sse.js +10 -2
- package/src/tests/mcp/test-stdio.js +1 -2
- package/cli-template/run/TEST HTTP.run.xml +0 -5
- package/cli-template/run/TEST search.run.xml +0 -11
- package/cli-template/run/remove-nul.js.run.xml +0 -5
- package/dist/core/auth/jwt-validation.d.ts.map +0 -1
- package/dist/core/auth/jwt-validation.js.map +0 -1
- package/dist/core/auth/token-generator/html.d.ts +0 -9
- package/dist/core/auth/token-generator/html.d.ts.map +0 -1
- package/dist/core/auth/token-generator/html.js +0 -862
- package/dist/core/auth/token-generator/html.js.map +0 -1
- package/dist/core/web/about-page/css.d.ts +0 -2
- package/dist/core/web/about-page/css.d.ts.map +0 -1
- package/dist/core/web/about-page/css.js.map +0 -1
- package/dist/core/web/about-page/render.d.ts +0 -2
- package/dist/core/web/about-page/render.d.ts.map +0 -1
- package/dist/core/web/about-page/render.js +0 -773
- package/dist/core/web/about-page/render.js.map +0 -1
- /package/cli-template/{run/== START ==.run.xml → r/== START ==.xml} +0 -0
- /package/cli-template/{run/cb.run.xml → r/cb.xml} +0 -0
- /package/cli-template/{run/ci.run.xml → r/ci.xml} +0 -0
- /package/cli-template/{run/lint.run.xml → r/lint.xml} +0 -0
- /package/cli-template/{run/lint_fix.run.xml → r/lint_fix.xml} +0 -0
- /package/cli-template/{run/reinstall.run.xml → r/reinstall.xml} +0 -0
- /package/{cli-template/config → config}/test.yaml +0 -0
- /package/{src/template/asset/favicon.svg → dist/core/web/static/logo.svg} +0 -0
- /package/{cli-template/scripts → scripts}/kill-port.js +0 -0
- /package/{cli-template/scripts → scripts}/npm/patch_node_modules.js +0 -0
- /package/{cli-template/scripts → scripts}/npm/run.js +0 -0
- /package/{cli-template/scripts → scripts}/npm/yarn-ci.ps1 +0 -0
- /package/{cli-template/scripts → scripts}/npm/yarn-ci.sh +0 -0
- /package/{cli-template/scripts → scripts}/npm/yarn-reinstall.ps1 +0 -0
- /package/{cli-template/scripts → scripts}/npm/yarn-reinstall.sh +0 -0
- /package/{cli-template/scripts → scripts}/pre-commit +0 -0
- /package/{cli-template/scripts → scripts}/remove-nul.js +0 -0
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Admin panel authentication middleware
|
|
3
|
+
* Supports 4 authentication types: permanentServerTokens, basic, jwtToken, ntlm
|
|
4
|
+
*/
|
|
5
|
+
import chalk from 'chalk';
|
|
6
|
+
import { appConfig } from '../bootstrap/init-config.js';
|
|
7
|
+
import { logger as lgr } from '../logger.js';
|
|
8
|
+
import { checkPermanentToken } from './permanent.js';
|
|
9
|
+
import { checkJwtToken } from './jwt.js';
|
|
10
|
+
import { getTokenFromHttpHeader } from './multi-auth.js';
|
|
11
|
+
import { setupNTLMAuthentication } from './token-generator/ntlm/ntlm-integration.js';
|
|
12
|
+
import { isNTLMEnabled } from './token-generator/ntlm/ntlm-domain-config.js';
|
|
13
|
+
import { checkBasicAuth } from './basic.js';
|
|
14
|
+
const logger = lgr.getSubLogger({ name: chalk.yellow('admin-auth') });
|
|
15
|
+
const { adminAuth, auth } = appConfig.webServer || {};
|
|
16
|
+
/**
|
|
17
|
+
* Validates admin auth configuration
|
|
18
|
+
* Returns error message if configuration is invalid, null if valid
|
|
19
|
+
*/
|
|
20
|
+
export function validateAdminAuthConfig() {
|
|
21
|
+
if (!adminAuth?.enabled) {
|
|
22
|
+
return null; // Disabled, no validation needed
|
|
23
|
+
}
|
|
24
|
+
const authType = adminAuth.type;
|
|
25
|
+
switch (authType) {
|
|
26
|
+
case 'permanentServerTokens': {
|
|
27
|
+
const tokens = auth?.permanentServerTokens;
|
|
28
|
+
if (!Array.isArray(tokens) || !tokens.filter(Boolean).length) {
|
|
29
|
+
return 'adminAuth type is "permanentServerTokens" but no tokens are configured in webServer.auth.permanentServerTokens';
|
|
30
|
+
}
|
|
31
|
+
break;
|
|
32
|
+
}
|
|
33
|
+
case 'basic': {
|
|
34
|
+
const basic = auth?.basic;
|
|
35
|
+
if (!basic?.username || !basic?.password) {
|
|
36
|
+
return 'adminAuth type is "basic" but username or password is missing in webServer.auth.basic';
|
|
37
|
+
}
|
|
38
|
+
break;
|
|
39
|
+
}
|
|
40
|
+
case 'jwtToken': {
|
|
41
|
+
const jwt = auth?.jwtToken;
|
|
42
|
+
if (!jwt?.encryptKey || jwt.encryptKey.length < 8) {
|
|
43
|
+
return 'adminAuth type is "jwtToken" but encryptKey is missing or too short in webServer.auth.jwtToken';
|
|
44
|
+
}
|
|
45
|
+
break;
|
|
46
|
+
}
|
|
47
|
+
case 'ntlm': {
|
|
48
|
+
// NTLM doesn't require credentials in webServer.auth, just AD config
|
|
49
|
+
// The isNTLMEnabled function checks for AD configuration
|
|
50
|
+
if (!isNTLMEnabled) {
|
|
51
|
+
return 'adminAuth type is "ntlm" but no AD configuration found (ad.domains is empty or missing)';
|
|
52
|
+
}
|
|
53
|
+
break;
|
|
54
|
+
}
|
|
55
|
+
default:
|
|
56
|
+
return `Unknown adminAuth type: ${authType}. Valid types: permanentServerTokens, basic, jwtToken, ntlm`;
|
|
57
|
+
}
|
|
58
|
+
return null;
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Creates admin authentication middleware based on adminAuth.type config
|
|
62
|
+
*/
|
|
63
|
+
export function createAdminAuthMW() {
|
|
64
|
+
// If admin auth is disabled, return pass-through middleware
|
|
65
|
+
if (!adminAuth?.enabled) {
|
|
66
|
+
logger.info('Admin authentication is DISABLED');
|
|
67
|
+
return [(req, res, next) => {
|
|
68
|
+
// Set anonymous user info for compatibility
|
|
69
|
+
req.ntlm = {
|
|
70
|
+
isAuthenticated: false,
|
|
71
|
+
username: 'Anonymous',
|
|
72
|
+
domain: 'NoAuth',
|
|
73
|
+
};
|
|
74
|
+
next();
|
|
75
|
+
}];
|
|
76
|
+
}
|
|
77
|
+
const authType = adminAuth.type;
|
|
78
|
+
logger.info(`Admin authentication enabled with type: ${authType}`);
|
|
79
|
+
// For NTLM, use existing NTLM middleware
|
|
80
|
+
if (authType === 'ntlm') {
|
|
81
|
+
return setupNTLMAuthentication();
|
|
82
|
+
}
|
|
83
|
+
// For other auth types, create standard middleware
|
|
84
|
+
return [
|
|
85
|
+
(req, res, next) => {
|
|
86
|
+
// Set default NTLM info for compatibility with token-generator templates
|
|
87
|
+
req.ntlm = {
|
|
88
|
+
isAuthenticated: false,
|
|
89
|
+
username: 'Unknown',
|
|
90
|
+
domain: 'Unknown',
|
|
91
|
+
};
|
|
92
|
+
const { scheme, credentials } = getTokenFromHttpHeader(req);
|
|
93
|
+
// If no credentials provided, request authentication
|
|
94
|
+
if (!credentials) {
|
|
95
|
+
return sendAuthRequired(res, authType);
|
|
96
|
+
}
|
|
97
|
+
let authResult;
|
|
98
|
+
switch (authType) {
|
|
99
|
+
case 'permanentServerTokens': {
|
|
100
|
+
const result = checkPermanentToken(credentials);
|
|
101
|
+
authResult = result.errorReason
|
|
102
|
+
? { success: false, error: result.errorReason }
|
|
103
|
+
: { success: true, username: 'ServerToken' };
|
|
104
|
+
break;
|
|
105
|
+
}
|
|
106
|
+
case 'basic': {
|
|
107
|
+
if (scheme !== 'basic') {
|
|
108
|
+
return sendAuthRequired(res, authType, 'Basic authentication required');
|
|
109
|
+
}
|
|
110
|
+
authResult = checkBasicAuth(credentials);
|
|
111
|
+
break;
|
|
112
|
+
}
|
|
113
|
+
case 'jwtToken': {
|
|
114
|
+
const result = checkJwtToken({ token: credentials });
|
|
115
|
+
authResult = result.errorReason
|
|
116
|
+
? { success: false, error: result.errorReason }
|
|
117
|
+
: { success: true, username: result.payload?.user || 'JWT User', payload: result.payload };
|
|
118
|
+
break;
|
|
119
|
+
}
|
|
120
|
+
default:
|
|
121
|
+
authResult = { success: false, error: `Unknown auth type: ${authType}` };
|
|
122
|
+
}
|
|
123
|
+
if (!authResult.success) {
|
|
124
|
+
logger.debug(`Admin auth failed: ${authResult.error}`);
|
|
125
|
+
return sendAuthRequired(res, authType, authResult.error);
|
|
126
|
+
}
|
|
127
|
+
// Set authenticated user info
|
|
128
|
+
req.ntlm = {
|
|
129
|
+
isAuthenticated: true,
|
|
130
|
+
username: authResult.username || 'Authenticated',
|
|
131
|
+
domain: authType,
|
|
132
|
+
};
|
|
133
|
+
if (authResult.payload) {
|
|
134
|
+
req.authPayload = authResult.payload;
|
|
135
|
+
}
|
|
136
|
+
next();
|
|
137
|
+
},
|
|
138
|
+
];
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Send authentication required response
|
|
142
|
+
*/
|
|
143
|
+
function sendAuthRequired(res, authType, message) {
|
|
144
|
+
const errorMessage = message || 'Authentication required';
|
|
145
|
+
switch (authType) {
|
|
146
|
+
case 'basic':
|
|
147
|
+
res.setHeader('WWW-Authenticate', 'Basic realm="Admin Panel"');
|
|
148
|
+
break;
|
|
149
|
+
case 'permanentServerTokens':
|
|
150
|
+
case 'jwtToken':
|
|
151
|
+
res.setHeader('WWW-Authenticate', 'Bearer realm="Admin Panel"');
|
|
152
|
+
break;
|
|
153
|
+
}
|
|
154
|
+
res.status(401).json({
|
|
155
|
+
success: false,
|
|
156
|
+
error: errorMessage,
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
//# sourceMappingURL=admin-auth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"admin-auth.js","sourceRoot":"","sources":["../../../src/core/auth/admin-auth.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,MAAM,IAAI,GAAG,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,uBAAuB,EAAE,MAAM,4CAA4C,CAAC;AACrF,OAAO,EAAE,aAAa,EAAE,MAAM,8CAA8C,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;AAGtE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,SAAS,IAAI,EAAE,CAAC;AAEtD;;;GAGG;AACH,MAAM,UAAU,uBAAuB;IACrC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,CAAC,iCAAiC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC;IAEhC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAI,EAAE,qBAAqB,CAAC;YAC3C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC7D,OAAO,gHAAgH,CAAC;YAC1H,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;YAC1B,IAAI,CAAC,KAAK,EAAE,QAAQ,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;gBACzC,OAAO,uFAAuF,CAAC;YACjG,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,MAAM,GAAG,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC3B,IAAI,CAAC,GAAG,EAAE,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClD,OAAO,gGAAgG,CAAC;YAC1G,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,qEAAqE;YACrE,yDAAyD;YACzD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,yFAAyF,CAAC;YACnG,CAAC;YACD,MAAM;QACR,CAAC;QAED;YACE,OAAO,2BAA2B,QAAQ,6DAA6D,CAAC;IAC5G,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,4DAA4D;IAC5D,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAChD,OAAO,CAAC,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;gBAC1D,4CAA4C;gBAC5C,GAAG,CAAC,IAAI,GAAG;oBACT,eAAe,EAAE,KAAK;oBACtB,QAAQ,EAAE,WAAW;oBACrB,MAAM,EAAE,QAAQ;iBACjB,CAAC;gBACF,IAAI,EAAE,CAAC;YACT,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC;IAChC,MAAM,CAAC,IAAI,CAAC,2CAA2C,QAAQ,EAAE,CAAC,CAAC;IAEnE,yCAAyC;IACzC,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,uBAAuB,EAAE,CAAC;IACnC,CAAC;IAED,mDAAmD;IACnD,OAAO;QACL,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAClD,yEAAyE;YACzE,GAAG,CAAC,IAAI,GAAG;gBACT,eAAe,EAAE,KAAK;gBACtB,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,SAAS;aAClB,CAAC;YAEF,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;YAE5D,qDAAqD;YACrD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,gBAAgB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACzC,CAAC;YAED,IAAI,UAAkF,CAAC;YAEvF,QAAQ,QAAQ,EAAE,CAAC;gBACjB,KAAK,uBAAuB,CAAC,CAAC,CAAC;oBAC7B,MAAM,MAAM,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;oBAChD,UAAU,GAAG,MAAM,CAAC,WAAW;wBAC7B,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,EAAE;wBAC/C,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC;oBAC/C,MAAM;gBACR,CAAC;gBAED,KAAK,OAAO,CAAC,CAAC,CAAC;oBACb,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;wBACvB,OAAO,gBAAgB,CAAC,GAAG,EAAE,QAAQ,EAAE,+BAA+B,CAAC,CAAC;oBAC1E,CAAC;oBACD,UAAU,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;oBACzC,MAAM;gBACR,CAAC;gBAED,KAAK,UAAU,CAAC,CAAC,CAAC;oBAChB,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;oBACrD,UAAU,GAAG,MAAM,CAAC,WAAW;wBAC7B,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,EAAE;wBAC/C,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;oBAC7F,MAAM;gBACR,CAAC;gBAED;oBACE,UAAU,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,QAAQ,EAAE,EAAE,CAAC;YAC7E,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,MAAM,CAAC,KAAK,CAAC,sBAAsB,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;gBACvD,OAAO,gBAAgB,CAAC,GAAG,EAAE,QAAQ,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;YAC3D,CAAC;YAED,8BAA8B;YAC9B,GAAG,CAAC,IAAI,GAAG;gBACT,eAAe,EAAE,IAAI;gBACrB,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,eAAe;gBAChD,MAAM,EAAE,QAAQ;aACjB,CAAC;YAEF,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBACtB,GAAW,CAAC,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC;YAChD,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAE,GAAa,EAAE,QAAuB,EAAE,OAAgB;IACjF,MAAM,YAAY,GAAG,OAAO,IAAI,yBAAyB,CAAC;IAE1D,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,2BAA2B,CAAC,CAAC;YAC/D,MAAM;QACR,KAAK,uBAAuB,CAAC;QAC7B,KAAK,UAAU;YACb,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,4BAA4B,CAAC,CAAC;YAChE,MAAM;IACV,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,YAAY;KACpB,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"basic.d.ts","sourceRoot":"","sources":["../../../src/core/auth/basic.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAGxC;;GAEG;AACH,wBAAgB,cAAc,CAAE,WAAW,EAAE,MAAM,GAAG,UAAU,CAqB/D"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import { appConfig } from '../bootstrap/init-config.js';
|
|
2
|
+
/**
|
|
3
|
+
* Basic Authentication validation
|
|
4
|
+
*/
|
|
5
|
+
export function checkBasicAuth(credentials) {
|
|
6
|
+
const basic = appConfig.webServer?.auth?.basic;
|
|
7
|
+
if (!basic?.username || !basic?.password) {
|
|
8
|
+
return { success: false, error: 'Basic auth not configured' };
|
|
9
|
+
}
|
|
10
|
+
try {
|
|
11
|
+
// Expecting base64 encoded "username:password"
|
|
12
|
+
const decoded = Buffer.from(credentials, 'base64').toString('utf8');
|
|
13
|
+
const [username, password] = decoded.split(':');
|
|
14
|
+
if (!username || !password) {
|
|
15
|
+
return { success: false, error: 'Invalid basic auth format - missing username or password' };
|
|
16
|
+
}
|
|
17
|
+
if (username === basic.username && password === basic.password) {
|
|
18
|
+
return { success: true, username };
|
|
19
|
+
}
|
|
20
|
+
return { success: false, error: 'Invalid credentials' };
|
|
21
|
+
}
|
|
22
|
+
catch {
|
|
23
|
+
return { success: false, error: 'Invalid basic auth format - not valid base64' };
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=basic.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"basic.js","sourceRoot":"","sources":["../../../src/core/auth/basic.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAExD;;GAEG;AACH,MAAM,UAAU,cAAc,CAAE,WAAmB;IACjD,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,CAAC;IAC/C,IAAI,CAAC,KAAK,EAAE,QAAQ,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;QACzC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;IAChE,CAAC;IACD,IAAI,CAAC;QACH,+CAA+C;QAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEhD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0DAA0D,EAAE,CAAC;QAC/F,CAAC;QAED,IAAI,QAAQ,KAAK,KAAK,CAAC,QAAQ,IAAI,QAAQ,KAAK,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC/D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACrC,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,8CAA8C,EAAE,CAAC;IACnF,CAAC;AACH,CAAC"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { ICheckTokenResult } from './types.js';
|
|
2
|
-
export declare const
|
|
2
|
+
export declare const MIN_ENCRYPT_KEY_LENGTH = 8;
|
|
3
|
+
export declare const jwtTokenRE: RegExp;
|
|
3
4
|
/**
|
|
4
5
|
* Encrypts the transmitted text with a symmetric key taken from the config
|
|
5
6
|
*/
|
|
@@ -20,9 +21,9 @@ export declare const generateToken: (user: string, liveTimeSec: number, payload?
|
|
|
20
21
|
* - the obsolescence time must not be expired
|
|
21
22
|
* - If a user is transferred, it must match
|
|
22
23
|
*/
|
|
23
|
-
export declare const
|
|
24
|
+
export declare const checkJwtToken: (arg: {
|
|
24
25
|
token: string;
|
|
25
26
|
expectedUser?: string;
|
|
26
27
|
expectedService?: string;
|
|
27
28
|
}) => ICheckTokenResult;
|
|
28
|
-
//# sourceMappingURL=jwt
|
|
29
|
+
//# sourceMappingURL=jwt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../src/core/auth/jwt.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAiB,MAAM,YAAY,CAAC;AAU9D,eAAO,MAAM,sBAAsB,IAAI,CAAC;AASxC,eAAO,MAAM,UAAU,QAAmC,CAAC;AAE3D;;GAEG;AACH,eAAO,MAAM,OAAO,GAAI,MAAM,MAAM,KAAG,MAStC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,GAAI,cAAc,MAAM,WAW3C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,aAAa,GAAI,MAAM,MAAM,EAAE,aAAa,MAAM,EAAE,UAAU,GAAG,KAAG,MAYhF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,aAAa,GAAI,KAAK;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,KAAG,iBAgEH,CAAC"}
|
|
@@ -5,16 +5,16 @@ import { logger as lgr } from '../logger.js';
|
|
|
5
5
|
import { isObject, trim } from '../utils/utils.js';
|
|
6
6
|
import chalk from 'chalk';
|
|
7
7
|
const logger = lgr.getSubLogger({ name: chalk.cyan('token-auth') });
|
|
8
|
-
const { jwtToken
|
|
8
|
+
const { jwtToken } = appConfig.webServer?.auth || {};
|
|
9
9
|
const checkMCPName = jwtToken?.checkMCPName || false;
|
|
10
|
-
const
|
|
10
|
+
export const MIN_ENCRYPT_KEY_LENGTH = 8;
|
|
11
11
|
const ALGORITHM = 'aes-256-ctr';
|
|
12
12
|
const KEY = crypto
|
|
13
13
|
.createHash('sha256')
|
|
14
|
-
.update(String(jwtToken?.encryptKey || '
|
|
14
|
+
.update(String(jwtToken?.encryptKey || '11111111-7777-8888-9999-000000000000'))
|
|
15
15
|
.digest('base64')
|
|
16
16
|
.substring(0, 32);
|
|
17
|
-
export const
|
|
17
|
+
export const jwtTokenRE = /^(\d{13,})\.([\da-fA-F]{32,})$/;
|
|
18
18
|
/**
|
|
19
19
|
* Encrypts the transmitted text with a symmetric key taken from the config
|
|
20
20
|
*/
|
|
@@ -67,7 +67,7 @@ export const generateToken = (user, liveTimeSec, payload) => {
|
|
|
67
67
|
* - the obsolescence time must not be expired
|
|
68
68
|
* - If a user is transferred, it must match
|
|
69
69
|
*/
|
|
70
|
-
export const
|
|
70
|
+
export const checkJwtToken = (arg) => {
|
|
71
71
|
let { token, expectedUser, expectedService = appConfig.name } = arg;
|
|
72
72
|
token = (token || '').trim();
|
|
73
73
|
if (!token) {
|
|
@@ -75,16 +75,10 @@ export const checkToken = (arg) => {
|
|
|
75
75
|
errorReason: 'Token not passed',
|
|
76
76
|
};
|
|
77
77
|
}
|
|
78
|
-
|
|
79
|
-
return {
|
|
80
|
-
inTokenType: 'permanent',
|
|
81
|
-
};
|
|
82
|
-
}
|
|
83
|
-
const [, expirePartStr, encryptedPayload] = tokenRE.exec(token) || [];
|
|
78
|
+
const [, expirePartStr, encryptedPayload] = jwtTokenRE.exec(token) || [];
|
|
84
79
|
if (!expirePartStr || !encryptedPayload) {
|
|
85
80
|
return {
|
|
86
|
-
|
|
87
|
-
errorReason: 'The token is not a JWT and is not on the list of registered server tokens',
|
|
81
|
+
errorReason: 'The token is not a JWT',
|
|
88
82
|
};
|
|
89
83
|
}
|
|
90
84
|
let payloadStr = '';
|
|
@@ -104,7 +98,6 @@ export const checkToken = (arg) => {
|
|
|
104
98
|
catch (err) {
|
|
105
99
|
logger.error(err);
|
|
106
100
|
return {
|
|
107
|
-
inTokenType: 'JWT',
|
|
108
101
|
errorReason: `Error deserializing payload of JWT token :: ${err.message}`,
|
|
109
102
|
};
|
|
110
103
|
}
|
|
@@ -112,7 +105,6 @@ export const checkToken = (arg) => {
|
|
|
112
105
|
if (expectedUser && payload.user !== expectedUser) {
|
|
113
106
|
return {
|
|
114
107
|
isTokenDecrypted: true,
|
|
115
|
-
inTokenType: 'JWT',
|
|
116
108
|
errorReason: `JWT Token: user not match :: Expected '${expectedUser}' / obtained from the token: '${payload.user}'`,
|
|
117
109
|
};
|
|
118
110
|
}
|
|
@@ -120,7 +112,6 @@ export const checkToken = (arg) => {
|
|
|
120
112
|
if (expectedService && payload.service !== expectedService) {
|
|
121
113
|
return {
|
|
122
114
|
isTokenDecrypted: true,
|
|
123
|
-
inTokenType: 'JWT',
|
|
124
115
|
errorReason: `JWT Token: service not match :: Expected '${expectedService}' / obtained from the token: '${payload.service}'`,
|
|
125
116
|
};
|
|
126
117
|
}
|
|
@@ -131,11 +122,10 @@ export const checkToken = (arg) => {
|
|
|
131
122
|
// Token deprecated
|
|
132
123
|
return {
|
|
133
124
|
isTokenDecrypted: true,
|
|
134
|
-
inTokenType: 'JWT',
|
|
135
125
|
errorReason: `JWT Token expired :: on ${expiredOn} mc`,
|
|
136
126
|
};
|
|
137
127
|
}
|
|
138
128
|
// OK!
|
|
139
|
-
return {
|
|
129
|
+
return { payload };
|
|
140
130
|
};
|
|
141
|
-
//# sourceMappingURL=jwt
|
|
131
|
+
//# sourceMappingURL=jwt.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/core/auth/jwt.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAExD,OAAO,EAAE,MAAM,IAAI,GAAG,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;AAEpE,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC;AACrD,MAAM,YAAY,GAAG,QAAQ,EAAE,YAAY,IAAI,KAAK,CAAC;AAErD,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAExC,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,GAAG,GAAG,MAAM;KACf,UAAU,CAAC,QAAQ,CAAC;KACpB,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,IAAI,sCAAsC,CAAC,CAAC;KAC9E,MAAM,CAAC,QAAQ,CAAC;KAChB,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAEpB,MAAM,CAAC,MAAM,UAAU,GAAG,gCAAgC,CAAC;AAE3D;;GAEG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,IAAY,EAAU,EAAE;IAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,kCAAkC;IAClC,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,uDAAuD;IACvD,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACzD,oCAAoC;IACpC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAChF,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtC,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,YAAoB,EAAE,EAAE;IAC9C,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACtD,iCAAiC;IACjC,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzC,eAAe;IACf,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC1C,kBAAkB;IAClB,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9D,sBAAsB;IACtB,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACjF,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAC;AACjC,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,IAAY,EAAE,WAAmB,EAAE,OAAa,EAAU,EAAE;IACxF,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC1C,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3C,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IACpB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;IACxB,OAAO,CAAC,GAAG,GAAG,QAAQ,CAAC;IACvB,OAAO,GAAG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;AACzD,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAI7B,EAAqB,EAAE;IACtB,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,eAAe,GAAG,SAAS,CAAC,IAAI,EAAE,GAAG,GAAG,CAAC;IACpE,KAAK,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,WAAW,EAAE,kBAAkB;SAChC,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,EAAE,aAAa,EAAE,gBAAgB,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAEzE,IAAI,CAAC,aAAa,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxC,OAAO;YACL,WAAW,EAAE,wBAAwB;SACtC,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,GAAW,EAAE,CAAC;IAC5B,IAAI,CAAC;QACH,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO;YACL,WAAW,EAAE,iCAAiC,GAAG,CAAC,OAAO,EAAE;SAC5D,CAAC;IACJ,CAAC;IACD,IAAI,OAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO;YACL,WAAW,EAAE,+CAA+C,GAAG,CAAC,OAAO,EAAE;SAC1E,CAAC;IACJ,CAAC;IAED,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IAChD,IAAI,YAAY,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAClD,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2CAA2C,YAAY,iCAAiC,OAAO,CAAC,IAAI,GAAG;SACrH,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,eAAe,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;YAC3D,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,8CAA8C,eAAe,iCAAiC,OAAO,CAAC,OAAO,GAAG;aAC9H,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAExC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC;IACtC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,mBAAmB;QACnB,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2BAA2B,SAAS,KAAK;SACvD,CAAC;IACJ,CAAC;IACD,MAAM;IACN,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/core/auth/middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/core/auth/middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAkG1D;;;GAGG;AACH,eAAO,MAAM,iBAAiB,GAAU,KAAK,OAAO,KAAG,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAc3G,CAAC;AAMF,UAAU,qBAAqB;IAC7B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAE,OAAO,GAAE,qBAA0B,IAMjD,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,wDAkC9D"}
|
|
@@ -3,7 +3,7 @@ import { debugTokenAuth } from '../debug.js';
|
|
|
3
3
|
import { appConfig } from '../bootstrap/init-config.js';
|
|
4
4
|
import { getResourcesList } from '../mcp/resources.js';
|
|
5
5
|
import { getPromptsList } from '../mcp/prompts.js';
|
|
6
|
-
import {
|
|
6
|
+
import { checkMultiAuth, logAuthConfiguration } from './multi-auth.js';
|
|
7
7
|
const { enabled: authEnabled } = appConfig.webServer.auth;
|
|
8
8
|
const SHOW_HEADERS_SET = new Set(['user', 'authorization', 'x-real-ip', 'x-mode', 'host']);
|
|
9
9
|
const debugAuth = (req, code, message) => {
|
|
@@ -82,7 +82,7 @@ export const getMultiAuthError = async (req) => {
|
|
|
82
82
|
if (!authEnabled) {
|
|
83
83
|
return undefined;
|
|
84
84
|
}
|
|
85
|
-
const authResult = await
|
|
85
|
+
const authResult = await checkMultiAuth(req);
|
|
86
86
|
if (!authResult.success) {
|
|
87
87
|
return debugAuth(req, 401, authResult.error || 'Authentication failed');
|
|
88
88
|
}
|
|
@@ -112,7 +112,7 @@ export function createAuthMW(options = {}) {
|
|
|
112
112
|
}
|
|
113
113
|
try {
|
|
114
114
|
// Use enhanced combined authentication (standard + custom validator)
|
|
115
|
-
const authResult = await
|
|
115
|
+
const authResult = await checkMultiAuth(req);
|
|
116
116
|
if (!authResult.success) {
|
|
117
117
|
const errorDetails = debugAuth(req, 401, authResult.error || 'Authentication failed');
|
|
118
118
|
return res.status(errorDetails.code).send(errorDetails.message);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/core/auth/middleware.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/core/auth/middleware.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAIvE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC;AAE1D,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AAE3F,MAAM,SAAS,GAAG,CAAC,GAAY,EAAE,IAAY,EAAE,OAAe,EAAqC,EAAE;IACnG,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;QAC3B,IAAI,UAAU,GAAW,EAAE,CAAC;QAC5B,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE;gBACtD,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBAC1C,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,OAAO,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC;gBACvD,CAAC;gBACD,OAAO,SAAS,CAAC;YACnB,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QACD,cAAc,CAAC,GAAG,GAAG,gBAAgB,KAAK,GAAG,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,aAAa,UAAU,IAAI,GAAG,EAAE,CAAC,CAAC;IAC9G,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC,CAAC;AAGF,wDAAwD;AAExD;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,GAAW,EAAW,EAAE;IAChD,kDAAkD;IAClD,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAC,SAAS,CAAC;IAClD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;IAEvD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,KAAK,CAAC,CAAC,4CAA4C;IAC5D,CAAC;IAED,qGAAqG;IACrG,OAAO,QAAQ,CAAC,WAAW,KAAK,KAAK,CAAC;AACxC,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAG,CAAC,IAAY,EAAW,EAAE;IAC/C,gDAAgD;IAChD,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC,OAAO,CAAC;IAC5C,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IAErD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,KAAK,CAAC,CAAC,0CAA0C;IAC1D,CAAC;IAED,iGAAiG;IACjG,OAAQ,MAAc,CAAC,WAAW,KAAK,KAAK,CAAC;AAC/C,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG,CAAC,GAAY,EAAW,EAAE;IACnD,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IAElC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,gBAAgB;YACnB,kCAAkC;YAClC,OAAO,IAAI,CAAC;QAEd,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC;YAClC,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC7C,CAAC;QAED,KAAK,cAAc;YACjB,gCAAgC;YAChC,OAAO,IAAI,CAAC;QAEd,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC;YACpC,OAAO,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC7C,CAAC;QAED;YACE,2CAA2C;YAC3C,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC,CAAC;AAEF,mEAAmE;AAEnE;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EAAE,GAAY,EAA0D,EAAE;IAC9G,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC;IAC1E,CAAC;IAED,mEAAmE;IAClE,GAAW,CAAC,QAAQ,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;IAE1C,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAWF;;GAEG;AACH,MAAM,UAAU,YAAY,CAAE,UAAiC,EAAE;IAC/D,MAAM,EACJ,QAAQ,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,EACxC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM,GACnD,GAAG,OAAO,CAAC;IAEZ,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/D,qCAAqC;QACrC,IAAI,SAAS,IAAI,CAAE,YAAoB,CAAC,OAAO,EAAE,CAAC;YAChD,oBAAoB,EAAE,CAAC;YACtB,YAAoB,CAAC,OAAO,GAAG,IAAI,CAAC;QACvC,CAAC;QAED,uEAAuE;QACvE,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,YAAY,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,IAAI,CAAC;YACH,qEAAqE;YACrE,MAAM,UAAU,GAAe,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;YACzD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC;gBACtF,OAAO,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,mEAAmE;YAClE,GAAW,CAAC,QAAQ,GAAG,UAAU,CAAC;YACnC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,uCAAuC;AACtC,YAAoB,CAAC,OAAO,GAAG,KAAK,CAAC"}
|
|
@@ -2,8 +2,11 @@
|
|
|
2
2
|
* Multi-authentication system core
|
|
3
3
|
*/
|
|
4
4
|
import { Request } from 'express';
|
|
5
|
-
import { AuthDetectionResult, AuthResult } from './types.js';
|
|
6
|
-
export declare const getTokenFromHttpHeader: (req: Request) =>
|
|
5
|
+
import { AuthDetectionResult, AuthResult, AuthType } from './types.js';
|
|
6
|
+
export declare const getTokenFromHttpHeader: (req: Request) => {
|
|
7
|
+
scheme?: AuthType;
|
|
8
|
+
credentials?: string;
|
|
9
|
+
};
|
|
7
10
|
/**
|
|
8
11
|
* Detects configured authentication types in priority order (ascending CPU load)
|
|
9
12
|
*/
|
|
@@ -12,12 +15,17 @@ export declare function detectAuthConfiguration(): AuthDetectionResult;
|
|
|
12
15
|
* Checks auth using all configured authentication methods in ascending CPU load order
|
|
13
16
|
*/
|
|
14
17
|
export declare function checkMultiAuth(req: Request): Promise<AuthResult>;
|
|
15
|
-
/**
|
|
16
|
-
* Enhanced authentication check that combines configured auth methods with custom validator
|
|
17
|
-
*/
|
|
18
|
-
export declare function checkCombinedAuth(req: Request): Promise<AuthResult>;
|
|
19
18
|
/**
|
|
20
19
|
* Logs authentication configuration (for debugging)
|
|
21
20
|
*/
|
|
22
21
|
export declare function logAuthConfiguration(): void;
|
|
22
|
+
/**
|
|
23
|
+
* Determines authentication headers based on appConfig.webServer.auth configuration.
|
|
24
|
+
* Priority order:
|
|
25
|
+
* 1. permanentServerTokens - if at least one token is defined
|
|
26
|
+
* 2. basic auth - if username AND password are both set
|
|
27
|
+
* 3. JWT token - if jwtToken.encryptKey is set, generate token on the fly
|
|
28
|
+
* @returns {Object} Headers object with Authorization header if auth is enabled
|
|
29
|
+
*/
|
|
30
|
+
export declare function getAuthHeadersForTests(): object;
|
|
23
31
|
//# sourceMappingURL=multi-auth.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"multi-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/multi-auth.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"multi-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/multi-auth.ts"],"names":[],"mappings":"AAEA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAGlC,OAAO,EAAE,mBAAmB,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AA4BvE,eAAO,MAAM,sBAAsB,GAAI,KAAK,OAAO,KAAG;IAAE,MAAM,CAAC,EAAE,QAAQ,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAiB9F,CAAC;AAcF;;GAEG;AACH,wBAAgB,uBAAuB,IAAK,mBAAmB,CA8C9D;AAID;;GAEG;AACH,wBAAsB,cAAc,CAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAsEvE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAK,IAAI,CAa5C;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,IAAK,MAAM,CAuChD"}
|