fastmcp 3.35.0 → 4.0.1

package/dist/{chunk-H4VC4YTC.js → chunk-UN72PIH2.js}

@@ -863,7 +863,11 @@ var OAuthProxy = class {
   transactions = /* @__PURE__ */ new Map();
   constructor(config) {
     this.config = {
-      allowedRedirectUriPatterns: ["https://*", "http://localhost:*"],
+      // Empty by default. Framework users must explicitly configure the URIs they
+      // trust, per RFC 6819 §4.1.5. The previous default (`["https://*", "http://localhost:*"]`)
+      // allowed open DCR registration of any https URL, enabling CWE-601 open-redirect
+      // attacks against /oauth/authorize.
+      allowedRedirectUriPatterns: [],
       authorizationCodeTtl: DEFAULT_AUTHORIZATION_CODE_TTL,
       consentRequired: true,
       enableTokenSwap: true,
@@ -913,6 +917,15 @@ var OAuthProxy = class {
         "Only 'code' response type is supported"
       );
     }
+    if (params.client_id !== this.config.upstreamClientId) {
+      throw new OAuthProxyError("invalid_client", "Unknown client_id");
+    }
+    if (!this.registeredClients.has(params.redirect_uri)) {
+      throw new OAuthProxyError(
+        "invalid_request",
+        "redirect_uri is not registered for this client"
+      );
+    }
     if (params.code_challenge && !params.code_challenge_method) {
       throw new OAuthProxyError(
         "invalid_request",
@@ -950,6 +963,9 @@ var OAuthProxy = class {
         "Only authorization_code grant type is supported"
       );
     }
+    if (request.client_id !== this.config.upstreamClientId) {
+      throw new OAuthProxyError("invalid_client", "Unknown client_id");
+    }
     const clientCode = this.clientCodes.get(request.code);
     if (!clientCode) {
       throw new OAuthProxyError(
@@ -1063,6 +1079,13 @@ var OAuthProxy = class {
     if (!transaction) {
       throw new OAuthProxyError("invalid_request", "Invalid or expired state");
     }
+    if (!this.registeredClients.has(transaction.clientCallbackUrl)) {
+      this.transactions.delete(state);
+      throw new OAuthProxyError(
+        "invalid_request",
+        "Transaction callback URL is not registered"
+      );
+    }
     const upstreamTokens = await this.exchangeUpstreamCode(code, transaction);
     const clientCode = this.generateAuthorizationCode(
       transaction,
@@ -1098,6 +1121,12 @@ var OAuthProxy = class {
     }
     if (action === "deny") {
       this.transactions.delete(transactionId);
+      if (!this.registeredClients.has(transaction.clientCallbackUrl)) {
+        throw new OAuthProxyError(
+          "invalid_request",
+          "Transaction callback URL is not registered"
+        );
+      }
       const redirectUrl = new URL(transaction.clientCallbackUrl);
       redirectUrl.searchParams.set("error", "access_denied");
       redirectUrl.searchParams.set(
@@ -1176,7 +1205,9 @@ var OAuthProxy = class {
       },
       registeredAt: /* @__PURE__ */ new Date()
     };
-    this.registeredClients.set(request.redirect_uris[0], client);
+    for (const uri of request.redirect_uris) {
+      this.registeredClients.set(uri, client);
+    }
     const response = {
       client_id: clientId,
       client_id_issued_at: Math.floor(Date.now() / 1e3),
@@ -1287,11 +1318,16 @@ var OAuthProxy = class {
       method: "POST"
     });
     if (!tokenResponse.ok) {
-      const error = await tokenResponse.json();
-      throw new OAuthProxyError(
-        error.error || "server_error",
-        error.error_description
-      );
+      let errorCode = "server_error";
+      let errorDescription;
+      try {
+        const error = await tokenResponse.json();
+        errorCode = error.error || "server_error";
+        errorDescription = error.error_description;
+      } catch {
+        errorDescription = `Upstream returned HTTP ${tokenResponse.status} ${tokenResponse.statusText}`;
+      }
+      throw new OAuthProxyError(errorCode, errorDescription);
     }
     const tokens = await this.parseTokenResponse(tokenResponse);
     return {
@@ -1425,11 +1461,16 @@ var OAuthProxy = class {
       method: "POST"
     });
     if (!tokenResponse.ok) {
-      const error = await tokenResponse.json();
-      throw new OAuthProxyError(
-        error.error || "invalid_grant",
-        error.error_description
-      );
+      let errorCode = "invalid_grant";
+      let errorDescription;
+      try {
+        const error = await tokenResponse.json();
+        errorCode = error.error || "invalid_grant";
+        errorDescription = error.error_description;
+      } catch {
+        errorDescription = `Upstream returned HTTP ${tokenResponse.status} ${tokenResponse.statusText}`;
+      }
+      throw new OAuthProxyError(errorCode, errorDescription);
     }
     const tokens = await this.parseTokenResponse(tokenResponse);
     return {
@@ -1737,11 +1778,16 @@ var OAuthProxy = class {
       method: "POST"
     });
     if (!tokenResponse.ok) {
-      const error = await tokenResponse.json();
-      throw new OAuthProxyError(
-        error.error || "invalid_grant",
-        error.error_description || "Upstream refresh failed"
-      );
+      let errorCode = "invalid_grant";
+      let errorDescription = "Upstream refresh failed";
+      try {
+        const error = await tokenResponse.json();
+        errorCode = error.error || "invalid_grant";
+        errorDescription = error.error_description || "Upstream refresh failed";
+      } catch {
+        errorDescription = `Upstream returned HTTP ${tokenResponse.status} ${tokenResponse.statusText}`;
+      }
+      throw new OAuthProxyError(errorCode, errorDescription);
     }
     const tokens = await this.parseTokenResponse(tokenResponse);
     return {
@@ -1764,21 +1810,28 @@ var OAuthProxy = class {
     }, 6e4);
   }
   /**
-   * Validate redirect URI against allowed patterns
+   * Validate a redirect URI against the configured allow-list.
+   *
+   * Returns `true` only if the URI is syntactically valid AND matches one of
+   * the explicitly configured `allowedRedirectUriPatterns`. An empty or unset
+   * pattern list means DCR will reject every URI — framework users must
+   * opt-in by listing the exact URIs (or wildcards) they trust.
+   *
+   * Prior versions also fell back to allowing any https URL or localhost,
+   * which enabled attackers to DCR an arbitrary URL and then abuse it via
+   * /oauth/authorize (CWE-601). Do not re-introduce that fallback.
    */
   validateRedirectUri(uri) {
     try {
-      const url = new URL(uri);
-      const patterns = this.config.allowedRedirectUriPatterns || [];
-      for (const pattern of patterns) {
-        if (this.matchesPattern(uri, pattern)) {
-          return true;
-        }
-      }
-      return url.protocol === "https:" || url.hostname === "localhost" || url.hostname === "127.0.0.1";
+      new URL(uri);
     } catch {
       return false;
     }
+    const patterns = this.config.allowedRedirectUriPatterns || [];
+    if (patterns.length === 0) {
+      return false;
+    }
+    return patterns.some((pattern) => this.matchesPattern(uri, pattern));
   }
 };
 var OAuthProxyError = class extends Error {
@@ -1883,10 +1936,10 @@ var AzureProvider = class extends AuthProvider {
   }
   createProxy() {
     return new OAuthProxy({
-      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns ?? [
-        "http://localhost:*",
-        "https://*"
-      ],
+      // No fallback default: framework users must explicitly list the URIs
+      // they trust. A previous default of ["http://localhost:*", "https://*"]
+      // enabled CWE-601 open-redirect / code-theft via /oauth/authorize.
+      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns,
       baseUrl: this.config.baseUrl,
       consentRequired: this.config.consentRequired ?? true,
       encryptionKey: this.config.encryptionKey,
@@ -1917,10 +1970,10 @@ var GitHubProvider = class extends AuthProvider {
   }
   createProxy() {
     return new OAuthProxy({
-      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns ?? [
-        "http://localhost:*",
-        "https://*"
-      ],
+      // No fallback default: framework users must explicitly list the URIs
+      // they trust. A previous default of ["http://localhost:*", "https://*"]
+      // enabled CWE-601 open-redirect / code-theft via /oauth/authorize.
+      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns,
       baseUrl: this.config.baseUrl,
       consentRequired: this.config.consentRequired ?? true,
       encryptionKey: this.config.encryptionKey,
@@ -1951,10 +2004,10 @@ var GoogleProvider = class extends AuthProvider {
   }
   createProxy() {
     return new OAuthProxy({
-      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns ?? [
-        "http://localhost:*",
-        "https://*"
-      ],
+      // No fallback default: framework users must explicitly list the URIs
+      // they trust. A previous default of ["http://localhost:*", "https://*"]
+      // enabled CWE-601 open-redirect / code-theft via /oauth/authorize.
+      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns,
       baseUrl: this.config.baseUrl,
       consentRequired: this.config.consentRequired ?? true,
       encryptionKey: this.config.encryptionKey,
@@ -1987,10 +2040,10 @@ var OAuthProvider = class extends AuthProvider {
   }
   createProxy() {
     return new OAuthProxy({
-      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns ?? [
-        "http://localhost:*",
-        "https://*"
-      ],
+      // No fallback default: framework users must explicitly list the URIs
+      // they trust. A previous default of ["http://localhost:*", "https://*"]
+      // enabled CWE-601 open-redirect / code-theft via /oauth/authorize.
+      allowedRedirectUriPatterns: this.config.allowedRedirectUriPatterns,
       baseUrl: this.config.baseUrl,
       consentRequired: this.config.consentRequired ?? true,
       encryptionKey: this.config.encryptionKey,
@@ -2325,4 +2378,4 @@ export {
   DiskStore,
   JWKSVerifier
 };
-//# sourceMappingURL=chunk-H4VC4YTC.js.map
+//# sourceMappingURL=chunk-UN72PIH2.js.map