harper-knowledge 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* OAuth Authorization Endpoint
|
|
3
3
|
*
|
|
4
|
-
* GET /
|
|
4
|
+
* GET /mcp-auth/authorize — MCP OAuth 2.1 authorization endpoint.
|
|
5
5
|
*
|
|
6
6
|
* Shows a login page with GitHub as the primary auth method and a
|
|
7
7
|
* subtle link to fall back to Harper credentials. If the user has an
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
*/
|
|
14
14
|
import type { HarperRequest } from "../types.ts";
|
|
15
15
|
/**
|
|
16
|
-
* Handle GET /
|
|
16
|
+
* Handle GET /mcp-auth/authorize
|
|
17
17
|
*
|
|
18
18
|
* Three modes:
|
|
19
19
|
* 1. Returning from GitHub login (`pending` param) — complete authorization.
|
|
@@ -22,6 +22,6 @@ import type { HarperRequest } from "../types.ts";
|
|
|
22
22
|
*/
|
|
23
23
|
export declare function handleAuthorizeGet(request: HarperRequest): Promise<Response>;
|
|
24
24
|
/**
|
|
25
|
-
* Handle POST /
|
|
25
|
+
* Handle POST /mcp-auth/authorize — Harper credential login.
|
|
26
26
|
*/
|
|
27
27
|
export declare function handleAuthorizePost(request: HarperRequest): Promise<Response>;
|
package/dist/oauth/authorize.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* OAuth Authorization Endpoint
|
|
3
3
|
*
|
|
4
|
-
* GET /
|
|
4
|
+
* GET /mcp-auth/authorize — MCP OAuth 2.1 authorization endpoint.
|
|
5
5
|
*
|
|
6
6
|
* Shows a login page with GitHub as the primary auth method and a
|
|
7
7
|
* subtle link to fall back to Harper credentials. If the user has an
|
|
@@ -15,7 +15,7 @@ import crypto from "node:crypto";
|
|
|
15
15
|
import { readBody, parseFormBody } from "../http-utils.js";
|
|
16
16
|
import { checkOrgMembership } from "./github.js";
|
|
17
17
|
/**
|
|
18
|
-
* Handle GET /
|
|
18
|
+
* Handle GET /mcp-auth/authorize
|
|
19
19
|
*
|
|
20
20
|
* Three modes:
|
|
21
21
|
* 1. Returning from GitHub login (`pending` param) — complete authorization.
|
|
@@ -44,7 +44,7 @@ export async function handleAuthorizeGet(request) {
|
|
|
44
44
|
return loginPage(params);
|
|
45
45
|
}
|
|
46
46
|
/**
|
|
47
|
-
* Handle POST /
|
|
47
|
+
* Handle POST /mcp-auth/authorize — Harper credential login.
|
|
48
48
|
*/
|
|
49
49
|
export async function handleAuthorizePost(request) {
|
|
50
50
|
let form;
|
|
@@ -266,7 +266,7 @@ async function buildGitHubLoginUrl(params) {
|
|
|
266
266
|
redirectUri: params.redirect_uri,
|
|
267
267
|
type: "pending",
|
|
268
268
|
});
|
|
269
|
-
const returnPath = `/
|
|
269
|
+
const returnPath = `/mcp-auth/authorize?pending=${pendingId}`;
|
|
270
270
|
return `/oauth/github/login?redirect=${encodeURIComponent(returnPath)}`;
|
|
271
271
|
}
|
|
272
272
|
/**
|
|
@@ -361,7 +361,7 @@ async function loginPage(params, errorMsg) {
|
|
|
361
361
|
<button type="button" class="cred-toggle" onclick="document.querySelector('.cred-form').classList.toggle('visible');this.style.display='none'">
|
|
362
362
|
Sign in with Harper credentials
|
|
363
363
|
</button>
|
|
364
|
-
<form method="POST" action="/
|
|
364
|
+
<form method="POST" action="/mcp-auth/authorize" class="cred-form${errorMsg ? " visible" : ""}">
|
|
365
365
|
<input type="hidden" name="client_id" value="${escapeAttr(params.client_id)}">
|
|
366
366
|
<input type="hidden" name="redirect_uri" value="${escapeAttr(params.redirect_uri)}">
|
|
367
367
|
<input type="hidden" name="response_type" value="${escapeAttr(params.response_type)}">
|
package/dist/oauth/metadata.js
CHANGED
|
@@ -32,10 +32,10 @@ export function handleAuthServerMetadata(request) {
|
|
|
32
32
|
const baseUrl = getBaseUrl(request);
|
|
33
33
|
return jsonResponse(200, {
|
|
34
34
|
issuer: baseUrl,
|
|
35
|
-
authorization_endpoint: `${baseUrl}/
|
|
36
|
-
token_endpoint: `${baseUrl}/
|
|
37
|
-
registration_endpoint: `${baseUrl}/
|
|
38
|
-
jwks_uri: `${baseUrl}/
|
|
35
|
+
authorization_endpoint: `${baseUrl}/mcp-auth/authorize`,
|
|
36
|
+
token_endpoint: `${baseUrl}/mcp-auth/token`,
|
|
37
|
+
registration_endpoint: `${baseUrl}/mcp-auth/register`,
|
|
38
|
+
jwks_uri: `${baseUrl}/mcp-auth/jwks`,
|
|
39
39
|
scopes_supported: SCOPES,
|
|
40
40
|
response_types_supported: ["code"],
|
|
41
41
|
grant_types_supported: ["authorization_code", "refresh_token"],
|
|
@@ -4,14 +4,14 @@
|
|
|
4
4
|
* Route dispatcher for all OAuth endpoints. Registered via
|
|
5
5
|
* scope.server.http() before the MCP and webhook middlewares.
|
|
6
6
|
*
|
|
7
|
-
* Routes:
|
|
7
|
+
* Routes (MCP OAuth 2.1 — separate from @harperfast/oauth's /oauth/* Resource):
|
|
8
8
|
* GET /.well-known/oauth-protected-resource → metadata
|
|
9
9
|
* GET /.well-known/oauth-authorization-server → metadata
|
|
10
|
-
* POST /
|
|
11
|
-
* GET /
|
|
12
|
-
* POST /
|
|
13
|
-
* POST /
|
|
14
|
-
* GET /
|
|
10
|
+
* POST /mcp-auth/register → DCR
|
|
11
|
+
* GET /mcp-auth/authorize → login page
|
|
12
|
+
* POST /mcp-auth/authorize → credential validation + redirect
|
|
13
|
+
* POST /mcp-auth/token → code exchange / refresh
|
|
14
|
+
* GET /mcp-auth/jwks → public key set
|
|
15
15
|
*/
|
|
16
16
|
import type { HarperRequest } from "../types.ts";
|
|
17
17
|
type MiddlewareFn = (request: HarperRequest, next: (req: HarperRequest) => Promise<unknown>) => Promise<unknown>;
|
package/dist/oauth/middleware.js
CHANGED
|
@@ -4,14 +4,14 @@
|
|
|
4
4
|
* Route dispatcher for all OAuth endpoints. Registered via
|
|
5
5
|
* scope.server.http() before the MCP and webhook middlewares.
|
|
6
6
|
*
|
|
7
|
-
* Routes:
|
|
7
|
+
* Routes (MCP OAuth 2.1 — separate from @harperfast/oauth's /oauth/* Resource):
|
|
8
8
|
* GET /.well-known/oauth-protected-resource → metadata
|
|
9
9
|
* GET /.well-known/oauth-authorization-server → metadata
|
|
10
|
-
* POST /
|
|
11
|
-
* GET /
|
|
12
|
-
* POST /
|
|
13
|
-
* POST /
|
|
14
|
-
* GET /
|
|
10
|
+
* POST /mcp-auth/register → DCR
|
|
11
|
+
* GET /mcp-auth/authorize → login page
|
|
12
|
+
* POST /mcp-auth/authorize → credential validation + redirect
|
|
13
|
+
* POST /mcp-auth/token → code exchange / refresh
|
|
14
|
+
* GET /mcp-auth/jwks → public key set
|
|
15
15
|
*/
|
|
16
16
|
import { handleProtectedResourceMetadata, handleAuthServerMetadata, } from "./metadata.js";
|
|
17
17
|
import { handleRegister } from "./register.js";
|
|
@@ -34,11 +34,12 @@ export function createOAuthMiddleware() {
|
|
|
34
34
|
method === "GET") {
|
|
35
35
|
return handleAuthServerMetadata(request);
|
|
36
36
|
}
|
|
37
|
-
// OAuth endpoints
|
|
38
|
-
|
|
37
|
+
// MCP OAuth endpoints (under /mcp-auth/ to avoid conflict with
|
|
38
|
+
// @harperfast/oauth's OAuthResource which owns the /oauth/* path)
|
|
39
|
+
if (pathname === "/mcp-auth/register" && method === "POST") {
|
|
39
40
|
return handleRegister(request);
|
|
40
41
|
}
|
|
41
|
-
if (pathname === "/
|
|
42
|
+
if (pathname === "/mcp-auth/authorize") {
|
|
42
43
|
if (method === "GET") {
|
|
43
44
|
return handleAuthorizeGet(request);
|
|
44
45
|
}
|
|
@@ -46,10 +47,10 @@ export function createOAuthMiddleware() {
|
|
|
46
47
|
return handleAuthorizePost(request);
|
|
47
48
|
}
|
|
48
49
|
}
|
|
49
|
-
if (pathname === "/
|
|
50
|
+
if (pathname === "/mcp-auth/token" && method === "POST") {
|
|
50
51
|
return handleToken(request);
|
|
51
52
|
}
|
|
52
|
-
if (pathname === "/
|
|
53
|
+
if (pathname === "/mcp-auth/jwks" && method === "GET") {
|
|
53
54
|
return new Response(JSON.stringify(await getJwks()), {
|
|
54
55
|
status: 200,
|
|
55
56
|
headers: {
|
|
@@ -58,7 +59,7 @@ export function createOAuthMiddleware() {
|
|
|
58
59
|
},
|
|
59
60
|
});
|
|
60
61
|
}
|
|
61
|
-
// Not
|
|
62
|
+
// Not a handled route — pass through
|
|
62
63
|
return next(request);
|
|
63
64
|
};
|
|
64
65
|
}
|