m365-agent-cli 1.2.0

package/src/lib/url-validation.ts

@@ -0,0 +1,40 @@
+import { isIP } from 'node:net';
+/**
+ * Validates a URL is safe for use as an API endpoint.
+ * Blocks SSRF vectors: non-HTTPS protocols, localhost, link-local, and internal IPs.
+ */
+export function validateUrl(urlString: string, name: string): string {
+  let url: URL;
+  try {
+    url = new URL(urlString);
+  } catch {
+    throw new Error(`Invalid URL for ${name}: "${urlString}"`);
+  }
+
+  if (url.protocol !== 'https:') {
+    throw new Error(`${name} must use HTTPS, got: "${urlString}"`);
+  }
+
+  let hostname = url.hostname.toLowerCase();
+
+  // Strip brackets from IPv6 addresses before validation
+  // WHATWG URL returns IPv6 addresses with brackets (e.g., [::1]), but net.isIP expects bare IPs
+  hostname = hostname.replace(/^\[|\]$/g, '');
+
+  // Block localhost variants
+  if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname === '::1') {
+    throw new Error(`${name} must not point to localhost: "${urlString}"`);
+  }
+
+  // Block bare IPv4 addresses — reject all IP literals to prevent internal network access
+  if (isIP(hostname)) {
+    throw new Error(`${name} must not be an IP address (use hostname): "${urlString}"`);
+  }
+
+  // Block cloud metadata endpoints (common SSRF target)
+  if (hostname === 'metadata.google.internal' || hostname.startsWith('169.254.')) {
+    throw new Error(`${name} must not point to link-local/metadata endpoint: "${urlString}"`);
+  }
+
+  return urlString;
+}

package/src/lib/utils.ts

@@ -0,0 +1,45 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+export function loadGlobalEnv() {
+  const globalEnvPath = join(homedir(), '.config', 'm365-agent-cli', '.env');
+  if (existsSync(globalEnvPath)) {
+    const content = readFileSync(globalEnvPath, 'utf8');
+    for (const line of content.split('\n')) {
+      const match = line.match(/^\s*([^#\s=]+)\s*=\s*(.*)$/);
+      if (match) {
+        const key = match[1];
+        let val = match[2].trim();
+        if ((val.startsWith('"') && val.endsWith('"')) || (val.startsWith("'") && val.endsWith("'"))) {
+          val = val.slice(1, -1);
+        }
+        if (process.env[key] === undefined) {
+          process.env[key] = val;
+        }
+      }
+    }
+  }
+}
+
+export function checkReadOnly(cmdOrOptions?: any) {
+  let isReadOnly = process.env.READ_ONLY_MODE === 'true';
+
+  if (cmdOrOptions) {
+    // If it's a Commander Command instance
+    if (typeof cmdOrOptions.optsWithGlobals === 'function') {
+      if (cmdOrOptions.optsWithGlobals().readOnly) {
+        isReadOnly = true;
+      }
+    }
+    // If it's just an options object
+    else if (cmdOrOptions.readOnly) {
+      isReadOnly = true;
+    }
+  }
+
+  if (isReadOnly) {
+    console.error('Error: Command blocked. The CLI is running in read-only mode.');
+    process.exit(1);
+  }
+}

package/src/lib/webhook-server.ts

@@ -0,0 +1,51 @@
+import { serve } from 'bun';
+
+export function startWebhookServer(port: number = 3000) {
+  console.log(`Starting webhook receiver on http://localhost:${port}/webhooks/m365-agent-cli`);
+  serve({
+    port,
+    async fetch(req) {
+      const url = new URL(req.url);
+      if (url.pathname === '/webhooks/m365-agent-cli' || url.pathname === '/webhooks/clippy') {
+        // Microsoft Graph sends validationToken as a query param on POST (not GET)
+        const validationToken = url.searchParams.get('validationToken');
+        if (validationToken) {
+          console.log(`[${new Date().toISOString()}] Received validation token request. Replaying token...`);
+          return new Response(validationToken, {
+            status: 200,
+            headers: { 'Content-Type': 'text/plain' }
+          });
+        }
+        if (req.method === 'POST') {
+          try {
+            const body = await req.json();
+
+            // Validate clientState if configured
+            const expectedClientState = process.env.GRAPH_CLIENT_STATE;
+            const notifications = Array.isArray((body as any).value) ? (body as any).value : null;
+            if (expectedClientState) {
+              const allClientStatesValid =
+                !!notifications &&
+                notifications.length > 0 &&
+                notifications.every((n: any) => n && n.clientState === expectedClientState);
+              if (!allClientStatesValid) {
+                console.warn(
+                  `[${new Date().toISOString()}] Received Graph notification with invalid or missing clientState.`
+                );
+                return new Response('Invalid clientState', { status: 401 });
+              }
+            }
+
+            console.log(`[${new Date().toISOString()}] Received Graph notification:`);
+            console.log(JSON.stringify(body, null, 2));
+            return new Response('Accepted', { status: 202 });
+          } catch (err) {
+            console.error('Error parsing notification body:', err);
+            return new Response('Bad Request', { status: 400 });
+          }
+        }
+      }
+      return new Response('Not Found', { status: 404 });
+    }
+  });
+}

package/src/test/auth.test.ts

@@ -0,0 +1,104 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from 'bun:test';
+import { resolveAuth } from '../lib/auth.js';
+
+const mockRead = mock();
+const mockWrite = mock();
+const mockFetch = mock();
+
+mock.module('node:fs/promises', () => ({
+  readFile: mockRead,
+  writeFile: mockWrite,
+  mkdir: mock(() => Promise.resolve()),
+  rename: mock(() => Promise.resolve()),
+  unlink: mock(() => Promise.resolve())
+}));
+
+const mockGetJwtExpiration = mock(() => Date.now() + 3600_000);
+const mockIsValidJwtStructure = mock(() => true);
+const mockGetMicrosoftTenantPathSegment = mock(() => 'common');
+
+mock.module('../lib/jwt-utils.js', () => ({
+  getJwtExpiration: mockGetJwtExpiration,
+  isValidJwtStructure: mockIsValidJwtStructure,
+  getMicrosoftTenantPathSegment: mockGetMicrosoftTenantPathSegment
+}));
+
+describe('auth resolution', () => {
+  let originalEnv: NodeJS.ProcessEnv;
+
+  beforeEach(() => {
+    originalEnv = { ...process.env };
+    global.fetch = mockFetch as any as any;
+    mockRead.mockClear();
+    mockWrite.mockClear();
+    mockFetch.mockClear();
+    mockGetJwtExpiration.mockClear();
+    mockIsValidJwtStructure.mockClear();
+  });
+
+  afterEach(() => {
+    process.env = originalEnv;
+  });
+
+  test('uses explicit token when provided', async () => {
+    const result = await resolveAuth({ token: 'my-explicit-token' });
+    expect(result.success).toBe(true);
+    expect(result.token).toBe('my-explicit-token');
+  });
+
+  test('returns error if client ID or refresh token missing', async () => {
+    delete process.env.EWS_CLIENT_ID;
+    delete process.env.EWS_REFRESH_TOKEN;
+    const result = await resolveAuth();
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('Missing EWS_CLIENT_ID or EWS_REFRESH_TOKEN');
+  });
+
+  test('uses valid cached token', async () => {
+    process.env.EWS_CLIENT_ID = 'client';
+    process.env.EWS_REFRESH_TOKEN = 'refresh';
+
+    mockRead.mockResolvedValue(
+      JSON.stringify({
+        accessToken: 'cached-access-token',
+        refreshToken: 'cached-refresh-token',
+        expiresAt: Date.now() + 1000_000
+      })
+    );
+
+    const result = await resolveAuth();
+    expect(result.success).toBe(true);
+    expect(result.token).toBe('cached-access-token');
+    expect(mockFetch).not.toHaveBeenCalled();
+  });
+
+  test('fetches new token if cache expired', async () => {
+    process.env.EWS_CLIENT_ID = 'client';
+    process.env.EWS_REFRESH_TOKEN = 'refresh';
+
+    mockRead.mockResolvedValue(
+      JSON.stringify({
+        accessToken: 'expired-access-token',
+        refreshToken: 'cached-refresh-token',
+        expiresAt: Date.now() - 1000_000
+      })
+    );
+
+    mockFetch.mockResolvedValue(
+      new Response(
+        JSON.stringify({
+          access_token: 'new-access-token',
+          refresh_token: 'new-refresh-token',
+          expires_in: 3600
+        }),
+        { status: 200 }
+      )
+    );
+
+    const result = await resolveAuth();
+    expect(result.success).toBe(true);
+    expect(result.token).toBe('new-access-token');
+    expect(mockFetch).toHaveBeenCalled();
+    expect(mockWrite).toHaveBeenCalled();
+  });
+});