mcp-creatio 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (370) hide show
  1. package/.dockerignore +12 -0
  2. package/.editorconfig +14 -0
  3. package/.eslintrc.cjs +18 -0
  4. package/.gitattributes +8 -0
  5. package/.github/workflows/docker-publish.yml +50 -0
  6. package/.prettierignore +3 -0
  7. package/.prettierrc +9 -0
  8. package/.vscode/launch.json +23 -0
  9. package/.vscode/mcp.json +13 -0
  10. package/.vscode/settings.json +16 -0
  11. package/Agent.md +187 -0
  12. package/Debug.md +32 -0
  13. package/Dockerfile +23 -0
  14. package/LICENSE +21 -0
  15. package/README.md +162 -0
  16. package/dist/cli.d.ts +3 -0
  17. package/dist/cli.d.ts.map +1 -0
  18. package/dist/cli.js +135 -0
  19. package/dist/cli.js.map +1 -0
  20. package/dist/config-builder.d.ts +3 -0
  21. package/dist/config-builder.d.ts.map +1 -0
  22. package/dist/config-builder.js +66 -0
  23. package/dist/config-builder.js.map +1 -0
  24. package/dist/consts.d.ts +2 -0
  25. package/dist/consts.d.ts.map +1 -0
  26. package/dist/consts.js +6 -0
  27. package/dist/consts.js.map +1 -0
  28. package/dist/creatio/auth/auth-manager.d.ts +9 -0
  29. package/dist/creatio/auth/auth-manager.d.ts.map +1 -0
  30. package/dist/creatio/auth/auth-manager.js +29 -0
  31. package/dist/creatio/auth/auth-manager.js.map +1 -0
  32. package/dist/creatio/auth/auth.d.ts +16 -0
  33. package/dist/creatio/auth/auth.d.ts.map +1 -0
  34. package/dist/creatio/auth/auth.js +20 -0
  35. package/dist/creatio/auth/auth.js.map +1 -0
  36. package/dist/creatio/auth/index.d.ts +4 -0
  37. package/dist/creatio/auth/index.d.ts.map +1 -0
  38. package/dist/creatio/auth/index.js +21 -0
  39. package/dist/creatio/auth/index.js.map +1 -0
  40. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +17 -0
  41. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -0
  42. package/dist/creatio/auth/providers/base-oauth2-provider.js +49 -0
  43. package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -0
  44. package/dist/creatio/auth/providers/base-provider.d.ts +15 -0
  45. package/dist/creatio/auth/providers/base-provider.d.ts.map +1 -0
  46. package/dist/creatio/auth/providers/base-provider.js +32 -0
  47. package/dist/creatio/auth/providers/base-provider.js.map +1 -0
  48. package/dist/creatio/auth/providers/index.d.ts +5 -0
  49. package/dist/creatio/auth/providers/index.d.ts.map +1 -0
  50. package/dist/creatio/auth/providers/index.js +21 -0
  51. package/dist/creatio/auth/providers/index.js.map +1 -0
  52. package/dist/creatio/auth/providers/legacy-provider.d.ts +10 -0
  53. package/dist/creatio/auth/providers/legacy-provider.d.ts.map +1 -0
  54. package/dist/creatio/auth/providers/legacy-provider.js +73 -0
  55. package/dist/creatio/auth/providers/legacy-provider.js.map +1 -0
  56. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +18 -0
  57. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +1 -0
  58. package/dist/creatio/auth/providers/oauth2-code-provider.js +245 -0
  59. package/dist/creatio/auth/providers/oauth2-code-provider.js.map +1 -0
  60. package/dist/creatio/auth/providers/oauth2-provider.d.ts +9 -0
  61. package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -0
  62. package/dist/creatio/auth/providers/oauth2-provider.js +86 -0
  63. package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -0
  64. package/dist/creatio/auth/providers/type.d.ts +6 -0
  65. package/dist/creatio/auth/providers/type.d.ts.map +1 -0
  66. package/dist/creatio/auth/providers/type.js +10 -0
  67. package/dist/creatio/auth/providers/type.js.map +1 -0
  68. package/dist/creatio/client-config.d.ts +29 -0
  69. package/dist/creatio/client-config.d.ts.map +1 -0
  70. package/dist/creatio/client-config.js +3 -0
  71. package/dist/creatio/client-config.js.map +1 -0
  72. package/dist/creatio/engines/crud/crud-engine.d.ts +15 -0
  73. package/dist/creatio/engines/crud/crud-engine.d.ts.map +1 -0
  74. package/dist/creatio/engines/crud/crud-engine.js +33 -0
  75. package/dist/creatio/engines/crud/crud-engine.js.map +1 -0
  76. package/dist/creatio/engines/engine-manager.d.ts +33 -0
  77. package/dist/creatio/engines/engine-manager.d.ts.map +1 -0
  78. package/dist/creatio/engines/engine-manager.js +54 -0
  79. package/dist/creatio/engines/engine-manager.js.map +1 -0
  80. package/dist/creatio/engines/engine-registry.d.ts +15 -0
  81. package/dist/creatio/engines/engine-registry.d.ts.map +1 -0
  82. package/dist/creatio/engines/engine-registry.js +35 -0
  83. package/dist/creatio/engines/engine-registry.js.map +1 -0
  84. package/dist/creatio/engines/engine.d.ts +4 -0
  85. package/dist/creatio/engines/engine.d.ts.map +1 -0
  86. package/dist/creatio/engines/engine.js +3 -0
  87. package/dist/creatio/engines/engine.js.map +1 -0
  88. package/dist/creatio/engines/index.d.ts +8 -0
  89. package/dist/creatio/engines/index.d.ts.map +1 -0
  90. package/dist/creatio/engines/index.js +24 -0
  91. package/dist/creatio/engines/index.js.map +1 -0
  92. package/dist/creatio/engines/process/process-engine.d.ts +10 -0
  93. package/dist/creatio/engines/process/process-engine.d.ts.map +1 -0
  94. package/dist/creatio/engines/process/process-engine.js +18 -0
  95. package/dist/creatio/engines/process/process-engine.js.map +1 -0
  96. package/dist/creatio/engines/sys-settings/sys-settings-engine.d.ts +13 -0
  97. package/dist/creatio/engines/sys-settings/sys-settings-engine.d.ts.map +1 -0
  98. package/dist/creatio/engines/sys-settings/sys-settings-engine.js +27 -0
  99. package/dist/creatio/engines/sys-settings/sys-settings-engine.js.map +1 -0
  100. package/dist/creatio/engines/user/user-engine.d.ts +10 -0
  101. package/dist/creatio/engines/user/user-engine.d.ts.map +1 -0
  102. package/dist/creatio/engines/user/user-engine.js +18 -0
  103. package/dist/creatio/engines/user/user-engine.js.map +1 -0
  104. package/dist/creatio/index.d.ts +7 -0
  105. package/dist/creatio/index.d.ts.map +1 -0
  106. package/dist/creatio/index.js +23 -0
  107. package/dist/creatio/index.js.map +1 -0
  108. package/dist/creatio/provider-context.d.ts +10 -0
  109. package/dist/creatio/provider-context.d.ts.map +1 -0
  110. package/dist/creatio/provider-context.js +3 -0
  111. package/dist/creatio/provider-context.js.map +1 -0
  112. package/dist/creatio/providers/crud-provider.d.ts +40 -0
  113. package/dist/creatio/providers/crud-provider.d.ts.map +1 -0
  114. package/dist/creatio/providers/crud-provider.js +3 -0
  115. package/dist/creatio/providers/crud-provider.js.map +1 -0
  116. package/dist/creatio/providers/index.d.ts +5 -0
  117. package/dist/creatio/providers/index.d.ts.map +1 -0
  118. package/dist/creatio/providers/index.js +21 -0
  119. package/dist/creatio/providers/index.js.map +1 -0
  120. package/dist/creatio/providers/process-provider.d.ts +14 -0
  121. package/dist/creatio/providers/process-provider.d.ts.map +1 -0
  122. package/dist/creatio/providers/process-provider.js +3 -0
  123. package/dist/creatio/providers/process-provider.js.map +1 -0
  124. package/dist/creatio/providers/sys-settings-provider.d.ts +58 -0
  125. package/dist/creatio/providers/sys-settings-provider.d.ts.map +1 -0
  126. package/dist/creatio/providers/sys-settings-provider.js +3 -0
  127. package/dist/creatio/providers/sys-settings-provider.js.map +1 -0
  128. package/dist/creatio/providers/user-provider.d.ts +12 -0
  129. package/dist/creatio/providers/user-provider.d.ts.map +1 -0
  130. package/dist/creatio/providers/user-provider.js +3 -0
  131. package/dist/creatio/providers/user-provider.js.map +1 -0
  132. package/dist/creatio/services/creatio-service-context.d.ts +17 -0
  133. package/dist/creatio/services/creatio-service-context.d.ts.map +1 -0
  134. package/dist/creatio/services/creatio-service-context.js +35 -0
  135. package/dist/creatio/services/creatio-service-context.js.map +1 -0
  136. package/dist/creatio/services/http-client.d.ts +29 -0
  137. package/dist/creatio/services/http-client.d.ts.map +1 -0
  138. package/dist/creatio/services/http-client.js +136 -0
  139. package/dist/creatio/services/http-client.js.map +1 -0
  140. package/dist/creatio/services/index.d.ts +8 -0
  141. package/dist/creatio/services/index.d.ts.map +1 -0
  142. package/dist/creatio/services/index.js +24 -0
  143. package/dist/creatio/services/index.js.map +1 -0
  144. package/dist/creatio/services/metadata-store.d.ts +20 -0
  145. package/dist/creatio/services/metadata-store.d.ts.map +1 -0
  146. package/dist/creatio/services/metadata-store.js +162 -0
  147. package/dist/creatio/services/metadata-store.js.map +1 -0
  148. package/dist/creatio/services/odata-crud-provider.d.ts +21 -0
  149. package/dist/creatio/services/odata-crud-provider.d.ts.map +1 -0
  150. package/dist/creatio/services/odata-crud-provider.js +145 -0
  151. package/dist/creatio/services/odata-crud-provider.js.map +1 -0
  152. package/dist/creatio/services/process-service-provider.d.ts +11 -0
  153. package/dist/creatio/services/process-service-provider.d.ts.map +1 -0
  154. package/dist/creatio/services/process-service-provider.js +52 -0
  155. package/dist/creatio/services/process-service-provider.js.map +1 -0
  156. package/dist/creatio/services/sys-settings-service-provider.d.ts +19 -0
  157. package/dist/creatio/services/sys-settings-service-provider.d.ts.map +1 -0
  158. package/dist/creatio/services/sys-settings-service-provider.js +107 -0
  159. package/dist/creatio/services/sys-settings-service-provider.js.map +1 -0
  160. package/dist/creatio/services/user-info-provider.d.ts +10 -0
  161. package/dist/creatio/services/user-info-provider.d.ts.map +1 -0
  162. package/dist/creatio/services/user-info-provider.js +26 -0
  163. package/dist/creatio/services/user-info-provider.js.map +1 -0
  164. package/dist/index.d.ts +2 -0
  165. package/dist/index.d.ts.map +1 -0
  166. package/dist/index.js +46 -0
  167. package/dist/index.js.map +1 -0
  168. package/dist/log.d.ts +51 -0
  169. package/dist/log.d.ts.map +1 -0
  170. package/dist/log.js +137 -0
  171. package/dist/log.js.map +1 -0
  172. package/dist/server/http/creatio-oauth-handlers.d.ts +14 -0
  173. package/dist/server/http/creatio-oauth-handlers.d.ts.map +1 -0
  174. package/dist/server/http/creatio-oauth-handlers.js +137 -0
  175. package/dist/server/http/creatio-oauth-handlers.js.map +1 -0
  176. package/dist/server/http/httpServer.d.ts +23 -0
  177. package/dist/server/http/httpServer.d.ts.map +1 -0
  178. package/dist/server/http/httpServer.js +131 -0
  179. package/dist/server/http/httpServer.js.map +1 -0
  180. package/dist/server/http/index.d.ts +6 -0
  181. package/dist/server/http/index.d.ts.map +1 -0
  182. package/dist/server/http/index.js +22 -0
  183. package/dist/server/http/index.js.map +1 -0
  184. package/dist/server/http/mcp-handlers.d.ts +10 -0
  185. package/dist/server/http/mcp-handlers.d.ts.map +1 -0
  186. package/dist/server/http/mcp-handlers.js +82 -0
  187. package/dist/server/http/mcp-handlers.js.map +1 -0
  188. package/dist/server/http/mcp-oauth-handlers.d.ts +11 -0
  189. package/dist/server/http/mcp-oauth-handlers.d.ts.map +1 -0
  190. package/dist/server/http/mcp-oauth-handlers.js +106 -0
  191. package/dist/server/http/mcp-oauth-handlers.js.map +1 -0
  192. package/dist/server/http/middleware.d.ts +11 -0
  193. package/dist/server/http/middleware.d.ts.map +1 -0
  194. package/dist/server/http/middleware.js +88 -0
  195. package/dist/server/http/middleware.js.map +1 -0
  196. package/dist/server/index.d.ts +3 -0
  197. package/dist/server/index.d.ts.map +1 -0
  198. package/dist/server/index.js +19 -0
  199. package/dist/server/index.js.map +1 -0
  200. package/dist/server/mcp/filters.d.ts +2 -0
  201. package/dist/server/mcp/filters.d.ts.map +1 -0
  202. package/dist/server/mcp/filters.js +94 -0
  203. package/dist/server/mcp/filters.js.map +1 -0
  204. package/dist/server/mcp/index.d.ts +2 -0
  205. package/dist/server/mcp/index.d.ts.map +1 -0
  206. package/dist/server/mcp/index.js +18 -0
  207. package/dist/server/mcp/index.js.map +1 -0
  208. package/dist/server/mcp/prompts-data.d.ts +147 -0
  209. package/dist/server/mcp/prompts-data.d.ts.map +1 -0
  210. package/dist/server/mcp/prompts-data.js +884 -0
  211. package/dist/server/mcp/prompts-data.js.map +1 -0
  212. package/dist/server/mcp/server.d.ts +25 -0
  213. package/dist/server/mcp/server.d.ts.map +1 -0
  214. package/dist/server/mcp/server.js +233 -0
  215. package/dist/server/mcp/server.js.map +1 -0
  216. package/dist/server/mcp/tools-data.d.ts +165 -0
  217. package/dist/server/mcp/tools-data.d.ts.map +1 -0
  218. package/dist/server/mcp/tools-data.js +466 -0
  219. package/dist/server/mcp/tools-data.js.map +1 -0
  220. package/dist/server/oauth/client-manager.d.ts +6 -0
  221. package/dist/server/oauth/client-manager.d.ts.map +1 -0
  222. package/dist/server/oauth/client-manager.js +52 -0
  223. package/dist/server/oauth/client-manager.js.map +1 -0
  224. package/dist/server/oauth/index.d.ts +7 -0
  225. package/dist/server/oauth/index.d.ts.map +1 -0
  226. package/dist/server/oauth/index.js +23 -0
  227. package/dist/server/oauth/index.js.map +1 -0
  228. package/dist/server/oauth/oauth-server.d.ts +21 -0
  229. package/dist/server/oauth/oauth-server.d.ts.map +1 -0
  230. package/dist/server/oauth/oauth-server.js +146 -0
  231. package/dist/server/oauth/oauth-server.js.map +1 -0
  232. package/dist/server/oauth/storage.d.ts +31 -0
  233. package/dist/server/oauth/storage.d.ts.map +1 -0
  234. package/dist/server/oauth/storage.js +73 -0
  235. package/dist/server/oauth/storage.js.map +1 -0
  236. package/dist/server/oauth/token-manager.d.ts +13 -0
  237. package/dist/server/oauth/token-manager.d.ts.map +1 -0
  238. package/dist/server/oauth/token-manager.js +69 -0
  239. package/dist/server/oauth/token-manager.js.map +1 -0
  240. package/dist/server/oauth/types.d.ts +51 -0
  241. package/dist/server/oauth/types.d.ts.map +1 -0
  242. package/dist/server/oauth/types.js +3 -0
  243. package/dist/server/oauth/types.js.map +1 -0
  244. package/dist/server/oauth/validators.d.ts +7 -0
  245. package/dist/server/oauth/validators.d.ts.map +1 -0
  246. package/dist/server/oauth/validators.js +51 -0
  247. package/dist/server/oauth/validators.js.map +1 -0
  248. package/dist/services/index.d.ts +3 -0
  249. package/dist/services/index.d.ts.map +1 -0
  250. package/dist/services/index.js +19 -0
  251. package/dist/services/index.js.map +1 -0
  252. package/dist/services/session-context.d.ts +57 -0
  253. package/dist/services/session-context.d.ts.map +1 -0
  254. package/dist/services/session-context.js +182 -0
  255. package/dist/services/session-context.js.map +1 -0
  256. package/dist/services/token-refresh-scheduler.d.ts +16 -0
  257. package/dist/services/token-refresh-scheduler.d.ts.map +1 -0
  258. package/dist/services/token-refresh-scheduler.js +66 -0
  259. package/dist/services/token-refresh-scheduler.js.map +1 -0
  260. package/dist/types/index.d.ts +2 -0
  261. package/dist/types/index.d.ts.map +1 -0
  262. package/dist/types/index.js +18 -0
  263. package/dist/types/index.js.map +1 -0
  264. package/dist/types/network.d.ts +7 -0
  265. package/dist/types/network.d.ts.map +1 -0
  266. package/dist/types/network.js +6 -0
  267. package/dist/types/network.js.map +1 -0
  268. package/dist/utils/context.d.ts +10 -0
  269. package/dist/utils/context.d.ts.map +1 -0
  270. package/dist/utils/context.js +44 -0
  271. package/dist/utils/context.js.map +1 -0
  272. package/dist/utils/env.d.ts +3 -0
  273. package/dist/utils/env.d.ts.map +1 -0
  274. package/dist/utils/env.js +16 -0
  275. package/dist/utils/env.js.map +1 -0
  276. package/dist/utils/index.d.ts +6 -0
  277. package/dist/utils/index.d.ts.map +1 -0
  278. package/dist/utils/index.js +22 -0
  279. package/dist/utils/index.js.map +1 -0
  280. package/dist/utils/mcp.d.ts +3 -0
  281. package/dist/utils/mcp.d.ts.map +1 -0
  282. package/dist/utils/mcp.js +7 -0
  283. package/dist/utils/mcp.js.map +1 -0
  284. package/dist/utils/network.d.ts +7 -0
  285. package/dist/utils/network.d.ts.map +1 -0
  286. package/dist/utils/network.js +63 -0
  287. package/dist/utils/network.js.map +1 -0
  288. package/dist/utils/pkce.d.ts +7 -0
  289. package/dist/utils/pkce.d.ts.map +1 -0
  290. package/dist/utils/pkce.js +43 -0
  291. package/dist/utils/pkce.js.map +1 -0
  292. package/dist/version.d.ts +3 -0
  293. package/dist/version.d.ts.map +1 -0
  294. package/dist/version.js +10 -0
  295. package/dist/version.js.map +1 -0
  296. package/docs/coding-style.md +30 -0
  297. package/ecosystem.config.json +17 -0
  298. package/eslint.config.cjs +95 -0
  299. package/package.json +54 -0
  300. package/src/cli.ts +158 -0
  301. package/src/config-builder.ts +76 -0
  302. package/src/consts.ts +3 -0
  303. package/src/creatio/auth/auth-manager.ts +27 -0
  304. package/src/creatio/auth/auth.ts +31 -0
  305. package/src/creatio/auth/index.ts +3 -0
  306. package/src/creatio/auth/providers/base-oauth2-provider.ts +62 -0
  307. package/src/creatio/auth/providers/base-provider.ts +42 -0
  308. package/src/creatio/auth/providers/index.ts +4 -0
  309. package/src/creatio/auth/providers/legacy-provider.ts +70 -0
  310. package/src/creatio/auth/providers/oauth2-code-provider.ts +252 -0
  311. package/src/creatio/auth/providers/oauth2-provider.ts +91 -0
  312. package/src/creatio/auth/providers/type.ts +5 -0
  313. package/src/creatio/client-config.ts +34 -0
  314. package/src/creatio/engines/crud/crud-engine.ts +47 -0
  315. package/src/creatio/engines/engine-manager.ts +102 -0
  316. package/src/creatio/engines/engine-registry.ts +36 -0
  317. package/src/creatio/engines/engine.ts +3 -0
  318. package/src/creatio/engines/index.ts +7 -0
  319. package/src/creatio/engines/process/process-engine.ts +20 -0
  320. package/src/creatio/engines/sys-settings/sys-settings-engine.ts +41 -0
  321. package/src/creatio/engines/user/user-engine.ts +20 -0
  322. package/src/creatio/index.ts +6 -0
  323. package/src/creatio/provider-context.ts +10 -0
  324. package/src/creatio/providers/crud-provider.ts +45 -0
  325. package/src/creatio/providers/index.ts +4 -0
  326. package/src/creatio/providers/process-provider.ts +15 -0
  327. package/src/creatio/providers/sys-settings-provider.ts +63 -0
  328. package/src/creatio/providers/user-provider.ts +12 -0
  329. package/src/creatio/services/creatio-service-context.ts +38 -0
  330. package/src/creatio/services/http-client.ts +174 -0
  331. package/src/creatio/services/index.ts +7 -0
  332. package/src/creatio/services/metadata-store.ts +181 -0
  333. package/src/creatio/services/odata-crud-provider.ts +210 -0
  334. package/src/creatio/services/process-service-provider.ts +76 -0
  335. package/src/creatio/services/sys-settings-service-provider.ts +192 -0
  336. package/src/creatio/services/user-info-provider.ts +41 -0
  337. package/src/index.ts +44 -0
  338. package/src/log.ts +141 -0
  339. package/src/server/http/creatio-oauth-handlers.ts +146 -0
  340. package/src/server/http/httpServer.ts +150 -0
  341. package/src/server/http/index.ts +5 -0
  342. package/src/server/http/mcp-handlers.ts +92 -0
  343. package/src/server/http/mcp-oauth-handlers.ts +108 -0
  344. package/src/server/http/middleware.ts +91 -0
  345. package/src/server/index.ts +2 -0
  346. package/src/server/mcp/filters.ts +97 -0
  347. package/src/server/mcp/index.ts +1 -0
  348. package/src/server/mcp/prompts-data.ts +896 -0
  349. package/src/server/mcp/server.ts +331 -0
  350. package/src/server/mcp/tools-data.ts +592 -0
  351. package/src/server/oauth/client-manager.ts +47 -0
  352. package/src/server/oauth/index.ts +6 -0
  353. package/src/server/oauth/oauth-server.ts +185 -0
  354. package/src/server/oauth/storage.ts +106 -0
  355. package/src/server/oauth/token-manager.ts +80 -0
  356. package/src/server/oauth/types.ts +55 -0
  357. package/src/server/oauth/validators.ts +56 -0
  358. package/src/services/index.ts +2 -0
  359. package/src/services/session-context.ts +232 -0
  360. package/src/services/token-refresh-scheduler.ts +68 -0
  361. package/src/types/index.ts +1 -0
  362. package/src/types/network.ts +7 -0
  363. package/src/utils/context.ts +49 -0
  364. package/src/utils/env.ts +12 -0
  365. package/src/utils/index.ts +5 -0
  366. package/src/utils/mcp.ts +8 -0
  367. package/src/utils/network.ts +65 -0
  368. package/src/utils/pkce.ts +39 -0
  369. package/src/version.ts +15 -0
  370. package/tsconfig.json +28 -0
@@ -0,0 +1,146 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.OAuthServer = void 0;
7
+ const crypto_1 = __importDefault(require("crypto"));
8
+ const log_1 = __importDefault(require("../../log"));
9
+ const client_manager_1 = require("./client-manager");
10
+ const storage_1 = require("./storage");
11
+ const token_manager_1 = require("./token-manager");
12
+ const validators_1 = require("./validators");
13
+ class OAuthServer {
14
+ _jwtSecret = crypto_1.default.randomBytes(32).toString('hex');
15
+ _storage = new storage_1.OAuthStorage();
16
+ _tokenManager;
17
+ _accessTokens = new Map();
18
+ _baseUrl;
19
+ constructor(baseUrl = 'http://localhost:3000') {
20
+ this._baseUrl = baseUrl;
21
+ this._tokenManager = new token_manager_1.OAuthTokenManager(this._jwtSecret);
22
+ }
23
+ _autoRegisterClientIfNeeded(client_id, redirect_uri) {
24
+ if (this._storage.hasClient(client_id)) {
25
+ return false;
26
+ }
27
+ const client = client_manager_1.OAuthClientManager.autoRegisterClient(client_id, redirect_uri);
28
+ this._storage.addClient(client);
29
+ return true;
30
+ }
31
+ getAuthorizationServerMetadata() {
32
+ return {
33
+ issuer: this._baseUrl,
34
+ authorization_endpoint: `${this._baseUrl}/authorize`,
35
+ token_endpoint: `${this._baseUrl}/token`,
36
+ registration_endpoint: `${this._baseUrl}/register`,
37
+ response_types_supported: ['code'],
38
+ grant_types_supported: ['authorization_code'],
39
+ token_endpoint_auth_methods_supported: ['none', 'client_secret_post'],
40
+ code_challenge_methods_supported: ['S256'],
41
+ scopes_supported: ['openid'],
42
+ };
43
+ }
44
+ registerClient(redirect_uris) {
45
+ const client = client_manager_1.OAuthClientManager.createClient(redirect_uris);
46
+ this._storage.addClient(client);
47
+ return client;
48
+ }
49
+ validateAuthorizationRequest(params) {
50
+ let client = this._storage.getClient(params.client_id);
51
+ if (!client) {
52
+ const wasRegistered = this._autoRegisterClientIfNeeded(params.client_id, params.redirect_uri);
53
+ if (wasRegistered) {
54
+ client = this._storage.getClient(params.client_id);
55
+ }
56
+ }
57
+ return validators_1.OAuthValidators.validateAuthorizationRequest(params, client);
58
+ }
59
+ storeState(state, client_id) {
60
+ this._storage.storeState(state, client_id);
61
+ log_1.default.info('oauth.state.stored', { state, client_id });
62
+ }
63
+ validateState(state, client_id) {
64
+ log_1.default.info('oauth.state.validate_attempt', {
65
+ state,
66
+ client_id,
67
+ storedStates: this._storage.getAllStates(),
68
+ });
69
+ const stateData = this._storage.getState(state);
70
+ if (!stateData) {
71
+ log_1.default.warn('oauth.state.not_found', {
72
+ state,
73
+ storedStates: this._storage.getAllStates(),
74
+ });
75
+ return false;
76
+ }
77
+ if (stateData.expires_at < Date.now()) {
78
+ this._storage.deleteState(state);
79
+ log_1.default.warn('oauth.state.expired', { state });
80
+ return false;
81
+ }
82
+ if (stateData.client_id !== client_id) {
83
+ log_1.default.warn('oauth.state.client_mismatch', {
84
+ state,
85
+ expected: stateData.client_id,
86
+ actual: client_id,
87
+ });
88
+ return false;
89
+ }
90
+ this._storage.deleteState(state);
91
+ log_1.default.info('oauth.state.validated_successfully', { state, client_id });
92
+ return true;
93
+ }
94
+ generateAuthorizationCode(client_id, redirect_uri, code_challenge, code_challenge_method, userKey) {
95
+ const code = crypto_1.default.randomBytes(32).toString('base64url');
96
+ this._storage.storeAuthorizationCode(code, client_id, redirect_uri, code_challenge, code_challenge_method, userKey);
97
+ log_1.default.info('oauth.authorization_code.generated', { client_id, userKey });
98
+ return code;
99
+ }
100
+ async exchangeCodeForToken(params) {
101
+ log_1.default.info('oauth.token.exchange_start', {
102
+ grant_type: params.grant_type,
103
+ code: params.code ? '***' + params.code.slice(-4) : 'missing',
104
+ client_id: params.client_id,
105
+ redirect_uri: params.redirect_uri,
106
+ has_code_verifier: !!params.code_verifier,
107
+ stored_codes: this._storage.getAllStoredCodes().map((k) => '***' + k.slice(-4)),
108
+ });
109
+ const validationError = validators_1.OAuthValidators.validateTokenRequest(params);
110
+ if (validationError) {
111
+ return validationError;
112
+ }
113
+ const authCode = this._storage.getAuthorizationCode(params.code);
114
+ if (!authCode) {
115
+ log_1.default.error('oauth.token.code_not_found', {
116
+ code: '***' + params.code.slice(-4),
117
+ stored_codes: this._storage.getAllStoredCodes().map((k) => '***' + k.slice(-4)),
118
+ });
119
+ return { error: 'invalid_grant', error_description: 'Invalid authorization code' };
120
+ }
121
+ const codeValidationError = this._tokenManager.validateAuthCodeData(authCode, params);
122
+ if (codeValidationError) {
123
+ if (codeValidationError.error === 'invalid_grant' &&
124
+ codeValidationError.error_description === 'Authorization code expired') {
125
+ this._storage.deleteAuthorizationCode(params.code);
126
+ }
127
+ return codeValidationError;
128
+ }
129
+ const tokenResponse = this._tokenManager.createTokenResponse(authCode.userKey, params.client_id);
130
+ this._accessTokens.set(tokenResponse.access_token, tokenResponse);
131
+ this._storage.deleteAuthorizationCode(params.code);
132
+ log_1.default.info('oauth.token.issued', { client_id: params.client_id, userKey: authCode.userKey });
133
+ return tokenResponse;
134
+ }
135
+ validateAccessToken(token) {
136
+ return this._tokenManager.validateAccessToken(token);
137
+ }
138
+ getClient(client_id) {
139
+ return this._storage.getClient(client_id);
140
+ }
141
+ cleanup() {
142
+ this._storage.cleanup();
143
+ }
144
+ }
145
+ exports.OAuthServer = OAuthServer;
146
+ //# sourceMappingURL=oauth-server.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-server.js","sourceRoot":"","sources":["../../../src/server/oauth/oauth-server.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAE5B,oDAA4B;AAE5B,qDAAsD;AACtD,uCAAyC;AACzC,mDAAoD;AACpD,6CAA+C;AAW/C,MAAa,WAAW;IACN,UAAU,GAAW,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5D,QAAQ,GAAG,IAAI,sBAAY,EAAE,CAAC;IAC9B,aAAa,CAAoB;IACjC,aAAa,GAAG,IAAI,GAAG,EAA4B,CAAC;IAC7D,QAAQ,CAAS;IAEzB,YAAY,UAAkB,uBAAuB;QACpD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC7D,CAAC;IAEO,2BAA2B,CAAC,SAAiB,EAAE,YAAoB;QAC1E,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACd,CAAC;QACD,MAAM,MAAM,GAAG,mCAAkB,CAAC,kBAAkB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAC9E,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,8BAA8B;QACpC,OAAO;YACN,MAAM,EAAE,IAAI,CAAC,QAAQ;YACrB,sBAAsB,EAAE,GAAG,IAAI,CAAC,QAAQ,YAAY;YACpD,cAAc,EAAE,GAAG,IAAI,CAAC,QAAQ,QAAQ;YACxC,qBAAqB,EAAE,GAAG,IAAI,CAAC,QAAQ,WAAW;YAClD,wBAAwB,EAAE,CAAC,MAAM,CAAC;YAClC,qBAAqB,EAAE,CAAC,oBAAoB,CAAC;YAC7C,qCAAqC,EAAE,CAAC,MAAM,EAAE,oBAAoB,CAAC;YACrE,gCAAgC,EAAE,CAAC,MAAM,CAAC;YAC1C,gBAAgB,EAAE,CAAC,QAAQ,CAAC;SAC5B,CAAC;IACH,CAAC;IAEM,cAAc,CAAC,aAAuB;QAC5C,MAAM,MAAM,GAAG,mCAAkB,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,MAAM,CAAC;IACf,CAAC;IAEM,4BAA4B,CAAC,MAAiC;QACpE,IAAI,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,MAAM,aAAa,GAAG,IAAI,CAAC,2BAA2B,CACrD,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,YAAY,CACnB,CAAC;YACF,IAAI,aAAa,EAAE,CAAC;gBACnB,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACpD,CAAC;QACF,CAAC;QACD,OAAO,4BAAe,CAAC,4BAA4B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrE,CAAC;IAEM,UAAU,CAAC,KAAa,EAAE,SAAiB;QACjD,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAC3C,aAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IACtD,CAAC;IAEM,aAAa,CAAC,KAAa,EAAE,SAAiB;QACpD,aAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE;YACxC,KAAK;YACL,SAAS;YACT,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE;SAC1C,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,aAAG,CAAC,IAAI,CAAC,uBAAuB,EAAE;gBACjC,KAAK;gBACL,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE;aAC1C,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACd,CAAC;QACD,IAAI,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACvC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YACjC,aAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC3C,OAAO,KAAK,CAAC;QACd,CAAC;QACD,IAAI,SAAS,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACvC,aAAG,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACvC,KAAK;gBACL,QAAQ,EAAE,SAAS,CAAC,SAAS;gBAC7B,MAAM,EAAE,SAAS;aACjB,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACd,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACjC,aAAG,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QACrE,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,yBAAyB,CAC/B,SAAiB,EACjB,YAAoB,EACpB,cAAsB,EACtB,qBAA6B,EAC7B,OAAe;QAEf,MAAM,IAAI,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CACnC,IAAI,EACJ,SAAS,EACT,YAAY,EACZ,cAAc,EACd,qBAAqB,EACrB,OAAO,CACP,CAAC;QACF,aAAG,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QACvE,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAChC,MAAyB;QAEzB,aAAG,CAAC,IAAI,CAAC,4BAA4B,EAAE;YACtC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;YAC7D,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,aAAa;YACzC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;SAC/E,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,4BAAe,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACrE,IAAI,eAAe,EAAE,CAAC;YACrB,OAAO,eAAe,CAAC;QACxB,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAK,CAAC,CAAC;QAClE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,aAAG,CAAC,KAAK,CAAC,4BAA4B,EAAE;gBACvC,IAAI,EAAE,KAAK,GAAG,MAAM,CAAC,IAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACpC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;aAC/E,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,CAAC;QACpF,CAAC;QACD,MAAM,mBAAmB,GAAG,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACtF,IAAI,mBAAmB,EAAE,CAAC;YACzB,IACC,mBAAmB,CAAC,KAAK,KAAK,eAAe;gBAC7C,mBAAmB,CAAC,iBAAiB,KAAK,4BAA4B,EACrE,CAAC;gBACF,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC,MAAM,CAAC,IAAK,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,mBAAmB,CAAC;QAC5B,CAAC;QACD,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAC3D,QAAQ,CAAC,OAAO,EAChB,MAAM,CAAC,SAAS,CAChB,CAAC;QACF,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;QAClE,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC,MAAM,CAAC,IAAK,CAAC,CAAC;QACpD,aAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3F,OAAO,aAAa,CAAC;IACtB,CAAC;IAEM,mBAAmB,CAAC,KAAa;QACvC,OAAO,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IAEM,SAAS,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC;IAEM,OAAO;QACb,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;IACzB,CAAC;CACD;AAtKD,kCAsKC"}
@@ -0,0 +1,31 @@
1
+ import type { OAuthClient } from './types';
2
+ export interface AuthorizationCodeData {
3
+ client_id: string;
4
+ redirect_uri: string;
5
+ code_challenge: string;
6
+ code_challenge_method: string;
7
+ userKey: string;
8
+ expires_at: number;
9
+ }
10
+ export interface StateData {
11
+ client_id: string;
12
+ expires_at: number;
13
+ }
14
+ export declare class OAuthStorage {
15
+ private readonly _clients;
16
+ private readonly _authorizationCodes;
17
+ private readonly _authorizationStates;
18
+ addClient(client: OAuthClient): void;
19
+ getClient(client_id: string): OAuthClient | undefined;
20
+ hasClient(client_id: string): boolean;
21
+ storeAuthorizationCode(code: string, client_id: string, redirect_uri: string, code_challenge: string, code_challenge_method: string, userKey: string, expiresInMs?: number): void;
22
+ getAuthorizationCode(code: string): AuthorizationCodeData | undefined;
23
+ deleteAuthorizationCode(code: string): void;
24
+ storeState(state: string, client_id: string, expiresInMs?: number): void;
25
+ getState(state: string): StateData | undefined;
26
+ deleteState(state: string): void;
27
+ getAllStates(): string[];
28
+ getAllStoredCodes(): string[];
29
+ cleanup(): void;
30
+ }
31
+ //# sourceMappingURL=storage.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/storage.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C,MAAM,WAAW,qBAAqB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,SAAS;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAkC;IAC3D,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAA4C;IAChF,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAgC;IAE9D,SAAS,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAIpC,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAIrD,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAIrC,sBAAsB,CAC5B,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,qBAAqB,EAAE,MAAM,EAC7B,OAAO,EAAE,MAAM,EACf,WAAW,GAAE,MAAuB,GAClC,IAAI;IAYA,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,qBAAqB,GAAG,SAAS;IAIrE,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAI3C,UAAU,CAChB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,WAAW,GAAE,MAAuB,GAClC,IAAI;IAKA,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI9C,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIhC,YAAY,IAAI,MAAM,EAAE;IAIxB,iBAAiB,IAAI,MAAM,EAAE;IAI7B,OAAO,IAAI,IAAI;CAiBtB"}
@@ -0,0 +1,73 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.OAuthStorage = void 0;
7
+ const log_1 = __importDefault(require("../../log"));
8
+ class OAuthStorage {
9
+ _clients = new Map();
10
+ _authorizationCodes = new Map();
11
+ _authorizationStates = new Map();
12
+ addClient(client) {
13
+ this._clients.set(client.client_id, client);
14
+ }
15
+ getClient(client_id) {
16
+ return this._clients.get(client_id);
17
+ }
18
+ hasClient(client_id) {
19
+ return this._clients.has(client_id);
20
+ }
21
+ storeAuthorizationCode(code, client_id, redirect_uri, code_challenge, code_challenge_method, userKey, expiresInMs = 10 * 60 * 1000) {
22
+ const expires_at = Date.now() + expiresInMs;
23
+ this._authorizationCodes.set(code, {
24
+ client_id,
25
+ redirect_uri,
26
+ code_challenge,
27
+ code_challenge_method,
28
+ userKey,
29
+ expires_at,
30
+ });
31
+ }
32
+ getAuthorizationCode(code) {
33
+ return this._authorizationCodes.get(code);
34
+ }
35
+ deleteAuthorizationCode(code) {
36
+ this._authorizationCodes.delete(code);
37
+ }
38
+ storeState(state, client_id, expiresInMs = 30 * 60 * 1000) {
39
+ const expires_at = Date.now() + expiresInMs;
40
+ this._authorizationStates.set(state, { client_id, expires_at });
41
+ }
42
+ getState(state) {
43
+ return this._authorizationStates.get(state);
44
+ }
45
+ deleteState(state) {
46
+ this._authorizationStates.delete(state);
47
+ }
48
+ getAllStates() {
49
+ return Array.from(this._authorizationStates.keys());
50
+ }
51
+ getAllStoredCodes() {
52
+ return Array.from(this._authorizationCodes.keys());
53
+ }
54
+ cleanup() {
55
+ const now = Date.now();
56
+ for (const [code, data] of this._authorizationCodes.entries()) {
57
+ if (now > data.expires_at) {
58
+ this._authorizationCodes.delete(code);
59
+ }
60
+ }
61
+ for (const [state, data] of this._authorizationStates.entries()) {
62
+ if (now > data.expires_at) {
63
+ this._authorizationStates.delete(state);
64
+ }
65
+ }
66
+ log_1.default.info('oauth.storage.cleanup.completed', {
67
+ remaining_codes: this._authorizationCodes.size,
68
+ remaining_states: this._authorizationStates.size,
69
+ });
70
+ }
71
+ }
72
+ exports.OAuthStorage = OAuthStorage;
73
+ //# sourceMappingURL=storage.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"storage.js","sourceRoot":"","sources":["../../../src/server/oauth/storage.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAkB5B,MAAa,YAAY;IACP,QAAQ,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC1C,mBAAmB,GAAG,IAAI,GAAG,EAAiC,CAAC;IAC/D,oBAAoB,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE9D,SAAS,CAAC,MAAmB;QACnC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;IAEM,SAAS,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAEM,SAAS,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAEM,sBAAsB,CAC5B,IAAY,EACZ,SAAiB,EACjB,YAAoB,EACpB,cAAsB,EACtB,qBAA6B,EAC7B,OAAe,EACf,cAAsB,EAAE,GAAG,EAAE,GAAG,IAAI;QAEpC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QAC5C,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE;YAClC,SAAS;YACT,YAAY;YACZ,cAAc;YACd,qBAAqB;YACrB,OAAO;YACP,UAAU;SACV,CAAC,CAAC;IACJ,CAAC;IAEM,oBAAoB,CAAC,IAAY;QACvC,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAEM,uBAAuB,CAAC,IAAY;QAC1C,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAEM,UAAU,CAChB,KAAa,EACb,SAAiB,EACjB,cAAsB,EAAE,GAAG,EAAE,GAAG,IAAI;QAEpC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QAC5C,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;IACjE,CAAC;IAEM,QAAQ,CAAC,KAAa;QAC5B,OAAO,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAEM,WAAW,CAAC,KAAa;QAC/B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAEM,YAAY;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,CAAC;IAEM,iBAAiB;QACvB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IAEM,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,EAAE,CAAC;YAC/D,IAAI,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;gBAC3B,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;QACF,CAAC;QACD,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,EAAE,CAAC;YACjE,IAAI,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;gBAC3B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACzC,CAAC;QACF,CAAC;QACD,aAAG,CAAC,IAAI,CAAC,iCAAiC,EAAE;YAC3C,eAAe,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI;YAC9C,gBAAgB,EAAE,IAAI,CAAC,oBAAoB,CAAC,IAAI;SAChD,CAAC,CAAC;IACJ,CAAC;CACD;AAvFD,oCAuFC"}
@@ -0,0 +1,13 @@
1
+ import type { AuthorizationCodeData } from './storage';
2
+ import type { OAuthAccessToken, OAuthError, OAuthTokenRequest } from './types';
3
+ export declare class OAuthTokenManager {
4
+ private readonly _jwtSecret;
5
+ constructor(jwtSecret: string);
6
+ generateAccessToken(userKey: string, client_id: string): string;
7
+ generateRefreshToken(): string;
8
+ validateAccessToken(token: string): string | null;
9
+ createTokenResponse(userKey: string, client_id: string, refresh_token_required?: boolean): OAuthAccessToken;
10
+ verifyPKCE(code_verifier: string, code_challenge: string): boolean;
11
+ validateAuthCodeData(authCode: AuthorizationCodeData, params: OAuthTokenRequest): OAuthError | null;
12
+ }
13
+ //# sourceMappingURL=token-manager.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/token-manager.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACvD,OAAO,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAE/E,qBAAa,iBAAiB;IAC7B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAExB,SAAS,EAAE,MAAM;IAItB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM;IAI/D,oBAAoB,IAAI,MAAM;IAI9B,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAUjD,mBAAmB,CACzB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,sBAAsB,GAAE,OAAc,GACpC,gBAAgB;IAeZ,UAAU,CAAC,aAAa,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO;IAKlE,oBAAoB,CAC1B,QAAQ,EAAE,qBAAqB,EAC/B,MAAM,EAAE,iBAAiB,GACvB,UAAU,GAAG,IAAI;CAkBpB"}
@@ -0,0 +1,69 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.OAuthTokenManager = void 0;
7
+ const crypto_1 = __importDefault(require("crypto"));
8
+ const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
9
+ const log_1 = __importDefault(require("../../log"));
10
+ class OAuthTokenManager {
11
+ _jwtSecret;
12
+ constructor(jwtSecret) {
13
+ this._jwtSecret = jwtSecret;
14
+ }
15
+ generateAccessToken(userKey, client_id) {
16
+ return jsonwebtoken_1.default.sign({ userKey, client_id }, this._jwtSecret, { expiresIn: '1h' });
17
+ }
18
+ generateRefreshToken() {
19
+ return crypto_1.default.randomBytes(32).toString('base64url');
20
+ }
21
+ validateAccessToken(token) {
22
+ try {
23
+ const decoded = jsonwebtoken_1.default.verify(token, this._jwtSecret);
24
+ return decoded.userKey || null;
25
+ }
26
+ catch (error) {
27
+ log_1.default.warn('oauth.token.invalid', { error: String(error) });
28
+ return null;
29
+ }
30
+ }
31
+ createTokenResponse(userKey, client_id, refresh_token_required = true) {
32
+ const access_token = this.generateAccessToken(userKey, client_id);
33
+ const expires_in = 3600;
34
+ const tokenResponse = {
35
+ access_token,
36
+ token_type: 'Bearer',
37
+ expires_in,
38
+ userKey,
39
+ };
40
+ if (refresh_token_required) {
41
+ tokenResponse.refresh_token = this.generateRefreshToken();
42
+ }
43
+ return tokenResponse;
44
+ }
45
+ verifyPKCE(code_verifier, code_challenge) {
46
+ const hash = crypto_1.default.createHash('sha256').update(code_verifier).digest('base64url');
47
+ return hash === code_challenge;
48
+ }
49
+ validateAuthCodeData(authCode, params) {
50
+ if (Date.now() > authCode.expires_at) {
51
+ return { error: 'invalid_grant', error_description: 'Authorization code expired' };
52
+ }
53
+ if (authCode.client_id !== params.client_id) {
54
+ return { error: 'invalid_grant', error_description: 'Client mismatch' };
55
+ }
56
+ if (authCode.redirect_uri !== params.redirect_uri) {
57
+ return { error: 'invalid_grant', error_description: 'Redirect URI mismatch' };
58
+ }
59
+ if (!params.code_verifier) {
60
+ return { error: 'invalid_request', error_description: 'Missing code_verifier' };
61
+ }
62
+ if (!this.verifyPKCE(params.code_verifier, authCode.code_challenge)) {
63
+ return { error: 'invalid_grant', error_description: 'PKCE verification failed' };
64
+ }
65
+ return null;
66
+ }
67
+ }
68
+ exports.OAuthTokenManager = OAuthTokenManager;
69
+ //# sourceMappingURL=token-manager.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../../../src/server/oauth/token-manager.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAE5B,gEAA+B;AAE/B,oDAA4B;AAK5B,MAAa,iBAAiB;IACZ,UAAU,CAAS;IAEpC,YAAY,SAAiB;QAC5B,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;IAC7B,CAAC;IAEM,mBAAmB,CAAC,OAAe,EAAE,SAAiB;QAC5D,OAAO,sBAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,IAAI,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/E,CAAC;IAEM,oBAAoB;QAC1B,OAAO,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC;IAEM,mBAAmB,CAAC,KAAa;QACvC,IAAI,CAAC;YACJ,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAQ,CAAC;YAC1D,OAAO,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,aAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC;QACb,CAAC;IACF,CAAC;IAEM,mBAAmB,CACzB,OAAe,EACf,SAAiB,EACjB,yBAAkC,IAAI;QAEtC,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAClE,MAAM,UAAU,GAAG,IAAI,CAAC;QACxB,MAAM,aAAa,GAAqB;YACvC,YAAY;YACZ,UAAU,EAAE,QAAQ;YACpB,UAAU;YACV,OAAO;SACP,CAAC;QACF,IAAI,sBAAsB,EAAE,CAAC;YAC5B,aAAa,CAAC,aAAa,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC3D,CAAC;QACD,OAAO,aAAa,CAAC;IACtB,CAAC;IAEM,UAAU,CAAC,aAAqB,EAAE,cAAsB;QAC9D,MAAM,IAAI,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACnF,OAAO,IAAI,KAAK,cAAc,CAAC;IAChC,CAAC;IAEM,oBAAoB,CAC1B,QAA+B,EAC/B,MAAyB;QAEzB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,EAAE,CAAC;YACtC,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,CAAC;QACpF,CAAC;QACD,IAAI,QAAQ,CAAC,SAAS,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC7C,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;QACzE,CAAC;QACD,IAAI,QAAQ,CAAC,YAAY,KAAK,MAAM,CAAC,YAAY,EAAE,CAAC;YACnD,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC3B,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,CAAC;QACjF,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACrE,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,CAAC;QAClF,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;CACD;AAtED,8CAsEC"}
@@ -0,0 +1,51 @@
1
+ export interface OAuthClient {
2
+ client_id: string;
3
+ client_secret?: string;
4
+ redirect_uris: string[];
5
+ grant_types: string[];
6
+ response_types?: string[];
7
+ token_endpoint_auth_method?: string;
8
+ created_at: number;
9
+ }
10
+ export interface OAuthAuthorizationRequest {
11
+ client_id: string;
12
+ redirect_uri: string;
13
+ response_type: string;
14
+ state?: string;
15
+ code_challenge: string;
16
+ code_challenge_method: string;
17
+ scope?: string;
18
+ }
19
+ export interface OAuthTokenRequest {
20
+ grant_type: string;
21
+ client_id: string;
22
+ code?: string;
23
+ redirect_uri?: string;
24
+ code_verifier?: string;
25
+ refresh_token?: string;
26
+ }
27
+ export interface OAuthAccessToken {
28
+ access_token: string;
29
+ token_type: 'Bearer';
30
+ expires_in: number;
31
+ refresh_token?: string;
32
+ scope?: string;
33
+ userKey: string;
34
+ }
35
+ export interface OAuthError {
36
+ error: string;
37
+ error_description?: string;
38
+ error_uri?: string;
39
+ }
40
+ export interface OAuthAuthorizationServerMetadata {
41
+ issuer: string;
42
+ authorization_endpoint: string;
43
+ token_endpoint: string;
44
+ registration_endpoint: string;
45
+ response_types_supported: string[];
46
+ grant_types_supported: string[];
47
+ token_endpoint_auth_methods_supported: string[];
48
+ code_challenge_methods_supported: string[];
49
+ scopes_supported?: string[];
50
+ }
51
+ //# sourceMappingURL=types.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,yBAAyB;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,iBAAiB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,gBAAgB;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,QAAQ,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gCAAgC;IAChD,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B"}
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=types.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/server/oauth/types.ts"],"names":[],"mappings":""}
@@ -0,0 +1,7 @@
1
+ import type { OAuthAuthorizationRequest, OAuthClient, OAuthError, OAuthTokenRequest } from './types';
2
+ export declare class OAuthValidators {
3
+ static validateAuthorizationRequest(params: OAuthAuthorizationRequest, client: OAuthClient | undefined): OAuthError | null;
4
+ static validateTokenRequest(params: OAuthTokenRequest): OAuthError | null;
5
+ static validateClientRegistration(redirect_uris: unknown): string | null;
6
+ }
7
+ //# sourceMappingURL=validators.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/validators.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,yBAAyB,EACzB,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,MAAM,SAAS,CAAC;AACjB,qBAAa,eAAe;WACb,4BAA4B,CACzC,MAAM,EAAE,yBAAyB,EACjC,MAAM,EAAE,WAAW,GAAG,SAAS,GAC7B,UAAU,GAAG,IAAI;WAgBN,oBAAoB,CAAC,MAAM,EAAE,iBAAiB,GAAG,UAAU,GAAG,IAAI;WAUlE,0BAA0B,CAAC,aAAa,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI;CAmB/E"}
@@ -0,0 +1,51 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.OAuthValidators = void 0;
4
+ class OAuthValidators {
5
+ static validateAuthorizationRequest(params, client) {
6
+ if (!client) {
7
+ return { error: 'invalid_client', error_description: 'Client not found' };
8
+ }
9
+ if (!client.redirect_uris.includes(params.redirect_uri)) {
10
+ return { error: 'invalid_request', error_description: 'Invalid redirect_uri' };
11
+ }
12
+ if (params.response_type !== 'code') {
13
+ return { error: 'unsupported_response_type' };
14
+ }
15
+ if (!params.code_challenge || params.code_challenge_method !== 'S256') {
16
+ return { error: 'invalid_request', error_description: 'PKCE required' };
17
+ }
18
+ return null;
19
+ }
20
+ static validateTokenRequest(params) {
21
+ if (params.grant_type !== 'authorization_code') {
22
+ return { error: 'unsupported_grant_type' };
23
+ }
24
+ if (!params.code || !params.code_verifier) {
25
+ return { error: 'invalid_request', error_description: 'Missing code or code_verifier' };
26
+ }
27
+ return null;
28
+ }
29
+ static validateClientRegistration(redirect_uris) {
30
+ if (!redirect_uris || !Array.isArray(redirect_uris)) {
31
+ return 'redirect_uris is required and must be an array';
32
+ }
33
+ if (redirect_uris.length === 0) {
34
+ return 'redirect_uris must contain at least one URI';
35
+ }
36
+ for (const uri of redirect_uris) {
37
+ if (typeof uri !== 'string') {
38
+ return 'All redirect_uris must be strings';
39
+ }
40
+ try {
41
+ new URL(uri);
42
+ }
43
+ catch {
44
+ return `Invalid redirect_uri: ${uri}`;
45
+ }
46
+ }
47
+ return null;
48
+ }
49
+ }
50
+ exports.OAuthValidators = OAuthValidators;
51
+ //# sourceMappingURL=validators.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"validators.js","sourceRoot":"","sources":["../../../src/server/oauth/validators.ts"],"names":[],"mappings":";;;AAMA,MAAa,eAAe;IACpB,MAAM,CAAC,4BAA4B,CACzC,MAAiC,EACjC,MAA+B;QAE/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,CAAC;QAChF,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACrC,OAAO,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YACvE,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,eAAe,EAAE,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,oBAAoB,CAAC,MAAyB;QAC3D,IAAI,MAAM,CAAC,UAAU,KAAK,oBAAoB,EAAE,CAAC;YAChD,OAAO,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC;QAC5C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC3C,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,+BAA+B,EAAE,CAAC;QACzF,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,0BAA0B,CAAC,aAAsB;QAC9D,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YACrD,OAAO,gDAAgD,CAAC;QACzD,CAAC;QACD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,6CAA6C,CAAC;QACtD,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC7B,OAAO,mCAAmC,CAAC;YAC5C,CAAC;YACD,IAAI,CAAC;gBACJ,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACR,OAAO,yBAAyB,GAAG,EAAE,CAAC;YACvC,CAAC;QACF,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;CACD;AAjDD,0CAiDC"}
@@ -0,0 +1,3 @@
1
+ export * from './session-context';
2
+ export * from './token-refresh-scheduler';
3
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,2BAA2B,CAAC"}
@@ -0,0 +1,19 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
+ };
16
+ Object.defineProperty(exports, "__esModule", { value: true });
17
+ __exportStar(require("./session-context"), exports);
18
+ __exportStar(require("./token-refresh-scheduler"), exports);
19
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,4DAA0C"}
@@ -0,0 +1,57 @@
1
+ import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
2
+ export interface SessionInfo {
3
+ id: string;
4
+ userKey?: string | undefined;
5
+ transport?: StreamableHTTPServerTransport | undefined;
6
+ isLogged: boolean;
7
+ createdAt: Date;
8
+ remoteIp?: string | undefined;
9
+ }
10
+ export interface UserTokens {
11
+ accessToken: string;
12
+ accessTokenExpiryMs: number;
13
+ refreshToken?: string | undefined;
14
+ }
15
+ export interface OAuthState {
16
+ userKey: string;
17
+ createdAt: number;
18
+ expiresAt: number;
19
+ }
20
+ export declare class SessionContext {
21
+ private static _instance;
22
+ private readonly _sessions;
23
+ private readonly _userTokens;
24
+ private readonly _oauthStates;
25
+ private readonly _deletingSessions;
26
+ static get instance(): SessionContext;
27
+ private _generateState;
28
+ createSession(sessionId: string, userKey?: string, remoteIp?: string): SessionInfo;
29
+ getSession(sessionId: string): SessionInfo | undefined;
30
+ hasSession(sessionId: string): boolean;
31
+ markSessionAsLogged(sessionId: string): boolean;
32
+ setSessionTransport(sessionId: string, transport: StreamableHTTPServerTransport): void;
33
+ mapSessionToUser(sessionId: string, userKey: string): void;
34
+ deleteSession(sessionId: string): void;
35
+ getAllSessions(): SessionInfo[];
36
+ getSessionsForUser(userKey: string): SessionInfo[];
37
+ getTokensForSession(sessionId: string): Promise<UserTokens | null>;
38
+ getTokensForUser(userKey: string): Promise<UserTokens | null>;
39
+ setTokensForUser(userKey: string, tokens: UserTokens): Promise<void>;
40
+ deleteTokensForUser(userKey: string): Promise<void>;
41
+ createOAuthState(userKey: string): string;
42
+ validateOAuthState(state: string): {
43
+ userKey: string;
44
+ } | null;
45
+ validateAndConsumeOAuthState(state: string): string | undefined;
46
+ setSessionUserKey(sessionId: string, userKey: string): void;
47
+ cleanupExpiredOAuthStates(): void;
48
+ getEffectiveTokens(sessionId?: string, userKey?: string): Promise<UserTokens | null>;
49
+ createSessionWithUser(sessionId: string, userKey: string, remoteIp?: string): Promise<SessionInfo>;
50
+ mapAllSessionsToUser(userKey: string): void;
51
+ getStats(): {
52
+ sessionsCount: number;
53
+ tokensCount: number;
54
+ oauthStatesCount: number;
55
+ };
56
+ }
57
+ //# sourceMappingURL=session-context.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"session-context.d.ts","sourceRoot":"","sources":["../../src/services/session-context.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AAInG,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,SAAS,CAAC,EAAE,6BAA6B,GAAG,SAAS,CAAC;IACtD,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9B;AAED,MAAM,WAAW,UAAU;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAClC;AAED,MAAM,WAAW,UAAU;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,cAAc;IAC1B,OAAO,CAAC,MAAM,CAAC,SAAS,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAkC;IAC5D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAiC;IAC7D,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAiC;IAC9D,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAqB;IAEvD,WAAkB,QAAQ,IAAI,cAAc,CAK3C;IAED,OAAO,CAAC,cAAc;IAOf,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW;IAgBlF,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAItD,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAItC,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAS/C,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,IAAI;IAOtF,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAQ1D,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAiBtC,cAAc,IAAI,WAAW,EAAE;IAI/B,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE;IAI5C,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAQlE,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI7D,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzD,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IAWzC,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG;QACzC,OAAO,EAAE,MAAM,CAAC;KAChB,GAAG,IAAI;IAaD,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAK/D,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAQ3D,yBAAyB,IAAI,IAAI;IAS3B,kBAAkB,CAC9B,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAUhB,qBAAqB,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,WAAW,CAAC;IAKhB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAe3C,QAAQ,IAAI;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE;CAO3F"}