mcp-creatio 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (370) hide show
  1. package/.dockerignore +12 -0
  2. package/.editorconfig +14 -0
  3. package/.eslintrc.cjs +18 -0
  4. package/.gitattributes +8 -0
  5. package/.github/workflows/docker-publish.yml +50 -0
  6. package/.prettierignore +3 -0
  7. package/.prettierrc +9 -0
  8. package/.vscode/launch.json +23 -0
  9. package/.vscode/mcp.json +13 -0
  10. package/.vscode/settings.json +16 -0
  11. package/Agent.md +187 -0
  12. package/Debug.md +32 -0
  13. package/Dockerfile +23 -0
  14. package/LICENSE +21 -0
  15. package/README.md +162 -0
  16. package/dist/cli.d.ts +3 -0
  17. package/dist/cli.d.ts.map +1 -0
  18. package/dist/cli.js +135 -0
  19. package/dist/cli.js.map +1 -0
  20. package/dist/config-builder.d.ts +3 -0
  21. package/dist/config-builder.d.ts.map +1 -0
  22. package/dist/config-builder.js +66 -0
  23. package/dist/config-builder.js.map +1 -0
  24. package/dist/consts.d.ts +2 -0
  25. package/dist/consts.d.ts.map +1 -0
  26. package/dist/consts.js +6 -0
  27. package/dist/consts.js.map +1 -0
  28. package/dist/creatio/auth/auth-manager.d.ts +9 -0
  29. package/dist/creatio/auth/auth-manager.d.ts.map +1 -0
  30. package/dist/creatio/auth/auth-manager.js +29 -0
  31. package/dist/creatio/auth/auth-manager.js.map +1 -0
  32. package/dist/creatio/auth/auth.d.ts +16 -0
  33. package/dist/creatio/auth/auth.d.ts.map +1 -0
  34. package/dist/creatio/auth/auth.js +20 -0
  35. package/dist/creatio/auth/auth.js.map +1 -0
  36. package/dist/creatio/auth/index.d.ts +4 -0
  37. package/dist/creatio/auth/index.d.ts.map +1 -0
  38. package/dist/creatio/auth/index.js +21 -0
  39. package/dist/creatio/auth/index.js.map +1 -0
  40. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +17 -0
  41. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -0
  42. package/dist/creatio/auth/providers/base-oauth2-provider.js +49 -0
  43. package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -0
  44. package/dist/creatio/auth/providers/base-provider.d.ts +15 -0
  45. package/dist/creatio/auth/providers/base-provider.d.ts.map +1 -0
  46. package/dist/creatio/auth/providers/base-provider.js +32 -0
  47. package/dist/creatio/auth/providers/base-provider.js.map +1 -0
  48. package/dist/creatio/auth/providers/index.d.ts +5 -0
  49. package/dist/creatio/auth/providers/index.d.ts.map +1 -0
  50. package/dist/creatio/auth/providers/index.js +21 -0
  51. package/dist/creatio/auth/providers/index.js.map +1 -0
  52. package/dist/creatio/auth/providers/legacy-provider.d.ts +10 -0
  53. package/dist/creatio/auth/providers/legacy-provider.d.ts.map +1 -0
  54. package/dist/creatio/auth/providers/legacy-provider.js +73 -0
  55. package/dist/creatio/auth/providers/legacy-provider.js.map +1 -0
  56. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +18 -0
  57. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +1 -0
  58. package/dist/creatio/auth/providers/oauth2-code-provider.js +245 -0
  59. package/dist/creatio/auth/providers/oauth2-code-provider.js.map +1 -0
  60. package/dist/creatio/auth/providers/oauth2-provider.d.ts +9 -0
  61. package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -0
  62. package/dist/creatio/auth/providers/oauth2-provider.js +86 -0
  63. package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -0
  64. package/dist/creatio/auth/providers/type.d.ts +6 -0
  65. package/dist/creatio/auth/providers/type.d.ts.map +1 -0
  66. package/dist/creatio/auth/providers/type.js +10 -0
  67. package/dist/creatio/auth/providers/type.js.map +1 -0
  68. package/dist/creatio/client-config.d.ts +29 -0
  69. package/dist/creatio/client-config.d.ts.map +1 -0
  70. package/dist/creatio/client-config.js +3 -0
  71. package/dist/creatio/client-config.js.map +1 -0
  72. package/dist/creatio/engines/crud/crud-engine.d.ts +15 -0
  73. package/dist/creatio/engines/crud/crud-engine.d.ts.map +1 -0
  74. package/dist/creatio/engines/crud/crud-engine.js +33 -0
  75. package/dist/creatio/engines/crud/crud-engine.js.map +1 -0
  76. package/dist/creatio/engines/engine-manager.d.ts +33 -0
  77. package/dist/creatio/engines/engine-manager.d.ts.map +1 -0
  78. package/dist/creatio/engines/engine-manager.js +54 -0
  79. package/dist/creatio/engines/engine-manager.js.map +1 -0
  80. package/dist/creatio/engines/engine-registry.d.ts +15 -0
  81. package/dist/creatio/engines/engine-registry.d.ts.map +1 -0
  82. package/dist/creatio/engines/engine-registry.js +35 -0
  83. package/dist/creatio/engines/engine-registry.js.map +1 -0
  84. package/dist/creatio/engines/engine.d.ts +4 -0
  85. package/dist/creatio/engines/engine.d.ts.map +1 -0
  86. package/dist/creatio/engines/engine.js +3 -0
  87. package/dist/creatio/engines/engine.js.map +1 -0
  88. package/dist/creatio/engines/index.d.ts +8 -0
  89. package/dist/creatio/engines/index.d.ts.map +1 -0
  90. package/dist/creatio/engines/index.js +24 -0
  91. package/dist/creatio/engines/index.js.map +1 -0
  92. package/dist/creatio/engines/process/process-engine.d.ts +10 -0
  93. package/dist/creatio/engines/process/process-engine.d.ts.map +1 -0
  94. package/dist/creatio/engines/process/process-engine.js +18 -0
  95. package/dist/creatio/engines/process/process-engine.js.map +1 -0
  96. package/dist/creatio/engines/sys-settings/sys-settings-engine.d.ts +13 -0
  97. package/dist/creatio/engines/sys-settings/sys-settings-engine.d.ts.map +1 -0
  98. package/dist/creatio/engines/sys-settings/sys-settings-engine.js +27 -0
  99. package/dist/creatio/engines/sys-settings/sys-settings-engine.js.map +1 -0
  100. package/dist/creatio/engines/user/user-engine.d.ts +10 -0
  101. package/dist/creatio/engines/user/user-engine.d.ts.map +1 -0
  102. package/dist/creatio/engines/user/user-engine.js +18 -0
  103. package/dist/creatio/engines/user/user-engine.js.map +1 -0
  104. package/dist/creatio/index.d.ts +7 -0
  105. package/dist/creatio/index.d.ts.map +1 -0
  106. package/dist/creatio/index.js +23 -0
  107. package/dist/creatio/index.js.map +1 -0
  108. package/dist/creatio/provider-context.d.ts +10 -0
  109. package/dist/creatio/provider-context.d.ts.map +1 -0
  110. package/dist/creatio/provider-context.js +3 -0
  111. package/dist/creatio/provider-context.js.map +1 -0
  112. package/dist/creatio/providers/crud-provider.d.ts +40 -0
  113. package/dist/creatio/providers/crud-provider.d.ts.map +1 -0
  114. package/dist/creatio/providers/crud-provider.js +3 -0
  115. package/dist/creatio/providers/crud-provider.js.map +1 -0
  116. package/dist/creatio/providers/index.d.ts +5 -0
  117. package/dist/creatio/providers/index.d.ts.map +1 -0
  118. package/dist/creatio/providers/index.js +21 -0
  119. package/dist/creatio/providers/index.js.map +1 -0
  120. package/dist/creatio/providers/process-provider.d.ts +14 -0
  121. package/dist/creatio/providers/process-provider.d.ts.map +1 -0
  122. package/dist/creatio/providers/process-provider.js +3 -0
  123. package/dist/creatio/providers/process-provider.js.map +1 -0
  124. package/dist/creatio/providers/sys-settings-provider.d.ts +58 -0
  125. package/dist/creatio/providers/sys-settings-provider.d.ts.map +1 -0
  126. package/dist/creatio/providers/sys-settings-provider.js +3 -0
  127. package/dist/creatio/providers/sys-settings-provider.js.map +1 -0
  128. package/dist/creatio/providers/user-provider.d.ts +12 -0
  129. package/dist/creatio/providers/user-provider.d.ts.map +1 -0
  130. package/dist/creatio/providers/user-provider.js +3 -0
  131. package/dist/creatio/providers/user-provider.js.map +1 -0
  132. package/dist/creatio/services/creatio-service-context.d.ts +17 -0
  133. package/dist/creatio/services/creatio-service-context.d.ts.map +1 -0
  134. package/dist/creatio/services/creatio-service-context.js +35 -0
  135. package/dist/creatio/services/creatio-service-context.js.map +1 -0
  136. package/dist/creatio/services/http-client.d.ts +29 -0
  137. package/dist/creatio/services/http-client.d.ts.map +1 -0
  138. package/dist/creatio/services/http-client.js +136 -0
  139. package/dist/creatio/services/http-client.js.map +1 -0
  140. package/dist/creatio/services/index.d.ts +8 -0
  141. package/dist/creatio/services/index.d.ts.map +1 -0
  142. package/dist/creatio/services/index.js +24 -0
  143. package/dist/creatio/services/index.js.map +1 -0
  144. package/dist/creatio/services/metadata-store.d.ts +20 -0
  145. package/dist/creatio/services/metadata-store.d.ts.map +1 -0
  146. package/dist/creatio/services/metadata-store.js +162 -0
  147. package/dist/creatio/services/metadata-store.js.map +1 -0
  148. package/dist/creatio/services/odata-crud-provider.d.ts +21 -0
  149. package/dist/creatio/services/odata-crud-provider.d.ts.map +1 -0
  150. package/dist/creatio/services/odata-crud-provider.js +145 -0
  151. package/dist/creatio/services/odata-crud-provider.js.map +1 -0
  152. package/dist/creatio/services/process-service-provider.d.ts +11 -0
  153. package/dist/creatio/services/process-service-provider.d.ts.map +1 -0
  154. package/dist/creatio/services/process-service-provider.js +52 -0
  155. package/dist/creatio/services/process-service-provider.js.map +1 -0
  156. package/dist/creatio/services/sys-settings-service-provider.d.ts +19 -0
  157. package/dist/creatio/services/sys-settings-service-provider.d.ts.map +1 -0
  158. package/dist/creatio/services/sys-settings-service-provider.js +107 -0
  159. package/dist/creatio/services/sys-settings-service-provider.js.map +1 -0
  160. package/dist/creatio/services/user-info-provider.d.ts +10 -0
  161. package/dist/creatio/services/user-info-provider.d.ts.map +1 -0
  162. package/dist/creatio/services/user-info-provider.js +26 -0
  163. package/dist/creatio/services/user-info-provider.js.map +1 -0
  164. package/dist/index.d.ts +2 -0
  165. package/dist/index.d.ts.map +1 -0
  166. package/dist/index.js +46 -0
  167. package/dist/index.js.map +1 -0
  168. package/dist/log.d.ts +51 -0
  169. package/dist/log.d.ts.map +1 -0
  170. package/dist/log.js +137 -0
  171. package/dist/log.js.map +1 -0
  172. package/dist/server/http/creatio-oauth-handlers.d.ts +14 -0
  173. package/dist/server/http/creatio-oauth-handlers.d.ts.map +1 -0
  174. package/dist/server/http/creatio-oauth-handlers.js +137 -0
  175. package/dist/server/http/creatio-oauth-handlers.js.map +1 -0
  176. package/dist/server/http/httpServer.d.ts +23 -0
  177. package/dist/server/http/httpServer.d.ts.map +1 -0
  178. package/dist/server/http/httpServer.js +131 -0
  179. package/dist/server/http/httpServer.js.map +1 -0
  180. package/dist/server/http/index.d.ts +6 -0
  181. package/dist/server/http/index.d.ts.map +1 -0
  182. package/dist/server/http/index.js +22 -0
  183. package/dist/server/http/index.js.map +1 -0
  184. package/dist/server/http/mcp-handlers.d.ts +10 -0
  185. package/dist/server/http/mcp-handlers.d.ts.map +1 -0
  186. package/dist/server/http/mcp-handlers.js +82 -0
  187. package/dist/server/http/mcp-handlers.js.map +1 -0
  188. package/dist/server/http/mcp-oauth-handlers.d.ts +11 -0
  189. package/dist/server/http/mcp-oauth-handlers.d.ts.map +1 -0
  190. package/dist/server/http/mcp-oauth-handlers.js +106 -0
  191. package/dist/server/http/mcp-oauth-handlers.js.map +1 -0
  192. package/dist/server/http/middleware.d.ts +11 -0
  193. package/dist/server/http/middleware.d.ts.map +1 -0
  194. package/dist/server/http/middleware.js +88 -0
  195. package/dist/server/http/middleware.js.map +1 -0
  196. package/dist/server/index.d.ts +3 -0
  197. package/dist/server/index.d.ts.map +1 -0
  198. package/dist/server/index.js +19 -0
  199. package/dist/server/index.js.map +1 -0
  200. package/dist/server/mcp/filters.d.ts +2 -0
  201. package/dist/server/mcp/filters.d.ts.map +1 -0
  202. package/dist/server/mcp/filters.js +94 -0
  203. package/dist/server/mcp/filters.js.map +1 -0
  204. package/dist/server/mcp/index.d.ts +2 -0
  205. package/dist/server/mcp/index.d.ts.map +1 -0
  206. package/dist/server/mcp/index.js +18 -0
  207. package/dist/server/mcp/index.js.map +1 -0
  208. package/dist/server/mcp/prompts-data.d.ts +147 -0
  209. package/dist/server/mcp/prompts-data.d.ts.map +1 -0
  210. package/dist/server/mcp/prompts-data.js +884 -0
  211. package/dist/server/mcp/prompts-data.js.map +1 -0
  212. package/dist/server/mcp/server.d.ts +25 -0
  213. package/dist/server/mcp/server.d.ts.map +1 -0
  214. package/dist/server/mcp/server.js +233 -0
  215. package/dist/server/mcp/server.js.map +1 -0
  216. package/dist/server/mcp/tools-data.d.ts +165 -0
  217. package/dist/server/mcp/tools-data.d.ts.map +1 -0
  218. package/dist/server/mcp/tools-data.js +466 -0
  219. package/dist/server/mcp/tools-data.js.map +1 -0
  220. package/dist/server/oauth/client-manager.d.ts +6 -0
  221. package/dist/server/oauth/client-manager.d.ts.map +1 -0
  222. package/dist/server/oauth/client-manager.js +52 -0
  223. package/dist/server/oauth/client-manager.js.map +1 -0
  224. package/dist/server/oauth/index.d.ts +7 -0
  225. package/dist/server/oauth/index.d.ts.map +1 -0
  226. package/dist/server/oauth/index.js +23 -0
  227. package/dist/server/oauth/index.js.map +1 -0
  228. package/dist/server/oauth/oauth-server.d.ts +21 -0
  229. package/dist/server/oauth/oauth-server.d.ts.map +1 -0
  230. package/dist/server/oauth/oauth-server.js +146 -0
  231. package/dist/server/oauth/oauth-server.js.map +1 -0
  232. package/dist/server/oauth/storage.d.ts +31 -0
  233. package/dist/server/oauth/storage.d.ts.map +1 -0
  234. package/dist/server/oauth/storage.js +73 -0
  235. package/dist/server/oauth/storage.js.map +1 -0
  236. package/dist/server/oauth/token-manager.d.ts +13 -0
  237. package/dist/server/oauth/token-manager.d.ts.map +1 -0
  238. package/dist/server/oauth/token-manager.js +69 -0
  239. package/dist/server/oauth/token-manager.js.map +1 -0
  240. package/dist/server/oauth/types.d.ts +51 -0
  241. package/dist/server/oauth/types.d.ts.map +1 -0
  242. package/dist/server/oauth/types.js +3 -0
  243. package/dist/server/oauth/types.js.map +1 -0
  244. package/dist/server/oauth/validators.d.ts +7 -0
  245. package/dist/server/oauth/validators.d.ts.map +1 -0
  246. package/dist/server/oauth/validators.js +51 -0
  247. package/dist/server/oauth/validators.js.map +1 -0
  248. package/dist/services/index.d.ts +3 -0
  249. package/dist/services/index.d.ts.map +1 -0
  250. package/dist/services/index.js +19 -0
  251. package/dist/services/index.js.map +1 -0
  252. package/dist/services/session-context.d.ts +57 -0
  253. package/dist/services/session-context.d.ts.map +1 -0
  254. package/dist/services/session-context.js +182 -0
  255. package/dist/services/session-context.js.map +1 -0
  256. package/dist/services/token-refresh-scheduler.d.ts +16 -0
  257. package/dist/services/token-refresh-scheduler.d.ts.map +1 -0
  258. package/dist/services/token-refresh-scheduler.js +66 -0
  259. package/dist/services/token-refresh-scheduler.js.map +1 -0
  260. package/dist/types/index.d.ts +2 -0
  261. package/dist/types/index.d.ts.map +1 -0
  262. package/dist/types/index.js +18 -0
  263. package/dist/types/index.js.map +1 -0
  264. package/dist/types/network.d.ts +7 -0
  265. package/dist/types/network.d.ts.map +1 -0
  266. package/dist/types/network.js +6 -0
  267. package/dist/types/network.js.map +1 -0
  268. package/dist/utils/context.d.ts +10 -0
  269. package/dist/utils/context.d.ts.map +1 -0
  270. package/dist/utils/context.js +44 -0
  271. package/dist/utils/context.js.map +1 -0
  272. package/dist/utils/env.d.ts +3 -0
  273. package/dist/utils/env.d.ts.map +1 -0
  274. package/dist/utils/env.js +16 -0
  275. package/dist/utils/env.js.map +1 -0
  276. package/dist/utils/index.d.ts +6 -0
  277. package/dist/utils/index.d.ts.map +1 -0
  278. package/dist/utils/index.js +22 -0
  279. package/dist/utils/index.js.map +1 -0
  280. package/dist/utils/mcp.d.ts +3 -0
  281. package/dist/utils/mcp.d.ts.map +1 -0
  282. package/dist/utils/mcp.js +7 -0
  283. package/dist/utils/mcp.js.map +1 -0
  284. package/dist/utils/network.d.ts +7 -0
  285. package/dist/utils/network.d.ts.map +1 -0
  286. package/dist/utils/network.js +63 -0
  287. package/dist/utils/network.js.map +1 -0
  288. package/dist/utils/pkce.d.ts +7 -0
  289. package/dist/utils/pkce.d.ts.map +1 -0
  290. package/dist/utils/pkce.js +43 -0
  291. package/dist/utils/pkce.js.map +1 -0
  292. package/dist/version.d.ts +3 -0
  293. package/dist/version.d.ts.map +1 -0
  294. package/dist/version.js +10 -0
  295. package/dist/version.js.map +1 -0
  296. package/docs/coding-style.md +30 -0
  297. package/ecosystem.config.json +17 -0
  298. package/eslint.config.cjs +95 -0
  299. package/package.json +54 -0
  300. package/src/cli.ts +158 -0
  301. package/src/config-builder.ts +76 -0
  302. package/src/consts.ts +3 -0
  303. package/src/creatio/auth/auth-manager.ts +27 -0
  304. package/src/creatio/auth/auth.ts +31 -0
  305. package/src/creatio/auth/index.ts +3 -0
  306. package/src/creatio/auth/providers/base-oauth2-provider.ts +62 -0
  307. package/src/creatio/auth/providers/base-provider.ts +42 -0
  308. package/src/creatio/auth/providers/index.ts +4 -0
  309. package/src/creatio/auth/providers/legacy-provider.ts +70 -0
  310. package/src/creatio/auth/providers/oauth2-code-provider.ts +252 -0
  311. package/src/creatio/auth/providers/oauth2-provider.ts +91 -0
  312. package/src/creatio/auth/providers/type.ts +5 -0
  313. package/src/creatio/client-config.ts +34 -0
  314. package/src/creatio/engines/crud/crud-engine.ts +47 -0
  315. package/src/creatio/engines/engine-manager.ts +102 -0
  316. package/src/creatio/engines/engine-registry.ts +36 -0
  317. package/src/creatio/engines/engine.ts +3 -0
  318. package/src/creatio/engines/index.ts +7 -0
  319. package/src/creatio/engines/process/process-engine.ts +20 -0
  320. package/src/creatio/engines/sys-settings/sys-settings-engine.ts +41 -0
  321. package/src/creatio/engines/user/user-engine.ts +20 -0
  322. package/src/creatio/index.ts +6 -0
  323. package/src/creatio/provider-context.ts +10 -0
  324. package/src/creatio/providers/crud-provider.ts +45 -0
  325. package/src/creatio/providers/index.ts +4 -0
  326. package/src/creatio/providers/process-provider.ts +15 -0
  327. package/src/creatio/providers/sys-settings-provider.ts +63 -0
  328. package/src/creatio/providers/user-provider.ts +12 -0
  329. package/src/creatio/services/creatio-service-context.ts +38 -0
  330. package/src/creatio/services/http-client.ts +174 -0
  331. package/src/creatio/services/index.ts +7 -0
  332. package/src/creatio/services/metadata-store.ts +181 -0
  333. package/src/creatio/services/odata-crud-provider.ts +210 -0
  334. package/src/creatio/services/process-service-provider.ts +76 -0
  335. package/src/creatio/services/sys-settings-service-provider.ts +192 -0
  336. package/src/creatio/services/user-info-provider.ts +41 -0
  337. package/src/index.ts +44 -0
  338. package/src/log.ts +141 -0
  339. package/src/server/http/creatio-oauth-handlers.ts +146 -0
  340. package/src/server/http/httpServer.ts +150 -0
  341. package/src/server/http/index.ts +5 -0
  342. package/src/server/http/mcp-handlers.ts +92 -0
  343. package/src/server/http/mcp-oauth-handlers.ts +108 -0
  344. package/src/server/http/middleware.ts +91 -0
  345. package/src/server/index.ts +2 -0
  346. package/src/server/mcp/filters.ts +97 -0
  347. package/src/server/mcp/index.ts +1 -0
  348. package/src/server/mcp/prompts-data.ts +896 -0
  349. package/src/server/mcp/server.ts +331 -0
  350. package/src/server/mcp/tools-data.ts +592 -0
  351. package/src/server/oauth/client-manager.ts +47 -0
  352. package/src/server/oauth/index.ts +6 -0
  353. package/src/server/oauth/oauth-server.ts +185 -0
  354. package/src/server/oauth/storage.ts +106 -0
  355. package/src/server/oauth/token-manager.ts +80 -0
  356. package/src/server/oauth/types.ts +55 -0
  357. package/src/server/oauth/validators.ts +56 -0
  358. package/src/services/index.ts +2 -0
  359. package/src/services/session-context.ts +232 -0
  360. package/src/services/token-refresh-scheduler.ts +68 -0
  361. package/src/types/index.ts +1 -0
  362. package/src/types/network.ts +7 -0
  363. package/src/utils/context.ts +49 -0
  364. package/src/utils/env.ts +12 -0
  365. package/src/utils/index.ts +5 -0
  366. package/src/utils/mcp.ts +8 -0
  367. package/src/utils/network.ts +65 -0
  368. package/src/utils/pkce.ts +39 -0
  369. package/src/version.ts +15 -0
  370. package/tsconfig.json +28 -0
@@ -0,0 +1,185 @@
1
+ import crypto from 'crypto';
2
+
3
+ import log from '../../log';
4
+
5
+ import { OAuthClientManager } from './client-manager';
6
+ import { OAuthStorage } from './storage';
7
+ import { OAuthTokenManager } from './token-manager';
8
+ import { OAuthValidators } from './validators';
9
+
10
+ import type {
11
+ OAuthAccessToken,
12
+ OAuthAuthorizationRequest,
13
+ OAuthAuthorizationServerMetadata,
14
+ OAuthClient,
15
+ OAuthError,
16
+ OAuthTokenRequest,
17
+ } from './types';
18
+
19
+ export class OAuthServer {
20
+ private readonly _jwtSecret: string = crypto.randomBytes(32).toString('hex');
21
+ private readonly _storage = new OAuthStorage();
22
+ private readonly _tokenManager: OAuthTokenManager;
23
+ private readonly _accessTokens = new Map<string, OAuthAccessToken>();
24
+ private _baseUrl: string;
25
+
26
+ constructor(baseUrl: string = 'http://localhost:3000') {
27
+ this._baseUrl = baseUrl;
28
+ this._tokenManager = new OAuthTokenManager(this._jwtSecret);
29
+ }
30
+
31
+ private _autoRegisterClientIfNeeded(client_id: string, redirect_uri: string): boolean {
32
+ if (this._storage.hasClient(client_id)) {
33
+ return false;
34
+ }
35
+ const client = OAuthClientManager.autoRegisterClient(client_id, redirect_uri);
36
+ this._storage.addClient(client);
37
+ return true;
38
+ }
39
+
40
+ public getAuthorizationServerMetadata(): OAuthAuthorizationServerMetadata {
41
+ return {
42
+ issuer: this._baseUrl,
43
+ authorization_endpoint: `${this._baseUrl}/authorize`,
44
+ token_endpoint: `${this._baseUrl}/token`,
45
+ registration_endpoint: `${this._baseUrl}/register`,
46
+ response_types_supported: ['code'],
47
+ grant_types_supported: ['authorization_code'],
48
+ token_endpoint_auth_methods_supported: ['none', 'client_secret_post'],
49
+ code_challenge_methods_supported: ['S256'],
50
+ scopes_supported: ['openid'],
51
+ };
52
+ }
53
+
54
+ public registerClient(redirect_uris: string[]): OAuthClient {
55
+ const client = OAuthClientManager.createClient(redirect_uris);
56
+ this._storage.addClient(client);
57
+ return client;
58
+ }
59
+
60
+ public validateAuthorizationRequest(params: OAuthAuthorizationRequest): OAuthError | null {
61
+ let client = this._storage.getClient(params.client_id);
62
+ if (!client) {
63
+ const wasRegistered = this._autoRegisterClientIfNeeded(
64
+ params.client_id,
65
+ params.redirect_uri,
66
+ );
67
+ if (wasRegistered) {
68
+ client = this._storage.getClient(params.client_id);
69
+ }
70
+ }
71
+ return OAuthValidators.validateAuthorizationRequest(params, client);
72
+ }
73
+
74
+ public storeState(state: string, client_id: string): void {
75
+ this._storage.storeState(state, client_id);
76
+ log.info('oauth.state.stored', { state, client_id });
77
+ }
78
+
79
+ public validateState(state: string, client_id: string): boolean {
80
+ log.info('oauth.state.validate_attempt', {
81
+ state,
82
+ client_id,
83
+ storedStates: this._storage.getAllStates(),
84
+ });
85
+ const stateData = this._storage.getState(state);
86
+ if (!stateData) {
87
+ log.warn('oauth.state.not_found', {
88
+ state,
89
+ storedStates: this._storage.getAllStates(),
90
+ });
91
+ return false;
92
+ }
93
+ if (stateData.expires_at < Date.now()) {
94
+ this._storage.deleteState(state);
95
+ log.warn('oauth.state.expired', { state });
96
+ return false;
97
+ }
98
+ if (stateData.client_id !== client_id) {
99
+ log.warn('oauth.state.client_mismatch', {
100
+ state,
101
+ expected: stateData.client_id,
102
+ actual: client_id,
103
+ });
104
+ return false;
105
+ }
106
+ this._storage.deleteState(state);
107
+ log.info('oauth.state.validated_successfully', { state, client_id });
108
+ return true;
109
+ }
110
+
111
+ public generateAuthorizationCode(
112
+ client_id: string,
113
+ redirect_uri: string,
114
+ code_challenge: string,
115
+ code_challenge_method: string,
116
+ userKey: string,
117
+ ): string {
118
+ const code = crypto.randomBytes(32).toString('base64url');
119
+ this._storage.storeAuthorizationCode(
120
+ code,
121
+ client_id,
122
+ redirect_uri,
123
+ code_challenge,
124
+ code_challenge_method,
125
+ userKey,
126
+ );
127
+ log.info('oauth.authorization_code.generated', { client_id, userKey });
128
+ return code;
129
+ }
130
+
131
+ public async exchangeCodeForToken(
132
+ params: OAuthTokenRequest,
133
+ ): Promise<OAuthAccessToken | OAuthError> {
134
+ log.info('oauth.token.exchange_start', {
135
+ grant_type: params.grant_type,
136
+ code: params.code ? '***' + params.code.slice(-4) : 'missing',
137
+ client_id: params.client_id,
138
+ redirect_uri: params.redirect_uri,
139
+ has_code_verifier: !!params.code_verifier,
140
+ stored_codes: this._storage.getAllStoredCodes().map((k) => '***' + k.slice(-4)),
141
+ });
142
+ const validationError = OAuthValidators.validateTokenRequest(params);
143
+ if (validationError) {
144
+ return validationError;
145
+ }
146
+ const authCode = this._storage.getAuthorizationCode(params.code!);
147
+ if (!authCode) {
148
+ log.error('oauth.token.code_not_found', {
149
+ code: '***' + params.code!.slice(-4),
150
+ stored_codes: this._storage.getAllStoredCodes().map((k) => '***' + k.slice(-4)),
151
+ });
152
+ return { error: 'invalid_grant', error_description: 'Invalid authorization code' };
153
+ }
154
+ const codeValidationError = this._tokenManager.validateAuthCodeData(authCode, params);
155
+ if (codeValidationError) {
156
+ if (
157
+ codeValidationError.error === 'invalid_grant' &&
158
+ codeValidationError.error_description === 'Authorization code expired'
159
+ ) {
160
+ this._storage.deleteAuthorizationCode(params.code!);
161
+ }
162
+ return codeValidationError;
163
+ }
164
+ const tokenResponse = this._tokenManager.createTokenResponse(
165
+ authCode.userKey,
166
+ params.client_id,
167
+ );
168
+ this._accessTokens.set(tokenResponse.access_token, tokenResponse);
169
+ this._storage.deleteAuthorizationCode(params.code!);
170
+ log.info('oauth.token.issued', { client_id: params.client_id, userKey: authCode.userKey });
171
+ return tokenResponse;
172
+ }
173
+
174
+ public validateAccessToken(token: string): string | null {
175
+ return this._tokenManager.validateAccessToken(token);
176
+ }
177
+
178
+ public getClient(client_id: string): OAuthClient | undefined {
179
+ return this._storage.getClient(client_id);
180
+ }
181
+
182
+ public cleanup(): void {
183
+ this._storage.cleanup();
184
+ }
185
+ }
@@ -0,0 +1,106 @@
1
+ import log from '../../log';
2
+
3
+ import type { OAuthClient } from './types';
4
+
5
+ export interface AuthorizationCodeData {
6
+ client_id: string;
7
+ redirect_uri: string;
8
+ code_challenge: string;
9
+ code_challenge_method: string;
10
+ userKey: string;
11
+ expires_at: number;
12
+ }
13
+
14
+ export interface StateData {
15
+ client_id: string;
16
+ expires_at: number;
17
+ }
18
+
19
+ export class OAuthStorage {
20
+ private readonly _clients = new Map<string, OAuthClient>();
21
+ private readonly _authorizationCodes = new Map<string, AuthorizationCodeData>();
22
+ private readonly _authorizationStates = new Map<string, StateData>();
23
+
24
+ public addClient(client: OAuthClient): void {
25
+ this._clients.set(client.client_id, client);
26
+ }
27
+
28
+ public getClient(client_id: string): OAuthClient | undefined {
29
+ return this._clients.get(client_id);
30
+ }
31
+
32
+ public hasClient(client_id: string): boolean {
33
+ return this._clients.has(client_id);
34
+ }
35
+
36
+ public storeAuthorizationCode(
37
+ code: string,
38
+ client_id: string,
39
+ redirect_uri: string,
40
+ code_challenge: string,
41
+ code_challenge_method: string,
42
+ userKey: string,
43
+ expiresInMs: number = 10 * 60 * 1000,
44
+ ): void {
45
+ const expires_at = Date.now() + expiresInMs;
46
+ this._authorizationCodes.set(code, {
47
+ client_id,
48
+ redirect_uri,
49
+ code_challenge,
50
+ code_challenge_method,
51
+ userKey,
52
+ expires_at,
53
+ });
54
+ }
55
+
56
+ public getAuthorizationCode(code: string): AuthorizationCodeData | undefined {
57
+ return this._authorizationCodes.get(code);
58
+ }
59
+
60
+ public deleteAuthorizationCode(code: string): void {
61
+ this._authorizationCodes.delete(code);
62
+ }
63
+
64
+ public storeState(
65
+ state: string,
66
+ client_id: string,
67
+ expiresInMs: number = 30 * 60 * 1000,
68
+ ): void {
69
+ const expires_at = Date.now() + expiresInMs;
70
+ this._authorizationStates.set(state, { client_id, expires_at });
71
+ }
72
+
73
+ public getState(state: string): StateData | undefined {
74
+ return this._authorizationStates.get(state);
75
+ }
76
+
77
+ public deleteState(state: string): void {
78
+ this._authorizationStates.delete(state);
79
+ }
80
+
81
+ public getAllStates(): string[] {
82
+ return Array.from(this._authorizationStates.keys());
83
+ }
84
+
85
+ public getAllStoredCodes(): string[] {
86
+ return Array.from(this._authorizationCodes.keys());
87
+ }
88
+
89
+ public cleanup(): void {
90
+ const now = Date.now();
91
+ for (const [code, data] of this._authorizationCodes.entries()) {
92
+ if (now > data.expires_at) {
93
+ this._authorizationCodes.delete(code);
94
+ }
95
+ }
96
+ for (const [state, data] of this._authorizationStates.entries()) {
97
+ if (now > data.expires_at) {
98
+ this._authorizationStates.delete(state);
99
+ }
100
+ }
101
+ log.info('oauth.storage.cleanup.completed', {
102
+ remaining_codes: this._authorizationCodes.size,
103
+ remaining_states: this._authorizationStates.size,
104
+ });
105
+ }
106
+ }
@@ -0,0 +1,80 @@
1
+ import crypto from 'crypto';
2
+
3
+ import jwt from 'jsonwebtoken';
4
+
5
+ import log from '../../log';
6
+
7
+ import type { AuthorizationCodeData } from './storage';
8
+ import type { OAuthAccessToken, OAuthError, OAuthTokenRequest } from './types';
9
+
10
+ export class OAuthTokenManager {
11
+ private readonly _jwtSecret: string;
12
+
13
+ constructor(jwtSecret: string) {
14
+ this._jwtSecret = jwtSecret;
15
+ }
16
+
17
+ public generateAccessToken(userKey: string, client_id: string): string {
18
+ return jwt.sign({ userKey, client_id }, this._jwtSecret, { expiresIn: '1h' });
19
+ }
20
+
21
+ public generateRefreshToken(): string {
22
+ return crypto.randomBytes(32).toString('base64url');
23
+ }
24
+
25
+ public validateAccessToken(token: string): string | null {
26
+ try {
27
+ const decoded = jwt.verify(token, this._jwtSecret) as any;
28
+ return decoded.userKey || null;
29
+ } catch (error) {
30
+ log.warn('oauth.token.invalid', { error: String(error) });
31
+ return null;
32
+ }
33
+ }
34
+
35
+ public createTokenResponse(
36
+ userKey: string,
37
+ client_id: string,
38
+ refresh_token_required: boolean = true,
39
+ ): OAuthAccessToken {
40
+ const access_token = this.generateAccessToken(userKey, client_id);
41
+ const expires_in = 3600;
42
+ const tokenResponse: OAuthAccessToken = {
43
+ access_token,
44
+ token_type: 'Bearer',
45
+ expires_in,
46
+ userKey,
47
+ };
48
+ if (refresh_token_required) {
49
+ tokenResponse.refresh_token = this.generateRefreshToken();
50
+ }
51
+ return tokenResponse;
52
+ }
53
+
54
+ public verifyPKCE(code_verifier: string, code_challenge: string): boolean {
55
+ const hash = crypto.createHash('sha256').update(code_verifier).digest('base64url');
56
+ return hash === code_challenge;
57
+ }
58
+
59
+ public validateAuthCodeData(
60
+ authCode: AuthorizationCodeData,
61
+ params: OAuthTokenRequest,
62
+ ): OAuthError | null {
63
+ if (Date.now() > authCode.expires_at) {
64
+ return { error: 'invalid_grant', error_description: 'Authorization code expired' };
65
+ }
66
+ if (authCode.client_id !== params.client_id) {
67
+ return { error: 'invalid_grant', error_description: 'Client mismatch' };
68
+ }
69
+ if (authCode.redirect_uri !== params.redirect_uri) {
70
+ return { error: 'invalid_grant', error_description: 'Redirect URI mismatch' };
71
+ }
72
+ if (!params.code_verifier) {
73
+ return { error: 'invalid_request', error_description: 'Missing code_verifier' };
74
+ }
75
+ if (!this.verifyPKCE(params.code_verifier, authCode.code_challenge)) {
76
+ return { error: 'invalid_grant', error_description: 'PKCE verification failed' };
77
+ }
78
+ return null;
79
+ }
80
+ }
@@ -0,0 +1,55 @@
1
+ export interface OAuthClient {
2
+ client_id: string;
3
+ client_secret?: string;
4
+ redirect_uris: string[];
5
+ grant_types: string[];
6
+ response_types?: string[];
7
+ token_endpoint_auth_method?: string;
8
+ created_at: number;
9
+ }
10
+
11
+ export interface OAuthAuthorizationRequest {
12
+ client_id: string;
13
+ redirect_uri: string;
14
+ response_type: string;
15
+ state?: string;
16
+ code_challenge: string;
17
+ code_challenge_method: string;
18
+ scope?: string;
19
+ }
20
+
21
+ export interface OAuthTokenRequest {
22
+ grant_type: string;
23
+ client_id: string;
24
+ code?: string;
25
+ redirect_uri?: string;
26
+ code_verifier?: string;
27
+ refresh_token?: string;
28
+ }
29
+
30
+ export interface OAuthAccessToken {
31
+ access_token: string;
32
+ token_type: 'Bearer';
33
+ expires_in: number;
34
+ refresh_token?: string;
35
+ scope?: string;
36
+ userKey: string;
37
+ }
38
+
39
+ export interface OAuthError {
40
+ error: string;
41
+ error_description?: string;
42
+ error_uri?: string;
43
+ }
44
+
45
+ export interface OAuthAuthorizationServerMetadata {
46
+ issuer: string;
47
+ authorization_endpoint: string;
48
+ token_endpoint: string;
49
+ registration_endpoint: string;
50
+ response_types_supported: string[];
51
+ grant_types_supported: string[];
52
+ token_endpoint_auth_methods_supported: string[];
53
+ code_challenge_methods_supported: string[];
54
+ scopes_supported?: string[];
55
+ }
@@ -0,0 +1,56 @@
1
+ import type {
2
+ OAuthAuthorizationRequest,
3
+ OAuthClient,
4
+ OAuthError,
5
+ OAuthTokenRequest,
6
+ } from './types';
7
+ export class OAuthValidators {
8
+ public static validateAuthorizationRequest(
9
+ params: OAuthAuthorizationRequest,
10
+ client: OAuthClient | undefined,
11
+ ): OAuthError | null {
12
+ if (!client) {
13
+ return { error: 'invalid_client', error_description: 'Client not found' };
14
+ }
15
+ if (!client.redirect_uris.includes(params.redirect_uri)) {
16
+ return { error: 'invalid_request', error_description: 'Invalid redirect_uri' };
17
+ }
18
+ if (params.response_type !== 'code') {
19
+ return { error: 'unsupported_response_type' };
20
+ }
21
+ if (!params.code_challenge || params.code_challenge_method !== 'S256') {
22
+ return { error: 'invalid_request', error_description: 'PKCE required' };
23
+ }
24
+ return null;
25
+ }
26
+
27
+ public static validateTokenRequest(params: OAuthTokenRequest): OAuthError | null {
28
+ if (params.grant_type !== 'authorization_code') {
29
+ return { error: 'unsupported_grant_type' };
30
+ }
31
+ if (!params.code || !params.code_verifier) {
32
+ return { error: 'invalid_request', error_description: 'Missing code or code_verifier' };
33
+ }
34
+ return null;
35
+ }
36
+
37
+ public static validateClientRegistration(redirect_uris: unknown): string | null {
38
+ if (!redirect_uris || !Array.isArray(redirect_uris)) {
39
+ return 'redirect_uris is required and must be an array';
40
+ }
41
+ if (redirect_uris.length === 0) {
42
+ return 'redirect_uris must contain at least one URI';
43
+ }
44
+ for (const uri of redirect_uris) {
45
+ if (typeof uri !== 'string') {
46
+ return 'All redirect_uris must be strings';
47
+ }
48
+ try {
49
+ new URL(uri);
50
+ } catch {
51
+ return `Invalid redirect_uri: ${uri}`;
52
+ }
53
+ }
54
+ return null;
55
+ }
56
+ }
@@ -0,0 +1,2 @@
1
+ export * from './session-context';
2
+ export * from './token-refresh-scheduler';