mcp-creatio 0.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.dockerignore +12 -0
- package/.editorconfig +14 -0
- package/.eslintrc.cjs +18 -0
- package/.gitattributes +8 -0
- package/.github/workflows/docker-publish.yml +50 -0
- package/.prettierignore +3 -0
- package/.prettierrc +9 -0
- package/.vscode/launch.json +23 -0
- package/.vscode/mcp.json +13 -0
- package/.vscode/settings.json +16 -0
- package/Agent.md +187 -0
- package/Debug.md +32 -0
- package/Dockerfile +23 -0
- package/LICENSE +21 -0
- package/README.md +162 -0
- package/dist/cli.d.ts +3 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +135 -0
- package/dist/cli.js.map +1 -0
- package/dist/config-builder.d.ts +3 -0
- package/dist/config-builder.d.ts.map +1 -0
- package/dist/config-builder.js +66 -0
- package/dist/config-builder.js.map +1 -0
- package/dist/consts.d.ts +2 -0
- package/dist/consts.d.ts.map +1 -0
- package/dist/consts.js +6 -0
- package/dist/consts.js.map +1 -0
- package/dist/creatio/auth/auth-manager.d.ts +9 -0
- package/dist/creatio/auth/auth-manager.d.ts.map +1 -0
- package/dist/creatio/auth/auth-manager.js +29 -0
- package/dist/creatio/auth/auth-manager.js.map +1 -0
- package/dist/creatio/auth/auth.d.ts +16 -0
- package/dist/creatio/auth/auth.d.ts.map +1 -0
- package/dist/creatio/auth/auth.js +20 -0
- package/dist/creatio/auth/auth.js.map +1 -0
- package/dist/creatio/auth/index.d.ts +4 -0
- package/dist/creatio/auth/index.d.ts.map +1 -0
- package/dist/creatio/auth/index.js +21 -0
- package/dist/creatio/auth/index.js.map +1 -0
- package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +17 -0
- package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -0
- package/dist/creatio/auth/providers/base-oauth2-provider.js +49 -0
- package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -0
- package/dist/creatio/auth/providers/base-provider.d.ts +15 -0
- package/dist/creatio/auth/providers/base-provider.d.ts.map +1 -0
- package/dist/creatio/auth/providers/base-provider.js +32 -0
- package/dist/creatio/auth/providers/base-provider.js.map +1 -0
- package/dist/creatio/auth/providers/index.d.ts +5 -0
- package/dist/creatio/auth/providers/index.d.ts.map +1 -0
- package/dist/creatio/auth/providers/index.js +21 -0
- package/dist/creatio/auth/providers/index.js.map +1 -0
- package/dist/creatio/auth/providers/legacy-provider.d.ts +10 -0
- package/dist/creatio/auth/providers/legacy-provider.d.ts.map +1 -0
- package/dist/creatio/auth/providers/legacy-provider.js +73 -0
- package/dist/creatio/auth/providers/legacy-provider.js.map +1 -0
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +18 -0
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +1 -0
- package/dist/creatio/auth/providers/oauth2-code-provider.js +245 -0
- package/dist/creatio/auth/providers/oauth2-code-provider.js.map +1 -0
- package/dist/creatio/auth/providers/oauth2-provider.d.ts +9 -0
- package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -0
- package/dist/creatio/auth/providers/oauth2-provider.js +86 -0
- package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -0
- package/dist/creatio/auth/providers/type.d.ts +6 -0
- package/dist/creatio/auth/providers/type.d.ts.map +1 -0
- package/dist/creatio/auth/providers/type.js +10 -0
- package/dist/creatio/auth/providers/type.js.map +1 -0
- package/dist/creatio/client-config.d.ts +29 -0
- package/dist/creatio/client-config.d.ts.map +1 -0
- package/dist/creatio/client-config.js +3 -0
- package/dist/creatio/client-config.js.map +1 -0
- package/dist/creatio/engines/crud/crud-engine.d.ts +15 -0
- package/dist/creatio/engines/crud/crud-engine.d.ts.map +1 -0
- package/dist/creatio/engines/crud/crud-engine.js +33 -0
- package/dist/creatio/engines/crud/crud-engine.js.map +1 -0
- package/dist/creatio/engines/engine-manager.d.ts +33 -0
- package/dist/creatio/engines/engine-manager.d.ts.map +1 -0
- package/dist/creatio/engines/engine-manager.js +54 -0
- package/dist/creatio/engines/engine-manager.js.map +1 -0
- package/dist/creatio/engines/engine-registry.d.ts +15 -0
- package/dist/creatio/engines/engine-registry.d.ts.map +1 -0
- package/dist/creatio/engines/engine-registry.js +35 -0
- package/dist/creatio/engines/engine-registry.js.map +1 -0
- package/dist/creatio/engines/engine.d.ts +4 -0
- package/dist/creatio/engines/engine.d.ts.map +1 -0
- package/dist/creatio/engines/engine.js +3 -0
- package/dist/creatio/engines/engine.js.map +1 -0
- package/dist/creatio/engines/index.d.ts +8 -0
- package/dist/creatio/engines/index.d.ts.map +1 -0
- package/dist/creatio/engines/index.js +24 -0
- package/dist/creatio/engines/index.js.map +1 -0
- package/dist/creatio/engines/process/process-engine.d.ts +10 -0
- package/dist/creatio/engines/process/process-engine.d.ts.map +1 -0
- package/dist/creatio/engines/process/process-engine.js +18 -0
- package/dist/creatio/engines/process/process-engine.js.map +1 -0
- package/dist/creatio/engines/sys-settings/sys-settings-engine.d.ts +13 -0
- package/dist/creatio/engines/sys-settings/sys-settings-engine.d.ts.map +1 -0
- package/dist/creatio/engines/sys-settings/sys-settings-engine.js +27 -0
- package/dist/creatio/engines/sys-settings/sys-settings-engine.js.map +1 -0
- package/dist/creatio/engines/user/user-engine.d.ts +10 -0
- package/dist/creatio/engines/user/user-engine.d.ts.map +1 -0
- package/dist/creatio/engines/user/user-engine.js +18 -0
- package/dist/creatio/engines/user/user-engine.js.map +1 -0
- package/dist/creatio/index.d.ts +7 -0
- package/dist/creatio/index.d.ts.map +1 -0
- package/dist/creatio/index.js +23 -0
- package/dist/creatio/index.js.map +1 -0
- package/dist/creatio/provider-context.d.ts +10 -0
- package/dist/creatio/provider-context.d.ts.map +1 -0
- package/dist/creatio/provider-context.js +3 -0
- package/dist/creatio/provider-context.js.map +1 -0
- package/dist/creatio/providers/crud-provider.d.ts +40 -0
- package/dist/creatio/providers/crud-provider.d.ts.map +1 -0
- package/dist/creatio/providers/crud-provider.js +3 -0
- package/dist/creatio/providers/crud-provider.js.map +1 -0
- package/dist/creatio/providers/index.d.ts +5 -0
- package/dist/creatio/providers/index.d.ts.map +1 -0
- package/dist/creatio/providers/index.js +21 -0
- package/dist/creatio/providers/index.js.map +1 -0
- package/dist/creatio/providers/process-provider.d.ts +14 -0
- package/dist/creatio/providers/process-provider.d.ts.map +1 -0
- package/dist/creatio/providers/process-provider.js +3 -0
- package/dist/creatio/providers/process-provider.js.map +1 -0
- package/dist/creatio/providers/sys-settings-provider.d.ts +58 -0
- package/dist/creatio/providers/sys-settings-provider.d.ts.map +1 -0
- package/dist/creatio/providers/sys-settings-provider.js +3 -0
- package/dist/creatio/providers/sys-settings-provider.js.map +1 -0
- package/dist/creatio/providers/user-provider.d.ts +12 -0
- package/dist/creatio/providers/user-provider.d.ts.map +1 -0
- package/dist/creatio/providers/user-provider.js +3 -0
- package/dist/creatio/providers/user-provider.js.map +1 -0
- package/dist/creatio/services/creatio-service-context.d.ts +17 -0
- package/dist/creatio/services/creatio-service-context.d.ts.map +1 -0
- package/dist/creatio/services/creatio-service-context.js +35 -0
- package/dist/creatio/services/creatio-service-context.js.map +1 -0
- package/dist/creatio/services/http-client.d.ts +29 -0
- package/dist/creatio/services/http-client.d.ts.map +1 -0
- package/dist/creatio/services/http-client.js +136 -0
- package/dist/creatio/services/http-client.js.map +1 -0
- package/dist/creatio/services/index.d.ts +8 -0
- package/dist/creatio/services/index.d.ts.map +1 -0
- package/dist/creatio/services/index.js +24 -0
- package/dist/creatio/services/index.js.map +1 -0
- package/dist/creatio/services/metadata-store.d.ts +20 -0
- package/dist/creatio/services/metadata-store.d.ts.map +1 -0
- package/dist/creatio/services/metadata-store.js +162 -0
- package/dist/creatio/services/metadata-store.js.map +1 -0
- package/dist/creatio/services/odata-crud-provider.d.ts +21 -0
- package/dist/creatio/services/odata-crud-provider.d.ts.map +1 -0
- package/dist/creatio/services/odata-crud-provider.js +145 -0
- package/dist/creatio/services/odata-crud-provider.js.map +1 -0
- package/dist/creatio/services/process-service-provider.d.ts +11 -0
- package/dist/creatio/services/process-service-provider.d.ts.map +1 -0
- package/dist/creatio/services/process-service-provider.js +52 -0
- package/dist/creatio/services/process-service-provider.js.map +1 -0
- package/dist/creatio/services/sys-settings-service-provider.d.ts +19 -0
- package/dist/creatio/services/sys-settings-service-provider.d.ts.map +1 -0
- package/dist/creatio/services/sys-settings-service-provider.js +107 -0
- package/dist/creatio/services/sys-settings-service-provider.js.map +1 -0
- package/dist/creatio/services/user-info-provider.d.ts +10 -0
- package/dist/creatio/services/user-info-provider.d.ts.map +1 -0
- package/dist/creatio/services/user-info-provider.js +26 -0
- package/dist/creatio/services/user-info-provider.js.map +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +46 -0
- package/dist/index.js.map +1 -0
- package/dist/log.d.ts +51 -0
- package/dist/log.d.ts.map +1 -0
- package/dist/log.js +137 -0
- package/dist/log.js.map +1 -0
- package/dist/server/http/creatio-oauth-handlers.d.ts +14 -0
- package/dist/server/http/creatio-oauth-handlers.d.ts.map +1 -0
- package/dist/server/http/creatio-oauth-handlers.js +137 -0
- package/dist/server/http/creatio-oauth-handlers.js.map +1 -0
- package/dist/server/http/httpServer.d.ts +23 -0
- package/dist/server/http/httpServer.d.ts.map +1 -0
- package/dist/server/http/httpServer.js +131 -0
- package/dist/server/http/httpServer.js.map +1 -0
- package/dist/server/http/index.d.ts +6 -0
- package/dist/server/http/index.d.ts.map +1 -0
- package/dist/server/http/index.js +22 -0
- package/dist/server/http/index.js.map +1 -0
- package/dist/server/http/mcp-handlers.d.ts +10 -0
- package/dist/server/http/mcp-handlers.d.ts.map +1 -0
- package/dist/server/http/mcp-handlers.js +82 -0
- package/dist/server/http/mcp-handlers.js.map +1 -0
- package/dist/server/http/mcp-oauth-handlers.d.ts +11 -0
- package/dist/server/http/mcp-oauth-handlers.d.ts.map +1 -0
- package/dist/server/http/mcp-oauth-handlers.js +106 -0
- package/dist/server/http/mcp-oauth-handlers.js.map +1 -0
- package/dist/server/http/middleware.d.ts +11 -0
- package/dist/server/http/middleware.d.ts.map +1 -0
- package/dist/server/http/middleware.js +88 -0
- package/dist/server/http/middleware.js.map +1 -0
- package/dist/server/index.d.ts +3 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +19 -0
- package/dist/server/index.js.map +1 -0
- package/dist/server/mcp/filters.d.ts +2 -0
- package/dist/server/mcp/filters.d.ts.map +1 -0
- package/dist/server/mcp/filters.js +94 -0
- package/dist/server/mcp/filters.js.map +1 -0
- package/dist/server/mcp/index.d.ts +2 -0
- package/dist/server/mcp/index.d.ts.map +1 -0
- package/dist/server/mcp/index.js +18 -0
- package/dist/server/mcp/index.js.map +1 -0
- package/dist/server/mcp/prompts-data.d.ts +147 -0
- package/dist/server/mcp/prompts-data.d.ts.map +1 -0
- package/dist/server/mcp/prompts-data.js +884 -0
- package/dist/server/mcp/prompts-data.js.map +1 -0
- package/dist/server/mcp/server.d.ts +25 -0
- package/dist/server/mcp/server.d.ts.map +1 -0
- package/dist/server/mcp/server.js +233 -0
- package/dist/server/mcp/server.js.map +1 -0
- package/dist/server/mcp/tools-data.d.ts +165 -0
- package/dist/server/mcp/tools-data.d.ts.map +1 -0
- package/dist/server/mcp/tools-data.js +466 -0
- package/dist/server/mcp/tools-data.js.map +1 -0
- package/dist/server/oauth/client-manager.d.ts +6 -0
- package/dist/server/oauth/client-manager.d.ts.map +1 -0
- package/dist/server/oauth/client-manager.js +52 -0
- package/dist/server/oauth/client-manager.js.map +1 -0
- package/dist/server/oauth/index.d.ts +7 -0
- package/dist/server/oauth/index.d.ts.map +1 -0
- package/dist/server/oauth/index.js +23 -0
- package/dist/server/oauth/index.js.map +1 -0
- package/dist/server/oauth/oauth-server.d.ts +21 -0
- package/dist/server/oauth/oauth-server.d.ts.map +1 -0
- package/dist/server/oauth/oauth-server.js +146 -0
- package/dist/server/oauth/oauth-server.js.map +1 -0
- package/dist/server/oauth/storage.d.ts +31 -0
- package/dist/server/oauth/storage.d.ts.map +1 -0
- package/dist/server/oauth/storage.js +73 -0
- package/dist/server/oauth/storage.js.map +1 -0
- package/dist/server/oauth/token-manager.d.ts +13 -0
- package/dist/server/oauth/token-manager.d.ts.map +1 -0
- package/dist/server/oauth/token-manager.js +69 -0
- package/dist/server/oauth/token-manager.js.map +1 -0
- package/dist/server/oauth/types.d.ts +51 -0
- package/dist/server/oauth/types.d.ts.map +1 -0
- package/dist/server/oauth/types.js +3 -0
- package/dist/server/oauth/types.js.map +1 -0
- package/dist/server/oauth/validators.d.ts +7 -0
- package/dist/server/oauth/validators.d.ts.map +1 -0
- package/dist/server/oauth/validators.js +51 -0
- package/dist/server/oauth/validators.js.map +1 -0
- package/dist/services/index.d.ts +3 -0
- package/dist/services/index.d.ts.map +1 -0
- package/dist/services/index.js +19 -0
- package/dist/services/index.js.map +1 -0
- package/dist/services/session-context.d.ts +57 -0
- package/dist/services/session-context.d.ts.map +1 -0
- package/dist/services/session-context.js +182 -0
- package/dist/services/session-context.js.map +1 -0
- package/dist/services/token-refresh-scheduler.d.ts +16 -0
- package/dist/services/token-refresh-scheduler.d.ts.map +1 -0
- package/dist/services/token-refresh-scheduler.js +66 -0
- package/dist/services/token-refresh-scheduler.js.map +1 -0
- package/dist/types/index.d.ts +2 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +18 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/network.d.ts +7 -0
- package/dist/types/network.d.ts.map +1 -0
- package/dist/types/network.js +6 -0
- package/dist/types/network.js.map +1 -0
- package/dist/utils/context.d.ts +10 -0
- package/dist/utils/context.d.ts.map +1 -0
- package/dist/utils/context.js +44 -0
- package/dist/utils/context.js.map +1 -0
- package/dist/utils/env.d.ts +3 -0
- package/dist/utils/env.d.ts.map +1 -0
- package/dist/utils/env.js +16 -0
- package/dist/utils/env.js.map +1 -0
- package/dist/utils/index.d.ts +6 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +22 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/mcp.d.ts +3 -0
- package/dist/utils/mcp.d.ts.map +1 -0
- package/dist/utils/mcp.js +7 -0
- package/dist/utils/mcp.js.map +1 -0
- package/dist/utils/network.d.ts +7 -0
- package/dist/utils/network.d.ts.map +1 -0
- package/dist/utils/network.js +63 -0
- package/dist/utils/network.js.map +1 -0
- package/dist/utils/pkce.d.ts +7 -0
- package/dist/utils/pkce.d.ts.map +1 -0
- package/dist/utils/pkce.js +43 -0
- package/dist/utils/pkce.js.map +1 -0
- package/dist/version.d.ts +3 -0
- package/dist/version.d.ts.map +1 -0
- package/dist/version.js +10 -0
- package/dist/version.js.map +1 -0
- package/docs/coding-style.md +30 -0
- package/ecosystem.config.json +17 -0
- package/eslint.config.cjs +95 -0
- package/package.json +54 -0
- package/src/cli.ts +158 -0
- package/src/config-builder.ts +76 -0
- package/src/consts.ts +3 -0
- package/src/creatio/auth/auth-manager.ts +27 -0
- package/src/creatio/auth/auth.ts +31 -0
- package/src/creatio/auth/index.ts +3 -0
- package/src/creatio/auth/providers/base-oauth2-provider.ts +62 -0
- package/src/creatio/auth/providers/base-provider.ts +42 -0
- package/src/creatio/auth/providers/index.ts +4 -0
- package/src/creatio/auth/providers/legacy-provider.ts +70 -0
- package/src/creatio/auth/providers/oauth2-code-provider.ts +252 -0
- package/src/creatio/auth/providers/oauth2-provider.ts +91 -0
- package/src/creatio/auth/providers/type.ts +5 -0
- package/src/creatio/client-config.ts +34 -0
- package/src/creatio/engines/crud/crud-engine.ts +47 -0
- package/src/creatio/engines/engine-manager.ts +102 -0
- package/src/creatio/engines/engine-registry.ts +36 -0
- package/src/creatio/engines/engine.ts +3 -0
- package/src/creatio/engines/index.ts +7 -0
- package/src/creatio/engines/process/process-engine.ts +20 -0
- package/src/creatio/engines/sys-settings/sys-settings-engine.ts +41 -0
- package/src/creatio/engines/user/user-engine.ts +20 -0
- package/src/creatio/index.ts +6 -0
- package/src/creatio/provider-context.ts +10 -0
- package/src/creatio/providers/crud-provider.ts +45 -0
- package/src/creatio/providers/index.ts +4 -0
- package/src/creatio/providers/process-provider.ts +15 -0
- package/src/creatio/providers/sys-settings-provider.ts +63 -0
- package/src/creatio/providers/user-provider.ts +12 -0
- package/src/creatio/services/creatio-service-context.ts +38 -0
- package/src/creatio/services/http-client.ts +174 -0
- package/src/creatio/services/index.ts +7 -0
- package/src/creatio/services/metadata-store.ts +181 -0
- package/src/creatio/services/odata-crud-provider.ts +210 -0
- package/src/creatio/services/process-service-provider.ts +76 -0
- package/src/creatio/services/sys-settings-service-provider.ts +192 -0
- package/src/creatio/services/user-info-provider.ts +41 -0
- package/src/index.ts +44 -0
- package/src/log.ts +141 -0
- package/src/server/http/creatio-oauth-handlers.ts +146 -0
- package/src/server/http/httpServer.ts +150 -0
- package/src/server/http/index.ts +5 -0
- package/src/server/http/mcp-handlers.ts +92 -0
- package/src/server/http/mcp-oauth-handlers.ts +108 -0
- package/src/server/http/middleware.ts +91 -0
- package/src/server/index.ts +2 -0
- package/src/server/mcp/filters.ts +97 -0
- package/src/server/mcp/index.ts +1 -0
- package/src/server/mcp/prompts-data.ts +896 -0
- package/src/server/mcp/server.ts +331 -0
- package/src/server/mcp/tools-data.ts +592 -0
- package/src/server/oauth/client-manager.ts +47 -0
- package/src/server/oauth/index.ts +6 -0
- package/src/server/oauth/oauth-server.ts +185 -0
- package/src/server/oauth/storage.ts +106 -0
- package/src/server/oauth/token-manager.ts +80 -0
- package/src/server/oauth/types.ts +55 -0
- package/src/server/oauth/validators.ts +56 -0
- package/src/services/index.ts +2 -0
- package/src/services/session-context.ts +232 -0
- package/src/services/token-refresh-scheduler.ts +68 -0
- package/src/types/index.ts +1 -0
- package/src/types/network.ts +7 -0
- package/src/utils/context.ts +49 -0
- package/src/utils/env.ts +12 -0
- package/src/utils/index.ts +5 -0
- package/src/utils/mcp.ts +8 -0
- package/src/utils/network.ts +65 -0
- package/src/utils/pkce.ts +39 -0
- package/src/version.ts +15 -0
- package/tsconfig.json +28 -0
|
@@ -0,0 +1,185 @@
|
|
|
1
|
+
import crypto from 'crypto';
|
|
2
|
+
|
|
3
|
+
import log from '../../log';
|
|
4
|
+
|
|
5
|
+
import { OAuthClientManager } from './client-manager';
|
|
6
|
+
import { OAuthStorage } from './storage';
|
|
7
|
+
import { OAuthTokenManager } from './token-manager';
|
|
8
|
+
import { OAuthValidators } from './validators';
|
|
9
|
+
|
|
10
|
+
import type {
|
|
11
|
+
OAuthAccessToken,
|
|
12
|
+
OAuthAuthorizationRequest,
|
|
13
|
+
OAuthAuthorizationServerMetadata,
|
|
14
|
+
OAuthClient,
|
|
15
|
+
OAuthError,
|
|
16
|
+
OAuthTokenRequest,
|
|
17
|
+
} from './types';
|
|
18
|
+
|
|
19
|
+
export class OAuthServer {
|
|
20
|
+
private readonly _jwtSecret: string = crypto.randomBytes(32).toString('hex');
|
|
21
|
+
private readonly _storage = new OAuthStorage();
|
|
22
|
+
private readonly _tokenManager: OAuthTokenManager;
|
|
23
|
+
private readonly _accessTokens = new Map<string, OAuthAccessToken>();
|
|
24
|
+
private _baseUrl: string;
|
|
25
|
+
|
|
26
|
+
constructor(baseUrl: string = 'http://localhost:3000') {
|
|
27
|
+
this._baseUrl = baseUrl;
|
|
28
|
+
this._tokenManager = new OAuthTokenManager(this._jwtSecret);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
private _autoRegisterClientIfNeeded(client_id: string, redirect_uri: string): boolean {
|
|
32
|
+
if (this._storage.hasClient(client_id)) {
|
|
33
|
+
return false;
|
|
34
|
+
}
|
|
35
|
+
const client = OAuthClientManager.autoRegisterClient(client_id, redirect_uri);
|
|
36
|
+
this._storage.addClient(client);
|
|
37
|
+
return true;
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
public getAuthorizationServerMetadata(): OAuthAuthorizationServerMetadata {
|
|
41
|
+
return {
|
|
42
|
+
issuer: this._baseUrl,
|
|
43
|
+
authorization_endpoint: `${this._baseUrl}/authorize`,
|
|
44
|
+
token_endpoint: `${this._baseUrl}/token`,
|
|
45
|
+
registration_endpoint: `${this._baseUrl}/register`,
|
|
46
|
+
response_types_supported: ['code'],
|
|
47
|
+
grant_types_supported: ['authorization_code'],
|
|
48
|
+
token_endpoint_auth_methods_supported: ['none', 'client_secret_post'],
|
|
49
|
+
code_challenge_methods_supported: ['S256'],
|
|
50
|
+
scopes_supported: ['openid'],
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
public registerClient(redirect_uris: string[]): OAuthClient {
|
|
55
|
+
const client = OAuthClientManager.createClient(redirect_uris);
|
|
56
|
+
this._storage.addClient(client);
|
|
57
|
+
return client;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
public validateAuthorizationRequest(params: OAuthAuthorizationRequest): OAuthError | null {
|
|
61
|
+
let client = this._storage.getClient(params.client_id);
|
|
62
|
+
if (!client) {
|
|
63
|
+
const wasRegistered = this._autoRegisterClientIfNeeded(
|
|
64
|
+
params.client_id,
|
|
65
|
+
params.redirect_uri,
|
|
66
|
+
);
|
|
67
|
+
if (wasRegistered) {
|
|
68
|
+
client = this._storage.getClient(params.client_id);
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
return OAuthValidators.validateAuthorizationRequest(params, client);
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
public storeState(state: string, client_id: string): void {
|
|
75
|
+
this._storage.storeState(state, client_id);
|
|
76
|
+
log.info('oauth.state.stored', { state, client_id });
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
public validateState(state: string, client_id: string): boolean {
|
|
80
|
+
log.info('oauth.state.validate_attempt', {
|
|
81
|
+
state,
|
|
82
|
+
client_id,
|
|
83
|
+
storedStates: this._storage.getAllStates(),
|
|
84
|
+
});
|
|
85
|
+
const stateData = this._storage.getState(state);
|
|
86
|
+
if (!stateData) {
|
|
87
|
+
log.warn('oauth.state.not_found', {
|
|
88
|
+
state,
|
|
89
|
+
storedStates: this._storage.getAllStates(),
|
|
90
|
+
});
|
|
91
|
+
return false;
|
|
92
|
+
}
|
|
93
|
+
if (stateData.expires_at < Date.now()) {
|
|
94
|
+
this._storage.deleteState(state);
|
|
95
|
+
log.warn('oauth.state.expired', { state });
|
|
96
|
+
return false;
|
|
97
|
+
}
|
|
98
|
+
if (stateData.client_id !== client_id) {
|
|
99
|
+
log.warn('oauth.state.client_mismatch', {
|
|
100
|
+
state,
|
|
101
|
+
expected: stateData.client_id,
|
|
102
|
+
actual: client_id,
|
|
103
|
+
});
|
|
104
|
+
return false;
|
|
105
|
+
}
|
|
106
|
+
this._storage.deleteState(state);
|
|
107
|
+
log.info('oauth.state.validated_successfully', { state, client_id });
|
|
108
|
+
return true;
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
public generateAuthorizationCode(
|
|
112
|
+
client_id: string,
|
|
113
|
+
redirect_uri: string,
|
|
114
|
+
code_challenge: string,
|
|
115
|
+
code_challenge_method: string,
|
|
116
|
+
userKey: string,
|
|
117
|
+
): string {
|
|
118
|
+
const code = crypto.randomBytes(32).toString('base64url');
|
|
119
|
+
this._storage.storeAuthorizationCode(
|
|
120
|
+
code,
|
|
121
|
+
client_id,
|
|
122
|
+
redirect_uri,
|
|
123
|
+
code_challenge,
|
|
124
|
+
code_challenge_method,
|
|
125
|
+
userKey,
|
|
126
|
+
);
|
|
127
|
+
log.info('oauth.authorization_code.generated', { client_id, userKey });
|
|
128
|
+
return code;
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
public async exchangeCodeForToken(
|
|
132
|
+
params: OAuthTokenRequest,
|
|
133
|
+
): Promise<OAuthAccessToken | OAuthError> {
|
|
134
|
+
log.info('oauth.token.exchange_start', {
|
|
135
|
+
grant_type: params.grant_type,
|
|
136
|
+
code: params.code ? '***' + params.code.slice(-4) : 'missing',
|
|
137
|
+
client_id: params.client_id,
|
|
138
|
+
redirect_uri: params.redirect_uri,
|
|
139
|
+
has_code_verifier: !!params.code_verifier,
|
|
140
|
+
stored_codes: this._storage.getAllStoredCodes().map((k) => '***' + k.slice(-4)),
|
|
141
|
+
});
|
|
142
|
+
const validationError = OAuthValidators.validateTokenRequest(params);
|
|
143
|
+
if (validationError) {
|
|
144
|
+
return validationError;
|
|
145
|
+
}
|
|
146
|
+
const authCode = this._storage.getAuthorizationCode(params.code!);
|
|
147
|
+
if (!authCode) {
|
|
148
|
+
log.error('oauth.token.code_not_found', {
|
|
149
|
+
code: '***' + params.code!.slice(-4),
|
|
150
|
+
stored_codes: this._storage.getAllStoredCodes().map((k) => '***' + k.slice(-4)),
|
|
151
|
+
});
|
|
152
|
+
return { error: 'invalid_grant', error_description: 'Invalid authorization code' };
|
|
153
|
+
}
|
|
154
|
+
const codeValidationError = this._tokenManager.validateAuthCodeData(authCode, params);
|
|
155
|
+
if (codeValidationError) {
|
|
156
|
+
if (
|
|
157
|
+
codeValidationError.error === 'invalid_grant' &&
|
|
158
|
+
codeValidationError.error_description === 'Authorization code expired'
|
|
159
|
+
) {
|
|
160
|
+
this._storage.deleteAuthorizationCode(params.code!);
|
|
161
|
+
}
|
|
162
|
+
return codeValidationError;
|
|
163
|
+
}
|
|
164
|
+
const tokenResponse = this._tokenManager.createTokenResponse(
|
|
165
|
+
authCode.userKey,
|
|
166
|
+
params.client_id,
|
|
167
|
+
);
|
|
168
|
+
this._accessTokens.set(tokenResponse.access_token, tokenResponse);
|
|
169
|
+
this._storage.deleteAuthorizationCode(params.code!);
|
|
170
|
+
log.info('oauth.token.issued', { client_id: params.client_id, userKey: authCode.userKey });
|
|
171
|
+
return tokenResponse;
|
|
172
|
+
}
|
|
173
|
+
|
|
174
|
+
public validateAccessToken(token: string): string | null {
|
|
175
|
+
return this._tokenManager.validateAccessToken(token);
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
public getClient(client_id: string): OAuthClient | undefined {
|
|
179
|
+
return this._storage.getClient(client_id);
|
|
180
|
+
}
|
|
181
|
+
|
|
182
|
+
public cleanup(): void {
|
|
183
|
+
this._storage.cleanup();
|
|
184
|
+
}
|
|
185
|
+
}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
import log from '../../log';
|
|
2
|
+
|
|
3
|
+
import type { OAuthClient } from './types';
|
|
4
|
+
|
|
5
|
+
export interface AuthorizationCodeData {
|
|
6
|
+
client_id: string;
|
|
7
|
+
redirect_uri: string;
|
|
8
|
+
code_challenge: string;
|
|
9
|
+
code_challenge_method: string;
|
|
10
|
+
userKey: string;
|
|
11
|
+
expires_at: number;
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
export interface StateData {
|
|
15
|
+
client_id: string;
|
|
16
|
+
expires_at: number;
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
export class OAuthStorage {
|
|
20
|
+
private readonly _clients = new Map<string, OAuthClient>();
|
|
21
|
+
private readonly _authorizationCodes = new Map<string, AuthorizationCodeData>();
|
|
22
|
+
private readonly _authorizationStates = new Map<string, StateData>();
|
|
23
|
+
|
|
24
|
+
public addClient(client: OAuthClient): void {
|
|
25
|
+
this._clients.set(client.client_id, client);
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
public getClient(client_id: string): OAuthClient | undefined {
|
|
29
|
+
return this._clients.get(client_id);
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
public hasClient(client_id: string): boolean {
|
|
33
|
+
return this._clients.has(client_id);
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
public storeAuthorizationCode(
|
|
37
|
+
code: string,
|
|
38
|
+
client_id: string,
|
|
39
|
+
redirect_uri: string,
|
|
40
|
+
code_challenge: string,
|
|
41
|
+
code_challenge_method: string,
|
|
42
|
+
userKey: string,
|
|
43
|
+
expiresInMs: number = 10 * 60 * 1000,
|
|
44
|
+
): void {
|
|
45
|
+
const expires_at = Date.now() + expiresInMs;
|
|
46
|
+
this._authorizationCodes.set(code, {
|
|
47
|
+
client_id,
|
|
48
|
+
redirect_uri,
|
|
49
|
+
code_challenge,
|
|
50
|
+
code_challenge_method,
|
|
51
|
+
userKey,
|
|
52
|
+
expires_at,
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
public getAuthorizationCode(code: string): AuthorizationCodeData | undefined {
|
|
57
|
+
return this._authorizationCodes.get(code);
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
public deleteAuthorizationCode(code: string): void {
|
|
61
|
+
this._authorizationCodes.delete(code);
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
public storeState(
|
|
65
|
+
state: string,
|
|
66
|
+
client_id: string,
|
|
67
|
+
expiresInMs: number = 30 * 60 * 1000,
|
|
68
|
+
): void {
|
|
69
|
+
const expires_at = Date.now() + expiresInMs;
|
|
70
|
+
this._authorizationStates.set(state, { client_id, expires_at });
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
public getState(state: string): StateData | undefined {
|
|
74
|
+
return this._authorizationStates.get(state);
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
public deleteState(state: string): void {
|
|
78
|
+
this._authorizationStates.delete(state);
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
public getAllStates(): string[] {
|
|
82
|
+
return Array.from(this._authorizationStates.keys());
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
public getAllStoredCodes(): string[] {
|
|
86
|
+
return Array.from(this._authorizationCodes.keys());
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
public cleanup(): void {
|
|
90
|
+
const now = Date.now();
|
|
91
|
+
for (const [code, data] of this._authorizationCodes.entries()) {
|
|
92
|
+
if (now > data.expires_at) {
|
|
93
|
+
this._authorizationCodes.delete(code);
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
for (const [state, data] of this._authorizationStates.entries()) {
|
|
97
|
+
if (now > data.expires_at) {
|
|
98
|
+
this._authorizationStates.delete(state);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
log.info('oauth.storage.cleanup.completed', {
|
|
102
|
+
remaining_codes: this._authorizationCodes.size,
|
|
103
|
+
remaining_states: this._authorizationStates.size,
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
import crypto from 'crypto';
|
|
2
|
+
|
|
3
|
+
import jwt from 'jsonwebtoken';
|
|
4
|
+
|
|
5
|
+
import log from '../../log';
|
|
6
|
+
|
|
7
|
+
import type { AuthorizationCodeData } from './storage';
|
|
8
|
+
import type { OAuthAccessToken, OAuthError, OAuthTokenRequest } from './types';
|
|
9
|
+
|
|
10
|
+
export class OAuthTokenManager {
|
|
11
|
+
private readonly _jwtSecret: string;
|
|
12
|
+
|
|
13
|
+
constructor(jwtSecret: string) {
|
|
14
|
+
this._jwtSecret = jwtSecret;
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
public generateAccessToken(userKey: string, client_id: string): string {
|
|
18
|
+
return jwt.sign({ userKey, client_id }, this._jwtSecret, { expiresIn: '1h' });
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
public generateRefreshToken(): string {
|
|
22
|
+
return crypto.randomBytes(32).toString('base64url');
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
public validateAccessToken(token: string): string | null {
|
|
26
|
+
try {
|
|
27
|
+
const decoded = jwt.verify(token, this._jwtSecret) as any;
|
|
28
|
+
return decoded.userKey || null;
|
|
29
|
+
} catch (error) {
|
|
30
|
+
log.warn('oauth.token.invalid', { error: String(error) });
|
|
31
|
+
return null;
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
public createTokenResponse(
|
|
36
|
+
userKey: string,
|
|
37
|
+
client_id: string,
|
|
38
|
+
refresh_token_required: boolean = true,
|
|
39
|
+
): OAuthAccessToken {
|
|
40
|
+
const access_token = this.generateAccessToken(userKey, client_id);
|
|
41
|
+
const expires_in = 3600;
|
|
42
|
+
const tokenResponse: OAuthAccessToken = {
|
|
43
|
+
access_token,
|
|
44
|
+
token_type: 'Bearer',
|
|
45
|
+
expires_in,
|
|
46
|
+
userKey,
|
|
47
|
+
};
|
|
48
|
+
if (refresh_token_required) {
|
|
49
|
+
tokenResponse.refresh_token = this.generateRefreshToken();
|
|
50
|
+
}
|
|
51
|
+
return tokenResponse;
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
public verifyPKCE(code_verifier: string, code_challenge: string): boolean {
|
|
55
|
+
const hash = crypto.createHash('sha256').update(code_verifier).digest('base64url');
|
|
56
|
+
return hash === code_challenge;
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
public validateAuthCodeData(
|
|
60
|
+
authCode: AuthorizationCodeData,
|
|
61
|
+
params: OAuthTokenRequest,
|
|
62
|
+
): OAuthError | null {
|
|
63
|
+
if (Date.now() > authCode.expires_at) {
|
|
64
|
+
return { error: 'invalid_grant', error_description: 'Authorization code expired' };
|
|
65
|
+
}
|
|
66
|
+
if (authCode.client_id !== params.client_id) {
|
|
67
|
+
return { error: 'invalid_grant', error_description: 'Client mismatch' };
|
|
68
|
+
}
|
|
69
|
+
if (authCode.redirect_uri !== params.redirect_uri) {
|
|
70
|
+
return { error: 'invalid_grant', error_description: 'Redirect URI mismatch' };
|
|
71
|
+
}
|
|
72
|
+
if (!params.code_verifier) {
|
|
73
|
+
return { error: 'invalid_request', error_description: 'Missing code_verifier' };
|
|
74
|
+
}
|
|
75
|
+
if (!this.verifyPKCE(params.code_verifier, authCode.code_challenge)) {
|
|
76
|
+
return { error: 'invalid_grant', error_description: 'PKCE verification failed' };
|
|
77
|
+
}
|
|
78
|
+
return null;
|
|
79
|
+
}
|
|
80
|
+
}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
export interface OAuthClient {
|
|
2
|
+
client_id: string;
|
|
3
|
+
client_secret?: string;
|
|
4
|
+
redirect_uris: string[];
|
|
5
|
+
grant_types: string[];
|
|
6
|
+
response_types?: string[];
|
|
7
|
+
token_endpoint_auth_method?: string;
|
|
8
|
+
created_at: number;
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
export interface OAuthAuthorizationRequest {
|
|
12
|
+
client_id: string;
|
|
13
|
+
redirect_uri: string;
|
|
14
|
+
response_type: string;
|
|
15
|
+
state?: string;
|
|
16
|
+
code_challenge: string;
|
|
17
|
+
code_challenge_method: string;
|
|
18
|
+
scope?: string;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
export interface OAuthTokenRequest {
|
|
22
|
+
grant_type: string;
|
|
23
|
+
client_id: string;
|
|
24
|
+
code?: string;
|
|
25
|
+
redirect_uri?: string;
|
|
26
|
+
code_verifier?: string;
|
|
27
|
+
refresh_token?: string;
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
export interface OAuthAccessToken {
|
|
31
|
+
access_token: string;
|
|
32
|
+
token_type: 'Bearer';
|
|
33
|
+
expires_in: number;
|
|
34
|
+
refresh_token?: string;
|
|
35
|
+
scope?: string;
|
|
36
|
+
userKey: string;
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
export interface OAuthError {
|
|
40
|
+
error: string;
|
|
41
|
+
error_description?: string;
|
|
42
|
+
error_uri?: string;
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
export interface OAuthAuthorizationServerMetadata {
|
|
46
|
+
issuer: string;
|
|
47
|
+
authorization_endpoint: string;
|
|
48
|
+
token_endpoint: string;
|
|
49
|
+
registration_endpoint: string;
|
|
50
|
+
response_types_supported: string[];
|
|
51
|
+
grant_types_supported: string[];
|
|
52
|
+
token_endpoint_auth_methods_supported: string[];
|
|
53
|
+
code_challenge_methods_supported: string[];
|
|
54
|
+
scopes_supported?: string[];
|
|
55
|
+
}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import type {
|
|
2
|
+
OAuthAuthorizationRequest,
|
|
3
|
+
OAuthClient,
|
|
4
|
+
OAuthError,
|
|
5
|
+
OAuthTokenRequest,
|
|
6
|
+
} from './types';
|
|
7
|
+
export class OAuthValidators {
|
|
8
|
+
public static validateAuthorizationRequest(
|
|
9
|
+
params: OAuthAuthorizationRequest,
|
|
10
|
+
client: OAuthClient | undefined,
|
|
11
|
+
): OAuthError | null {
|
|
12
|
+
if (!client) {
|
|
13
|
+
return { error: 'invalid_client', error_description: 'Client not found' };
|
|
14
|
+
}
|
|
15
|
+
if (!client.redirect_uris.includes(params.redirect_uri)) {
|
|
16
|
+
return { error: 'invalid_request', error_description: 'Invalid redirect_uri' };
|
|
17
|
+
}
|
|
18
|
+
if (params.response_type !== 'code') {
|
|
19
|
+
return { error: 'unsupported_response_type' };
|
|
20
|
+
}
|
|
21
|
+
if (!params.code_challenge || params.code_challenge_method !== 'S256') {
|
|
22
|
+
return { error: 'invalid_request', error_description: 'PKCE required' };
|
|
23
|
+
}
|
|
24
|
+
return null;
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
public static validateTokenRequest(params: OAuthTokenRequest): OAuthError | null {
|
|
28
|
+
if (params.grant_type !== 'authorization_code') {
|
|
29
|
+
return { error: 'unsupported_grant_type' };
|
|
30
|
+
}
|
|
31
|
+
if (!params.code || !params.code_verifier) {
|
|
32
|
+
return { error: 'invalid_request', error_description: 'Missing code or code_verifier' };
|
|
33
|
+
}
|
|
34
|
+
return null;
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
public static validateClientRegistration(redirect_uris: unknown): string | null {
|
|
38
|
+
if (!redirect_uris || !Array.isArray(redirect_uris)) {
|
|
39
|
+
return 'redirect_uris is required and must be an array';
|
|
40
|
+
}
|
|
41
|
+
if (redirect_uris.length === 0) {
|
|
42
|
+
return 'redirect_uris must contain at least one URI';
|
|
43
|
+
}
|
|
44
|
+
for (const uri of redirect_uris) {
|
|
45
|
+
if (typeof uri !== 'string') {
|
|
46
|
+
return 'All redirect_uris must be strings';
|
|
47
|
+
}
|
|
48
|
+
try {
|
|
49
|
+
new URL(uri);
|
|
50
|
+
} catch {
|
|
51
|
+
return `Invalid redirect_uri: ${uri}`;
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
return null;
|
|
55
|
+
}
|
|
56
|
+
}
|