mcp-creatio 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.d.ts +5 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +18 -11
- package/dist/cli.js.map +1 -1
- package/dist/creatio/auth/auth.d.ts +2 -0
- package/dist/creatio/auth/auth.d.ts.map +1 -1
- package/dist/creatio/auth/auth.js.map +1 -1
- package/dist/creatio/auth/providers/base-provider.d.ts +1 -0
- package/dist/creatio/auth/providers/base-provider.d.ts.map +1 -1
- package/dist/creatio/auth/providers/base-provider.js +3 -0
- package/dist/creatio/auth/providers/base-provider.js.map +1 -1
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +3 -0
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +1 -1
- package/dist/creatio/auth/providers/oauth2-code-provider.js +30 -24
- package/dist/creatio/auth/providers/oauth2-code-provider.js.map +1 -1
- package/dist/creatio/services/http-client.d.ts.map +1 -1
- package/dist/creatio/services/http-client.js +0 -1
- package/dist/creatio/services/http-client.js.map +1 -1
- package/dist/creatio/services/metadata-store.d.ts +5 -0
- package/dist/creatio/services/metadata-store.d.ts.map +1 -1
- package/dist/creatio/services/metadata-store.js +18 -6
- package/dist/creatio/services/metadata-store.js.map +1 -1
- package/dist/creatio/services/odata-crud-provider.d.ts +2 -0
- package/dist/creatio/services/odata-crud-provider.d.ts.map +1 -1
- package/dist/creatio/services/odata-crud-provider.js +10 -1
- package/dist/creatio/services/odata-crud-provider.js.map +1 -1
- package/dist/server/http/creatio-oauth-handlers.d.ts +0 -1
- package/dist/server/http/creatio-oauth-handlers.d.ts.map +1 -1
- package/dist/server/http/creatio-oauth-handlers.js +30 -23
- package/dist/server/http/creatio-oauth-handlers.js.map +1 -1
- package/dist/server/http/httpServer.d.ts +9 -0
- package/dist/server/http/httpServer.d.ts.map +1 -1
- package/dist/server/http/httpServer.js +34 -11
- package/dist/server/http/httpServer.js.map +1 -1
- package/dist/server/http/mcp-handlers.d.ts.map +1 -1
- package/dist/server/http/mcp-handlers.js +4 -1
- package/dist/server/http/mcp-handlers.js.map +1 -1
- package/dist/server/http/mcp-oauth-handlers.d.ts.map +1 -1
- package/dist/server/http/mcp-oauth-handlers.js +18 -6
- package/dist/server/http/mcp-oauth-handlers.js.map +1 -1
- package/dist/server/http/middleware.d.ts +7 -0
- package/dist/server/http/middleware.d.ts.map +1 -1
- package/dist/server/http/middleware.js +23 -0
- package/dist/server/http/middleware.js.map +1 -1
- package/dist/server/http/rate-limiter.d.ts +24 -0
- package/dist/server/http/rate-limiter.d.ts.map +1 -0
- package/dist/server/http/rate-limiter.js +42 -0
- package/dist/server/http/rate-limiter.js.map +1 -0
- package/dist/server/oauth/oauth-server.d.ts +0 -1
- package/dist/server/oauth/oauth-server.d.ts.map +1 -1
- package/dist/server/oauth/oauth-server.js +11 -21
- package/dist/server/oauth/oauth-server.js.map +1 -1
- package/dist/server/oauth/storage.d.ts +0 -2
- package/dist/server/oauth/storage.d.ts.map +1 -1
- package/dist/server/oauth/storage.js +0 -6
- package/dist/server/oauth/storage.js.map +1 -1
- package/dist/server/oauth/validators.d.ts +6 -0
- package/dist/server/oauth/validators.d.ts.map +1 -1
- package/dist/server/oauth/validators.js +28 -0
- package/dist/server/oauth/validators.js.map +1 -1
- package/dist/services/session-context.d.ts +8 -7
- package/dist/services/session-context.d.ts.map +1 -1
- package/dist/services/session-context.js +7 -27
- package/dist/services/session-context.js.map +1 -1
- package/package.json +12 -3
- package/.dockerignore +0 -12
- package/.editorconfig +0 -14
- package/.eslintrc.cjs +0 -18
- package/.gitattributes +0 -8
- package/.github/workflows/docker-publish.yml +0 -50
- package/.prettierignore +0 -3
- package/.prettierrc +0 -9
- package/.vscode/launch.json +0 -23
- package/.vscode/mcp.json +0 -13
- package/.vscode/settings.json +0 -16
- package/Agent.md +0 -190
- package/Debug.md +0 -32
- package/Dockerfile +0 -23
- package/docs/coding-style.md +0 -30
- package/eslint.config.cjs +0 -95
- package/src/cli.ts +0 -162
- package/src/config-builder.ts +0 -76
- package/src/consts.ts +0 -3
- package/src/creatio/auth/auth-manager.ts +0 -27
- package/src/creatio/auth/auth.ts +0 -31
- package/src/creatio/auth/index.ts +0 -3
- package/src/creatio/auth/providers/base-oauth2-provider.ts +0 -62
- package/src/creatio/auth/providers/base-provider.ts +0 -42
- package/src/creatio/auth/providers/index.ts +0 -4
- package/src/creatio/auth/providers/legacy-provider.ts +0 -70
- package/src/creatio/auth/providers/oauth2-code-provider.ts +0 -252
- package/src/creatio/auth/providers/oauth2-provider.ts +0 -91
- package/src/creatio/auth/providers/type.ts +0 -5
- package/src/creatio/client-config.ts +0 -34
- package/src/creatio/engines/admin-operation/admin-operation-engine.ts +0 -44
- package/src/creatio/engines/configuration/configuration-engine.ts +0 -26
- package/src/creatio/engines/crud/crud-engine.ts +0 -47
- package/src/creatio/engines/engine-manager.ts +0 -157
- package/src/creatio/engines/engine-registry.ts +0 -39
- package/src/creatio/engines/engine.ts +0 -3
- package/src/creatio/engines/feature/feature-engine.ts +0 -20
- package/src/creatio/engines/index.ts +0 -10
- package/src/creatio/engines/process/process-engine.ts +0 -20
- package/src/creatio/engines/sys-settings/sys-settings-engine.ts +0 -41
- package/src/creatio/engines/user/user-engine.ts +0 -20
- package/src/creatio/index.ts +0 -6
- package/src/creatio/provider-context.ts +0 -21
- package/src/creatio/providers/admin-operation-provider.ts +0 -34
- package/src/creatio/providers/configuration-provider.ts +0 -22
- package/src/creatio/providers/crud-provider.ts +0 -45
- package/src/creatio/providers/feature-provider.ts +0 -10
- package/src/creatio/providers/index.ts +0 -7
- package/src/creatio/providers/process-provider.ts +0 -15
- package/src/creatio/providers/sys-settings-provider.ts +0 -63
- package/src/creatio/providers/user-provider.ts +0 -12
- package/src/creatio/services/admin-operation-service-provider.ts +0 -115
- package/src/creatio/services/configuration-service-provider.ts +0 -127
- package/src/creatio/services/creatio-service-context.ts +0 -55
- package/src/creatio/services/feature-service-provider.ts +0 -60
- package/src/creatio/services/http-client.ts +0 -174
- package/src/creatio/services/index.ts +0 -10
- package/src/creatio/services/metadata-store.ts +0 -181
- package/src/creatio/services/odata-crud-provider.ts +0 -210
- package/src/creatio/services/process-service-provider.ts +0 -76
- package/src/creatio/services/sys-settings-service-provider.ts +0 -192
- package/src/creatio/services/user-info-provider.ts +0 -41
- package/src/index.ts +0 -44
- package/src/log.ts +0 -183
- package/src/server/http/creatio-oauth-handlers.ts +0 -146
- package/src/server/http/httpServer.ts +0 -150
- package/src/server/http/index.ts +0 -5
- package/src/server/http/mcp-handlers.ts +0 -92
- package/src/server/http/mcp-oauth-handlers.ts +0 -108
- package/src/server/http/middleware.ts +0 -91
- package/src/server/index.ts +0 -2
- package/src/server/mcp/filters.ts +0 -97
- package/src/server/mcp/index.ts +0 -1
- package/src/server/mcp/prompts-data.ts +0 -1292
- package/src/server/mcp/server.ts +0 -442
- package/src/server/mcp/tools-data.ts +0 -748
- package/src/server/oauth/client-manager.ts +0 -47
- package/src/server/oauth/index.ts +0 -6
- package/src/server/oauth/oauth-server.ts +0 -185
- package/src/server/oauth/storage.ts +0 -106
- package/src/server/oauth/token-manager.ts +0 -80
- package/src/server/oauth/types.ts +0 -55
- package/src/server/oauth/validators.ts +0 -56
- package/src/services/index.ts +0 -2
- package/src/services/session-context.ts +0 -232
- package/src/services/token-refresh-scheduler.ts +0 -68
- package/src/types/index.ts +0 -1
- package/src/types/network.ts +0 -7
- package/src/utils/context.ts +0 -49
- package/src/utils/env.ts +0 -12
- package/src/utils/index.ts +0 -5
- package/src/utils/mcp.ts +0 -8
- package/src/utils/network.ts +0 -65
- package/src/utils/pkce.ts +0 -39
- package/src/version.ts +0 -15
- package/tsconfig.json +0 -28
|
@@ -14,7 +14,6 @@ class OAuthServer {
|
|
|
14
14
|
_jwtSecret = crypto_1.default.randomBytes(32).toString('hex');
|
|
15
15
|
_storage = new storage_1.OAuthStorage();
|
|
16
16
|
_tokenManager;
|
|
17
|
-
_accessTokens = new Map();
|
|
18
17
|
_baseUrl;
|
|
19
18
|
constructor(baseUrl = 'http://localhost:3000') {
|
|
20
19
|
this._baseUrl = baseUrl;
|
|
@@ -24,6 +23,12 @@ class OAuthServer {
|
|
|
24
23
|
if (this._storage.hasClient(client_id)) {
|
|
25
24
|
return false;
|
|
26
25
|
}
|
|
26
|
+
// Never auto-register a client bound to a redirect target we would not allow,
|
|
27
|
+
// otherwise validateAuthorizationRequest would "pass" against an attacker URI (CWE-601).
|
|
28
|
+
if (!validators_1.OAuthValidators.isAllowedRedirectUri(redirect_uri)) {
|
|
29
|
+
log_1.default.warn('oauth.client.auto_register_rejected', { client_id });
|
|
30
|
+
return false;
|
|
31
|
+
}
|
|
27
32
|
const client = client_manager_1.OAuthClientManager.autoRegisterClient(client_id, redirect_uri);
|
|
28
33
|
this._storage.addClient(client);
|
|
29
34
|
return true;
|
|
@@ -58,37 +63,28 @@ class OAuthServer {
|
|
|
58
63
|
}
|
|
59
64
|
storeState(state, client_id) {
|
|
60
65
|
this._storage.storeState(state, client_id);
|
|
61
|
-
log_1.default.info('oauth.state.stored', {
|
|
66
|
+
log_1.default.info('oauth.state.stored', { client_id });
|
|
62
67
|
}
|
|
63
68
|
validateState(state, client_id) {
|
|
64
|
-
log_1.default.info('oauth.state.validate_attempt', {
|
|
65
|
-
state,
|
|
66
|
-
client_id,
|
|
67
|
-
storedStates: this._storage.getAllStates(),
|
|
68
|
-
});
|
|
69
69
|
const stateData = this._storage.getState(state);
|
|
70
70
|
if (!stateData) {
|
|
71
|
-
log_1.default.warn('oauth.state.not_found', {
|
|
72
|
-
state,
|
|
73
|
-
storedStates: this._storage.getAllStates(),
|
|
74
|
-
});
|
|
71
|
+
log_1.default.warn('oauth.state.not_found', { client_id });
|
|
75
72
|
return false;
|
|
76
73
|
}
|
|
77
74
|
if (stateData.expires_at < Date.now()) {
|
|
78
75
|
this._storage.deleteState(state);
|
|
79
|
-
log_1.default.warn('oauth.state.expired', {
|
|
76
|
+
log_1.default.warn('oauth.state.expired', { client_id });
|
|
80
77
|
return false;
|
|
81
78
|
}
|
|
82
79
|
if (stateData.client_id !== client_id) {
|
|
83
80
|
log_1.default.warn('oauth.state.client_mismatch', {
|
|
84
|
-
state,
|
|
85
81
|
expected: stateData.client_id,
|
|
86
82
|
actual: client_id,
|
|
87
83
|
});
|
|
88
84
|
return false;
|
|
89
85
|
}
|
|
90
86
|
this._storage.deleteState(state);
|
|
91
|
-
log_1.default.info('oauth.state.validated_successfully', {
|
|
87
|
+
log_1.default.info('oauth.state.validated_successfully', { client_id });
|
|
92
88
|
return true;
|
|
93
89
|
}
|
|
94
90
|
generateAuthorizationCode(client_id, redirect_uri, code_challenge, code_challenge_method, userKey) {
|
|
@@ -100,11 +96,9 @@ class OAuthServer {
|
|
|
100
96
|
async exchangeCodeForToken(params) {
|
|
101
97
|
log_1.default.info('oauth.token.exchange_start', {
|
|
102
98
|
grant_type: params.grant_type,
|
|
103
|
-
code: params.code ? '***' + params.code.slice(-4) : 'missing',
|
|
104
99
|
client_id: params.client_id,
|
|
105
100
|
redirect_uri: params.redirect_uri,
|
|
106
101
|
has_code_verifier: !!params.code_verifier,
|
|
107
|
-
stored_codes: this._storage.getAllStoredCodes().map((k) => '***' + k.slice(-4)),
|
|
108
102
|
});
|
|
109
103
|
const validationError = validators_1.OAuthValidators.validateTokenRequest(params);
|
|
110
104
|
if (validationError) {
|
|
@@ -112,10 +106,7 @@ class OAuthServer {
|
|
|
112
106
|
}
|
|
113
107
|
const authCode = this._storage.getAuthorizationCode(params.code);
|
|
114
108
|
if (!authCode) {
|
|
115
|
-
log_1.default.error('oauth.token.code_not_found', {
|
|
116
|
-
code: '***' + params.code.slice(-4),
|
|
117
|
-
stored_codes: this._storage.getAllStoredCodes().map((k) => '***' + k.slice(-4)),
|
|
118
|
-
});
|
|
109
|
+
log_1.default.error('oauth.token.code_not_found', { client_id: params.client_id });
|
|
119
110
|
return { error: 'invalid_grant', error_description: 'Invalid authorization code' };
|
|
120
111
|
}
|
|
121
112
|
const codeValidationError = this._tokenManager.validateAuthCodeData(authCode, params);
|
|
@@ -127,7 +118,6 @@ class OAuthServer {
|
|
|
127
118
|
return codeValidationError;
|
|
128
119
|
}
|
|
129
120
|
const tokenResponse = this._tokenManager.createTokenResponse(authCode.userKey, params.client_id);
|
|
130
|
-
this._accessTokens.set(tokenResponse.access_token, tokenResponse);
|
|
131
121
|
this._storage.deleteAuthorizationCode(params.code);
|
|
132
122
|
log_1.default.info('oauth.token.issued', { client_id: params.client_id, userKey: authCode.userKey });
|
|
133
123
|
return tokenResponse;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-server.js","sourceRoot":"","sources":["../../../src/server/oauth/oauth-server.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAE5B,oDAA4B;AAE5B,qDAAsD;AACtD,uCAAyC;AACzC,mDAAoD;AACpD,6CAA+C;AAW/C,MAAa,WAAW;IACN,UAAU,GAAW,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5D,QAAQ,GAAG,IAAI,sBAAY,EAAE,CAAC;IAC9B,aAAa,CAAoB;
|
|
1
|
+
{"version":3,"file":"oauth-server.js","sourceRoot":"","sources":["../../../src/server/oauth/oauth-server.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAE5B,oDAA4B;AAE5B,qDAAsD;AACtD,uCAAyC;AACzC,mDAAoD;AACpD,6CAA+C;AAW/C,MAAa,WAAW;IACN,UAAU,GAAW,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5D,QAAQ,GAAG,IAAI,sBAAY,EAAE,CAAC;IAC9B,aAAa,CAAoB;IAC1C,QAAQ,CAAS;IAEzB,YAAY,UAAkB,uBAAuB;QACpD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC7D,CAAC;IAEO,2BAA2B,CAAC,SAAiB,EAAE,YAAoB;QAC1E,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACd,CAAC;QACD,8EAA8E;QAC9E,yFAAyF;QACzF,IAAI,CAAC,4BAAe,CAAC,oBAAoB,CAAC,YAAY,CAAC,EAAE,CAAC;YACzD,aAAG,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;YAC/D,OAAO,KAAK,CAAC;QACd,CAAC;QACD,MAAM,MAAM,GAAG,mCAAkB,CAAC,kBAAkB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAC9E,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,8BAA8B;QACpC,OAAO;YACN,MAAM,EAAE,IAAI,CAAC,QAAQ;YACrB,sBAAsB,EAAE,GAAG,IAAI,CAAC,QAAQ,YAAY;YACpD,cAAc,EAAE,GAAG,IAAI,CAAC,QAAQ,QAAQ;YACxC,qBAAqB,EAAE,GAAG,IAAI,CAAC,QAAQ,WAAW;YAClD,wBAAwB,EAAE,CAAC,MAAM,CAAC;YAClC,qBAAqB,EAAE,CAAC,oBAAoB,CAAC;YAC7C,qCAAqC,EAAE,CAAC,MAAM,EAAE,oBAAoB,CAAC;YACrE,gCAAgC,EAAE,CAAC,MAAM,CAAC;YAC1C,gBAAgB,EAAE,CAAC,QAAQ,CAAC;SAC5B,CAAC;IACH,CAAC;IAEM,cAAc,CAAC,aAAuB;QAC5C,MAAM,MAAM,GAAG,mCAAkB,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,MAAM,CAAC;IACf,CAAC;IAEM,4BAA4B,CAAC,MAAiC;QACpE,IAAI,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,MAAM,aAAa,GAAG,IAAI,CAAC,2BAA2B,CACrD,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,YAAY,CACnB,CAAC;YACF,IAAI,aAAa,EAAE,CAAC;gBACnB,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACpD,CAAC;QACF,CAAC;QACD,OAAO,4BAAe,CAAC,4BAA4B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrE,CAAC;IAEM,UAAU,CAAC,KAAa,EAAE,SAAiB;QACjD,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAC3C,aAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/C,CAAC;IAEM,aAAa,CAAC,KAAa,EAAE,SAAiB;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,aAAG,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;YACjD,OAAO,KAAK,CAAC;QACd,CAAC;QACD,IAAI,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACvC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YACjC,aAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;YAC/C,OAAO,KAAK,CAAC;QACd,CAAC;QACD,IAAI,SAAS,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACvC,aAAG,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACvC,QAAQ,EAAE,SAAS,CAAC,SAAS;gBAC7B,MAAM,EAAE,SAAS;aACjB,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACd,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACjC,aAAG,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9D,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,yBAAyB,CAC/B,SAAiB,EACjB,YAAoB,EACpB,cAAsB,EACtB,qBAA6B,EAC7B,OAAe;QAEf,MAAM,IAAI,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CACnC,IAAI,EACJ,SAAS,EACT,YAAY,EACZ,cAAc,EACd,qBAAqB,EACrB,OAAO,CACP,CAAC;QACF,aAAG,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QACvE,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAChC,MAAyB;QAEzB,aAAG,CAAC,IAAI,CAAC,4BAA4B,EAAE;YACtC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,aAAa;SACzC,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,4BAAe,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACrE,IAAI,eAAe,EAAE,CAAC;YACrB,OAAO,eAAe,CAAC;QACxB,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAK,CAAC,CAAC;QAClE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,aAAG,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;YACzE,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,CAAC;QACpF,CAAC;QACD,MAAM,mBAAmB,GAAG,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACtF,IAAI,mBAAmB,EAAE,CAAC;YACzB,IACC,mBAAmB,CAAC,KAAK,KAAK,eAAe;gBAC7C,mBAAmB,CAAC,iBAAiB,KAAK,4BAA4B,EACrE,CAAC;gBACF,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC,MAAM,CAAC,IAAK,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,mBAAmB,CAAC;QAC5B,CAAC;QACD,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAC3D,QAAQ,CAAC,OAAO,EAChB,MAAM,CAAC,SAAS,CAChB,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC,MAAM,CAAC,IAAK,CAAC,CAAC;QACpD,aAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3F,OAAO,aAAa,CAAC;IACtB,CAAC;IAEM,mBAAmB,CAAC,KAAa;QACvC,OAAO,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IAEM,SAAS,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC;IAEM,OAAO;QACb,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;IACzB,CAAC;CACD;AA5JD,kCA4JC"}
|
|
@@ -24,8 +24,6 @@ export declare class OAuthStorage {
|
|
|
24
24
|
storeState(state: string, client_id: string, expiresInMs?: number): void;
|
|
25
25
|
getState(state: string): StateData | undefined;
|
|
26
26
|
deleteState(state: string): void;
|
|
27
|
-
getAllStates(): string[];
|
|
28
|
-
getAllStoredCodes(): string[];
|
|
29
27
|
cleanup(): void;
|
|
30
28
|
}
|
|
31
29
|
//# sourceMappingURL=storage.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/storage.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C,MAAM,WAAW,qBAAqB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,SAAS;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAkC;IAC3D,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAA4C;IAChF,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAgC;IAE9D,SAAS,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAIpC,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAIrD,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAIrC,sBAAsB,CAC5B,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,qBAAqB,EAAE,MAAM,EAC7B,OAAO,EAAE,MAAM,EACf,WAAW,GAAE,MAAuB,GAClC,IAAI;IAYA,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,qBAAqB,GAAG,SAAS;IAIrE,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAI3C,UAAU,CAChB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,WAAW,GAAE,MAAuB,GAClC,IAAI;IAKA,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI9C,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIhC,
|
|
1
|
+
{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/storage.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C,MAAM,WAAW,qBAAqB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,SAAS;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAkC;IAC3D,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAA4C;IAChF,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAgC;IAE9D,SAAS,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAIpC,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAIrD,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAIrC,sBAAsB,CAC5B,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,qBAAqB,EAAE,MAAM,EAC7B,OAAO,EAAE,MAAM,EACf,WAAW,GAAE,MAAuB,GAClC,IAAI;IAYA,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,qBAAqB,GAAG,SAAS;IAIrE,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAI3C,UAAU,CAChB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,WAAW,GAAE,MAAuB,GAClC,IAAI;IAKA,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI9C,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAIhC,OAAO,IAAI,IAAI;CAiBtB"}
|
|
@@ -45,12 +45,6 @@ class OAuthStorage {
|
|
|
45
45
|
deleteState(state) {
|
|
46
46
|
this._authorizationStates.delete(state);
|
|
47
47
|
}
|
|
48
|
-
getAllStates() {
|
|
49
|
-
return Array.from(this._authorizationStates.keys());
|
|
50
|
-
}
|
|
51
|
-
getAllStoredCodes() {
|
|
52
|
-
return Array.from(this._authorizationCodes.keys());
|
|
53
|
-
}
|
|
54
48
|
cleanup() {
|
|
55
49
|
const now = Date.now();
|
|
56
50
|
for (const [code, data] of this._authorizationCodes.entries()) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage.js","sourceRoot":"","sources":["../../../src/server/oauth/storage.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAkB5B,MAAa,YAAY;IACP,QAAQ,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC1C,mBAAmB,GAAG,IAAI,GAAG,EAAiC,CAAC;IAC/D,oBAAoB,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE9D,SAAS,CAAC,MAAmB;QACnC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;IAEM,SAAS,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAEM,SAAS,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAEM,sBAAsB,CAC5B,IAAY,EACZ,SAAiB,EACjB,YAAoB,EACpB,cAAsB,EACtB,qBAA6B,EAC7B,OAAe,EACf,cAAsB,EAAE,GAAG,EAAE,GAAG,IAAI;QAEpC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QAC5C,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE;YAClC,SAAS;YACT,YAAY;YACZ,cAAc;YACd,qBAAqB;YACrB,OAAO;YACP,UAAU;SACV,CAAC,CAAC;IACJ,CAAC;IAEM,oBAAoB,CAAC,IAAY;QACvC,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAEM,uBAAuB,CAAC,IAAY;QAC1C,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAEM,UAAU,CAChB,KAAa,EACb,SAAiB,EACjB,cAAsB,EAAE,GAAG,EAAE,GAAG,IAAI;QAEpC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QAC5C,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;IACjE,CAAC;IAEM,QAAQ,CAAC,KAAa;QAC5B,OAAO,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAEM,WAAW,CAAC,KAAa;QAC/B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAEM,
|
|
1
|
+
{"version":3,"file":"storage.js","sourceRoot":"","sources":["../../../src/server/oauth/storage.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAkB5B,MAAa,YAAY;IACP,QAAQ,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC1C,mBAAmB,GAAG,IAAI,GAAG,EAAiC,CAAC;IAC/D,oBAAoB,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE9D,SAAS,CAAC,MAAmB;QACnC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;IAEM,SAAS,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAEM,SAAS,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAEM,sBAAsB,CAC5B,IAAY,EACZ,SAAiB,EACjB,YAAoB,EACpB,cAAsB,EACtB,qBAA6B,EAC7B,OAAe,EACf,cAAsB,EAAE,GAAG,EAAE,GAAG,IAAI;QAEpC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QAC5C,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE;YAClC,SAAS;YACT,YAAY;YACZ,cAAc;YACd,qBAAqB;YACrB,OAAO;YACP,UAAU;SACV,CAAC,CAAC;IACJ,CAAC;IAEM,oBAAoB,CAAC,IAAY;QACvC,OAAO,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAEM,uBAAuB,CAAC,IAAY;QAC1C,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAEM,UAAU,CAChB,KAAa,EACb,SAAiB,EACjB,cAAsB,EAAE,GAAG,EAAE,GAAG,IAAI;QAEpC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;QAC5C,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;IACjE,CAAC;IAEM,QAAQ,CAAC,KAAa;QAC5B,OAAO,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAEM,WAAW,CAAC,KAAa;QAC/B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAEM,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,EAAE,CAAC;YAC/D,IAAI,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;gBAC3B,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;QACF,CAAC;QACD,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,EAAE,CAAC;YACjE,IAAI,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;gBAC3B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACzC,CAAC;QACF,CAAC;QACD,aAAG,CAAC,IAAI,CAAC,iCAAiC,EAAE;YAC3C,eAAe,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI;YAC9C,gBAAgB,EAAE,IAAI,CAAC,oBAAoB,CAAC,IAAI;SAChD,CAAC,CAAC;IACJ,CAAC;CACD;AA/ED,oCA+EC"}
|
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
import type { OAuthAuthorizationRequest, OAuthClient, OAuthError, OAuthTokenRequest } from './types';
|
|
2
2
|
export declare class OAuthValidators {
|
|
3
|
+
/**
|
|
4
|
+
* Restricts OAuth redirect targets to loopback web addresses (native-app local
|
|
5
|
+
* listeners) and custom app-scheme deep links, blocking redirects to arbitrary
|
|
6
|
+
* remote origins and script-bearing schemes (open redirect / code interception, CWE-601).
|
|
7
|
+
*/
|
|
8
|
+
static isAllowedRedirectUri(uri: string): boolean;
|
|
3
9
|
static validateAuthorizationRequest(params: OAuthAuthorizationRequest, client: OAuthClient | undefined): OAuthError | null;
|
|
4
10
|
static validateTokenRequest(params: OAuthTokenRequest): OAuthError | null;
|
|
5
11
|
static validateClientRegistration(redirect_uris: unknown): string | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/validators.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,yBAAyB,EACzB,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/validators.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,yBAAyB,EACzB,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,MAAM,SAAS,CAAC;AAIjB,qBAAa,eAAe;IAC3B;;;;OAIG;WACW,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAkB1C,4BAA4B,CACzC,MAAM,EAAE,yBAAyB,EACjC,MAAM,EAAE,WAAW,GAAG,SAAS,GAC7B,UAAU,GAAG,IAAI;WAgBN,oBAAoB,CAAC,MAAM,EAAE,iBAAiB,GAAG,UAAU,GAAG,IAAI;WAUlE,0BAA0B,CAAC,aAAa,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI;CAsB/E"}
|
|
@@ -1,7 +1,32 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.OAuthValidators = void 0;
|
|
4
|
+
const DANGEROUS_SCHEMES = new Set(['javascript:', 'data:', 'file:', 'vbscript:', 'blob:']);
|
|
5
|
+
const LOOPBACK_HOSTS = new Set(['localhost', '127.0.0.1', '::1', '[::1]']);
|
|
4
6
|
class OAuthValidators {
|
|
7
|
+
/**
|
|
8
|
+
* Restricts OAuth redirect targets to loopback web addresses (native-app local
|
|
9
|
+
* listeners) and custom app-scheme deep links, blocking redirects to arbitrary
|
|
10
|
+
* remote origins and script-bearing schemes (open redirect / code interception, CWE-601).
|
|
11
|
+
*/
|
|
12
|
+
static isAllowedRedirectUri(uri) {
|
|
13
|
+
let parsed;
|
|
14
|
+
try {
|
|
15
|
+
parsed = new URL(uri);
|
|
16
|
+
}
|
|
17
|
+
catch {
|
|
18
|
+
return false;
|
|
19
|
+
}
|
|
20
|
+
const proto = parsed.protocol.toLowerCase();
|
|
21
|
+
if (DANGEROUS_SCHEMES.has(proto)) {
|
|
22
|
+
return false;
|
|
23
|
+
}
|
|
24
|
+
if (proto === 'http:' || proto === 'https:') {
|
|
25
|
+
return LOOPBACK_HOSTS.has(parsed.hostname.toLowerCase());
|
|
26
|
+
}
|
|
27
|
+
// Any other custom scheme (e.g. vscode:, cursor:, com.example.app:) is an app deep link.
|
|
28
|
+
return true;
|
|
29
|
+
}
|
|
5
30
|
static validateAuthorizationRequest(params, client) {
|
|
6
31
|
if (!client) {
|
|
7
32
|
return { error: 'invalid_client', error_description: 'Client not found' };
|
|
@@ -43,6 +68,9 @@ class OAuthValidators {
|
|
|
43
68
|
catch {
|
|
44
69
|
return `Invalid redirect_uri: ${uri}`;
|
|
45
70
|
}
|
|
71
|
+
if (!OAuthValidators.isAllowedRedirectUri(uri)) {
|
|
72
|
+
return `Disallowed redirect_uri (must be loopback or an app scheme): ${uri}`;
|
|
73
|
+
}
|
|
46
74
|
}
|
|
47
75
|
return null;
|
|
48
76
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validators.js","sourceRoot":"","sources":["../../../src/server/oauth/validators.ts"],"names":[],"mappings":";;;AAMA,MAAa,eAAe;
|
|
1
|
+
{"version":3,"file":"validators.js","sourceRoot":"","sources":["../../../src/server/oauth/validators.ts"],"names":[],"mappings":";;;AAMA,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAC3F,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAE3E,MAAa,eAAe;IAC3B;;;;OAIG;IACI,MAAM,CAAC,oBAAoB,CAAC,GAAW;QAC7C,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACJ,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,KAAK,CAAC;QACd,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC5C,IAAI,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACd,CAAC;QACD,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,yFAAyF;QACzF,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,4BAA4B,CACzC,MAAiC,EACjC,MAA+B;QAE/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,CAAC;QAChF,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACrC,OAAO,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YACvE,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,eAAe,EAAE,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,oBAAoB,CAAC,MAAyB;QAC3D,IAAI,MAAM,CAAC,UAAU,KAAK,oBAAoB,EAAE,CAAC;YAChD,OAAO,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC;QAC5C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC3C,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,+BAA+B,EAAE,CAAC;QACzF,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,0BAA0B,CAAC,aAAsB;QAC9D,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YACrD,OAAO,gDAAgD,CAAC;QACzD,CAAC;QACD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,6CAA6C,CAAC;QACtD,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC7B,OAAO,mCAAmC,CAAC;YAC5C,CAAC;YACD,IAAI,CAAC;gBACJ,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACR,OAAO,yBAAyB,GAAG,EAAE,CAAC;YACvC,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChD,OAAO,gEAAgE,GAAG,EAAE,CAAC;YAC9E,CAAC;QACF,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;CACD;AA3ED,0CA2EC"}
|
|
@@ -14,9 +14,14 @@ export interface UserTokens {
|
|
|
14
14
|
}
|
|
15
15
|
export interface OAuthState {
|
|
16
16
|
userKey: string;
|
|
17
|
+
sessionId?: string | undefined;
|
|
17
18
|
createdAt: number;
|
|
18
19
|
expiresAt: number;
|
|
19
20
|
}
|
|
21
|
+
export interface OAuthStateResult {
|
|
22
|
+
userKey: string;
|
|
23
|
+
sessionId?: string | undefined;
|
|
24
|
+
}
|
|
20
25
|
export declare class SessionContext {
|
|
21
26
|
private static _instance;
|
|
22
27
|
private readonly _sessions;
|
|
@@ -38,16 +43,12 @@ export declare class SessionContext {
|
|
|
38
43
|
getTokensForUser(userKey: string): Promise<UserTokens | null>;
|
|
39
44
|
setTokensForUser(userKey: string, tokens: UserTokens): Promise<void>;
|
|
40
45
|
deleteTokensForUser(userKey: string): Promise<void>;
|
|
41
|
-
createOAuthState(userKey: string): string;
|
|
42
|
-
validateOAuthState(state: string):
|
|
43
|
-
|
|
44
|
-
} | null;
|
|
45
|
-
validateAndConsumeOAuthState(state: string): string | undefined;
|
|
46
|
-
setSessionUserKey(sessionId: string, userKey: string): void;
|
|
46
|
+
createOAuthState(userKey: string, sessionId?: string): string;
|
|
47
|
+
validateOAuthState(state: string): OAuthStateResult | null;
|
|
48
|
+
validateAndConsumeOAuthState(state: string): OAuthStateResult | undefined;
|
|
47
49
|
cleanupExpiredOAuthStates(): void;
|
|
48
50
|
getEffectiveTokens(sessionId?: string, userKey?: string): Promise<UserTokens | null>;
|
|
49
51
|
createSessionWithUser(sessionId: string, userKey: string, remoteIp?: string): Promise<SessionInfo>;
|
|
50
|
-
mapAllSessionsToUser(userKey: string): void;
|
|
51
52
|
getStats(): {
|
|
52
53
|
sessionsCount: number;
|
|
53
54
|
tokensCount: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-context.d.ts","sourceRoot":"","sources":["../../src/services/session-context.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"session-context.d.ts","sourceRoot":"","sources":["../../src/services/session-context.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AAInG,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,SAAS,CAAC,EAAE,6BAA6B,GAAG,SAAS,CAAC;IACtD,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9B;AAED,MAAM,WAAW,UAAU;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAClC;AAED,MAAM,WAAW,UAAU;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC/B;AAED,qBAAa,cAAc;IAC1B,OAAO,CAAC,MAAM,CAAC,SAAS,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAkC;IAC5D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAiC;IAC7D,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAiC;IAC9D,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAqB;IAEvD,WAAkB,QAAQ,IAAI,cAAc,CAK3C;IAED,OAAO,CAAC,cAAc;IAKf,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW;IAgBlF,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAItD,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAItC,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAS/C,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,IAAI;IAOtF,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAQ1D,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAiBtC,cAAc,IAAI,WAAW,EAAE;IAI/B,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE;IAI5C,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAQlE,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI7D,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzD,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM;IAY7D,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB,GAAG,IAAI;IAa1D,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAIzE,yBAAyB,IAAI,IAAI;IAS3B,kBAAkB,CAC9B,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAUhB,qBAAqB,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,WAAW,CAAC;IAKhB,QAAQ,IAAI;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE;CAO3F"}
|
|
@@ -4,6 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.SessionContext = void 0;
|
|
7
|
+
const crypto_1 = __importDefault(require("crypto"));
|
|
7
8
|
const log_1 = __importDefault(require("../log"));
|
|
8
9
|
class SessionContext {
|
|
9
10
|
static _instance;
|
|
@@ -18,8 +19,8 @@ class SessionContext {
|
|
|
18
19
|
return SessionContext._instance;
|
|
19
20
|
}
|
|
20
21
|
_generateState() {
|
|
21
|
-
|
|
22
|
-
|
|
22
|
+
// Cryptographically secure, unguessable CSRF/state token (CWE-330).
|
|
23
|
+
return crypto_1.default.randomBytes(32).toString('base64url');
|
|
23
24
|
}
|
|
24
25
|
createSession(sessionId, userKey, remoteIp) {
|
|
25
26
|
const session = {
|
|
@@ -102,10 +103,11 @@ class SessionContext {
|
|
|
102
103
|
async deleteTokensForUser(userKey) {
|
|
103
104
|
this._userTokens.delete(userKey);
|
|
104
105
|
}
|
|
105
|
-
createOAuthState(userKey) {
|
|
106
|
+
createOAuthState(userKey, sessionId) {
|
|
106
107
|
const state = this._generateState();
|
|
107
108
|
const stateInfo = {
|
|
108
109
|
userKey,
|
|
110
|
+
sessionId,
|
|
109
111
|
createdAt: Date.now(),
|
|
110
112
|
expiresAt: Date.now() + 10 * 60 * 1000,
|
|
111
113
|
};
|
|
@@ -122,18 +124,10 @@ class SessionContext {
|
|
|
122
124
|
return null;
|
|
123
125
|
}
|
|
124
126
|
this._oauthStates.delete(state);
|
|
125
|
-
return { userKey: stateInfo.userKey };
|
|
127
|
+
return { userKey: stateInfo.userKey, sessionId: stateInfo.sessionId };
|
|
126
128
|
}
|
|
127
129
|
validateAndConsumeOAuthState(state) {
|
|
128
|
-
|
|
129
|
-
return result?.userKey;
|
|
130
|
-
}
|
|
131
|
-
setSessionUserKey(sessionId, userKey) {
|
|
132
|
-
const session = this._sessions.get(sessionId);
|
|
133
|
-
if (session) {
|
|
134
|
-
session.userKey = userKey;
|
|
135
|
-
log_1.default.info('session_mapping.set', { sessionId, userKey });
|
|
136
|
-
}
|
|
130
|
+
return this.validateOAuthState(state) ?? undefined;
|
|
137
131
|
}
|
|
138
132
|
cleanupExpiredOAuthStates() {
|
|
139
133
|
const now = Date.now();
|
|
@@ -156,20 +150,6 @@ class SessionContext {
|
|
|
156
150
|
const session = this.createSession(sessionId, userKey, remoteIp);
|
|
157
151
|
return session;
|
|
158
152
|
}
|
|
159
|
-
mapAllSessionsToUser(userKey) {
|
|
160
|
-
const sessionIds = [];
|
|
161
|
-
for (const [sessionId, session] of this._sessions.entries()) {
|
|
162
|
-
if (session.transport) {
|
|
163
|
-
session.userKey = userKey;
|
|
164
|
-
sessionIds.push(sessionId);
|
|
165
|
-
}
|
|
166
|
-
}
|
|
167
|
-
log_1.default.info('mapping_all_sessions', {
|
|
168
|
-
userKey,
|
|
169
|
-
sessionCount: sessionIds.length,
|
|
170
|
-
sessionIds,
|
|
171
|
-
});
|
|
172
|
-
}
|
|
173
153
|
getStats() {
|
|
174
154
|
return {
|
|
175
155
|
sessionsCount: this._sessions.size,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-context.js","sourceRoot":"","sources":["../../src/services/session-context.ts"],"names":[],"mappings":";;;;;;
|
|
1
|
+
{"version":3,"file":"session-context.js","sourceRoot":"","sources":["../../src/services/session-context.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAI5B,iDAAyB;AA6BzB,MAAa,cAAc;IAClB,MAAM,CAAC,SAAS,CAA6B;IACpC,SAAS,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC3C,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC5C,YAAY,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC7C,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IAEhD,MAAM,KAAK,QAAQ;QACzB,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC/B,cAAc,CAAC,SAAS,GAAG,IAAI,cAAc,EAAE,CAAC;QACjD,CAAC;QACD,OAAO,cAAc,CAAC,SAAS,CAAC;IACjC,CAAC;IAEO,cAAc;QACrB,oEAAoE;QACpE,OAAO,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC;IAEM,aAAa,CAAC,SAAiB,EAAE,OAAgB,EAAE,QAAiB;QAC1E,MAAM,OAAO,GAAgB;YAC5B,EAAE,EAAE,SAAS;YACb,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI,IAAI,EAAE;SACrB,CAAC;QACF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;QAC3B,CAAC;QACD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACvC,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,UAAU,CAAC,SAAiB;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAEM,UAAU,CAAC,SAAiB;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAEM,mBAAmB,CAAC,SAAiB;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;YACxB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;IAEM,mBAAmB,CAAC,SAAiB,EAAE,SAAwC;QACrF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC;QAC/B,CAAC;IACF,CAAC;IAEM,gBAAgB,CAAC,SAAiB,EAAE,OAAe;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;YAC1B,aAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QACzD,CAAC;IACF,CAAC;IAEM,aAAa,CAAC,SAAiB;QACrC,IAAI,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3C,OAAO;QACR,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjC,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC;gBACJ,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;YAC3B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACvE,CAAC;QACF,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC1C,CAAC;IAEM,cAAc;QACpB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAEM,kBAAkB,CAAC,OAAe;QACxC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IACjF,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAAe;QAC5C,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IAC9C,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAAe,EAAE,MAAkB;QAChE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,OAAe;QAC/C,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAEM,gBAAgB,CAAC,OAAe,EAAE,SAAkB;QAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACpC,MAAM,SAAS,GAAe;YAC7B,OAAO;YACP,SAAS;YACT,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SACtC,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACxC,OAAO,KAAK,CAAC;IACd,CAAC;IAEM,kBAAkB,CAAC,KAAa;QACtC,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAChC,OAAO,IAAI,CAAC;QACb,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC;IACvE,CAAC;IAEM,4BAA4B,CAAC,KAAa;QAChD,OAAO,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC;IACpD,CAAC;IAEM,yBAAyB;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9D,IAAI,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;gBAC/B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACjC,CAAC;QACF,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAC9B,SAAkB,EAClB,OAAgB;QAEhB,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,SAAS,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,KAAK,CAAC,qBAAqB,CACjC,SAAiB,EACjB,OAAe,EACf,QAAiB;QAEjB,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QACjE,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,QAAQ;QACd,OAAO;YACN,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;YAClC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;YAClC,gBAAgB,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI;SACxC,CAAC;IACH,CAAC;CACD;AAnLD,wCAmLC"}
|
package/package.json
CHANGED
|
@@ -1,12 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mcp-creatio",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.1",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"bin": {
|
|
6
6
|
"mcp-creatio": "dist/cli.js"
|
|
7
7
|
},
|
|
8
|
+
"files": [
|
|
9
|
+
"dist"
|
|
10
|
+
],
|
|
8
11
|
"scripts": {
|
|
9
|
-
"test": "
|
|
12
|
+
"test": "vitest run",
|
|
13
|
+
"test:watch": "vitest",
|
|
14
|
+
"test:coverage": "vitest run --coverage",
|
|
10
15
|
"clean": "rimraf ./dist",
|
|
11
16
|
"prebuild": "npm run clean",
|
|
12
17
|
"build": "tsc",
|
|
@@ -47,16 +52,20 @@
|
|
|
47
52
|
"devDependencies": {
|
|
48
53
|
"@types/express": "5.0.6",
|
|
49
54
|
"@types/node": "^25.9.1",
|
|
55
|
+
"@types/supertest": "^7.2.0",
|
|
50
56
|
"@typescript-eslint/eslint-plugin": "^8.59.4",
|
|
51
57
|
"@typescript-eslint/parser": "^8.59.4",
|
|
58
|
+
"@vitest/coverage-v8": "^4.1.9",
|
|
52
59
|
"eslint": "^9.39.4",
|
|
53
60
|
"eslint-config-prettier": "^10.1.8",
|
|
54
61
|
"eslint-plugin-import": "^2.32.0",
|
|
55
62
|
"eslint-plugin-prettier": "^5.5.5",
|
|
56
63
|
"prettier": "^3.8.3",
|
|
57
64
|
"rimraf": "^6.1.3",
|
|
65
|
+
"supertest": "^7.2.2",
|
|
58
66
|
"ts-node": "^10.9.2",
|
|
59
|
-
"typescript": "^5.9.3"
|
|
67
|
+
"typescript": "^5.9.3",
|
|
68
|
+
"vitest": "^4.1.9"
|
|
60
69
|
},
|
|
61
70
|
"dependencies": {
|
|
62
71
|
"@modelcontextprotocol/sdk": "^1.29.0",
|
package/.dockerignore
DELETED
package/.editorconfig
DELETED
package/.eslintrc.cjs
DELETED
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
module.exports = {
|
|
2
|
-
root: true,
|
|
3
|
-
parser: '@typescript-eslint/parser',
|
|
4
|
-
parserOptions: {
|
|
5
|
-
project: ['./tsconfig.json'],
|
|
6
|
-
tsconfigRootDir: __dirname,
|
|
7
|
-
sourceType: 'module',
|
|
8
|
-
},
|
|
9
|
-
plugins: ['@typescript-eslint', 'prettier'],
|
|
10
|
-
extends: [
|
|
11
|
-
'eslint:recommended',
|
|
12
|
-
'plugin:@typescript-eslint/recommended',
|
|
13
|
-
'plugin:prettier/recommended',
|
|
14
|
-
],
|
|
15
|
-
rules: {
|
|
16
|
-
'prettier/prettier': 'error',
|
|
17
|
-
},
|
|
18
|
-
};
|
package/.gitattributes
DELETED
|
@@ -1,50 +0,0 @@
|
|
|
1
|
-
name: Docker Build and Publish
|
|
2
|
-
|
|
3
|
-
on:
|
|
4
|
-
push:
|
|
5
|
-
branches: ['main']
|
|
6
|
-
tags: ['v*.*.*']
|
|
7
|
-
workflow_dispatch:
|
|
8
|
-
|
|
9
|
-
jobs:
|
|
10
|
-
docker:
|
|
11
|
-
runs-on: ubuntu-latest
|
|
12
|
-
|
|
13
|
-
permissions:
|
|
14
|
-
contents: read
|
|
15
|
-
packages: write
|
|
16
|
-
|
|
17
|
-
steps:
|
|
18
|
-
- name: Checkout
|
|
19
|
-
uses: actions/checkout@v4
|
|
20
|
-
|
|
21
|
-
- name: Set up QEMU
|
|
22
|
-
uses: docker/setup-qemu-action@v3
|
|
23
|
-
|
|
24
|
-
- name: Set up Docker Buildx
|
|
25
|
-
uses: docker/setup-buildx-action@v3
|
|
26
|
-
|
|
27
|
-
- name: Docker Hub login
|
|
28
|
-
uses: docker/login-action@v3
|
|
29
|
-
with:
|
|
30
|
-
username: ${{ secrets.DOCKER_USERNAME }}
|
|
31
|
-
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
32
|
-
|
|
33
|
-
- name: Compute Docker tags from package.json
|
|
34
|
-
id: vars
|
|
35
|
-
shell: bash
|
|
36
|
-
run: |
|
|
37
|
-
VERSION=$(jq -r .version package.json)
|
|
38
|
-
if [[ -z "$VERSION" || "$VERSION" == "null" ]]; then
|
|
39
|
-
echo "Package version is empty" >&2
|
|
40
|
-
exit 1
|
|
41
|
-
fi
|
|
42
|
-
echo "tags=crackish/mcp-creatio:latest,crackish/mcp-creatio:v${VERSION}" >> $GITHUB_OUTPUT
|
|
43
|
-
|
|
44
|
-
- name: Build and push
|
|
45
|
-
uses: docker/build-push-action@v6
|
|
46
|
-
with:
|
|
47
|
-
context: .
|
|
48
|
-
push: true
|
|
49
|
-
platforms: linux/amd64,linux/arm64
|
|
50
|
-
tags: ${{ steps.vars.outputs.tags }}
|
package/.prettierignore
DELETED
package/.prettierrc
DELETED
package/.vscode/launch.json
DELETED
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"version": "0.2.0",
|
|
3
|
-
"configurations": [
|
|
4
|
-
{
|
|
5
|
-
"name": "Debug MCP Creatio",
|
|
6
|
-
"type": "node",
|
|
7
|
-
"request": "launch",
|
|
8
|
-
"cwd": "${workspaceFolder}",
|
|
9
|
-
"runtimeExecutable": "npm",
|
|
10
|
-
"runtimeArgs": [
|
|
11
|
-
"run",
|
|
12
|
-
"start"
|
|
13
|
-
],
|
|
14
|
-
"console": "integratedTerminal",
|
|
15
|
-
"internalConsoleOptions": "neverOpen",
|
|
16
|
-
"env": {
|
|
17
|
-
"CREATIO_BASE_URL": "https://your-creatio.com",
|
|
18
|
-
"CREATIO_LOGIN": "Supervisor",
|
|
19
|
-
"CREATIO_PASSWORD": "Supervisor"
|
|
20
|
-
}
|
|
21
|
-
}
|
|
22
|
-
]
|
|
23
|
-
}
|
package/.vscode/mcp.json
DELETED
package/.vscode/settings.json
DELETED
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"editor.formatOnSave": true,
|
|
3
|
-
"editor.insertSpaces": false,
|
|
4
|
-
"editor.tabSize": 4,
|
|
5
|
-
"files.eol": "\r\n",
|
|
6
|
-
"files.encoding": "utf8",
|
|
7
|
-
"editor.detectIndentation": false,
|
|
8
|
-
"[typescript]": {
|
|
9
|
-
"editor.defaultFormatter": "esbenp.prettier-vscode"
|
|
10
|
-
},
|
|
11
|
-
"eslint.validate": ["typescript", "typescriptreact"],
|
|
12
|
-
"editor.codeActionsOnSave": {
|
|
13
|
-
"source.fixAll": "explicit",
|
|
14
|
-
"source.fixAll.eslint": "explicit"
|
|
15
|
-
}
|
|
16
|
-
}
|