mcp-creatio 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +252 -212
- package/dist/cli.d.ts +5 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +18 -11
- package/dist/cli.js.map +1 -1
- package/dist/creatio/auth/auth.d.ts +2 -0
- package/dist/creatio/auth/auth.d.ts.map +1 -1
- package/dist/creatio/auth/auth.js.map +1 -1
- package/dist/creatio/auth/providers/base-provider.d.ts +1 -0
- package/dist/creatio/auth/providers/base-provider.d.ts.map +1 -1
- package/dist/creatio/auth/providers/base-provider.js +3 -0
- package/dist/creatio/auth/providers/base-provider.js.map +1 -1
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +3 -0
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +1 -1
- package/dist/creatio/auth/providers/oauth2-code-provider.js +30 -24
- package/dist/creatio/auth/providers/oauth2-code-provider.js.map +1 -1
- package/dist/creatio/providers/configuration-provider.d.ts +3 -2
- package/dist/creatio/providers/configuration-provider.d.ts.map +1 -1
- package/dist/creatio/providers/crud-provider.d.ts +2 -0
- package/dist/creatio/providers/crud-provider.d.ts.map +1 -1
- package/dist/creatio/services/configuration-service-provider.d.ts.map +1 -1
- package/dist/creatio/services/configuration-service-provider.js +11 -3
- package/dist/creatio/services/configuration-service-provider.js.map +1 -1
- package/dist/creatio/services/http-client.d.ts.map +1 -1
- package/dist/creatio/services/http-client.js +0 -1
- package/dist/creatio/services/http-client.js.map +1 -1
- package/dist/creatio/services/metadata-store.d.ts +5 -0
- package/dist/creatio/services/metadata-store.d.ts.map +1 -1
- package/dist/creatio/services/metadata-store.js +18 -6
- package/dist/creatio/services/metadata-store.js.map +1 -1
- package/dist/creatio/services/odata-crud-provider.d.ts +3 -1
- package/dist/creatio/services/odata-crud-provider.d.ts.map +1 -1
- package/dist/creatio/services/odata-crud-provider.js +31 -8
- package/dist/creatio/services/odata-crud-provider.js.map +1 -1
- package/dist/server/http/creatio-oauth-handlers.d.ts +0 -1
- package/dist/server/http/creatio-oauth-handlers.d.ts.map +1 -1
- package/dist/server/http/creatio-oauth-handlers.js +30 -23
- package/dist/server/http/creatio-oauth-handlers.js.map +1 -1
- package/dist/server/http/httpServer.d.ts +9 -0
- package/dist/server/http/httpServer.d.ts.map +1 -1
- package/dist/server/http/httpServer.js +34 -11
- package/dist/server/http/httpServer.js.map +1 -1
- package/dist/server/http/mcp-handlers.d.ts.map +1 -1
- package/dist/server/http/mcp-handlers.js +4 -1
- package/dist/server/http/mcp-handlers.js.map +1 -1
- package/dist/server/http/mcp-oauth-handlers.d.ts.map +1 -1
- package/dist/server/http/mcp-oauth-handlers.js +18 -6
- package/dist/server/http/mcp-oauth-handlers.js.map +1 -1
- package/dist/server/http/middleware.d.ts +7 -0
- package/dist/server/http/middleware.d.ts.map +1 -1
- package/dist/server/http/middleware.js +23 -0
- package/dist/server/http/middleware.js.map +1 -1
- package/dist/server/http/rate-limiter.d.ts +24 -0
- package/dist/server/http/rate-limiter.d.ts.map +1 -0
- package/dist/server/http/rate-limiter.js +42 -0
- package/dist/server/http/rate-limiter.js.map +1 -0
- package/dist/server/mcp/creatio-rest.d.ts +44 -0
- package/dist/server/mcp/creatio-rest.d.ts.map +1 -0
- package/dist/server/mcp/creatio-rest.js +26 -0
- package/dist/server/mcp/creatio-rest.js.map +1 -0
- package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts +55 -0
- package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts.map +1 -0
- package/dist/server/mcp/crtmcp/crt-mcp-client.js +67 -0
- package/dist/server/mcp/crtmcp/crt-mcp-client.js.map +1 -0
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts +20 -0
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts.map +1 -0
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js +74 -0
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js.map +1 -0
- package/dist/server/mcp/dataforge/dataforge-client.d.ts +64 -0
- package/dist/server/mcp/dataforge/dataforge-client.d.ts.map +1 -0
- package/dist/server/mcp/dataforge/dataforge-client.js +130 -0
- package/dist/server/mcp/dataforge/dataforge-client.js.map +1 -0
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts +17 -0
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts.map +1 -0
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.js +42 -0
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.js.map +1 -0
- package/dist/server/mcp/filters.d.ts.map +1 -1
- package/dist/server/mcp/filters.js +20 -4
- package/dist/server/mcp/filters.js.map +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-client.d.ts +50 -0
- package/dist/server/mcp/globalsearch/globalsearch-client.d.ts.map +1 -0
- package/dist/server/mcp/globalsearch/globalsearch-client.js +118 -0
- package/dist/server/mcp/globalsearch/globalsearch-client.js.map +1 -0
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts +16 -0
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts.map +1 -0
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js +34 -0
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js.map +1 -0
- package/dist/server/mcp/json-schema-to-zod.d.ts +3 -0
- package/dist/server/mcp/json-schema-to-zod.d.ts.map +1 -0
- package/dist/server/mcp/json-schema-to-zod.js +54 -0
- package/dist/server/mcp/json-schema-to-zod.js.map +1 -0
- package/dist/server/mcp/server.d.ts +18 -0
- package/dist/server/mcp/server.d.ts.map +1 -1
- package/dist/server/mcp/server.js +93 -25
- package/dist/server/mcp/server.js.map +1 -1
- package/dist/server/mcp/tool-preparer.d.ts +26 -0
- package/dist/server/mcp/tool-preparer.d.ts.map +1 -0
- package/dist/server/mcp/tool-preparer.js +11 -0
- package/dist/server/mcp/tool-preparer.js.map +1 -0
- package/dist/server/mcp/tools-data.d.ts +69 -10
- package/dist/server/mcp/tools-data.d.ts.map +1 -1
- package/dist/server/mcp/tools-data.js +222 -32
- package/dist/server/mcp/tools-data.js.map +1 -1
- package/dist/server/oauth/oauth-server.d.ts +0 -1
- package/dist/server/oauth/oauth-server.d.ts.map +1 -1
- package/dist/server/oauth/oauth-server.js +11 -21
- package/dist/server/oauth/oauth-server.js.map +1 -1
- package/dist/server/oauth/storage.d.ts +0 -2
- package/dist/server/oauth/storage.d.ts.map +1 -1
- package/dist/server/oauth/storage.js +0 -6
- package/dist/server/oauth/storage.js.map +1 -1
- package/dist/server/oauth/validators.d.ts +6 -0
- package/dist/server/oauth/validators.d.ts.map +1 -1
- package/dist/server/oauth/validators.js +28 -0
- package/dist/server/oauth/validators.js.map +1 -1
- package/dist/services/session-context.d.ts +8 -7
- package/dist/services/session-context.d.ts.map +1 -1
- package/dist/services/session-context.js +7 -27
- package/dist/services/session-context.js.map +1 -1
- package/package.json +18 -9
- package/.dockerignore +0 -12
- package/.editorconfig +0 -14
- package/.eslintrc.cjs +0 -18
- package/.gitattributes +0 -8
- package/.github/workflows/docker-publish.yml +0 -50
- package/.prettierignore +0 -3
- package/.prettierrc +0 -9
- package/.vscode/launch.json +0 -23
- package/.vscode/mcp.json +0 -13
- package/.vscode/settings.json +0 -16
- package/Agent.md +0 -190
- package/Debug.md +0 -32
- package/Dockerfile +0 -23
- package/docs/coding-style.md +0 -30
- package/eslint.config.cjs +0 -95
- package/src/cli.ts +0 -162
- package/src/config-builder.ts +0 -76
- package/src/consts.ts +0 -3
- package/src/creatio/auth/auth-manager.ts +0 -27
- package/src/creatio/auth/auth.ts +0 -31
- package/src/creatio/auth/index.ts +0 -3
- package/src/creatio/auth/providers/base-oauth2-provider.ts +0 -62
- package/src/creatio/auth/providers/base-provider.ts +0 -42
- package/src/creatio/auth/providers/index.ts +0 -4
- package/src/creatio/auth/providers/legacy-provider.ts +0 -70
- package/src/creatio/auth/providers/oauth2-code-provider.ts +0 -252
- package/src/creatio/auth/providers/oauth2-provider.ts +0 -91
- package/src/creatio/auth/providers/type.ts +0 -5
- package/src/creatio/client-config.ts +0 -34
- package/src/creatio/engines/admin-operation/admin-operation-engine.ts +0 -44
- package/src/creatio/engines/configuration/configuration-engine.ts +0 -26
- package/src/creatio/engines/crud/crud-engine.ts +0 -47
- package/src/creatio/engines/engine-manager.ts +0 -157
- package/src/creatio/engines/engine-registry.ts +0 -39
- package/src/creatio/engines/engine.ts +0 -3
- package/src/creatio/engines/feature/feature-engine.ts +0 -20
- package/src/creatio/engines/index.ts +0 -10
- package/src/creatio/engines/process/process-engine.ts +0 -20
- package/src/creatio/engines/sys-settings/sys-settings-engine.ts +0 -41
- package/src/creatio/engines/user/user-engine.ts +0 -20
- package/src/creatio/index.ts +0 -6
- package/src/creatio/provider-context.ts +0 -21
- package/src/creatio/providers/admin-operation-provider.ts +0 -34
- package/src/creatio/providers/configuration-provider.ts +0 -22
- package/src/creatio/providers/crud-provider.ts +0 -45
- package/src/creatio/providers/feature-provider.ts +0 -10
- package/src/creatio/providers/index.ts +0 -7
- package/src/creatio/providers/process-provider.ts +0 -15
- package/src/creatio/providers/sys-settings-provider.ts +0 -63
- package/src/creatio/providers/user-provider.ts +0 -12
- package/src/creatio/services/admin-operation-service-provider.ts +0 -115
- package/src/creatio/services/configuration-service-provider.ts +0 -127
- package/src/creatio/services/creatio-service-context.ts +0 -55
- package/src/creatio/services/feature-service-provider.ts +0 -60
- package/src/creatio/services/http-client.ts +0 -174
- package/src/creatio/services/index.ts +0 -10
- package/src/creatio/services/metadata-store.ts +0 -181
- package/src/creatio/services/odata-crud-provider.ts +0 -210
- package/src/creatio/services/process-service-provider.ts +0 -76
- package/src/creatio/services/sys-settings-service-provider.ts +0 -192
- package/src/creatio/services/user-info-provider.ts +0 -41
- package/src/index.ts +0 -44
- package/src/log.ts +0 -183
- package/src/server/http/creatio-oauth-handlers.ts +0 -146
- package/src/server/http/httpServer.ts +0 -150
- package/src/server/http/index.ts +0 -5
- package/src/server/http/mcp-handlers.ts +0 -92
- package/src/server/http/mcp-oauth-handlers.ts +0 -108
- package/src/server/http/middleware.ts +0 -91
- package/src/server/index.ts +0 -2
- package/src/server/mcp/filters.ts +0 -97
- package/src/server/mcp/index.ts +0 -1
- package/src/server/mcp/prompts-data.ts +0 -1292
- package/src/server/mcp/server.ts +0 -442
- package/src/server/mcp/tools-data.ts +0 -748
- package/src/server/oauth/client-manager.ts +0 -47
- package/src/server/oauth/index.ts +0 -6
- package/src/server/oauth/oauth-server.ts +0 -185
- package/src/server/oauth/storage.ts +0 -106
- package/src/server/oauth/token-manager.ts +0 -80
- package/src/server/oauth/types.ts +0 -55
- package/src/server/oauth/validators.ts +0 -56
- package/src/services/index.ts +0 -2
- package/src/services/session-context.ts +0 -232
- package/src/services/token-refresh-scheduler.ts +0 -68
- package/src/types/index.ts +0 -1
- package/src/types/network.ts +0 -7
- package/src/utils/context.ts +0 -49
- package/src/utils/env.ts +0 -12
- package/src/utils/index.ts +0 -5
- package/src/utils/mcp.ts +0 -8
- package/src/utils/network.ts +0 -65
- package/src/utils/pkce.ts +0 -39
- package/src/version.ts +0 -15
- package/tsconfig.json +0 -28
|
@@ -7,6 +7,7 @@ exports.CreatioOAuthHandlers = void 0;
|
|
|
7
7
|
const log_1 = __importDefault(require("../../log"));
|
|
8
8
|
const services_1 = require("../../services");
|
|
9
9
|
const utils_1 = require("../../utils");
|
|
10
|
+
const oauth_1 = require("../oauth");
|
|
10
11
|
class CreatioOAuthHandlers {
|
|
11
12
|
_sessionContext = services_1.SessionContext.instance;
|
|
12
13
|
_server;
|
|
@@ -15,14 +16,6 @@ class CreatioOAuthHandlers {
|
|
|
15
16
|
this._server = server;
|
|
16
17
|
this._oauthServer = oauthServer;
|
|
17
18
|
}
|
|
18
|
-
_mapAllSessionsToUser(userKey) {
|
|
19
|
-
const sessions = this._sessionContext.getAllSessions();
|
|
20
|
-
const sessionIds = sessions.map((s) => s.id);
|
|
21
|
-
log_1.default.info('mapping_all_sessions', { userKey, sessionCount: sessionIds.length, sessionIds });
|
|
22
|
-
for (const sessionId of sessionIds) {
|
|
23
|
-
this._sessionContext.setSessionUserKey(sessionId, userKey);
|
|
24
|
-
}
|
|
25
|
-
}
|
|
26
19
|
async handleOAuthStart(req, res) {
|
|
27
20
|
try {
|
|
28
21
|
const userKey = req.query.userKey;
|
|
@@ -32,7 +25,10 @@ class CreatioOAuthHandlers {
|
|
|
32
25
|
res.status(400).send('Missing userKey parameter. Add ?userKey=your_user_key to URL');
|
|
33
26
|
return;
|
|
34
27
|
}
|
|
35
|
-
|
|
28
|
+
// Bind the OAuth state to the session that initiated the flow (if any),
|
|
29
|
+
// so the callback maps only that session — never every active session (CWE-639).
|
|
30
|
+
const initiatingSessionId = (0, utils_1.getSessionIdFromRequest)(req) ?? undefined;
|
|
31
|
+
const state = this._sessionContext.createOAuthState(effectiveUserKey, initiatingSessionId);
|
|
36
32
|
const url = await this._server.authProvider.getAuthorizeUrl(state);
|
|
37
33
|
const mcpParams = req.query;
|
|
38
34
|
if (mcpParams.client_id && mcpParams.redirect_uri) {
|
|
@@ -53,9 +49,8 @@ class CreatioOAuthHandlers {
|
|
|
53
49
|
const code = String(req.query?.code ?? '') || String(req.body?.code ?? '');
|
|
54
50
|
const state = String(req.query?.state ?? '') || String(req.body?.state ?? '');
|
|
55
51
|
log_1.default.info('oauth.callback.start', {
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
fullState: state,
|
|
52
|
+
hasCode: !!code,
|
|
53
|
+
hasState: !!state,
|
|
59
54
|
});
|
|
60
55
|
if (!code || !state) {
|
|
61
56
|
res.status(400).send('Missing code or state');
|
|
@@ -64,36 +59,46 @@ class CreatioOAuthHandlers {
|
|
|
64
59
|
const stateParts = state.split('&');
|
|
65
60
|
const creatioState = stateParts[0];
|
|
66
61
|
log_1.default.info('oauth.callback.state_parse', {
|
|
67
|
-
originalState: state,
|
|
68
|
-
creatioState,
|
|
69
62
|
hasMcpParams: stateParts.length > 1,
|
|
70
63
|
});
|
|
71
64
|
if (!creatioState) {
|
|
72
|
-
log_1.default.error('oauth.callback.no_creatio_state'
|
|
65
|
+
log_1.default.error('oauth.callback.no_creatio_state');
|
|
73
66
|
res.status(400).send('Invalid state format');
|
|
74
67
|
return;
|
|
75
68
|
}
|
|
76
|
-
const
|
|
77
|
-
if (!
|
|
78
|
-
log_1.default.error('oauth.callback.creatio_state_invalid'
|
|
69
|
+
const stateResult = this._sessionContext.validateAndConsumeOAuthState(creatioState);
|
|
70
|
+
if (!stateResult) {
|
|
71
|
+
log_1.default.error('oauth.callback.creatio_state_invalid');
|
|
79
72
|
res.status(400).send('Unknown or expired state');
|
|
80
73
|
return;
|
|
81
74
|
}
|
|
75
|
+
const { userKey, sessionId: boundSessionId } = stateResult;
|
|
82
76
|
await (0, utils_1.runWithContext)({ userKey }, async () => this._server.authProvider.finishAuthorization(code));
|
|
83
|
-
this.
|
|
77
|
+
// Map ONLY the session that initiated this flow, if it still exists.
|
|
78
|
+
// Bearer-token MCP clients carry their identity in the issued JWT and need
|
|
79
|
+
// no session mapping at all.
|
|
80
|
+
if (boundSessionId && this._sessionContext.hasSession(boundSessionId)) {
|
|
81
|
+
this._sessionContext.mapSessionToUser(boundSessionId, userKey);
|
|
82
|
+
}
|
|
84
83
|
const stateParams = new URLSearchParams(state);
|
|
85
84
|
const clientId = stateParams.get('client_id');
|
|
86
85
|
const redirectUri = stateParams.get('redirect_uri');
|
|
87
86
|
const codeChallenge = stateParams.get('code_challenge');
|
|
88
87
|
if (clientId && redirectUri && codeChallenge) {
|
|
88
|
+
// Re-validate the redirect target before emitting any redirect: the MCP params
|
|
89
|
+
// are appended to the state in plaintext and must not be trusted blindly (CWE-601).
|
|
90
|
+
if (!oauth_1.OAuthValidators.isAllowedRedirectUri(redirectUri)) {
|
|
91
|
+
log_1.default.error('oauth.callback.redirect_uri_disallowed', { clientId });
|
|
92
|
+
res.status(400).send('Disallowed redirect_uri');
|
|
93
|
+
return;
|
|
94
|
+
}
|
|
89
95
|
const mcpState = stateParams.get('mcp_state');
|
|
90
96
|
log_1.default.info('oauth.callback.state_validation', {
|
|
91
|
-
mcpState,
|
|
92
97
|
clientId,
|
|
93
98
|
hasState: !!mcpState,
|
|
94
99
|
});
|
|
95
100
|
if (mcpState && !this._oauthServer.validateState(mcpState, clientId)) {
|
|
96
|
-
log_1.default.error('oauth.callback.state_invalid', {
|
|
101
|
+
log_1.default.error('oauth.callback.state_invalid', { clientId });
|
|
97
102
|
const errorUrl = new URL(redirectUri);
|
|
98
103
|
errorUrl.searchParams.set('error', 'invalid_request');
|
|
99
104
|
errorUrl.searchParams.set('error_description', 'Unknown or expired state');
|
|
@@ -119,9 +124,11 @@ class CreatioOAuthHandlers {
|
|
|
119
124
|
}
|
|
120
125
|
async handleOAuthRevoke(req, res) {
|
|
121
126
|
try {
|
|
122
|
-
|
|
127
|
+
// Identity comes ONLY from the validated Bearer token (set by bearerAuth middleware).
|
|
128
|
+
// A caller must never be able to revoke another user's tokens via ?userKey= (CWE-639).
|
|
129
|
+
const userKey = req.userKey;
|
|
123
130
|
if (!userKey) {
|
|
124
|
-
res.status(
|
|
131
|
+
res.status(401).send('Valid Bearer token required');
|
|
125
132
|
return;
|
|
126
133
|
}
|
|
127
134
|
await (0, utils_1.runWithContext)({ userKey }, async () => this._server.authProvider.revoke());
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"creatio-oauth-handlers.js","sourceRoot":"","sources":["../../../src/server/http/creatio-oauth-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAC5B,6CAAgD;AAChD,
|
|
1
|
+
{"version":3,"file":"creatio-oauth-handlers.js","sourceRoot":"","sources":["../../../src/server/http/creatio-oauth-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAC5B,6CAAgD;AAChD,uCAAsE;AACtE,oCAA2C;AAM3C,MAAa,oBAAoB;IACf,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,OAAO,CAAS;IAChB,YAAY,CAAc;IAE3C,YAAY,MAAc,EAAE,WAAwB;QACnD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,GAAY,EAAE,GAAa;QACxD,IAAI,CAAC;YACJ,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,OAAiB,CAAC;YAC5C,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,OAAiB,CAAC;YAC5C,MAAM,gBAAgB,GAAG,OAAO,IAAI,OAAO,CAAC;YAC5C,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACvB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CACnB,8DAA8D,CAC9D,CAAC;gBACF,OAAO;YACR,CAAC;YACD,wEAAwE;YACxE,iFAAiF;YACjF,MAAM,mBAAmB,GAAG,IAAA,+BAAuB,EAAC,GAAG,CAAC,IAAI,SAAS,CAAC;YACtE,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,gBAAgB,CAClD,gBAAgB,EAChB,mBAAmB,CACnB,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,GAAG,CAAC,KAAY,CAAC;YACnC,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;gBACnD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC5B,MAAM,YAAY,GAAG,GAAG,KAAK,cAAc,SAAS,CAAC,SAAS,iBAAiB,kBAAkB,CAAC,SAAS,CAAC,YAAY,CAAC,mBAAmB,SAAS,CAAC,cAAc,0BAA0B,SAAS,CAAC,qBAAqB,cAAc,SAAS,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;gBACnQ,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;gBAC/C,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACxB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YACnB,aAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;YACvE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAC5C,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,GAAY,EAAE,GAAa;QAC3D,IAAI,CAAC;YACJ,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC,IAAI,MAAM,CAAE,GAAW,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;YACpF,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI,MAAM,CAAE,GAAW,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;YACvF,aAAG,CAAC,IAAI,CAAC,sBAAsB,EAAE;gBAChC,OAAO,EAAE,CAAC,CAAC,IAAI;gBACf,QAAQ,EAAE,CAAC,CAAC,KAAK;aACjB,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;gBAC9C,OAAO;YACR,CAAC;YACD,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpC,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YACnC,aAAG,CAAC,IAAI,CAAC,4BAA4B,EAAE;gBACtC,YAAY,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;aACnC,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,EAAE,CAAC;gBACnB,aAAG,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;gBAC7C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;gBAC7C,OAAO;YACR,CAAC;YACD,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC,4BAA4B,CAAC,YAAY,CAAC,CAAC;YACpF,IAAI,CAAC,WAAW,EAAE,CAAC;gBAClB,aAAG,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;gBAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;gBACjD,OAAO;YACR,CAAC;YACD,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,GAAG,WAAW,CAAC;YAC3D,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,EAAE,KAAK,IAAI,EAAE,CAC5C,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,mBAAmB,CAAC,IAAI,CAAC,CACnD,CAAC;YACF,qEAAqE;YACrE,2EAA2E;YAC3E,6BAA6B;YAC7B,IAAI,cAAc,IAAI,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;gBACvE,IAAI,CAAC,eAAe,CAAC,gBAAgB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YAChE,CAAC;YACD,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC;YAC/C,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YAC9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACpD,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YACxD,IAAI,QAAQ,IAAI,WAAW,IAAI,aAAa,EAAE,CAAC;gBAC9C,+EAA+E;gBAC/E,oFAAoF;gBACpF,IAAI,CAAC,uBAAe,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE,CAAC;oBACxD,aAAG,CAAC,KAAK,CAAC,wCAAwC,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;oBAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;oBAChD,OAAO;gBACR,CAAC;gBACD,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBAC9C,aAAG,CAAC,IAAI,CAAC,iCAAiC,EAAE;oBAC3C,QAAQ;oBACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;iBACpB,CAAC,CAAC;gBACH,IAAI,QAAQ,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;oBACtE,aAAG,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;oBACxD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;oBACtC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;oBACtD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,0BAA0B,CAAC,CAAC;oBAC3E,IAAI,QAAQ,EAAE,CAAC;wBACd,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;oBAC9C,CAAC;oBACD,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1C,CAAC;gBACD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,yBAAyB,CAC3D,QAAQ,EACR,WAAW,EACX,aAAa,EACb,WAAW,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,MAAM,EAClD,OAAO,CACP,CAAC;gBACF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;gBACzC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBAC/C,IAAI,QAAQ,EAAE,CAAC;oBACd,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBACjD,CAAC;gBACD,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YACnB,aAAG,CAAC,KAAK,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;YAC1E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAC/C,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,GAAY,EAAE,GAAa;QACzD,IAAI,CAAC;YACJ,sFAAsF;YACtF,uFAAuF;YACvF,MAAM,OAAO,GAAI,GAAW,CAAC,OAA6B,CAAC;YAC3D,IAAI,CAAC,OAAO,EAAE,CAAC;gBACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;gBACpD,OAAO;YACR,CAAC;YACD,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;YAClF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YACnB,aAAG,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;YACxE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAC7C,CAAC;IACF,CAAC;CACD;AAjJD,oDAiJC"}
|
|
@@ -1,15 +1,24 @@
|
|
|
1
|
+
import express from 'express';
|
|
1
2
|
import type { Server } from '../mcp';
|
|
2
3
|
export declare class HttpServer {
|
|
4
|
+
private static readonly CLEANUP_INTERVAL_MS;
|
|
5
|
+
private static readonly BODY_LIMIT;
|
|
6
|
+
private static readonly RATE_LIMIT_AUTH_FLOW;
|
|
7
|
+
private static readonly RATE_LIMIT_TOKEN;
|
|
8
|
+
private static readonly RATE_LIMIT_REGISTER;
|
|
9
|
+
private static readonly RATE_LIMIT_REVOKE;
|
|
3
10
|
private readonly _server;
|
|
4
11
|
private readonly _app;
|
|
5
12
|
private readonly _connections;
|
|
6
13
|
private _srv;
|
|
14
|
+
private _cleanupTimer;
|
|
7
15
|
private readonly _sessionContext;
|
|
8
16
|
private readonly _oauthServer;
|
|
9
17
|
private readonly _middleware;
|
|
10
18
|
private readonly _mcpHandlers;
|
|
11
19
|
private readonly _creatioOauthHandlers;
|
|
12
20
|
private readonly _mcpOauthHandlers;
|
|
21
|
+
get app(): express.Express;
|
|
13
22
|
constructor(server: Server);
|
|
14
23
|
private _setupMiddleware;
|
|
15
24
|
private _setupRoutes;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"httpServer.d.ts","sourceRoot":"","sources":["../../../src/server/http/httpServer.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"httpServer.d.ts","sourceRoot":"","sources":["../../../src/server/http/httpServer.ts"],"names":[],"mappings":"AAGA,OAAO,OAAO,MAAM,SAAS,CAAC;AAa9B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAErC,qBAAa,UAAU;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAiB;IAG5D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAsC;IAExE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAiC;IAC7E,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAiC;IACzE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAiC;IAC5E,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAiC;IAC1E,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAClD,OAAO,CAAC,IAAI,CAAe;IAC3B,OAAO,CAAC,aAAa,CAA6B;IAClD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA2B;IAC3D,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAiB;IAC7C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAuB;IAC7D,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAmB;IAErD,IAAW,GAAG,IAAI,OAAO,CAAC,OAAO,CAEhC;gBAEW,MAAM,EAAE,MAAM;IAW1B,OAAO,CAAC,gBAAgB;IAWxB,OAAO,CAAC,YAAY;IAQpB,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,eAAe;IAIvB,OAAO,CAAC,2BAA2B;IAmBnC,OAAO,CAAC,uBAAuB;IAqBxB,KAAK,CAAC,IAAI,EAAE,MAAM;IA0BZ,IAAI;CAoCjB"}
|
|
@@ -8,22 +8,36 @@ const express_1 = __importDefault(require("express"));
|
|
|
8
8
|
const creatio_1 = require("../../creatio/");
|
|
9
9
|
const log_1 = __importDefault(require("../../log"));
|
|
10
10
|
const services_1 = require("../../services");
|
|
11
|
+
const utils_1 = require("../../utils");
|
|
11
12
|
const oauth_1 = require("../oauth");
|
|
12
13
|
const creatio_oauth_handlers_1 = require("./creatio-oauth-handlers");
|
|
13
14
|
const mcp_handlers_1 = require("./mcp-handlers");
|
|
14
15
|
const mcp_oauth_handlers_1 = require("./mcp-oauth-handlers");
|
|
15
16
|
const middleware_1 = require("./middleware");
|
|
16
17
|
class HttpServer {
|
|
18
|
+
static CLEANUP_INTERVAL_MS = 5 * 60 * 1000;
|
|
19
|
+
// Generous, configurable cap so large CRM payloads/filters are not truncated.
|
|
20
|
+
// DoS on the OAuth surface is handled by the rate limiter (frequency), not body size.
|
|
21
|
+
static BODY_LIMIT = (0, utils_1.env)('MCP_MAX_BODY_SIZE') || '10mb';
|
|
22
|
+
// Per-route fixed-window limits (per client IP) for the unauthenticated OAuth surface.
|
|
23
|
+
static RATE_LIMIT_AUTH_FLOW = { windowMs: 60_000, max: 60 };
|
|
24
|
+
static RATE_LIMIT_TOKEN = { windowMs: 60_000, max: 30 };
|
|
25
|
+
static RATE_LIMIT_REGISTER = { windowMs: 60_000, max: 10 };
|
|
26
|
+
static RATE_LIMIT_REVOKE = { windowMs: 60_000, max: 20 };
|
|
17
27
|
_server;
|
|
18
28
|
_app = (0, express_1.default)();
|
|
19
29
|
_connections = new Set();
|
|
20
30
|
_srv;
|
|
31
|
+
_cleanupTimer;
|
|
21
32
|
_sessionContext = services_1.SessionContext.instance;
|
|
22
33
|
_oauthServer;
|
|
23
34
|
_middleware;
|
|
24
35
|
_mcpHandlers;
|
|
25
36
|
_creatioOauthHandlers;
|
|
26
37
|
_mcpOauthHandlers;
|
|
38
|
+
get app() {
|
|
39
|
+
return this._app;
|
|
40
|
+
}
|
|
27
41
|
constructor(server) {
|
|
28
42
|
this._server = server;
|
|
29
43
|
this._oauthServer = new oauth_1.OAuthServer();
|
|
@@ -37,8 +51,8 @@ class HttpServer {
|
|
|
37
51
|
_setupMiddleware() {
|
|
38
52
|
this._app.use(this._middleware.correlationId());
|
|
39
53
|
this._app.use(this._middleware.requestLogging());
|
|
40
|
-
this._app.use(express_1.default.json());
|
|
41
|
-
this._app.use(express_1.default.urlencoded({ extended: true }));
|
|
54
|
+
this._app.use(express_1.default.json({ limit: HttpServer.BODY_LIMIT }));
|
|
55
|
+
this._app.use(express_1.default.urlencoded({ extended: true, limit: HttpServer.BODY_LIMIT }));
|
|
42
56
|
if (this._isNeedMCPOAuth()) {
|
|
43
57
|
this._app.use('/mcp', this._middleware.bearerAuth());
|
|
44
58
|
}
|
|
@@ -60,15 +74,15 @@ class HttpServer {
|
|
|
60
74
|
return this._server.authProvider.type === creatio_1.AuthProviderType.OAuth2Code;
|
|
61
75
|
}
|
|
62
76
|
_setupCreatioOAuthEndpoints() {
|
|
63
|
-
this._app.get('/oauth/start', (req, res) => this._creatioOauthHandlers.handleOAuthStart(req, res));
|
|
64
|
-
this._app.get('/oauth/callback', (req, res) => this._creatioOauthHandlers.handleOAuthCallback(req, res));
|
|
65
|
-
this._app.post('/oauth/revoke', (req, res) => this._creatioOauthHandlers.handleOAuthRevoke(req, res));
|
|
77
|
+
this._app.get('/oauth/start', this._middleware.rateLimit(HttpServer.RATE_LIMIT_AUTH_FLOW), (req, res) => this._creatioOauthHandlers.handleOAuthStart(req, res));
|
|
78
|
+
this._app.get('/oauth/callback', this._middleware.rateLimit(HttpServer.RATE_LIMIT_AUTH_FLOW), (req, res) => this._creatioOauthHandlers.handleOAuthCallback(req, res));
|
|
79
|
+
this._app.post('/oauth/revoke', this._middleware.rateLimit(HttpServer.RATE_LIMIT_REVOKE), this._middleware.bearerAuth(), (req, res) => this._creatioOauthHandlers.handleOAuthRevoke(req, res));
|
|
66
80
|
}
|
|
67
81
|
_setupMCPOAuthEndpoints() {
|
|
68
82
|
this._app.get('/.well-known/oauth-authorization-server', (req, res) => this._mcpOauthHandlers.handleMetadata(req, res));
|
|
69
|
-
this._app.post('/register', (req, res) => this._mcpOauthHandlers.handleClientRegistration(req, res));
|
|
70
|
-
this._app.get('/authorize', (req, res) => this._mcpOauthHandlers.handleAuthorization(req, res));
|
|
71
|
-
this._app.post('/token', (req, res) => this._mcpOauthHandlers.handleTokenExchange(req, res));
|
|
83
|
+
this._app.post('/register', this._middleware.rateLimit(HttpServer.RATE_LIMIT_REGISTER), (req, res) => this._mcpOauthHandlers.handleClientRegistration(req, res));
|
|
84
|
+
this._app.get('/authorize', this._middleware.rateLimit(HttpServer.RATE_LIMIT_AUTH_FLOW), (req, res) => this._mcpOauthHandlers.handleAuthorization(req, res));
|
|
85
|
+
this._app.post('/token', this._middleware.rateLimit(HttpServer.RATE_LIMIT_TOKEN), (req, res) => this._mcpOauthHandlers.handleTokenExchange(req, res));
|
|
72
86
|
}
|
|
73
87
|
start(port) {
|
|
74
88
|
return new Promise((resolve, reject) => {
|
|
@@ -86,13 +100,22 @@ class HttpServer {
|
|
|
86
100
|
this._connections.add(socket);
|
|
87
101
|
socket.once('close', () => this._connections.delete(socket));
|
|
88
102
|
});
|
|
103
|
+
// Periodically evict expired OAuth codes/states so these maps stay bounded
|
|
104
|
+
// over a long-running process. Unref'd so it never holds the event loop open.
|
|
105
|
+
this._cleanupTimer = setInterval(() => {
|
|
106
|
+
this._oauthServer.cleanup();
|
|
107
|
+
this._sessionContext.cleanupExpiredOAuthStates();
|
|
108
|
+
}, HttpServer.CLEANUP_INTERVAL_MS);
|
|
109
|
+
this._cleanupTimer.unref();
|
|
89
110
|
});
|
|
90
111
|
}
|
|
91
112
|
async stop() {
|
|
113
|
+
if (this._cleanupTimer) {
|
|
114
|
+
clearInterval(this._cleanupTimer);
|
|
115
|
+
this._cleanupTimer = undefined;
|
|
116
|
+
}
|
|
92
117
|
try {
|
|
93
|
-
|
|
94
|
-
this._server.authProvider.cancelAllRefresh();
|
|
95
|
-
}
|
|
118
|
+
this._server.authProvider.cancelAllRefresh();
|
|
96
119
|
}
|
|
97
120
|
catch (err) {
|
|
98
121
|
log_1.default.warn('token_refresh_cleanup_failed', { error: String(err) });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"httpServer.js","sourceRoot":"","sources":["../../../src/server/http/httpServer.ts"],"names":[],"mappings":";;;;;;AAGA,sDAA8B;AAE9B,4CAAkD;AAClD,oDAA4B;AAC5B,6CAAgD;AAChD,oCAAuC;AAEvC,qEAAgE;AAChE,iDAA6C;AAC7C,6DAAwD;AACxD,6CAA8C;AAI9C,MAAa,UAAU;
|
|
1
|
+
{"version":3,"file":"httpServer.js","sourceRoot":"","sources":["../../../src/server/http/httpServer.ts"],"names":[],"mappings":";;;;;;AAGA,sDAA8B;AAE9B,4CAAkD;AAClD,oDAA4B;AAC5B,6CAAgD;AAChD,uCAAkC;AAClC,oCAAuC;AAEvC,qEAAgE;AAChE,iDAA6C;AAC7C,6DAAwD;AACxD,6CAA8C;AAI9C,MAAa,UAAU;IACd,MAAM,CAAU,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAC5D,8EAA8E;IAC9E,sFAAsF;IAC9E,MAAM,CAAU,UAAU,GAAG,IAAA,WAAG,EAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC;IACxE,uFAAuF;IAC/E,MAAM,CAAU,oBAAoB,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC;IACrE,MAAM,CAAU,gBAAgB,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC;IACjE,MAAM,CAAU,mBAAmB,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC;IACpE,MAAM,CAAU,iBAAiB,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC;IACzD,OAAO,CAAS;IAChB,IAAI,GAAG,IAAA,iBAAO,GAAE,CAAC;IACjB,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IAC1C,IAAI,CAAe;IACnB,aAAa,CAA6B;IACjC,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,YAAY,CAAc;IAC1B,WAAW,CAAiB;IAC5B,YAAY,CAAc;IAC1B,qBAAqB,CAAuB;IAC5C,iBAAiB,CAAmB;IAErD,IAAW,GAAG;QACb,OAAO,IAAI,CAAC,IAAI,CAAC;IAClB,CAAC;IAED,YAAY,MAAc;QACzB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,YAAY,GAAG,IAAI,mBAAW,EAAE,CAAC;QACtC,IAAI,CAAC,WAAW,GAAG,IAAI,2BAAc,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzD,IAAI,CAAC,YAAY,GAAG,IAAI,0BAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,qBAAqB,GAAG,IAAI,6CAAoB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACvF,IAAI,CAAC,iBAAiB,GAAG,IAAI,qCAAgB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,YAAY,EAAE,CAAC;IACrB,CAAC;IAEO,gBAAgB;QACvB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACpF,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC;QACtD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC,CAAC;IAChD,CAAC;IAEO,YAAY;QACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,2BAA2B,EAAE,CAAC;YACnC,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAChC,CAAC;IACF,CAAC;IAEO,kBAAkB;QACzB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QAChF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACtF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1F,CAAC;IAEO,eAAe;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,KAAK,0BAAgB,CAAC,UAAU,CAAC;IACvE,CAAC;IAEO,2BAA2B;QAClC,IAAI,CAAC,IAAI,CAAC,GAAG,CACZ,cAAc,EACd,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAC3D,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CACnE,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,GAAG,CACZ,iBAAiB,EACjB,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAC3D,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CACtE,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,IAAI,CACb,eAAe,EACf,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,UAAU,CAAC,iBAAiB,CAAC,EACxD,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,EAC7B,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,qBAAqB,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CACpE,CAAC;IACH,CAAC;IAEO,uBAAuB;QAC9B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CACrE,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAC/C,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,IAAI,CACb,WAAW,EACX,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,UAAU,CAAC,mBAAmB,CAAC,EAC1D,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,wBAAwB,CAAC,GAAG,EAAE,GAAG,CAAC,CACvE,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,GAAG,CACZ,YAAY,EACZ,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAC3D,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAClE,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,IAAI,CACb,QAAQ,EACR,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,UAAU,CAAC,gBAAgB,CAAC,EACvD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAClE,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,IAAY;QACxB,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC5C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;gBACvC,aAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACpB,OAAO,EAAE,CAAC;YACX,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC;YAC7E,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC7B,aAAG,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC5D,MAAM,CAAC,GAAG,CAAC,CAAC;YACb,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAc,EAAE,EAAE;gBAC7C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9D,CAAC,CAAC,CAAC;YACH,2EAA2E;YAC3E,8EAA8E;YAC9E,IAAI,CAAC,aAAa,GAAG,WAAW,CAAC,GAAG,EAAE;gBACrC,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;gBAC5B,IAAI,CAAC,eAAe,CAAC,yBAAyB,EAAE,CAAC;YAClD,CAAC,EAAE,UAAU,CAAC,mBAAmB,CAAC,CAAC;YACnC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;QAC5B,CAAC,CAAC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAClC,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;QAChC,CAAC;QACD,IAAI,CAAC;YACJ,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,aAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC;gBACJ,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;oBACnC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;gBAClC,CAAC,CAAC,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;QACF,CAAC;QACD,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC;gBACJ,MAAM,CAAC,OAAO,EAAE,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC;QACvD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC;gBACJ,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAC5B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnF,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAChD,CAAC;IACF,CAAC;;AAvKF,gCAwKC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-handlers.d.ts","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,qBAAa,WAAW;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA2B;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,MAAM;IAIb,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAmDzD,oBAAoB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"mcp-handlers.d.ts","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,qBAAa,WAAW;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA2B;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,MAAM;IAIb,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAmDzD,oBAAoB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;CAmB7E"}
|
|
@@ -74,7 +74,10 @@ class McpHandlers {
|
|
|
74
74
|
res.status(400).send('Session has no transport');
|
|
75
75
|
return;
|
|
76
76
|
}
|
|
77
|
-
|
|
77
|
+
// Prefer the validated Bearer identity and the session's own mapping over any
|
|
78
|
+
// caller-supplied ?userKey=/x-user-key, which must not override an authenticated
|
|
79
|
+
// identity (CWE-639).
|
|
80
|
+
const userKey = req.userKey || session?.userKey || (0, utils_1.getUserKeyFromRequest)(req);
|
|
78
81
|
await (0, utils_1.runWithContext)({ userKey, sessionId }, async () => transport.handleRequest(req, res));
|
|
79
82
|
}
|
|
80
83
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-handlers.js","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AAEzC,0FAAmG;AACnG,iEAAyE;AAEzE,oDAA4B;AAC5B,6CAAgD;AAChD,uCAKqB;AAKrB,MAAa,WAAW;IACN,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,OAAO,CAAS;IAEjC,YAAY,MAAc;QACzB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,GAAY,EAAE,GAAa;QACrD,MAAM,SAAS,GAAG,IAAA,+BAAuB,EAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,aAAa,GAAI,GAAW,CAAC,OAAO,CAAC;QAC3C,IAAI,SAAoD,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;QAClC,IAAI,SAAS,IAAI,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAC3D,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;YAC/B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAClC,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;gBACpD,aAAG,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,CAAC;QACF,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC7C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE;oBAC7B,IAAI,SAAS,EAAE,CAAC;wBACf,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CACjD,GAAG,EACH,aAAa,EACb,QAAQ,CACR,CAAC;wBACF,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;wBACzD,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;wBAC9C,aAAG,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC3C,CAAC;gBACF,CAAC;aACD,CAAC,CAAC;YACH,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACxB,IAAI,SAAS,EAAE,SAAS,EAAE,CAAC;oBAC1B,aAAG,CAAC,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC7D,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;gBACzD,CAAC;YACF,CAAC,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,GAAG,CAAC,OAAO,CAAC,SAAgB,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,2CAA2C,EAAE;gBAC7E,EAAE,EAAE,IAAI;aACR,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,aAAa,IAAI,OAAO,EAAE,OAAO,CAAC;QAClD,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,KAAK,IAAI,EAAE,CACvD,SAAU,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAC5C,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAAC,GAAY,EAAE,GAAa;QAC5D,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YACtD,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;QACrC,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YACjD,OAAO;QACR,CAAC;QACD,MAAM,OAAO,
|
|
1
|
+
{"version":3,"file":"mcp-handlers.js","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AAEzC,0FAAmG;AACnG,iEAAyE;AAEzE,oDAA4B;AAC5B,6CAAgD;AAChD,uCAKqB;AAKrB,MAAa,WAAW;IACN,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,OAAO,CAAS;IAEjC,YAAY,MAAc;QACzB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,GAAY,EAAE,GAAa;QACrD,MAAM,SAAS,GAAG,IAAA,+BAAuB,EAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,aAAa,GAAI,GAAW,CAAC,OAAO,CAAC;QAC3C,IAAI,SAAoD,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;QAClC,IAAI,SAAS,IAAI,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAC3D,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;YAC/B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAClC,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;gBACpD,aAAG,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,CAAC;QACF,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC7C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE;oBAC7B,IAAI,SAAS,EAAE,CAAC;wBACf,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CACjD,GAAG,EACH,aAAa,EACb,QAAQ,CACR,CAAC;wBACF,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;wBACzD,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;wBAC9C,aAAG,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC3C,CAAC;gBACF,CAAC;aACD,CAAC,CAAC;YACH,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACxB,IAAI,SAAS,EAAE,SAAS,EAAE,CAAC;oBAC1B,aAAG,CAAC,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC7D,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;gBACzD,CAAC;YACF,CAAC,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,GAAG,CAAC,OAAO,CAAC,SAAgB,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,2CAA2C,EAAE;gBAC7E,EAAE,EAAE,IAAI;aACR,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,aAAa,IAAI,OAAO,EAAE,OAAO,CAAC;QAClD,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,KAAK,IAAI,EAAE,CACvD,SAAU,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAC5C,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAAC,GAAY,EAAE,GAAa;QAC5D,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YACtD,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;QACrC,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YACjD,OAAO;QACR,CAAC;QACD,8EAA8E;QAC9E,iFAAiF;QACjF,sBAAsB;QACtB,MAAM,OAAO,GACX,GAAW,CAAC,OAAO,IAAI,OAAO,EAAE,OAAO,IAAI,IAAA,6BAAqB,EAAC,GAAU,CAAC,CAAC;QAC/E,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,KAAK,IAAI,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAC7F,CAAC;CACD;AA9ED,kCA8EC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-oauth-handlers.d.ts","sourceRoot":"","sources":["../../../src/server/http/mcp-oauth-handlers.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,qBAAa,gBAAgB;IAC5B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;gBAE/B,WAAW,EAAE,WAAW;IAI7B,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,IAAI;IAKjD,wBAAwB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,QAAQ,GAAG,IAAI;IAqBhE,mBAAmB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"mcp-oauth-handlers.d.ts","sourceRoot":"","sources":["../../../src/server/http/mcp-oauth-handlers.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,qBAAa,gBAAgB;IAC5B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;gBAE/B,WAAW,EAAE,WAAW;IAI7B,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,IAAI;IAKjD,wBAAwB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,QAAQ,GAAG,IAAI;IAqBhE,mBAAmB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAkD/D,mBAAmB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;CA4BvF"}
|
|
@@ -48,6 +48,22 @@ class MCPOAuthHandlers {
|
|
|
48
48
|
code_challenge_method: req.query.code_challenge_method,
|
|
49
49
|
scope: req.query.scope,
|
|
50
50
|
};
|
|
51
|
+
// Never redirect to an unvalidated target. If the redirect_uri is missing or
|
|
52
|
+
// not allow-listed, fail closed with a direct error response (CWE-601).
|
|
53
|
+
if (!params.redirect_uri || !validators_1.OAuthValidators.isAllowedRedirectUri(params.redirect_uri)) {
|
|
54
|
+
res.status(400).json({
|
|
55
|
+
error: 'invalid_request',
|
|
56
|
+
error_description: 'Missing or disallowed redirect_uri',
|
|
57
|
+
});
|
|
58
|
+
return;
|
|
59
|
+
}
|
|
60
|
+
// state is mandatory: it is the CSRF / session-binding control for the flow (CWE-352).
|
|
61
|
+
if (!params.state) {
|
|
62
|
+
const errorUrl = new URL(params.redirect_uri);
|
|
63
|
+
errorUrl.searchParams.set('error', 'invalid_request');
|
|
64
|
+
errorUrl.searchParams.set('error_description', 'state parameter is required');
|
|
65
|
+
return res.redirect(errorUrl.toString());
|
|
66
|
+
}
|
|
51
67
|
const validationError = this._oauthServer.validateAuthorizationRequest(params);
|
|
52
68
|
if (validationError) {
|
|
53
69
|
const errorUrl = new URL(params.redirect_uri);
|
|
@@ -55,14 +71,10 @@ class MCPOAuthHandlers {
|
|
|
55
71
|
if (validationError.error_description) {
|
|
56
72
|
errorUrl.searchParams.set('error_description', validationError.error_description);
|
|
57
73
|
}
|
|
58
|
-
|
|
59
|
-
errorUrl.searchParams.set('state', params.state);
|
|
60
|
-
}
|
|
74
|
+
errorUrl.searchParams.set('state', params.state);
|
|
61
75
|
return res.redirect(errorUrl.toString());
|
|
62
76
|
}
|
|
63
|
-
|
|
64
|
-
this._oauthServer.storeState(params.state, params.client_id);
|
|
65
|
-
}
|
|
77
|
+
this._oauthServer.storeState(params.state, params.client_id);
|
|
66
78
|
const authKey = (0, node_crypto_1.randomUUID)();
|
|
67
79
|
const creatioAuthUrl = `/oauth/start?authKey=${authKey}&client_id=${params.client_id}&redirect_uri=${encodeURIComponent(params.redirect_uri)}&code_challenge=${params.code_challenge}&code_challenge_method=${params.code_challenge_method}&state=${params.state || ''}`;
|
|
68
80
|
res.redirect(creatioAuthUrl);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-oauth-handlers.js","sourceRoot":"","sources":["../../../src/server/http/mcp-oauth-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AAEzC,oDAA4B;AAC5B,oDAAsD;AAKtD,MAAa,gBAAgB;IACX,YAAY,CAAc;IAE3C,YAAY,WAAwB;QACnC,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;IACjC,CAAC;IAEM,cAAc,CAAC,GAAY,EAAE,GAAa;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,8BAA8B,EAAE,CAAC;QACpE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpB,CAAC;IAEM,wBAAwB,CAAC,GAAY,EAAE,GAAa;QAC1D,IAAI,CAAC;YACJ,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YACnC,MAAM,eAAe,GAAG,4BAAe,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;YAClF,IAAI,eAAe,EAAE,CAAC;gBACrB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC3B,KAAK,EAAE,iBAAiB;oBACxB,iBAAiB,EAAE,eAAe;iBAClC,CAAC,CAAC;YACJ,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;YAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,aAAG,CAAC,KAAK,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,2BAA2B;aAC9C,CAAC,CAAC;QACJ,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,GAAY,EAAE,GAAa;QAC3D,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG;gBACd,SAAS,EAAE,GAAG,CAAC,KAAK,CAAC,SAAmB;gBACxC,YAAY,EAAE,GAAG,CAAC,KAAK,CAAC,YAAsB;gBAC9C,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,aAAuB;gBAChD,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,KAAe;gBAChC,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,cAAwB;gBAClD,qBAAqB,EAAE,GAAG,CAAC,KAAK,CAAC,qBAA+B;gBAChE,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,KAAe;aAChC,CAAC;YACF,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC;YAC/E,IAAI,eAAe,EAAE,CAAC;gBACrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC9C,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC;gBAC1D,IAAI,eAAe,CAAC,iBAAiB,EAAE,CAAC;oBACvC,QAAQ,CAAC,YAAY,CAAC,GAAG,CACxB,mBAAmB,EACnB,eAAe,CAAC,iBAAiB,CACjC,CAAC;gBACH,CAAC;gBACD,
|
|
1
|
+
{"version":3,"file":"mcp-oauth-handlers.js","sourceRoot":"","sources":["../../../src/server/http/mcp-oauth-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AAEzC,oDAA4B;AAC5B,oDAAsD;AAKtD,MAAa,gBAAgB;IACX,YAAY,CAAc;IAE3C,YAAY,WAAwB;QACnC,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;IACjC,CAAC;IAEM,cAAc,CAAC,GAAY,EAAE,GAAa;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,8BAA8B,EAAE,CAAC;QACpE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpB,CAAC;IAEM,wBAAwB,CAAC,GAAY,EAAE,GAAa;QAC1D,IAAI,CAAC;YACJ,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YACnC,MAAM,eAAe,GAAG,4BAAe,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;YAClF,IAAI,eAAe,EAAE,CAAC;gBACrB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC3B,KAAK,EAAE,iBAAiB;oBACxB,iBAAiB,EAAE,eAAe;iBAClC,CAAC,CAAC;YACJ,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;YAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,aAAG,CAAC,KAAK,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,2BAA2B;aAC9C,CAAC,CAAC;QACJ,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,GAAY,EAAE,GAAa;QAC3D,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG;gBACd,SAAS,EAAE,GAAG,CAAC,KAAK,CAAC,SAAmB;gBACxC,YAAY,EAAE,GAAG,CAAC,KAAK,CAAC,YAAsB;gBAC9C,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,aAAuB;gBAChD,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,KAAe;gBAChC,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,cAAwB;gBAClD,qBAAqB,EAAE,GAAG,CAAC,KAAK,CAAC,qBAA+B;gBAChE,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,KAAe;aAChC,CAAC;YACF,6EAA6E;YAC7E,wEAAwE;YACxE,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,4BAAe,CAAC,oBAAoB,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,KAAK,EAAE,iBAAiB;oBACxB,iBAAiB,EAAE,oCAAoC;iBACvD,CAAC,CAAC;gBACH,OAAO;YACR,CAAC;YACD,uFAAuF;YACvF,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACnB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC9C,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;gBACtD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,6BAA6B,CAAC,CAAC;gBAC9E,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1C,CAAC;YACD,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC;YAC/E,IAAI,eAAe,EAAE,CAAC;gBACrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC9C,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC;gBAC1D,IAAI,eAAe,CAAC,iBAAiB,EAAE,CAAC;oBACvC,QAAQ,CAAC,YAAY,CAAC,GAAG,CACxB,mBAAmB,EACnB,eAAe,CAAC,iBAAiB,CACjC,CAAC;gBACH,CAAC;gBACD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;gBACjD,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1C,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7D,MAAM,OAAO,GAAG,IAAA,wBAAU,GAAE,CAAC;YAC7B,MAAM,cAAc,GAAG,wBAAwB,OAAO,cAAc,MAAM,CAAC,SAAS,iBAAiB,kBAAkB,CAAC,MAAM,CAAC,YAAY,CAAC,mBAAmB,MAAM,CAAC,cAAc,0BAA0B,MAAM,CAAC,qBAAqB,UAAU,MAAM,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;YACzQ,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,aAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC9C,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,GAAY,EAAE,GAAa;QAC3D,IAAI,CAAC;YACJ,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;YACnC,aAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE;gBAC/B,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;gBACxC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI;gBACnB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC/C,MAAM,EAAE;oBACP,UAAU,EAAE,WAAW,CAAC,UAAU;oBAClC,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;oBACvE,SAAS,EAAE,WAAW,CAAC,SAAS;oBAChC,YAAY,EAAE,WAAW,CAAC,YAAY;oBACtC,iBAAiB,EAAE,CAAC,CAAC,WAAW,CAAC,aAAa;iBAC9C;aACD,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;YACzE,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;gBACvB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrC,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,aAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,0BAA0B;aAC7C,CAAC,CAAC;QACJ,CAAC;IACF,CAAC;CACD;AA/GD,4CA+GC"}
|
|
@@ -1,8 +1,15 @@
|
|
|
1
|
+
import type { RateLimitOptions } from './rate-limiter';
|
|
1
2
|
import type { OAuthServer } from '../oauth';
|
|
2
3
|
import type { NextFunction, Request, Response } from 'express';
|
|
3
4
|
export declare class HttpMiddleware {
|
|
4
5
|
private readonly _oauthServer;
|
|
5
6
|
constructor(oauthServer: OAuthServer);
|
|
7
|
+
/**
|
|
8
|
+
* Per-route fixed-window rate limit, keyed by the real connection IP (req.ip /
|
|
9
|
+
* socket address) rather than the spoofable X-Forwarded-For header, so an
|
|
10
|
+
* attacker cannot bypass the limit by rotating that header.
|
|
11
|
+
*/
|
|
12
|
+
rateLimit(options: RateLimitOptions): (req: Request, res: Response, next: NextFunction) => void;
|
|
6
13
|
bearerAuth(): (req: Request, res: Response, next: NextFunction) => void;
|
|
7
14
|
errorHandler(): (error: Error, req: Request, res: Response, next: NextFunction) => void;
|
|
8
15
|
correlationId(): (req: Request, res: Response, next: NextFunction) => void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/server/http/middleware.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/server/http/middleware.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE/D,qBAAa,cAAc;IAC1B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;gBAE/B,WAAW,EAAE,WAAW;IAIpC;;;;OAIG;IACI,SAAS,CAAC,OAAO,EAAE,gBAAgB,IAEjC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAgBjD,UAAU,KACR,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAkBjD,YAAY,KACV,OAAO,KAAK,EAAE,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAiB/D,aAAa,KACX,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAYjD,cAAc,KACZ,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;CAwBxD"}
|
|
@@ -7,11 +7,34 @@ exports.HttpMiddleware = void 0;
|
|
|
7
7
|
const crypto_1 = require("crypto");
|
|
8
8
|
const log_1 = __importDefault(require("../../log"));
|
|
9
9
|
const utils_1 = require("../../utils");
|
|
10
|
+
const rate_limiter_1 = require("./rate-limiter");
|
|
10
11
|
class HttpMiddleware {
|
|
11
12
|
_oauthServer;
|
|
12
13
|
constructor(oauthServer) {
|
|
13
14
|
this._oauthServer = oauthServer;
|
|
14
15
|
}
|
|
16
|
+
/**
|
|
17
|
+
* Per-route fixed-window rate limit, keyed by the real connection IP (req.ip /
|
|
18
|
+
* socket address) rather than the spoofable X-Forwarded-For header, so an
|
|
19
|
+
* attacker cannot bypass the limit by rotating that header.
|
|
20
|
+
*/
|
|
21
|
+
rateLimit(options) {
|
|
22
|
+
const limiter = new rate_limiter_1.RateLimiter(options);
|
|
23
|
+
return (req, res, next) => {
|
|
24
|
+
const key = req.ip || req.socket?.remoteAddress || 'unknown';
|
|
25
|
+
const { allowed, retryAfterMs } = limiter.check(key, Date.now());
|
|
26
|
+
if (!allowed) {
|
|
27
|
+
res.setHeader('Retry-After', String(Math.ceil(retryAfterMs / 1000)));
|
|
28
|
+
log_1.default.warn('http.rate_limited', { path: req.path, ip: (0, utils_1.getClientIp)(req) });
|
|
29
|
+
res.status(429).json({
|
|
30
|
+
error: 'too_many_requests',
|
|
31
|
+
error_description: 'Rate limit exceeded. Try again later.',
|
|
32
|
+
});
|
|
33
|
+
return;
|
|
34
|
+
}
|
|
35
|
+
next();
|
|
36
|
+
};
|
|
37
|
+
}
|
|
15
38
|
bearerAuth() {
|
|
16
39
|
return (req, res, next) => {
|
|
17
40
|
const authHeader = req.headers.authorization;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/server/http/middleware.ts"],"names":[],"mappings":";;;;;;AAAA,mCAAoC;AAEpC,oDAA4B;AAC5B,uCAA0C;
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/server/http/middleware.ts"],"names":[],"mappings":";;;;;;AAAA,mCAAoC;AAEpC,oDAA4B;AAC5B,uCAA0C;AAE1C,iDAA6C;AAM7C,MAAa,cAAc;IACT,YAAY,CAAc;IAE3C,YAAY,WAAwB;QACnC,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACI,SAAS,CAAC,OAAyB;QACzC,MAAM,OAAO,GAAG,IAAI,0BAAW,CAAC,OAAO,CAAC,CAAC;QACzC,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC1D,MAAM,GAAG,GAAG,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,SAAS,CAAC;YAC7D,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACjE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACd,GAAG,CAAC,SAAS,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;gBACrE,aAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,IAAA,mBAAW,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,KAAK,EAAE,mBAAmB;oBAC1B,iBAAiB,EAAE,uCAAuC;iBAC1D,CAAC,CAAC;gBACH,OAAO;YACR,CAAC;YACD,IAAI,EAAE,CAAC;QACR,CAAC,CAAC;IACH,CAAC;IAEM,UAAU;QAChB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC1D,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC7C,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACpD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAClC,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;gBAC7D,IAAI,OAAO,EAAE,CAAC;oBACZ,GAAW,CAAC,OAAO,GAAG,OAAO,CAAC;oBAC/B,OAAO,IAAI,EAAE,CAAC;gBACf,CAAC;YACF,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAChB,yEAAyE;aAC1E,CAAC,CAAC;QACJ,CAAC,CAAC;IACH,CAAC;IAEM,YAAY;QAClB,OAAO,CAAC,KAAY,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YACxE,aAAG,CAAC,KAAK,CAAC,YAAY,EAAE;gBACvB,KAAK,EAAE,KAAK,CAAC,OAAO;gBACpB,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,GAAG,CAAC,MAAM;aAClB,CAAC,CAAC;YACH,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,uBAAuB;aAC1C,CAAC,CAAC;QACJ,CAAC,CAAC;IACH,CAAC;IAEM,aAAa;QACnB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC1D,MAAM,aAAa,GAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAY,IAAI,IAAA,mBAAU,GAAE,CAAC;YAClF,aAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;YACnC,GAAW,CAAC,aAAa,GAAG,aAAa,CAAC;YAC3C,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;YACjD,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACrB,aAAG,CAAC,kBAAkB,EAAE,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,IAAI,EAAE,CAAC;QACR,CAAC,CAAC;IACH,CAAC;IAEM,cAAc;QACpB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,EAAE,GAAG,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,aAAa,GAAI,GAAW,CAAC,aAAa,CAAC;YACjD,aAAG,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,EAAE;gBACpC,EAAE;gBACF,SAAS;gBACT,aAAa;gBACb,aAAa,EAAE,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC;gBAC5C,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;aACxC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBACxC,aAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,UAAU,EAAE,QAAQ,EAAE;oBAC/D,EAAE;oBACF,aAAa;oBACb,aAAa,EAAE,GAAG,CAAC,SAAS,CAAC,gBAAgB,CAAC;oBAC9C,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC;iBAC1C,CAAC,CAAC;YACJ,CAAC,CAAC,CAAC;YACH,IAAI,EAAE,CAAC;QACR,CAAC,CAAC;IACH,CAAC;CACD;AAzGD,wCAyGC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
export interface RateLimitOptions {
|
|
2
|
+
/** Length of the fixed window in milliseconds. */
|
|
3
|
+
windowMs: number;
|
|
4
|
+
/** Maximum number of requests allowed per key within the window. */
|
|
5
|
+
max: number;
|
|
6
|
+
}
|
|
7
|
+
export interface RateLimitResult {
|
|
8
|
+
allowed: boolean;
|
|
9
|
+
retryAfterMs: number;
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Minimal fixed-window in-memory rate limiter. Keyed by an arbitrary string
|
|
13
|
+
* (typically the client IP). Bounded memory: expired buckets are swept lazily
|
|
14
|
+
* once per window, so there is no background timer to leak.
|
|
15
|
+
*/
|
|
16
|
+
export declare class RateLimiter {
|
|
17
|
+
private readonly _buckets;
|
|
18
|
+
private readonly _options;
|
|
19
|
+
private _lastSweepAt;
|
|
20
|
+
constructor(options: RateLimitOptions);
|
|
21
|
+
check(key: string, now: number): RateLimitResult;
|
|
22
|
+
private _maybeSweep;
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=rate-limiter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../../src/server/http/rate-limiter.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAChC,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,oEAAoE;IACpE,GAAG,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,eAAe;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACrB;AAOD;;;;GAIG;AACH,qBAAa,WAAW;IACvB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA6B;IACtD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAmB;IAC5C,OAAO,CAAC,YAAY,CAAK;gBAEb,OAAO,EAAE,gBAAgB;IAI9B,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,eAAe;IAcvD,OAAO,CAAC,WAAW;CAWnB"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RateLimiter = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Minimal fixed-window in-memory rate limiter. Keyed by an arbitrary string
|
|
6
|
+
* (typically the client IP). Bounded memory: expired buckets are swept lazily
|
|
7
|
+
* once per window, so there is no background timer to leak.
|
|
8
|
+
*/
|
|
9
|
+
class RateLimiter {
|
|
10
|
+
_buckets = new Map();
|
|
11
|
+
_options;
|
|
12
|
+
_lastSweepAt = 0;
|
|
13
|
+
constructor(options) {
|
|
14
|
+
this._options = options;
|
|
15
|
+
}
|
|
16
|
+
check(key, now) {
|
|
17
|
+
this._maybeSweep(now);
|
|
18
|
+
const bucket = this._buckets.get(key);
|
|
19
|
+
if (!bucket || now >= bucket.resetAt) {
|
|
20
|
+
this._buckets.set(key, { count: 1, resetAt: now + this._options.windowMs });
|
|
21
|
+
return { allowed: true, retryAfterMs: 0 };
|
|
22
|
+
}
|
|
23
|
+
if (bucket.count >= this._options.max) {
|
|
24
|
+
return { allowed: false, retryAfterMs: bucket.resetAt - now };
|
|
25
|
+
}
|
|
26
|
+
bucket.count++;
|
|
27
|
+
return { allowed: true, retryAfterMs: 0 };
|
|
28
|
+
}
|
|
29
|
+
_maybeSweep(now) {
|
|
30
|
+
if (now - this._lastSweepAt < this._options.windowMs) {
|
|
31
|
+
return;
|
|
32
|
+
}
|
|
33
|
+
this._lastSweepAt = now;
|
|
34
|
+
for (const [key, bucket] of this._buckets.entries()) {
|
|
35
|
+
if (now >= bucket.resetAt) {
|
|
36
|
+
this._buckets.delete(key);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
exports.RateLimiter = RateLimiter;
|
|
42
|
+
//# sourceMappingURL=rate-limiter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../../src/server/http/rate-limiter.ts"],"names":[],"mappings":";;;AAiBA;;;;GAIG;AACH,MAAa,WAAW;IACN,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IACrC,QAAQ,CAAmB;IACpC,YAAY,GAAG,CAAC,CAAC;IAEzB,YAAY,OAAyB;QACpC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IACzB,CAAC;IAEM,KAAK,CAAC,GAAW,EAAE,GAAW;QACpC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC5E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;QAC3C,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YACvC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;QAC/D,CAAC;QACD,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;IAC3C,CAAC;IAEO,WAAW,CAAC,GAAW;QAC9B,IAAI,GAAG,GAAG,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtD,OAAO;QACR,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,GAAG,CAAC;QACxB,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YACrD,IAAI,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC3B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC3B,CAAC;QACF,CAAC;IACF,CAAC;CACD;AAlCD,kCAkCC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared narrow contracts for talking to Creatio configuration REST services and
|
|
3
|
+
* reading system settings. Capability clients (DataForge, Global Search, …) depend
|
|
4
|
+
* on these interfaces rather than the concrete engines (Dependency Inversion).
|
|
5
|
+
*/
|
|
6
|
+
export type ConfigurationHttpMethod = 'GET' | 'POST' | 'PATCH' | 'PUT' | 'DELETE';
|
|
7
|
+
export interface ConfigurationCallRequest {
|
|
8
|
+
service?: string;
|
|
9
|
+
method?: string;
|
|
10
|
+
/** Pre-built relative path (already safely encoded) for multi-segment routes
|
|
11
|
+
* that service/method cannot express, e.g. `/0/rest/ToolServiceMcp/{code}/v1/mcp`. */
|
|
12
|
+
rawPath?: string;
|
|
13
|
+
httpMethod?: ConfigurationHttpMethod;
|
|
14
|
+
body?: unknown;
|
|
15
|
+
query?: Record<string, string | number | boolean>;
|
|
16
|
+
}
|
|
17
|
+
export interface ConfigurationCallResult {
|
|
18
|
+
status: number;
|
|
19
|
+
contentType?: string;
|
|
20
|
+
body: unknown;
|
|
21
|
+
}
|
|
22
|
+
/** Narrow capability: invoke a configuration REST service method. */
|
|
23
|
+
export interface ConfigurationCaller {
|
|
24
|
+
call(request: ConfigurationCallRequest): Promise<ConfigurationCallResult>;
|
|
25
|
+
}
|
|
26
|
+
/** Narrow capability: read system setting values. */
|
|
27
|
+
export interface SysSettingReader {
|
|
28
|
+
queryValues(codes: string[]): Promise<{
|
|
29
|
+
values?: Record<string, unknown>;
|
|
30
|
+
}>;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Extract a system setting's value from a QuerySysSettings response. Creatio
|
|
34
|
+
* returns each setting as an object `{ code, value, ... }`; a bare value is also
|
|
35
|
+
* tolerated. Returns `undefined` when absent.
|
|
36
|
+
*/
|
|
37
|
+
export declare function getSettingValue(response: {
|
|
38
|
+
values?: Record<string, unknown>;
|
|
39
|
+
} | undefined, code: string): unknown;
|
|
40
|
+
/** True when the named setting holds a non-empty string value. */
|
|
41
|
+
export declare function hasNonEmptySetting(response: {
|
|
42
|
+
values?: Record<string, unknown>;
|
|
43
|
+
} | undefined, code: string): boolean;
|
|
44
|
+
//# sourceMappingURL=creatio-rest.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"creatio-rest.d.ts","sourceRoot":"","sources":["../../../src/server/mcp/creatio-rest.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,MAAM,uBAAuB,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,CAAC;AAElF,MAAM,WAAW,wBAAwB;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;2FACuF;IACvF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,uBAAuB,CAAC;IACrC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,CAAC;CAClD;AAED,MAAM,WAAW,uBAAuB;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,OAAO,CAAC;CACd;AAED,qEAAqE;AACrE,MAAM,WAAW,mBAAmB;IACnC,IAAI,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;CAC1E;AAED,qDAAqD;AACrD,MAAM,WAAW,gBAAgB;IAChC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC,CAAC;CAC5E;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAC9B,QAAQ,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,GAAG,SAAS,EAC1D,IAAI,EAAE,MAAM,GACV,OAAO,CAKT;AAED,kEAAkE;AAClE,wBAAgB,kBAAkB,CACjC,QAAQ,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,GAAG,SAAS,EAC1D,IAAI,EAAE,MAAM,GACV,OAAO,CAGT"}
|