mcp-creatio 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (353) hide show
  1. package/README.md +280 -156
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/cli.js +27 -10
  4. package/dist/cli.js.map +1 -1
  5. package/dist/config-builder.d.ts +8 -0
  6. package/dist/config-builder.d.ts.map +1 -1
  7. package/dist/config-builder.js +147 -43
  8. package/dist/config-builder.js.map +1 -1
  9. package/dist/consts.d.ts.map +1 -1
  10. package/dist/consts.js +2 -1
  11. package/dist/consts.js.map +1 -1
  12. package/dist/creatio/auth/auth-manager.d.ts.map +1 -1
  13. package/dist/creatio/auth/auth-manager.js +5 -2
  14. package/dist/creatio/auth/auth-manager.js.map +1 -1
  15. package/dist/creatio/auth/auth.d.ts +4 -31
  16. package/dist/creatio/auth/auth.d.ts.map +1 -1
  17. package/dist/creatio/auth/auth.js +20 -26
  18. package/dist/creatio/auth/auth.js.map +1 -1
  19. package/dist/creatio/auth/constants.d.ts +14 -0
  20. package/dist/creatio/auth/constants.d.ts.map +1 -0
  21. package/dist/creatio/auth/constants.js +20 -0
  22. package/dist/creatio/auth/constants.js.map +1 -0
  23. package/dist/creatio/auth/contracts.d.ts +15 -0
  24. package/dist/creatio/auth/contracts.d.ts.map +1 -0
  25. package/dist/creatio/auth/contracts.js +3 -0
  26. package/dist/creatio/auth/contracts.js.map +1 -0
  27. package/dist/creatio/auth/headers.d.ts +3 -0
  28. package/dist/creatio/auth/headers.d.ts.map +1 -0
  29. package/dist/creatio/auth/headers.js +15 -0
  30. package/dist/creatio/auth/headers.js.map +1 -0
  31. package/dist/creatio/auth/identity.d.ts +8 -0
  32. package/dist/creatio/auth/identity.d.ts.map +1 -0
  33. package/dist/creatio/auth/identity.js +18 -0
  34. package/dist/creatio/auth/identity.js.map +1 -0
  35. package/dist/creatio/auth/index.d.ts +4 -3
  36. package/dist/creatio/auth/index.d.ts.map +1 -1
  37. package/dist/creatio/auth/index.js +5 -3
  38. package/dist/creatio/auth/index.js.map +1 -1
  39. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +13 -7
  40. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -1
  41. package/dist/creatio/auth/providers/base-oauth2-provider.js +29 -19
  42. package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -1
  43. package/dist/creatio/auth/providers/base-provider.js +1 -1
  44. package/dist/creatio/auth/providers/base-provider.js.map +1 -1
  45. package/dist/creatio/auth/providers/broker-provider.d.ts +20 -0
  46. package/dist/creatio/auth/providers/broker-provider.d.ts.map +1 -0
  47. package/dist/creatio/auth/providers/broker-provider.js +72 -0
  48. package/dist/creatio/auth/providers/broker-provider.js.map +1 -0
  49. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts +27 -0
  50. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts.map +1 -0
  51. package/dist/creatio/auth/providers/creatio-oauth-client.js +122 -0
  52. package/dist/creatio/auth/providers/creatio-oauth-client.js.map +1 -0
  53. package/dist/creatio/auth/providers/index.d.ts +3 -1
  54. package/dist/creatio/auth/providers/index.d.ts.map +1 -1
  55. package/dist/creatio/auth/providers/index.js +3 -1
  56. package/dist/creatio/auth/providers/index.js.map +1 -1
  57. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts +17 -0
  58. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts.map +1 -0
  59. package/dist/creatio/auth/providers/oauth2-bearer-provider.js +33 -0
  60. package/dist/creatio/auth/providers/oauth2-bearer-provider.js.map +1 -0
  61. package/dist/creatio/auth/providers/oauth2-provider.d.ts +2 -2
  62. package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -1
  63. package/dist/creatio/auth/providers/oauth2-provider.js +4 -9
  64. package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -1
  65. package/dist/creatio/auth/providers/type.d.ts +20 -1
  66. package/dist/creatio/auth/providers/type.d.ts.map +1 -1
  67. package/dist/creatio/auth/providers/type.js +22 -2
  68. package/dist/creatio/auth/providers/type.js.map +1 -1
  69. package/dist/creatio/client-config.d.ts +26 -5
  70. package/dist/creatio/client-config.d.ts.map +1 -1
  71. package/dist/creatio/engines/admin-operation-engine.d.ts +1 -1
  72. package/dist/creatio/engines/admin-operation-engine.d.ts.map +1 -1
  73. package/dist/creatio/engines/admin-operation-engine.js +3 -3
  74. package/dist/creatio/engines/admin-operation-engine.js.map +1 -1
  75. package/dist/creatio/engines/configuration-engine.d.ts +1 -1
  76. package/dist/creatio/engines/configuration-engine.d.ts.map +1 -1
  77. package/dist/creatio/engines/configuration-engine.js +3 -3
  78. package/dist/creatio/engines/configuration-engine.js.map +1 -1
  79. package/dist/creatio/engines/crud-engine.d.ts +1 -1
  80. package/dist/creatio/engines/crud-engine.d.ts.map +1 -1
  81. package/dist/creatio/engines/crud-engine.js +4 -4
  82. package/dist/creatio/engines/crud-engine.js.map +1 -1
  83. package/dist/creatio/engines/engine-manager.d.ts +4 -2
  84. package/dist/creatio/engines/engine-manager.d.ts.map +1 -1
  85. package/dist/creatio/engines/engine-manager.js +9 -10
  86. package/dist/creatio/engines/engine-manager.js.map +1 -1
  87. package/dist/creatio/engines/engine.d.ts.map +1 -1
  88. package/dist/creatio/engines/engine.js +12 -1
  89. package/dist/creatio/engines/engine.js.map +1 -1
  90. package/dist/creatio/engines/feature-engine.d.ts +1 -1
  91. package/dist/creatio/engines/feature-engine.d.ts.map +1 -1
  92. package/dist/creatio/engines/feature-engine.js +3 -3
  93. package/dist/creatio/engines/feature-engine.js.map +1 -1
  94. package/dist/creatio/engines/process-engine.d.ts +1 -1
  95. package/dist/creatio/engines/process-engine.d.ts.map +1 -1
  96. package/dist/creatio/engines/process-engine.js +3 -3
  97. package/dist/creatio/engines/process-engine.js.map +1 -1
  98. package/dist/creatio/engines/sys-settings-engine.d.ts +1 -1
  99. package/dist/creatio/engines/sys-settings-engine.d.ts.map +1 -1
  100. package/dist/creatio/engines/sys-settings-engine.js +3 -3
  101. package/dist/creatio/engines/sys-settings-engine.js.map +1 -1
  102. package/dist/creatio/engines/user-engine.d.ts +1 -1
  103. package/dist/creatio/engines/user-engine.d.ts.map +1 -1
  104. package/dist/creatio/engines/user-engine.js +3 -3
  105. package/dist/creatio/engines/user-engine.js.map +1 -1
  106. package/dist/creatio/provider-context.d.ts +3 -0
  107. package/dist/creatio/provider-context.d.ts.map +1 -1
  108. package/dist/creatio/services/client-cache-hash-client.d.ts +22 -0
  109. package/dist/creatio/services/client-cache-hash-client.d.ts.map +1 -0
  110. package/dist/creatio/services/client-cache-hash-client.js +56 -0
  111. package/dist/creatio/services/client-cache-hash-client.js.map +1 -0
  112. package/dist/creatio/services/creatio-service-context.d.ts +6 -1
  113. package/dist/creatio/services/creatio-service-context.d.ts.map +1 -1
  114. package/dist/creatio/services/creatio-service-context.js +15 -1
  115. package/dist/creatio/services/creatio-service-context.js.map +1 -1
  116. package/dist/creatio/services/crud-provider-factory.d.ts +4 -0
  117. package/dist/creatio/services/crud-provider-factory.d.ts.map +1 -1
  118. package/dist/creatio/services/crud-provider-factory.js +1 -1
  119. package/dist/creatio/services/crud-provider-factory.js.map +1 -1
  120. package/dist/creatio/services/dataservice/data-service-column-values.d.ts.map +1 -1
  121. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts +5 -3
  122. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts.map +1 -1
  123. package/dist/creatio/services/dataservice/data-service-crud-provider.js +8 -6
  124. package/dist/creatio/services/dataservice/data-service-crud-provider.js.map +1 -1
  125. package/dist/creatio/services/dataservice/data-service-filter-translator.d.ts.map +1 -1
  126. package/dist/creatio/services/dataservice/data-service-filter-translator.js +7 -2
  127. package/dist/creatio/services/dataservice/data-service-filter-translator.js.map +1 -1
  128. package/dist/creatio/services/dataservice/data-service-query-builder.d.ts.map +1 -1
  129. package/dist/creatio/services/dataservice/data-service-query-builder.js.map +1 -1
  130. package/dist/creatio/services/dataservice/data-service-schema.d.ts +6 -4
  131. package/dist/creatio/services/dataservice/data-service-schema.d.ts.map +1 -1
  132. package/dist/creatio/services/dataservice/data-service-schema.js +29 -18
  133. package/dist/creatio/services/dataservice/data-service-schema.js.map +1 -1
  134. package/dist/creatio/services/dataservice/data-service-transport.d.ts +4 -1
  135. package/dist/creatio/services/dataservice/data-service-transport.d.ts.map +1 -1
  136. package/dist/creatio/services/dataservice/data-service-transport.js +8 -3
  137. package/dist/creatio/services/dataservice/data-service-transport.js.map +1 -1
  138. package/dist/creatio/services/dataservice/data-service-types.d.ts +0 -19
  139. package/dist/creatio/services/dataservice/data-service-types.d.ts.map +1 -1
  140. package/dist/creatio/services/dataservice/data-service-value-type.d.ts +2 -1
  141. package/dist/creatio/services/dataservice/data-service-value-type.d.ts.map +1 -1
  142. package/dist/creatio/services/dataservice/data-service-value-type.js +20 -16
  143. package/dist/creatio/services/dataservice/data-service-value-type.js.map +1 -1
  144. package/dist/creatio/services/http-client.d.ts +13 -0
  145. package/dist/creatio/services/http-client.d.ts.map +1 -1
  146. package/dist/creatio/services/http-client.js +26 -2
  147. package/dist/creatio/services/http-client.js.map +1 -1
  148. package/dist/creatio/services/identifiers.d.ts +10 -0
  149. package/dist/creatio/services/identifiers.d.ts.map +1 -0
  150. package/dist/creatio/services/identifiers.js +20 -0
  151. package/dist/creatio/services/identifiers.js.map +1 -0
  152. package/dist/creatio/services/index.d.ts +2 -0
  153. package/dist/creatio/services/index.d.ts.map +1 -1
  154. package/dist/creatio/services/index.js +2 -0
  155. package/dist/creatio/services/index.js.map +1 -1
  156. package/dist/creatio/services/odata/metadata-store.d.ts +16 -3
  157. package/dist/creatio/services/odata/metadata-store.d.ts.map +1 -1
  158. package/dist/creatio/services/odata/metadata-store.js +65 -38
  159. package/dist/creatio/services/odata/metadata-store.js.map +1 -1
  160. package/dist/creatio/services/odata/odata-crud-provider.d.ts.map +1 -1
  161. package/dist/creatio/services/odata/odata-crud-provider.js +10 -25
  162. package/dist/creatio/services/odata/odata-crud-provider.js.map +1 -1
  163. package/dist/creatio/services/odata/odata-query-translator.d.ts +4 -5
  164. package/dist/creatio/services/odata/odata-query-translator.d.ts.map +1 -1
  165. package/dist/creatio/services/odata/odata-query-translator.js +32 -20
  166. package/dist/creatio/services/odata/odata-query-translator.js.map +1 -1
  167. package/dist/creatio/services/schema-freshness-gate.d.ts +26 -0
  168. package/dist/creatio/services/schema-freshness-gate.d.ts.map +1 -0
  169. package/dist/creatio/services/schema-freshness-gate.js +58 -0
  170. package/dist/creatio/services/schema-freshness-gate.js.map +1 -0
  171. package/dist/creatio/services/user-info-provider.d.ts.map +1 -1
  172. package/dist/creatio/services/user-info-provider.js +2 -2
  173. package/dist/creatio/services/user-info-provider.js.map +1 -1
  174. package/dist/index.js +35 -4
  175. package/dist/index.js.map +1 -1
  176. package/dist/log.d.ts +1 -1
  177. package/dist/log.d.ts.map +1 -1
  178. package/dist/log.js +6 -2
  179. package/dist/log.js.map +1 -1
  180. package/dist/server/bearer/base-url-guard.d.ts +20 -0
  181. package/dist/server/bearer/base-url-guard.d.ts.map +1 -0
  182. package/dist/server/bearer/base-url-guard.js +55 -0
  183. package/dist/server/bearer/base-url-guard.js.map +1 -0
  184. package/dist/server/bearer/bearer-edge.d.ts +42 -0
  185. package/dist/server/bearer/bearer-edge.d.ts.map +1 -0
  186. package/dist/server/bearer/bearer-edge.js +122 -0
  187. package/dist/server/bearer/bearer-edge.js.map +1 -0
  188. package/dist/server/bearer/bearer-token.d.ts +27 -0
  189. package/dist/server/bearer/bearer-token.d.ts.map +1 -0
  190. package/dist/server/bearer/bearer-token.js +50 -0
  191. package/dist/server/bearer/bearer-token.js.map +1 -0
  192. package/dist/server/bearer/index.d.ts +3 -0
  193. package/dist/server/bearer/index.d.ts.map +1 -0
  194. package/dist/server/bearer/index.js +19 -0
  195. package/dist/server/bearer/index.js.map +1 -0
  196. package/dist/server/http/auth-edge.d.ts +26 -0
  197. package/dist/server/http/auth-edge.d.ts.map +1 -0
  198. package/dist/server/http/auth-edge.js +75 -0
  199. package/dist/server/http/auth-edge.js.map +1 -0
  200. package/dist/server/http/broker-handlers.d.ts +45 -0
  201. package/dist/server/http/broker-handlers.d.ts.map +1 -0
  202. package/dist/server/http/broker-handlers.js +224 -0
  203. package/dist/server/http/broker-handlers.js.map +1 -0
  204. package/dist/server/http/{httpServer.d.ts → http-server.d.ts} +5 -13
  205. package/dist/server/http/http-server.d.ts.map +1 -0
  206. package/dist/server/http/{httpServer.js → http-server.js} +19 -53
  207. package/dist/server/http/http-server.js.map +1 -0
  208. package/dist/server/http/index.d.ts +1 -3
  209. package/dist/server/http/index.d.ts.map +1 -1
  210. package/dist/server/http/index.js +1 -3
  211. package/dist/server/http/index.js.map +1 -1
  212. package/dist/server/http/mcp-handlers.d.ts.map +1 -1
  213. package/dist/server/http/mcp-handlers.js +16 -3
  214. package/dist/server/http/mcp-handlers.js.map +1 -1
  215. package/dist/server/http/middleware.d.ts +3 -4
  216. package/dist/server/http/middleware.d.ts.map +1 -1
  217. package/dist/server/http/middleware.js +33 -23
  218. package/dist/server/http/middleware.js.map +1 -1
  219. package/dist/server/http/public-origin.d.ts +10 -0
  220. package/dist/server/http/public-origin.d.ts.map +1 -0
  221. package/dist/server/http/public-origin.js +19 -0
  222. package/dist/server/http/public-origin.js.map +1 -0
  223. package/dist/server/http/rate-limiter.d.ts +1 -1
  224. package/dist/server/http/rate-limiter.d.ts.map +1 -1
  225. package/dist/server/http/rate-limiter.js +11 -11
  226. package/dist/server/http/rate-limiter.js.map +1 -1
  227. package/dist/server/http-agent.d.ts +9 -0
  228. package/dist/server/http-agent.d.ts.map +1 -0
  229. package/dist/server/http-agent.js +35 -0
  230. package/dist/server/http-agent.js.map +1 -0
  231. package/dist/server/index.d.ts +2 -0
  232. package/dist/server/index.d.ts.map +1 -1
  233. package/dist/server/index.js +2 -0
  234. package/dist/server/index.js.map +1 -1
  235. package/dist/server/keepalive.d.ts +26 -0
  236. package/dist/server/keepalive.d.ts.map +1 -0
  237. package/dist/server/keepalive.js +64 -0
  238. package/dist/server/keepalive.js.map +1 -0
  239. package/dist/server/mcp/creatio-rest.d.ts +6 -0
  240. package/dist/server/mcp/creatio-rest.d.ts.map +1 -1
  241. package/dist/server/mcp/creatio-rest.js +21 -3
  242. package/dist/server/mcp/creatio-rest.js.map +1 -1
  243. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts +1 -1
  244. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts.map +1 -1
  245. package/dist/server/mcp/crtmcp/crt-mcp-client.js +16 -13
  246. package/dist/server/mcp/crtmcp/crt-mcp-client.js.map +1 -1
  247. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts +2 -2
  248. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts.map +1 -1
  249. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js +17 -17
  250. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js.map +1 -1
  251. package/dist/server/mcp/dataforge/dataforge-client.d.ts +12 -12
  252. package/dist/server/mcp/dataforge/dataforge-client.d.ts.map +1 -1
  253. package/dist/server/mcp/dataforge/dataforge-client.js +40 -47
  254. package/dist/server/mcp/dataforge/dataforge-client.js.map +1 -1
  255. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts +2 -2
  256. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts.map +1 -1
  257. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js +9 -9
  258. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js.map +1 -1
  259. package/dist/server/mcp/filters.d.ts.map +1 -1
  260. package/dist/server/mcp/filters.js +4 -1
  261. package/dist/server/mcp/filters.js.map +1 -1
  262. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts +4 -4
  263. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts.map +1 -1
  264. package/dist/server/mcp/globalsearch/globalsearch-client.js +39 -50
  265. package/dist/server/mcp/globalsearch/globalsearch-client.js.map +1 -1
  266. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts +1 -1
  267. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts.map +1 -1
  268. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js +1 -1
  269. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js.map +1 -1
  270. package/dist/server/mcp/server.d.ts +35 -8
  271. package/dist/server/mcp/server.d.ts.map +1 -1
  272. package/dist/server/mcp/server.js +113 -45
  273. package/dist/server/mcp/server.js.map +1 -1
  274. package/dist/server/mcp/tools-data.d.ts +2 -2
  275. package/dist/server/mcp/tools-data.d.ts.map +1 -1
  276. package/dist/server/mcp/tools-data.js +1 -1
  277. package/dist/server/mcp/tools-data.js.map +1 -1
  278. package/dist/server/oauth/oauth-server.d.ts +41 -10
  279. package/dist/server/oauth/oauth-server.d.ts.map +1 -1
  280. package/dist/server/oauth/oauth-server.js +82 -48
  281. package/dist/server/oauth/oauth-server.js.map +1 -1
  282. package/dist/server/oauth/storage.d.ts +42 -5
  283. package/dist/server/oauth/storage.d.ts.map +1 -1
  284. package/dist/server/oauth/storage.js +81 -18
  285. package/dist/server/oauth/storage.js.map +1 -1
  286. package/dist/server/oauth/token-manager.d.ts +21 -4
  287. package/dist/server/oauth/token-manager.d.ts.map +1 -1
  288. package/dist/server/oauth/token-manager.js +18 -19
  289. package/dist/server/oauth/token-manager.js.map +1 -1
  290. package/dist/server/oauth/types.d.ts +0 -12
  291. package/dist/server/oauth/types.d.ts.map +1 -1
  292. package/dist/server/oauth/validators.d.ts.map +1 -1
  293. package/dist/server/oauth/validators.js +14 -5
  294. package/dist/server/oauth/validators.js.map +1 -1
  295. package/dist/sessions/index.d.ts +1 -1
  296. package/dist/sessions/index.d.ts.map +1 -1
  297. package/dist/sessions/index.js +1 -1
  298. package/dist/sessions/index.js.map +1 -1
  299. package/dist/sessions/redis-token-store.d.ts +22 -0
  300. package/dist/sessions/redis-token-store.d.ts.map +1 -0
  301. package/dist/sessions/redis-token-store.js +70 -0
  302. package/dist/sessions/redis-token-store.js.map +1 -0
  303. package/dist/sessions/session-context.d.ts +21 -40
  304. package/dist/sessions/session-context.d.ts.map +1 -1
  305. package/dist/sessions/session-context.js +25 -105
  306. package/dist/sessions/session-context.js.map +1 -1
  307. package/dist/sessions/token-crypto.d.ts +8 -0
  308. package/dist/sessions/token-crypto.d.ts.map +1 -0
  309. package/dist/sessions/token-crypto.js +43 -0
  310. package/dist/sessions/token-crypto.js.map +1 -0
  311. package/dist/sessions/token-store.d.ts +42 -0
  312. package/dist/sessions/token-store.d.ts.map +1 -0
  313. package/dist/sessions/token-store.js +66 -0
  314. package/dist/sessions/token-store.js.map +1 -0
  315. package/dist/utils/context.d.ts +12 -0
  316. package/dist/utils/context.d.ts.map +1 -1
  317. package/dist/utils/context.js +16 -0
  318. package/dist/utils/context.js.map +1 -1
  319. package/dist/utils/env-aliases.d.ts +9 -0
  320. package/dist/utils/env-aliases.d.ts.map +1 -0
  321. package/dist/utils/env-aliases.js +61 -0
  322. package/dist/utils/env-aliases.js.map +1 -0
  323. package/dist/utils/env.d.ts +5 -0
  324. package/dist/utils/env.d.ts.map +1 -1
  325. package/dist/utils/env.js +10 -1
  326. package/dist/utils/env.js.map +1 -1
  327. package/dist/utils/index.d.ts +1 -0
  328. package/dist/utils/index.d.ts.map +1 -1
  329. package/dist/utils/index.js +1 -0
  330. package/dist/utils/index.js.map +1 -1
  331. package/dist/utils/redact.d.ts +25 -0
  332. package/dist/utils/redact.d.ts.map +1 -0
  333. package/dist/utils/redact.js +64 -0
  334. package/dist/utils/redact.js.map +1 -0
  335. package/package.json +78 -76
  336. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +0 -21
  337. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +0 -1
  338. package/dist/creatio/auth/providers/oauth2-code-provider.js +0 -251
  339. package/dist/creatio/auth/providers/oauth2-code-provider.js.map +0 -1
  340. package/dist/server/http/creatio-oauth-handlers.d.ts +0 -13
  341. package/dist/server/http/creatio-oauth-handlers.d.ts.map +0 -1
  342. package/dist/server/http/creatio-oauth-handlers.js +0 -160
  343. package/dist/server/http/creatio-oauth-handlers.js.map +0 -1
  344. package/dist/server/http/httpServer.d.ts.map +0 -1
  345. package/dist/server/http/httpServer.js.map +0 -1
  346. package/dist/server/http/mcp-oauth-handlers.d.ts +0 -11
  347. package/dist/server/http/mcp-oauth-handlers.d.ts.map +0 -1
  348. package/dist/server/http/mcp-oauth-handlers.js +0 -118
  349. package/dist/server/http/mcp-oauth-handlers.js.map +0 -1
  350. package/dist/sessions/token-refresh-scheduler.d.ts +0 -16
  351. package/dist/sessions/token-refresh-scheduler.d.ts.map +0 -1
  352. package/dist/sessions/token-refresh-scheduler.js +0 -66
  353. package/dist/sessions/token-refresh-scheduler.js.map +0 -1
@@ -0,0 +1,224 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.BrokerHandlers = void 0;
7
+ const log_1 = __importDefault(require("../../log"));
8
+ const utils_1 = require("../../utils");
9
+ const bearer_1 = require("../bearer");
10
+ const oauth_1 = require("../oauth");
11
+ const public_origin_1 = require("./public-origin");
12
+ const PROTECTED_RESOURCE_METADATA_PATH = '/.well-known/oauth-protected-resource';
13
+ /** The public origin this AS advertises (honors CREATIO_MCP_PUBLIC_URL behind a proxy). */
14
+ function origin(req) {
15
+ return (0, public_origin_1.resolvePublicOrigin)(req);
16
+ }
17
+ /** RFC 8414 Authorization Server Metadata, built from the request origin (proxy-aware). */
18
+ function authServerMetadata(req) {
19
+ const base = origin(req);
20
+ return {
21
+ issuer: base,
22
+ authorization_endpoint: `${base}/authorize`,
23
+ token_endpoint: `${base}/token`,
24
+ registration_endpoint: `${base}/register`,
25
+ revocation_endpoint: `${base}/revoke`,
26
+ response_types_supported: ['code'],
27
+ grant_types_supported: ['authorization_code', 'refresh_token'],
28
+ token_endpoint_auth_methods_supported: ['none', 'client_secret_post'],
29
+ code_challenge_methods_supported: ['S256'],
30
+ scopes_supported: ['offline_access'],
31
+ };
32
+ }
33
+ /** The `iss`/`aud` the tokens this server issues are bound to: its own origin and `/mcp` resource.
34
+ * Derived from the (proxy-aware) request so issue and validate always agree for this deployment. */
35
+ function tokenAudience(req) {
36
+ const base = origin(req);
37
+ return { issuer: base, audience: `${base}/mcp` };
38
+ }
39
+ /**
40
+ * Broker mode HTTP handlers: the MCP is its own OAuth 2.1 authorization server for clients and
41
+ * brokers the user login to Creatio (authorization_code + PKCE). The MCP-client PKCE and our own
42
+ * Creatio-leg PKCE are kept in separate fields (server-side {@link OAuthServer.createPendingAuthorization})
43
+ * — nothing is embedded in the Creatio `state`, so the two never collide.
44
+ */
45
+ class BrokerHandlers {
46
+ _oauth;
47
+ _creatio;
48
+ _session;
49
+ _callbackPath = '/oauth/callback';
50
+ constructor(_oauth, _creatio, _session) {
51
+ this._oauth = _oauth;
52
+ this._creatio = _creatio;
53
+ this._session = _session;
54
+ }
55
+ _callbackUrl(req) {
56
+ return `${origin(req)}${this._callbackPath}`;
57
+ }
58
+ /** RFC 6750 `401` challenge pointing at our protected-resource metadata. `invalid_token` tells a
59
+ * client holding a now-unusable token to re-authenticate (vs. a plain "no credentials" prompt). */
60
+ _challenge(req, res, description, error = 'unauthorized') {
61
+ const resourceMetadata = `${origin(req)}${PROTECTED_RESOURCE_METADATA_PATH}`;
62
+ const params = [`Bearer resource_metadata="${resourceMetadata}"`];
63
+ if (error === 'invalid_token') {
64
+ params.push(`error="invalid_token"`, `error_description="${description}"`);
65
+ }
66
+ res.setHeader('WWW-Authenticate', params.join(', '));
67
+ res.status(401).json({ error, error_description: description });
68
+ }
69
+ _redirectError(res, redirectUri, error, state) {
70
+ const url = new URL(redirectUri);
71
+ url.searchParams.set('error', error.error);
72
+ if (error.error_description) {
73
+ url.searchParams.set('error_description', error.error_description);
74
+ }
75
+ if (state) {
76
+ url.searchParams.set('state', state);
77
+ }
78
+ res.redirect(302, url.toString());
79
+ }
80
+ handleMetadata(req, res) {
81
+ res.json(authServerMetadata(req));
82
+ }
83
+ /** RFC 9728: in broker mode WE are the authorization server, so it points back at this origin. */
84
+ handleProtectedResourceMetadata(req, res) {
85
+ const base = origin(req);
86
+ res.json((0, bearer_1.buildProtectedResourceMetadata)(`${base}/mcp`, base));
87
+ }
88
+ /**
89
+ * Guards `/mcp`: validates the token THIS server issued, confirms we still hold the user's
90
+ * brokered Creatio tokens, and exposes the `userKey`. The Creatio tokens are kept in memory and
91
+ * are therefore lost on restart, while the token we issued (a stateless JWT) survives — so a
92
+ * reconnecting client looks authenticated but every Creatio call would fail. When the tokens are
93
+ * gone we answer `401` with `error="invalid_token"` so the client transparently re-runs OAuth.
94
+ */
95
+ mcpAuth() {
96
+ return async (req, res, next) => {
97
+ const header = req.headers.authorization;
98
+ const userKey = header?.startsWith('Bearer ')
99
+ ? this._oauth.validateAccessToken(header.slice(7), tokenAudience(req))
100
+ : null;
101
+ if (!userKey) {
102
+ this._challenge(req, res, 'Authorization required. Complete the OAuth flow to obtain a token.');
103
+ return;
104
+ }
105
+ if (!(await this._session.getTokensForUser(userKey))) {
106
+ this._challenge(req, res, 'Session expired; the server no longer holds your Creatio tokens. Re-authorize to continue.', 'invalid_token');
107
+ return;
108
+ }
109
+ req.userKey = userKey;
110
+ next();
111
+ };
112
+ }
113
+ handleRegister(req, res) {
114
+ const { redirect_uris } = req.body ?? {};
115
+ const error = oauth_1.OAuthValidators.validateClientRegistration(redirect_uris);
116
+ if (error) {
117
+ res.status(400).json({ error: 'invalid_request', error_description: error });
118
+ return;
119
+ }
120
+ res.status(201).json(this._oauth.registerClient(redirect_uris));
121
+ }
122
+ async handleAuthorize(req, res) {
123
+ const q = req.query;
124
+ const redirectUri = q.redirect_uri ?? '';
125
+ if (!redirectUri || !oauth_1.OAuthValidators.isAllowedRedirectUri(redirectUri)) {
126
+ res.status(400).json({
127
+ error: 'invalid_request',
128
+ error_description: 'Missing or disallowed redirect_uri',
129
+ });
130
+ return;
131
+ }
132
+ const params = {
133
+ client_id: q.client_id ?? '',
134
+ redirect_uri: redirectUri,
135
+ response_type: q.response_type ?? '',
136
+ code_challenge: q.code_challenge ?? '',
137
+ code_challenge_method: q.code_challenge_method ?? '',
138
+ ...(q.state !== undefined ? { state: q.state } : {}),
139
+ ...(q.scope !== undefined ? { scope: q.scope } : {}),
140
+ };
141
+ const validationError = this._oauth.validateAuthorizationRequest(params);
142
+ if (validationError) {
143
+ return this._redirectError(res, redirectUri, validationError, q.state);
144
+ }
145
+ // Our own Creatio-leg PKCE, kept server-side (never mixed into the Creatio state).
146
+ const { verifier, challenge } = await (0, utils_1.generatePkcePair)();
147
+ const brokerState = this._oauth.createPendingAuthorization({
148
+ client_id: params.client_id,
149
+ redirect_uri: redirectUri,
150
+ code_challenge: params.code_challenge,
151
+ code_challenge_method: params.code_challenge_method,
152
+ client_state: q.state,
153
+ creatio_verifier: verifier,
154
+ });
155
+ const creatioUrl = this._creatio.buildAuthorizeUrl(this._callbackUrl(req), brokerState, challenge);
156
+ res.redirect(302, creatioUrl);
157
+ }
158
+ async handleCallback(req, res) {
159
+ const code = String(req.query.code ?? '');
160
+ const brokerState = String(req.query.state ?? '');
161
+ if (!code || !brokerState) {
162
+ res.status(400).send('Missing code or state');
163
+ return;
164
+ }
165
+ const pending = this._oauth.takePendingAuthorization(brokerState);
166
+ if (!pending) {
167
+ res.status(400).send('Unknown or expired authorization state');
168
+ return;
169
+ }
170
+ try {
171
+ const tokens = await this._creatio.exchangeCode(code, this._callbackUrl(req), pending.creatio_verifier);
172
+ const userKey = (0, bearer_1.inspectBearer)(tokens.accessToken).userKey;
173
+ await this._session.setTokensForUser(userKey, tokens);
174
+ const mcpCode = this._oauth.generateAuthorizationCode(pending.client_id, pending.redirect_uri, pending.code_challenge, pending.code_challenge_method, userKey);
175
+ const target = new URL(pending.redirect_uri);
176
+ target.searchParams.set('code', mcpCode);
177
+ if (pending.client_state) {
178
+ target.searchParams.set('state', pending.client_state);
179
+ }
180
+ res.redirect(302, target.toString());
181
+ }
182
+ catch (err) {
183
+ log_1.default.error('broker.callback.error', { error: String(err?.message ?? err) });
184
+ res.status(502).send('Failed to complete authorization with Creatio');
185
+ }
186
+ }
187
+ async handleToken(req, res) {
188
+ const body = req.body ?? {};
189
+ const aud = tokenAudience(req);
190
+ const sessionStillHeld = (userKey) => this._session.getTokensForUser(userKey).then(Boolean);
191
+ const result = body.grant_type === 'refresh_token'
192
+ ? await this._oauth.exchangeRefreshToken(body, aud, sessionStillHeld)
193
+ : await this._oauth.exchangeCodeForToken(body, aud);
194
+ if ('error' in result) {
195
+ res.status(400).json(result);
196
+ return;
197
+ }
198
+ res.json(result);
199
+ }
200
+ /**
201
+ * RFC 7009 token revocation / logout: invalidate the user's brokered session. Resolve the user
202
+ * from the presented token, revoke their Creatio token upstream (best-effort), and purge the
203
+ * server-side Creatio tokens + our issued refresh tokens. Always answers 200 — even for an
204
+ * unknown token — so it is not a token-validity oracle.
205
+ */
206
+ async handleRevoke(req, res) {
207
+ const token = String((req.body ?? {}).token ?? '');
208
+ if (token) {
209
+ const userKey = this._oauth.resolveUserFromToken(token, tokenAudience(req));
210
+ if (userKey) {
211
+ const stored = await this._session.getTokensForUser(userKey);
212
+ if (stored?.refreshToken) {
213
+ await this._creatio.revoke(stored.refreshToken);
214
+ }
215
+ await this._session.deleteTokensForUser(userKey);
216
+ this._oauth.purgeRefreshTokensForUser(userKey);
217
+ log_1.default.info('broker.revoke', { userKey });
218
+ }
219
+ }
220
+ res.status(200).json({});
221
+ }
222
+ }
223
+ exports.BrokerHandlers = BrokerHandlers;
224
+ //# sourceMappingURL=broker-handlers.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"broker-handlers.js","sourceRoot":"","sources":["../../../src/server/http/broker-handlers.ts"],"names":[],"mappings":";;;;;;AACA,oDAA4B;AAE5B,uCAA+C;AAC/C,sCAA0E;AAC1E,oCAAwD;AAExD,mDAAsD;AAItD,MAAM,gCAAgC,GAAG,uCAAuC,CAAC;AAEjF,2FAA2F;AAC3F,SAAS,MAAM,CAAC,GAAY;IAC3B,OAAO,IAAA,mCAAmB,EAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,2FAA2F;AAC3F,SAAS,kBAAkB,CAAC,GAAY;IACvC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,OAAO;QACN,MAAM,EAAE,IAAI;QACZ,sBAAsB,EAAE,GAAG,IAAI,YAAY;QAC3C,cAAc,EAAE,GAAG,IAAI,QAAQ;QAC/B,qBAAqB,EAAE,GAAG,IAAI,WAAW;QACzC,mBAAmB,EAAE,GAAG,IAAI,SAAS;QACrC,wBAAwB,EAAE,CAAC,MAAM,CAAC;QAClC,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QAC9D,qCAAqC,EAAE,CAAC,MAAM,EAAE,oBAAoB,CAAC;QACrE,gCAAgC,EAAE,CAAC,MAAM,CAAC;QAC1C,gBAAgB,EAAE,CAAC,gBAAgB,CAAC;KACpC,CAAC;AACH,CAAC;AAED;qGACqG;AACrG,SAAS,aAAa,CAAC,GAAY;IAClC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,MAAM,EAAE,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAa,cAAc;IAIR;IACA;IACA;IALD,aAAa,GAAG,iBAAiB,CAAC;IAEnD,YACkB,MAAmB,EACnB,QAA4B,EAC5B,QAAwB;QAFxB,WAAM,GAAN,MAAM,CAAa;QACnB,aAAQ,GAAR,QAAQ,CAAoB;QAC5B,aAAQ,GAAR,QAAQ,CAAgB;IACvC,CAAC;IAEI,YAAY,CAAC,GAAY;QAChC,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9C,CAAC;IAED;wGACoG;IAC5F,UAAU,CACjB,GAAY,EACZ,GAAa,EACb,WAAmB,EACnB,QAA0C,cAAc;QAExD,MAAM,gBAAgB,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,gCAAgC,EAAE,CAAC;QAC7E,MAAM,MAAM,GAAG,CAAC,6BAA6B,gBAAgB,GAAG,CAAC,CAAC;QAClE,IAAI,KAAK,KAAK,eAAe,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,sBAAsB,WAAW,GAAG,CAAC,CAAC;QAC5E,CAAC;QACD,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACrD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAE,CAAC,CAAC;IACjE,CAAC;IAEO,cAAc,CACrB,GAAa,EACb,WAAmB,EACnB,KAAoD,EACpD,KAAyB;QAEzB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACjC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC7B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnC,CAAC;IAEM,cAAc,CAAC,GAAY,EAAE,GAAa;QAChD,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;IACnC,CAAC;IAED,kGAAkG;IAC3F,+BAA+B,CAAC,GAAY,EAAE,GAAa;QACjE,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,IAAA,uCAA8B,EAAC,GAAG,IAAI,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED;;;;;;OAMG;IACI,OAAO;QACb,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;YAC/E,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YACzC,MAAM,OAAO,GAAG,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC;gBAC5C,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;gBACtE,CAAC,CAAC,IAAI,CAAC;YACR,IAAI,CAAC,OAAO,EAAE,CAAC;gBACd,IAAI,CAAC,UAAU,CACd,GAAG,EACH,GAAG,EACH,oEAAoE,CACpE,CAAC;gBACF,OAAO;YACR,CAAC;YACD,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;gBACtD,IAAI,CAAC,UAAU,CACd,GAAG,EACH,GAAG,EACH,4FAA4F,EAC5F,eAAe,CACf,CAAC;gBACF,OAAO;YACR,CAAC;YACA,GAAsC,CAAC,OAAO,GAAG,OAAO,CAAC;YAC1D,IAAI,EAAE,CAAC;QACR,CAAC,CAAC;IACH,CAAC;IAEM,cAAc,CAAC,GAAY,EAAE,GAAa;QAChD,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,uBAAe,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;QACxE,IAAI,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7E,OAAO;QACR,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC;IACjE,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,GAAY,EAAE,GAAa;QACvD,MAAM,CAAC,GAAG,GAAG,CAAC,KAA2C,CAAC;QAC1D,MAAM,WAAW,GAAG,CAAC,CAAC,YAAY,IAAI,EAAE,CAAC;QACzC,IAAI,CAAC,WAAW,IAAI,CAAC,uBAAe,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE,CAAC;YACxE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,iBAAiB;gBACxB,iBAAiB,EAAE,oCAAoC;aACvD,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,MAAM,MAAM,GAAG;YACd,SAAS,EAAE,CAAC,CAAC,SAAS,IAAI,EAAE;YAC5B,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,CAAC,CAAC,aAAa,IAAI,EAAE;YACpC,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,EAAE;YACtC,qBAAqB,EAAE,CAAC,CAAC,qBAAqB,IAAI,EAAE;YACpD,GAAG,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACpD,CAAC;QACF,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC;QACzE,IAAI,eAAe,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QACxE,CAAC;QACD,mFAAmF;QACnF,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,wBAAgB,GAAE,CAAC;QACzD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC;YAC1D,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;YACnD,YAAY,EAAE,CAAC,CAAC,KAAK;YACrB,gBAAgB,EAAE,QAAQ;SAC1B,CAAC,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CACjD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EACtB,WAAW,EACX,SAAS,CACT,CAAC;QACF,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC/B,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,GAAY,EAAE,GAAa;QACtD,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YAC9C,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;YAC/D,OAAO;QACR,CAAC;QACD,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAC9C,IAAI,EACJ,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EACtB,OAAO,CAAC,gBAAgB,CACxB,CAAC;YACF,MAAM,OAAO,GAAG,IAAA,sBAAa,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC;YAC1D,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACtD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,yBAAyB,CACpD,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,YAAY,EACpB,OAAO,CAAC,cAAc,EACtB,OAAO,CAAC,qBAAqB,EAC7B,OAAO,CACP,CAAC;YACF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC7C,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;YACxD,CAAC;YACD,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACvB,aAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAE,GAAa,EAAE,OAAO,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;YACtF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QACvE,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,GAAY,EAAE,GAAa;QACnD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,gBAAgB,GAAG,CAAC,OAAe,EAAoB,EAAE,CAC9D,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,MAAM,GACX,IAAI,CAAC,UAAU,KAAK,eAAe;YAClC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,GAAG,EAAE,gBAAgB,CAAC;YACrE,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;YACvB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC7B,OAAO;QACR,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,YAAY,CAAC,GAAY,EAAE,GAAa;QACpD,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QACnD,IAAI,KAAK,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5E,IAAI,OAAO,EAAE,CAAC;gBACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBAC7D,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;oBAC1B,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACjD,CAAC;gBACD,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;gBACjD,IAAI,CAAC,MAAM,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;gBAC/C,aAAG,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACxC,CAAC;QACF,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;CACD;AA5ND,wCA4NC"}
@@ -1,32 +1,24 @@
1
1
  import express from 'express';
2
+ import type { CreatioClientConfig } from '../../creatio/';
2
3
  import type { Server } from '../mcp';
3
4
  export declare class HttpServer {
4
- private static readonly CLEANUP_INTERVAL_MS;
5
5
  private static readonly BODY_LIMIT;
6
- private static readonly RATE_LIMIT_AUTH_FLOW;
7
- private static readonly RATE_LIMIT_TOKEN;
8
- private static readonly RATE_LIMIT_REGISTER;
9
- private static readonly RATE_LIMIT_REVOKE;
6
+ private static readonly CLEANUP_INTERVAL_MS;
10
7
  private readonly _server;
11
8
  private readonly _app;
12
9
  private readonly _connections;
13
10
  private _srv;
14
11
  private _cleanupTimer;
15
12
  private readonly _sessionContext;
16
- private readonly _oauthServer;
17
13
  private readonly _middleware;
18
14
  private readonly _mcpHandlers;
19
- private readonly _creatioOauthHandlers;
20
- private readonly _mcpOauthHandlers;
15
+ private readonly _authEdge;
21
16
  get app(): express.Express;
22
- constructor(server: Server);
17
+ constructor(server: Server, config?: CreatioClientConfig);
23
18
  private _setupMiddleware;
24
19
  private _setupRoutes;
25
20
  private _setupMCPEndpoints;
26
- private _isNeedMCPOAuth;
27
- private _setupCreatioOAuthEndpoints;
28
- private _setupMCPOAuthEndpoints;
29
21
  start(port: number): Promise<void>;
30
22
  stop(): Promise<void>;
31
23
  }
32
- //# sourceMappingURL=httpServer.d.ts.map
24
+ //# sourceMappingURL=http-server.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"http-server.d.ts","sourceRoot":"","sources":["../../../src/server/http/http-server.ts"],"names":[],"mappings":"AAGA,OAAO,OAAO,MAAM,SAAS,CAAC;AAS9B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAErC,qBAAa,UAAU;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAU;IAC5C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAiB;IAC5D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAClD,OAAO,CAAC,IAAI,CAAe;IAC3B,OAAO,CAAC,aAAa,CAA6B;IAClD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA2B;IAC3D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAwB;IACpD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAuB;IAEjD,IAAW,GAAG,IAAI,OAAO,CAAC,OAAO,CAEhC;gBAEW,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,mBAAmB;IAQxD,OAAO,CAAC,gBAAgB;IAaxB,OAAO,CAAC,YAAY;IAKpB,OAAO,CAAC,kBAAkB;IAMnB,KAAK,CAAC,IAAI,EAAE,MAAM;IA4BZ,IAAI;CAoCjB"}
@@ -5,46 +5,30 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
5
5
  Object.defineProperty(exports, "__esModule", { value: true });
6
6
  exports.HttpServer = void 0;
7
7
  const express_1 = __importDefault(require("express"));
8
- const creatio_1 = require("../../creatio/");
9
8
  const log_1 = __importDefault(require("../../log"));
10
9
  const sessions_1 = require("../../sessions");
11
- const utils_1 = require("../../utils");
12
- const oauth_1 = require("../oauth");
13
- const creatio_oauth_handlers_1 = require("./creatio-oauth-handlers");
10
+ const auth_edge_1 = require("./auth-edge");
14
11
  const mcp_handlers_1 = require("./mcp-handlers");
15
- const mcp_oauth_handlers_1 = require("./mcp-oauth-handlers");
16
12
  const middleware_1 = require("./middleware");
17
13
  class HttpServer {
14
+ static BODY_LIMIT = '10mb';
18
15
  static CLEANUP_INTERVAL_MS = 5 * 60 * 1000;
19
- // Generous, configurable cap so large CRM payloads/filters are not truncated.
20
- // DoS on the OAuth surface is handled by the rate limiter (frequency), not body size.
21
- static BODY_LIMIT = (0, utils_1.env)('MCP_MAX_BODY_SIZE') || '10mb';
22
- // Per-route fixed-window limits (per client IP) for the unauthenticated OAuth surface.
23
- static RATE_LIMIT_AUTH_FLOW = { windowMs: 60_000, max: 60 };
24
- static RATE_LIMIT_TOKEN = { windowMs: 60_000, max: 30 };
25
- static RATE_LIMIT_REGISTER = { windowMs: 60_000, max: 10 };
26
- static RATE_LIMIT_REVOKE = { windowMs: 60_000, max: 20 };
27
16
  _server;
28
17
  _app = (0, express_1.default)();
29
18
  _connections = new Set();
30
19
  _srv;
31
20
  _cleanupTimer;
32
21
  _sessionContext = sessions_1.SessionContext.instance;
33
- _oauthServer;
34
- _middleware;
22
+ _middleware = new middleware_1.HttpMiddleware();
35
23
  _mcpHandlers;
36
- _creatioOauthHandlers;
37
- _mcpOauthHandlers;
24
+ _authEdge;
38
25
  get app() {
39
26
  return this._app;
40
27
  }
41
- constructor(server) {
28
+ constructor(server, config) {
42
29
  this._server = server;
43
- this._oauthServer = new oauth_1.OAuthServer();
44
- this._middleware = new middleware_1.HttpMiddleware(this._oauthServer);
45
30
  this._mcpHandlers = new mcp_handlers_1.McpHandlers(this._server);
46
- this._creatioOauthHandlers = new creatio_oauth_handlers_1.CreatioOAuthHandlers(this._server, this._oauthServer);
47
- this._mcpOauthHandlers = new mcp_oauth_handlers_1.MCPOAuthHandlers(this._oauthServer);
31
+ this._authEdge = (0, auth_edge_1.createAuthEdge)(config, this._sessionContext);
48
32
  this._setupMiddleware();
49
33
  this._setupRoutes();
50
34
  }
@@ -53,37 +37,22 @@ class HttpServer {
53
37
  this._app.use(this._middleware.requestLogging());
54
38
  this._app.use(express_1.default.json({ limit: HttpServer.BODY_LIMIT }));
55
39
  this._app.use(express_1.default.urlencoded({ extended: true, limit: HttpServer.BODY_LIMIT }));
56
- if (this._isNeedMCPOAuth()) {
57
- this._app.use('/mcp', this._middleware.bearerAuth());
40
+ // Guard /mcp with the configured auth strategy (delegated/gateway bearer, or the broker's
41
+ // own issued token); no edge means a single-identity config with nothing to authenticate.
42
+ if (this._authEdge) {
43
+ this._app.use('/mcp', this._authEdge.mcpAuth());
58
44
  }
59
45
  this._app.use(this._middleware.errorHandler());
60
46
  }
61
47
  _setupRoutes() {
62
48
  this._setupMCPEndpoints();
63
- if (this._isNeedMCPOAuth()) {
64
- this._setupCreatioOAuthEndpoints();
65
- this._setupMCPOAuthEndpoints();
66
- }
49
+ this._authEdge?.registerRoutes(this._app, (o) => this._middleware.rateLimit(o));
67
50
  }
68
51
  _setupMCPEndpoints() {
69
52
  this._app.post('/mcp', (req, res) => this._mcpHandlers.handleMcpPost(req, res));
70
53
  this._app.get('/mcp', (req, res) => this._mcpHandlers.handleSessionRequest(req, res));
71
54
  this._app.delete('/mcp', (req, res) => this._mcpHandlers.handleSessionRequest(req, res));
72
55
  }
73
- _isNeedMCPOAuth() {
74
- return this._server.authProvider.type === creatio_1.AuthProviderType.OAuth2Code;
75
- }
76
- _setupCreatioOAuthEndpoints() {
77
- this._app.get('/oauth/start', this._middleware.rateLimit(HttpServer.RATE_LIMIT_AUTH_FLOW), (req, res) => this._creatioOauthHandlers.handleOAuthStart(req, res));
78
- this._app.get('/oauth/callback', this._middleware.rateLimit(HttpServer.RATE_LIMIT_AUTH_FLOW), (req, res) => this._creatioOauthHandlers.handleOAuthCallback(req, res));
79
- this._app.post('/oauth/revoke', this._middleware.rateLimit(HttpServer.RATE_LIMIT_REVOKE), this._middleware.bearerAuth(), (req, res) => this._creatioOauthHandlers.handleOAuthRevoke(req, res));
80
- }
81
- _setupMCPOAuthEndpoints() {
82
- this._app.get('/.well-known/oauth-authorization-server', (req, res) => this._mcpOauthHandlers.handleMetadata(req, res));
83
- this._app.post('/register', this._middleware.rateLimit(HttpServer.RATE_LIMIT_REGISTER), (req, res) => this._mcpOauthHandlers.handleClientRegistration(req, res));
84
- this._app.get('/authorize', this._middleware.rateLimit(HttpServer.RATE_LIMIT_AUTH_FLOW), (req, res) => this._mcpOauthHandlers.handleAuthorization(req, res));
85
- this._app.post('/token', this._middleware.rateLimit(HttpServer.RATE_LIMIT_TOKEN), (req, res) => this._mcpOauthHandlers.handleTokenExchange(req, res));
86
- }
87
56
  start(port) {
88
57
  return new Promise((resolve, reject) => {
89
58
  this._srv = this._app.listen(port, () => {
@@ -100,15 +69,12 @@ class HttpServer {
100
69
  this._connections.add(socket);
101
70
  socket.once('close', () => this._connections.delete(socket));
102
71
  });
103
- // Periodically evict expired OAuth codes/states and unreachable user tokens so
104
- // these maps stay bounded over a long-running process. Unref'd so it never holds
105
- // the event loop open.
106
- this._cleanupTimer = setInterval(() => {
107
- this._oauthServer.cleanup();
108
- this._sessionContext.cleanupExpiredOAuthStates();
109
- this._sessionContext.evictStaleTokens();
110
- }, HttpServer.CLEANUP_INTERVAL_MS);
111
- this._cleanupTimer.unref();
72
+ // Some edges (broker) keep transient state to evict periodically so the maps stay
73
+ // bounded. Unref'd so it never holds the loop open.
74
+ if (this._authEdge?.cleanup) {
75
+ this._cleanupTimer = setInterval(() => this._authEdge.cleanup(), HttpServer.CLEANUP_INTERVAL_MS);
76
+ this._cleanupTimer.unref();
77
+ }
112
78
  });
113
79
  }
114
80
  async stop() {
@@ -124,7 +90,7 @@ class HttpServer {
124
90
  }
125
91
  if (this._srv) {
126
92
  try {
127
- await this._server.stopMcp();
93
+ await this._server.stopAll();
128
94
  await new Promise((resolve) => {
129
95
  this._srv.close(() => resolve());
130
96
  });
@@ -153,4 +119,4 @@ class HttpServer {
153
119
  }
154
120
  }
155
121
  exports.HttpServer = HttpServer;
156
- //# sourceMappingURL=httpServer.js.map
122
+ //# sourceMappingURL=http-server.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"http-server.js","sourceRoot":"","sources":["../../../src/server/http/http-server.ts"],"names":[],"mappings":";;;;;;AAGA,sDAA8B;AAE9B,oDAA4B;AAC5B,6CAAgD;AAEhD,2CAAuD;AACvD,iDAA6C;AAC7C,6CAA8C;AAK9C,MAAa,UAAU;IACd,MAAM,CAAU,UAAU,GAAG,MAAM,CAAC;IACpC,MAAM,CAAU,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAC3C,OAAO,CAAS;IAChB,IAAI,GAAG,IAAA,iBAAO,GAAE,CAAC;IACjB,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IAC1C,IAAI,CAAe;IACnB,aAAa,CAA6B;IACjC,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,WAAW,GAAG,IAAI,2BAAc,EAAE,CAAC;IACnC,YAAY,CAAc;IAC1B,SAAS,CAAuB;IAEjD,IAAW,GAAG;QACb,OAAO,IAAI,CAAC,IAAI,CAAC;IAClB,CAAC;IAED,YAAY,MAAc,EAAE,MAA4B;QACvD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,YAAY,GAAG,IAAI,0BAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,SAAS,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QAC9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,YAAY,EAAE,CAAC;IACrB,CAAC;IAEO,gBAAgB;QACvB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACpF,0FAA0F;QAC1F,0FAA0F;QAC1F,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC,CAAC;IAChD,CAAC;IAEO,YAAY;QACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IACjF,CAAC;IAEO,kBAAkB;QACzB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QAChF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACtF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1F,CAAC;IAEM,KAAK,CAAC,IAAY;QACxB,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC5C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;gBACvC,aAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACpB,OAAO,EAAE,CAAC;YACX,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC;YAC7E,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC7B,aAAG,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC5D,MAAM,CAAC,GAAG,CAAC,CAAC;YACb,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAc,EAAE,EAAE;gBAC7C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9D,CAAC,CAAC,CAAC;YACH,kFAAkF;YAClF,oDAAoD;YACpD,IAAI,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,CAAC;gBAC7B,IAAI,CAAC,aAAa,GAAG,WAAW,CAC/B,GAAG,EAAE,CAAC,IAAI,CAAC,SAAU,CAAC,OAAQ,EAAE,EAChC,UAAU,CAAC,mBAAmB,CAC9B,CAAC;gBACF,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YAC5B,CAAC;QACF,CAAC,CAAC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAClC,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;QAChC,CAAC;QACD,IAAI,CAAC;YACJ,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,aAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC;gBACJ,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;oBACnC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;gBAClC,CAAC,CAAC,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;QACF,CAAC;QACD,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC;gBACJ,MAAM,CAAC,OAAO,EAAE,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC;QACvD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC;gBACJ,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAC5B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnF,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAChD,CAAC;IACF,CAAC;;AAhHF,gCAiHC"}
@@ -1,6 +1,4 @@
1
- export * from './httpServer';
1
+ export * from './http-server';
2
2
  export * from './mcp-handlers';
3
3
  export * from './middleware';
4
- export * from './creatio-oauth-handlers';
5
- export * from './mcp-oauth-handlers';
6
4
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/http/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/http/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC"}
@@ -14,9 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
14
  for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
- __exportStar(require("./httpServer"), exports);
17
+ __exportStar(require("./http-server"), exports);
18
18
  __exportStar(require("./mcp-handlers"), exports);
19
19
  __exportStar(require("./middleware"), exports);
20
- __exportStar(require("./creatio-oauth-handlers"), exports);
21
- __exportStar(require("./mcp-oauth-handlers"), exports);
22
20
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/http/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,iDAA+B;AAC/B,+CAA6B;AAC7B,2DAAyC;AACzC,uDAAqC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/http/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,gDAA8B;AAC9B,iDAA+B;AAC/B,+CAA6B"}
@@ -1 +1 @@
1
- {"version":3,"file":"mcp-handlers.d.ts","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,qBAAa,WAAW;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA2B;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,MAAM;IAIb,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAmDzD,oBAAoB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;CAmB7E"}
1
+ {"version":3,"file":"mcp-handlers.d.ts","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,qBAAa,WAAW;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA2B;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,MAAM;IAIb,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IA4DzD,oBAAoB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;CAuB7E"}
@@ -41,13 +41,17 @@ class McpHandlers {
41
41
  }
42
42
  },
43
43
  });
44
+ // Each session gets its own McpServer (a single McpServer connects to one transport
45
+ // only). Release it when the transport closes so we don't leak servers or register
46
+ // late-probed tools into dead sessions.
47
+ const mcp = this._server.createSessionServer();
44
48
  transport.onclose = () => {
49
+ this._server.releaseSessionServer(mcp);
45
50
  if (transport?.sessionId) {
46
51
  log_1.default.sessionDisconnect(transport.sessionId, String(remoteIp));
47
52
  this._sessionContext.deleteSession(transport.sessionId);
48
53
  }
49
54
  };
50
- const mcp = await this._server.startMcp();
51
55
  await mcp.connect(transport);
52
56
  }
53
57
  else {
@@ -60,7 +64,14 @@ class McpHandlers {
60
64
  }
61
65
  const session = this._sessionContext.getSession(sessionId);
62
66
  const userKey = bearerUserKey || session?.userKey;
63
- await (0, utils_1.runWithContext)({ userKey, sessionId }, async () => transport.handleRequest(req, res, req.body));
67
+ const bearerToken = req.bearerToken;
68
+ const baseUrlOverride = req.baseUrlOverride;
69
+ await (0, utils_1.runWithContext)({ userKey, sessionId, bearerToken, baseUrlOverride }, async () => {
70
+ // Kick the one-time capability probe from inside the request context so its Creatio
71
+ // calls carry this caller's identity (broker mode has no user otherwise). Non-blocking.
72
+ this._server.ensureCapabilitiesProbed();
73
+ return transport.handleRequest(req, res, req.body);
74
+ });
64
75
  }
65
76
  async handleSessionRequest(req, res) {
66
77
  const sessionId = req.headers['mcp-session-id'];
@@ -78,7 +89,9 @@ class McpHandlers {
78
89
  // caller-supplied ?userKey=/x-user-key, which must not override an authenticated
79
90
  // identity (CWE-639).
80
91
  const userKey = req.userKey || session?.userKey || (0, utils_1.getUserKeyFromRequest)(req);
81
- await (0, utils_1.runWithContext)({ userKey, sessionId }, async () => transport.handleRequest(req, res));
92
+ const bearerToken = req.bearerToken;
93
+ const baseUrlOverride = req.baseUrlOverride;
94
+ await (0, utils_1.runWithContext)({ userKey, sessionId, bearerToken, baseUrlOverride }, async () => transport.handleRequest(req, res));
82
95
  }
83
96
  }
84
97
  exports.McpHandlers = McpHandlers;
@@ -1 +1 @@
1
- {"version":3,"file":"mcp-handlers.js","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AAEzC,0FAAmG;AACnG,iEAAyE;AAEzE,oDAA4B;AAC5B,6CAAgD;AAChD,uCAKqB;AAKrB,MAAa,WAAW;IACN,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,OAAO,CAAS;IAEjC,YAAY,MAAc;QACzB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,GAAY,EAAE,GAAa;QACrD,MAAM,SAAS,GAAG,IAAA,+BAAuB,EAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,aAAa,GAAI,GAAW,CAAC,OAAO,CAAC;QAC3C,IAAI,SAAoD,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;QAClC,IAAI,SAAS,IAAI,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAC3D,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;YAC/B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAClC,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;gBACpD,aAAG,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,CAAC;QACF,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC7C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE;oBAC7B,IAAI,SAAS,EAAE,CAAC;wBACf,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CACjD,GAAG,EACH,aAAa,EACb,QAAQ,CACR,CAAC;wBACF,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;wBACzD,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;wBAC9C,aAAG,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC3C,CAAC;gBACF,CAAC;aACD,CAAC,CAAC;YACH,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACxB,IAAI,SAAS,EAAE,SAAS,EAAE,CAAC;oBAC1B,aAAG,CAAC,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC7D,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;gBACzD,CAAC;YACF,CAAC,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,GAAG,CAAC,OAAO,CAAC,SAAgB,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,2CAA2C,EAAE;gBAC7E,EAAE,EAAE,IAAI;aACR,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,aAAa,IAAI,OAAO,EAAE,OAAO,CAAC;QAClD,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,KAAK,IAAI,EAAE,CACvD,SAAU,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAC5C,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAAC,GAAY,EAAE,GAAa;QAC5D,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YACtD,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;QACrC,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YACjD,OAAO;QACR,CAAC;QACD,8EAA8E;QAC9E,iFAAiF;QACjF,sBAAsB;QACtB,MAAM,OAAO,GACX,GAAW,CAAC,OAAO,IAAI,OAAO,EAAE,OAAO,IAAI,IAAA,6BAAqB,EAAC,GAAU,CAAC,CAAC;QAC/E,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,KAAK,IAAI,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAC7F,CAAC;CACD;AA9ED,kCA8EC"}
1
+ {"version":3,"file":"mcp-handlers.js","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AAEzC,0FAAmG;AACnG,iEAAyE;AAEzE,oDAA4B;AAC5B,6CAAgD;AAChD,uCAKqB;AAKrB,MAAa,WAAW;IACN,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,OAAO,CAAS;IAEjC,YAAY,MAAc;QACzB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,GAAY,EAAE,GAAa;QACrD,MAAM,SAAS,GAAG,IAAA,+BAAuB,EAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,aAAa,GAAI,GAAW,CAAC,OAAO,CAAC;QAC3C,IAAI,SAAoD,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;QAClC,IAAI,SAAS,IAAI,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAC3D,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;YAC/B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAClC,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;gBACpD,aAAG,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,CAAC;QACF,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC7C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE;oBAC7B,IAAI,SAAS,EAAE,CAAC;wBACf,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CACjD,GAAG,EACH,aAAa,EACb,QAAQ,CACR,CAAC;wBACF,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;wBACzD,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;wBAC9C,aAAG,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC3C,CAAC;gBACF,CAAC;aACD,CAAC,CAAC;YACH,oFAAoF;YACpF,mFAAmF;YACnF,wCAAwC;YACxC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;YAC/C,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACxB,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;gBACvC,IAAI,SAAS,EAAE,SAAS,EAAE,CAAC;oBAC1B,aAAG,CAAC,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC7D,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;gBACzD,CAAC;YACF,CAAC,CAAC;YACF,MAAM,GAAG,CAAC,OAAO,CAAC,SAAgB,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,2CAA2C,EAAE;gBAC7E,EAAE,EAAE,IAAI;aACR,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,aAAa,IAAI,OAAO,EAAE,OAAO,CAAC;QAClD,MAAM,WAAW,GAAI,GAAW,CAAC,WAAiC,CAAC;QACnE,MAAM,eAAe,GAAI,GAAW,CAAC,eAAqC,CAAC;QAC3E,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,EAAE,KAAK,IAAI,EAAE;YACrF,oFAAoF;YACpF,wFAAwF;YACxF,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACxC,OAAO,SAAU,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAAC,GAAY,EAAE,GAAa;QAC5D,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YACtD,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;QACrC,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YACjD,OAAO;QACR,CAAC;QACD,8EAA8E;QAC9E,iFAAiF;QACjF,sBAAsB;QACtB,MAAM,OAAO,GACX,GAAW,CAAC,OAAO,IAAI,OAAO,EAAE,OAAO,IAAI,IAAA,6BAAqB,EAAC,GAAU,CAAC,CAAC;QAC/E,MAAM,WAAW,GAAI,GAAW,CAAC,WAAiC,CAAC;QACnE,MAAM,eAAe,GAAI,GAAW,CAAC,eAAqC,CAAC;QAC3E,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,EAAE,KAAK,IAAI,EAAE,CACrF,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CACjC,CAAC;IACH,CAAC;CACD;AA3FD,kCA2FC"}
@@ -1,16 +1,15 @@
1
1
  import type { RateLimitOptions } from './rate-limiter';
2
- import type { OAuthServer } from '../oauth';
3
2
  import type { NextFunction, Request, Response } from 'express';
3
+ /** Redact sensitive query-string values from a URL before it is logged, preserving the path + the
4
+ * non-sensitive params (which are useful for debugging). Robust to relative URLs. */
5
+ export declare function redactUrl(url: string): string;
4
6
  export declare class HttpMiddleware {
5
- private readonly _oauthServer;
6
- constructor(oauthServer: OAuthServer);
7
7
  /**
8
8
  * Per-route fixed-window rate limit, keyed by the real connection IP (req.ip /
9
9
  * socket address) rather than the spoofable X-Forwarded-For header, so an
10
10
  * attacker cannot bypass the limit by rotating that header.
11
11
  */
12
12
  rateLimit(options: RateLimitOptions): (req: Request, res: Response, next: NextFunction) => void;
13
- bearerAuth(): (req: Request, res: Response, next: NextFunction) => void;
14
13
  errorHandler(): (error: Error, req: Request, res: Response, next: NextFunction) => void;
15
14
  correlationId(): (req: Request, res: Response, next: NextFunction) => void;
16
15
  requestLogging(): (req: Request, res: Response, next: NextFunction) => void;
@@ -1 +1 @@
1
- {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/server/http/middleware.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE/D,qBAAa,cAAc;IAC1B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;gBAE/B,WAAW,EAAE,WAAW;IAIpC;;;;OAIG;IACI,SAAS,CAAC,OAAO,EAAE,gBAAgB,IAEjC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAgBjD,UAAU,KACR,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAkBjD,YAAY,KACV,OAAO,KAAK,EAAE,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAiB/D,aAAa,KACX,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAYjD,cAAc,KACZ,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;CAwBxD"}
1
+ {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/server/http/middleware.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAe/D;sFACsF;AACtF,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAc7C;AAED,qBAAa,cAAc;IAC1B;;;;OAIG;IACI,SAAS,CAAC,OAAO,EAAE,gBAAgB,IAEjC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAgBjD,YAAY,KACV,OAAO,KAAK,EAAE,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAiB/D,aAAa,KACX,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAYjD,cAAc,KACZ,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;CAyBxD"}