mcp-creatio 0.6.2 → 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +280 -156
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +27 -10
- package/dist/cli.js.map +1 -1
- package/dist/config-builder.d.ts +8 -0
- package/dist/config-builder.d.ts.map +1 -1
- package/dist/config-builder.js +147 -43
- package/dist/config-builder.js.map +1 -1
- package/dist/consts.d.ts.map +1 -1
- package/dist/consts.js +2 -1
- package/dist/consts.js.map +1 -1
- package/dist/creatio/auth/auth-manager.d.ts.map +1 -1
- package/dist/creatio/auth/auth-manager.js +5 -2
- package/dist/creatio/auth/auth-manager.js.map +1 -1
- package/dist/creatio/auth/auth.d.ts +4 -31
- package/dist/creatio/auth/auth.d.ts.map +1 -1
- package/dist/creatio/auth/auth.js +20 -26
- package/dist/creatio/auth/auth.js.map +1 -1
- package/dist/creatio/auth/constants.d.ts +14 -0
- package/dist/creatio/auth/constants.d.ts.map +1 -0
- package/dist/creatio/auth/constants.js +20 -0
- package/dist/creatio/auth/constants.js.map +1 -0
- package/dist/creatio/auth/contracts.d.ts +15 -0
- package/dist/creatio/auth/contracts.d.ts.map +1 -0
- package/dist/creatio/auth/contracts.js +3 -0
- package/dist/creatio/auth/contracts.js.map +1 -0
- package/dist/creatio/auth/headers.d.ts +3 -0
- package/dist/creatio/auth/headers.d.ts.map +1 -0
- package/dist/creatio/auth/headers.js +15 -0
- package/dist/creatio/auth/headers.js.map +1 -0
- package/dist/creatio/auth/identity.d.ts +8 -0
- package/dist/creatio/auth/identity.d.ts.map +1 -0
- package/dist/creatio/auth/identity.js +18 -0
- package/dist/creatio/auth/identity.js.map +1 -0
- package/dist/creatio/auth/index.d.ts +4 -3
- package/dist/creatio/auth/index.d.ts.map +1 -1
- package/dist/creatio/auth/index.js +5 -3
- package/dist/creatio/auth/index.js.map +1 -1
- package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +13 -7
- package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -1
- package/dist/creatio/auth/providers/base-oauth2-provider.js +29 -19
- package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -1
- package/dist/creatio/auth/providers/base-provider.js +1 -1
- package/dist/creatio/auth/providers/base-provider.js.map +1 -1
- package/dist/creatio/auth/providers/broker-provider.d.ts +20 -0
- package/dist/creatio/auth/providers/broker-provider.d.ts.map +1 -0
- package/dist/creatio/auth/providers/broker-provider.js +72 -0
- package/dist/creatio/auth/providers/broker-provider.js.map +1 -0
- package/dist/creatio/auth/providers/creatio-oauth-client.d.ts +27 -0
- package/dist/creatio/auth/providers/creatio-oauth-client.d.ts.map +1 -0
- package/dist/creatio/auth/providers/creatio-oauth-client.js +122 -0
- package/dist/creatio/auth/providers/creatio-oauth-client.js.map +1 -0
- package/dist/creatio/auth/providers/index.d.ts +3 -1
- package/dist/creatio/auth/providers/index.d.ts.map +1 -1
- package/dist/creatio/auth/providers/index.js +3 -1
- package/dist/creatio/auth/providers/index.js.map +1 -1
- package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts +17 -0
- package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts.map +1 -0
- package/dist/creatio/auth/providers/oauth2-bearer-provider.js +33 -0
- package/dist/creatio/auth/providers/oauth2-bearer-provider.js.map +1 -0
- package/dist/creatio/auth/providers/oauth2-provider.d.ts +2 -2
- package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -1
- package/dist/creatio/auth/providers/oauth2-provider.js +4 -9
- package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -1
- package/dist/creatio/auth/providers/type.d.ts +20 -1
- package/dist/creatio/auth/providers/type.d.ts.map +1 -1
- package/dist/creatio/auth/providers/type.js +22 -2
- package/dist/creatio/auth/providers/type.js.map +1 -1
- package/dist/creatio/client-config.d.ts +26 -5
- package/dist/creatio/client-config.d.ts.map +1 -1
- package/dist/creatio/engines/admin-operation-engine.d.ts +1 -1
- package/dist/creatio/engines/admin-operation-engine.d.ts.map +1 -1
- package/dist/creatio/engines/admin-operation-engine.js +3 -3
- package/dist/creatio/engines/admin-operation-engine.js.map +1 -1
- package/dist/creatio/engines/configuration-engine.d.ts +1 -1
- package/dist/creatio/engines/configuration-engine.d.ts.map +1 -1
- package/dist/creatio/engines/configuration-engine.js +3 -3
- package/dist/creatio/engines/configuration-engine.js.map +1 -1
- package/dist/creatio/engines/crud-engine.d.ts +1 -1
- package/dist/creatio/engines/crud-engine.d.ts.map +1 -1
- package/dist/creatio/engines/crud-engine.js +4 -4
- package/dist/creatio/engines/crud-engine.js.map +1 -1
- package/dist/creatio/engines/engine-manager.d.ts +4 -2
- package/dist/creatio/engines/engine-manager.d.ts.map +1 -1
- package/dist/creatio/engines/engine-manager.js +9 -10
- package/dist/creatio/engines/engine-manager.js.map +1 -1
- package/dist/creatio/engines/engine.d.ts.map +1 -1
- package/dist/creatio/engines/engine.js +12 -1
- package/dist/creatio/engines/engine.js.map +1 -1
- package/dist/creatio/engines/feature-engine.d.ts +1 -1
- package/dist/creatio/engines/feature-engine.d.ts.map +1 -1
- package/dist/creatio/engines/feature-engine.js +3 -3
- package/dist/creatio/engines/feature-engine.js.map +1 -1
- package/dist/creatio/engines/process-engine.d.ts +1 -1
- package/dist/creatio/engines/process-engine.d.ts.map +1 -1
- package/dist/creatio/engines/process-engine.js +3 -3
- package/dist/creatio/engines/process-engine.js.map +1 -1
- package/dist/creatio/engines/sys-settings-engine.d.ts +1 -1
- package/dist/creatio/engines/sys-settings-engine.d.ts.map +1 -1
- package/dist/creatio/engines/sys-settings-engine.js +3 -3
- package/dist/creatio/engines/sys-settings-engine.js.map +1 -1
- package/dist/creatio/engines/user-engine.d.ts +1 -1
- package/dist/creatio/engines/user-engine.d.ts.map +1 -1
- package/dist/creatio/engines/user-engine.js +3 -3
- package/dist/creatio/engines/user-engine.js.map +1 -1
- package/dist/creatio/provider-context.d.ts +3 -0
- package/dist/creatio/provider-context.d.ts.map +1 -1
- package/dist/creatio/services/client-cache-hash-client.d.ts +22 -0
- package/dist/creatio/services/client-cache-hash-client.d.ts.map +1 -0
- package/dist/creatio/services/client-cache-hash-client.js +56 -0
- package/dist/creatio/services/client-cache-hash-client.js.map +1 -0
- package/dist/creatio/services/creatio-service-context.d.ts +6 -1
- package/dist/creatio/services/creatio-service-context.d.ts.map +1 -1
- package/dist/creatio/services/creatio-service-context.js +15 -1
- package/dist/creatio/services/creatio-service-context.js.map +1 -1
- package/dist/creatio/services/crud-provider-factory.d.ts +4 -0
- package/dist/creatio/services/crud-provider-factory.d.ts.map +1 -1
- package/dist/creatio/services/crud-provider-factory.js +1 -1
- package/dist/creatio/services/crud-provider-factory.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-column-values.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts +5 -3
- package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-crud-provider.js +8 -6
- package/dist/creatio/services/dataservice/data-service-crud-provider.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-filter-translator.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-filter-translator.js +7 -2
- package/dist/creatio/services/dataservice/data-service-filter-translator.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-query-builder.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-query-builder.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-schema.d.ts +6 -4
- package/dist/creatio/services/dataservice/data-service-schema.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-schema.js +29 -18
- package/dist/creatio/services/dataservice/data-service-schema.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-transport.d.ts +4 -1
- package/dist/creatio/services/dataservice/data-service-transport.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-transport.js +8 -3
- package/dist/creatio/services/dataservice/data-service-transport.js.map +1 -1
- package/dist/creatio/services/dataservice/data-service-types.d.ts +0 -19
- package/dist/creatio/services/dataservice/data-service-types.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-value-type.d.ts +2 -1
- package/dist/creatio/services/dataservice/data-service-value-type.d.ts.map +1 -1
- package/dist/creatio/services/dataservice/data-service-value-type.js +20 -16
- package/dist/creatio/services/dataservice/data-service-value-type.js.map +1 -1
- package/dist/creatio/services/http-client.d.ts +13 -0
- package/dist/creatio/services/http-client.d.ts.map +1 -1
- package/dist/creatio/services/http-client.js +26 -2
- package/dist/creatio/services/http-client.js.map +1 -1
- package/dist/creatio/services/identifiers.d.ts +10 -0
- package/dist/creatio/services/identifiers.d.ts.map +1 -0
- package/dist/creatio/services/identifiers.js +20 -0
- package/dist/creatio/services/identifiers.js.map +1 -0
- package/dist/creatio/services/index.d.ts +2 -0
- package/dist/creatio/services/index.d.ts.map +1 -1
- package/dist/creatio/services/index.js +2 -0
- package/dist/creatio/services/index.js.map +1 -1
- package/dist/creatio/services/odata/metadata-store.d.ts +16 -3
- package/dist/creatio/services/odata/metadata-store.d.ts.map +1 -1
- package/dist/creatio/services/odata/metadata-store.js +65 -38
- package/dist/creatio/services/odata/metadata-store.js.map +1 -1
- package/dist/creatio/services/odata/odata-crud-provider.d.ts.map +1 -1
- package/dist/creatio/services/odata/odata-crud-provider.js +10 -25
- package/dist/creatio/services/odata/odata-crud-provider.js.map +1 -1
- package/dist/creatio/services/odata/odata-query-translator.d.ts +4 -5
- package/dist/creatio/services/odata/odata-query-translator.d.ts.map +1 -1
- package/dist/creatio/services/odata/odata-query-translator.js +32 -20
- package/dist/creatio/services/odata/odata-query-translator.js.map +1 -1
- package/dist/creatio/services/schema-freshness-gate.d.ts +26 -0
- package/dist/creatio/services/schema-freshness-gate.d.ts.map +1 -0
- package/dist/creatio/services/schema-freshness-gate.js +58 -0
- package/dist/creatio/services/schema-freshness-gate.js.map +1 -0
- package/dist/creatio/services/user-info-provider.d.ts.map +1 -1
- package/dist/creatio/services/user-info-provider.js +2 -2
- package/dist/creatio/services/user-info-provider.js.map +1 -1
- package/dist/index.js +35 -4
- package/dist/index.js.map +1 -1
- package/dist/log.d.ts +1 -1
- package/dist/log.d.ts.map +1 -1
- package/dist/log.js +6 -2
- package/dist/log.js.map +1 -1
- package/dist/server/bearer/base-url-guard.d.ts +20 -0
- package/dist/server/bearer/base-url-guard.d.ts.map +1 -0
- package/dist/server/bearer/base-url-guard.js +55 -0
- package/dist/server/bearer/base-url-guard.js.map +1 -0
- package/dist/server/bearer/bearer-edge.d.ts +42 -0
- package/dist/server/bearer/bearer-edge.d.ts.map +1 -0
- package/dist/server/bearer/bearer-edge.js +122 -0
- package/dist/server/bearer/bearer-edge.js.map +1 -0
- package/dist/server/bearer/bearer-token.d.ts +27 -0
- package/dist/server/bearer/bearer-token.d.ts.map +1 -0
- package/dist/server/bearer/bearer-token.js +50 -0
- package/dist/server/bearer/bearer-token.js.map +1 -0
- package/dist/server/bearer/index.d.ts +3 -0
- package/dist/server/bearer/index.d.ts.map +1 -0
- package/dist/server/bearer/index.js +19 -0
- package/dist/server/bearer/index.js.map +1 -0
- package/dist/server/http/auth-edge.d.ts +26 -0
- package/dist/server/http/auth-edge.d.ts.map +1 -0
- package/dist/server/http/auth-edge.js +75 -0
- package/dist/server/http/auth-edge.js.map +1 -0
- package/dist/server/http/broker-handlers.d.ts +45 -0
- package/dist/server/http/broker-handlers.d.ts.map +1 -0
- package/dist/server/http/broker-handlers.js +224 -0
- package/dist/server/http/broker-handlers.js.map +1 -0
- package/dist/server/http/{httpServer.d.ts → http-server.d.ts} +5 -13
- package/dist/server/http/http-server.d.ts.map +1 -0
- package/dist/server/http/{httpServer.js → http-server.js} +19 -53
- package/dist/server/http/http-server.js.map +1 -0
- package/dist/server/http/index.d.ts +1 -3
- package/dist/server/http/index.d.ts.map +1 -1
- package/dist/server/http/index.js +1 -3
- package/dist/server/http/index.js.map +1 -1
- package/dist/server/http/mcp-handlers.d.ts.map +1 -1
- package/dist/server/http/mcp-handlers.js +16 -3
- package/dist/server/http/mcp-handlers.js.map +1 -1
- package/dist/server/http/middleware.d.ts +3 -4
- package/dist/server/http/middleware.d.ts.map +1 -1
- package/dist/server/http/middleware.js +33 -23
- package/dist/server/http/middleware.js.map +1 -1
- package/dist/server/http/public-origin.d.ts +10 -0
- package/dist/server/http/public-origin.d.ts.map +1 -0
- package/dist/server/http/public-origin.js +19 -0
- package/dist/server/http/public-origin.js.map +1 -0
- package/dist/server/http/rate-limiter.d.ts +1 -1
- package/dist/server/http/rate-limiter.d.ts.map +1 -1
- package/dist/server/http/rate-limiter.js +11 -11
- package/dist/server/http/rate-limiter.js.map +1 -1
- package/dist/server/http-agent.d.ts +9 -0
- package/dist/server/http-agent.d.ts.map +1 -0
- package/dist/server/http-agent.js +35 -0
- package/dist/server/http-agent.js.map +1 -0
- package/dist/server/index.d.ts +2 -0
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +2 -0
- package/dist/server/index.js.map +1 -1
- package/dist/server/keepalive.d.ts +26 -0
- package/dist/server/keepalive.d.ts.map +1 -0
- package/dist/server/keepalive.js +64 -0
- package/dist/server/keepalive.js.map +1 -0
- package/dist/server/mcp/creatio-rest.d.ts +6 -0
- package/dist/server/mcp/creatio-rest.d.ts.map +1 -1
- package/dist/server/mcp/creatio-rest.js +21 -3
- package/dist/server/mcp/creatio-rest.js.map +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts.map +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-client.js +16 -13
- package/dist/server/mcp/crtmcp/crt-mcp-client.js.map +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts +2 -2
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts.map +1 -1
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js +17 -17
- package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js.map +1 -1
- package/dist/server/mcp/dataforge/dataforge-client.d.ts +12 -12
- package/dist/server/mcp/dataforge/dataforge-client.d.ts.map +1 -1
- package/dist/server/mcp/dataforge/dataforge-client.js +40 -47
- package/dist/server/mcp/dataforge/dataforge-client.js.map +1 -1
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts +2 -2
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts.map +1 -1
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.js +9 -9
- package/dist/server/mcp/dataforge/dataforge-tool-preparer.js.map +1 -1
- package/dist/server/mcp/filters.d.ts.map +1 -1
- package/dist/server/mcp/filters.js +4 -1
- package/dist/server/mcp/filters.js.map +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-client.d.ts +4 -4
- package/dist/server/mcp/globalsearch/globalsearch-client.d.ts.map +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-client.js +39 -50
- package/dist/server/mcp/globalsearch/globalsearch-client.js.map +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts.map +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js +1 -1
- package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js.map +1 -1
- package/dist/server/mcp/server.d.ts +35 -8
- package/dist/server/mcp/server.d.ts.map +1 -1
- package/dist/server/mcp/server.js +113 -45
- package/dist/server/mcp/server.js.map +1 -1
- package/dist/server/mcp/tools-data.d.ts +2 -2
- package/dist/server/mcp/tools-data.d.ts.map +1 -1
- package/dist/server/mcp/tools-data.js +1 -1
- package/dist/server/mcp/tools-data.js.map +1 -1
- package/dist/server/oauth/oauth-server.d.ts +41 -10
- package/dist/server/oauth/oauth-server.d.ts.map +1 -1
- package/dist/server/oauth/oauth-server.js +82 -48
- package/dist/server/oauth/oauth-server.js.map +1 -1
- package/dist/server/oauth/storage.d.ts +42 -5
- package/dist/server/oauth/storage.d.ts.map +1 -1
- package/dist/server/oauth/storage.js +81 -18
- package/dist/server/oauth/storage.js.map +1 -1
- package/dist/server/oauth/token-manager.d.ts +21 -4
- package/dist/server/oauth/token-manager.d.ts.map +1 -1
- package/dist/server/oauth/token-manager.js +18 -19
- package/dist/server/oauth/token-manager.js.map +1 -1
- package/dist/server/oauth/types.d.ts +0 -12
- package/dist/server/oauth/types.d.ts.map +1 -1
- package/dist/server/oauth/validators.d.ts.map +1 -1
- package/dist/server/oauth/validators.js +14 -5
- package/dist/server/oauth/validators.js.map +1 -1
- package/dist/sessions/index.d.ts +1 -1
- package/dist/sessions/index.d.ts.map +1 -1
- package/dist/sessions/index.js +1 -1
- package/dist/sessions/index.js.map +1 -1
- package/dist/sessions/redis-token-store.d.ts +22 -0
- package/dist/sessions/redis-token-store.d.ts.map +1 -0
- package/dist/sessions/redis-token-store.js +70 -0
- package/dist/sessions/redis-token-store.js.map +1 -0
- package/dist/sessions/session-context.d.ts +21 -40
- package/dist/sessions/session-context.d.ts.map +1 -1
- package/dist/sessions/session-context.js +25 -105
- package/dist/sessions/session-context.js.map +1 -1
- package/dist/sessions/token-crypto.d.ts +8 -0
- package/dist/sessions/token-crypto.d.ts.map +1 -0
- package/dist/sessions/token-crypto.js +43 -0
- package/dist/sessions/token-crypto.js.map +1 -0
- package/dist/sessions/token-store.d.ts +42 -0
- package/dist/sessions/token-store.d.ts.map +1 -0
- package/dist/sessions/token-store.js +66 -0
- package/dist/sessions/token-store.js.map +1 -0
- package/dist/utils/context.d.ts +12 -0
- package/dist/utils/context.d.ts.map +1 -1
- package/dist/utils/context.js +16 -0
- package/dist/utils/context.js.map +1 -1
- package/dist/utils/env-aliases.d.ts +9 -0
- package/dist/utils/env-aliases.d.ts.map +1 -0
- package/dist/utils/env-aliases.js +61 -0
- package/dist/utils/env-aliases.js.map +1 -0
- package/dist/utils/env.d.ts +5 -0
- package/dist/utils/env.d.ts.map +1 -1
- package/dist/utils/env.js +10 -1
- package/dist/utils/env.js.map +1 -1
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +1 -0
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/redact.d.ts +25 -0
- package/dist/utils/redact.d.ts.map +1 -0
- package/dist/utils/redact.js +64 -0
- package/dist/utils/redact.js.map +1 -0
- package/package.json +78 -76
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +0 -21
- package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +0 -1
- package/dist/creatio/auth/providers/oauth2-code-provider.js +0 -251
- package/dist/creatio/auth/providers/oauth2-code-provider.js.map +0 -1
- package/dist/server/http/creatio-oauth-handlers.d.ts +0 -13
- package/dist/server/http/creatio-oauth-handlers.d.ts.map +0 -1
- package/dist/server/http/creatio-oauth-handlers.js +0 -160
- package/dist/server/http/creatio-oauth-handlers.js.map +0 -1
- package/dist/server/http/httpServer.d.ts.map +0 -1
- package/dist/server/http/httpServer.js.map +0 -1
- package/dist/server/http/mcp-oauth-handlers.d.ts +0 -11
- package/dist/server/http/mcp-oauth-handlers.d.ts.map +0 -1
- package/dist/server/http/mcp-oauth-handlers.js +0 -118
- package/dist/server/http/mcp-oauth-handlers.js.map +0 -1
- package/dist/sessions/token-refresh-scheduler.d.ts +0 -16
- package/dist/sessions/token-refresh-scheduler.d.ts.map +0 -1
- package/dist/sessions/token-refresh-scheduler.js +0 -66
- package/dist/sessions/token-refresh-scheduler.js.map +0 -1
|
@@ -0,0 +1,224 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.BrokerHandlers = void 0;
|
|
7
|
+
const log_1 = __importDefault(require("../../log"));
|
|
8
|
+
const utils_1 = require("../../utils");
|
|
9
|
+
const bearer_1 = require("../bearer");
|
|
10
|
+
const oauth_1 = require("../oauth");
|
|
11
|
+
const public_origin_1 = require("./public-origin");
|
|
12
|
+
const PROTECTED_RESOURCE_METADATA_PATH = '/.well-known/oauth-protected-resource';
|
|
13
|
+
/** The public origin this AS advertises (honors CREATIO_MCP_PUBLIC_URL behind a proxy). */
|
|
14
|
+
function origin(req) {
|
|
15
|
+
return (0, public_origin_1.resolvePublicOrigin)(req);
|
|
16
|
+
}
|
|
17
|
+
/** RFC 8414 Authorization Server Metadata, built from the request origin (proxy-aware). */
|
|
18
|
+
function authServerMetadata(req) {
|
|
19
|
+
const base = origin(req);
|
|
20
|
+
return {
|
|
21
|
+
issuer: base,
|
|
22
|
+
authorization_endpoint: `${base}/authorize`,
|
|
23
|
+
token_endpoint: `${base}/token`,
|
|
24
|
+
registration_endpoint: `${base}/register`,
|
|
25
|
+
revocation_endpoint: `${base}/revoke`,
|
|
26
|
+
response_types_supported: ['code'],
|
|
27
|
+
grant_types_supported: ['authorization_code', 'refresh_token'],
|
|
28
|
+
token_endpoint_auth_methods_supported: ['none', 'client_secret_post'],
|
|
29
|
+
code_challenge_methods_supported: ['S256'],
|
|
30
|
+
scopes_supported: ['offline_access'],
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
/** The `iss`/`aud` the tokens this server issues are bound to: its own origin and `/mcp` resource.
|
|
34
|
+
* Derived from the (proxy-aware) request so issue and validate always agree for this deployment. */
|
|
35
|
+
function tokenAudience(req) {
|
|
36
|
+
const base = origin(req);
|
|
37
|
+
return { issuer: base, audience: `${base}/mcp` };
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Broker mode HTTP handlers: the MCP is its own OAuth 2.1 authorization server for clients and
|
|
41
|
+
* brokers the user login to Creatio (authorization_code + PKCE). The MCP-client PKCE and our own
|
|
42
|
+
* Creatio-leg PKCE are kept in separate fields (server-side {@link OAuthServer.createPendingAuthorization})
|
|
43
|
+
* — nothing is embedded in the Creatio `state`, so the two never collide.
|
|
44
|
+
*/
|
|
45
|
+
class BrokerHandlers {
|
|
46
|
+
_oauth;
|
|
47
|
+
_creatio;
|
|
48
|
+
_session;
|
|
49
|
+
_callbackPath = '/oauth/callback';
|
|
50
|
+
constructor(_oauth, _creatio, _session) {
|
|
51
|
+
this._oauth = _oauth;
|
|
52
|
+
this._creatio = _creatio;
|
|
53
|
+
this._session = _session;
|
|
54
|
+
}
|
|
55
|
+
_callbackUrl(req) {
|
|
56
|
+
return `${origin(req)}${this._callbackPath}`;
|
|
57
|
+
}
|
|
58
|
+
/** RFC 6750 `401` challenge pointing at our protected-resource metadata. `invalid_token` tells a
|
|
59
|
+
* client holding a now-unusable token to re-authenticate (vs. a plain "no credentials" prompt). */
|
|
60
|
+
_challenge(req, res, description, error = 'unauthorized') {
|
|
61
|
+
const resourceMetadata = `${origin(req)}${PROTECTED_RESOURCE_METADATA_PATH}`;
|
|
62
|
+
const params = [`Bearer resource_metadata="${resourceMetadata}"`];
|
|
63
|
+
if (error === 'invalid_token') {
|
|
64
|
+
params.push(`error="invalid_token"`, `error_description="${description}"`);
|
|
65
|
+
}
|
|
66
|
+
res.setHeader('WWW-Authenticate', params.join(', '));
|
|
67
|
+
res.status(401).json({ error, error_description: description });
|
|
68
|
+
}
|
|
69
|
+
_redirectError(res, redirectUri, error, state) {
|
|
70
|
+
const url = new URL(redirectUri);
|
|
71
|
+
url.searchParams.set('error', error.error);
|
|
72
|
+
if (error.error_description) {
|
|
73
|
+
url.searchParams.set('error_description', error.error_description);
|
|
74
|
+
}
|
|
75
|
+
if (state) {
|
|
76
|
+
url.searchParams.set('state', state);
|
|
77
|
+
}
|
|
78
|
+
res.redirect(302, url.toString());
|
|
79
|
+
}
|
|
80
|
+
handleMetadata(req, res) {
|
|
81
|
+
res.json(authServerMetadata(req));
|
|
82
|
+
}
|
|
83
|
+
/** RFC 9728: in broker mode WE are the authorization server, so it points back at this origin. */
|
|
84
|
+
handleProtectedResourceMetadata(req, res) {
|
|
85
|
+
const base = origin(req);
|
|
86
|
+
res.json((0, bearer_1.buildProtectedResourceMetadata)(`${base}/mcp`, base));
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Guards `/mcp`: validates the token THIS server issued, confirms we still hold the user's
|
|
90
|
+
* brokered Creatio tokens, and exposes the `userKey`. The Creatio tokens are kept in memory and
|
|
91
|
+
* are therefore lost on restart, while the token we issued (a stateless JWT) survives — so a
|
|
92
|
+
* reconnecting client looks authenticated but every Creatio call would fail. When the tokens are
|
|
93
|
+
* gone we answer `401` with `error="invalid_token"` so the client transparently re-runs OAuth.
|
|
94
|
+
*/
|
|
95
|
+
mcpAuth() {
|
|
96
|
+
return async (req, res, next) => {
|
|
97
|
+
const header = req.headers.authorization;
|
|
98
|
+
const userKey = header?.startsWith('Bearer ')
|
|
99
|
+
? this._oauth.validateAccessToken(header.slice(7), tokenAudience(req))
|
|
100
|
+
: null;
|
|
101
|
+
if (!userKey) {
|
|
102
|
+
this._challenge(req, res, 'Authorization required. Complete the OAuth flow to obtain a token.');
|
|
103
|
+
return;
|
|
104
|
+
}
|
|
105
|
+
if (!(await this._session.getTokensForUser(userKey))) {
|
|
106
|
+
this._challenge(req, res, 'Session expired; the server no longer holds your Creatio tokens. Re-authorize to continue.', 'invalid_token');
|
|
107
|
+
return;
|
|
108
|
+
}
|
|
109
|
+
req.userKey = userKey;
|
|
110
|
+
next();
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
handleRegister(req, res) {
|
|
114
|
+
const { redirect_uris } = req.body ?? {};
|
|
115
|
+
const error = oauth_1.OAuthValidators.validateClientRegistration(redirect_uris);
|
|
116
|
+
if (error) {
|
|
117
|
+
res.status(400).json({ error: 'invalid_request', error_description: error });
|
|
118
|
+
return;
|
|
119
|
+
}
|
|
120
|
+
res.status(201).json(this._oauth.registerClient(redirect_uris));
|
|
121
|
+
}
|
|
122
|
+
async handleAuthorize(req, res) {
|
|
123
|
+
const q = req.query;
|
|
124
|
+
const redirectUri = q.redirect_uri ?? '';
|
|
125
|
+
if (!redirectUri || !oauth_1.OAuthValidators.isAllowedRedirectUri(redirectUri)) {
|
|
126
|
+
res.status(400).json({
|
|
127
|
+
error: 'invalid_request',
|
|
128
|
+
error_description: 'Missing or disallowed redirect_uri',
|
|
129
|
+
});
|
|
130
|
+
return;
|
|
131
|
+
}
|
|
132
|
+
const params = {
|
|
133
|
+
client_id: q.client_id ?? '',
|
|
134
|
+
redirect_uri: redirectUri,
|
|
135
|
+
response_type: q.response_type ?? '',
|
|
136
|
+
code_challenge: q.code_challenge ?? '',
|
|
137
|
+
code_challenge_method: q.code_challenge_method ?? '',
|
|
138
|
+
...(q.state !== undefined ? { state: q.state } : {}),
|
|
139
|
+
...(q.scope !== undefined ? { scope: q.scope } : {}),
|
|
140
|
+
};
|
|
141
|
+
const validationError = this._oauth.validateAuthorizationRequest(params);
|
|
142
|
+
if (validationError) {
|
|
143
|
+
return this._redirectError(res, redirectUri, validationError, q.state);
|
|
144
|
+
}
|
|
145
|
+
// Our own Creatio-leg PKCE, kept server-side (never mixed into the Creatio state).
|
|
146
|
+
const { verifier, challenge } = await (0, utils_1.generatePkcePair)();
|
|
147
|
+
const brokerState = this._oauth.createPendingAuthorization({
|
|
148
|
+
client_id: params.client_id,
|
|
149
|
+
redirect_uri: redirectUri,
|
|
150
|
+
code_challenge: params.code_challenge,
|
|
151
|
+
code_challenge_method: params.code_challenge_method,
|
|
152
|
+
client_state: q.state,
|
|
153
|
+
creatio_verifier: verifier,
|
|
154
|
+
});
|
|
155
|
+
const creatioUrl = this._creatio.buildAuthorizeUrl(this._callbackUrl(req), brokerState, challenge);
|
|
156
|
+
res.redirect(302, creatioUrl);
|
|
157
|
+
}
|
|
158
|
+
async handleCallback(req, res) {
|
|
159
|
+
const code = String(req.query.code ?? '');
|
|
160
|
+
const brokerState = String(req.query.state ?? '');
|
|
161
|
+
if (!code || !brokerState) {
|
|
162
|
+
res.status(400).send('Missing code or state');
|
|
163
|
+
return;
|
|
164
|
+
}
|
|
165
|
+
const pending = this._oauth.takePendingAuthorization(brokerState);
|
|
166
|
+
if (!pending) {
|
|
167
|
+
res.status(400).send('Unknown or expired authorization state');
|
|
168
|
+
return;
|
|
169
|
+
}
|
|
170
|
+
try {
|
|
171
|
+
const tokens = await this._creatio.exchangeCode(code, this._callbackUrl(req), pending.creatio_verifier);
|
|
172
|
+
const userKey = (0, bearer_1.inspectBearer)(tokens.accessToken).userKey;
|
|
173
|
+
await this._session.setTokensForUser(userKey, tokens);
|
|
174
|
+
const mcpCode = this._oauth.generateAuthorizationCode(pending.client_id, pending.redirect_uri, pending.code_challenge, pending.code_challenge_method, userKey);
|
|
175
|
+
const target = new URL(pending.redirect_uri);
|
|
176
|
+
target.searchParams.set('code', mcpCode);
|
|
177
|
+
if (pending.client_state) {
|
|
178
|
+
target.searchParams.set('state', pending.client_state);
|
|
179
|
+
}
|
|
180
|
+
res.redirect(302, target.toString());
|
|
181
|
+
}
|
|
182
|
+
catch (err) {
|
|
183
|
+
log_1.default.error('broker.callback.error', { error: String(err?.message ?? err) });
|
|
184
|
+
res.status(502).send('Failed to complete authorization with Creatio');
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
async handleToken(req, res) {
|
|
188
|
+
const body = req.body ?? {};
|
|
189
|
+
const aud = tokenAudience(req);
|
|
190
|
+
const sessionStillHeld = (userKey) => this._session.getTokensForUser(userKey).then(Boolean);
|
|
191
|
+
const result = body.grant_type === 'refresh_token'
|
|
192
|
+
? await this._oauth.exchangeRefreshToken(body, aud, sessionStillHeld)
|
|
193
|
+
: await this._oauth.exchangeCodeForToken(body, aud);
|
|
194
|
+
if ('error' in result) {
|
|
195
|
+
res.status(400).json(result);
|
|
196
|
+
return;
|
|
197
|
+
}
|
|
198
|
+
res.json(result);
|
|
199
|
+
}
|
|
200
|
+
/**
|
|
201
|
+
* RFC 7009 token revocation / logout: invalidate the user's brokered session. Resolve the user
|
|
202
|
+
* from the presented token, revoke their Creatio token upstream (best-effort), and purge the
|
|
203
|
+
* server-side Creatio tokens + our issued refresh tokens. Always answers 200 — even for an
|
|
204
|
+
* unknown token — so it is not a token-validity oracle.
|
|
205
|
+
*/
|
|
206
|
+
async handleRevoke(req, res) {
|
|
207
|
+
const token = String((req.body ?? {}).token ?? '');
|
|
208
|
+
if (token) {
|
|
209
|
+
const userKey = this._oauth.resolveUserFromToken(token, tokenAudience(req));
|
|
210
|
+
if (userKey) {
|
|
211
|
+
const stored = await this._session.getTokensForUser(userKey);
|
|
212
|
+
if (stored?.refreshToken) {
|
|
213
|
+
await this._creatio.revoke(stored.refreshToken);
|
|
214
|
+
}
|
|
215
|
+
await this._session.deleteTokensForUser(userKey);
|
|
216
|
+
this._oauth.purgeRefreshTokensForUser(userKey);
|
|
217
|
+
log_1.default.info('broker.revoke', { userKey });
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
res.status(200).json({});
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
exports.BrokerHandlers = BrokerHandlers;
|
|
224
|
+
//# sourceMappingURL=broker-handlers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"broker-handlers.js","sourceRoot":"","sources":["../../../src/server/http/broker-handlers.ts"],"names":[],"mappings":";;;;;;AACA,oDAA4B;AAE5B,uCAA+C;AAC/C,sCAA0E;AAC1E,oCAAwD;AAExD,mDAAsD;AAItD,MAAM,gCAAgC,GAAG,uCAAuC,CAAC;AAEjF,2FAA2F;AAC3F,SAAS,MAAM,CAAC,GAAY;IAC3B,OAAO,IAAA,mCAAmB,EAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,2FAA2F;AAC3F,SAAS,kBAAkB,CAAC,GAAY;IACvC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,OAAO;QACN,MAAM,EAAE,IAAI;QACZ,sBAAsB,EAAE,GAAG,IAAI,YAAY;QAC3C,cAAc,EAAE,GAAG,IAAI,QAAQ;QAC/B,qBAAqB,EAAE,GAAG,IAAI,WAAW;QACzC,mBAAmB,EAAE,GAAG,IAAI,SAAS;QACrC,wBAAwB,EAAE,CAAC,MAAM,CAAC;QAClC,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;QAC9D,qCAAqC,EAAE,CAAC,MAAM,EAAE,oBAAoB,CAAC;QACrE,gCAAgC,EAAE,CAAC,MAAM,CAAC;QAC1C,gBAAgB,EAAE,CAAC,gBAAgB,CAAC;KACpC,CAAC;AACH,CAAC;AAED;qGACqG;AACrG,SAAS,aAAa,CAAC,GAAY;IAClC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,MAAM,EAAE,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAa,cAAc;IAIR;IACA;IACA;IALD,aAAa,GAAG,iBAAiB,CAAC;IAEnD,YACkB,MAAmB,EACnB,QAA4B,EAC5B,QAAwB;QAFxB,WAAM,GAAN,MAAM,CAAa;QACnB,aAAQ,GAAR,QAAQ,CAAoB;QAC5B,aAAQ,GAAR,QAAQ,CAAgB;IACvC,CAAC;IAEI,YAAY,CAAC,GAAY;QAChC,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9C,CAAC;IAED;wGACoG;IAC5F,UAAU,CACjB,GAAY,EACZ,GAAa,EACb,WAAmB,EACnB,QAA0C,cAAc;QAExD,MAAM,gBAAgB,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,gCAAgC,EAAE,CAAC;QAC7E,MAAM,MAAM,GAAG,CAAC,6BAA6B,gBAAgB,GAAG,CAAC,CAAC;QAClE,IAAI,KAAK,KAAK,eAAe,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE,sBAAsB,WAAW,GAAG,CAAC,CAAC;QAC5E,CAAC;QACD,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACrD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAE,CAAC,CAAC;IACjE,CAAC;IAEO,cAAc,CACrB,GAAa,EACb,WAAmB,EACnB,KAAoD,EACpD,KAAyB;QAEzB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACjC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC7B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnC,CAAC;IAEM,cAAc,CAAC,GAAY,EAAE,GAAa;QAChD,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;IACnC,CAAC;IAED,kGAAkG;IAC3F,+BAA+B,CAAC,GAAY,EAAE,GAAa;QACjE,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,IAAA,uCAA8B,EAAC,GAAG,IAAI,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED;;;;;;OAMG;IACI,OAAO;QACb,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;YAC/E,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YACzC,MAAM,OAAO,GAAG,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC;gBAC5C,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;gBACtE,CAAC,CAAC,IAAI,CAAC;YACR,IAAI,CAAC,OAAO,EAAE,CAAC;gBACd,IAAI,CAAC,UAAU,CACd,GAAG,EACH,GAAG,EACH,oEAAoE,CACpE,CAAC;gBACF,OAAO;YACR,CAAC;YACD,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;gBACtD,IAAI,CAAC,UAAU,CACd,GAAG,EACH,GAAG,EACH,4FAA4F,EAC5F,eAAe,CACf,CAAC;gBACF,OAAO;YACR,CAAC;YACA,GAAsC,CAAC,OAAO,GAAG,OAAO,CAAC;YAC1D,IAAI,EAAE,CAAC;QACR,CAAC,CAAC;IACH,CAAC;IAEM,cAAc,CAAC,GAAY,EAAE,GAAa;QAChD,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,uBAAe,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;QACxE,IAAI,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7E,OAAO;QACR,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC;IACjE,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,GAAY,EAAE,GAAa;QACvD,MAAM,CAAC,GAAG,GAAG,CAAC,KAA2C,CAAC;QAC1D,MAAM,WAAW,GAAG,CAAC,CAAC,YAAY,IAAI,EAAE,CAAC;QACzC,IAAI,CAAC,WAAW,IAAI,CAAC,uBAAe,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE,CAAC;YACxE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,iBAAiB;gBACxB,iBAAiB,EAAE,oCAAoC;aACvD,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,MAAM,MAAM,GAAG;YACd,SAAS,EAAE,CAAC,CAAC,SAAS,IAAI,EAAE;YAC5B,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,CAAC,CAAC,aAAa,IAAI,EAAE;YACpC,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,EAAE;YACtC,qBAAqB,EAAE,CAAC,CAAC,qBAAqB,IAAI,EAAE;YACpD,GAAG,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACpD,CAAC;QACF,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC;QACzE,IAAI,eAAe,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QACxE,CAAC;QACD,mFAAmF;QACnF,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,wBAAgB,GAAE,CAAC;QACzD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,0BAA0B,CAAC;YAC1D,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;YACnD,YAAY,EAAE,CAAC,CAAC,KAAK;YACrB,gBAAgB,EAAE,QAAQ;SAC1B,CAAC,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CACjD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EACtB,WAAW,EACX,SAAS,CACT,CAAC;QACF,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC/B,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,GAAY,EAAE,GAAa;QACtD,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YAC9C,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;YAC/D,OAAO;QACR,CAAC;QACD,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAC9C,IAAI,EACJ,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EACtB,OAAO,CAAC,gBAAgB,CACxB,CAAC;YACF,MAAM,OAAO,GAAG,IAAA,sBAAa,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC;YAC1D,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACtD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,yBAAyB,CACpD,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,YAAY,EACpB,OAAO,CAAC,cAAc,EACtB,OAAO,CAAC,qBAAqB,EAC7B,OAAO,CACP,CAAC;YACF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC7C,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBAC1B,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;YACxD,CAAC;YACD,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACvB,aAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAE,GAAa,EAAE,OAAO,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;YACtF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QACvE,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,GAAY,EAAE,GAAa;QACnD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,gBAAgB,GAAG,CAAC,OAAe,EAAoB,EAAE,CAC9D,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,MAAM,GACX,IAAI,CAAC,UAAU,KAAK,eAAe;YAClC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,GAAG,EAAE,gBAAgB,CAAC;YACrE,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;YACvB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC7B,OAAO;QACR,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,YAAY,CAAC,GAAY,EAAE,GAAa;QACpD,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QACnD,IAAI,KAAK,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5E,IAAI,OAAO,EAAE,CAAC;gBACb,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBAC7D,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;oBAC1B,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACjD,CAAC;gBACD,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;gBACjD,IAAI,CAAC,MAAM,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;gBAC/C,aAAG,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACxC,CAAC;QACF,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;CACD;AA5ND,wCA4NC"}
|
|
@@ -1,32 +1,24 @@
|
|
|
1
1
|
import express from 'express';
|
|
2
|
+
import type { CreatioClientConfig } from '../../creatio/';
|
|
2
3
|
import type { Server } from '../mcp';
|
|
3
4
|
export declare class HttpServer {
|
|
4
|
-
private static readonly CLEANUP_INTERVAL_MS;
|
|
5
5
|
private static readonly BODY_LIMIT;
|
|
6
|
-
private static readonly
|
|
7
|
-
private static readonly RATE_LIMIT_TOKEN;
|
|
8
|
-
private static readonly RATE_LIMIT_REGISTER;
|
|
9
|
-
private static readonly RATE_LIMIT_REVOKE;
|
|
6
|
+
private static readonly CLEANUP_INTERVAL_MS;
|
|
10
7
|
private readonly _server;
|
|
11
8
|
private readonly _app;
|
|
12
9
|
private readonly _connections;
|
|
13
10
|
private _srv;
|
|
14
11
|
private _cleanupTimer;
|
|
15
12
|
private readonly _sessionContext;
|
|
16
|
-
private readonly _oauthServer;
|
|
17
13
|
private readonly _middleware;
|
|
18
14
|
private readonly _mcpHandlers;
|
|
19
|
-
private readonly
|
|
20
|
-
private readonly _mcpOauthHandlers;
|
|
15
|
+
private readonly _authEdge;
|
|
21
16
|
get app(): express.Express;
|
|
22
|
-
constructor(server: Server);
|
|
17
|
+
constructor(server: Server, config?: CreatioClientConfig);
|
|
23
18
|
private _setupMiddleware;
|
|
24
19
|
private _setupRoutes;
|
|
25
20
|
private _setupMCPEndpoints;
|
|
26
|
-
private _isNeedMCPOAuth;
|
|
27
|
-
private _setupCreatioOAuthEndpoints;
|
|
28
|
-
private _setupMCPOAuthEndpoints;
|
|
29
21
|
start(port: number): Promise<void>;
|
|
30
22
|
stop(): Promise<void>;
|
|
31
23
|
}
|
|
32
|
-
//# sourceMappingURL=
|
|
24
|
+
//# sourceMappingURL=http-server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-server.d.ts","sourceRoot":"","sources":["../../../src/server/http/http-server.ts"],"names":[],"mappings":"AAGA,OAAO,OAAO,MAAM,SAAS,CAAC;AAS9B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAErC,qBAAa,UAAU;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAU;IAC5C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAiB;IAC5D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAClD,OAAO,CAAC,IAAI,CAAe;IAC3B,OAAO,CAAC,aAAa,CAA6B;IAClD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA2B;IAC3D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAwB;IACpD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAuB;IAEjD,IAAW,GAAG,IAAI,OAAO,CAAC,OAAO,CAEhC;gBAEW,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,mBAAmB;IAQxD,OAAO,CAAC,gBAAgB;IAaxB,OAAO,CAAC,YAAY;IAKpB,OAAO,CAAC,kBAAkB;IAMnB,KAAK,CAAC,IAAI,EAAE,MAAM;IA4BZ,IAAI;CAoCjB"}
|
|
@@ -5,46 +5,30 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.HttpServer = void 0;
|
|
7
7
|
const express_1 = __importDefault(require("express"));
|
|
8
|
-
const creatio_1 = require("../../creatio/");
|
|
9
8
|
const log_1 = __importDefault(require("../../log"));
|
|
10
9
|
const sessions_1 = require("../../sessions");
|
|
11
|
-
const
|
|
12
|
-
const oauth_1 = require("../oauth");
|
|
13
|
-
const creatio_oauth_handlers_1 = require("./creatio-oauth-handlers");
|
|
10
|
+
const auth_edge_1 = require("./auth-edge");
|
|
14
11
|
const mcp_handlers_1 = require("./mcp-handlers");
|
|
15
|
-
const mcp_oauth_handlers_1 = require("./mcp-oauth-handlers");
|
|
16
12
|
const middleware_1 = require("./middleware");
|
|
17
13
|
class HttpServer {
|
|
14
|
+
static BODY_LIMIT = '10mb';
|
|
18
15
|
static CLEANUP_INTERVAL_MS = 5 * 60 * 1000;
|
|
19
|
-
// Generous, configurable cap so large CRM payloads/filters are not truncated.
|
|
20
|
-
// DoS on the OAuth surface is handled by the rate limiter (frequency), not body size.
|
|
21
|
-
static BODY_LIMIT = (0, utils_1.env)('MCP_MAX_BODY_SIZE') || '10mb';
|
|
22
|
-
// Per-route fixed-window limits (per client IP) for the unauthenticated OAuth surface.
|
|
23
|
-
static RATE_LIMIT_AUTH_FLOW = { windowMs: 60_000, max: 60 };
|
|
24
|
-
static RATE_LIMIT_TOKEN = { windowMs: 60_000, max: 30 };
|
|
25
|
-
static RATE_LIMIT_REGISTER = { windowMs: 60_000, max: 10 };
|
|
26
|
-
static RATE_LIMIT_REVOKE = { windowMs: 60_000, max: 20 };
|
|
27
16
|
_server;
|
|
28
17
|
_app = (0, express_1.default)();
|
|
29
18
|
_connections = new Set();
|
|
30
19
|
_srv;
|
|
31
20
|
_cleanupTimer;
|
|
32
21
|
_sessionContext = sessions_1.SessionContext.instance;
|
|
33
|
-
|
|
34
|
-
_middleware;
|
|
22
|
+
_middleware = new middleware_1.HttpMiddleware();
|
|
35
23
|
_mcpHandlers;
|
|
36
|
-
|
|
37
|
-
_mcpOauthHandlers;
|
|
24
|
+
_authEdge;
|
|
38
25
|
get app() {
|
|
39
26
|
return this._app;
|
|
40
27
|
}
|
|
41
|
-
constructor(server) {
|
|
28
|
+
constructor(server, config) {
|
|
42
29
|
this._server = server;
|
|
43
|
-
this._oauthServer = new oauth_1.OAuthServer();
|
|
44
|
-
this._middleware = new middleware_1.HttpMiddleware(this._oauthServer);
|
|
45
30
|
this._mcpHandlers = new mcp_handlers_1.McpHandlers(this._server);
|
|
46
|
-
this.
|
|
47
|
-
this._mcpOauthHandlers = new mcp_oauth_handlers_1.MCPOAuthHandlers(this._oauthServer);
|
|
31
|
+
this._authEdge = (0, auth_edge_1.createAuthEdge)(config, this._sessionContext);
|
|
48
32
|
this._setupMiddleware();
|
|
49
33
|
this._setupRoutes();
|
|
50
34
|
}
|
|
@@ -53,37 +37,22 @@ class HttpServer {
|
|
|
53
37
|
this._app.use(this._middleware.requestLogging());
|
|
54
38
|
this._app.use(express_1.default.json({ limit: HttpServer.BODY_LIMIT }));
|
|
55
39
|
this._app.use(express_1.default.urlencoded({ extended: true, limit: HttpServer.BODY_LIMIT }));
|
|
56
|
-
|
|
57
|
-
|
|
40
|
+
// Guard /mcp with the configured auth strategy (delegated/gateway bearer, or the broker's
|
|
41
|
+
// own issued token); no edge means a single-identity config with nothing to authenticate.
|
|
42
|
+
if (this._authEdge) {
|
|
43
|
+
this._app.use('/mcp', this._authEdge.mcpAuth());
|
|
58
44
|
}
|
|
59
45
|
this._app.use(this._middleware.errorHandler());
|
|
60
46
|
}
|
|
61
47
|
_setupRoutes() {
|
|
62
48
|
this._setupMCPEndpoints();
|
|
63
|
-
|
|
64
|
-
this._setupCreatioOAuthEndpoints();
|
|
65
|
-
this._setupMCPOAuthEndpoints();
|
|
66
|
-
}
|
|
49
|
+
this._authEdge?.registerRoutes(this._app, (o) => this._middleware.rateLimit(o));
|
|
67
50
|
}
|
|
68
51
|
_setupMCPEndpoints() {
|
|
69
52
|
this._app.post('/mcp', (req, res) => this._mcpHandlers.handleMcpPost(req, res));
|
|
70
53
|
this._app.get('/mcp', (req, res) => this._mcpHandlers.handleSessionRequest(req, res));
|
|
71
54
|
this._app.delete('/mcp', (req, res) => this._mcpHandlers.handleSessionRequest(req, res));
|
|
72
55
|
}
|
|
73
|
-
_isNeedMCPOAuth() {
|
|
74
|
-
return this._server.authProvider.type === creatio_1.AuthProviderType.OAuth2Code;
|
|
75
|
-
}
|
|
76
|
-
_setupCreatioOAuthEndpoints() {
|
|
77
|
-
this._app.get('/oauth/start', this._middleware.rateLimit(HttpServer.RATE_LIMIT_AUTH_FLOW), (req, res) => this._creatioOauthHandlers.handleOAuthStart(req, res));
|
|
78
|
-
this._app.get('/oauth/callback', this._middleware.rateLimit(HttpServer.RATE_LIMIT_AUTH_FLOW), (req, res) => this._creatioOauthHandlers.handleOAuthCallback(req, res));
|
|
79
|
-
this._app.post('/oauth/revoke', this._middleware.rateLimit(HttpServer.RATE_LIMIT_REVOKE), this._middleware.bearerAuth(), (req, res) => this._creatioOauthHandlers.handleOAuthRevoke(req, res));
|
|
80
|
-
}
|
|
81
|
-
_setupMCPOAuthEndpoints() {
|
|
82
|
-
this._app.get('/.well-known/oauth-authorization-server', (req, res) => this._mcpOauthHandlers.handleMetadata(req, res));
|
|
83
|
-
this._app.post('/register', this._middleware.rateLimit(HttpServer.RATE_LIMIT_REGISTER), (req, res) => this._mcpOauthHandlers.handleClientRegistration(req, res));
|
|
84
|
-
this._app.get('/authorize', this._middleware.rateLimit(HttpServer.RATE_LIMIT_AUTH_FLOW), (req, res) => this._mcpOauthHandlers.handleAuthorization(req, res));
|
|
85
|
-
this._app.post('/token', this._middleware.rateLimit(HttpServer.RATE_LIMIT_TOKEN), (req, res) => this._mcpOauthHandlers.handleTokenExchange(req, res));
|
|
86
|
-
}
|
|
87
56
|
start(port) {
|
|
88
57
|
return new Promise((resolve, reject) => {
|
|
89
58
|
this._srv = this._app.listen(port, () => {
|
|
@@ -100,15 +69,12 @@ class HttpServer {
|
|
|
100
69
|
this._connections.add(socket);
|
|
101
70
|
socket.once('close', () => this._connections.delete(socket));
|
|
102
71
|
});
|
|
103
|
-
//
|
|
104
|
-
//
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
this.
|
|
108
|
-
|
|
109
|
-
this._sessionContext.evictStaleTokens();
|
|
110
|
-
}, HttpServer.CLEANUP_INTERVAL_MS);
|
|
111
|
-
this._cleanupTimer.unref();
|
|
72
|
+
// Some edges (broker) keep transient state to evict periodically so the maps stay
|
|
73
|
+
// bounded. Unref'd so it never holds the loop open.
|
|
74
|
+
if (this._authEdge?.cleanup) {
|
|
75
|
+
this._cleanupTimer = setInterval(() => this._authEdge.cleanup(), HttpServer.CLEANUP_INTERVAL_MS);
|
|
76
|
+
this._cleanupTimer.unref();
|
|
77
|
+
}
|
|
112
78
|
});
|
|
113
79
|
}
|
|
114
80
|
async stop() {
|
|
@@ -124,7 +90,7 @@ class HttpServer {
|
|
|
124
90
|
}
|
|
125
91
|
if (this._srv) {
|
|
126
92
|
try {
|
|
127
|
-
await this._server.
|
|
93
|
+
await this._server.stopAll();
|
|
128
94
|
await new Promise((resolve) => {
|
|
129
95
|
this._srv.close(() => resolve());
|
|
130
96
|
});
|
|
@@ -153,4 +119,4 @@ class HttpServer {
|
|
|
153
119
|
}
|
|
154
120
|
}
|
|
155
121
|
exports.HttpServer = HttpServer;
|
|
156
|
-
//# sourceMappingURL=
|
|
122
|
+
//# sourceMappingURL=http-server.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-server.js","sourceRoot":"","sources":["../../../src/server/http/http-server.ts"],"names":[],"mappings":";;;;;;AAGA,sDAA8B;AAE9B,oDAA4B;AAC5B,6CAAgD;AAEhD,2CAAuD;AACvD,iDAA6C;AAC7C,6CAA8C;AAK9C,MAAa,UAAU;IACd,MAAM,CAAU,UAAU,GAAG,MAAM,CAAC;IACpC,MAAM,CAAU,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAC3C,OAAO,CAAS;IAChB,IAAI,GAAG,IAAA,iBAAO,GAAE,CAAC;IACjB,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IAC1C,IAAI,CAAe;IACnB,aAAa,CAA6B;IACjC,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,WAAW,GAAG,IAAI,2BAAc,EAAE,CAAC;IACnC,YAAY,CAAc;IAC1B,SAAS,CAAuB;IAEjD,IAAW,GAAG;QACb,OAAO,IAAI,CAAC,IAAI,CAAC;IAClB,CAAC;IAED,YAAY,MAAc,EAAE,MAA4B;QACvD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,YAAY,GAAG,IAAI,0BAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,SAAS,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QAC9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,YAAY,EAAE,CAAC;IACrB,CAAC;IAEO,gBAAgB;QACvB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACpF,0FAA0F;QAC1F,0FAA0F;QAC1F,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC,CAAC;IAChD,CAAC;IAEO,YAAY;QACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IACjF,CAAC;IAEO,kBAAkB;QACzB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QAChF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACtF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1F,CAAC;IAEM,KAAK,CAAC,IAAY;QACxB,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC5C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;gBACvC,aAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACpB,OAAO,EAAE,CAAC;YACX,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC;YAC7E,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC7B,aAAG,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC5D,MAAM,CAAC,GAAG,CAAC,CAAC;YACb,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC,MAAc,EAAE,EAAE;gBAC7C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9D,CAAC,CAAC,CAAC;YACH,kFAAkF;YAClF,oDAAoD;YACpD,IAAI,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,CAAC;gBAC7B,IAAI,CAAC,aAAa,GAAG,WAAW,CAC/B,GAAG,EAAE,CAAC,IAAI,CAAC,SAAU,CAAC,OAAQ,EAAE,EAChC,UAAU,CAAC,mBAAmB,CAC9B,CAAC;gBACF,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YAC5B,CAAC;QACF,CAAC,CAAC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAClC,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;QAChC,CAAC;QACD,IAAI,CAAC;YACJ,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,aAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC;gBACJ,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;oBACnC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;gBAClC,CAAC,CAAC,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;QACF,CAAC;QACD,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC;gBACJ,MAAM,CAAC,OAAO,EAAE,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC;QACvD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAChC,IAAI,CAAC;gBACJ,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAC5B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnF,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAChD,CAAC;IACF,CAAC;;AAhHF,gCAiHC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/http/index.ts"],"names":[],"mappings":"AAAA,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/http/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC"}
|
|
@@ -14,9 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./
|
|
17
|
+
__exportStar(require("./http-server"), exports);
|
|
18
18
|
__exportStar(require("./mcp-handlers"), exports);
|
|
19
19
|
__exportStar(require("./middleware"), exports);
|
|
20
|
-
__exportStar(require("./creatio-oauth-handlers"), exports);
|
|
21
|
-
__exportStar(require("./mcp-oauth-handlers"), exports);
|
|
22
20
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/http/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/http/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,gDAA8B;AAC9B,iDAA+B;AAC/B,+CAA6B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-handlers.d.ts","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,qBAAa,WAAW;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA2B;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,MAAM;IAIb,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"mcp-handlers.d.ts","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,qBAAa,WAAW;IACvB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA2B;IAC3D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,MAAM,EAAE,MAAM;IAIb,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IA4DzD,oBAAoB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;CAuB7E"}
|
|
@@ -41,13 +41,17 @@ class McpHandlers {
|
|
|
41
41
|
}
|
|
42
42
|
},
|
|
43
43
|
});
|
|
44
|
+
// Each session gets its own McpServer (a single McpServer connects to one transport
|
|
45
|
+
// only). Release it when the transport closes so we don't leak servers or register
|
|
46
|
+
// late-probed tools into dead sessions.
|
|
47
|
+
const mcp = this._server.createSessionServer();
|
|
44
48
|
transport.onclose = () => {
|
|
49
|
+
this._server.releaseSessionServer(mcp);
|
|
45
50
|
if (transport?.sessionId) {
|
|
46
51
|
log_1.default.sessionDisconnect(transport.sessionId, String(remoteIp));
|
|
47
52
|
this._sessionContext.deleteSession(transport.sessionId);
|
|
48
53
|
}
|
|
49
54
|
};
|
|
50
|
-
const mcp = await this._server.startMcp();
|
|
51
55
|
await mcp.connect(transport);
|
|
52
56
|
}
|
|
53
57
|
else {
|
|
@@ -60,7 +64,14 @@ class McpHandlers {
|
|
|
60
64
|
}
|
|
61
65
|
const session = this._sessionContext.getSession(sessionId);
|
|
62
66
|
const userKey = bearerUserKey || session?.userKey;
|
|
63
|
-
|
|
67
|
+
const bearerToken = req.bearerToken;
|
|
68
|
+
const baseUrlOverride = req.baseUrlOverride;
|
|
69
|
+
await (0, utils_1.runWithContext)({ userKey, sessionId, bearerToken, baseUrlOverride }, async () => {
|
|
70
|
+
// Kick the one-time capability probe from inside the request context so its Creatio
|
|
71
|
+
// calls carry this caller's identity (broker mode has no user otherwise). Non-blocking.
|
|
72
|
+
this._server.ensureCapabilitiesProbed();
|
|
73
|
+
return transport.handleRequest(req, res, req.body);
|
|
74
|
+
});
|
|
64
75
|
}
|
|
65
76
|
async handleSessionRequest(req, res) {
|
|
66
77
|
const sessionId = req.headers['mcp-session-id'];
|
|
@@ -78,7 +89,9 @@ class McpHandlers {
|
|
|
78
89
|
// caller-supplied ?userKey=/x-user-key, which must not override an authenticated
|
|
79
90
|
// identity (CWE-639).
|
|
80
91
|
const userKey = req.userKey || session?.userKey || (0, utils_1.getUserKeyFromRequest)(req);
|
|
81
|
-
|
|
92
|
+
const bearerToken = req.bearerToken;
|
|
93
|
+
const baseUrlOverride = req.baseUrlOverride;
|
|
94
|
+
await (0, utils_1.runWithContext)({ userKey, sessionId, bearerToken, baseUrlOverride }, async () => transport.handleRequest(req, res));
|
|
82
95
|
}
|
|
83
96
|
}
|
|
84
97
|
exports.McpHandlers = McpHandlers;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-handlers.js","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AAEzC,0FAAmG;AACnG,iEAAyE;AAEzE,oDAA4B;AAC5B,6CAAgD;AAChD,uCAKqB;AAKrB,MAAa,WAAW;IACN,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,OAAO,CAAS;IAEjC,YAAY,MAAc;QACzB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,GAAY,EAAE,GAAa;QACrD,MAAM,SAAS,GAAG,IAAA,+BAAuB,EAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,aAAa,GAAI,GAAW,CAAC,OAAO,CAAC;QAC3C,IAAI,SAAoD,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;QAClC,IAAI,SAAS,IAAI,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAC3D,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;YAC/B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAClC,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;gBACpD,aAAG,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,CAAC;QACF,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC7C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE;oBAC7B,IAAI,SAAS,EAAE,CAAC;wBACf,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CACjD,GAAG,EACH,aAAa,EACb,QAAQ,CACR,CAAC;wBACF,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;wBACzD,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;wBAC9C,aAAG,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC3C,CAAC;gBACF,CAAC;aACD,CAAC,CAAC;YACH,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACxB,IAAI,SAAS,EAAE,SAAS,EAAE,CAAC;oBAC1B,aAAG,CAAC,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC7D,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;gBACzD,CAAC;YACF,CAAC,CAAC;YACF,MAAM,GAAG,
|
|
1
|
+
{"version":3,"file":"mcp-handlers.js","sourceRoot":"","sources":["../../../src/server/http/mcp-handlers.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AAEzC,0FAAmG;AACnG,iEAAyE;AAEzE,oDAA4B;AAC5B,6CAAgD;AAChD,uCAKqB;AAKrB,MAAa,WAAW;IACN,eAAe,GAAG,yBAAc,CAAC,QAAQ,CAAC;IAC1C,OAAO,CAAS;IAEjC,YAAY,MAAc;QACzB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,GAAY,EAAE,GAAa;QACrD,MAAM,SAAS,GAAG,IAAA,+BAAuB,EAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,aAAa,GAAI,GAAW,CAAC,OAAO,CAAC;QAC3C,IAAI,SAAoD,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;QAClC,IAAI,SAAS,IAAI,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAC3D,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;YAC/B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAClC,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;gBACpD,aAAG,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,CAAC;QACF,CAAC;aAAM,IAAI,CAAC,SAAS,IAAI,IAAA,8BAAmB,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS,GAAG,IAAI,iDAA6B,CAAC;gBAC7C,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;gBACtC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE;oBAC7B,IAAI,SAAS,EAAE,CAAC;wBACf,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,aAAa,CACjD,GAAG,EACH,aAAa,EACb,QAAQ,CACR,CAAC;wBACF,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;wBACzD,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;wBAC9C,aAAG,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC3C,CAAC;gBACF,CAAC;aACD,CAAC,CAAC;YACH,oFAAoF;YACpF,mFAAmF;YACnF,wCAAwC;YACxC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;YAC/C,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACxB,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;gBACvC,IAAI,SAAS,EAAE,SAAS,EAAE,CAAC;oBAC1B,aAAG,CAAC,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC7D,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;gBACzD,CAAC;YACF,CAAC,CAAC;YACF,MAAM,GAAG,CAAC,OAAO,CAAC,SAAgB,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,2CAA2C,EAAE;gBAC7E,EAAE,EAAE,IAAI;aACR,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,aAAa,IAAI,OAAO,EAAE,OAAO,CAAC;QAClD,MAAM,WAAW,GAAI,GAAW,CAAC,WAAiC,CAAC;QACnE,MAAM,eAAe,GAAI,GAAW,CAAC,eAAqC,CAAC;QAC3E,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,EAAE,KAAK,IAAI,EAAE;YACrF,oFAAoF;YACpF,wFAAwF;YACxF,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACxC,OAAO,SAAU,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAAC,GAAY,EAAE,GAAa;QAC5D,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YACtD,OAAO;QACR,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC;QACrC,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YACjD,OAAO;QACR,CAAC;QACD,8EAA8E;QAC9E,iFAAiF;QACjF,sBAAsB;QACtB,MAAM,OAAO,GACX,GAAW,CAAC,OAAO,IAAI,OAAO,EAAE,OAAO,IAAI,IAAA,6BAAqB,EAAC,GAAU,CAAC,CAAC;QAC/E,MAAM,WAAW,GAAI,GAAW,CAAC,WAAiC,CAAC;QACnE,MAAM,eAAe,GAAI,GAAW,CAAC,eAAqC,CAAC;QAC3E,MAAM,IAAA,sBAAc,EAAC,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,EAAE,KAAK,IAAI,EAAE,CACrF,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CACjC,CAAC;IACH,CAAC;CACD;AA3FD,kCA2FC"}
|
|
@@ -1,16 +1,15 @@
|
|
|
1
1
|
import type { RateLimitOptions } from './rate-limiter';
|
|
2
|
-
import type { OAuthServer } from '../oauth';
|
|
3
2
|
import type { NextFunction, Request, Response } from 'express';
|
|
3
|
+
/** Redact sensitive query-string values from a URL before it is logged, preserving the path + the
|
|
4
|
+
* non-sensitive params (which are useful for debugging). Robust to relative URLs. */
|
|
5
|
+
export declare function redactUrl(url: string): string;
|
|
4
6
|
export declare class HttpMiddleware {
|
|
5
|
-
private readonly _oauthServer;
|
|
6
|
-
constructor(oauthServer: OAuthServer);
|
|
7
7
|
/**
|
|
8
8
|
* Per-route fixed-window rate limit, keyed by the real connection IP (req.ip /
|
|
9
9
|
* socket address) rather than the spoofable X-Forwarded-For header, so an
|
|
10
10
|
* attacker cannot bypass the limit by rotating that header.
|
|
11
11
|
*/
|
|
12
12
|
rateLimit(options: RateLimitOptions): (req: Request, res: Response, next: NextFunction) => void;
|
|
13
|
-
bearerAuth(): (req: Request, res: Response, next: NextFunction) => void;
|
|
14
13
|
errorHandler(): (error: Error, req: Request, res: Response, next: NextFunction) => void;
|
|
15
14
|
correlationId(): (req: Request, res: Response, next: NextFunction) => void;
|
|
16
15
|
requestLogging(): (req: Request, res: Response, next: NextFunction) => void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/server/http/middleware.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/server/http/middleware.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAe/D;sFACsF;AACtF,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAc7C;AAED,qBAAa,cAAc;IAC1B;;;;OAIG;IACI,SAAS,CAAC,OAAO,EAAE,gBAAgB,IAEjC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAgBjD,YAAY,KACV,OAAO,KAAK,EAAE,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAiB/D,aAAa,KACX,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;IAYjD,cAAc,KACZ,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;CAyBxD"}
|