mcp-proxy 5.10.0 → 5.11.0

package/dist/bin/mcp-proxy.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-DF5lH8jj.js";
+import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-BEX6di72.js";
 import { createRequire } from "node:module";
 import { basename, dirname, extname, join, normalize, relative, resolve } from "path";
 import { format, inspect } from "util";

package/dist/index.d.ts

@@ -11,15 +11,25 @@ import { Transport } from "@modelcontextprotocol/sdk/shared/transport.js";
 interface AuthConfig {
   apiKey?: string;
   oauth?: {
+    error?: string;
+    error_description?: string;
+    error_uri?: string;
     protectedResource?: {
       resource?: string;
     };
+    realm?: string;
+    scope?: string;
   };
 }
 declare class AuthenticationMiddleware {
   private config;
   constructor(config?: AuthConfig);
-  getUnauthorizedResponse(): {
+  getUnauthorizedResponse(options?: {
+    error?: string;
+    error_description?: string;
+    error_uri?: string;
+    scope?: string;
+  }): {
     body: string;
     headers: Record<string, string>;
   };

package/dist/index.js

@@ -1,4 +1,4 @@
-import { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-DF5lH8jj.js";
+import { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-BEX6di72.js";
 import process from "node:process";
 
 //#region node_modules/.pnpm/eventsource-parser@3.0.6/node_modules/eventsource-parser/dist/index.js

package/dist/{stdio-DF5lH8jj.js → stdio-BEX6di72.js}

@@ -35,14 +35,27 @@ var AuthenticationMiddleware = class {
 	constructor(config = {}) {
 		this.config = config;
 	}
-	getUnauthorizedResponse() {
+	getUnauthorizedResponse(options) {
 		const headers = { "Content-Type": "application/json" };
-		if (this.config.oauth?.protectedResource?.resource) headers["WWW-Authenticate"] = `Bearer resource_metadata="${this.config.oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`;
+		if (this.config.oauth) {
+			const params = [];
+			if (this.config.oauth.realm) params.push(`realm="${this.config.oauth.realm}"`);
+			if (this.config.oauth.protectedResource?.resource) params.push(`resource_metadata="${this.config.oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`);
+			const error = options?.error || this.config.oauth.error || "invalid_token";
+			params.push(`error="${error}"`);
+			const escaped = (options?.error_description || this.config.oauth.error_description || "Unauthorized: Invalid or missing API key").replace(/"/g, "\\\"");
+			params.push(`error_description="${escaped}"`);
+			const error_uri = options?.error_uri || this.config.oauth.error_uri;
+			if (error_uri) params.push(`error_uri="${error_uri}"`);
+			const scope = options?.scope || this.config.oauth.scope;
+			if (scope) params.push(`scope="${scope}"`);
+			if (params.length > 0) headers["WWW-Authenticate"] = `Bearer ${params.join(", ")}`;
+		}
 		return {
 			body: JSON.stringify({
 				error: {
 					code: 401,
-					message: "Unauthorized: Invalid or missing API key"
+					message: options?.error_description || "Unauthorized: Invalid or missing API key"
 				},
 				id: null,
 				jsonrpc: "2.0"
@@ -15026,19 +15039,37 @@ const createJsonRpcErrorResponse = (code, message) => {
 		jsonrpc: "2.0"
 	});
 };
-const getWWWAuthenticateHeader = (oauth) => {
-	if (!oauth?.protectedResource?.resource) return;
-	return `Bearer resource_metadata="${oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`;
+const getWWWAuthenticateHeader = (oauth, options) => {
+	if (!oauth) return;
+	const params = [];
+	if (oauth.realm) params.push(`realm="${oauth.realm}"`);
+	if (oauth.protectedResource?.resource) params.push(`resource_metadata="${oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`);
+	const error = options?.error || oauth.error;
+	if (error) params.push(`error="${error}"`);
+	const error_description = options?.error_description || oauth.error_description;
+	if (error_description) {
+		const escaped = error_description.replace(/"/g, "\\\"");
+		params.push(`error_description="${escaped}"`);
+	}
+	const error_uri = options?.error_uri || oauth.error_uri;
+	if (error_uri) params.push(`error_uri="${error_uri}"`);
+	const scope = options?.scope || oauth.scope;
+	if (scope) params.push(`scope="${scope}"`);
+	if (params.length === 0) return;
+	return `Bearer ${params.join(", ")}`;
 };
-const handleResponseError = (error, res) => {
-	if (error instanceof Response) {
+const handleResponseError = async (error, res) => {
+	if (error && typeof error === "object" && "status" in error && "headers" in error && "statusText" in error || error instanceof Response) {
+		const responseError = error;
 		const fixedHeaders = {};
-		error.headers.forEach((value, key$1) => {
+		responseError.headers.forEach((value, key$1) => {
 			if (fixedHeaders[key$1]) if (Array.isArray(fixedHeaders[key$1])) fixedHeaders[key$1].push(value);
 			else fixedHeaders[key$1] = [fixedHeaders[key$1], value];
 			else fixedHeaders[key$1] = value;
 		});
-		res.writeHead(error.status, error.statusText, fixedHeaders).end(error.statusText);
+		const body = await responseError.text();
+		res.writeHead(responseError.status, responseError.statusText, fixedHeaders);
+		res.end(body);
 		return true;
 	}
 	return false;
@@ -15104,7 +15135,10 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 				if (!authResult || typeof authResult === "object" && "authenticated" in authResult && !authResult.authenticated) {
 					const errorMessage = authResult && typeof authResult === "object" && "error" in authResult && typeof authResult.error === "string" ? authResult.error : "Unauthorized: Authentication failed";
 					res.setHeader("Content-Type", "application/json");
-					const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+					const wwwAuthHeader = getWWWAuthenticateHeader(oauth, {
+						error: "invalid_token",
+						error_description: errorMessage
+					});
 					if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 					res.writeHead(401).end(JSON.stringify({
 						error: {
@@ -15117,10 +15151,14 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 					return true;
 				}
 			} catch (error) {
+				if (await handleResponseError(error, res)) return true;
 				const errorMessage = error instanceof Error ? error.message : "Unauthorized: Authentication error";
 				console.error("Authentication error:", error);
 				res.setHeader("Content-Type", "application/json");
-				const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+				const wwwAuthHeader = getWWWAuthenticateHeader(oauth, {
+					error: "invalid_token",
+					error_description: errorMessage
+				});
 				if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 				res.writeHead(401).end(JSON.stringify({
 					error: {
@@ -15166,10 +15204,14 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 				try {
 					server = await createServer(req);
 				} catch (error) {
+					if (await handleResponseError(error, res)) return true;
 					const errorMessage = error instanceof Error ? error.message : String(error);
 					if (errorMessage.includes("Authentication") || errorMessage.includes("Invalid JWT") || errorMessage.includes("Token") || errorMessage.includes("Unauthorized")) {
 						res.setHeader("Content-Type", "application/json");
-						const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+						const wwwAuthHeader = getWWWAuthenticateHeader(oauth, {
+							error: "invalid_token",
+							error_description: errorMessage
+						});
 						if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 						res.writeHead(401).end(JSON.stringify({
 							error: {
@@ -15181,7 +15223,6 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 						}));
 						return true;
 					}
-					if (handleResponseError(error, res)) return true;
 					res.writeHead(500).end("Error creating server");
 					return true;
 				}
@@ -15199,10 +15240,14 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 				try {
 					server = await createServer(req);
 				} catch (error) {
+					if (await handleResponseError(error, res)) return true;
 					const errorMessage = error instanceof Error ? error.message : String(error);
 					if (errorMessage.includes("Authentication") || errorMessage.includes("Invalid JWT") || errorMessage.includes("Token") || errorMessage.includes("Unauthorized")) {
 						res.setHeader("Content-Type", "application/json");
-						const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+						const wwwAuthHeader = getWWWAuthenticateHeader(oauth, {
+							error: "invalid_token",
+							error_description: errorMessage
+						});
 						if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 						res.writeHead(401).end(JSON.stringify({
 							error: {
@@ -15214,7 +15259,6 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 						}));
 						return true;
 					}
-					if (handleResponseError(error, res)) return true;
 					res.writeHead(500).end("Error creating server");
 					return true;
 				}
@@ -15284,7 +15328,7 @@ const handleSSERequest = async ({ activeTransports, createServer, endpoint, onCl
 		try {
 			server = await createServer(req);
 		} catch (error) {
-			if (handleResponseError(error, res)) return true;
+			if (await handleResponseError(error, res)) return true;
 			res.writeHead(500).end("Error creating server");
 			return true;
 		}
@@ -21589,4 +21633,4 @@ function serializeMessage(message) {
 
 //#endregion
 export { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, __commonJS, __toESM, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType };
-//# sourceMappingURL=stdio-DF5lH8jj.js.map
+//# sourceMappingURL=stdio-BEX6di72.js.map