npm - mcp-proxy - Versions diffs - 5.11.1 → 5.12.0 - Mend

mcp-proxy 5.11.1 → 5.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/bin/mcp-proxy.js +1 -1
package/dist/index.d.ts +5 -0
package/dist/index.js +1 -1
package/dist/{stdio-DLSsHME0.js → stdio-CfAxSAGj.js} +51 -5
package/dist/stdio-CfAxSAGj.js.map +1 -0
package/jsr.json +1 -1
package/package.json +1 -1
package/src/authentication.test.ts +195 -0
package/src/authentication.ts +45 -0
package/src/startHTTPServer.ts +42 -3
package/dist/stdio-DLSsHME0.js.map +0 -1

package/dist/bin/mcp-proxy.js CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-DLSsHME0.js";
+import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-CfAxSAGj.js";
 import { createRequire } from "node:module";
 import { basename, dirname, extname, join, normalize, relative, resolve } from "path";
 import { format, inspect } from "util";

package/dist/index.d.ts CHANGED Viewed

@@ -24,6 +24,11 @@ interface AuthConfig {
 declare class AuthenticationMiddleware {
   private config;
   constructor(config?: AuthConfig);
+  getScopeChallengeResponse(requiredScopes: string[], errorDescription?: string, requestId?: unknown): {
+    body: string;
+    headers: Record<string, string>;
+    statusCode: number;
+  };
   getUnauthorizedResponse(options?: {
     error?: string;
     error_description?: string;

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-DLSsHME0.js";
+import { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-CfAxSAGj.js";
 import process from "node:process";
 //#region node_modules/.pnpm/eventsource-parser@3.0.6/node_modules/eventsource-parser/dist/index.js

package/dist/{stdio-DLSsHME0.js → stdio-CfAxSAGj.js} RENAMED Viewed

@@ -35,6 +35,38 @@ var AuthenticationMiddleware = class {
 	constructor(config = {}) {
 		this.config = config;
 	}
+	getScopeChallengeResponse(requiredScopes, errorDescription, requestId) {
+		const headers = { "Content-Type": "application/json" };
+		if (this.config.oauth?.protectedResource?.resource) {
+			const parts = [
+				"Bearer",
+				"error=\"insufficient_scope\"",
+				`scope="${requiredScopes.join(" ")}"`,
+				`resource_metadata="${this.config.oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`
+			];
+			if (errorDescription) {
+				const escaped = errorDescription.replace(/"/g, "\\\"");
+				parts.push(`error_description="${escaped}"`);
+			}
+			headers["WWW-Authenticate"] = parts.join(", ");
+		}
+		return {
+			body: JSON.stringify({
+				error: {
+					code: -32001,
+					data: {
+						error: "insufficient_scope",
+						required_scopes: requiredScopes
+					},
+					message: errorDescription || "Insufficient scope"
+				},
+				id: requestId ?? null,
+				jsonrpc: "2.0"
+			}),
+			headers,
+			statusCode: 403
+		};
+	}
 	getUnauthorizedResponse(options) {
 		const headers = { "Content-Type": "application/json" };
 		if (this.config.oauth) {
@@ -15070,6 +15102,9 @@ const getWWWAuthenticateHeader = (oauth, options) => {
 	if (params.length === 0) return;
 	return `Bearer ${params.join(", ")}`;
 };
+const isScopeChallengeError = (error) => {
+	return typeof error === "object" && error !== null && "name" in error && error.name === "InsufficientScopeError" && "data" in error && typeof error.data === "object" && error.data !== null && "error" in error.data && error.data.error === "insufficient_scope";
+};
 const handleResponseError = async (error, res) => {
 	if (error && typeof error === "object" && "status" in error && "headers" in error && "statusText" in error || error instanceof Response) {
 		const responseError = error;
@@ -15135,13 +15170,14 @@ const applyCorsHeaders = (req, res, corsOptions) => {
 		console.error("[mcp-proxy] error parsing origin", error);
 	}
 };
-const handleStreamRequest = async ({ activeTransports, authenticate, createServer, enableJsonResponse, endpoint, eventStore, oauth, onClose, onConnect, req, res, stateless }) => {
+const handleStreamRequest = async ({ activeTransports, authenticate, authMiddleware, createServer, enableJsonResponse, endpoint, eventStore, oauth, onClose, onConnect, req, res, stateless }) => {
 	if (req.method === "POST" && new URL(req.url, "http://localhost").pathname === endpoint) {
+		let body;
 		try {
 			const sessionId = Array.isArray(req.headers["mcp-session-id"]) ? req.headers["mcp-session-id"][0] : req.headers["mcp-session-id"];
 			let transport;
 			let server;
-			const body = await getBody(req);
+			body = await getBody(req);
 			if (stateless && authenticate) try {
 				const authResult = await authenticate(req);
 				if (!authResult || typeof authResult === "object" && "authenticated" in authResult && !authResult.authenticated) {
@@ -15286,6 +15322,12 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 			await transport.handleRequest(req, res, body);
 			return true;
 		} catch (error) {
+			if (isScopeChallengeError(error)) {
+				const response = authMiddleware.getScopeChallengeResponse(error.data.requiredScopes, error.data.errorDescription, body?.id);
+				res.writeHead(response.statusCode, response.headers);
+				res.end(response.body);
+				return true;
+			}
 			console.error("[mcp-proxy] error handling request", error);
 			res.setHeader("Content-Type", "application/json");
 			res.writeHead(500).end(createJsonRpcErrorResponse(-32603, "Internal Server Error"));
@@ -15358,8 +15400,11 @@ const handleSSERequest = async ({ activeTransports, createServer, endpoint, onCl
 			await server.connect(transport);
 			await transport.send({
 				jsonrpc: "2.0",
-				method: "sse/connection",
-				params: { message: "SSE Connection established" }
+				method: "notifications/message",
+				params: {
+					data: "SSE Connection established",
+					level: "info"
+				}
 			});
 			if (onConnect) await onConnect(server);
 		} catch (error) {
@@ -15425,6 +15470,7 @@ const startHTTPServer = async ({ apiKey, authenticate, cors, createServer, enabl
 		if (streamEndpoint && await handleStreamRequest({
 			activeTransports: activeStreamTransports,
 			authenticate,
+			authMiddleware,
 			createServer,
 			enableJsonResponse,
 			endpoint: streamEndpoint,
@@ -21645,4 +21691,4 @@ function serializeMessage(message) {
 //#endregion
 export { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, __commonJS, __toESM, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType };
-//# sourceMappingURL=stdio-DLSsHME0.js.map
+//# sourceMappingURL=stdio-CfAxSAGj.js.map