mcp-proxy 5.11.2 → 5.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/bin/mcp-proxy.js +1 -1
  2. package/dist/index.d.ts +5 -0
  3. package/dist/index.js +1 -1
  4. package/dist/{stdio-DQCs94rj.js → stdio-CfAxSAGj.js} +46 -3
  5. package/dist/stdio-CfAxSAGj.js.map +1 -0
  6. package/jsr.json +1 -1
  7. package/package.json +1 -1
  8. package/src/authentication.test.ts +195 -0
  9. package/src/authentication.ts +45 -0
  10. package/src/startHTTPServer.ts +40 -1
  11. package/dist/stdio-DQCs94rj.js.map +0 -1
package/dist/bin/mcp-proxy.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-DQCs94rj.js";
2
+ import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-CfAxSAGj.js";
3
3
  import { createRequire } from "node:module";
4
4
  import { basename, dirname, extname, join, normalize, relative, resolve } from "path";
5
5
  import { format, inspect } from "util";
package/dist/index.d.ts CHANGED
@@ -24,6 +24,11 @@ interface AuthConfig {
24
24
  declare class AuthenticationMiddleware {
25
25
  private config;
26
26
  constructor(config?: AuthConfig);
27
+ getScopeChallengeResponse(requiredScopes: string[], errorDescription?: string, requestId?: unknown): {
28
+ body: string;
29
+ headers: Record<string, string>;
30
+ statusCode: number;
31
+ };
27
32
  getUnauthorizedResponse(options?: {
28
33
  error?: string;
29
34
  error_description?: string;
package/dist/index.js CHANGED
@@ -1,4 +1,4 @@
1
- import { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-DQCs94rj.js";
1
+ import { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-CfAxSAGj.js";
2
2
  import process from "node:process";
3
3
 
4
4
  //#region node_modules/.pnpm/eventsource-parser@3.0.6/node_modules/eventsource-parser/dist/index.js
package/dist/{stdio-DQCs94rj.js → stdio-CfAxSAGj.js} RENAMED
@@ -35,6 +35,38 @@ var AuthenticationMiddleware = class {
35
35
  constructor(config = {}) {
36
36
  this.config = config;
37
37
  }
38
+ getScopeChallengeResponse(requiredScopes, errorDescription, requestId) {
39
+ const headers = { "Content-Type": "application/json" };
40
+ if (this.config.oauth?.protectedResource?.resource) {
41
+ const parts = [
42
+ "Bearer",
43
+ "error=\"insufficient_scope\"",
44
+ `scope="${requiredScopes.join(" ")}"`,
45
+ `resource_metadata="${this.config.oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`
46
+ ];
47
+ if (errorDescription) {
48
+ const escaped = errorDescription.replace(/"/g, "\\\"");
49
+ parts.push(`error_description="${escaped}"`);
50
+ }
51
+ headers["WWW-Authenticate"] = parts.join(", ");
52
+ }
53
+ return {
54
+ body: JSON.stringify({
55
+ error: {
56
+ code: -32001,
57
+ data: {
58
+ error: "insufficient_scope",
59
+ required_scopes: requiredScopes
60
+ },
61
+ message: errorDescription || "Insufficient scope"
62
+ },
63
+ id: requestId ?? null,
64
+ jsonrpc: "2.0"
65
+ }),
66
+ headers,
67
+ statusCode: 403
68
+ };
69
+ }
38
70
  getUnauthorizedResponse(options) {
39
71
  const headers = { "Content-Type": "application/json" };
40
72
  if (this.config.oauth) {
@@ -15070,6 +15102,9 @@ const getWWWAuthenticateHeader = (oauth, options) => {
15070
15102
  if (params.length === 0) return;
15071
15103
  return `Bearer ${params.join(", ")}`;
15072
15104
  };
15105
+ const isScopeChallengeError = (error) => {
15106
+ return typeof error === "object" && error !== null && "name" in error && error.name === "InsufficientScopeError" && "data" in error && typeof error.data === "object" && error.data !== null && "error" in error.data && error.data.error === "insufficient_scope";
15107
+ };
15073
15108
  const handleResponseError = async (error, res) => {
15074
15109
  if (error && typeof error === "object" && "status" in error && "headers" in error && "statusText" in error || error instanceof Response) {
15075
15110
  const responseError = error;
@@ -15135,13 +15170,14 @@ const applyCorsHeaders = (req, res, corsOptions) => {
15135
15170
  console.error("[mcp-proxy] error parsing origin", error);
15136
15171
  }
15137
15172
  };
15138
- const handleStreamRequest = async ({ activeTransports, authenticate, createServer, enableJsonResponse, endpoint, eventStore, oauth, onClose, onConnect, req, res, stateless }) => {
15173
+ const handleStreamRequest = async ({ activeTransports, authenticate, authMiddleware, createServer, enableJsonResponse, endpoint, eventStore, oauth, onClose, onConnect, req, res, stateless }) => {
15139
15174
  if (req.method === "POST" && new URL(req.url, "http://localhost").pathname === endpoint) {
15175
+ let body;
15140
15176
  try {
15141
15177
  const sessionId = Array.isArray(req.headers["mcp-session-id"]) ? req.headers["mcp-session-id"][0] : req.headers["mcp-session-id"];
15142
15178
  let transport;
15143
15179
  let server;
15144
- const body = await getBody(req);
15180
+ body = await getBody(req);
15145
15181
  if (stateless && authenticate) try {
15146
15182
  const authResult = await authenticate(req);
15147
15183
  if (!authResult || typeof authResult === "object" && "authenticated" in authResult && !authResult.authenticated) {
@@ -15286,6 +15322,12 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
15286
15322
  await transport.handleRequest(req, res, body);
15287
15323
  return true;
15288
15324
  } catch (error) {
15325
+ if (isScopeChallengeError(error)) {
15326
+ const response = authMiddleware.getScopeChallengeResponse(error.data.requiredScopes, error.data.errorDescription, body?.id);
15327
+ res.writeHead(response.statusCode, response.headers);
15328
+ res.end(response.body);
15329
+ return true;
15330
+ }
15289
15331
  console.error("[mcp-proxy] error handling request", error);
15290
15332
  res.setHeader("Content-Type", "application/json");
15291
15333
  res.writeHead(500).end(createJsonRpcErrorResponse(-32603, "Internal Server Error"));
@@ -15428,6 +15470,7 @@ const startHTTPServer = async ({ apiKey, authenticate, cors, createServer, enabl
15428
15470
  if (streamEndpoint && await handleStreamRequest({
15429
15471
  activeTransports: activeStreamTransports,
15430
15472
  authenticate,
15473
+ authMiddleware,
15431
15474
  createServer,
15432
15475
  enableJsonResponse,
15433
15476
  endpoint: streamEndpoint,
@@ -21648,4 +21691,4 @@ function serializeMessage(message) {
21648
21691
 
21649
21692
  //#endregion
21650
21693
  export { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, __commonJS, __toESM, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType };
21651
- //# sourceMappingURL=stdio-DQCs94rj.js.map
21694
+ //# sourceMappingURL=stdio-CfAxSAGj.js.map