mcp-proxy 5.7.0 → 5.8.1

package/dist/bin/mcp-proxy.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-AohZZTMh.js";
+import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-9KZaSDCW.js";
 import { createRequire } from "node:module";
 import { basename, dirname, extname, join, normalize, relative, resolve } from "path";
 import { format, inspect } from "util";

package/dist/index.d.ts

@@ -63,6 +63,7 @@ type ServerLike = {
 };
 declare const startHTTPServer: <T extends ServerLike>({
   apiKey,
+  authenticate,
   createServer,
   enableJsonResponse,
   eventStore,
@@ -76,6 +77,7 @@ declare const startHTTPServer: <T extends ServerLike>({
   streamEndpoint
 }: {
   apiKey?: string;
+  authenticate?: (request: http.IncomingMessage) => Promise<unknown>;
   createServer: (request: http.IncomingMessage) => Promise<T>;
   enableJsonResponse?: boolean;
   eventStore?: EventStore;

package/dist/index.js

@@ -1,4 +1,4 @@
-import { Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-AohZZTMh.js";
+import { Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-9KZaSDCW.js";
 import process from "node:process";
 
 //#region node_modules/.pnpm/eventsource-parser@3.0.6/node_modules/eventsource-parser/dist/index.js

package/dist/{stdio-AohZZTMh.js → stdio-9KZaSDCW.js}

@@ -15045,13 +15045,42 @@ const cleanupServer = async (server, onClose) => {
 		console.error("[mcp-proxy] error closing server", error);
 	}
 };
-const handleStreamRequest = async ({ activeTransports, createServer, enableJsonResponse, endpoint, eventStore, onClose, onConnect, req, res, stateless }) => {
+const handleStreamRequest = async ({ activeTransports, authenticate, createServer, enableJsonResponse, endpoint, eventStore, onClose, onConnect, req, res, stateless }) => {
 	if (req.method === "POST" && new URL(req.url, "http://localhost").pathname === endpoint) {
 		try {
 			const sessionId = Array.isArray(req.headers["mcp-session-id"]) ? req.headers["mcp-session-id"][0] : req.headers["mcp-session-id"];
 			let transport;
 			let server;
 			const body = await getBody(req);
+			if (stateless && authenticate) try {
+				const authResult = await authenticate(req);
+				if (!authResult || typeof authResult === "object" && "authenticated" in authResult && !authResult.authenticated) {
+					const errorMessage = authResult && typeof authResult === "object" && "error" in authResult && typeof authResult.error === "string" ? authResult.error : "Unauthorized: Authentication failed";
+					res.setHeader("Content-Type", "application/json");
+					res.writeHead(401).end(JSON.stringify({
+						error: {
+							code: -32e3,
+							message: errorMessage
+						},
+						id: body?.id ?? null,
+						jsonrpc: "2.0"
+					}));
+					return true;
+				}
+			} catch (error) {
+				const errorMessage = error instanceof Error ? error.message : "Unauthorized: Authentication error";
+				console.error("Authentication error:", error);
+				res.setHeader("Content-Type", "application/json");
+				res.writeHead(401).end(JSON.stringify({
+					error: {
+						code: -32e3,
+						message: errorMessage
+					},
+					id: body?.id ?? null,
+					jsonrpc: "2.0"
+				}));
+				return true;
+			}
 			if (sessionId) {
 				const activeTransport = activeTransports[sessionId];
 				if (!activeTransport) {
@@ -15086,6 +15115,19 @@ const handleStreamRequest = async ({ activeTransports, createServer, enableJsonR
 				try {
 					server = await createServer(req);
 				} catch (error) {
+					const errorMessage = error instanceof Error ? error.message : String(error);
+					if (errorMessage.includes("Authentication") || errorMessage.includes("Invalid JWT") || errorMessage.includes("Token") || errorMessage.includes("Unauthorized")) {
+						res.setHeader("Content-Type", "application/json");
+						res.writeHead(401).end(JSON.stringify({
+							error: {
+								code: -32e3,
+								message: errorMessage
+							},
+							id: body?.id ?? null,
+							jsonrpc: "2.0"
+						}));
+						return true;
+					}
 					if (handleResponseError(error, res)) return true;
 					res.writeHead(500).end("Error creating server");
 					return true;
@@ -15104,6 +15146,19 @@ const handleStreamRequest = async ({ activeTransports, createServer, enableJsonR
 				try {
 					server = await createServer(req);
 				} catch (error) {
+					const errorMessage = error instanceof Error ? error.message : String(error);
+					if (errorMessage.includes("Authentication") || errorMessage.includes("Invalid JWT") || errorMessage.includes("Token") || errorMessage.includes("Unauthorized")) {
+						res.setHeader("Content-Type", "application/json");
+						res.writeHead(401).end(JSON.stringify({
+							error: {
+								code: -32e3,
+								message: errorMessage
+							},
+							id: body?.id ?? null,
+							jsonrpc: "2.0"
+						}));
+						return true;
+					}
 					if (handleResponseError(error, res)) return true;
 					res.writeHead(500).end("Error creating server");
 					return true;
@@ -15220,7 +15275,7 @@ const handleSSERequest = async ({ activeTransports, createServer, endpoint, onCl
 	}
 	return false;
 };
-const startHTTPServer = async ({ apiKey, createServer, enableJsonResponse, eventStore, host = "::", onClose, onConnect, onUnhandledRequest, port, sseEndpoint = "/sse", stateless, streamEndpoint = "/mcp" }) => {
+const startHTTPServer = async ({ apiKey, authenticate, createServer, enableJsonResponse, eventStore, host = "::", onClose, onConnect, onUnhandledRequest, port, sseEndpoint = "/sse", stateless, streamEndpoint = "/mcp" }) => {
 	const activeSSETransports = {};
 	const activeStreamTransports = {};
 	const authMiddleware = new AuthenticationMiddleware({ apiKey });
@@ -15233,8 +15288,8 @@ const startHTTPServer = async ({ apiKey, createServer, enableJsonResponse, event
 			res.setHeader("Access-Control-Allow-Origin", origin.origin);
 			res.setHeader("Access-Control-Allow-Credentials", "true");
 			res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-			res.setHeader("Access-Control-Allow-Headers", "*");
-			res.setHeader("Access-Control-Expose-Headers", "mcp-session-id");
+			res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept, Mcp-Session-Id, Last-Event-Id");
+			res.setHeader("Access-Control-Expose-Headers", "Mcp-Session-Id");
 		} catch (error) {
 			console.error("[mcp-proxy] error parsing origin", error);
 		}
@@ -15264,6 +15319,7 @@ const startHTTPServer = async ({ apiKey, createServer, enableJsonResponse, event
 		})) return;
 		if (streamEndpoint && await handleStreamRequest({
 			activeTransports: activeStreamTransports,
+			authenticate,
 			createServer,
 			enableJsonResponse,
 			endpoint: streamEndpoint,
@@ -21483,4 +21539,4 @@ function serializeMessage(message) {
 
 //#endregion
 export { Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, __commonJS, __toESM, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType };
-//# sourceMappingURL=stdio-AohZZTMh.js.map
+//# sourceMappingURL=stdio-9KZaSDCW.js.map