npm - mcp-proxy - Versions diffs - 5.8.0 → 5.9.0 - Mend

mcp-proxy 5.8.0 → 5.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/bin/mcp-proxy.js +1 -1
package/dist/index.d.ts +23 -3
package/dist/index.js +2 -2
package/dist/{stdio-so1-I7Pn.js → stdio-CsjPjeWC.js} +82 -35
package/dist/stdio-CsjPjeWC.js.map +1 -0
package/jsr.json +1 -1
package/package.json +1 -1
package/src/authentication.test.ts +77 -2
package/src/authentication.ts +16 -4
package/src/index.ts +2 -0
package/src/startHTTPServer.test.ts +494 -0
package/src/startHTTPServer.ts +99 -5
package/dist/stdio-so1-I7Pn.js.map +0 -1

package/dist/bin/mcp-proxy.js CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-so1-I7Pn.js";
+import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-CsjPjeWC.js";
 import { createRequire } from "node:module";
 import { basename, dirname, extname, join, normalize, relative, resolve } from "path";
 import { format, inspect } from "util";

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import http from "http";
+import http, { IncomingMessage } from "http";
 import { EventStore } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { JSONRPCMessage, ServerCapabilities } from "@modelcontextprotocol/sdk/types.js";
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
@@ -7,8 +7,26 @@ import { SSEClientTransportOptions } from "@modelcontextprotocol/sdk/client/sse.
 import { StreamableHTTPClientTransportOptions } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 import { Transport } from "@modelcontextprotocol/sdk/shared/transport.js";
+//#region src/authentication.d.ts
+interface AuthConfig {
+  apiKey?: string;
+  oauth?: {
+    protectedResource?: {
+      resource?: string;
+    };
+  };
+}
+declare class AuthenticationMiddleware {
+  private config;
+  constructor(config?: AuthConfig);
+  getUnauthorizedResponse(): {
+    body: string;
+    headers: Record<string, string>;
+  };
+  validateRequest(req: IncomingMessage): boolean;
+}
+//#endregion
 //#region src/InMemoryEventStore.d.ts
 /**
  * Simple in-memory implementation of the EventStore interface for resumability
  * This is primarily intended for examples and testing, not for production use
@@ -68,6 +86,7 @@ declare const startHTTPServer: <T extends ServerLike>({
   enableJsonResponse,
   eventStore,
   host,
+  oauth,
   onClose,
   onConnect,
   onUnhandledRequest,
@@ -82,6 +101,7 @@ declare const startHTTPServer: <T extends ServerLike>({
   enableJsonResponse?: boolean;
   eventStore?: EventStore;
   host?: string;
+  oauth?: AuthConfig["oauth"];
   onClose?: (server: T) => Promise<void>;
   onConnect?: (server: T) => Promise<void>;
   onUnhandledRequest?: (req: http.IncomingMessage, res: http.ServerResponse) => Promise<void>;
@@ -129,5 +149,5 @@ type TransportEvent = {
 };
 declare const tapTransport: (transport: Transport, eventHandler: (event: TransportEvent) => void) => Transport;
 //#endregion
-export { InMemoryEventStore, ServerType, proxyServer, startHTTPServer, startStdioServer, tapTransport };
+export { type AuthConfig, AuthenticationMiddleware, InMemoryEventStore, ServerType, proxyServer, startHTTPServer, startStdioServer, tapTransport };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-so1-I7Pn.js";
+import { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-CsjPjeWC.js";
 import process from "node:process";
 //#region node_modules/.pnpm/eventsource-parser@3.0.6/node_modules/eventsource-parser/dist/index.js
@@ -1850,5 +1850,5 @@ const tapTransport = (transport, eventHandler) => {
 };
 //#endregion
-export { InMemoryEventStore, ServerType, proxyServer, startHTTPServer, startStdioServer, tapTransport };
+export { AuthenticationMiddleware, InMemoryEventStore, ServerType, proxyServer, startHTTPServer, startStdioServer, tapTransport };
 //# sourceMappingURL=index.js.map

package/dist/{stdio-so1-I7Pn.js → stdio-CsjPjeWC.js} RENAMED Viewed

@@ -29,6 +29,35 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 }) : target, mod));
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
+//#endregion
+//#region src/authentication.ts
+var AuthenticationMiddleware = class {
+	constructor(config = {}) {
+		this.config = config;
+	}
+	getUnauthorizedResponse() {
+		const headers = { "Content-Type": "application/json" };
+		if (this.config.oauth?.protectedResource?.resource) headers["WWW-Authenticate"] = `Bearer resource_metadata="${this.config.oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`;
+		return {
+			body: JSON.stringify({
+				error: {
+					code: 401,
+					message: "Unauthorized: Invalid or missing API key"
+				},
+				id: null,
+				jsonrpc: "2.0"
+			}),
+			headers
+		};
+	}
+	validateRequest(req) {
+		if (!this.config.apiKey) return true;
+		const apiKey = req.headers["x-api-key"];
+		if (!apiKey || typeof apiKey !== "string") return false;
+		return apiKey === this.config.apiKey;
+	}
+};
 //#endregion
 //#region src/InMemoryEventStore.ts
 /**
@@ -14968,33 +14997,6 @@ var StreamableHTTPServerTransport = class {
 	}
 };
-//#endregion
-//#region src/authentication.ts
-var AuthenticationMiddleware = class {
-	constructor(config = {}) {
-		this.config = config;
-	}
-	getUnauthorizedResponse() {
-		return {
-			body: JSON.stringify({
-				error: {
-					code: 401,
-					message: "Unauthorized: Invalid or missing API key"
-				},
-				id: null,
-				jsonrpc: "2.0"
-			}),
-			headers: { "Content-Type": "application/json" }
-		};
-	}
-	validateRequest(req) {
-		if (!this.config.apiKey) return true;
-		const apiKey = req.headers["x-api-key"];
-		if (!apiKey || typeof apiKey !== "string") return false;
-		return apiKey === this.config.apiKey;
-	}
-};
 //#endregion
 //#region src/startHTTPServer.ts
 const getBody = (request) => {
@@ -15024,6 +15026,10 @@ const createJsonRpcErrorResponse = (code, message) => {
 		jsonrpc: "2.0"
 	});
 };
+const getWWWAuthenticateHeader = (oauth) => {
+	if (!oauth?.protectedResource?.resource) return;
+	return `Bearer resource_metadata="${oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`;
+};
 const handleResponseError = (error, res) => {
 	if (error instanceof Response) {
 		const fixedHeaders = {};
@@ -15045,7 +15051,7 @@ const cleanupServer = async (server, onClose) => {
 		console.error("[mcp-proxy] error closing server", error);
 	}
 };
-const handleStreamRequest = async ({ activeTransports, authenticate, createServer, enableJsonResponse, endpoint, eventStore, onClose, onConnect, req, res, stateless }) => {
+const handleStreamRequest = async ({ activeTransports, authenticate, createServer, enableJsonResponse, endpoint, eventStore, oauth, onClose, onConnect, req, res, stateless }) => {
 	if (req.method === "POST" && new URL(req.url, "http://localhost").pathname === endpoint) {
 		try {
 			const sessionId = Array.isArray(req.headers["mcp-session-id"]) ? req.headers["mcp-session-id"][0] : req.headers["mcp-session-id"];
@@ -15053,12 +15059,16 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 			let server;
 			const body = await getBody(req);
 			if (stateless && authenticate) try {
-				if (!await authenticate(req)) {
+				const authResult = await authenticate(req);
+				if (!authResult || typeof authResult === "object" && "authenticated" in authResult && !authResult.authenticated) {
+					const errorMessage = authResult && typeof authResult === "object" && "error" in authResult && typeof authResult.error === "string" ? authResult.error : "Unauthorized: Authentication failed";
 					res.setHeader("Content-Type", "application/json");
+					const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+					if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 					res.writeHead(401).end(JSON.stringify({
 						error: {
 							code: -32e3,
-							message: "Unauthorized: Authentication failed"
+							message: errorMessage
 						},
 						id: body?.id ?? null,
 						jsonrpc: "2.0"
@@ -15066,12 +15076,15 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 					return true;
 				}
 			} catch (error) {
+				const errorMessage = error instanceof Error ? error.message : "Unauthorized: Authentication error";
 				console.error("Authentication error:", error);
 				res.setHeader("Content-Type", "application/json");
+				const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+				if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 				res.writeHead(401).end(JSON.stringify({
 					error: {
 						code: -32e3,
-						message: "Unauthorized: Authentication error"
+						message: errorMessage
 					},
 					id: body?.id ?? null,
 					jsonrpc: "2.0"
@@ -15112,6 +15125,21 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 				try {
 					server = await createServer(req);
 				} catch (error) {
+					const errorMessage = error instanceof Error ? error.message : String(error);
+					if (errorMessage.includes("Authentication") || errorMessage.includes("Invalid JWT") || errorMessage.includes("Token") || errorMessage.includes("Unauthorized")) {
+						res.setHeader("Content-Type", "application/json");
+						const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+						if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
+						res.writeHead(401).end(JSON.stringify({
+							error: {
+								code: -32e3,
+								message: errorMessage
+							},
+							id: body?.id ?? null,
+							jsonrpc: "2.0"
+						}));
+						return true;
+					}
 					if (handleResponseError(error, res)) return true;
 					res.writeHead(500).end("Error creating server");
 					return true;
@@ -15130,6 +15158,21 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 				try {
 					server = await createServer(req);
 				} catch (error) {
+					const errorMessage = error instanceof Error ? error.message : String(error);
+					if (errorMessage.includes("Authentication") || errorMessage.includes("Invalid JWT") || errorMessage.includes("Token") || errorMessage.includes("Unauthorized")) {
+						res.setHeader("Content-Type", "application/json");
+						const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+						if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
+						res.writeHead(401).end(JSON.stringify({
+							error: {
+								code: -32e3,
+								message: errorMessage
+							},
+							id: body?.id ?? null,
+							jsonrpc: "2.0"
+						}));
+						return true;
+					}
 					if (handleResponseError(error, res)) return true;
 					res.writeHead(500).end("Error creating server");
 					return true;
@@ -15246,10 +15289,13 @@ const handleSSERequest = async ({ activeTransports, createServer, endpoint, onCl
 	}
 	return false;
 };
-const startHTTPServer = async ({ apiKey, authenticate, createServer, enableJsonResponse, eventStore, host = "::", onClose, onConnect, onUnhandledRequest, port, sseEndpoint = "/sse", stateless, streamEndpoint = "/mcp" }) => {
+const startHTTPServer = async ({ apiKey, authenticate, createServer, enableJsonResponse, eventStore, host = "::", oauth, onClose, onConnect, onUnhandledRequest, port, sseEndpoint = "/sse", stateless, streamEndpoint = "/mcp" }) => {
 	const activeSSETransports = {};
 	const activeStreamTransports = {};
-	const authMiddleware = new AuthenticationMiddleware({ apiKey });
+	const authMiddleware = new AuthenticationMiddleware({
+		apiKey,
+		oauth
+	});
 	/**
 	* @author https://dev.classmethod.jp/articles/mcp-sse/
 	*/
@@ -15295,6 +15341,7 @@ const startHTTPServer = async ({ apiKey, authenticate, createServer, enableJsonR
 			enableJsonResponse,
 			endpoint: streamEndpoint,
 			eventStore,
+			oauth,
 			onClose,
 			onConnect,
 			req,
@@ -21509,5 +21556,5 @@ function serializeMessage(message) {
 }
 //#endregion
-export { Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, __commonJS, __toESM, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType };
-//# sourceMappingURL=stdio-so1-I7Pn.js.map
+export { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, __commonJS, __toESM, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType };
+//# sourceMappingURL=stdio-CsjPjeWC.js.map