mcp-proxy 5.8.1 → 5.9.0

package/dist/bin/mcp-proxy.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-9KZaSDCW.js";
+import { Client, InMemoryEventStore, ReadBuffer, Server, __commonJS, __toESM, proxyServer, serializeMessage, startHTTPServer } from "../stdio-CsjPjeWC.js";
 import { createRequire } from "node:module";
 import { basename, dirname, extname, join, normalize, relative, resolve } from "path";
 import { format, inspect } from "util";

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import http from "http";
+import http, { IncomingMessage } from "http";
 import { EventStore } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { JSONRPCMessage, ServerCapabilities } from "@modelcontextprotocol/sdk/types.js";
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
@@ -7,8 +7,26 @@ import { SSEClientTransportOptions } from "@modelcontextprotocol/sdk/client/sse.
 import { StreamableHTTPClientTransportOptions } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 import { Transport } from "@modelcontextprotocol/sdk/shared/transport.js";
 
+//#region src/authentication.d.ts
+interface AuthConfig {
+  apiKey?: string;
+  oauth?: {
+    protectedResource?: {
+      resource?: string;
+    };
+  };
+}
+declare class AuthenticationMiddleware {
+  private config;
+  constructor(config?: AuthConfig);
+  getUnauthorizedResponse(): {
+    body: string;
+    headers: Record<string, string>;
+  };
+  validateRequest(req: IncomingMessage): boolean;
+}
+//#endregion
 //#region src/InMemoryEventStore.d.ts
-
 /**
  * Simple in-memory implementation of the EventStore interface for resumability
  * This is primarily intended for examples and testing, not for production use
@@ -68,6 +86,7 @@ declare const startHTTPServer: <T extends ServerLike>({
   enableJsonResponse,
   eventStore,
   host,
+  oauth,
   onClose,
   onConnect,
   onUnhandledRequest,
@@ -82,6 +101,7 @@ declare const startHTTPServer: <T extends ServerLike>({
   enableJsonResponse?: boolean;
   eventStore?: EventStore;
   host?: string;
+  oauth?: AuthConfig["oauth"];
   onClose?: (server: T) => Promise<void>;
   onConnect?: (server: T) => Promise<void>;
   onUnhandledRequest?: (req: http.IncomingMessage, res: http.ServerResponse) => Promise<void>;
@@ -129,5 +149,5 @@ type TransportEvent = {
 };
 declare const tapTransport: (transport: Transport, eventHandler: (event: TransportEvent) => void) => Transport;
 //#endregion
-export { InMemoryEventStore, ServerType, proxyServer, startHTTPServer, startStdioServer, tapTransport };
+export { type AuthConfig, AuthenticationMiddleware, InMemoryEventStore, ServerType, proxyServer, startHTTPServer, startStdioServer, tapTransport };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -1,4 +1,4 @@
-import { Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-9KZaSDCW.js";
+import { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType } from "./stdio-CsjPjeWC.js";
 import process from "node:process";
 
 //#region node_modules/.pnpm/eventsource-parser@3.0.6/node_modules/eventsource-parser/dist/index.js
@@ -1850,5 +1850,5 @@ const tapTransport = (transport, eventHandler) => {
 };
 
 //#endregion
-export { InMemoryEventStore, ServerType, proxyServer, startHTTPServer, startStdioServer, tapTransport };
+export { AuthenticationMiddleware, InMemoryEventStore, ServerType, proxyServer, startHTTPServer, startStdioServer, tapTransport };
 //# sourceMappingURL=index.js.map

package/dist/{stdio-9KZaSDCW.js → stdio-CsjPjeWC.js}

@@ -29,6 +29,35 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 }) : target, mod));
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
+//#endregion
+//#region src/authentication.ts
+var AuthenticationMiddleware = class {
+	constructor(config = {}) {
+		this.config = config;
+	}
+	getUnauthorizedResponse() {
+		const headers = { "Content-Type": "application/json" };
+		if (this.config.oauth?.protectedResource?.resource) headers["WWW-Authenticate"] = `Bearer resource_metadata="${this.config.oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`;
+		return {
+			body: JSON.stringify({
+				error: {
+					code: 401,
+					message: "Unauthorized: Invalid or missing API key"
+				},
+				id: null,
+				jsonrpc: "2.0"
+			}),
+			headers
+		};
+	}
+	validateRequest(req) {
+		if (!this.config.apiKey) return true;
+		const apiKey = req.headers["x-api-key"];
+		if (!apiKey || typeof apiKey !== "string") return false;
+		return apiKey === this.config.apiKey;
+	}
+};
+
 //#endregion
 //#region src/InMemoryEventStore.ts
 /**
@@ -14968,33 +14997,6 @@ var StreamableHTTPServerTransport = class {
 	}
 };
 
-//#endregion
-//#region src/authentication.ts
-var AuthenticationMiddleware = class {
-	constructor(config = {}) {
-		this.config = config;
-	}
-	getUnauthorizedResponse() {
-		return {
-			body: JSON.stringify({
-				error: {
-					code: 401,
-					message: "Unauthorized: Invalid or missing API key"
-				},
-				id: null,
-				jsonrpc: "2.0"
-			}),
-			headers: { "Content-Type": "application/json" }
-		};
-	}
-	validateRequest(req) {
-		if (!this.config.apiKey) return true;
-		const apiKey = req.headers["x-api-key"];
-		if (!apiKey || typeof apiKey !== "string") return false;
-		return apiKey === this.config.apiKey;
-	}
-};
-
 //#endregion
 //#region src/startHTTPServer.ts
 const getBody = (request) => {
@@ -15024,6 +15026,10 @@ const createJsonRpcErrorResponse = (code, message) => {
 		jsonrpc: "2.0"
 	});
 };
+const getWWWAuthenticateHeader = (oauth) => {
+	if (!oauth?.protectedResource?.resource) return;
+	return `Bearer resource_metadata="${oauth.protectedResource.resource}/.well-known/oauth-protected-resource"`;
+};
 const handleResponseError = (error, res) => {
 	if (error instanceof Response) {
 		const fixedHeaders = {};
@@ -15045,7 +15051,7 @@ const cleanupServer = async (server, onClose) => {
 		console.error("[mcp-proxy] error closing server", error);
 	}
 };
-const handleStreamRequest = async ({ activeTransports, authenticate, createServer, enableJsonResponse, endpoint, eventStore, onClose, onConnect, req, res, stateless }) => {
+const handleStreamRequest = async ({ activeTransports, authenticate, createServer, enableJsonResponse, endpoint, eventStore, oauth, onClose, onConnect, req, res, stateless }) => {
 	if (req.method === "POST" && new URL(req.url, "http://localhost").pathname === endpoint) {
 		try {
 			const sessionId = Array.isArray(req.headers["mcp-session-id"]) ? req.headers["mcp-session-id"][0] : req.headers["mcp-session-id"];
@@ -15057,6 +15063,8 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 				if (!authResult || typeof authResult === "object" && "authenticated" in authResult && !authResult.authenticated) {
 					const errorMessage = authResult && typeof authResult === "object" && "error" in authResult && typeof authResult.error === "string" ? authResult.error : "Unauthorized: Authentication failed";
 					res.setHeader("Content-Type", "application/json");
+					const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+					if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 					res.writeHead(401).end(JSON.stringify({
 						error: {
 							code: -32e3,
@@ -15071,6 +15079,8 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 				const errorMessage = error instanceof Error ? error.message : "Unauthorized: Authentication error";
 				console.error("Authentication error:", error);
 				res.setHeader("Content-Type", "application/json");
+				const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+				if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 				res.writeHead(401).end(JSON.stringify({
 					error: {
 						code: -32e3,
@@ -15118,6 +15128,8 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 					const errorMessage = error instanceof Error ? error.message : String(error);
 					if (errorMessage.includes("Authentication") || errorMessage.includes("Invalid JWT") || errorMessage.includes("Token") || errorMessage.includes("Unauthorized")) {
 						res.setHeader("Content-Type", "application/json");
+						const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+						if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 						res.writeHead(401).end(JSON.stringify({
 							error: {
 								code: -32e3,
@@ -15149,6 +15161,8 @@ const handleStreamRequest = async ({ activeTransports, authenticate, createServe
 					const errorMessage = error instanceof Error ? error.message : String(error);
 					if (errorMessage.includes("Authentication") || errorMessage.includes("Invalid JWT") || errorMessage.includes("Token") || errorMessage.includes("Unauthorized")) {
 						res.setHeader("Content-Type", "application/json");
+						const wwwAuthHeader = getWWWAuthenticateHeader(oauth);
+						if (wwwAuthHeader) res.setHeader("WWW-Authenticate", wwwAuthHeader);
 						res.writeHead(401).end(JSON.stringify({
 							error: {
 								code: -32e3,
@@ -15275,10 +15289,13 @@ const handleSSERequest = async ({ activeTransports, createServer, endpoint, onCl
 	}
 	return false;
 };
-const startHTTPServer = async ({ apiKey, authenticate, createServer, enableJsonResponse, eventStore, host = "::", onClose, onConnect, onUnhandledRequest, port, sseEndpoint = "/sse", stateless, streamEndpoint = "/mcp" }) => {
+const startHTTPServer = async ({ apiKey, authenticate, createServer, enableJsonResponse, eventStore, host = "::", oauth, onClose, onConnect, onUnhandledRequest, port, sseEndpoint = "/sse", stateless, streamEndpoint = "/mcp" }) => {
 	const activeSSETransports = {};
 	const activeStreamTransports = {};
-	const authMiddleware = new AuthenticationMiddleware({ apiKey });
+	const authMiddleware = new AuthenticationMiddleware({
+		apiKey,
+		oauth
+	});
 	/**
 	* @author https://dev.classmethod.jp/articles/mcp-sse/
 	*/
@@ -15324,6 +15341,7 @@ const startHTTPServer = async ({ apiKey, authenticate, createServer, enableJsonR
 			enableJsonResponse,
 			endpoint: streamEndpoint,
 			eventStore,
+			oauth,
 			onClose,
 			onConnect,
 			req,
@@ -21538,5 +21556,5 @@ function serializeMessage(message) {
 }
 
 //#endregion
-export { Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, __commonJS, __toESM, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType };
-//# sourceMappingURL=stdio-9KZaSDCW.js.map
+export { AuthenticationMiddleware, Client, InMemoryEventStore, JSONRPCMessageSchema, LATEST_PROTOCOL_VERSION, NEVER, ReadBuffer, Server, ZodIssueCode, __commonJS, __toESM, anyType, arrayType, booleanType, isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, numberType, objectType, proxyServer, serializeMessage, startHTTPServer, stringType };
+//# sourceMappingURL=stdio-CsjPjeWC.js.map