mcp4openapi 0.2.7 → 0.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -0
- package/dist/src/generated-schemas.d.ts +36 -0
- package/dist/src/generated-schemas.d.ts.map +1 -1
- package/dist/src/generated-schemas.js +3 -1
- package/dist/src/generated-schemas.js.map +1 -1
- package/dist/src/http-transport.d.ts.map +1 -1
- package/dist/src/http-transport.js +34 -11
- package/dist/src/http-transport.js.map +1 -1
- package/dist/src/index.js +25 -11
- package/dist/src/index.js.map +1 -1
- package/dist/src/interceptors.d.ts.map +1 -1
- package/dist/src/interceptors.js +6 -6
- package/dist/src/interceptors.js.map +1 -1
- package/dist/src/logger.d.ts +0 -12
- package/dist/src/logger.d.ts.map +1 -1
- package/dist/src/logger.js +67 -75
- package/dist/src/logger.js.map +1 -1
- package/dist/src/mcp-server.d.ts +12 -2
- package/dist/src/mcp-server.d.ts.map +1 -1
- package/dist/src/mcp-server.js +125 -10
- package/dist/src/mcp-server.js.map +1 -1
- package/dist/src/naming-warnings.js +6 -6
- package/dist/src/naming-warnings.js.map +1 -1
- package/dist/src/proxy-executor.d.ts +17 -2
- package/dist/src/proxy-executor.d.ts.map +1 -1
- package/dist/src/proxy-executor.js +298 -48
- package/dist/src/proxy-executor.js.map +1 -1
- package/dist/src/testing/listen-support.d.ts +3 -0
- package/dist/src/testing/listen-support.d.ts.map +1 -0
- package/dist/src/testing/listen-support.js +50 -0
- package/dist/src/testing/listen-support.js.map +1 -0
- package/dist/src/testing/mock-youtrack-server.d.ts.map +1 -1
- package/dist/src/testing/mock-youtrack-server.js +14 -0
- package/dist/src/testing/mock-youtrack-server.js.map +1 -1
- package/dist/src/types/profile.d.ts +18 -0
- package/dist/src/types/profile.d.ts.map +1 -1
- package/package.json +1 -1
- package/profile-schema.json +12 -0
package/README.md
CHANGED
|
@@ -365,6 +365,8 @@ When generating tools from OpenAPI without a profile, long operation IDs may exc
|
|
|
365
365
|
- `hash`: Use verb + resource + hash for guaranteed uniqueness
|
|
366
366
|
- `auto`: Try strategies in order: balanced → iterative → hash
|
|
367
367
|
- `MCP4_TOOLNAME_WARN_ONLY`: Only warn, don't shorten: `true|false` (default: `true`)
|
|
368
|
+
- `MCP4_TOOLNAME_SIMILAR_TOP`: How many similar operationId pairs to show in warnings (default: `3`)
|
|
369
|
+
- `MCP4_TOOLNAME_SIMILARITY_THRESHOLD`: Similarity threshold for warning examples (default: `0.75`)
|
|
368
370
|
- `MCP4_TOOLNAME_MIN_PARTS`: Minimum parts for balanced strategy (default: `3`)
|
|
369
371
|
- `MCP4_TOOLNAME_MIN_LENGTH`: Minimum length in chars for balanced strategy (default: `20`)
|
|
370
372
|
|
|
@@ -394,6 +396,8 @@ export MCP4_TOOLNAME_MAX=30
|
|
|
394
396
|
- `MCP4_PORT`: Port (default: `3003`)
|
|
395
397
|
- `MCP4_ALLOWED_ORIGINS`: Comma-separated origins (supports exact, wildcard `*.domain.com`, CIDR `192.168.1.0/24`)
|
|
396
398
|
- `MCP4_SESSION_TIMEOUT_MS`: Session timeout (default: `1800000` = 30min)
|
|
399
|
+
- `MCP4_OAUTH_SESSION_TIMEOUT_MS`: OAuth session timeout for sessions with refresh tokens (default: `86400000` = 24h, `0` = unlimited)
|
|
400
|
+
- `MCP4_OAUTH_REFRESH_THRESHOLD_MS`: Refresh access tokens this many ms before expiry (default: `60000` = 60s)
|
|
397
401
|
- `MCP4_HEARTBEAT_ENABLED`, `MCP4_HEARTBEAT_INTERVAL_MS`: SSE heartbeat settings
|
|
398
402
|
- `MCP4_TOKEN_MAX_LENGTH`: Maximum token length in characters (default: `1000`)
|
|
399
403
|
|
|
@@ -63,6 +63,8 @@ export declare const proxyDownloadOperationSchema: z.ZodObject<{
|
|
|
63
63
|
timeout_ms: z.ZodOptional<z.ZodNumber>;
|
|
64
64
|
allowed_mime_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
65
65
|
skip_auth: z.ZodOptional<z.ZodBoolean>;
|
|
66
|
+
allowed_hosts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
67
|
+
allow_private_network: z.ZodOptional<z.ZodBoolean>;
|
|
66
68
|
}, "strip", z.ZodTypeAny, {
|
|
67
69
|
type: "proxy_download";
|
|
68
70
|
metadata_endpoint: string;
|
|
@@ -73,6 +75,8 @@ export declare const proxyDownloadOperationSchema: z.ZodObject<{
|
|
|
73
75
|
timeout_ms?: number | undefined;
|
|
74
76
|
allowed_mime_types?: string[] | undefined;
|
|
75
77
|
skip_auth?: boolean | undefined;
|
|
78
|
+
allowed_hosts?: string[] | undefined;
|
|
79
|
+
allow_private_network?: boolean | undefined;
|
|
76
80
|
}, {
|
|
77
81
|
type: "proxy_download";
|
|
78
82
|
metadata_endpoint: string;
|
|
@@ -83,6 +87,8 @@ export declare const proxyDownloadOperationSchema: z.ZodObject<{
|
|
|
83
87
|
timeout_ms?: number | undefined;
|
|
84
88
|
allowed_mime_types?: string[] | undefined;
|
|
85
89
|
skip_auth?: boolean | undefined;
|
|
90
|
+
allowed_hosts?: string[] | undefined;
|
|
91
|
+
allow_private_network?: boolean | undefined;
|
|
86
92
|
}>;
|
|
87
93
|
export declare const operationDefinitionSchema: z.ZodUnion<[z.ZodString, z.ZodObject<{
|
|
88
94
|
type: z.ZodLiteral<"proxy_download">;
|
|
@@ -94,6 +100,8 @@ export declare const operationDefinitionSchema: z.ZodUnion<[z.ZodString, z.ZodOb
|
|
|
94
100
|
timeout_ms: z.ZodOptional<z.ZodNumber>;
|
|
95
101
|
allowed_mime_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
96
102
|
skip_auth: z.ZodOptional<z.ZodBoolean>;
|
|
103
|
+
allowed_hosts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
104
|
+
allow_private_network: z.ZodOptional<z.ZodBoolean>;
|
|
97
105
|
}, "strip", z.ZodTypeAny, {
|
|
98
106
|
type: "proxy_download";
|
|
99
107
|
metadata_endpoint: string;
|
|
@@ -104,6 +112,8 @@ export declare const operationDefinitionSchema: z.ZodUnion<[z.ZodString, z.ZodOb
|
|
|
104
112
|
timeout_ms?: number | undefined;
|
|
105
113
|
allowed_mime_types?: string[] | undefined;
|
|
106
114
|
skip_auth?: boolean | undefined;
|
|
115
|
+
allowed_hosts?: string[] | undefined;
|
|
116
|
+
allow_private_network?: boolean | undefined;
|
|
107
117
|
}, {
|
|
108
118
|
type: "proxy_download";
|
|
109
119
|
metadata_endpoint: string;
|
|
@@ -114,6 +124,8 @@ export declare const operationDefinitionSchema: z.ZodUnion<[z.ZodString, z.ZodOb
|
|
|
114
124
|
timeout_ms?: number | undefined;
|
|
115
125
|
allowed_mime_types?: string[] | undefined;
|
|
116
126
|
skip_auth?: boolean | undefined;
|
|
127
|
+
allowed_hosts?: string[] | undefined;
|
|
128
|
+
allow_private_network?: boolean | undefined;
|
|
117
129
|
}>]>;
|
|
118
130
|
export declare const baseUrlConfigSchema: z.ZodObject<{
|
|
119
131
|
value_from_env: z.ZodString;
|
|
@@ -208,6 +220,8 @@ export declare const toolDefinitionSchema: z.ZodObject<{
|
|
|
208
220
|
timeout_ms: z.ZodOptional<z.ZodNumber>;
|
|
209
221
|
allowed_mime_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
210
222
|
skip_auth: z.ZodOptional<z.ZodBoolean>;
|
|
223
|
+
allowed_hosts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
224
|
+
allow_private_network: z.ZodOptional<z.ZodBoolean>;
|
|
211
225
|
}, "strip", z.ZodTypeAny, {
|
|
212
226
|
type: "proxy_download";
|
|
213
227
|
metadata_endpoint: string;
|
|
@@ -218,6 +232,8 @@ export declare const toolDefinitionSchema: z.ZodObject<{
|
|
|
218
232
|
timeout_ms?: number | undefined;
|
|
219
233
|
allowed_mime_types?: string[] | undefined;
|
|
220
234
|
skip_auth?: boolean | undefined;
|
|
235
|
+
allowed_hosts?: string[] | undefined;
|
|
236
|
+
allow_private_network?: boolean | undefined;
|
|
221
237
|
}, {
|
|
222
238
|
type: "proxy_download";
|
|
223
239
|
metadata_endpoint: string;
|
|
@@ -228,6 +244,8 @@ export declare const toolDefinitionSchema: z.ZodObject<{
|
|
|
228
244
|
timeout_ms?: number | undefined;
|
|
229
245
|
allowed_mime_types?: string[] | undefined;
|
|
230
246
|
skip_auth?: boolean | undefined;
|
|
247
|
+
allowed_hosts?: string[] | undefined;
|
|
248
|
+
allow_private_network?: boolean | undefined;
|
|
231
249
|
}>]>>>;
|
|
232
250
|
composite: z.ZodOptional<z.ZodBoolean>;
|
|
233
251
|
steps: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
@@ -314,6 +332,8 @@ export declare const toolDefinitionSchema: z.ZodObject<{
|
|
|
314
332
|
timeout_ms?: number | undefined;
|
|
315
333
|
allowed_mime_types?: string[] | undefined;
|
|
316
334
|
skip_auth?: boolean | undefined;
|
|
335
|
+
allowed_hosts?: string[] | undefined;
|
|
336
|
+
allow_private_network?: boolean | undefined;
|
|
317
337
|
}> | undefined;
|
|
318
338
|
composite?: boolean | undefined;
|
|
319
339
|
steps?: {
|
|
@@ -351,6 +371,8 @@ export declare const toolDefinitionSchema: z.ZodObject<{
|
|
|
351
371
|
timeout_ms?: number | undefined;
|
|
352
372
|
allowed_mime_types?: string[] | undefined;
|
|
353
373
|
skip_auth?: boolean | undefined;
|
|
374
|
+
allowed_hosts?: string[] | undefined;
|
|
375
|
+
allow_private_network?: boolean | undefined;
|
|
354
376
|
}> | undefined;
|
|
355
377
|
composite?: boolean | undefined;
|
|
356
378
|
steps?: {
|
|
@@ -891,6 +913,8 @@ export declare const profileSchema: z.ZodObject<{
|
|
|
891
913
|
timeout_ms: z.ZodOptional<z.ZodNumber>;
|
|
892
914
|
allowed_mime_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
893
915
|
skip_auth: z.ZodOptional<z.ZodBoolean>;
|
|
916
|
+
allowed_hosts: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
917
|
+
allow_private_network: z.ZodOptional<z.ZodBoolean>;
|
|
894
918
|
}, "strip", z.ZodTypeAny, {
|
|
895
919
|
type: "proxy_download";
|
|
896
920
|
metadata_endpoint: string;
|
|
@@ -901,6 +925,8 @@ export declare const profileSchema: z.ZodObject<{
|
|
|
901
925
|
timeout_ms?: number | undefined;
|
|
902
926
|
allowed_mime_types?: string[] | undefined;
|
|
903
927
|
skip_auth?: boolean | undefined;
|
|
928
|
+
allowed_hosts?: string[] | undefined;
|
|
929
|
+
allow_private_network?: boolean | undefined;
|
|
904
930
|
}, {
|
|
905
931
|
type: "proxy_download";
|
|
906
932
|
metadata_endpoint: string;
|
|
@@ -911,6 +937,8 @@ export declare const profileSchema: z.ZodObject<{
|
|
|
911
937
|
timeout_ms?: number | undefined;
|
|
912
938
|
allowed_mime_types?: string[] | undefined;
|
|
913
939
|
skip_auth?: boolean | undefined;
|
|
940
|
+
allowed_hosts?: string[] | undefined;
|
|
941
|
+
allow_private_network?: boolean | undefined;
|
|
914
942
|
}>]>>>;
|
|
915
943
|
composite: z.ZodOptional<z.ZodBoolean>;
|
|
916
944
|
steps: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
@@ -997,6 +1025,8 @@ export declare const profileSchema: z.ZodObject<{
|
|
|
997
1025
|
timeout_ms?: number | undefined;
|
|
998
1026
|
allowed_mime_types?: string[] | undefined;
|
|
999
1027
|
skip_auth?: boolean | undefined;
|
|
1028
|
+
allowed_hosts?: string[] | undefined;
|
|
1029
|
+
allow_private_network?: boolean | undefined;
|
|
1000
1030
|
}> | undefined;
|
|
1001
1031
|
composite?: boolean | undefined;
|
|
1002
1032
|
steps?: {
|
|
@@ -1034,6 +1064,8 @@ export declare const profileSchema: z.ZodObject<{
|
|
|
1034
1064
|
timeout_ms?: number | undefined;
|
|
1035
1065
|
allowed_mime_types?: string[] | undefined;
|
|
1036
1066
|
skip_auth?: boolean | undefined;
|
|
1067
|
+
allowed_hosts?: string[] | undefined;
|
|
1068
|
+
allow_private_network?: boolean | undefined;
|
|
1037
1069
|
}> | undefined;
|
|
1038
1070
|
composite?: boolean | undefined;
|
|
1039
1071
|
steps?: {
|
|
@@ -1480,6 +1512,8 @@ export declare const profileSchema: z.ZodObject<{
|
|
|
1480
1512
|
timeout_ms?: number | undefined;
|
|
1481
1513
|
allowed_mime_types?: string[] | undefined;
|
|
1482
1514
|
skip_auth?: boolean | undefined;
|
|
1515
|
+
allowed_hosts?: string[] | undefined;
|
|
1516
|
+
allow_private_network?: boolean | undefined;
|
|
1483
1517
|
}> | undefined;
|
|
1484
1518
|
composite?: boolean | undefined;
|
|
1485
1519
|
steps?: {
|
|
@@ -1595,6 +1629,8 @@ export declare const profileSchema: z.ZodObject<{
|
|
|
1595
1629
|
timeout_ms?: number | undefined;
|
|
1596
1630
|
allowed_mime_types?: string[] | undefined;
|
|
1597
1631
|
skip_auth?: boolean | undefined;
|
|
1632
|
+
allowed_hosts?: string[] | undefined;
|
|
1633
|
+
allow_private_network?: boolean | undefined;
|
|
1598
1634
|
}> | undefined;
|
|
1599
1635
|
composite?: boolean | undefined;
|
|
1600
1636
|
steps?: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generated-schemas.d.ts","sourceRoot":"","sources":["../../src/generated-schemas.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,mBAAmB;;;;;;;;;;;;EAI9B,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYpC,CAAC;AAEH,eAAO,MAAM,4BAA4B
|
|
1
|
+
{"version":3,"file":"generated-schemas.d.ts","sourceRoot":"","sources":["../../src/generated-schemas.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,mBAAmB;;;;;;;;;;;;EAI9B,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYpC,CAAC;AAEH,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYvC,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAAsD,CAAC;AAE7F,eAAO,MAAM,mBAAmB;;;;;;;;;EAG9B,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;EAKhC,CAAC;AAEH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;EAI5B,CAAC;AAEH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY5B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAW/B,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAchC,CAAC;AAEH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMlC,CAAC;AAEH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQxB,CAAC"}
|
|
@@ -27,7 +27,9 @@ export const proxyDownloadOperationSchema = z.object({
|
|
|
27
27
|
max_size_bytes_from_env: z.string().optional(),
|
|
28
28
|
timeout_ms: z.number().optional(),
|
|
29
29
|
allowed_mime_types: z.array(z.string()).optional(),
|
|
30
|
-
skip_auth: z.boolean().optional()
|
|
30
|
+
skip_auth: z.boolean().optional(),
|
|
31
|
+
allowed_hosts: z.array(z.string()).optional(),
|
|
32
|
+
allow_private_network: z.boolean().optional()
|
|
31
33
|
});
|
|
32
34
|
export const operationDefinitionSchema = z.union([z.string(), proxyDownloadOperationSchema]);
|
|
33
35
|
export const baseUrlConfigSchema = z.object({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generated-schemas.js","sourceRoot":"","sources":["../../src/generated-schemas.ts"],"names":[],"mappings":"AAAA,yBAAyB;AACzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9I,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAChC,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpC,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;QACZ,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC,CAAC,QAAQ,EAAE;IACb,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC;IACjC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC7B,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,kBAAkB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAClD,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;
|
|
1
|
+
{"version":3,"file":"generated-schemas.js","sourceRoot":"","sources":["../../src/generated-schemas.ts"],"names":[],"mappings":"AAAA,yBAAyB;AACzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9I,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAChC,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpC,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;QACZ,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC,CAAC,QAAQ,EAAE;IACb,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC;IACjC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC7B,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,kBAAkB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAClD,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C,qBAAqB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,4BAA4B,CAAC,CAAC,CAAC;AAE7F,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;IAC1B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC;QACrC,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE;KACtC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC/B,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7C,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7C,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC,QAAQ,EAAE;IACtE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,QAAQ,EAAE;IAC9C,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACvC,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC;IAC3D,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/C,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IACrE,6BAA6B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACxD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IACxG,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,YAAY,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IAC1C,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC;QACvB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;KACxB,CAAC,CAAC,QAAQ,EAAE;IACb,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC5E,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC/C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,qBAAqB,EAAE,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACjF,QAAQ,EAAE,mBAAmB,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IAC5C,KAAK,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACnC,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC3H,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC;IACpC,YAAY,EAAE,uBAAuB,CAAC,QAAQ,EAAE;IAChD,iBAAiB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http-transport.d.ts","sourceRoot":"","sources":["../../src/http-transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAUH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAIV,mBAAmB,EAEpB,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"http-transport.d.ts","sourceRoot":"","sources":["../../src/http-transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAUH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAIV,mBAAmB,EAEpB,MAAM,2BAA2B,CAAC;AAmBnC,qBAAa,aAAa;IACxB,OAAO,CAAC,GAAG,CAAsB;IACjC,OAAO,CAAC,MAAM,CAAsC;IACpD,OAAO,CAAC,QAAQ,CAAuC;IACvD,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAiC;IAChD,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,cAAc,CAA6E;IACnG,OAAO,CAAC,aAAa,CAAsC;IAG3D,OAAO,CAAC,wBAAwB,CAA6G;gBAEjI,MAAM,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM;IAgCvD;;;;OAIG;IACH,OAAO,CAAC,eAAe;IA6HvB,OAAO,CAAC,qBAAqB,CAAS;IAEtC;;;;;;;;;;OAUG;IACH,OAAO,CAAC,eAAe;IA0CvB;;;;;;;OAOG;IACH,OAAO,CAAC,WAAW;IAuBnB;;;;;OAKG;IACH,OAAO,CAAC,SAAS;IAgDjB;;;;OAIG;IACH,OAAO,CAAC,SAAS;IAmBjB;;OAEG;IACH,OAAO,CAAC,YAAY;IA6EpB,OAAO,CAAC,QAAQ;IAQhB,OAAO,CAAC,iBAAiB;IAIzB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAkCzB,OAAO,CAAC,sBAAsB;IAI9B;;;;OAIG;IACH,OAAO,CAAC,WAAW;IAocnB;;;;OAIG;YACW,aAAa;IAoB3B;;;;;OAKG;IACH;;;OAGG;IACH,OAAO,CAAC,QAAQ;YAkBF,iBAAiB;IAqE/B;;;;;;;OAOG;IACH,OAAO,CAAC,aAAa;IAgBrB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,gBAAgB;IA4CxB;;;;OAIG;YACW,UAAU;IA4OxB;;;;OAIG;YACW,SAAS;IAkDvB;;;;OAIG;IACH,OAAO,CAAC,YAAY;IAmCpB;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAuBxB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IA6CtB;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAatB;;;;OAIG;IACI,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,IAAI;IA6B9D;;OAEG;IACH,OAAO,CAAC,cAAc;IAuBtB;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAkCrB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAO7B;;;;OAIG;IACH,OAAO,CAAC,cAAc;IAoCtB;;OAEG;IACH,OAAO,CAAC,yBAAyB,CAA0C;IAE3E;;;;OAIG;IACI,kBAAkB,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI;IAItE;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB;IAyBxB;;;;;;;OAOG;IACH,OAAO,CAAC,sBAAsB;IAoC9B;;;;OAIG;IACI,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAK7D;;;;;OAKG;IACU,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA4BzE;;;;;OAKG;YACW,kBAAkB;IA+EhC;;OAEG;IACI,iBAAiB,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI;IAInG;;OAEG;IACI,gBAAgB,IAAI,OAAO;IAIlC;;OAEG;IACI,YAAY,IAAI,MAAM;IAmB7B;;OAEG;IACI,wBAAwB,IAAI,MAAM;IAIzC;;OAEG;IACI,cAAc,IAAI,MAAM,EAAE;IAIjC;;OAEG;IACU,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAqEnC;;OAEG;IACU,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAuBnC"}
|
|
@@ -18,6 +18,7 @@ import { MetricsCollector } from './metrics.js';
|
|
|
18
18
|
import { ExternalOAuthProvider } from './oauth-provider.js';
|
|
19
19
|
import { HTTP_STATUS, MIME_TYPES, OAUTH_PATHS, TIMEOUTS, OAUTH_RATE_LIMIT } from './constants.js';
|
|
20
20
|
import { escapeHtmlSafe } from './validation-utils.js';
|
|
21
|
+
import { AuthenticationError, AuthorizationError, RateLimitError, ValidationError, generateCorrelationId, } from './errors.js';
|
|
21
22
|
// Default maximum token length (1000 characters)
|
|
22
23
|
const DEFAULT_MAX_TOKEN_LENGTH = 1000;
|
|
23
24
|
export class HttpTransport {
|
|
@@ -792,7 +793,6 @@ export class HttpTransport {
|
|
|
792
793
|
return this.handlePost(req, res, next);
|
|
793
794
|
});
|
|
794
795
|
this.app.get('/sse', mcpRateLimiter, (req, res, next) => {
|
|
795
|
-
console.log('=== SSE GET handler called for path:', req.path);
|
|
796
796
|
this.logger.warn('Deprecated endpoint used: GET /sse. Please migrate to GET /mcp');
|
|
797
797
|
this.logger.info(`Handling GET /sse request from: ${req.ip}`);
|
|
798
798
|
return this.handleGet(req, res, next);
|
|
@@ -945,16 +945,16 @@ export class HttpTransport {
|
|
|
945
945
|
validateToken(token, source) {
|
|
946
946
|
const maxLength = this.config.maxTokenLength ?? DEFAULT_MAX_TOKEN_LENGTH;
|
|
947
947
|
if (token.length > maxLength) {
|
|
948
|
-
throw new
|
|
948
|
+
throw new ValidationError(`${source} too long (max ${maxLength} characters)`);
|
|
949
949
|
}
|
|
950
950
|
if (token.length === 0) {
|
|
951
|
-
throw new
|
|
951
|
+
throw new ValidationError(`${source} is empty`);
|
|
952
952
|
}
|
|
953
953
|
// RFC 6750 Bearer token characters + common API token chars (including colons for YouTrack)
|
|
954
954
|
// Allow: alphanumeric, dash, underscore, dot, tilde, plus, slash, equals, colon
|
|
955
955
|
// Note: dash at end of character class to avoid being interpreted as range
|
|
956
956
|
if (!/^[A-Za-z0-9._~+/:=-]+$/.test(token)) {
|
|
957
|
-
throw new
|
|
957
|
+
throw new ValidationError(`Invalid ${source} format`);
|
|
958
958
|
}
|
|
959
959
|
}
|
|
960
960
|
/**
|
|
@@ -984,14 +984,14 @@ export class HttpTransport {
|
|
|
984
984
|
// Defense against ReDoS: Check length before regex
|
|
985
985
|
const maxHeaderLength = (this.config.maxTokenLength ?? DEFAULT_MAX_TOKEN_LENGTH) + 10; // Bearer + spaces + margin
|
|
986
986
|
if (authHeader.length > maxHeaderLength) {
|
|
987
|
-
throw new
|
|
987
|
+
throw new ValidationError(`Authorization header too long (max ${maxHeaderLength} characters)`);
|
|
988
988
|
}
|
|
989
989
|
// Relaxed Bearer token format validation - allow flexible whitespace
|
|
990
990
|
// Trim whitespace to handle client variations (IntelliJ, VSCode, etc.)
|
|
991
991
|
const trimmed = authHeader.trim();
|
|
992
992
|
const match = trimmed.match(/^Bearer\s+(.+)$/);
|
|
993
993
|
if (!match) {
|
|
994
|
-
throw new
|
|
994
|
+
throw new ValidationError('Invalid Authorization header format. Expected: Bearer <token>');
|
|
995
995
|
}
|
|
996
996
|
const token = match[1].trim();
|
|
997
997
|
this.validateToken(token, 'Authorization token');
|
|
@@ -1001,7 +1001,7 @@ export class HttpTransport {
|
|
|
1001
1001
|
const apiTokenHeader = req.headers['x-api-token'];
|
|
1002
1002
|
if (apiTokenHeader) {
|
|
1003
1003
|
if (typeof apiTokenHeader !== 'string') {
|
|
1004
|
-
throw new
|
|
1004
|
+
throw new ValidationError('X-API-Token must be a string');
|
|
1005
1005
|
}
|
|
1006
1006
|
this.validateToken(apiTokenHeader, 'X-API-Token');
|
|
1007
1007
|
return { type: 'api-token', token: apiTokenHeader };
|
|
@@ -1140,7 +1140,7 @@ export class HttpTransport {
|
|
|
1140
1140
|
}
|
|
1141
1141
|
else {
|
|
1142
1142
|
this.logger.debug('No OAuth token data found in map (may be non-OAuth bearer token)', {
|
|
1143
|
-
|
|
1143
|
+
hasToken: true,
|
|
1144
1144
|
});
|
|
1145
1145
|
}
|
|
1146
1146
|
}
|
|
@@ -1183,9 +1183,32 @@ export class HttpTransport {
|
|
|
1183
1183
|
res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'Bad Request', message: 'Invalid message type' });
|
|
1184
1184
|
}
|
|
1185
1185
|
catch (error) {
|
|
1186
|
-
|
|
1187
|
-
|
|
1188
|
-
|
|
1186
|
+
const correlationId = generateCorrelationId();
|
|
1187
|
+
this.logger.error('POST request error', error, { correlationId });
|
|
1188
|
+
let status = 500;
|
|
1189
|
+
let errorLabel = 'Internal Server Error';
|
|
1190
|
+
let message = `Internal error (correlation ID: ${correlationId})`;
|
|
1191
|
+
if (error instanceof ValidationError) {
|
|
1192
|
+
status = HTTP_STATUS.BAD_REQUEST;
|
|
1193
|
+
errorLabel = 'Bad Request';
|
|
1194
|
+
message = `Validation error: ${error.message} (correlation ID: ${correlationId})`;
|
|
1195
|
+
}
|
|
1196
|
+
else if (error instanceof AuthenticationError) {
|
|
1197
|
+
status = HTTP_STATUS.UNAUTHORIZED;
|
|
1198
|
+
errorLabel = 'Unauthorized';
|
|
1199
|
+
message = `Authentication failed: ${error.message} (correlation ID: ${correlationId})`;
|
|
1200
|
+
}
|
|
1201
|
+
else if (error instanceof AuthorizationError) {
|
|
1202
|
+
status = HTTP_STATUS.FORBIDDEN;
|
|
1203
|
+
errorLabel = 'Forbidden';
|
|
1204
|
+
message = `Authorization failed: ${error.message} (correlation ID: ${correlationId})`;
|
|
1205
|
+
}
|
|
1206
|
+
else if (error instanceof RateLimitError) {
|
|
1207
|
+
status = HTTP_STATUS.TOO_MANY_REQUESTS;
|
|
1208
|
+
errorLabel = 'Too Many Requests';
|
|
1209
|
+
message = `Rate limit exceeded: ${error.message} (correlation ID: ${correlationId})`;
|
|
1210
|
+
}
|
|
1211
|
+
res.status(status).json({ error: errorLabel, message, correlationId });
|
|
1189
1212
|
// Record error metrics
|
|
1190
1213
|
if (this.metrics) {
|
|
1191
1214
|
const duration = (Date.now() - startTime) / 1000;
|