mcp4openapi 0.3.1 → 0.3.4

package/dist/src/oauth-provider.d.ts

@@ -1,131 +0,0 @@
-/**
- * OAuth 2.0 Provider Adapter
- *
- * Implements MCP SDK OAuthServerProvider interface to integrate with external
- * OAuth 2.0 authorization servers (e.g., GitLab, GitHub, etc.)
- *
- * Architecture:
- * - This server acts as an OAuth client to the external provider (Proxy/Gateway)
- * - Implements "Callback Mode":
- *   1. Client -> MCP (Authorize) -> MCP redirects to Provider (with MCP callback URL)
- *   2. Provider -> MCP (Callback) -> MCP exchanges code for tokens
- *   3. MCP redirects to Client (with Internal Code)
- *   4. Client -> MCP (Token) -> MCP returns stored tokens
- */
-import { Request, Response } from 'express';
-import type { OAuthServerProvider, AuthorizationParams } from '@modelcontextprotocol/sdk/server/auth/provider.js';
-import type { OAuthRegisteredClientsStore } from '@modelcontextprotocol/sdk/server/auth/clients.js';
-import type { OAuthClientInformationFull, OAuthTokens, OAuthTokenRevocationRequest } from '@modelcontextprotocol/sdk/shared/auth.js';
-import type { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
-import type { OAuthConfig } from './types/profile.js';
-import type { Logger } from './logger.js';
-/**
- * In-memory store for OAuth client registrations
- */
-export declare class InMemoryClientsStore implements OAuthRegisteredClientsStore {
-    private clients;
-    getClient(clientId: string): Promise<OAuthClientInformationFull | undefined>;
-    registerClient(clientMetadata: OAuthClientInformationFull): Promise<OAuthClientInformationFull>;
-}
-/**
- * OAuth Provider Adapter for external OAuth servers
- */
-export declare class ExternalOAuthProvider implements OAuthServerProvider {
-    private config;
-    private logger;
-    private _clientsStore;
-    private authorizationCodes;
-    private accessTokens;
-    private stateStore;
-    private endpointsInitialized;
-    private initializationPromise;
-    constructor(config: OAuthConfig, logger: Logger);
-    /**
-     * Lazy initialization of OAuth endpoints (async)
-     * Public method to allow HttpTransport to ensure initialization before client validation
-     */
-    ensureEndpointsInitialized(): Promise<void>;
-    get clientsStore(): OAuthRegisteredClientsStore;
-    get authorizationEndpoint(): string | undefined;
-    get redirectUri(): string | undefined;
-    get scopes(): string[];
-    /**
-     * Fetch OAuth Authorization Server Metadata (RFC 8414)
-     */
-    private fetchOAuthMetadata;
-    /**
-     * Resolve environment variable references in OAuth config
-     */
-    private resolveEnvVars;
-    /**
-     * Derive OAuth endpoints from issuer if needed
-     */
-    private deriveEndpointsFromIssuer;
-    /**
-     * Check if redirect URI host is allowed
-     * Prevents open redirect vulnerabilities (CWE-601)
-     */
-    private isAllowedRedirectHost;
-    /**
-     * Match hostname against allowlist entry
-     *
-     * Supports:
-     * - Exact hostnames
-     * - Wildcard subdomains (*.example.com)
-     * - IPv4 exact matches
-     * - IPv4 CIDR ranges (e.g., 10.0.0.0/8)
-     * - IPv6 exact matches
-     * - IPv6 CIDR ranges (e.g., 2001:db8::/32)
-     */
-    private matchRedirectHost;
-    /**
-     * Check if IP address is within CIDR range
-     *
-     * Example: '192.168.1.50' matches '192.168.1.0/24'
-     *          '2001:db8::1' matches '2001:db8::/32'
-     */
-    private matchCIDR;
-    /**
-     * Convert IPv4 address to 32-bit integer
-     */
-    private ipv4ToInt;
-    /**
-     * Convert IPv6 address to 128-bit BigInt
-     */
-    private ipv6ToBigInt;
-    private ipv6Mask;
-    private stripIpv6Brackets;
-    /**
-     * Begin authorization flow
-     * Stores state and redirects to External Provider with MCP Callback URI
-     */
-    authorize(client: OAuthClientInformationFull, params: AuthorizationParams, res: Response): Promise<void>;
-    /**
-     * Handle callback from External Provider
-     * Exchanges code for tokens and redirects to Client with Internal Code
-     */
-    handleCallback(req: Request, res: Response): Promise<void>;
-    /**
-     * Get code challenge for authorization code (Internal)
-     */
-    challengeForAuthorizationCode(client: OAuthClientInformationFull, authorizationCode: string): Promise<string>;
-    /**
-     * Exchange authorization code for access token (Internal)
-     */
-    exchangeAuthorizationCode(client: OAuthClientInformationFull, authorizationCode: string, codeVerifier?: string, redirectUri?: string, resource?: URL): Promise<OAuthTokens>;
-    /**
-     * Exchange authorization code with external OAuth provider
-     */
-    private exchangeCodeWithProvider;
-    exchangeRefreshToken(client: OAuthClientInformationFull, refreshToken: string, scopes?: string[], resource?: URL): Promise<OAuthTokens>;
-    verifyAccessToken(token: string): Promise<AuthInfo>;
-    private introspectToken;
-    revokeToken(client: OAuthClientInformationFull, request: OAuthTokenRevocationRequest): Promise<void>;
-    private revokeTokenWithProvider;
-    /**
-     * Cleanup expired states, codes, and tokens
-     * Called periodically by HttpTransport
-     */
-    cleanup(): void;
-}
-//# sourceMappingURL=oauth-provider.d.ts.map

package/dist/src/oauth-provider.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../../src/oauth-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,EACV,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,kDAAkD,CAAC;AACpG,OAAO,KAAK,EACV,0BAA0B,EAC1B,WAAW,EACX,2BAA2B,EAC5B,MAAM,0CAA0C,CAAC;AAClD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAC/E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAI1C;;GAEG;AACH,qBAAa,oBAAqB,YAAW,2BAA2B;IACtE,OAAO,CAAC,OAAO,CAAiD;IAE1D,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC;IAI5E,cAAc,CAAC,cAAc,EAAE,0BAA0B,GAAG,OAAO,CAAC,0BAA0B,CAAC;CAItG;AAmCD;;GAEG;AACH,qBAAa,qBAAsB,YAAW,mBAAmB;IAC/D,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,aAAa,CAAuB;IAG5C,OAAO,CAAC,kBAAkB,CAA4C;IACtE,OAAO,CAAC,YAAY,CAAsC;IAC1D,OAAO,CAAC,UAAU,CAAyC;IAE3D,OAAO,CAAC,oBAAoB,CAAkB;IAC9C,OAAO,CAAC,qBAAqB,CAA8B;gBAE/C,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM;IAuB/C;;;OAGG;IACU,0BAA0B,IAAI,OAAO,CAAC,IAAI,CAAC;IA6DxD,IAAI,YAAY,IAAI,2BAA2B,CAE9C;IAED,IAAI,qBAAqB,IAAI,MAAM,GAAG,SAAS,CAI9C;IAED,IAAI,WAAW,IAAI,MAAM,GAAG,SAAS,CAEpC;IAED,IAAI,MAAM,IAAI,MAAM,EAAE,CAErB;IAED;;OAEG;YACW,kBAAkB;IAwBhC;;OAEG;IACH,OAAO,CAAC,cAAc;IA8BtB;;OAEG;YACW,yBAAyB;IAyCvC;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAqB7B;;;;;;;;;;OAUG;IACH,OAAO,CAAC,iBAAiB;IAoBzB;;;;;OAKG;IACH,OAAO,CAAC,SAAS;IA+CjB;;OAEG;IACH,OAAO,CAAC,SAAS;IAmBjB;;OAEG;IACH,OAAO,CAAC,YAAY;IA6EpB,OAAO,CAAC,QAAQ;IAQhB,OAAO,CAAC,iBAAiB;IAIzB;;;OAGG;IACG,SAAS,CACb,MAAM,EAAE,0BAA0B,EAClC,MAAM,EAAE,mBAAmB,EAC3B,GAAG,EAAE,QAAQ,GACZ,OAAO,CAAC,IAAI,CAAC;IAyEhB;;;OAGG;IACG,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IA8GhE;;OAEG;IACG,6BAA6B,CACjC,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,MAAM,CAAC;IAclB;;OAEG;IACG,yBAAyB,CAC7B,MAAM,EAAE,0BAA0B,EAClC,iBAAiB,EAAE,MAAM,EACzB,YAAY,CAAC,EAAE,MAAM,EACrB,WAAW,CAAC,EAAE,MAAM,EACpB,QAAQ,CAAC,EAAE,GAAG,GACb,OAAO,CAAC,WAAW,CAAC;IA6DvB;;OAEG;YACW,wBAAwB;IAkDhC,oBAAoB,CACxB,MAAM,EAAE,0BAA0B,EAClC,YAAY,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,MAAM,EAAE,EACjB,QAAQ,CAAC,EAAE,GAAG,GACb,OAAO,CAAC,WAAW,CAAC;IA2DjB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;YAwB3C,eAAe;IAmDvB,WAAW,CACf,MAAM,EAAE,0BAA0B,EAClC,OAAO,EAAE,2BAA2B,GACnC,OAAO,CAAC,IAAI,CAAC;YAQF,uBAAuB;IA2BrC;;;OAGG;IACI,OAAO,IAAI,IAAI;CA0BvB"}