palaryn 0.1.0 → 0.3.2

package/src/mcp/oauth-provider.ts

@@ -0,0 +1,536 @@
+/**
+ * MCP OAuth 2.0 Server Provider.
+ *
+ * Implements OAuthServerProvider from the MCP SDK. Handles:
+ * - Authorization (consent page with workspace picker)
+ * - Auth code exchange (code → access + refresh tokens)
+ * - Refresh token rotation
+ * - Access token verification (returns AuthInfo with Palaryn context)
+ * - Token revocation
+ *
+ * Reuses existing Palaryn session (pn_session cookie) for user identity.
+ */
+import { Response } from 'express';
+import { randomBytes } from 'crypto';
+import { OAuthServerProvider, AuthorizationParams } from '@modelcontextprotocol/sdk/server/auth/provider.js';
+import { OAuthRegisteredClientsStore } from '@modelcontextprotocol/sdk/server/auth/clients.js';
+import {
+  OAuthClientInformationFull,
+  OAuthTokens,
+  OAuthTokenRevocationRequest,
+} from '@modelcontextprotocol/sdk/shared/auth.js';
+import { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
+import {
+  UserStore,
+  WorkspaceStore,
+  WorkspaceMemberStore,
+  SessionStore,
+} from '../storage/interfaces';
+import { AuthCodeStore, StoredToken } from './oauth-stores';
+import { renderConsentPage, renderErrorPage } from './oauth-pages';
+import { SESSION_COOKIE_NAME } from '../auth/session';
+import { resolvePermissions } from '../middleware/auth';
+import { RBACConfig } from '../types/config';
+
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+
+/** Maximum lifetime for authorization codes (in milliseconds). Default: 60 seconds. */
+export const AUTH_CODE_LIFETIME_MS = 60 * 1000;
+
+/** Maximum lifetime for CSRF tokens (in milliseconds). Default: 10 minutes. */
+const CSRF_TOKEN_TTL_MS = 10 * 60 * 1000;
+
+/** Maximum number of CSRF tokens stored concurrently. */
+const CSRF_TOKEN_MAX_SIZE = 10_000;
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+interface CsrfEntry {
+  createdAt: number;
+  expiresAt: number;
+}
+
+/** Structural interface for token stores (supports both in-memory and Postgres-backed) */
+export interface OAuthTokenStoreInterface {
+  saveAccessToken(entry: StoredToken): void;
+  getAccessToken(token: string): StoredToken | undefined;
+  revokeAccessToken(token: string): void;
+  saveRefreshToken(entry: StoredToken): void;
+  getRefreshToken(token: string): StoredToken | undefined;
+  revokeRefreshToken(token: string): void;
+  readonly accessTtlSeconds: number;
+  readonly refreshTtlSeconds: number;
+}
+
+/** Structural interface for client stores (supports both in-memory and Postgres-backed) */
+export interface OAuthClientsStoreInterface extends OAuthRegisteredClientsStore {
+  getClient(clientId: string): OAuthClientInformationFull | undefined;
+}
+
+export interface PalarynOAuthProviderDeps {
+  clientsStore: OAuthClientsStoreInterface;
+  authCodeStore: AuthCodeStore;
+  tokenStore: OAuthTokenStoreInterface;
+  userStore: UserStore;
+  workspaceStore: WorkspaceStore;
+  workspaceMemberStore: WorkspaceMemberStore;
+  sessionStore: SessionStore;
+  rbacConfig?: RBACConfig;
+  /** URL to redirect to for login (default: /auth/login) */
+  loginUrl?: string;
+}
+
+// ---------------------------------------------------------------------------
+// Provider implementation
+// ---------------------------------------------------------------------------
+
+export class PalarynOAuthProvider implements OAuthServerProvider {
+  private _clientsStore: OAuthClientsStoreInterface;
+  private authCodes: AuthCodeStore;
+  private tokens: OAuthTokenStoreInterface;
+  private users: UserStore;
+  private workspaces: WorkspaceStore;
+  private members: WorkspaceMemberStore;
+  private sessions: SessionStore;
+  private rbacConfig?: RBACConfig;
+  private loginUrl: string;
+
+  /** CSRF tokens: token → { createdAt, expiresAt } */
+  private csrfTokens = new Map<string, CsrfEntry>();
+  private csrfCleanupInterval: ReturnType<typeof setInterval>;
+
+  constructor(deps: PalarynOAuthProviderDeps) {
+    this._clientsStore = deps.clientsStore;
+    this.authCodes = deps.authCodeStore;
+    this.tokens = deps.tokenStore;
+    this.users = deps.userStore;
+    this.workspaces = deps.workspaceStore;
+    this.members = deps.workspaceMemberStore;
+    this.sessions = deps.sessionStore;
+    this.rbacConfig = deps.rbacConfig;
+    this.loginUrl = deps.loginUrl || '/login';
+
+    // Periodically clean up expired CSRF tokens
+    this.csrfCleanupInterval = setInterval(() => this.cleanupCsrfTokens(), 60_000);
+    this.csrfCleanupInterval.unref();
+  }
+
+  /** Stop the periodic CSRF cleanup interval. */
+  close(): void {
+    clearInterval(this.csrfCleanupInterval);
+  }
+
+  get clientsStore(): OAuthRegisteredClientsStore {
+    return this._clientsStore;
+  }
+
+  // -----------------------------------------------------------------------
+  // authorize — show consent page or redirect to login
+  // -----------------------------------------------------------------------
+
+  async authorize(
+    client: OAuthClientInformationFull,
+    params: AuthorizationParams,
+    res: Response,
+  ): Promise<void> {
+    // Validate redirect URI
+    const uriCheck = PalarynOAuthProvider.validateRedirectUri(params.redirectUri);
+    if (!uriCheck.valid) {
+      res.status(400).send(renderErrorPage('Invalid redirect URI', uriCheck.reason || 'The redirect URI is not allowed.'));
+      return;
+    }
+
+    // Verify redirect_uri matches one of the client's registered redirect URIs
+    const registeredUris = (client.redirect_uris || []).map((u: string | URL) => u.toString());
+    if (registeredUris.length > 0 && !registeredUris.includes(params.redirectUri)) {
+      res.status(400).send(renderErrorPage('Redirect URI mismatch', 'The redirect URI does not match any registered URIs for this client.'));
+      return;
+    }
+
+    // Read the session cookie from the request (available via res.req)
+    const req = res.req;
+    const sessionId = (req as any).cookies?.[SESSION_COOKIE_NAME];
+
+    if (!sessionId) {
+      // Not logged in → redirect to login with return_to
+      const returnTo = this.buildAuthorizeReturnUrl(client, params);
+      res.redirect(`${this.loginUrl}?return_to=${encodeURIComponent(returnTo)}`);
+      return;
+    }
+
+    const session = this.sessions.getById(sessionId);
+    if (!session) {
+      const returnTo = this.buildAuthorizeReturnUrl(client, params);
+      res.redirect(`${this.loginUrl}?return_to=${encodeURIComponent(returnTo)}`);
+      return;
+    }
+
+    const user = this.users.getById(session.user_id);
+    if (!user || user.status !== 'active') {
+      res.status(403).send(renderErrorPage('Account unavailable', 'Your account is not active.'));
+      return;
+    }
+
+    // Get workspaces the user belongs to
+    const memberships = this.members.getByUser(user.id);
+    const userWorkspaces = memberships
+      .map((m) => {
+        const ws = this.workspaces.getById(m.workspace_id);
+        return ws ? { id: ws.id, name: ws.name, slug: ws.slug } : null;
+      })
+      .filter(Boolean) as { id: string; name: string; slug: string }[];
+
+    if (userWorkspaces.length === 0) {
+      res.status(403).send(renderErrorPage('No workspaces', 'You need at least one workspace to authorize MCP access.'));
+      return;
+    }
+
+    // Generate CSRF token (with cleanup of expired/overflow)
+    this.cleanupCsrfTokens();
+    const now = Date.now();
+    const csrfToken = randomBytes(32).toString('hex');
+    this.csrfTokens.set(csrfToken, { createdAt: now, expiresAt: now + CSRF_TOKEN_TTL_MS });
+
+    // Render consent page
+    const html = renderConsentPage({
+      clientName: client.client_name || client.client_id,
+      scopes: params.scopes || [],
+      workspaces: userWorkspaces,
+      clientId: client.client_id,
+      redirectUri: params.redirectUri,
+      state: params.state,
+      codeChallenge: params.codeChallenge,
+      csrfToken,
+    });
+
+    // Override Helmet's CSP to allow form-action redirect to Claude Code's localhost callback
+    res.setHeader('Content-Security-Policy',
+      "default-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; form-action 'self' http://localhost:* http://127.0.0.1:*");
+    res.status(200).type('html').send(html);
+  }
+
+  // -----------------------------------------------------------------------
+  // handleConsentDecision — called from POST /authorize/decision
+  // -----------------------------------------------------------------------
+
+  async handleConsentDecision(
+    body: Record<string, string>,
+    sessionUserId: string,
+  ): Promise<{ redirectUrl: string } | { error: string; status: number }> {
+    const {
+      client_id,
+      redirect_uri,
+      state,
+      code_challenge,
+      scopes,
+      csrf_token,
+      workspace_id,
+      decision,
+    } = body;
+
+    // Validate CSRF
+    const csrfEntry = this.csrfTokens.get(csrf_token);
+    if (!csrfEntry || Date.now() > csrfEntry.expiresAt) {
+      return { error: 'Invalid or expired CSRF token', status: 403 };
+    }
+    this.csrfTokens.delete(csrf_token);
+
+    // Validate redirect URI
+    const uriCheck = PalarynOAuthProvider.validateRedirectUri(redirect_uri);
+    if (!uriCheck.valid) {
+      return { error: uriCheck.reason || 'Invalid redirect URI', status: 400 };
+    }
+
+    // Validate client
+    const client = this._clientsStore.getClient(client_id);
+    if (!client) {
+      return { error: 'Unknown client', status: 400 };
+    }
+
+    // Verify redirect_uri matches registered URIs
+    const registeredUris = (client.redirect_uris || []).map((u: string | URL) => u.toString());
+    if (registeredUris.length > 0 && !registeredUris.includes(redirect_uri)) {
+      return { error: 'Redirect URI does not match registered URIs', status: 400 };
+    }
+
+    const redirectUrl = new URL(redirect_uri);
+
+    // Denied
+    if (decision !== 'approve') {
+      redirectUrl.searchParams.set('error', 'access_denied');
+      redirectUrl.searchParams.set('error_description', 'User denied the request');
+      if (state) redirectUrl.searchParams.set('state', state);
+      return { redirectUrl: redirectUrl.toString() };
+    }
+
+    // Verify workspace membership
+    const membership = this.members.getByUser(sessionUserId)
+      .find((m) => m.workspace_id === workspace_id);
+    if (!membership) {
+      return { error: 'Invalid workspace selection', status: 403 };
+    }
+
+    // Generate authorization code
+    const code = randomBytes(32).toString('hex');
+    this.authCodes.save({
+      code,
+      clientId: client_id,
+      codeChallenge: code_challenge,
+      redirectUri: redirect_uri,
+      scopes: scopes ? scopes.split(' ') : [],
+      userId: sessionUserId,
+      workspaceId: workspace_id,
+      state,
+      expiresAt: Date.now() + AUTH_CODE_LIFETIME_MS,
+    });
+
+    redirectUrl.searchParams.set('code', code);
+    if (state) redirectUrl.searchParams.set('state', state);
+    return { redirectUrl: redirectUrl.toString() };
+  }
+
+  // -----------------------------------------------------------------------
+  // challengeForAuthorizationCode
+  // -----------------------------------------------------------------------
+
+  async challengeForAuthorizationCode(
+    _client: OAuthClientInformationFull,
+    authorizationCode: string,
+  ): Promise<string> {
+    const entry = this.authCodes.get(authorizationCode);
+    if (!entry) {
+      throw new Error('Authorization code not found or expired');
+    }
+    return entry.codeChallenge;
+  }
+
+  // -----------------------------------------------------------------------
+  // exchangeAuthorizationCode
+  // -----------------------------------------------------------------------
+
+  async exchangeAuthorizationCode(
+    client: OAuthClientInformationFull,
+    authorizationCode: string,
+    _codeVerifier?: string,
+    _redirectUri?: string,
+    _resource?: URL,
+  ): Promise<OAuthTokens> {
+    const entry = this.authCodes.get(authorizationCode);
+    if (!entry) {
+      throw new Error('Authorization code not found or expired');
+    }
+
+    if (entry.clientId !== client.client_id) {
+      throw new Error('Client ID mismatch');
+    }
+
+    // Consume (delete) the auth code FIRST to guarantee single-use.
+    // If token issuance fails after this, the client must request a new code.
+    this.authCodes.consume(authorizationCode);
+
+    return this.issueTokens(client.client_id, entry.userId, entry.workspaceId, entry.scopes);
+  }
+
+  // -----------------------------------------------------------------------
+  // exchangeRefreshToken
+  // -----------------------------------------------------------------------
+
+  async exchangeRefreshToken(
+    client: OAuthClientInformationFull,
+    refreshToken: string,
+    scopes?: string[],
+    _resource?: URL,
+  ): Promise<OAuthTokens> {
+    const entry = this.tokens.getRefreshToken(refreshToken);
+    if (!entry) {
+      throw new Error('Invalid refresh token');
+    }
+
+    if (entry.clientId !== client.client_id) {
+      throw new Error('Client ID mismatch');
+    }
+
+    // Revoke old refresh token (rotation)
+    this.tokens.revokeRefreshToken(refreshToken);
+
+    const effectiveScopes = scopes && scopes.length > 0 ? scopes : entry.scopes;
+    return this.issueTokens(client.client_id, entry.userId, entry.workspaceId, effectiveScopes);
+  }
+
+  // -----------------------------------------------------------------------
+  // verifyAccessToken
+  // -----------------------------------------------------------------------
+
+  async verifyAccessToken(token: string): Promise<AuthInfo> {
+    const entry = this.tokens.getAccessToken(token);
+    if (!entry) {
+      throw new Error('Invalid or expired access token');
+    }
+
+    // Resolve user's workspace role → RBAC permissions
+    const memberships = this.members.getByUser(entry.userId);
+    const membership = memberships.find((m) => m.workspace_id === entry.workspaceId);
+
+    let roles: string[] = [];
+    if (membership) {
+      if (membership.role === 'owner' || membership.role === 'admin') {
+        roles = ['admin'];
+      } else if (membership.role === 'member') {
+        roles = ['operator'];
+      } else {
+        roles = ['readonly'];
+      }
+    }
+
+    const permissions = resolvePermissions(roles, this.rbacConfig);
+
+    return {
+      token,
+      clientId: entry.clientId,
+      scopes: entry.scopes,
+      expiresAt: entry.expiresAt,
+      extra: {
+        workspace_id: entry.workspaceId,
+        actor_id: `user:${entry.userId}`,
+        user_id: entry.userId,
+        roles,
+        permissions,
+        auth_method: 'oauth',
+      },
+    };
+  }
+
+  // -----------------------------------------------------------------------
+  // revokeToken
+  // -----------------------------------------------------------------------
+
+  async revokeToken(
+    _client: OAuthClientInformationFull,
+    request: OAuthTokenRevocationRequest,
+  ): Promise<void> {
+    // Try both token types
+    this.tokens.revokeAccessToken(request.token);
+    this.tokens.revokeRefreshToken(request.token);
+  }
+
+  // -----------------------------------------------------------------------
+  // Helpers
+  // -----------------------------------------------------------------------
+
+  private issueTokens(
+    clientId: string,
+    userId: string,
+    workspaceId: string,
+    scopes: string[],
+  ): OAuthTokens {
+    const nowSec = Math.floor(Date.now() / 1000);
+    const accessToken = randomBytes(32).toString('hex');
+    const refreshToken = randomBytes(32).toString('hex');
+
+    this.tokens.saveAccessToken({
+      token: accessToken,
+      clientId,
+      userId,
+      workspaceId,
+      scopes,
+      expiresAt: nowSec + this.tokens.accessTtlSeconds,
+      createdAt: nowSec,
+    });
+
+    this.tokens.saveRefreshToken({
+      token: refreshToken,
+      clientId,
+      userId,
+      workspaceId,
+      scopes,
+      expiresAt: nowSec + this.tokens.refreshTtlSeconds,
+      createdAt: nowSec,
+    });
+
+    return {
+      access_token: accessToken,
+      token_type: 'Bearer',
+      expires_in: this.tokens.accessTtlSeconds,
+      refresh_token: refreshToken,
+      scope: scopes.join(' '),
+    };
+  }
+
+  /**
+   * Remove expired CSRF tokens and evict oldest when map exceeds max size.
+   */
+  private cleanupCsrfTokens(): void {
+    const now = Date.now();
+
+    // Remove expired tokens
+    for (const [token, entry] of this.csrfTokens) {
+      if (now > entry.expiresAt) {
+        this.csrfTokens.delete(token);
+      }
+    }
+
+    // Evict oldest if still over max size
+    if (this.csrfTokens.size >= CSRF_TOKEN_MAX_SIZE) {
+      const sorted = [...this.csrfTokens.entries()]
+        .sort((a, b) => a[1].createdAt - b[1].createdAt);
+      const toEvict = sorted.length - CSRF_TOKEN_MAX_SIZE + 1; // make room for the new one
+      for (let i = 0; i < toEvict; i++) {
+        this.csrfTokens.delete(sorted[i][0]);
+      }
+    }
+  }
+
+  /**
+   * Validate that a redirect URI is safe for dynamically registered clients.
+   * Only allows localhost-based redirect URIs (127.0.0.1, ::1, localhost).
+   * Blocks javascript:, data:, and other dangerous schemes.
+   */
+  static validateRedirectUri(uri: string): { valid: boolean; reason?: string } {
+    let parsed: URL;
+    try {
+      parsed = new URL(uri);
+    } catch {
+      return { valid: false, reason: 'Invalid URL format' };
+    }
+
+    // Block dangerous schemes
+    const dangerousSchemes = ['javascript:', 'data:', 'vbscript:', 'blob:'];
+    if (dangerousSchemes.includes(parsed.protocol)) {
+      return { valid: false, reason: `Dangerous scheme: ${parsed.protocol}` };
+    }
+
+    // Only allow http/https
+    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+      return { valid: false, reason: `Unsupported scheme: ${parsed.protocol}` };
+    }
+
+    // For dynamically registered MCP clients, only allow localhost
+    const hostname = parsed.hostname;
+    const localhostHosts = ['localhost', '127.0.0.1', '::1', '[::1]'];
+    if (!localhostHosts.includes(hostname)) {
+      return { valid: false, reason: 'Only localhost redirect URIs are allowed for dynamic clients' };
+    }
+
+    return { valid: true };
+  }
+
+  private buildAuthorizeReturnUrl(
+    client: OAuthClientInformationFull,
+    params: AuthorizationParams,
+  ): string {
+    const url = new URL('/authorize', 'http://placeholder');
+    url.searchParams.set('client_id', client.client_id);
+    url.searchParams.set('redirect_uri', params.redirectUri);
+    url.searchParams.set('code_challenge', params.codeChallenge);
+    url.searchParams.set('code_challenge_method', 'S256');
+    if (params.state) url.searchParams.set('state', params.state);
+    if (params.scopes?.length) url.searchParams.set('scope', params.scopes.join(' '));
+    url.searchParams.set('response_type', 'code');
+    // Return only path + query (no host)
+    return url.pathname + url.search;
+  }
+}