paygate-mcp 8.76.0 → 8.77.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin-keys.d.ts +5 -1
- package/dist/admin-keys.d.ts.map +1 -1
- package/dist/admin-keys.js +29 -6
- package/dist/admin-keys.js.map +1 -1
- package/package.json +1 -1
package/dist/admin-keys.d.ts
CHANGED
|
@@ -45,8 +45,12 @@ export declare class AdminKeyManager {
|
|
|
45
45
|
*/
|
|
46
46
|
bootstrap(key: string): void;
|
|
47
47
|
/**
|
|
48
|
-
* Validate an admin key
|
|
48
|
+
* Validate an admin key using constant-time comparison.
|
|
49
|
+
* Returns the record if valid, null otherwise.
|
|
49
50
|
* Updates lastUsedAt on successful validation.
|
|
51
|
+
*
|
|
52
|
+
* Uses timingSafeEqual to prevent timing attacks that could
|
|
53
|
+
* enumerate valid admin key prefixes through response time analysis.
|
|
50
54
|
*/
|
|
51
55
|
validate(key: string): AdminKeyRecord | null;
|
|
52
56
|
/**
|
package/dist/admin-keys.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin-keys.d.ts","sourceRoot":"","sources":["../src/admin-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG,OAAO,GAAG,QAAQ,CAAC;AAE3D,MAAM,WAAW,cAAc;IAC7B,4EAA4E;IAC5E,GAAG,EAAE,MAAM,CAAC;IACZ,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,IAAI,EAAE,SAAS,CAAC;IAChB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAClB,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,MAAM,EAAE,OAAO,CAAC;IAChB,qEAAqE;IACrE,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,uEAAuE;AACvE,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAIpD,CAAC;AAEF,uBAAuB;AACvB,eAAO,MAAM,WAAW,EAAE,SAAS,EAAuC,CAAC;AAI3E,qBAAa,eAAe;IAC1B,OAAO,CAAC,IAAI,CAA0C;IACtD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAgB;gBAE7B,QAAQ,CAAC,EAAE,MAAM;IAO7B,iCAAiC;IACjC,OAAO,CAAC,IAAI;IAcZ,gEAAgE;IAChE,IAAI,IAAI,IAAI;IAeZ;;;;OAIG;IACH,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAgB5B
|
|
1
|
+
{"version":3,"file":"admin-keys.d.ts","sourceRoot":"","sources":["../src/admin-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG,OAAO,GAAG,QAAQ,CAAC;AAE3D,MAAM,WAAW,cAAc;IAC7B,4EAA4E;IAC5E,GAAG,EAAE,MAAM,CAAC;IACZ,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,IAAI,EAAE,SAAS,CAAC;IAChB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAClB,uDAAuD;IACvD,SAAS,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,MAAM,EAAE,OAAO,CAAC;IAChB,qEAAqE;IACrE,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,uEAAuE;AACvE,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAIpD,CAAC;AAEF,uBAAuB;AACvB,eAAO,MAAM,WAAW,EAAE,SAAS,EAAuC,CAAC;AAI3E,qBAAa,eAAe;IAC1B,OAAO,CAAC,IAAI,CAA0C;IACtD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAgB;gBAE7B,QAAQ,CAAC,EAAE,MAAM;IAO7B,iCAAiC;IACjC,OAAO,CAAC,IAAI;IAcZ,gEAAgE;IAChE,IAAI,IAAI,IAAI;IAeZ;;;;OAIG;IACH,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAgB5B;;;;;;;OAOG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IA8B5C;;OAEG;IACH,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,OAAO;IAQjD;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,GAAG,cAAc;IAgBxE;;;OAGG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAqBzD;;OAEG;IACH,IAAI,IAAI,cAAc,EAAE;IAIxB;;OAEG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAI5C;;OAEG;IACH,IAAI,WAAW,IAAI,MAAM,CAExB;IAID;;OAEG;IACH,MAAM,IAAI,cAAc,EAAE;IAI1B;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI;CAM1C"}
|
package/dist/admin-keys.js
CHANGED
|
@@ -86,17 +86,40 @@ class AdminKeyManager {
|
|
|
86
86
|
}
|
|
87
87
|
// ─── Validation ──────────────────────────────────────────────────────────
|
|
88
88
|
/**
|
|
89
|
-
* Validate an admin key
|
|
89
|
+
* Validate an admin key using constant-time comparison.
|
|
90
|
+
* Returns the record if valid, null otherwise.
|
|
90
91
|
* Updates lastUsedAt on successful validation.
|
|
92
|
+
*
|
|
93
|
+
* Uses timingSafeEqual to prevent timing attacks that could
|
|
94
|
+
* enumerate valid admin key prefixes through response time analysis.
|
|
91
95
|
*/
|
|
92
96
|
validate(key) {
|
|
93
97
|
if (!key)
|
|
94
98
|
return null;
|
|
95
|
-
const
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
record
|
|
99
|
-
|
|
99
|
+
const keyBuffer = Buffer.from(key, 'utf-8');
|
|
100
|
+
let match = null;
|
|
101
|
+
// Always iterate ALL keys to prevent timing leaks from early exit
|
|
102
|
+
for (const [storedKey, record] of this.keys) {
|
|
103
|
+
const storedBuffer = Buffer.from(storedKey, 'utf-8');
|
|
104
|
+
// timingSafeEqual requires equal-length buffers; pad shorter one
|
|
105
|
+
if (keyBuffer.length === storedBuffer.length) {
|
|
106
|
+
if ((0, crypto_1.timingSafeEqual)(keyBuffer, storedBuffer) && record.active) {
|
|
107
|
+
match = record;
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
else {
|
|
111
|
+
// Different lengths — still do a comparison to keep timing consistent
|
|
112
|
+
const padded = Buffer.alloc(Math.max(keyBuffer.length, storedBuffer.length));
|
|
113
|
+
const paddedKey = Buffer.alloc(padded.length);
|
|
114
|
+
keyBuffer.copy(paddedKey);
|
|
115
|
+
storedBuffer.copy(padded);
|
|
116
|
+
(0, crypto_1.timingSafeEqual)(paddedKey, padded); // Result discarded — lengths differ, so never a match
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
if (match) {
|
|
120
|
+
match.lastUsedAt = new Date().toISOString();
|
|
121
|
+
}
|
|
122
|
+
return match;
|
|
100
123
|
}
|
|
101
124
|
/**
|
|
102
125
|
* Check if a key has at least the minimum required role.
|
package/dist/admin-keys.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin-keys.js","sourceRoot":"","sources":["../src/admin-keys.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAEH,
|
|
1
|
+
{"version":3,"file":"admin-keys.js","sourceRoot":"","sources":["../src/admin-keys.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAEH,mCAAsD;AACtD,2BAAoF;AACpF,+BAA+B;AAuB/B,uEAAuE;AAC1D,QAAA,cAAc,GAA8B;IACvD,WAAW,EAAE,CAAC;IACd,KAAK,EAAE,CAAC;IACR,MAAM,EAAE,CAAC;CACV,CAAC;AAEF,uBAAuB;AACV,QAAA,WAAW,GAAgB,CAAC,aAAa,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;AAE3E,gFAAgF;AAEhF,MAAa,eAAe;IAClB,IAAI,GAAgC,IAAI,GAAG,EAAE,CAAC;IACrC,QAAQ,CAAgB;IAEzC,YAAY,QAAiB;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,IAAI,CAAC;QACjC,IAAI,IAAI,CAAC,QAAQ;YAAE,IAAI,CAAC,IAAI,EAAE,CAAC;IACjC,CAAC;IAED,4EAA4E;IAE5E,iCAAiC;IACzB,IAAI;QACV,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAA,eAAU,EAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO;QACzD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAC9D,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;oBAC1B,IAAI,MAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;wBACzB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;oBACpC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;IACzC,CAAC;IAED,gEAAgE;IAChE,IAAI;QACF,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,OAAO;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC;QACvC,IAAI,CAAC;YACH,IAAA,cAAS,EAAC,IAAA,cAAO,EAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACvD,IAAA,kBAAa,EAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YACtC,IAAA,eAAU,EAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;QACrD,CAAC;IACH,CAAC;IAED,4EAA4E;IAE5E;;;;OAIG;IACH,SAAS,CAAC,GAAW;QACnB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO;QAC/B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;YACjB,GAAG;YACH,IAAI,EAAE,iBAAiB;YACvB,IAAI,EAAE,aAAa;YACnB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,WAAW;YACtB,MAAM,EAAE,IAAI;YACZ,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED,4EAA4E;IAE5E;;;;;;;OAOG;IACH,QAAQ,CAAC,GAAW;QAClB,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAEtB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC5C,IAAI,KAAK,GAA0B,IAAI,CAAC;QAExC,kEAAkE;QAClE,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5C,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACrD,iEAAiE;YACjE,IAAI,SAAS,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,EAAE,CAAC;gBAC7C,IAAI,IAAA,wBAAe,EAAC,SAAS,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBAC9D,KAAK,GAAG,MAAM,CAAC;gBACjB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,sEAAsE;gBACtE,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;gBAC7E,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC9C,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC1B,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC1B,IAAA,wBAAe,EAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,sDAAsD;YAC5F,CAAC;QACH,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC9C,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,GAAW,EAAE,OAAkB;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAC1B,OAAO,sBAAc,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,sBAAc,CAAC,OAAO,CAAC,CAAC;IAChE,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACH,MAAM,CAAC,IAAY,EAAE,IAAe,EAAE,SAAiB;QACrD,MAAM,GAAG,GAAG,MAAM,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,MAAM,GAAmB;YAC7B,GAAG;YACH,IAAI;YACJ,IAAI;YACJ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS;YACT,MAAM,EAAE,IAAI;YACZ,UAAU,EAAE,IAAI;SACjB,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,EAAE,CAAC;QACZ,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,GAAW;QAChB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;QACrE,IAAI,CAAC,MAAM,CAAC,MAAM;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QAElF,wCAAwC;QACxC,IAAI,MAAM,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAClC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;iBACrD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC;YACrD,IAAI,iBAAiB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wCAAwC,EAAE,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC;QACtB,IAAI,CAAC,IAAI,EAAE,CAAC;QACZ,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACH,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,IAAI,WAAW;QACb,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IACrE,CAAC;IAED,2EAA2E;IAE3E;;OAEG;IACH,MAAM;QACJ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAyB;QAChC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAClB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;CACF;AAnMD,0CAmMC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "paygate-mcp",
|
|
3
|
-
"version": "8.
|
|
3
|
+
"version": "8.77.0",
|
|
4
4
|
"description": "Pay-per-tool-call gating proxy for MCP servers. Wrap any MCP server with API key auth, per-tool pricing, rate limiting, and usage metering.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|