skybridge 0.0.0-dev.fa3ebc3 → 0.0.0-dev.fa76c02
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +152 -0
- package/bin/run.js +5 -0
- package/dist/cli/build-helpers.d.ts +7 -0
- package/dist/cli/build-helpers.js +82 -0
- package/dist/cli/build-helpers.js.map +1 -0
- package/dist/cli/build-helpers.test.js +64 -0
- package/dist/cli/build-helpers.test.js.map +1 -0
- package/dist/cli/detect-port.d.ts +18 -0
- package/dist/cli/detect-port.js +50 -0
- package/dist/cli/detect-port.js.map +1 -0
- package/dist/cli/header.d.ts +4 -0
- package/dist/cli/header.js +6 -0
- package/dist/cli/header.js.map +1 -0
- package/dist/cli/resolve-views-dir.d.ts +1 -0
- package/dist/cli/resolve-views-dir.js +17 -0
- package/dist/cli/resolve-views-dir.js.map +1 -0
- package/dist/cli/run-command.d.ts +2 -0
- package/dist/cli/run-command.js +43 -0
- package/dist/cli/run-command.js.map +1 -0
- package/dist/cli/telemetry.d.ts +7 -0
- package/dist/cli/telemetry.js +123 -0
- package/dist/cli/telemetry.js.map +1 -0
- package/dist/cli/tunnel-control-server.d.ts +9 -0
- package/dist/cli/tunnel-control-server.js +31 -0
- package/dist/cli/tunnel-control-server.js.map +1 -0
- package/dist/cli/tunnel-control-server.test.js +39 -0
- package/dist/cli/tunnel-control-server.test.js.map +1 -0
- package/dist/cli/tunnel-handler.d.ts +3 -0
- package/dist/cli/tunnel-handler.js +48 -0
- package/dist/cli/tunnel-handler.js.map +1 -0
- package/dist/cli/tunnel-handler.test.js +105 -0
- package/dist/cli/tunnel-handler.test.js.map +1 -0
- package/dist/cli/tunnel.d.ts +57 -0
- package/dist/cli/tunnel.js +154 -0
- package/dist/cli/tunnel.js.map +1 -0
- package/dist/cli/tunnel.test.js +190 -0
- package/dist/cli/tunnel.test.js.map +1 -0
- package/dist/cli/types.d.ts +5 -0
- package/dist/cli/types.js.map +1 -0
- package/dist/cli/use-execute-steps.d.ts +11 -0
- package/dist/cli/use-execute-steps.js +36 -0
- package/dist/cli/use-execute-steps.js.map +1 -0
- package/dist/cli/use-messages.d.ts +3 -0
- package/dist/cli/use-messages.js +11 -0
- package/dist/cli/use-messages.js.map +1 -0
- package/dist/cli/use-nodemon.d.ts +2 -0
- package/dist/cli/use-nodemon.js +73 -0
- package/dist/cli/use-nodemon.js.map +1 -0
- package/dist/cli/use-open-browser.d.ts +1 -0
- package/dist/cli/use-open-browser.js +44 -0
- package/dist/cli/use-open-browser.js.map +1 -0
- package/dist/cli/use-tunnel.d.ts +14 -0
- package/dist/cli/use-tunnel.js +131 -0
- package/dist/cli/use-tunnel.js.map +1 -0
- package/dist/cli/use-typescript-check.d.ts +9 -0
- package/dist/cli/use-typescript-check.js +94 -0
- package/dist/cli/use-typescript-check.js.map +1 -0
- package/dist/commands/build.d.ts +8 -0
- package/dist/commands/build.js +90 -0
- package/dist/commands/build.js.map +1 -0
- package/dist/commands/create.d.ts +9 -0
- package/dist/commands/create.js +30 -0
- package/dist/commands/create.js.map +1 -0
- package/dist/commands/dev.d.ts +12 -0
- package/dist/commands/dev.js +96 -0
- package/dist/commands/dev.js.map +1 -0
- package/dist/commands/start.d.ts +9 -0
- package/dist/commands/start.js +55 -0
- package/dist/commands/start.js.map +1 -0
- package/dist/commands/telemetry/disable.d.ts +5 -0
- package/dist/commands/telemetry/disable.js +14 -0
- package/dist/commands/telemetry/disable.js.map +1 -0
- package/dist/commands/telemetry/enable.d.ts +5 -0
- package/dist/commands/telemetry/enable.js +14 -0
- package/dist/commands/telemetry/enable.js.map +1 -0
- package/dist/commands/telemetry/status.d.ts +5 -0
- package/dist/commands/telemetry/status.js +14 -0
- package/dist/commands/telemetry/status.js.map +1 -0
- package/dist/server/asset-base-url-transform-plugin.d.ts +11 -0
- package/dist/server/asset-base-url-transform-plugin.js +48 -0
- package/dist/server/asset-base-url-transform-plugin.js.map +1 -0
- package/dist/server/asset-base-url-transform-plugin.test.js +134 -0
- package/dist/server/asset-base-url-transform-plugin.test.js.map +1 -0
- package/dist/server/auth/index.d.ts +18 -0
- package/dist/server/auth/index.js +2 -0
- package/dist/server/auth/index.js.map +1 -0
- package/dist/server/auth/setup.d.ts +4 -0
- package/dist/server/auth/setup.js +51 -0
- package/dist/server/auth/setup.js.map +1 -0
- package/dist/server/auth/setup.test.js +185 -0
- package/dist/server/auth/setup.test.js.map +1 -0
- package/dist/server/auth/verify.d.ts +11 -0
- package/dist/server/auth/verify.js +37 -0
- package/dist/server/auth/verify.js.map +1 -0
- package/dist/server/auth/verify.test.js +87 -0
- package/dist/server/auth/verify.test.js.map +1 -0
- package/dist/server/auth.d.ts +20 -0
- package/dist/server/auth.js +28 -0
- package/dist/server/auth.js.map +1 -0
- package/dist/server/build-manifest.test.js +27 -0
- package/dist/server/build-manifest.test.js.map +1 -0
- package/dist/server/content-helpers.d.ts +67 -0
- package/dist/server/content-helpers.js +79 -0
- package/dist/server/content-helpers.js.map +1 -0
- package/dist/server/content-helpers.test.js +70 -0
- package/dist/server/content-helpers.test.js.map +1 -0
- package/dist/server/express.d.ts +11 -0
- package/dist/server/express.js +101 -0
- package/dist/server/express.js.map +1 -0
- package/dist/server/express.test.js +491 -0
- package/dist/server/express.test.js.map +1 -0
- package/dist/server/file-ref.d.ts +28 -0
- package/dist/server/file-ref.js +27 -0
- package/dist/server/file-ref.js.map +1 -0
- package/dist/server/index.d.ts +9 -0
- package/dist/server/index.js +6 -0
- package/dist/server/index.js.map +1 -0
- package/dist/{src/server → server}/inferUtilityTypes.d.ts +6 -6
- package/dist/server/inferUtilityTypes.js.map +1 -0
- package/dist/server/metric.d.ts +14 -0
- package/dist/server/metric.js +62 -0
- package/dist/server/metric.js.map +1 -0
- package/dist/server/middleware.d.ts +137 -0
- package/dist/server/middleware.js +93 -0
- package/dist/server/middleware.js.map +1 -0
- package/dist/server/middleware.test-d.js +75 -0
- package/dist/server/middleware.test-d.js.map +1 -0
- package/dist/server/middleware.test.js +493 -0
- package/dist/server/middleware.test.js.map +1 -0
- package/dist/server/requestOrigin.d.ts +7 -0
- package/dist/server/requestOrigin.js +25 -0
- package/dist/server/requestOrigin.js.map +1 -0
- package/dist/server/server.d.ts +403 -0
- package/dist/server/server.js +641 -0
- package/dist/server/server.js.map +1 -0
- package/dist/{src/server → server}/templateHelper.d.ts +5 -7
- package/dist/server/templateHelper.js +11 -0
- package/dist/server/templateHelper.js.map +1 -0
- package/dist/server/templates.generated.d.ts +4 -0
- package/dist/server/templates.generated.js +47 -0
- package/dist/server/templates.generated.js.map +1 -0
- package/dist/server/tunnel-proxy-router.d.ts +7 -0
- package/dist/server/tunnel-proxy-router.js +110 -0
- package/dist/server/tunnel-proxy-router.js.map +1 -0
- package/dist/server/tunnel-proxy-router.test.js +229 -0
- package/dist/server/tunnel-proxy-router.test.js.map +1 -0
- package/dist/server/view-resource-resolution.test.d.ts +6 -0
- package/dist/server/view-resource-resolution.test.js +88 -0
- package/dist/server/view-resource-resolution.test.js.map +1 -0
- package/dist/server/viewsDevServer.d.ts +14 -0
- package/dist/server/viewsDevServer.js +45 -0
- package/dist/server/viewsDevServer.js.map +1 -0
- package/dist/{src/test → test}/utils.d.ts +13 -21
- package/dist/{src/test → test}/utils.js +42 -37
- package/dist/test/utils.js.map +1 -0
- package/dist/test/view.test.js +568 -0
- package/dist/test/view.test.js.map +1 -0
- package/dist/version.d.ts +1 -0
- package/dist/version.js +3 -0
- package/dist/version.js.map +1 -0
- package/dist/web/bridges/apps-sdk/adaptor.d.ts +29 -0
- package/dist/web/bridges/apps-sdk/adaptor.js +117 -0
- package/dist/web/bridges/apps-sdk/adaptor.js.map +1 -0
- package/dist/web/bridges/apps-sdk/bridge.d.ts +11 -0
- package/dist/{src/web/bridges/apps-sdk-bridge.js → web/bridges/apps-sdk/bridge.js} +3 -2
- package/dist/web/bridges/apps-sdk/bridge.js.map +1 -0
- package/dist/web/bridges/apps-sdk/index.d.ts +5 -0
- package/dist/web/bridges/apps-sdk/index.js +5 -0
- package/dist/web/bridges/apps-sdk/index.js.map +1 -0
- package/dist/web/bridges/apps-sdk/types.d.ts +133 -0
- package/dist/{src/web → web/bridges/apps-sdk}/types.js +0 -1
- package/dist/web/bridges/apps-sdk/types.js.map +1 -0
- package/dist/web/bridges/apps-sdk/use-apps-sdk-context.d.ts +13 -0
- package/dist/web/bridges/apps-sdk/use-apps-sdk-context.js +18 -0
- package/dist/web/bridges/apps-sdk/use-apps-sdk-context.js.map +1 -0
- package/dist/web/bridges/get-adaptor.d.ts +9 -0
- package/dist/web/bridges/get-adaptor.js +15 -0
- package/dist/web/bridges/get-adaptor.js.map +1 -0
- package/dist/web/bridges/index.d.ts +5 -0
- package/dist/web/bridges/index.js +6 -0
- package/dist/web/bridges/index.js.map +1 -0
- package/dist/web/bridges/mcp-app/adaptor.d.ts +53 -0
- package/dist/web/bridges/mcp-app/adaptor.js +283 -0
- package/dist/web/bridges/mcp-app/adaptor.js.map +1 -0
- package/dist/web/bridges/mcp-app/bridge.d.ts +28 -0
- package/dist/web/bridges/mcp-app/bridge.js +124 -0
- package/dist/web/bridges/mcp-app/bridge.js.map +1 -0
- package/dist/web/bridges/mcp-app/index.d.ts +4 -0
- package/dist/web/bridges/mcp-app/index.js +4 -0
- package/dist/web/bridges/mcp-app/index.js.map +1 -0
- package/dist/web/bridges/mcp-app/types.d.ts +8 -0
- package/dist/web/bridges/mcp-app/types.js +2 -0
- package/dist/web/bridges/mcp-app/types.js.map +1 -0
- package/dist/web/bridges/mcp-app/use-mcp-app-context.d.ts +19 -0
- package/dist/web/bridges/mcp-app/use-mcp-app-context.js +19 -0
- package/dist/web/bridges/mcp-app/use-mcp-app-context.js.map +1 -0
- package/dist/web/bridges/mcp-app/use-mcp-app-context.test.js +26 -0
- package/dist/web/bridges/mcp-app/use-mcp-app-context.test.js.map +1 -0
- package/dist/web/bridges/mcp-app/view-tools.test.js +144 -0
- package/dist/web/bridges/mcp-app/view-tools.test.js.map +1 -0
- package/dist/web/bridges/types.d.ts +204 -0
- package/dist/web/bridges/types.js +2 -0
- package/dist/web/bridges/types.js.map +1 -0
- package/dist/web/bridges/use-host-context.d.ts +7 -0
- package/dist/web/bridges/use-host-context.js +13 -0
- package/dist/web/bridges/use-host-context.js.map +1 -0
- package/dist/web/components/modal-provider.d.ts +4 -0
- package/dist/web/components/modal-provider.js +45 -0
- package/dist/web/components/modal-provider.js.map +1 -0
- package/dist/web/create-store.d.ts +29 -0
- package/dist/web/create-store.js +64 -0
- package/dist/web/create-store.js.map +1 -0
- package/dist/web/create-store.test.js +129 -0
- package/dist/web/create-store.test.js.map +1 -0
- package/dist/web/data-llm.d.ts +47 -0
- package/dist/{src/web → web}/data-llm.js +35 -5
- package/dist/web/data-llm.js.map +1 -0
- package/dist/web/data-llm.test.js +142 -0
- package/dist/web/data-llm.test.js.map +1 -0
- package/dist/{src/web → web}/generate-helpers.d.ts +24 -19
- package/dist/{src/web → web}/generate-helpers.js +22 -18
- package/dist/web/generate-helpers.js.map +1 -0
- package/dist/{src/web → web}/generate-helpers.test-d.js +30 -28
- package/dist/web/generate-helpers.test-d.js.map +1 -0
- package/dist/web/generate-helpers.test.js.map +1 -0
- package/dist/{src/web → web}/helpers/state.d.ts +2 -2
- package/dist/web/helpers/state.js +45 -0
- package/dist/web/helpers/state.js.map +1 -0
- package/dist/web/helpers/state.test.d.ts +1 -0
- package/dist/{src/web → web}/helpers/state.test.js +9 -9
- package/dist/web/helpers/state.test.js.map +1 -0
- package/dist/{src/web → web}/hooks/index.d.ts +7 -3
- package/dist/{src/web → web}/hooks/index.js +6 -2
- package/dist/web/hooks/index.js.map +1 -0
- package/dist/web/hooks/test/utils.d.ts +20 -0
- package/dist/web/hooks/test/utils.js +75 -0
- package/dist/web/hooks/test/utils.js.map +1 -0
- package/dist/{src/web → web}/hooks/use-call-tool.d.ts +48 -2
- package/dist/{src/web → web}/hooks/use-call-tool.js +30 -2
- package/dist/web/hooks/use-call-tool.js.map +1 -0
- package/dist/web/hooks/use-call-tool.test-d.d.ts +1 -0
- package/dist/{src/web → web}/hooks/use-call-tool.test-d.js +1 -1
- package/dist/web/hooks/use-call-tool.test-d.js.map +1 -0
- package/dist/web/hooks/use-call-tool.test.d.ts +1 -0
- package/dist/{src/web → web}/hooks/use-call-tool.test.js +30 -9
- package/dist/web/hooks/use-call-tool.test.js.map +1 -0
- package/dist/web/hooks/use-display-mode.d.ts +24 -0
- package/dist/web/hooks/use-display-mode.js +29 -0
- package/dist/web/hooks/use-display-mode.js.map +1 -0
- package/dist/web/hooks/use-display-mode.test-d.d.ts +1 -0
- package/dist/web/hooks/use-display-mode.test-d.js +8 -0
- package/dist/web/hooks/use-display-mode.test-d.js.map +1 -0
- package/dist/web/hooks/use-display-mode.test.d.ts +1 -0
- package/dist/web/hooks/use-display-mode.test.js.map +1 -0
- package/dist/web/hooks/use-download.d.ts +5 -0
- package/dist/web/hooks/use-download.js +8 -0
- package/dist/web/hooks/use-download.js.map +1 -0
- package/dist/web/hooks/use-download.test.d.ts +1 -0
- package/dist/web/hooks/use-download.test.js +95 -0
- package/dist/web/hooks/use-download.test.js.map +1 -0
- package/dist/web/hooks/use-files.d.ts +39 -0
- package/dist/web/hooks/use-files.js +42 -0
- package/dist/web/hooks/use-files.js.map +1 -0
- package/dist/web/hooks/use-files.test.d.ts +1 -0
- package/dist/web/hooks/use-files.test.js +54 -0
- package/dist/web/hooks/use-files.test.js.map +1 -0
- package/dist/{src/web → web}/hooks/use-layout.d.ts +4 -2
- package/dist/{src/web → web}/hooks/use-layout.js +6 -4
- package/dist/web/hooks/use-layout.js.map +1 -0
- package/dist/web/hooks/use-layout.test.d.ts +1 -0
- package/dist/{src/web → web}/hooks/use-layout.test.js +7 -6
- package/dist/web/hooks/use-layout.test.js.map +1 -0
- package/dist/web/hooks/use-open-external.d.ts +20 -0
- package/dist/web/hooks/use-open-external.js +24 -0
- package/dist/web/hooks/use-open-external.js.map +1 -0
- package/dist/web/hooks/use-open-external.test.d.ts +1 -0
- package/dist/{src/web → web}/hooks/use-open-external.test.js +27 -12
- package/dist/web/hooks/use-open-external.test.js.map +1 -0
- package/dist/web/hooks/use-register-view-tool.d.ts +38 -0
- package/dist/web/hooks/use-register-view-tool.js +50 -0
- package/dist/web/hooks/use-register-view-tool.js.map +1 -0
- package/dist/web/hooks/use-request-close.d.ts +16 -0
- package/dist/web/hooks/use-request-close.js +21 -0
- package/dist/web/hooks/use-request-close.js.map +1 -0
- package/dist/web/hooks/use-request-close.test.d.ts +1 -0
- package/dist/web/hooks/use-request-close.test.js +52 -0
- package/dist/web/hooks/use-request-close.test.js.map +1 -0
- package/dist/web/hooks/use-request-modal.d.ts +24 -0
- package/dist/web/hooks/use-request-modal.js +31 -0
- package/dist/web/hooks/use-request-modal.js.map +1 -0
- package/dist/web/hooks/use-request-modal.test.d.ts +1 -0
- package/dist/{src/web → web}/hooks/use-request-modal.test.js +5 -1
- package/dist/web/hooks/use-request-modal.test.js.map +1 -0
- package/dist/web/hooks/use-request-size.d.ts +20 -0
- package/dist/web/hooks/use-request-size.js +24 -0
- package/dist/web/hooks/use-request-size.js.map +1 -0
- package/dist/web/hooks/use-request-size.test.d.ts +1 -0
- package/dist/web/hooks/use-request-size.test.js +65 -0
- package/dist/web/hooks/use-request-size.test.js.map +1 -0
- package/dist/web/hooks/use-send-follow-up-message.d.ts +19 -0
- package/dist/web/hooks/use-send-follow-up-message.js +25 -0
- package/dist/web/hooks/use-send-follow-up-message.js.map +1 -0
- package/dist/web/hooks/use-set-open-in-app-url.d.ts +18 -0
- package/dist/web/hooks/use-set-open-in-app-url.js +25 -0
- package/dist/web/hooks/use-set-open-in-app-url.js.map +1 -0
- package/dist/web/hooks/use-set-open-in-app-url.test.d.ts +1 -0
- package/dist/web/hooks/use-set-open-in-app-url.test.js +43 -0
- package/dist/web/hooks/use-set-open-in-app-url.test.js.map +1 -0
- package/dist/web/hooks/use-tool-info.d.ts +87 -0
- package/dist/web/hooks/use-tool-info.js +49 -0
- package/dist/web/hooks/use-tool-info.js.map +1 -0
- package/dist/web/hooks/use-tool-info.test-d.d.ts +1 -0
- package/dist/{src/web → web}/hooks/use-tool-info.test-d.js +11 -29
- package/dist/web/hooks/use-tool-info.test-d.js.map +1 -0
- package/dist/web/hooks/use-tool-info.test.d.ts +1 -0
- package/dist/{src/web → web}/hooks/use-tool-info.test.js +10 -10
- package/dist/web/hooks/use-tool-info.test.js.map +1 -0
- package/dist/{src/web → web}/hooks/use-user.d.ts +3 -1
- package/dist/web/hooks/use-user.js +37 -0
- package/dist/web/hooks/use-user.js.map +1 -0
- package/dist/web/hooks/use-user.test.d.ts +1 -0
- package/dist/{src/web → web}/hooks/use-user.test.js +33 -4
- package/dist/web/hooks/use-user.test.js.map +1 -0
- package/dist/web/hooks/use-view-state.d.ts +25 -0
- package/dist/web/hooks/use-view-state.js +32 -0
- package/dist/web/hooks/use-view-state.js.map +1 -0
- package/dist/web/hooks/use-view-state.test.d.ts +1 -0
- package/dist/web/hooks/use-view-state.test.js +177 -0
- package/dist/web/hooks/use-view-state.test.js.map +1 -0
- package/dist/{src/web → web}/index.d.ts +1 -2
- package/dist/{src/web → web}/index.js +1 -2
- package/dist/web/index.js.map +1 -0
- package/dist/web/mount-view.d.ts +20 -0
- package/dist/web/mount-view.js +46 -0
- package/dist/web/mount-view.js.map +1 -0
- package/dist/web/plugin/data-llm.test.d.ts +1 -0
- package/dist/web/plugin/data-llm.test.js.map +1 -0
- package/dist/web/plugin/plugin.d.ts +33 -0
- package/dist/web/plugin/plugin.js +189 -0
- package/dist/web/plugin/plugin.js.map +1 -0
- package/dist/web/plugin/scan-views.d.ts +16 -0
- package/dist/web/plugin/scan-views.js +88 -0
- package/dist/web/plugin/scan-views.js.map +1 -0
- package/dist/web/plugin/scan-views.test.d.ts +1 -0
- package/dist/web/plugin/scan-views.test.js +99 -0
- package/dist/web/plugin/scan-views.test.js.map +1 -0
- package/dist/{src/web → web}/plugin/transform-data-llm.js +1 -1
- package/dist/web/plugin/transform-data-llm.js.map +1 -0
- package/dist/web/plugin/transform-data-llm.test.d.ts +1 -0
- package/dist/web/plugin/transform-data-llm.test.js.map +1 -0
- package/dist/web/plugin/validate-view.d.ts +1 -0
- package/dist/web/plugin/validate-view.js +9 -0
- package/dist/web/plugin/validate-view.js.map +1 -0
- package/dist/web/plugin/validate-view.test.d.ts +1 -0
- package/dist/web/plugin/validate-view.test.js +24 -0
- package/dist/web/plugin/validate-view.test.js.map +1 -0
- package/dist/{src/web → web}/proxy.js +0 -1
- package/dist/web/proxy.js.map +1 -0
- package/dist/web/types.d.ts +20 -0
- package/dist/web/types.js +2 -0
- package/dist/web/types.js.map +1 -0
- package/package.json +73 -29
- package/tsconfig.base.json +33 -0
- package/dist/src/server/devtoolsStaticServer.d.ts +0 -19
- package/dist/src/server/devtoolsStaticServer.js +0 -48
- package/dist/src/server/devtoolsStaticServer.js.map +0 -1
- package/dist/src/server/index.d.ts +0 -5
- package/dist/src/server/index.js +0 -4
- package/dist/src/server/index.js.map +0 -1
- package/dist/src/server/inferUtilityTypes.js.map +0 -1
- package/dist/src/server/server.d.ts +0 -74
- package/dist/src/server/server.js +0 -86
- package/dist/src/server/server.js.map +0 -1
- package/dist/src/server/templateHelper.js +0 -30
- package/dist/src/server/templateHelper.js.map +0 -1
- package/dist/src/server/templates/development.hbs +0 -51
- package/dist/src/server/templates/production.hbs +0 -7
- package/dist/src/server/widgetsDevServer.d.ts +0 -12
- package/dist/src/server/widgetsDevServer.js +0 -38
- package/dist/src/server/widgetsDevServer.js.map +0 -1
- package/dist/src/test/utils.js.map +0 -1
- package/dist/src/test/widget.test.js +0 -160
- package/dist/src/test/widget.test.js.map +0 -1
- package/dist/src/web/bridges/adaptors/apps-sdk-adaptor.d.ts +0 -13
- package/dist/src/web/bridges/adaptors/apps-sdk-adaptor.js +0 -33
- package/dist/src/web/bridges/adaptors/apps-sdk-adaptor.js.map +0 -1
- package/dist/src/web/bridges/adaptors/mcp-app-adaptor.d.ts +0 -16
- package/dist/src/web/bridges/adaptors/mcp-app-adaptor.js +0 -115
- package/dist/src/web/bridges/adaptors/mcp-app-adaptor.js.map +0 -1
- package/dist/src/web/bridges/apps-sdk-bridge.d.ts +0 -10
- package/dist/src/web/bridges/apps-sdk-bridge.js.map +0 -1
- package/dist/src/web/bridges/hooks/use-adaptor.d.ts +0 -2
- package/dist/src/web/bridges/hooks/use-adaptor.js +0 -8
- package/dist/src/web/bridges/hooks/use-adaptor.js.map +0 -1
- package/dist/src/web/bridges/hooks/use-apps-sdk-bridge.d.ts +0 -2
- package/dist/src/web/bridges/hooks/use-apps-sdk-bridge.js +0 -7
- package/dist/src/web/bridges/hooks/use-apps-sdk-bridge.js.map +0 -1
- package/dist/src/web/bridges/hooks/use-bridge.d.ts +0 -2
- package/dist/src/web/bridges/hooks/use-bridge.js +0 -8
- package/dist/src/web/bridges/hooks/use-bridge.js.map +0 -1
- package/dist/src/web/bridges/hooks/use-mcp-app-bridge.d.ts +0 -5
- package/dist/src/web/bridges/hooks/use-mcp-app-bridge.js +0 -7
- package/dist/src/web/bridges/hooks/use-mcp-app-bridge.js.map +0 -1
- package/dist/src/web/bridges/hooks/use-mcp-app-bridge.test.js +0 -41
- package/dist/src/web/bridges/hooks/use-mcp-app-bridge.test.js.map +0 -1
- package/dist/src/web/bridges/index.d.ts +0 -4
- package/dist/src/web/bridges/index.js +0 -5
- package/dist/src/web/bridges/index.js.map +0 -1
- package/dist/src/web/bridges/mcp-app-bridge.d.ts +0 -38
- package/dist/src/web/bridges/mcp-app-bridge.js +0 -162
- package/dist/src/web/bridges/mcp-app-bridge.js.map +0 -1
- package/dist/src/web/bridges/types.d.ts +0 -57
- package/dist/src/web/bridges/types.js.map +0 -1
- package/dist/src/web/create-store.d.ts +0 -3
- package/dist/src/web/create-store.js +0 -25
- package/dist/src/web/create-store.js.map +0 -1
- package/dist/src/web/create-store.test.js +0 -70
- package/dist/src/web/create-store.test.js.map +0 -1
- package/dist/src/web/data-llm.d.ts +0 -14
- package/dist/src/web/data-llm.js.map +0 -1
- package/dist/src/web/data-llm.test.js +0 -76
- package/dist/src/web/data-llm.test.js.map +0 -1
- package/dist/src/web/generate-helpers.js.map +0 -1
- package/dist/src/web/generate-helpers.test-d.js.map +0 -1
- package/dist/src/web/generate-helpers.test.js.map +0 -1
- package/dist/src/web/helpers/state.js +0 -40
- package/dist/src/web/helpers/state.js.map +0 -1
- package/dist/src/web/helpers/state.test.js.map +0 -1
- package/dist/src/web/hooks/index.js.map +0 -1
- package/dist/src/web/hooks/test/utils.d.ts +0 -10
- package/dist/src/web/hooks/test/utils.js +0 -40
- package/dist/src/web/hooks/test/utils.js.map +0 -1
- package/dist/src/web/hooks/use-call-tool.js.map +0 -1
- package/dist/src/web/hooks/use-call-tool.test-d.js.map +0 -1
- package/dist/src/web/hooks/use-call-tool.test.js.map +0 -1
- package/dist/src/web/hooks/use-display-mode.d.ts +0 -4
- package/dist/src/web/hooks/use-display-mode.js +0 -10
- package/dist/src/web/hooks/use-display-mode.js.map +0 -1
- package/dist/src/web/hooks/use-display-mode.test.js.map +0 -1
- package/dist/src/web/hooks/use-files.d.ts +0 -10
- package/dist/src/web/hooks/use-files.js +0 -7
- package/dist/src/web/hooks/use-files.js.map +0 -1
- package/dist/src/web/hooks/use-files.test.js +0 -29
- package/dist/src/web/hooks/use-files.test.js.map +0 -1
- package/dist/src/web/hooks/use-layout.js.map +0 -1
- package/dist/src/web/hooks/use-layout.test.js.map +0 -1
- package/dist/src/web/hooks/use-open-external.d.ts +0 -1
- package/dist/src/web/hooks/use-open-external.js +0 -8
- package/dist/src/web/hooks/use-open-external.js.map +0 -1
- package/dist/src/web/hooks/use-open-external.test.js.map +0 -1
- package/dist/src/web/hooks/use-openai-global.d.ts +0 -3
- package/dist/src/web/hooks/use-openai-global.js +0 -6
- package/dist/src/web/hooks/use-openai-global.js.map +0 -1
- package/dist/src/web/hooks/use-request-modal.d.ts +0 -9
- package/dist/src/web/hooks/use-request-modal.js +0 -14
- package/dist/src/web/hooks/use-request-modal.js.map +0 -1
- package/dist/src/web/hooks/use-request-modal.test.js.map +0 -1
- package/dist/src/web/hooks/use-send-follow-up-message.d.ts +0 -1
- package/dist/src/web/hooks/use-send-follow-up-message.js +0 -8
- package/dist/src/web/hooks/use-send-follow-up-message.js.map +0 -1
- package/dist/src/web/hooks/use-tool-info.d.ts +0 -36
- package/dist/src/web/hooks/use-tool-info.js +0 -26
- package/dist/src/web/hooks/use-tool-info.js.map +0 -1
- package/dist/src/web/hooks/use-tool-info.test-d.js.map +0 -1
- package/dist/src/web/hooks/use-tool-info.test.js.map +0 -1
- package/dist/src/web/hooks/use-user.js +0 -19
- package/dist/src/web/hooks/use-user.js.map +0 -1
- package/dist/src/web/hooks/use-user.test.js.map +0 -1
- package/dist/src/web/hooks/use-widget-state.d.ts +0 -4
- package/dist/src/web/hooks/use-widget-state.js +0 -32
- package/dist/src/web/hooks/use-widget-state.js.map +0 -1
- package/dist/src/web/hooks/use-widget-state.test.js +0 -61
- package/dist/src/web/hooks/use-widget-state.test.js.map +0 -1
- package/dist/src/web/index.js.map +0 -1
- package/dist/src/web/mount-widget.d.ts +0 -1
- package/dist/src/web/mount-widget.js +0 -19
- package/dist/src/web/mount-widget.js.map +0 -1
- package/dist/src/web/plugin/data-llm.test.js.map +0 -1
- package/dist/src/web/plugin/plugin.d.ts +0 -2
- package/dist/src/web/plugin/plugin.js +0 -39
- package/dist/src/web/plugin/plugin.js.map +0 -1
- package/dist/src/web/plugin/transform-data-llm.js.map +0 -1
- package/dist/src/web/plugin/transform-data-llm.test.js.map +0 -1
- package/dist/src/web/proxy.js.map +0 -1
- package/dist/src/web/types.d.ts +0 -149
- package/dist/src/web/types.js.map +0 -1
- package/dist/vitest.config.d.ts +0 -2
- package/dist/vitest.config.js +0 -8
- package/dist/vitest.config.js.map +0 -1
- /package/dist/{src/test/widget.test.d.ts → cli/build-helpers.test.d.ts} +0 -0
- /package/dist/{src/web/bridges/hooks/use-mcp-app-bridge.test.d.ts → cli/tunnel-control-server.test.d.ts} +0 -0
- /package/dist/{src/web/create-store.test.d.ts → cli/tunnel-handler.test.d.ts} +0 -0
- /package/dist/{src/web/data-llm.test.d.ts → cli/tunnel.test.d.ts} +0 -0
- /package/dist/{src/web/bridges → cli}/types.js +0 -0
- /package/dist/{src/web/generate-helpers.test-d.d.ts → server/asset-base-url-transform-plugin.test.d.ts} +0 -0
- /package/dist/{src/web/generate-helpers.test.d.ts → server/auth/setup.test.d.ts} +0 -0
- /package/dist/{src/web/helpers/state.test.d.ts → server/auth/verify.test.d.ts} +0 -0
- /package/dist/{src/web/hooks/use-call-tool.test-d.d.ts → server/build-manifest.test.d.ts} +0 -0
- /package/dist/{src/web/hooks/use-call-tool.test.d.ts → server/content-helpers.test.d.ts} +0 -0
- /package/dist/{src/web/hooks/use-display-mode.test.d.ts → server/express.test.d.ts} +0 -0
- /package/dist/{src/server → server}/inferUtilityTypes.js +0 -0
- /package/dist/{src/web/hooks/use-files.test.d.ts → server/middleware.test-d.d.ts} +0 -0
- /package/dist/{src/web/hooks/use-layout.test.d.ts → server/middleware.test.d.ts} +0 -0
- /package/dist/{src/web/hooks/use-open-external.test.d.ts → server/tunnel-proxy-router.test.d.ts} +0 -0
- /package/dist/{src/web/hooks/use-request-modal.test.d.ts → test/view.test.d.ts} +0 -0
- /package/dist/{src/web/hooks/use-tool-info.test-d.d.ts → web/bridges/mcp-app/use-mcp-app-context.test.d.ts} +0 -0
- /package/dist/{src/web/hooks/use-tool-info.test.d.ts → web/bridges/mcp-app/view-tools.test.d.ts} +0 -0
- /package/dist/{src/web/hooks/use-user.test.d.ts → web/create-store.test.d.ts} +0 -0
- /package/dist/{src/web/plugin → web}/data-llm.test.d.ts +0 -0
- /package/dist/{src/web/hooks/use-widget-state.test.d.ts → web/generate-helpers.test-d.d.ts} +0 -0
- /package/dist/{src/web/plugin/transform-data-llm.test.d.ts → web/generate-helpers.test.d.ts} +0 -0
- /package/dist/{src/web → web}/generate-helpers.test.js +0 -0
- /package/dist/{src/web → web}/hooks/use-display-mode.test.js +0 -0
- /package/dist/{src/web → web}/plugin/data-llm.test.js +0 -0
- /package/dist/{src/web → web}/plugin/transform-data-llm.d.ts +0 -0
- /package/dist/{src/web → web}/plugin/transform-data-llm.test.js +0 -0
- /package/dist/{src/web → web}/proxy.d.ts +0 -0
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
|
|
2
|
+
import { Command } from "@oclif/core";
|
|
3
|
+
import { Box, render, Text } from "ink";
|
|
4
|
+
import { getMachineId, isEnabled } from "../../cli/telemetry.js";
|
|
5
|
+
export default class TelemetryStatus extends Command {
|
|
6
|
+
static description = "Get Skybridge current telemetry settings for this machine";
|
|
7
|
+
async run() {
|
|
8
|
+
await this.parse(TelemetryStatus);
|
|
9
|
+
const enabled = isEnabled();
|
|
10
|
+
const App = () => (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsx(Text, { bold: true, underline: true, children: "Skybridge Telemetry" }), _jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { children: "Status: " }), enabled ? (_jsx(Text, { color: "green", bold: true, children: "Enabled" })) : (_jsx(Text, { color: "yellow", bold: true, children: "Disabled" }))] }), _jsxs(Box, { marginTop: 1, children: [_jsx(Text, { color: "gray", children: "Machine ID: " }), _jsx(Text, { children: getMachineId() })] })] }), _jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { color: "gray", children: "To opt out, run: skybridge telemetry disable" }), _jsx(Text, { color: "gray", children: "Or set: SKYBRIDGE_TELEMETRY_DISABLED=1" }), _jsx(Text, { color: "gray", children: "Debug mode: SKYBRIDGE_TELEMETRY_DEBUG=1" })] })] }));
|
|
11
|
+
render(_jsx(App, {}));
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=status.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"status.js","sourceRoot":"","sources":["../../../src/commands/telemetry/status.tsx"],"names":[],"mappings":";AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEjE,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,OAAO;IAClD,MAAM,CAAU,WAAW,GACzB,2DAA2D,CAAC;IAEvD,KAAK,CAAC,GAAG;QACd,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAClC,MAAM,OAAO,GAAG,SAAS,EAAE,CAAC;QAE5B,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC,CAChB,MAAC,GAAG,IAAC,aAAa,EAAC,QAAQ,EAAC,OAAO,EAAE,CAAC,aACpC,KAAC,IAAI,IAAC,IAAI,QAAC,SAAS,0CAEb,EAEP,MAAC,GAAG,IAAC,SAAS,EAAE,CAAC,EAAE,aAAa,EAAC,QAAQ,aACvC,MAAC,GAAG,eACF,KAAC,IAAI,2BAAgB,EACpB,OAAO,CAAC,CAAC,CAAC,CACT,KAAC,IAAI,IAAC,KAAK,EAAC,OAAO,EAAC,IAAI,8BAEjB,CACR,CAAC,CAAC,CAAC,CACF,KAAC,IAAI,IAAC,KAAK,EAAC,QAAQ,EAAC,IAAI,+BAElB,CACR,IACG,EAEN,MAAC,GAAG,IAAC,SAAS,EAAE,CAAC,aACf,KAAC,IAAI,IAAC,KAAK,EAAC,MAAM,6BAAoB,EACtC,KAAC,IAAI,cAAE,YAAY,EAAE,GAAQ,IACzB,IACF,EAEN,MAAC,GAAG,IAAC,SAAS,EAAE,CAAC,EAAE,aAAa,EAAC,QAAQ,aACvC,KAAC,IAAI,IAAC,KAAK,EAAC,MAAM,6DAAoD,EACtE,KAAC,IAAI,IAAC,KAAK,EAAC,MAAM,uDAA8C,EAChE,KAAC,IAAI,IAAC,KAAK,EAAC,MAAM,wDAA+C,IAC7D,IACF,CACP,CAAC;QAEF,MAAM,CAAC,KAAC,GAAG,KAAG,CAAC,CAAC;IAClB,CAAC","sourcesContent":["import { Command } from \"@oclif/core\";\nimport { Box, render, Text } from \"ink\";\nimport { getMachineId, isEnabled } from \"../../cli/telemetry.js\";\n\nexport default class TelemetryStatus extends Command {\n static override description =\n \"Get Skybridge current telemetry settings for this machine\";\n\n public async run(): Promise<void> {\n await this.parse(TelemetryStatus);\n const enabled = isEnabled();\n\n const App = () => (\n <Box flexDirection=\"column\" padding={1}>\n <Text bold underline>\n Skybridge Telemetry\n </Text>\n\n <Box marginTop={1} flexDirection=\"column\">\n <Box>\n <Text>Status: </Text>\n {enabled ? (\n <Text color=\"green\" bold>\n Enabled\n </Text>\n ) : (\n <Text color=\"yellow\" bold>\n Disabled\n </Text>\n )}\n </Box>\n\n <Box marginTop={1}>\n <Text color=\"gray\">Machine ID: </Text>\n <Text>{getMachineId()}</Text>\n </Box>\n </Box>\n\n <Box marginTop={1} flexDirection=\"column\">\n <Text color=\"gray\">To opt out, run: skybridge telemetry disable</Text>\n <Text color=\"gray\">Or set: SKYBRIDGE_TELEMETRY_DISABLED=1</Text>\n <Text color=\"gray\">Debug mode: SKYBRIDGE_TELEMETRY_DEBUG=1</Text>\n </Box>\n </Box>\n );\n\n render(<App />);\n }\n}\n"]}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { Plugin } from "vite";
|
|
2
|
+
export declare function isCssRequest(id: string): boolean;
|
|
3
|
+
/**
|
|
4
|
+
* Transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`,
|
|
5
|
+
* so they work both locally and behind tunnels.
|
|
6
|
+
*/
|
|
7
|
+
export declare function assetBaseUrlTransform(code: string): string;
|
|
8
|
+
/**
|
|
9
|
+
* Vite plugin that transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`.
|
|
10
|
+
*/
|
|
11
|
+
export declare function assetBaseUrlTransformPlugin(): Plugin;
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
// Mirrors Vite's own `isCSSRequest`: matches the css family of extensions
|
|
2
|
+
// either at the end of the id or right before the query string. Catches both
|
|
3
|
+
// plain `.css` requests and SFC style blocks (e.g. `Foo.vue?vue&type=style&lang.css`).
|
|
4
|
+
const CSS_LANGS_RE = /\.(css|less|sass|scss|styl|stylus|pcss|postcss|sss)(?:$|\?)/;
|
|
5
|
+
export function isCssRequest(id) {
|
|
6
|
+
return CSS_LANGS_RE.test(id);
|
|
7
|
+
}
|
|
8
|
+
/**
|
|
9
|
+
* Transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`,
|
|
10
|
+
* so they work both locally and behind tunnels.
|
|
11
|
+
*/
|
|
12
|
+
export function assetBaseUrlTransform(code) {
|
|
13
|
+
const assetStringPattern = /(?<!\bfrom\s)(?<!https?:\/\/)(["'`])(\/[^"'`]+\.(svg|png|jpeg|jpg|gif|webp|mp3|mp4|woff|woff2|ttf|eot))\1/g;
|
|
14
|
+
code = code.replace(assetStringPattern, (_match, _quote, assetPath) => {
|
|
15
|
+
return `(window.skybridge?.serverUrl ?? "") + "${assetPath}"`;
|
|
16
|
+
});
|
|
17
|
+
return code;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Vite plugin that transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`.
|
|
21
|
+
*/
|
|
22
|
+
export function assetBaseUrlTransformPlugin() {
|
|
23
|
+
return {
|
|
24
|
+
name: "asset-base-url-transform",
|
|
25
|
+
transform(code, id) {
|
|
26
|
+
if (!code) {
|
|
27
|
+
return null;
|
|
28
|
+
}
|
|
29
|
+
// Vite serves CSS modules as JS that embeds the stylesheet as a string
|
|
30
|
+
// literal. Rewriting `url("/foo.woff2")` inside that string to a JS
|
|
31
|
+
// concatenation expression produces invalid CSS once it lands in a
|
|
32
|
+
// <style> tag. CSS asset URLs are already handled at build time by
|
|
33
|
+
// `experimental.renderBuiltUrl`, so skip CSS requests here.
|
|
34
|
+
if (isCssRequest(id)) {
|
|
35
|
+
return null;
|
|
36
|
+
}
|
|
37
|
+
const transformedCode = assetBaseUrlTransform(code);
|
|
38
|
+
if (transformedCode === code) {
|
|
39
|
+
return null;
|
|
40
|
+
}
|
|
41
|
+
return {
|
|
42
|
+
code: transformedCode,
|
|
43
|
+
map: null,
|
|
44
|
+
};
|
|
45
|
+
},
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=asset-base-url-transform-plugin.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"asset-base-url-transform-plugin.js","sourceRoot":"","sources":["../../src/server/asset-base-url-transform-plugin.ts"],"names":[],"mappings":"AAEA,0EAA0E;AAC1E,6EAA6E;AAC7E,uFAAuF;AACvF,MAAM,YAAY,GAChB,6DAA6D,CAAC;AAEhE,MAAM,UAAU,YAAY,CAAC,EAAU;IACrC,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY;IAChD,MAAM,kBAAkB,GACtB,4GAA4G,CAAC;IAE/G,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;QACpE,OAAO,0CAA0C,SAAS,GAAG,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B;IACzC,OAAO;QACL,IAAI,EAAE,0BAA0B;QAChC,SAAS,CAAC,IAAI,EAAE,EAAE;YAChB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,IAAI,CAAC;YACd,CAAC;YAED,uEAAuE;YACvE,oEAAoE;YACpE,mEAAmE;YACnE,mEAAmE;YACnE,4DAA4D;YAC5D,IAAI,YAAY,CAAC,EAAE,CAAC,EAAE,CAAC;gBACrB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,eAAe,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAEpD,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,IAAI;aACV,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["import type { Plugin } from \"vite\";\n\n// Mirrors Vite's own `isCSSRequest`: matches the css family of extensions\n// either at the end of the id or right before the query string. Catches both\n// plain `.css` requests and SFC style blocks (e.g. `Foo.vue?vue&type=style&lang.css`).\nconst CSS_LANGS_RE =\n /\\.(css|less|sass|scss|styl|stylus|pcss|postcss|sss)(?:$|\\?)/;\n\nexport function isCssRequest(id: string): boolean {\n return CSS_LANGS_RE.test(id);\n}\n\n/**\n * Transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`,\n * so they work both locally and behind tunnels.\n */\nexport function assetBaseUrlTransform(code: string): string {\n const assetStringPattern =\n /(?<!\\bfrom\\s)(?<!https?:\\/\\/)([\"'`])(\\/[^\"'`]+\\.(svg|png|jpeg|jpg|gif|webp|mp3|mp4|woff|woff2|ttf|eot))\\1/g;\n\n code = code.replace(assetStringPattern, (_match, _quote, assetPath) => {\n return `(window.skybridge?.serverUrl ?? \"\") + \"${assetPath}\"`;\n });\n\n return code;\n}\n\n/**\n * Vite plugin that transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`.\n */\nexport function assetBaseUrlTransformPlugin(): Plugin {\n return {\n name: \"asset-base-url-transform\",\n transform(code, id) {\n if (!code) {\n return null;\n }\n\n // Vite serves CSS modules as JS that embeds the stylesheet as a string\n // literal. Rewriting `url(\"/foo.woff2\")` inside that string to a JS\n // concatenation expression produces invalid CSS once it lands in a\n // <style> tag. CSS asset URLs are already handled at build time by\n // `experimental.renderBuiltUrl`, so skip CSS requests here.\n if (isCssRequest(id)) {\n return null;\n }\n\n const transformedCode = assetBaseUrlTransform(code);\n\n if (transformedCode === code) {\n return null;\n }\n\n return {\n code: transformedCode,\n map: null,\n };\n },\n };\n}\n"]}
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
import { describe, expect, it } from "vitest";
|
|
2
|
+
import { assetBaseUrlTransform, assetBaseUrlTransformPlugin, isCssRequest, } from "./asset-base-url-transform-plugin.js";
|
|
3
|
+
describe("assetBaseUrlTransform", () => {
|
|
4
|
+
it("should transform asset paths to use window.skybridge.serverUrl", () => {
|
|
5
|
+
const cases = [
|
|
6
|
+
{
|
|
7
|
+
desc: "single-quoted",
|
|
8
|
+
code: `const image = '/assets/logo.png';`,
|
|
9
|
+
expected: `const image = (window.skybridge?.serverUrl ?? "") + "/assets/logo.png";`,
|
|
10
|
+
},
|
|
11
|
+
{
|
|
12
|
+
desc: "double-quoted",
|
|
13
|
+
code: `const image = "/assets/logo.png";`,
|
|
14
|
+
expected: `const image = (window.skybridge?.serverUrl ?? "") + "/assets/logo.png";`,
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
desc: "backtick-quoted",
|
|
18
|
+
code: "const image = `/assets/logo.png`;",
|
|
19
|
+
expected: `const image = (window.skybridge?.serverUrl ?? "") + "/assets/logo.png";`,
|
|
20
|
+
},
|
|
21
|
+
];
|
|
22
|
+
for (const { code, expected } of cases) {
|
|
23
|
+
const result = assetBaseUrlTransform(code);
|
|
24
|
+
expect(result).toBe(expected);
|
|
25
|
+
}
|
|
26
|
+
});
|
|
27
|
+
it("should transform multiple asset paths", () => {
|
|
28
|
+
const code = `
|
|
29
|
+
const logo = '/assets/logo.png';
|
|
30
|
+
const icon = '/assets/icon.svg';
|
|
31
|
+
const font = '/assets/font.woff2';
|
|
32
|
+
`;
|
|
33
|
+
const result = assetBaseUrlTransform(code);
|
|
34
|
+
expect(result).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/logo.png"`);
|
|
35
|
+
expect(result).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/icon.svg"`);
|
|
36
|
+
expect(result).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/font.woff2"`);
|
|
37
|
+
});
|
|
38
|
+
it("should not transform already absolute URLs", () => {
|
|
39
|
+
const code = `
|
|
40
|
+
const local = '/assets/logo.png';
|
|
41
|
+
const http = 'http://example.com/image.png';
|
|
42
|
+
const https = 'https://example.com/image.png';
|
|
43
|
+
`;
|
|
44
|
+
const result = assetBaseUrlTransform(code);
|
|
45
|
+
expect(result).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/logo.png"`);
|
|
46
|
+
expect(result).toContain("http://example.com/image.png");
|
|
47
|
+
expect(result).toContain("https://example.com/image.png");
|
|
48
|
+
});
|
|
49
|
+
it("should not transform code without asset paths", () => {
|
|
50
|
+
const code = `const text = "Hello World";`;
|
|
51
|
+
const result = assetBaseUrlTransform(code);
|
|
52
|
+
expect(result).toBe(code);
|
|
53
|
+
});
|
|
54
|
+
it("should not transform asset paths inside static `import ... from` clauses", () => {
|
|
55
|
+
// Reproducer for #713: a dep does `import * as sprite from './icons.svg'`,
|
|
56
|
+
// Vite resolves the relative path to absolute, then this transform used
|
|
57
|
+
// to rewrite the resolved string — producing invalid JS like
|
|
58
|
+
// `import * as sprite from (expr) + "..."` that crashes vite:import-analysis.
|
|
59
|
+
const cases = [
|
|
60
|
+
`import * as sprite from "/Users/me/proj/node_modules/pkg/icons.svg";`,
|
|
61
|
+
`import sprite from '/assets/icons.svg';`,
|
|
62
|
+
`import sprite from "/assets/icons.svg";`,
|
|
63
|
+
`export { default } from "/assets/icons.svg";`,
|
|
64
|
+
`export * from '/assets/sprites.svg';`,
|
|
65
|
+
];
|
|
66
|
+
for (const code of cases) {
|
|
67
|
+
expect(assetBaseUrlTransform(code)).toBe(code);
|
|
68
|
+
}
|
|
69
|
+
});
|
|
70
|
+
it("should still transform value-position asset paths in files that also have unrelated imports", () => {
|
|
71
|
+
const code = [
|
|
72
|
+
`import { foo } from "./foo.js";`,
|
|
73
|
+
`import * as sprite from "/assets/sprite.svg";`,
|
|
74
|
+
`const logo = "/assets/logo.png";`,
|
|
75
|
+
].join("\n");
|
|
76
|
+
const result = assetBaseUrlTransform(code);
|
|
77
|
+
// Imports untouched
|
|
78
|
+
expect(result).toContain(`from "./foo.js"`);
|
|
79
|
+
expect(result).toContain(`from "/assets/sprite.svg"`);
|
|
80
|
+
// Value-position rewritten
|
|
81
|
+
expect(result).toContain(`const logo = (window.skybridge?.serverUrl ?? "") + "/assets/logo.png";`);
|
|
82
|
+
});
|
|
83
|
+
});
|
|
84
|
+
describe("isCssRequest", () => {
|
|
85
|
+
it("returns true for CSS-family extensions", () => {
|
|
86
|
+
expect(isCssRequest("/src/styles.css")).toBe(true);
|
|
87
|
+
expect(isCssRequest("/src/styles.module.css")).toBe(true);
|
|
88
|
+
expect(isCssRequest("/src/styles.scss")).toBe(true);
|
|
89
|
+
expect(isCssRequest("/src/styles.sass")).toBe(true);
|
|
90
|
+
expect(isCssRequest("/src/styles.less")).toBe(true);
|
|
91
|
+
expect(isCssRequest("/src/styles.styl")).toBe(true);
|
|
92
|
+
});
|
|
93
|
+
it("returns true for CSS modules with Vite query strings", () => {
|
|
94
|
+
expect(isCssRequest("/src/styles.css?direct")).toBe(true);
|
|
95
|
+
expect(isCssRequest("/src/styles.css?inline")).toBe(true);
|
|
96
|
+
expect(isCssRequest("/src/styles.css?used")).toBe(true);
|
|
97
|
+
expect(isCssRequest("/src/Foo.vue?vue&type=style&lang.css")).toBe(true);
|
|
98
|
+
});
|
|
99
|
+
it("returns false for non-CSS modules", () => {
|
|
100
|
+
expect(isCssRequest("/src/index.tsx")).toBe(false);
|
|
101
|
+
expect(isCssRequest("/src/utils.ts")).toBe(false);
|
|
102
|
+
expect(isCssRequest("/src/Logo.svg")).toBe(false);
|
|
103
|
+
expect(isCssRequest("/src/notes.cssx")).toBe(false);
|
|
104
|
+
});
|
|
105
|
+
});
|
|
106
|
+
describe("assetBaseUrlTransformPlugin", () => {
|
|
107
|
+
function runTransform(id, code) {
|
|
108
|
+
const plugin = assetBaseUrlTransformPlugin();
|
|
109
|
+
const hook = plugin.transform;
|
|
110
|
+
if (!hook) {
|
|
111
|
+
throw new Error("plugin.transform is not defined");
|
|
112
|
+
}
|
|
113
|
+
const handler = typeof hook === "function" ? hook : hook.handler;
|
|
114
|
+
return handler.call(
|
|
115
|
+
// biome-ignore lint/suspicious/noExplicitAny: vitest harness for plugin hook
|
|
116
|
+
{}, code, id, { moduleType: "js" });
|
|
117
|
+
}
|
|
118
|
+
it("rewrites asset paths in JS modules", () => {
|
|
119
|
+
const result = runTransform("/src/widget.tsx", `const logo = "/assets/logo.png";`);
|
|
120
|
+
expect(result?.code).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/logo.png"`);
|
|
121
|
+
});
|
|
122
|
+
// Reproducer for #697: CSS imports are served as JS modules with the
|
|
123
|
+
// stylesheet embedded as a string. Rewriting url("/foo.woff2") inside that
|
|
124
|
+
// string would produce invalid CSS once the styles are injected.
|
|
125
|
+
it("does not rewrite asset paths when transforming a CSS module", () => {
|
|
126
|
+
const cssCode = `__vite__updateStyle("style-id", "@font-face { src: url(\\"/fonts/Brand.woff2\\") format(\\"woff2\\"); }");`;
|
|
127
|
+
expect(runTransform("/src/fonts.css", cssCode)).toBeNull();
|
|
128
|
+
expect(runTransform("/src/fonts.css?direct", cssCode)).toBeNull();
|
|
129
|
+
expect(runTransform("/src/fonts.css?inline", cssCode)).toBeNull();
|
|
130
|
+
expect(runTransform("/src/styles.scss", cssCode)).toBeNull();
|
|
131
|
+
expect(runTransform("/src/Foo.vue?vue&type=style&lang.css", cssCode)).toBeNull();
|
|
132
|
+
});
|
|
133
|
+
});
|
|
134
|
+
//# sourceMappingURL=asset-base-url-transform-plugin.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"asset-base-url-transform-plugin.test.js","sourceRoot":"","sources":["../../src/server/asset-base-url-transform-plugin.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,qBAAqB,EACrB,2BAA2B,EAC3B,YAAY,GACb,MAAM,sCAAsC,CAAC;AAE9C,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,KAAK,GAAG;YACZ;gBACE,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,mCAAmC;gBACzC,QAAQ,EAAE,yEAAyE;aACpF;YACD;gBACE,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,mCAAmC;gBACzC,QAAQ,EAAE,yEAAyE;aACpF;YACD;gBACE,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,mCAAmC;gBACzC,QAAQ,EAAE,yEAAyE;aACpF;SACF,CAAC;QAEF,KAAK,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,KAAK,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,IAAI,GAAG;;;;KAIZ,CAAC;QACF,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAE3C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,0DAA0D,CAC3D,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,0DAA0D,CAC3D,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,4DAA4D,CAC7D,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,IAAI,GAAG;;;;KAIZ,CAAC;QACF,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAE3C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,0DAA0D,CAC3D,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,IAAI,GAAG,6BAA6B,CAAC;QAC3C,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAE3C,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0EAA0E,EAAE,GAAG,EAAE;QAClF,2EAA2E;QAC3E,wEAAwE;QACxE,6DAA6D;QAC7D,8EAA8E;QAC9E,MAAM,KAAK,GAAG;YACZ,sEAAsE;YACtE,yCAAyC;YACzC,yCAAyC;YACzC,8CAA8C;YAC9C,sCAAsC;SACvC,CAAC;QAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6FAA6F,EAAE,GAAG,EAAE;QACrG,MAAM,IAAI,GAAG;YACX,iCAAiC;YACjC,+CAA+C;YAC/C,kCAAkC;SACnC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAE3C,oBAAoB;QACpB,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAC5C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;QACtD,2BAA2B;QAC3B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,wEAAwE,CACzE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,YAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,CAAC,YAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,YAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,CAAC,YAAY,CAAC,sCAAsC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAG3C,SAAS,YAAY,CAAC,EAAU,EAAE,IAAY;QAC5C,MAAM,MAAM,GAAG,2BAA2B,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC;QAC9B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,OAAO,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;QACjE,OAAO,OAAO,CAAC,IAAI;QACjB,6EAA6E;QAC7E,EAAS,EACT,IAAI,EACJ,EAAE,EACF,EAAE,UAAU,EAAE,IAAI,EAAE,CACF,CAAC;IACvB,CAAC;IAED,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,MAAM,GAAG,YAAY,CACzB,iBAAiB,EACjB,kCAAkC,CACnC,CAAC;QACF,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,SAAS,CAC5B,0DAA0D,CAC3D,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,qEAAqE;IACrE,2EAA2E;IAC3E,iEAAiE;IACjE,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,OAAO,GAAG,4GAA4G,CAAC;QAE7H,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3D,MAAM,CAAC,YAAY,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAClE,MAAM,CAAC,YAAY,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAClE,MAAM,CAAC,YAAY,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC7D,MAAM,CACJ,YAAY,CAAC,sCAAsC,EAAE,OAAO,CAAC,CAC9D,CAAC,QAAQ,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { describe, expect, it } from \"vitest\";\nimport {\n assetBaseUrlTransform,\n assetBaseUrlTransformPlugin,\n isCssRequest,\n} from \"./asset-base-url-transform-plugin.js\";\n\ndescribe(\"assetBaseUrlTransform\", () => {\n it(\"should transform asset paths to use window.skybridge.serverUrl\", () => {\n const cases = [\n {\n desc: \"single-quoted\",\n code: `const image = '/assets/logo.png';`,\n expected: `const image = (window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\";`,\n },\n {\n desc: \"double-quoted\",\n code: `const image = \"/assets/logo.png\";`,\n expected: `const image = (window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\";`,\n },\n {\n desc: \"backtick-quoted\",\n code: \"const image = `/assets/logo.png`;\",\n expected: `const image = (window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\";`,\n },\n ];\n\n for (const { code, expected } of cases) {\n const result = assetBaseUrlTransform(code);\n expect(result).toBe(expected);\n }\n });\n\n it(\"should transform multiple asset paths\", () => {\n const code = `\n const logo = '/assets/logo.png';\n const icon = '/assets/icon.svg';\n const font = '/assets/font.woff2';\n `;\n const result = assetBaseUrlTransform(code);\n\n expect(result).toContain(\n `(window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\"`,\n );\n expect(result).toContain(\n `(window.skybridge?.serverUrl ?? \"\") + \"/assets/icon.svg\"`,\n );\n expect(result).toContain(\n `(window.skybridge?.serverUrl ?? \"\") + \"/assets/font.woff2\"`,\n );\n });\n\n it(\"should not transform already absolute URLs\", () => {\n const code = `\n const local = '/assets/logo.png';\n const http = 'http://example.com/image.png';\n const https = 'https://example.com/image.png';\n `;\n const result = assetBaseUrlTransform(code);\n\n expect(result).toContain(\n `(window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\"`,\n );\n expect(result).toContain(\"http://example.com/image.png\");\n expect(result).toContain(\"https://example.com/image.png\");\n });\n\n it(\"should not transform code without asset paths\", () => {\n const code = `const text = \"Hello World\";`;\n const result = assetBaseUrlTransform(code);\n\n expect(result).toBe(code);\n });\n\n it(\"should not transform asset paths inside static `import ... from` clauses\", () => {\n // Reproducer for #713: a dep does `import * as sprite from './icons.svg'`,\n // Vite resolves the relative path to absolute, then this transform used\n // to rewrite the resolved string — producing invalid JS like\n // `import * as sprite from (expr) + \"...\"` that crashes vite:import-analysis.\n const cases = [\n `import * as sprite from \"/Users/me/proj/node_modules/pkg/icons.svg\";`,\n `import sprite from '/assets/icons.svg';`,\n `import sprite from \"/assets/icons.svg\";`,\n `export { default } from \"/assets/icons.svg\";`,\n `export * from '/assets/sprites.svg';`,\n ];\n\n for (const code of cases) {\n expect(assetBaseUrlTransform(code)).toBe(code);\n }\n });\n\n it(\"should still transform value-position asset paths in files that also have unrelated imports\", () => {\n const code = [\n `import { foo } from \"./foo.js\";`,\n `import * as sprite from \"/assets/sprite.svg\";`,\n `const logo = \"/assets/logo.png\";`,\n ].join(\"\\n\");\n const result = assetBaseUrlTransform(code);\n\n // Imports untouched\n expect(result).toContain(`from \"./foo.js\"`);\n expect(result).toContain(`from \"/assets/sprite.svg\"`);\n // Value-position rewritten\n expect(result).toContain(\n `const logo = (window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\";`,\n );\n });\n});\n\ndescribe(\"isCssRequest\", () => {\n it(\"returns true for CSS-family extensions\", () => {\n expect(isCssRequest(\"/src/styles.css\")).toBe(true);\n expect(isCssRequest(\"/src/styles.module.css\")).toBe(true);\n expect(isCssRequest(\"/src/styles.scss\")).toBe(true);\n expect(isCssRequest(\"/src/styles.sass\")).toBe(true);\n expect(isCssRequest(\"/src/styles.less\")).toBe(true);\n expect(isCssRequest(\"/src/styles.styl\")).toBe(true);\n });\n\n it(\"returns true for CSS modules with Vite query strings\", () => {\n expect(isCssRequest(\"/src/styles.css?direct\")).toBe(true);\n expect(isCssRequest(\"/src/styles.css?inline\")).toBe(true);\n expect(isCssRequest(\"/src/styles.css?used\")).toBe(true);\n expect(isCssRequest(\"/src/Foo.vue?vue&type=style&lang.css\")).toBe(true);\n });\n\n it(\"returns false for non-CSS modules\", () => {\n expect(isCssRequest(\"/src/index.tsx\")).toBe(false);\n expect(isCssRequest(\"/src/utils.ts\")).toBe(false);\n expect(isCssRequest(\"/src/Logo.svg\")).toBe(false);\n expect(isCssRequest(\"/src/notes.cssx\")).toBe(false);\n });\n});\n\ndescribe(\"assetBaseUrlTransformPlugin\", () => {\n type TransformResult = { code: string; map: null } | null;\n\n function runTransform(id: string, code: string): TransformResult {\n const plugin = assetBaseUrlTransformPlugin();\n const hook = plugin.transform;\n if (!hook) {\n throw new Error(\"plugin.transform is not defined\");\n }\n const handler = typeof hook === \"function\" ? hook : hook.handler;\n return handler.call(\n // biome-ignore lint/suspicious/noExplicitAny: vitest harness for plugin hook\n {} as any,\n code,\n id,\n { moduleType: \"js\" },\n ) as TransformResult;\n }\n\n it(\"rewrites asset paths in JS modules\", () => {\n const result = runTransform(\n \"/src/widget.tsx\",\n `const logo = \"/assets/logo.png\";`,\n );\n expect(result?.code).toContain(\n `(window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\"`,\n );\n });\n\n // Reproducer for #697: CSS imports are served as JS modules with the\n // stylesheet embedded as a string. Rewriting url(\"/foo.woff2\") inside that\n // string would produce invalid CSS once the styles are injected.\n it(\"does not rewrite asset paths when transforming a CSS module\", () => {\n const cssCode = `__vite__updateStyle(\"style-id\", \"@font-face { src: url(\\\\\"/fonts/Brand.woff2\\\\\") format(\\\\\"woff2\\\\\"); }\");`;\n\n expect(runTransform(\"/src/fonts.css\", cssCode)).toBeNull();\n expect(runTransform(\"/src/fonts.css?direct\", cssCode)).toBeNull();\n expect(runTransform(\"/src/fonts.css?inline\", cssCode)).toBeNull();\n expect(runTransform(\"/src/styles.scss\", cssCode)).toBeNull();\n expect(\n runTransform(\"/src/Foo.vue?vue&type=style&lang.css\", cssCode),\n ).toBeNull();\n });\n});\n"]}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import type { OAuthMetadata } from "@modelcontextprotocol/sdk/shared/auth.js";
|
|
2
|
+
import type { JwksVerifyConfig } from "./verify.js";
|
|
3
|
+
/** Resource-server OAuth config for `SkybridgeServerOptions.oauth`. */
|
|
4
|
+
export type OAuthConfig = {
|
|
5
|
+
/**
|
|
6
|
+
* Public URL of this server; sets `resourceServerUrl` and the
|
|
7
|
+
* `resource_metadata` URL. When omitted, it is inferred per request from
|
|
8
|
+
* `x-forwarded-host`/`origin`/`host` headers.
|
|
9
|
+
*/
|
|
10
|
+
baseUrl?: string;
|
|
11
|
+
/** AS metadata served at `/.well-known/oauth-authorization-server`. */
|
|
12
|
+
oauthMetadata: OAuthMetadata;
|
|
13
|
+
verify: JwksVerifyConfig;
|
|
14
|
+
/** Scopes advertised in protected-resource metadata. */
|
|
15
|
+
scopesSupported?: string[];
|
|
16
|
+
/** Server-wide required-scope floor. */
|
|
17
|
+
requiredScopes?: string[];
|
|
18
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/auth/index.ts"],"names":[],"mappings":"","sourcesContent":["import type { OAuthMetadata } from \"@modelcontextprotocol/sdk/shared/auth.js\";\nimport type { JwksVerifyConfig } from \"./verify.js\";\n\n/** Resource-server OAuth config for `SkybridgeServerOptions.oauth`. */\nexport type OAuthConfig = {\n /**\n * Public URL of this server; sets `resourceServerUrl` and the\n * `resource_metadata` URL. When omitted, it is inferred per request from\n * `x-forwarded-host`/`origin`/`host` headers.\n */\n baseUrl?: string;\n /** AS metadata served at `/.well-known/oauth-authorization-server`. */\n oauthMetadata: OAuthMetadata;\n verify: JwksVerifyConfig;\n /** Scopes advertised in protected-resource metadata. */\n scopesSupported?: string[];\n /** Server-wide required-scope floor. */\n requiredScopes?: string[];\n};\n"]}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import { getOAuthProtectedResourceMetadataUrl, mcpAuthMetadataRouter, } from "@modelcontextprotocol/sdk/server/auth/router.js";
|
|
2
|
+
import cors from "cors";
|
|
3
|
+
import { requireBearerAuth } from "../auth.js";
|
|
4
|
+
import { resolveServerOrigin } from "../requestOrigin.js";
|
|
5
|
+
import { createJwksVerifier } from "./verify.js";
|
|
6
|
+
/** Mounts the well-known OAuth metadata and bearer auth on `/mcp`. */
|
|
7
|
+
export function setupOAuth(app, config) {
|
|
8
|
+
if (!config.verify?.issuer || !config.verify?.audience) {
|
|
9
|
+
throw new Error("oauth.verify requires both `issuer` and `audience`");
|
|
10
|
+
}
|
|
11
|
+
const verifier = createJwksVerifier(config.verify);
|
|
12
|
+
// baseUrl known at boot: bake the resource URLs once, no Host-header trust.
|
|
13
|
+
if (config.baseUrl !== undefined) {
|
|
14
|
+
let baseUrl;
|
|
15
|
+
try {
|
|
16
|
+
baseUrl = new URL(config.baseUrl);
|
|
17
|
+
}
|
|
18
|
+
catch {
|
|
19
|
+
throw new Error(`oauth.baseUrl must be a valid absolute URL, got: ${JSON.stringify(config.baseUrl)}`);
|
|
20
|
+
}
|
|
21
|
+
app.use(mcpAuthMetadataRouter({
|
|
22
|
+
oauthMetadata: config.oauthMetadata,
|
|
23
|
+
resourceServerUrl: baseUrl,
|
|
24
|
+
scopesSupported: config.scopesSupported,
|
|
25
|
+
}));
|
|
26
|
+
app.use("/mcp", requireBearerAuth({
|
|
27
|
+
verifier,
|
|
28
|
+
requiredScopes: config.requiredScopes,
|
|
29
|
+
resourceMetadataUrl: getOAuthProtectedResourceMetadataUrl(baseUrl),
|
|
30
|
+
}));
|
|
31
|
+
return;
|
|
32
|
+
}
|
|
33
|
+
// No baseUrl: resolve the resource origin per request from forwarded headers
|
|
34
|
+
// (same precedence the framework uses for view serverUrl). Origin headers are
|
|
35
|
+
// pathless, so the PRM path stays at root, matching the SDK's static layout.
|
|
36
|
+
const resolveOrigin = (req) => new URL(resolveServerOrigin((key) => req.get(key)));
|
|
37
|
+
app.use("/.well-known/oauth-authorization-server", cors(), (_req, res) => void res.json(config.oauthMetadata));
|
|
38
|
+
app.use("/.well-known/oauth-protected-resource", cors(), (req, res) => {
|
|
39
|
+
res.json({
|
|
40
|
+
resource: resolveOrigin(req).href,
|
|
41
|
+
authorization_servers: [config.oauthMetadata.issuer],
|
|
42
|
+
scopes_supported: config.scopesSupported,
|
|
43
|
+
});
|
|
44
|
+
});
|
|
45
|
+
app.use("/mcp", (req, res, next) => requireBearerAuth({
|
|
46
|
+
verifier,
|
|
47
|
+
requiredScopes: config.requiredScopes,
|
|
48
|
+
resourceMetadataUrl: getOAuthProtectedResourceMetadataUrl(resolveOrigin(req)),
|
|
49
|
+
})(req, res, next));
|
|
50
|
+
}
|
|
51
|
+
//# sourceMappingURL=setup.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"setup.js","sourceRoot":"","sources":["../../../src/server/auth/setup.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oCAAoC,EACpC,qBAAqB,GACtB,MAAM,iDAAiD,CAAC;AACzD,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAE1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD,sEAAsE;AACtE,MAAM,UAAU,UAAU,CAAC,GAAY,EAAE,MAAmB;IAC1D,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAEnD,4EAA4E;IAC5E,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,OAAY,CAAC;QACjB,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,oDAAoD,IAAI,CAAC,SAAS,CAChE,MAAM,CAAC,OAAO,CACf,EAAE,CACJ,CAAC;QACJ,CAAC;QACD,GAAG,CAAC,GAAG,CACL,qBAAqB,CAAC;YACpB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,iBAAiB,EAAE,OAAO;YAC1B,eAAe,EAAE,MAAM,CAAC,eAAe;SACxC,CAAC,CACH,CAAC;QACF,GAAG,CAAC,GAAG,CACL,MAAM,EACN,iBAAiB,CAAC;YAChB,QAAQ;YACR,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,mBAAmB,EAAE,oCAAoC,CAAC,OAAO,CAAC;SACnE,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,6EAA6E;IAC7E,8EAA8E;IAC9E,6EAA6E;IAC7E,MAAM,aAAa,GAAG,CAAC,GAAY,EAAE,EAAE,CACrC,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAEtD,GAAG,CAAC,GAAG,CACL,yCAAyC,EACzC,IAAI,EAAE,EACN,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CACnD,CAAC;IACF,GAAG,CAAC,GAAG,CAAC,uCAAuC,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACpE,GAAG,CAAC,IAAI,CAAC;YACP,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,IAAI;YACjC,qBAAqB,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC;YACpD,gBAAgB,EAAE,MAAM,CAAC,eAAe;SACzC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,CACjC,iBAAiB,CAAC;QAChB,QAAQ;QACR,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,mBAAmB,EAAE,oCAAoC,CACvD,aAAa,CAAC,GAAG,CAAC,CACnB;KACF,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CACnB,CAAC;AACJ,CAAC","sourcesContent":["import {\n getOAuthProtectedResourceMetadataUrl,\n mcpAuthMetadataRouter,\n} from \"@modelcontextprotocol/sdk/server/auth/router.js\";\nimport cors from \"cors\";\nimport type { Express, Request } from \"express\";\nimport { requireBearerAuth } from \"../auth.js\";\nimport { resolveServerOrigin } from \"../requestOrigin.js\";\nimport type { OAuthConfig } from \"./index.js\";\nimport { createJwksVerifier } from \"./verify.js\";\n\n/** Mounts the well-known OAuth metadata and bearer auth on `/mcp`. */\nexport function setupOAuth(app: Express, config: OAuthConfig): void {\n if (!config.verify?.issuer || !config.verify?.audience) {\n throw new Error(\"oauth.verify requires both `issuer` and `audience`\");\n }\n\n const verifier = createJwksVerifier(config.verify);\n\n // baseUrl known at boot: bake the resource URLs once, no Host-header trust.\n if (config.baseUrl !== undefined) {\n let baseUrl: URL;\n try {\n baseUrl = new URL(config.baseUrl);\n } catch {\n throw new Error(\n `oauth.baseUrl must be a valid absolute URL, got: ${JSON.stringify(\n config.baseUrl,\n )}`,\n );\n }\n app.use(\n mcpAuthMetadataRouter({\n oauthMetadata: config.oauthMetadata,\n resourceServerUrl: baseUrl,\n scopesSupported: config.scopesSupported,\n }),\n );\n app.use(\n \"/mcp\",\n requireBearerAuth({\n verifier,\n requiredScopes: config.requiredScopes,\n resourceMetadataUrl: getOAuthProtectedResourceMetadataUrl(baseUrl),\n }),\n );\n return;\n }\n\n // No baseUrl: resolve the resource origin per request from forwarded headers\n // (same precedence the framework uses for view serverUrl). Origin headers are\n // pathless, so the PRM path stays at root, matching the SDK's static layout.\n const resolveOrigin = (req: Request) =>\n new URL(resolveServerOrigin((key) => req.get(key)));\n\n app.use(\n \"/.well-known/oauth-authorization-server\",\n cors(),\n (_req, res) => void res.json(config.oauthMetadata),\n );\n app.use(\"/.well-known/oauth-protected-resource\", cors(), (req, res) => {\n res.json({\n resource: resolveOrigin(req).href,\n authorization_servers: [config.oauthMetadata.issuer],\n scopes_supported: config.scopesSupported,\n });\n });\n app.use(\"/mcp\", (req, res, next) =>\n requireBearerAuth({\n verifier,\n requiredScopes: config.requiredScopes,\n resourceMetadataUrl: getOAuthProtectedResourceMetadataUrl(\n resolveOrigin(req),\n ),\n })(req, res, next),\n );\n}\n"]}
|
|
@@ -0,0 +1,185 @@
|
|
|
1
|
+
// @vitest-environment node
|
|
2
|
+
import http from "node:http";
|
|
3
|
+
import { Client } from "@modelcontextprotocol/sdk/client/index.js";
|
|
4
|
+
import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
|
|
5
|
+
import * as jose from "jose";
|
|
6
|
+
import { afterEach, describe, expect, it, vi } from "vitest";
|
|
7
|
+
import { McpServer } from "../server.js";
|
|
8
|
+
vi.mock("@skybridge/devtools", () => ({
|
|
9
|
+
devtoolsStaticServer: () => ((_req, _res, next) => next()),
|
|
10
|
+
}));
|
|
11
|
+
vi.mock("../viewsDevServer.js", () => ({
|
|
12
|
+
viewsDevServer: (_httpServer) => ((_req, _res, next) => next()),
|
|
13
|
+
}));
|
|
14
|
+
const ISSUER = "https://issuer.test";
|
|
15
|
+
const AUDIENCE = "api://default";
|
|
16
|
+
let jwksServer;
|
|
17
|
+
let appServer;
|
|
18
|
+
afterEach(() => {
|
|
19
|
+
jwksServer?.close();
|
|
20
|
+
appServer?.close();
|
|
21
|
+
});
|
|
22
|
+
async function startJwks() {
|
|
23
|
+
const { publicKey, privateKey } = await jose.generateKeyPair("RS256");
|
|
24
|
+
const jwk = {
|
|
25
|
+
...(await jose.exportJWK(publicKey)),
|
|
26
|
+
kid: "test-key",
|
|
27
|
+
alg: "RS256",
|
|
28
|
+
use: "sig",
|
|
29
|
+
};
|
|
30
|
+
const server = http.createServer((_req, res) => {
|
|
31
|
+
res.setHeader("content-type", "application/json");
|
|
32
|
+
res.end(JSON.stringify({ keys: [jwk] }));
|
|
33
|
+
});
|
|
34
|
+
await new Promise((resolve) => server.listen(0, resolve));
|
|
35
|
+
jwksServer = server;
|
|
36
|
+
const port = server.address().port;
|
|
37
|
+
return { privateKey, jwksUri: `http://localhost:${port}/jwks` };
|
|
38
|
+
}
|
|
39
|
+
function signToken(key) {
|
|
40
|
+
return new jose.SignJWT({
|
|
41
|
+
client_id: "client-1",
|
|
42
|
+
scope: "openid email",
|
|
43
|
+
sub: "user-1",
|
|
44
|
+
})
|
|
45
|
+
.setProtectedHeader({ alg: "RS256", kid: "test-key" })
|
|
46
|
+
.setIssuer(ISSUER)
|
|
47
|
+
.setAudience(AUDIENCE)
|
|
48
|
+
.setExpirationTime("1h")
|
|
49
|
+
.sign(key);
|
|
50
|
+
}
|
|
51
|
+
async function bootServer(jwksUri, { baseUrl = "https://app.example.test" } = {}) {
|
|
52
|
+
const { createApp } = await import("../express.js");
|
|
53
|
+
const server = new McpServer({ name: "auth-test", version: "0.0.0" }, { capabilities: {} }, {
|
|
54
|
+
oauth: {
|
|
55
|
+
...(baseUrl === null ? {} : { baseUrl }),
|
|
56
|
+
oauthMetadata: {
|
|
57
|
+
issuer: ISSUER,
|
|
58
|
+
authorization_endpoint: `${ISSUER}/authorize`,
|
|
59
|
+
token_endpoint: `${ISSUER}/token`,
|
|
60
|
+
response_types_supported: ["code"],
|
|
61
|
+
},
|
|
62
|
+
verify: { issuer: ISSUER, audience: AUDIENCE, jwksUri },
|
|
63
|
+
scopesSupported: ["openid", "email"],
|
|
64
|
+
requiredScopes: ["openid"],
|
|
65
|
+
},
|
|
66
|
+
}).registerTool({
|
|
67
|
+
name: "whoami",
|
|
68
|
+
description: "Returns the caller identity.",
|
|
69
|
+
inputSchema: {},
|
|
70
|
+
}, (_args, extra) => ({
|
|
71
|
+
structuredContent: { clientId: extra.authInfo?.clientId ?? null },
|
|
72
|
+
content: [{ type: "text", text: extra.authInfo?.clientId ?? "anon" }],
|
|
73
|
+
}));
|
|
74
|
+
const httpServer = http.createServer();
|
|
75
|
+
await createApp({ mcpServer: server, httpServer });
|
|
76
|
+
const listening = http.createServer(server.express);
|
|
77
|
+
await new Promise((resolve) => listening.listen(0, resolve));
|
|
78
|
+
appServer = listening;
|
|
79
|
+
const port = listening.address().port;
|
|
80
|
+
return `http://localhost:${port}`;
|
|
81
|
+
}
|
|
82
|
+
describe("setupOAuth wiring", () => {
|
|
83
|
+
it("serves protected-resource metadata", async () => {
|
|
84
|
+
const { jwksUri } = await startJwks();
|
|
85
|
+
const base = await bootServer(jwksUri);
|
|
86
|
+
const res = await fetch(`${base}/.well-known/oauth-protected-resource`);
|
|
87
|
+
expect(res.status).toBe(200);
|
|
88
|
+
const body = (await res.json());
|
|
89
|
+
expect(body.resource).toBe("https://app.example.test/");
|
|
90
|
+
expect(body.authorization_servers).toContain(ISSUER);
|
|
91
|
+
expect(body.scopes_supported).toEqual(["openid", "email"]);
|
|
92
|
+
});
|
|
93
|
+
it("rejects /mcp without a token (401 + WWW-Authenticate)", async () => {
|
|
94
|
+
const { jwksUri } = await startJwks();
|
|
95
|
+
const base = await bootServer(jwksUri);
|
|
96
|
+
const res = await fetch(`${base}/mcp`, {
|
|
97
|
+
method: "POST",
|
|
98
|
+
headers: { "Content-Type": "application/json" },
|
|
99
|
+
body: JSON.stringify({ jsonrpc: "2.0", method: "initialize", id: 1 }),
|
|
100
|
+
});
|
|
101
|
+
expect(res.status).toBe(401);
|
|
102
|
+
expect(res.headers.get("www-authenticate")).toMatch(/resource_metadata=/);
|
|
103
|
+
});
|
|
104
|
+
it("threads authInfo into the tool handler for a valid token", async () => {
|
|
105
|
+
const { privateKey, jwksUri } = await startJwks();
|
|
106
|
+
const base = await bootServer(jwksUri);
|
|
107
|
+
const token = await signToken(privateKey);
|
|
108
|
+
const client = new Client({ name: "test-client", version: "0.0.0" });
|
|
109
|
+
const transport = new StreamableHTTPClientTransport(new URL(`${base}/mcp`), { requestInit: { headers: { Authorization: `Bearer ${token}` } } });
|
|
110
|
+
await client.connect(transport);
|
|
111
|
+
const result = (await client.callTool({
|
|
112
|
+
name: "whoami",
|
|
113
|
+
arguments: {},
|
|
114
|
+
}));
|
|
115
|
+
expect(result.content[0]?.text).toBe("client-1");
|
|
116
|
+
await client.close();
|
|
117
|
+
});
|
|
118
|
+
});
|
|
119
|
+
describe("baseUrl inferred from headers", () => {
|
|
120
|
+
it("derives the resource origin from x-forwarded-host", async () => {
|
|
121
|
+
const { jwksUri } = await startJwks();
|
|
122
|
+
const base = await bootServer(jwksUri, { baseUrl: null });
|
|
123
|
+
const res = await fetch(`${base}/.well-known/oauth-protected-resource`, {
|
|
124
|
+
headers: { "x-forwarded-host": "infer.example.test" },
|
|
125
|
+
});
|
|
126
|
+
expect(res.status).toBe(200);
|
|
127
|
+
const body = (await res.json());
|
|
128
|
+
expect(body.resource).toBe("https://infer.example.test/");
|
|
129
|
+
});
|
|
130
|
+
it("uses the first hop of a forwarded-host chain", async () => {
|
|
131
|
+
const { jwksUri } = await startJwks();
|
|
132
|
+
const base = await bootServer(jwksUri, { baseUrl: null });
|
|
133
|
+
const res = await fetch(`${base}/.well-known/oauth-protected-resource`, {
|
|
134
|
+
headers: {
|
|
135
|
+
"x-forwarded-host": "public.example, internal.local",
|
|
136
|
+
"x-forwarded-proto": "https, http",
|
|
137
|
+
},
|
|
138
|
+
});
|
|
139
|
+
expect(res.status).toBe(200);
|
|
140
|
+
const body = (await res.json());
|
|
141
|
+
expect(body.resource).toBe("https://public.example/");
|
|
142
|
+
});
|
|
143
|
+
it("ignores the client Origin header, using Host instead", async () => {
|
|
144
|
+
const { jwksUri } = await startJwks();
|
|
145
|
+
const base = await bootServer(jwksUri, { baseUrl: null });
|
|
146
|
+
const res = await fetch(`${base}/.well-known/oauth-protected-resource`, {
|
|
147
|
+
headers: { origin: "https://chatgpt.com" },
|
|
148
|
+
});
|
|
149
|
+
expect(res.status).toBe(200);
|
|
150
|
+
const body = (await res.json());
|
|
151
|
+
expect(body.resource).toMatch(/^http:\/\/(localhost|127\.0\.0\.1):/);
|
|
152
|
+
});
|
|
153
|
+
it("points the 401 WWW-Authenticate at the inferred host", async () => {
|
|
154
|
+
const { jwksUri } = await startJwks();
|
|
155
|
+
const base = await bootServer(jwksUri, { baseUrl: null });
|
|
156
|
+
const res = await fetch(`${base}/mcp`, {
|
|
157
|
+
method: "POST",
|
|
158
|
+
headers: {
|
|
159
|
+
"Content-Type": "application/json",
|
|
160
|
+
"x-forwarded-host": "infer.example.test",
|
|
161
|
+
},
|
|
162
|
+
body: JSON.stringify({ jsonrpc: "2.0", method: "initialize", id: 1 }),
|
|
163
|
+
});
|
|
164
|
+
expect(res.status).toBe(401);
|
|
165
|
+
expect(res.headers.get("www-authenticate")).toMatch(/resource_metadata="https:\/\/infer\.example\.test\//);
|
|
166
|
+
});
|
|
167
|
+
});
|
|
168
|
+
describe("oauth config validation", () => {
|
|
169
|
+
const validMetadata = {
|
|
170
|
+
issuer: ISSUER,
|
|
171
|
+
authorization_endpoint: `${ISSUER}/authorize`,
|
|
172
|
+
token_endpoint: `${ISSUER}/token`,
|
|
173
|
+
response_types_supported: ["code"],
|
|
174
|
+
};
|
|
175
|
+
it("throws on a non-absolute baseUrl", () => {
|
|
176
|
+
expect(() => new McpServer({ name: "t", version: "0" }, undefined, {
|
|
177
|
+
oauth: {
|
|
178
|
+
baseUrl: "not-a-url",
|
|
179
|
+
oauthMetadata: validMetadata,
|
|
180
|
+
verify: { issuer: ISSUER, audience: AUDIENCE },
|
|
181
|
+
},
|
|
182
|
+
})).toThrow(/baseUrl must be a valid absolute URL/);
|
|
183
|
+
});
|
|
184
|
+
});
|
|
185
|
+
//# sourceMappingURL=setup.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"setup.test.js","sourceRoot":"","sources":["../../../src/server/auth/setup.test.ts"],"names":[],"mappings":"AAAA,2BAA2B;AAC3B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AAEnG,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,EAAE,CAAC,IAAI,CAAC,qBAAqB,EAAE,GAAG,EAAE,CAAC,CAAC;IACpC,oBAAoB,EAAE,GAAG,EAAE,CACzB,CAAC,CAAC,IAAa,EAAE,IAAa,EAAE,IAAgB,EAAE,EAAE,CAClD,IAAI,EAAE,CAAmB;CAC9B,CAAC,CAAC,CAAC;AACJ,EAAE,CAAC,IAAI,CAAC,sBAAsB,EAAE,GAAG,EAAE,CAAC,CAAC;IACrC,cAAc,EAAE,CAAC,WAAoB,EAAE,EAAE,CACvC,CAAC,CAAC,IAAa,EAAE,IAAa,EAAE,IAAgB,EAAE,EAAE,CAClD,IAAI,EAAE,CAAmB;CAC9B,CAAC,CAAC,CAAC;AAEJ,MAAM,MAAM,GAAG,qBAAqB,CAAC;AACrC,MAAM,QAAQ,GAAG,eAAe,CAAC;AAEjC,IAAI,UAAmC,CAAC;AACxC,IAAI,SAAkC,CAAC;AACvC,SAAS,CAAC,GAAG,EAAE;IACb,UAAU,EAAE,KAAK,EAAE,CAAC;IACpB,SAAS,EAAE,KAAK,EAAE,CAAC;AACrB,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,SAAS;IACtB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IACtE,MAAM,GAAG,GAAG;QACV,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACpC,GAAG,EAAE,UAAU;QACf,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;KACX,CAAC;IACF,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC7C,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;QAClD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IACH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;IAChE,UAAU,GAAG,MAAM,CAAC;IACpB,MAAM,IAAI,GAAI,MAAM,CAAC,OAAO,EAAuB,CAAC,IAAI,CAAC;IACzD,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,oBAAoB,IAAI,OAAO,EAAE,CAAC;AAClE,CAAC;AAED,SAAS,SAAS,CAAC,GAAc;IAC/B,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC;QACtB,SAAS,EAAE,UAAU;QACrB,KAAK,EAAE,cAAc;QACrB,GAAG,EAAE,QAAQ;KACd,CAAC;SACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;SACrD,SAAS,CAAC,MAAM,CAAC;SACjB,WAAW,CAAC,QAAQ,CAAC;SACrB,iBAAiB,CAAC,IAAI,CAAC;SACvB,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAe,EACf,EAAE,OAAO,GAAG,0BAA0B,KAAkC,EAAE;IAE1E,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,IAAI,SAAS,CAC1B,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,EACvC,EAAE,YAAY,EAAE,EAAE,EAAE,EACpB;QACE,KAAK,EAAE;YACL,GAAG,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC;YACxC,aAAa,EAAE;gBACb,MAAM,EAAE,MAAM;gBACd,sBAAsB,EAAE,GAAG,MAAM,YAAY;gBAC7C,cAAc,EAAE,GAAG,MAAM,QAAQ;gBACjC,wBAAwB,EAAE,CAAC,MAAM,CAAC;aACnC;YACD,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE;YACvD,eAAe,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;YACpC,cAAc,EAAE,CAAC,QAAQ,CAAC;SAC3B;KACF,CACF,CAAC,YAAY,CACZ;QACE,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,8BAA8B;QAC3C,WAAW,EAAE,EAAE;KAChB,EACD,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACjB,iBAAiB,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,QAAQ,IAAI,IAAI,EAAE;QACjE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,QAAQ,IAAI,MAAM,EAAE,CAAC;KACtE,CAAC,CACH,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;IACvC,MAAM,SAAS,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;IACnE,SAAS,GAAG,SAAS,CAAC;IACtB,MAAM,IAAI,GAAI,SAAS,CAAC,OAAO,EAAuB,CAAC,IAAI,CAAC;IAC5D,OAAO,oBAAoB,IAAI,EAAE,CAAC;AACpC,CAAC;AAED,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;QAEvC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,uCAAuC,CAAC,CAAC;QACxE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;QAEvC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,MAAM,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;SACtE,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QAClD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,CAAC;QAE1C,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,6BAA6B,CACjD,IAAI,GAAG,CAAC,GAAG,IAAI,MAAM,CAAC,EACtB,EAAE,WAAW,EAAE,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,EAAE,EAAE,CACnE,CAAC;QACF,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,MAAM,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC;YACpC,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,EAAE;SACd,CAAC,CAED,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEjD,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAE1D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,uCAAuC,EAAE;YACtE,OAAO,EAAE,EAAE,kBAAkB,EAAE,oBAAoB,EAAE;SACtD,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAE1D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,uCAAuC,EAAE;YACtE,OAAO,EAAE;gBACP,kBAAkB,EAAE,gCAAgC;gBACpD,mBAAmB,EAAE,aAAa;aACnC;SACF,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAE1D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,uCAAuC,EAAE;YACtE,OAAO,EAAE,EAAE,MAAM,EAAE,qBAAqB,EAAE;SAC3C,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,qCAAqC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAE1D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,MAAM,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,kBAAkB,EAAE,oBAAoB;aACzC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;SACtE,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,OAAO,CACjD,qDAAqD,CACtD,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,MAAM,aAAa,GAAG;QACpB,MAAM,EAAE,MAAM;QACd,sBAAsB,EAAE,GAAG,MAAM,YAAY;QAC7C,cAAc,EAAE,GAAG,MAAM,QAAQ;QACjC,wBAAwB,EAAE,CAAC,MAAM,CAAC;KACnC,CAAC;IAEF,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CACJ,GAAG,EAAE,CACH,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,SAAS,EAAE;YACpD,KAAK,EAAE;gBACL,OAAO,EAAE,WAAW;gBACpB,aAAa,EAAE,aAAa;gBAC5B,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE;aAC/C;SACF,CAAC,CACL,CAAC,OAAO,CAAC,sCAAsC,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["// @vitest-environment node\nimport http from \"node:http\";\nimport { Client } from \"@modelcontextprotocol/sdk/client/index.js\";\nimport { StreamableHTTPClientTransport } from \"@modelcontextprotocol/sdk/client/streamableHttp.js\";\nimport type { RequestHandler } from \"express\";\nimport * as jose from \"jose\";\nimport { afterEach, describe, expect, it, vi } from \"vitest\";\nimport { McpServer } from \"../server.js\";\n\nvi.mock(\"@skybridge/devtools\", () => ({\n devtoolsStaticServer: () =>\n ((_req: unknown, _res: unknown, next: () => void) =>\n next()) as RequestHandler,\n}));\nvi.mock(\"../viewsDevServer.js\", () => ({\n viewsDevServer: (_httpServer: unknown) =>\n ((_req: unknown, _res: unknown, next: () => void) =>\n next()) as RequestHandler,\n}));\n\nconst ISSUER = \"https://issuer.test\";\nconst AUDIENCE = \"api://default\";\n\nlet jwksServer: http.Server | undefined;\nlet appServer: http.Server | undefined;\nafterEach(() => {\n jwksServer?.close();\n appServer?.close();\n});\n\nasync function startJwks() {\n const { publicKey, privateKey } = await jose.generateKeyPair(\"RS256\");\n const jwk = {\n ...(await jose.exportJWK(publicKey)),\n kid: \"test-key\",\n alg: \"RS256\",\n use: \"sig\",\n };\n const server = http.createServer((_req, res) => {\n res.setHeader(\"content-type\", \"application/json\");\n res.end(JSON.stringify({ keys: [jwk] }));\n });\n await new Promise<void>((resolve) => server.listen(0, resolve));\n jwksServer = server;\n const port = (server.address() as { port: number }).port;\n return { privateKey, jwksUri: `http://localhost:${port}/jwks` };\n}\n\nfunction signToken(key: CryptoKey) {\n return new jose.SignJWT({\n client_id: \"client-1\",\n scope: \"openid email\",\n sub: \"user-1\",\n })\n .setProtectedHeader({ alg: \"RS256\", kid: \"test-key\" })\n .setIssuer(ISSUER)\n .setAudience(AUDIENCE)\n .setExpirationTime(\"1h\")\n .sign(key);\n}\n\nasync function bootServer(\n jwksUri: string,\n { baseUrl = \"https://app.example.test\" }: { baseUrl?: string | null } = {},\n) {\n const { createApp } = await import(\"../express.js\");\n const server = new McpServer(\n { name: \"auth-test\", version: \"0.0.0\" },\n { capabilities: {} },\n {\n oauth: {\n ...(baseUrl === null ? {} : { baseUrl }),\n oauthMetadata: {\n issuer: ISSUER,\n authorization_endpoint: `${ISSUER}/authorize`,\n token_endpoint: `${ISSUER}/token`,\n response_types_supported: [\"code\"],\n },\n verify: { issuer: ISSUER, audience: AUDIENCE, jwksUri },\n scopesSupported: [\"openid\", \"email\"],\n requiredScopes: [\"openid\"],\n },\n },\n ).registerTool(\n {\n name: \"whoami\",\n description: \"Returns the caller identity.\",\n inputSchema: {},\n },\n (_args, extra) => ({\n structuredContent: { clientId: extra.authInfo?.clientId ?? null },\n content: [{ type: \"text\", text: extra.authInfo?.clientId ?? \"anon\" }],\n }),\n );\n\n const httpServer = http.createServer();\n await createApp({ mcpServer: server, httpServer });\n const listening = http.createServer(server.express);\n await new Promise<void>((resolve) => listening.listen(0, resolve));\n appServer = listening;\n const port = (listening.address() as { port: number }).port;\n return `http://localhost:${port}`;\n}\n\ndescribe(\"setupOAuth wiring\", () => {\n it(\"serves protected-resource metadata\", async () => {\n const { jwksUri } = await startJwks();\n const base = await bootServer(jwksUri);\n\n const res = await fetch(`${base}/.well-known/oauth-protected-resource`);\n expect(res.status).toBe(200);\n const body = (await res.json()) as {\n resource: string;\n authorization_servers: string[];\n scopes_supported: string[];\n };\n expect(body.resource).toBe(\"https://app.example.test/\");\n expect(body.authorization_servers).toContain(ISSUER);\n expect(body.scopes_supported).toEqual([\"openid\", \"email\"]);\n });\n\n it(\"rejects /mcp without a token (401 + WWW-Authenticate)\", async () => {\n const { jwksUri } = await startJwks();\n const base = await bootServer(jwksUri);\n\n const res = await fetch(`${base}/mcp`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ jsonrpc: \"2.0\", method: \"initialize\", id: 1 }),\n });\n expect(res.status).toBe(401);\n expect(res.headers.get(\"www-authenticate\")).toMatch(/resource_metadata=/);\n });\n\n it(\"threads authInfo into the tool handler for a valid token\", async () => {\n const { privateKey, jwksUri } = await startJwks();\n const base = await bootServer(jwksUri);\n const token = await signToken(privateKey);\n\n const client = new Client({ name: \"test-client\", version: \"0.0.0\" });\n const transport = new StreamableHTTPClientTransport(\n new URL(`${base}/mcp`),\n { requestInit: { headers: { Authorization: `Bearer ${token}` } } },\n );\n await client.connect(transport);\n\n const result = (await client.callTool({\n name: \"whoami\",\n arguments: {},\n })) as unknown as {\n content: { type: string; text: string }[];\n };\n expect(result.content[0]?.text).toBe(\"client-1\");\n\n await client.close();\n });\n});\n\ndescribe(\"baseUrl inferred from headers\", () => {\n it(\"derives the resource origin from x-forwarded-host\", async () => {\n const { jwksUri } = await startJwks();\n const base = await bootServer(jwksUri, { baseUrl: null });\n\n const res = await fetch(`${base}/.well-known/oauth-protected-resource`, {\n headers: { \"x-forwarded-host\": \"infer.example.test\" },\n });\n expect(res.status).toBe(200);\n const body = (await res.json()) as { resource: string };\n expect(body.resource).toBe(\"https://infer.example.test/\");\n });\n\n it(\"uses the first hop of a forwarded-host chain\", async () => {\n const { jwksUri } = await startJwks();\n const base = await bootServer(jwksUri, { baseUrl: null });\n\n const res = await fetch(`${base}/.well-known/oauth-protected-resource`, {\n headers: {\n \"x-forwarded-host\": \"public.example, internal.local\",\n \"x-forwarded-proto\": \"https, http\",\n },\n });\n expect(res.status).toBe(200);\n const body = (await res.json()) as { resource: string };\n expect(body.resource).toBe(\"https://public.example/\");\n });\n\n it(\"ignores the client Origin header, using Host instead\", async () => {\n const { jwksUri } = await startJwks();\n const base = await bootServer(jwksUri, { baseUrl: null });\n\n const res = await fetch(`${base}/.well-known/oauth-protected-resource`, {\n headers: { origin: \"https://chatgpt.com\" },\n });\n expect(res.status).toBe(200);\n const body = (await res.json()) as { resource: string };\n expect(body.resource).toMatch(/^http:\\/\\/(localhost|127\\.0\\.0\\.1):/);\n });\n\n it(\"points the 401 WWW-Authenticate at the inferred host\", async () => {\n const { jwksUri } = await startJwks();\n const base = await bootServer(jwksUri, { baseUrl: null });\n\n const res = await fetch(`${base}/mcp`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"x-forwarded-host\": \"infer.example.test\",\n },\n body: JSON.stringify({ jsonrpc: \"2.0\", method: \"initialize\", id: 1 }),\n });\n expect(res.status).toBe(401);\n expect(res.headers.get(\"www-authenticate\")).toMatch(\n /resource_metadata=\"https:\\/\\/infer\\.example\\.test\\//,\n );\n });\n});\n\ndescribe(\"oauth config validation\", () => {\n const validMetadata = {\n issuer: ISSUER,\n authorization_endpoint: `${ISSUER}/authorize`,\n token_endpoint: `${ISSUER}/token`,\n response_types_supported: [\"code\"],\n };\n\n it(\"throws on a non-absolute baseUrl\", () => {\n expect(\n () =>\n new McpServer({ name: \"t\", version: \"0\" }, undefined, {\n oauth: {\n baseUrl: \"not-a-url\",\n oauthMetadata: validMetadata,\n verify: { issuer: ISSUER, audience: AUDIENCE },\n },\n }),\n ).toThrow(/baseUrl must be a valid absolute URL/);\n });\n});\n"]}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { OAuthTokenVerifier } from "@modelcontextprotocol/sdk/server/auth/provider.js";
|
|
2
|
+
export type JwksVerifyConfig = {
|
|
3
|
+
/** Expected `iss` claim. */
|
|
4
|
+
issuer: string;
|
|
5
|
+
/** Expected `aud` claim. */
|
|
6
|
+
audience: string;
|
|
7
|
+
/** Defaults to `${issuer}/.well-known/jwks.json`. */
|
|
8
|
+
jwksUri?: string;
|
|
9
|
+
};
|
|
10
|
+
/** Builds an `OAuthTokenVerifier` validating JWTs against a remote JWKS. Internal, not exported. */
|
|
11
|
+
export declare function createJwksVerifier(config: JwksVerifyConfig): OAuthTokenVerifier;
|