UNPKG

@dollhousemcp/mcp-server

Version:

DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.

37 lines 1.55 kB
/** * Console token management HTTP routes — #1795. * * Provides: * - POST /api/console/token/rotate — rotate the primary token with TOTP confirmation * * Security model: * - All endpoints require a valid existing console token. Enforcement * happens via an always-on `createAuthMiddleware` instance mounted at the * top of this router, independent of `DOLLHOUSE_WEB_AUTH_ENABLED`. * - Rotation additionally requires TOTP confirmation (Pattern B). Pattern A * (OS dialog fallback) is deferred to a follow-up issue. * - A sliding-window rate limit throttles rotation attempts so a bad actor * with a live session can't brute-force TOTP codes by flooding rotations. * * @since v2.1.0 — Issue #1795 */ import { Router } from 'express'; import { type ConsoleTokenStore } from '../console/consoleToken.js'; /** * Options for the token routes factory. */ export interface TokenRoutesOptions { store: ConsoleTokenStore; /** Maximum rotation attempts per window. Default: 10. */ rateLimitMax?: number; /** Rate limit window in milliseconds. Default: 60_000 (1 minute). */ rateLimitWindowMs?: number; } /** * Build the Express router exposing token management endpoints. The returned * router should be mounted at `/api/console/token`; the caller does not need * to add additional auth middleware — this router enforces its own auth * regardless of the global feature flag. */ export declare function createTokenRoutes(options: TokenRoutesOptions): Router; //# sourceMappingURL=tokenRoutes.d.ts.map