UNPKG

@kya-os/mcp-i

Version:

The TypeScript MCP framework with identity features built-in

github.com/modelcontextprotocol-identity/mcp-i

modelcontextprotocol-identity/mcp-i

1 lines 7.58 kB
1
"use strict";exports.id=406,exports.ids=[25,406],exports.modules={4987:(e,s,o)=>{o.d(s,{C:()=>r});var n=o(76982),t=o(16928),i=o(51362);const r=e=>{const s=(0,n.createHash)("sha1").update(e).digest("hex");return(0,t.join)((0,i.R)(),".aws","sso","cache",`${s}.json`)}},6721:(e,s,o)=>{o.d(s,{Y:()=>t});var n=o(64549);const t=async e=>{const s=await(0,n.p)(e);return((...e)=>{const s={};for(const o of e)for(const[e,n]of Object.entries(o))void 0!==s[e]?Object.assign(s[e],n):s[e]=n;return s})(s.configFile,s.credentialsFile)}},48440:(e,s,o)=>{o.d(s,{a:()=>i,v:()=>r});var n=o(91943),t=o(4987);const i={},r=async e=>{if(i[e])return i[e];const s=(0,t.C)(e),o=await(0,n.readFile)(s,"utf8");return JSON.parse(o)}},49406:(e,s,o)=>{o.d(s,{fromSSO:()=>v});var n=o(84122),t=o(76682),i=o(6721),r=o(26433),a=o(62022),c=o(45223);const l=e=>Object.entries(e).filter(([e])=>e.startsWith(a.I.SSO_SESSION+c.Q)).reduce((e,[s,o])=>({...e,[s.substring(s.indexOf(c.Q)+1)]:o}),{});var g=o(33939),f=o(71078);const p=()=>({}),d=async(e={})=>(0,f.TA)(e.configFilepath??(0,r.g)()).then(g.A).then(l).catch(p);var h=o(53243),w=o(88816);class u extends w.m{name="TokenProviderError";constructor(e,s=!0){super(e,s),Object.setPrototypeOf(this,u.prototype)}}var S=o(48440);const C="To refresh this SSO session run 'aws sso login' with the corresponding profile.",_=e=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new u(`Token is expired. ${C}`,!1)},k=(e,s,o=!1)=>{if(void 0===s)throw new u(`Value not present for '${e}' in SSO Token${o?". Cannot refresh":""}. ${C}`,!1)};var m=o(4987),y=o(79896);const{writeFile:T}=y.promises,x=new Date(0),O=(e={})=>async({callerClientConfig:s}={})=>{const n={...e,parentClientConfig:{...s,...e.parentClientConfig}};n.logger?.debug("@aws-sdk/token-providers - fromSso");const r=await(0,i.Y)(n),a=(0,t.Bz)({profile:n.profile??s?.profile}),c=r[a];if(!c)throw new u(`Profile '${a}' could not be found in shared credentials file.`,!1);if(!c.sso_session)throw new u(`Profile '${a}' is missing required property 'sso_session'.`);const l=c.sso_session,g=(await d(n))[l];if(!g)throw new u(`Sso session '${l}' could not be found in shared credentials file.`,!1);for(const e of["sso_start_url","sso_region"])if(!g[e])throw new u(`Sso session '${l}' is missing required property '${e}'.`,!1);g.sso_start_url;const f=g.sso_region;let p;try{p=await(0,S.v)(l)}catch(e){throw new u(`The SSO session token associated with profile=${a} was not found or is invalid. ${C}`,!1)}k("accessToken",p.accessToken),k("expiresAt",p.expiresAt);const{accessToken:h,expiresAt:w}=p,y={token:h,expiration:new Date(w)};if(y.expiration.getTime()-Date.now()>3e5)return y;if(Date.now()-x.getTime()<3e4)return _(y),y;k("clientId",p.clientId,!0),k("clientSecret",p.clientSecret,!0),k("refreshToken",p.refreshToken,!0);try{x.setTime(Date.now());const e=await(async(e,s,n={})=>{const{CreateTokenCommand:t}=await Promise.all([o.e(478),o.e(575)]).then(o.bind(o,21575)),i=await(async(e,s={})=>{const{SSOOIDCClient:n}=await Promise.all([o.e(478),o.e(575)]).then(o.bind(o,21575)),t=e=>s.clientConfig?.[e]??s.parentClientConfig?.[e];return new n(Object.assign({},s.clientConfig??{},{region:e??s.clientConfig?.region,logger:t("logger"),userAgentAppId:t("userAgentAppId")}))})(s,n);return i.send(new t({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))})(p,f,n);k("accessToken",e.accessToken),k("expiresIn",e.expiresIn);const s=new Date(Date.now()+1e3*e.expiresIn);try{await((e,s)=>{const o=(0,m.C)(e),n=JSON.stringify(s,null,2);return T(o,n)})(l,{...p,accessToken:e.accessToken,expiresAt:s.toISOString(),refreshToken:e.refreshToken})}catch(e){}return{token:e.accessToken,expiration:s}}catch(e){return _(y),y}},I=!1,A=async({ssoStartUrl:e,ssoSession:s,ssoAccountId:t,ssoRegion:i,ssoRoleName:r,ssoClient:a,clientConfig:c,parentClientConfig:l,profile:g,filepath:f,configFilepath:p,ignoreCache:d,logger:w})=>{let u;const C="To refresh this SSO session run aws sso login with the corresponding profile.";if(s)try{const e=await O({profile:g,filepath:f,configFilepath:p,ignoreCache:d})();u={accessToken:e.token,expiresAt:new Date(e.expiration).toISOString()}}catch(e){throw new n.C(e.message,{tryNextLink:I,logger:w})}else try{u=await(0,S.v)(e)}catch(e){throw new n.C(`The SSO session associated with this profile is invalid. ${C}`,{tryNextLink:I,logger:w})}if(new Date(u.expiresAt).getTime()-Date.now()<=0)throw new n.C(`The SSO session associated with this profile has expired. ${C}`,{tryNextLink:I,logger:w});const{accessToken:_}=u,{SSOClient:k,GetRoleCredentialsCommand:m}=await Promise.all([o.e(478),o.e(936)]).then(o.bind(o,37936)),y=a||new k(Object.assign({},c??{},{logger:c?.logger??l?.logger,region:c?.region??i,userAgentAppId:c?.userAgentAppId??l?.userAgentAppId}));let T;try{T=await y.send(new m({accountId:t,roleName:r,accessToken:_}))}catch(e){throw new n.C(e,{tryNextLink:I,logger:w})}const{roleCredentials:{accessKeyId:x,secretAccessKey:A,sessionToken:v,expiration:N,credentialScope:$,accountId:R}={}}=T;if(!(x&&A&&v&&N))throw new n.C("SSO returns an invalid temporary credential.",{tryNextLink:I,logger:w});const b={accessKeyId:x,secretAccessKey:A,sessionToken:v,expiration:new Date(N),...$&&{credentialScope:$},...R&&{accountId:R}};return s?(0,h.g)(b,"CREDENTIALS_SSO","s"):(0,h.g)(b,"CREDENTIALS_SSO_LEGACY","u"),b},v=(e={})=>async({callerClientConfig:s}={})=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");const{ssoStartUrl:o,ssoAccountId:r,ssoRegion:a,ssoRoleName:c,ssoSession:l}=e,{ssoClient:g}=e,f=(0,t.Bz)({profile:e.profile??s?.profile});if(o||r||a||c||l){if(o&&r&&a&&c)return A({ssoStartUrl:o,ssoSession:l,ssoAccountId:r,ssoRegion:a,ssoRoleName:c,ssoClient:g,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,profile:f,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger});throw new n.C('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger})}{const s=(await(0,i.Y)(e))[f];if(!s)throw new n.C(`Profile ${f} was not found.`,{logger:e.logger});if(!(p=s)||"string"!=typeof p.sso_start_url&&"string"!=typeof p.sso_account_id&&"string"!=typeof p.sso_session&&"string"!=typeof p.sso_region&&"string"!=typeof p.sso_role_name)throw new n.C(`Profile ${f} is not configured with SSO credentials.`,{logger:e.logger});if(s?.sso_session){const t=(await d(e))[s.sso_session],i=` configurations in profile ${f} and sso-session ${s.sso_session}`;if(a&&a!==t.sso_region)throw new n.C("Conflicting SSO region"+i,{tryNextLink:!1,logger:e.logger});if(o&&o!==t.sso_start_url)throw new n.C("Conflicting SSO start_url"+i,{tryNextLink:!1,logger:e.logger});s.sso_region=t.sso_region,s.sso_start_url=t.sso_start_url}const{sso_start_url:t,sso_account_id:r,sso_region:c,sso_role_name:l,sso_session:h}=((e,s)=>{const{sso_start_url:o,sso_account_id:t,sso_region:i,sso_role_name:r}=e;if(!(o&&t&&i&&r))throw new n.C(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:s});return e})(s,e.logger);return A({ssoStartUrl:t,ssoSession:h,ssoAccountId:r,ssoRegion:c,ssoRoleName:l,ssoClient:g,clientConfig:e.clientConfig,parentClientConfig:e.parentClientConfig,profile:f,filepath:e.filepath,configFilepath:e.configFilepath,ignoreCache:e.ignoreCache,logger:e.logger})}var p}}};