UNPKG

@modelcontextprotocol/sdk

Version:

Model Context Protocol implementation for TypeScript

modelcontextprotocol.io

modelcontextprotocol/typescript-sdk

56 lines 2.66 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import { InsufficientScopeError, InvalidTokenError, OAuthError, ServerError } from "../errors.js"; /** * Middleware that requires a valid Bearer token in the Authorization header. * * This will validate the token with the auth provider and add the resulting auth info to the request object. */ export function requireBearerAuth({ provider, requiredScopes = [] }) { return async (req, res, next) => { try { const authHeader = req.headers.authorization; if (!authHeader) { throw new InvalidTokenError("Missing Authorization header"); } const [type, token] = authHeader.split(' '); if (type.toLowerCase() !== 'bearer' || !token) { throw new InvalidTokenError("Invalid Authorization header format, expected 'Bearer TOKEN'"); } const authInfo = await provider.verifyAccessToken(token); // Check if token has the required scopes (if any) if (requiredScopes.length > 0) { const hasAllScopes = requiredScopes.every(scope => authInfo.scopes.includes(scope)); if (!hasAllScopes) { throw new InsufficientScopeError("Insufficient scope"); } } // Check if the token is expired if (!!authInfo.expiresAt && authInfo.expiresAt < Date.now() / 1000) { throw new InvalidTokenError("Token has expired"); } req.auth = authInfo; next(); } catch (error) { if (error instanceof InvalidTokenError) { res.set("WWW-Authenticate", `Bearer error="${error.errorCode}", error_description="${error.message}"`); res.status(401).json(error.toResponseObject()); } else if (error instanceof InsufficientScopeError) { res.set("WWW-Authenticate", `Bearer error="${error.errorCode}", error_description="${error.message}"`); res.status(403).json(error.toResponseObject()); } else if (error instanceof ServerError) { res.status(500).json(error.toResponseObject()); } else if (error instanceof OAuthError) { res.status(400).json(error.toResponseObject()); } else { console.error("Unexpected error authenticating bearer token:", error); const serverError = new ServerError("Internal Server Error"); res.status(500).json(serverError.toResponseObject()); } } }; } //# sourceMappingURL=bearerAuth.js.map