finops-mcp-server/dist/auth-manager.d.ts

MCP server for FinOps Center cost optimization integration

/**
 * Authentication and Security Manager
 *
 * This module handles secure credential management, authentication header generation,
 * and security-related operations for the FinOps MCP Server.
 */
import { Logger } from './types/config';
export interface AuthenticationMethod {
    type: 'bearer' | 'api-key' | 'custom';
    value: string;
    expiresAt?: Date;
}
export interface AuthHeaders {
    [key: string]: string;
}
export interface CredentialStore {
    apiKey?: string;
    bearerToken?: string;
    customToken?: string;
    expiresAt?: Date;
}
export interface AuthenticationError extends Error {
    code: 'INVALID_CREDENTIALS' | 'EXPIRED_TOKEN' | 'AUTHENTICATION_FAILED';
    details?: any;
}
/**
 * Secure credential handler
 * Manages API keys and tokens securely in memory with automatic cleanup
 */
export declare class SecureCredentialHandler {
    private credentials;
    private cleanupHandlers;
    private logger;
    constructor(logger?: Logger);
    /**
     * Store API key securely in memory
     */
    storeApiKey(apiKey: string, expiresAt?: Date): void;
    /**
     * Store bearer token securely in memory
     */
    storeBearerToken(token: string, expiresAt?: Date): void;
    /**
     * Store custom authentication token
     */
    storeCustomToken(token: string, expiresAt?: Date): void;
    /**
     * Get stored API key (returns redacted version for logging)
     */
    getApiKey(): string | undefined;
    /**
     * Get stored bearer token (returns redacted version for logging)
     */
    getBearerToken(): string | undefined;
    /**
     * Get stored custom token (returns redacted version for logging)
     */
    getCustomToken(): string | undefined;
    /**
     * Check if credentials are expired
     */
    isExpired(): boolean;
    /**
     * Get credential expiry time
     */
    getExpiryTime(): Date | undefined;
    /**
     * Clear all stored credentials from memory
     */
    clearCredentials(): void;
    /**
     * Redact sensitive credential data for logging
     */
    redactCredential(credential: string): string;
    /**
     * Validate API key format
     */
    private isValidApiKey;
    /**
     * Validate credential expiry and throw error if expired
     */
    private validateCredentialExpiry;
    /**
     * Generate random string for credential overwriting
     */
    private generateRandomString;
    /**
     * Setup process cleanup handlers to clear credentials on termination
     */
    private setupProcessCleanup;
    /**
     * Manually trigger cleanup (for testing purposes)
     */
    triggerCleanup(): void;
}
/**
 * Authentication header manager
 * Generates proper HTTP headers for different authentication methods
 */
export declare class AuthHeaderManager {
    private credentialHandler;
    private logger;
    constructor(credentialHandler: SecureCredentialHandler, logger?: Logger);
    /**
     * Generate authentication headers for API requests
     */
    generateHeaders(method?: 'bearer' | 'api-key' | 'custom'): AuthHeaders;
    /**
     * Add Bearer token to headers
     */
    private addBearerTokenHeader;
    /**
     * Add API key to headers
     */
    private addApiKeyHeader;
    /**
     * Add custom token to headers
     */
    private addCustomTokenHeader;
    /**
     * Detect the appropriate authentication method based on available credentials
     */
    private detectAuthenticationMethod;
    /**
     * Validate authentication headers
     */
    validateHeaders(headers: AuthHeaders): boolean;
    /**
     * Handle authentication errors and token refresh
     */
    handleAuthError(error: any, retryCallback?: () => Promise<any>): Promise<any>;
}
/**
 * Main authentication manager
 * Orchestrates credential handling and authentication operations
 */
export declare class AuthManager {
    private credentialHandler;
    private headerManager;
    private logger;
    constructor(logger?: Logger);
    /**
     * Initialize authentication with API key
     */
    initializeWithApiKey(apiKey: string, expiresAt?: Date): void;
    /**
     * Initialize authentication with Bearer token
     */
    initializeWithBearerToken(token: string, expiresAt?: Date): void;
    /**
     * Initialize authentication with custom token
     */
    initializeWithCustomToken(token: string, expiresAt?: Date): void;
    /**
     * Generate authentication headers for API requests
     */
    getAuthHeaders(method?: 'bearer' | 'api-key' | 'custom'): AuthHeaders;
    /**
     * Handle authentication errors
     */
    handleAuthError(error: any, retryCallback?: () => Promise<any>): Promise<any>;
    /**
     * Check if credentials are expired
     */
    isExpired(): boolean;
    /**
     * Get credential expiry time
     */
    getExpiryTime(): Date | undefined;
    /**
     * Clear all credentials
     */
    clearCredentials(): void;
    /**
     * Get credential handler for advanced operations
     */
    getCredentialHandler(): SecureCredentialHandler;
    /**
     * Get header manager for advanced operations
     */
    getHeaderManager(): AuthHeaderManager;
}
//# sourceMappingURL=auth-manager.d.ts.map