UNPKG

twenty-mcp-server

Version:

Easy-to-install Model Context Protocol server for Twenty CRM. Try instantly with 'npx twenty-mcp-server setup' or install globally for permanent use.

github.com/jezweb/twenty-mcp

jezweb/twenty-mcp

58 lines 1.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
export class AuthMiddleware { tokenValidator; authEnabled; requireAuth; constructor(tokenValidator) { this.tokenValidator = tokenValidator; this.authEnabled = process.env.AUTH_ENABLED === 'true'; this.requireAuth = process.env.REQUIRE_AUTH === 'true'; } async authenticate(req, res) { // Skip auth if not enabled if (!this.authEnabled) { return true; } const authHeader = req.headers.authorization; // No auth header if (!authHeader) { if (this.requireAuth) { this.sendUnauthorized(res, 'Missing Authorization header'); return false; } return true; // Allow anonymous if auth not required } // Validate token const result = await this.tokenValidator.validateBearerToken(authHeader); if (!result.valid) { this.sendUnauthorized(res, result.error || 'Invalid token'); return false; } // Attach user context to request req.auth = { userId: result.userId, sessionId: result.sessionId, }; return true; } sendUnauthorized(res, message) { res.writeHead(401, { 'Content-Type': 'application/json', 'WWW-Authenticate': 'Bearer realm="Twenty MCP Server"', 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS', 'Access-Control-Allow-Headers': 'Authorization, Content-Type', }); res.end(JSON.stringify({ error: 'unauthorized', error_description: message, })); } getAuthConfig() { return { enabled: this.authEnabled, required: this.requireAuth, provider: process.env.AUTH_PROVIDER || 'clerk', }; } } //# sourceMappingURL=middleware.js.map