mirrors/mcphub
1
0
Fork 0
mirror of https://github.com/samanhappy/mcphub.git synced 2025-12-23 18:29:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: Use base URL from settings for dynamic client registration and metadata endpoints (#438)

Browse Source
This commit is contained in:
samanhappy
2025-11-21 16:20:54 +08:00
committed by GitHub
parent 449e6ea4fd
commit 01bb011736
2 changed files with 23 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/controllers/oauthDynamicRegistrationController.ts
View File

@@ -32,14 +32,14 @@ const verifyRegistrationToken = (token: string): string | null => {
if (!data) { if (!data) {
return null; return null;
} }
// Token expires after 30 days // Token expires after 30 days
const expiresAt = new Date(data.createdAt.getTime() + 30 * 24 * 60 * 60 * 1000); const expiresAt = new Date(data.createdAt.getTime() + 30 * 24 * 60 * 60 * 1000);
if (new Date() > expiresAt) { if (new Date() > expiresAt) {
registrationTokens.delete(token); registrationTokens.delete(token);
return null; return null;
} }
return data.clientId; return data.clientId;
}; };
@@ -115,7 +115,7 @@ export const registerClient = (req: Request, res: Response): void => {
// Generate client credentials // Generate client credentials
const clientId = crypto.randomBytes(16).toString('hex'); const clientId = crypto.randomBytes(16).toString('hex');
// Determine if client secret is needed based on token_endpoint_auth_method // Determine if client secret is needed based on token_endpoint_auth_method
const authMethod = token_endpoint_auth_method || 'client_secret_basic'; const authMethod = token_endpoint_auth_method || 'client_secret_basic';
const needsSecret = authMethod !== 'none'; const needsSecret = authMethod !== 'none';
@@ -155,7 +155,9 @@ export const registerClient = (req: Request, res: Response): void => {
// Generate registration access token // Generate registration access token
const registrationAccessToken = generateRegistrationToken(clientId); const registrationAccessToken = generateRegistrationToken(clientId);
const registrationClientUri = `${req.protocol}://${req.get('host')}/oauth/register/${clientId}`; const baseUrl =
settings.systemConfig?.install?.baseUrl || `${req.protocol}://${req.get('host')}`;
const registrationClientUri = `${baseUrl}/oauth/register/${clientId}`;
// Create OAuth client // Create OAuth client
const client: IOAuthClient = { const client: IOAuthClient = {
@@ -216,7 +218,7 @@ export const registerClient = (req: Request, res: Response): void => {
res.status(201).json(response); res.status(201).json(response);
} catch (error) { } catch (error) {
console.error('Dynamic client registration error:', error); console.error('Dynamic client registration error:', error);
if (error instanceof Error && error.message.includes('already exists')) { if (error instanceof Error && error.message.includes('already exists')) {
res.status(400).json({ res.status(400).json({
error: 'invalid_client_metadata', error: 'invalid_client_metadata',
@@ -277,12 +279,14 @@ export const getClientConfiguration = (req: Request, res: Response): void => {
grant_types: client.grants, grant_types: client.grants,
response_types: client.metadata?.response_types || ['code'], response_types: client.metadata?.response_types || ['code'],
scope: (client.scopes || []).join(' '), scope: (client.scopes || []).join(' '),
token_endpoint_auth_method: client.metadata?.token_endpoint_auth_method || 'client_secret_basic', token_endpoint_auth_method:
client.metadata?.token_endpoint_auth_method || 'client_secret_basic',
}; };
// Include optional metadata // Include optional metadata
if (client.metadata) { if (client.metadata) {
if (client.metadata.application_type) response.application_type = client.metadata.application_type; if (client.metadata.application_type)
response.application_type = client.metadata.application_type;
if (client.metadata.contacts) response.contacts = client.metadata.contacts; if (client.metadata.contacts) response.contacts = client.metadata.contacts;
if (client.metadata.logo_uri) response.logo_uri = client.metadata.logo_uri; if (client.metadata.logo_uri) response.logo_uri = client.metadata.logo_uri;
if (client.metadata.client_uri) response.client_uri = client.metadata.client_uri; if (client.metadata.client_uri) response.client_uri = client.metadata.client_uri;
@@ -457,16 +461,20 @@ export const updateClientConfiguration = (req: Request, res: Response): void =>
grant_types: updatedClient.grants, grant_types: updatedClient.grants,
response_types: updatedClient.metadata?.response_types || ['code'], response_types: updatedClient.metadata?.response_types || ['code'],
scope: (updatedClient.scopes || []).join(' '), scope: (updatedClient.scopes || []).join(' '),
token_endpoint_auth_method: updatedClient.metadata?.token_endpoint_auth_method || 'client_secret_basic', token_endpoint_auth_method:
updatedClient.metadata?.token_endpoint_auth_method || 'client_secret_basic',
}; };
// Include optional metadata // Include optional metadata
if (updatedClient.metadata) { if (updatedClient.metadata) {
if (updatedClient.metadata.application_type) response.application_type = updatedClient.metadata.application_type; if (updatedClient.metadata.application_type)
response.application_type = updatedClient.metadata.application_type;
if (updatedClient.metadata.contacts) response.contacts = updatedClient.metadata.contacts; if (updatedClient.metadata.contacts) response.contacts = updatedClient.metadata.contacts;
if (updatedClient.metadata.logo_uri) response.logo_uri = updatedClient.metadata.logo_uri; if (updatedClient.metadata.logo_uri) response.logo_uri = updatedClient.metadata.logo_uri;
if (updatedClient.metadata.client_uri) response.client_uri = updatedClient.metadata.client_uri; if (updatedClient.metadata.client_uri)
if (updatedClient.metadata.policy_uri) response.policy_uri = updatedClient.metadata.policy_uri; response.client_uri = updatedClient.metadata.client_uri;
if (updatedClient.metadata.policy_uri)
response.policy_uri = updatedClient.metadata.policy_uri;
if (updatedClient.metadata.tos_uri) response.tos_uri = updatedClient.metadata.tos_uri; if (updatedClient.metadata.tos_uri) response.tos_uri = updatedClient.metadata.tos_uri;
if (updatedClient.metadata.jwks_uri) response.jwks_uri = updatedClient.metadata.jwks_uri; if (updatedClient.metadata.jwks_uri) response.jwks_uri = updatedClient.metadata.jwks_uri;
if (updatedClient.metadata.jwks) response.jwks = updatedClient.metadata.jwks; if (updatedClient.metadata.jwks) response.jwks = updatedClient.metadata.jwks;

6
src/controllers/oauthServerController.ts
View File

@@ -449,7 +449,8 @@ export const getMetadata = async (req: Request, res: Response): Promise<void> =>
return; return;
} }
const baseUrl = `${req.protocol}://${req.get('host')}`; const baseUrl =
settings.systemConfig?.install?.baseUrl || `${req.protocol}://${req.get('host')}`;
const allowedScopes = oauthConfig.allowedScopes || ['read', 'write']; const allowedScopes = oauthConfig.allowedScopes || ['read', 'write'];
const metadata: any = { const metadata: any = {
@@ -494,7 +495,8 @@ export const getProtectedResourceMetadata = async (req: Request, res: Response):
return; return;
} }
const baseUrl = `${req.protocol}://${req.get('host')}`; const baseUrl =
settings.systemConfig?.install?.baseUrl || `${req.protocol}://${req.get('host')}`;
const allowedScopes = oauthConfig.allowedScopes || ['read', 'write']; const allowedScopes = oauthConfig.allowedScopes || ['read', 'write'];
// Return protected resource metadata according to RFC 9728 // Return protected resource metadata according to RFC 9728