Merge branch 'custom-headers'

Author: geelen

.github/workflows/check.yml

@@ -0,0 +1,25 @@
+name: Check
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm & install
+        uses: wyvox/action-setup-pnpm@v3
+        with:
+          node-version: 22
+
+      - name: Build
+        run: pnpm build
+
+      - name: Run checks
+        run: pnpm run check

.github/workflows/publish.yml

@@ -0,0 +1,26 @@
+name: Publish Any Commit
+on:
+  pull_request:
+  push:
+    branches:
+      - '**'
+    tags:
+      - '!**'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm & install
+        uses: wyvox/action-setup-pnpm@v3
+        with:
+          node-version: 22
+
+      - name: Build
+        run: pnpm build
+
+      - run: pnpm dlx pkg-pr-new publish --bin

.prettierignore

@@ -1 +1,2 @@
-pnpm-lock.yaml
+pnpm-lock.yaml
+*.md

package.json

@@ -1,5 +1,6 @@
 {
   "name": "use-mcp",
+  "repository": "https://github.com/geelen/use-mcp",
   "version": "0.0.7",
   "type": "module",
   "files": [
@@ -50,5 +51,6 @@
       "react",
       "@modelcontextprotocol/sdk"
     ]
-  }
+  },
+  "packageManager": "[email protected]+sha512.6540583f41cc5f628eb3d9773ecee802f4f9ef9923cc45b69890fb47991d4b092964694ec3a4f738a420c918a333062c8b925d312f42e4f0c263eb603551f977"
 }

src/auth/browser-provider.ts

@@ -1,41 +1,43 @@
 // browser-provider.ts
-import { OAuthClientInformation, OAuthMetadata, OAuthTokens, OAuthClientMetadata } from '@modelcontextprotocol/sdk/shared/auth.js';
-import { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
+import { OAuthClientInformation, OAuthMetadata, OAuthTokens, OAuthClientMetadata } from '@modelcontextprotocol/sdk/shared/auth.js'
+import { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js'
 // Assuming StoredState is defined in ./types.js and includes fields for provider options
-import { StoredState } from './types.js'; // Adjust path if necessary
+import { StoredState } from './types.js' // Adjust path if necessary
 
 /**
  * Browser-compatible OAuth client provider for MCP using localStorage.
  */
 export class BrowserOAuthClientProvider implements OAuthClientProvider {
-  readonly serverUrl: string;
-  readonly storageKeyPrefix: string;
-  readonly serverUrlHash: string;
-  readonly clientName: string;
-  readonly clientUri: string;
-  readonly callbackUrl: string;
+  readonly serverUrl: string
+  readonly storageKeyPrefix: string
+  readonly serverUrlHash: string
+  readonly clientName: string
+  readonly clientUri: string
+  readonly callbackUrl: string
 
   constructor(
     serverUrl: string,
     options: {
-      storageKeyPrefix?: string;
-      clientName?: string;
-      clientUri?: string;
-      callbackUrl?: string;
+      storageKeyPrefix?: string
+      clientName?: string
+      clientUri?: string
+      callbackUrl?: string
     } = {},
   ) {
-    this.serverUrl = serverUrl;
-    this.storageKeyPrefix = options.storageKeyPrefix || 'mcp:auth';
-    this.serverUrlHash = this.hashString(serverUrl);
-    this.clientName = options.clientName || 'MCP Browser Client';
-    this.clientUri = options.clientUri || (typeof window !== 'undefined' ? window.location.origin : '');
-    this.callbackUrl = options.callbackUrl || (typeof window !== 'undefined' ? new URL('/oauth/callback', window.location.origin).toString() : '/oauth/callback');
+    this.serverUrl = serverUrl
+    this.storageKeyPrefix = options.storageKeyPrefix || 'mcp:auth'
+    this.serverUrlHash = this.hashString(serverUrl)
+    this.clientName = options.clientName || 'MCP Browser Client'
+    this.clientUri = options.clientUri || (typeof window !== 'undefined' ? window.location.origin : '')
+    this.callbackUrl =
+      options.callbackUrl ||
+      (typeof window !== 'undefined' ? new URL('/oauth/callback', window.location.origin).toString() : '/oauth/callback')
   }
 
   // --- SDK Interface Methods ---
 
   get redirectUrl(): string {
-    return this.callbackUrl;
+    return this.callbackUrl
   }
 
   get clientMetadata(): OAuthClientMetadata {
@@ -47,68 +49,69 @@ export class BrowserOAuthClientProvider implements OAuthClientProvider {
       client_name: this.clientName,
       client_uri: this.clientUri,
       // scope: 'openid profile email mcp', // Example scopes, adjust as needed
-    };
+    }
   }
 
   async clientInformation(): Promise<OAuthClientInformation | undefined> {
-    const key = this.getKey('client_info');
-    const data = localStorage.getItem(key);
-    if (!data) return undefined;
+    const key = this.getKey('client_info')
+    const data = localStorage.getItem(key)
+    if (!data) return undefined
     try {
       // TODO: Add validation using a schema
-      return JSON.parse(data) as OAuthClientInformation;
+      return JSON.parse(data) as OAuthClientInformation
     } catch (e) {
-      console.warn(`[${this.storageKeyPrefix}] Failed to parse client information:`, e);
-      localStorage.removeItem(key);
-      return undefined;
+      console.warn(`[${this.storageKeyPrefix}] Failed to parse client information:`, e)
+      localStorage.removeItem(key)
+      return undefined
     }
   }
 
   // NOTE: The SDK's auth() function uses this if dynamic registration is needed.
   // Ensure your OAuthClientInformationFull matches the expected structure if DCR is used.
   async saveClientInformation(clientInformation: OAuthClientInformation /* | OAuthClientInformationFull */): Promise<void> {
-    const key = this.getKey('client_info');
+    const key = this.getKey('client_info')
     // Cast needed if handling OAuthClientInformationFull specifically
-    localStorage.setItem(key, JSON.stringify(clientInformation));
+    localStorage.setItem(key, JSON.stringify(clientInformation))
   }
 
-
   async tokens(): Promise<OAuthTokens | undefined> {
-    const key = this.getKey('tokens');
-    const data = localStorage.getItem(key);
-    if (!data) return undefined;
+    const key = this.getKey('tokens')
+    const data = localStorage.getItem(key)
+    if (!data) return undefined
     try {
       // TODO: Add validation
-      return JSON.parse(data) as OAuthTokens;
+      return JSON.parse(data) as OAuthTokens
     } catch (e) {
-      console.warn(`[${this.storageKeyPrefix}] Failed to parse tokens:`, e);
-      localStorage.removeItem(key);
-      return undefined;
+      console.warn(`[${this.storageKeyPrefix}] Failed to parse tokens:`, e)
+      localStorage.removeItem(key)
+      return undefined
     }
   }
 
   async saveTokens(tokens: OAuthTokens): Promise<void> {
-    const key = this.getKey('tokens');
-    localStorage.setItem(key, JSON.stringify(tokens));
+    const key = this.getKey('tokens')
+    localStorage.setItem(key, JSON.stringify(tokens))
     // Clean up code verifier and last auth URL after successful token save
-    localStorage.removeItem(this.getKey('code_verifier'));
-    localStorage.removeItem(this.getKey('last_auth_url'));
+    localStorage.removeItem(this.getKey('code_verifier'))
+    localStorage.removeItem(this.getKey('last_auth_url'))
   }
 
   async saveCodeVerifier(codeVerifier: string): Promise<void> {
-    const key = this.getKey('code_verifier');
-    localStorage.setItem(key, codeVerifier);
+    const key = this.getKey('code_verifier')
+    localStorage.setItem(key, codeVerifier)
   }
 
   async codeVerifier(): Promise<string> {
-    const key = this.getKey('code_verifier');
-    const verifier = localStorage.getItem(key);
+    const key = this.getKey('code_verifier')
+    const verifier = localStorage.getItem(key)
     if (!verifier) {
-      throw new Error(`[${this.storageKeyPrefix}] Code verifier not found in storage for key ${key}. Auth flow likely corrupted or timed out.`);
+      throw new Error(
+        `[${this.storageKeyPrefix}] Code verifier not found in storage for key ${key}. Auth flow likely corrupted or timed out.`,
+      )
     }
     // SDK's auth() retrieves this BEFORE exchanging code. Don't remove it here.
     // It will be removed in saveTokens on success.
-    return verifier;
+    return verifier
   }
 
   /**
@@ -118,8 +121,8 @@ export class BrowserOAuthClientProvider implements OAuthClientProvider {
    */
   async redirectToAuthorization(authorizationUrl: URL): Promise<void> {
     // Generate a unique state parameter for this authorization request
-    const state = crypto.randomUUID();
-    const stateKey = `${this.storageKeyPrefix}:state_${state}`;
+    const state = crypto.randomUUID()
+    const stateKey = `${this.storageKeyPrefix}:state_${state}`
 
     // Store context needed by the callback handler, associated with the state param
     const stateData: StoredState = {
@@ -132,32 +135,34 @@ export class BrowserOAuthClientProvider implements OAuthClientProvider {
         clientName: this.clientName,
         clientUri: this.clientUri,
         callbackUrl: this.callbackUrl,
-      }
-    };
-    localStorage.setItem(stateKey, JSON.stringify(stateData));
+      },
+    }
+    localStorage.setItem(stateKey, JSON.stringify(stateData))
 
     // Add the state parameter to the URL
-    authorizationUrl.searchParams.set('state', state);
-    const authUrlString = authorizationUrl.toString();
+    authorizationUrl.searchParams.set('state', state)
+    const authUrlString = authorizationUrl.toString()
 
     // Persist the exact auth URL in case the popup fails and manual navigation is needed
-    localStorage.setItem(this.getKey('last_auth_url'), authUrlString);
+    localStorage.setItem(this.getKey('last_auth_url'), authUrlString)
 
     // Attempt to open the popup
-    const popupFeatures = 'width=600,height=700,resizable=yes,scrollbars=yes,status=yes'; // Make configurable if needed
+    const popupFeatures = 'width=600,height=700,resizable=yes,scrollbars=yes,status=yes' // Make configurable if needed
     try {
-      const popup = window.open(authUrlString, `mcp_auth_${this.serverUrlHash}`, popupFeatures);
+      const popup = window.open(authUrlString, `mcp_auth_${this.serverUrlHash}`, popupFeatures)
 
       if (!popup || popup.closed || typeof popup.closed === 'undefined') {
-        console.warn(`[${this.storageKeyPrefix}] Popup likely blocked by browser. Manual navigation might be required using the stored URL.`);
+        console.warn(
+          `[${this.storageKeyPrefix}] Popup likely blocked by browser. Manual navigation might be required using the stored URL.`,
+        )
         // Cannot signal failure back via SDK auth() directly.
         // useMcp will need to rely on timeout or manual trigger if stuck.
       } else {
-        popup.focus();
-        console.info(`[${this.storageKeyPrefix}] Redirecting to authorization URL in popup.`);
+        popup.focus()
+        console.info(`[${this.storageKeyPrefix}] Redirecting to authorization URL in popup.`)
       }
     } catch (e) {
-      console.error(`[${this.storageKeyPrefix}] Error opening popup window:`, e);
+      console.error(`[${this.storageKeyPrefix}] Error opening popup window:`, e)
       // Cannot signal failure back via SDK auth() directly.
     }
     // Regardless of popup success, the interface expects this method to initiate the redirect.
@@ -170,60 +175,59 @@ export class BrowserOAuthClientProvider implements OAuthClientProvider {
    * Retrieves the last URL passed to `redirectToAuthorization`. Useful for manual fallback.
    */
   getLastAttemptedAuthUrl(): string | null {
-    return localStorage.getItem(this.getKey('last_auth_url'));
+    return localStorage.getItem(this.getKey('last_auth_url'))
   }
 
-
   clearStorage(): number {
-    const prefixPattern = `${this.storageKeyPrefix}_${this.serverUrlHash}_`;
-    const statePattern = `${this.storageKeyPrefix}:state_`;
-    const keysToRemove: string[] = [];
-    let count = 0;
+    const prefixPattern = `${this.storageKeyPrefix}_${this.serverUrlHash}_`
+    const statePattern = `${this.storageKeyPrefix}:state_`
+    const keysToRemove: string[] = []
+    let count = 0
 
     for (let i = 0; i < localStorage.length; i++) {
-      const key = localStorage.key(i);
-      if (!key) continue;
+      const key = localStorage.key(i)
+      if (!key) continue
 
       if (key.startsWith(prefixPattern)) {
-        keysToRemove.push(key);
+        keysToRemove.push(key)
       } else if (key.startsWith(statePattern)) {
         try {
-          const item = localStorage.getItem(key);
+          const item = localStorage.getItem(key)
           if (item) {
             // Check if state belongs to this provider instance based on serverUrlHash
             // We need to parse cautiously as the structure isn't guaranteed.
-            const state = JSON.parse(item) as Partial<StoredState>;
+            const state = JSON.parse(item) as Partial<StoredState>
             if (state.serverUrlHash === this.serverUrlHash) {
-              keysToRemove.push(key);
+              keysToRemove.push(key)
             }
           }
         } catch (e) {
-          console.warn(`[${this.storageKeyPrefix}] Error parsing state key ${key} during clearStorage:`, e);
+          console.warn(`[${this.storageKeyPrefix}] Error parsing state key ${key} during clearStorage:`, e)
           // Optionally remove malformed keys
           // keysToRemove.push(key);
         }
       }
     }
 
-    const uniqueKeysToRemove = [...new Set(keysToRemove)];
-    uniqueKeysToRemove.forEach(key => {
-      localStorage.removeItem(key);
-      count++;
-    });
-    return count;
+    const uniqueKeysToRemove = [...new Set(keysToRemove)]
+    uniqueKeysToRemove.forEach((key) => {
+      localStorage.removeItem(key)
+      count++
+    })
+    return count
   }
 
   private hashString(str: string): string {
-    let hash = 0;
+    let hash = 0
     for (let i = 0; i < str.length; i++) {
-      const char = str.charCodeAt(i);
-      hash = (hash << 5) - hash + char;
-      hash = hash & hash;
+      const char = str.charCodeAt(i)
+      hash = (hash << 5) - hash + char
+      hash = hash & hash
     }
-    return Math.abs(hash).toString(16);
+    return Math.abs(hash).toString(16)
   }
 
   getKey(keySuffix: string): string {
-    return `${this.storageKeyPrefix}_${this.serverUrlHash}_${keySuffix}`;
+    return `${this.storageKeyPrefix}_${this.serverUrlHash}_${keySuffix}`
   }
-}
+}