MCPcopy Index your code
hub / github.com/Waishnav/devspace / SqliteOAuthStore

Class SqliteOAuthStore

src/oauth-store.ts:40–188  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

38}
39
40export class SqliteOAuthStore {
41 private readonly database: DatabaseHandle;
42
43 constructor(stateDir: string) {
44 this.database = openDatabase(stateDir);
45 this.deleteExpiredTokens(Math.floor(Date.now() / 1000));
46 }
47
48 getClient(clientId: string): OAuthClientInformationFull | undefined {
49 const row = this.database.sqlite
50 .prepare("select client_json from oauth_clients where client_id = ?")
51 .get(clientId) as { client_json: string } | undefined;
52
53 return row ? (JSON.parse(row.client_json) as OAuthClientInformationFull) : undefined;
54 }
55
56 registerClient(
57 client: Omit<OAuthClientInformationFull, "client_id" | "client_id_issued_at">,
58 allowedRedirectHosts: string[],
59 ): OAuthClientInformationFull {
60 if (!client.redirect_uris.every((uri) => redirectHostAllowed(String(uri), allowedRedirectHosts))) {
61 throw new InvalidRequestError("Client redirect_uri is not allowed for this DevSpace server");
62 }
63
64 const now = Math.floor(Date.now() / 1000);
65 const registered: OAuthClientInformationFull = {
66 ...client,
67 client_id: `devspace-${randomUUID()}`,
68 client_id_issued_at: now,
69 token_endpoint_auth_method: client.token_endpoint_auth_method ?? "none",
70 grant_types: client.grant_types ?? ["authorization_code", "refresh_token"],
71 response_types: client.response_types ?? ["code"],
72 };
73
74 this.database.sqlite
75 .prepare("insert into oauth_clients (client_id, client_json, issued_at) values (?, ?, ?)")
76 .run(registered.client_id, JSON.stringify(registered), now);
77
78 return registered;
79 }
80
81 saveAccessToken(tokenHash: string, record: PersistedAccessTokenRecord): void {
82 this.database.sqlite
83 .prepare(
84 `insert into oauth_access_tokens (token_hash, client_id, scopes_json, expires_at, resource)
85 values (?, ?, ?, ?, ?)
86 on conflict(token_hash) do update set
87 client_id = excluded.client_id,
88 scopes_json = excluded.scopes_json,
89 expires_at = excluded.expires_at,
90 resource = excluded.resource`,
91 )
92 .run(
93 tokenHash,
94 record.clientId,
95 JSON.stringify(record.scopes),
96 record.expiresAt,
97 record.resource ?? null,

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected