Recached

cofacts / rumors-api / 25983239302

coverage: 78.834% (-3.4%) from 82.22%
25983239302

Pull #389

github

web-flow 
Merge c765e72a1 into 59e4e0b39
Pull Request #389: feat(mcp): add remote MCP server with OAuth 2.1 + PKCE

893 of 1212 branches covered (73.68%)

Branch coverage included in aggregate %.

18 of 110 new or added lines in 6 files covered. (16.36%)

8 existing lines in 1 file now uncovered.

1744 of 2133 relevant lines covered (81.76%)

16.38 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

56.25
/src/tokenRoute.js
1 
import { createHash } from 'crypto';
2 
import {
3 
  verifyJWT,
4 
  signLongLivedJWT,
5 
  TOKEN_USE_AUTH_CODE,
6 
  getCookieMaxAgeSec,
7 
} from './lib/jwt';
8 









9



export default async function tokenRoute(ctx) {











10



  const { code, code_verifier } = ctx.request.body;




8





11












12



  if (!code) {





8





13



    ctx.status = 400;




1





14



    ctx.body = { error: 'code is required' };




1





15



    return;




1





16



  }










17












18



  let payload;










19



  try {




7





20



    payload = await verifyJWT(code, { expectedUse: TOKEN_USE_AUTH_CODE });




7





21



  } catch (err) {










22



    ctx.status = 401;




4





23



    ctx.body = { error: 'Invalid or expired code' };




4





24



    return;




4





25



  }










26













27



  if (payload.code_challenge) {





3!






NEW


28



    if (!code_verifier) {





×








NEW


29



      ctx.status = 400;




×








NEW


30



      ctx.body = { error: 'code_verifier required' };




×








NEW


31



      return;




×







32



    }











NEW


33



    const computed = createHash('sha256')




×







34



      .update(code_verifier)










35



      .digest('base64url');











NEW


36



    if (computed !== payload.code_challenge) {





×








NEW


37



      ctx.status = 401;




×








NEW


38



      ctx.body = { error: 'invalid_code_verifier' };




×








NEW


39



      return;




×







40



    }










41



  }










42












43



  const userId = payload.sub;




3





44



  const token = await signLongLivedJWT(userId);




3






45



  const maxAgeSec = getCookieMaxAgeSec();




2






46



  ctx.body = {




2





47



    // Legacy










48



    token,










49












50



    // OAuth2 compatible










51



    access_token: token,










52



    token_type: 'Bearer',










53



    expires_in: maxAgeSec,










54



  };










55



}
























    

  • 

    •