auth.ts•2.96 kB
/**
* Authentication and authorization constants
*/
// Authentication and session settings
export const AUTH_CONFIG = {
// Server-side authentication
SERVER: {
DEFAULT_ENABLED: false,
// File storage configuration
STORAGE: {
DIR: 'sessions',
FILE_EXTENSION: '.json',
},
// Session management
SESSION: {
TTL_MINUTES: 24 * 60, // 24 hours
ID_PREFIX: 'sess-',
FILE_PREFIX: 'session_',
SUBDIR: 'server',
},
// OAuth authorization codes (permanent, for token exchange)
AUTH_CODE: {
TTL_MS: 60 * 1000, // 1 minute
ID_PREFIX: 'code-',
FILE_PREFIX: 'auth_code_',
SUBDIR: 'server',
},
// OAuth authorization requests (temporary, for consent flow)
AUTH_REQUEST: {
TTL_MS: 10 * 60 * 1000, // 10 minutes
ID_PREFIX: 'code-', // Same as auth codes for compatibility
FILE_PREFIX: 'auth_request_',
SUBDIR: 'server',
},
// OAuth tokens
TOKEN: {
TTL_MS: 24 * 60 * 60 * 1000, // 24 hours
ID_PREFIX: 'tk-',
},
// Streamable HTTP sessions
STREAMABLE_SESSION: {
TTL_MS: 24 * 60 * 60 * 1000, // 24 hours
ID_PREFIX: 'stream-',
FILE_PREFIX: 'streamable_session_',
SUBDIR: 'transport',
// Redis-style save policy for performance optimization
SAVE_POLICY: {
REQUESTS: 100, // Trigger after N requests
INTERVAL_MS: 5 * 60 * 1000, // OR after M minutes
FLUSH_INTERVAL_MS: 60 * 1000, // Background flush every 60s
},
},
// Client management
CLIENT: {
ID_PREFIX: 'client-',
FILE_PREFIX: 'session_cli_',
SUBDIR: 'server',
},
},
// Client-side authentication
CLIENT: {
OAUTH: {
TTL_MS: 30 * 24 * 60 * 60 * 1000, // 30 days
CODE_VERIFIER_TTL_MS: 10 * 60 * 1000, // 10 minutes
STATE_TTL_MS: 10 * 60 * 1000, // 10 minutes
DEFAULT_TOKEN_EXPIRY_SECONDS: 3600, // 1 hour
DEFAULT_CALLBACK_PATH: '/oauth/callback',
DEFAULT_SCOPES: [],
},
SESSION: {
TTL_MS: 30 * 24 * 60 * 60 * 1000, // 30 days
ID_PREFIX: 'oauth_',
FILE_PREFIX: '',
SUBDIR: 'client',
},
PREFIXES: {
CLIENT: 'cli_',
TOKENS: 'tok_',
VERIFIER: 'ver_',
STATE: 'sta_',
},
},
};
// Storage subdirectory configuration
export const STORAGE_SUBDIRS = {
SERVER: 'server',
CLIENT: 'client',
TRANSPORT: 'transport',
} as const;
// File prefix mapping for migration logic
export const FILE_PREFIX_MAPPING = {
SERVER: ['session_', 'auth_code_', 'auth_request_'],
CLIENT: ['oauth_', 'cli_', 'tok_', 'ver_', 'sta_'],
TRANSPORT: ['streamable_session_'],
} as const;
// Rate limiting configuration for OAuth endpoints
export const RATE_LIMIT_CONFIG = {
OAUTH: {
WINDOW_MS: 15 * 60 * 1000, // 15 minutes
MAX: 100, // max requests per window per IP
MESSAGE: { error: 'Too many requests, please try again later.' },
},
};