allowlist.service.tsβ’1.5 kB
import { Injectable } from '@nestjs/common'
import { ConfigService } from '@nestjs/config'
/**
* Service to manage email allowlist for MCP authentication
* Only emails in the ALLOWED_EMAILS environment variable can access MCP endpoints
*/
@Injectable()
export class AllowlistService {
private readonly allowedEmails: Set<string>
constructor(private readonly configService: ConfigService) {
const emailsString = this.configService.get<string>('ALLOWED_EMAILS', '')
this.allowedEmails = new Set(
emailsString
.split(',')
.map((email) => email.trim().toLowerCase())
.filter((email) => email.length > 0),
)
if (this.allowedEmails.size === 0) {
console.warn('WARNING: ALLOWED_EMAILS is empty. No users will be able to authenticate.')
}
}
/**
* Check if an email is in the allowlist
* @param email Email address to check (case-insensitive)
* @returns true if email is allowed, false otherwise
*/
isEmailAllowed(email: string | null | undefined): boolean {
if (!email) {
return false
}
return this.allowedEmails.has(email.trim().toLowerCase())
}
/**
* Get the list of allowed emails (for debugging/testing)
* @returns Array of allowed email addresses
*/
getAllowedEmails(): string[] {
return Array.from(this.allowedEmails)
}
/**
* Get the count of allowed emails
* @returns Number of emails in allowlist
*/
getCount(): number {
return this.allowedEmails.size
}
}