yuukiii/hermes-mcp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
c7eae2c73557e91129ec71054352daec7d08a079
hermes-mcp/src/auth.ts
Garfield 02398258a5 feat: native OAuth login page, architecture docs, docs site update 
- Add GET/POST /login to hermes for first-party cookie during OAuth popup
  (fixes browser CHIPS cookie partitioning that broke claude.ai connection)
- Add role column to all findCustomer* SQL queries in src/auth.ts
- Add claude.ai tab to docs/getting-started.html with OAuth flow steps
- Add ARCHITECTURE.md with system diagrams, data flow, and key invariants
- Rewrite README.md and DEPLOY.md to reflect actual MicroK8s deployment
- Deploy updated docs site (squaremcp-docs sha256 updated)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 13:48:01 -04:00

101 lines
3.0 KiB
TypeScript
Raw Blame History

import bcryptjs from 'bcryptjs';
const { hash, compare } = bcryptjs;
import jwt from 'jsonwebtoken';
const { sign, verify } = jwt;
import { getPool } from './db.js';
import type { RowDataPacket } from 'mysql2';
const JWT_SECRET = process.env.JWT_SECRET ?? process.env.CREDENTIAL_ENCRYPTION_KEY ?? 'dev-secret-change-me';
const SALT_ROUNDS = 12;
export interface JWTPayload {
sub: string; // customer id
email: string;
plan: string;
role?: string;
}
export async function hashPassword(password: string): Promise<string> {
return hash(password, SALT_ROUNDS);
}
export async function verifyPassword(password: string, hash: string): Promise<boolean> {
return compare(password, hash);
}
export function signJWT(payload: JWTPayload): string {
return sign(payload, JWT_SECRET, { expiresIn: '7d' });
}
export function verifyJWT(token: string): JWTPayload {
return verify(token, JWT_SECRET) as JWTPayload;
}
interface CustomerRow extends RowDataPacket {
id: string;
email: string;
plan: string;
active: boolean;
api_key: string;
password_hash: string | null;
role: string;
}
export async function findCustomerByEmail(email: string): Promise<CustomerRow | null> {
const [rows] = await getPool().query<CustomerRow[]>(
'SELECT id, email, plan, active, api_key, password_hash, role FROM customers WHERE email = ?',
[email]
);
return rows[0] ?? null;
}
export async function findCustomerById(id: string): Promise<CustomerRow | null> {
const [rows] = await getPool().query<CustomerRow[]>(
'SELECT id, email, plan, active, api_key, password_hash, role FROM customers WHERE id = ?',
[id]
);
return rows[0] ?? null;
}
export async function createCustomer(
id: string,
email: string,
passwordHash: string,
apiKey: string
): Promise<void> {
await getPool().query(
'INSERT INTO customers (id, email, password_hash, api_key, plan, active) VALUES (?, ?, ?, ?, ?, ?)',
[id, email, passwordHash, apiKey, 'free', true]
);
}
export async function setResetToken(email: string, token: string): Promise<boolean> {
const [result] = await getPool().query<any>(
'UPDATE customers SET reset_token = ?, reset_expires_at = DATE_ADD(NOW(), INTERVAL 1 HOUR) WHERE email = ?',
[token, email]
);
return result.affectedRows > 0;
}
export async function findCustomerByResetToken(token: string) {
const [rows] = await getPool().query<CustomerRow[]>(
'SELECT id, email, plan, active, api_key, password_hash, role FROM customers WHERE reset_token = ? AND reset_expires_at > NOW()',
[token]
);
return rows[0] ?? null;
}
export async function clearResetToken(customerId: string): Promise<void> {
await getPool().query(
'UPDATE customers SET reset_token = NULL, reset_expires_at = NULL WHERE id = ?',
[customerId]
);
}
export async function updatePassword(customerId: string, passwordHash: string): Promise<void> {
await getPool().query(
'UPDATE customers SET password_hash = ? WHERE id = ?',
[passwordHash, customerId]
);
}
Reference in New Issue View Git Blame Copy Permalink