token_storage.py

"""
Token storage module for securely storing OAuth tokens.

This module provides a simple interface for storing and retrieving OAuth tokens.
In a production environment, this should be replaced with a more secure solution
like a database or a secure token storage service.
"""

import os
import json
import threading
from datetime import datetime, timedelta
import logging

from config_paths import get_token_file_path

SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
TOKEN_FILE = os.environ.get(
    "BASECAMP_TOKEN_FILE",
    str(get_token_file_path()),
)

# Lock for thread-safe operations
_lock = threading.Lock()
_logger = logging.getLogger(__name__)


def _read_tokens():
    """Read tokens from storage."""
    try:
        with open(TOKEN_FILE, "r") as f:
            data = json.load(f)
            basecamp_data = data.get("basecamp", {})
            updated_at = basecamp_data.get("updated_at")
            _logger.info(
                f"Read tokens from {TOKEN_FILE}. Basecamp token updated_at: {updated_at}"
            )
            return data
    except FileNotFoundError:
        _logger.info(f"{TOKEN_FILE} not found. Returning empty tokens.")
        return {}  # Return empty dict if file doesn't exist
    except json.JSONDecodeError:
        _logger.warning(
            f"Error decoding JSON from {TOKEN_FILE}. Returning empty tokens."
        )
        # If file exists but isn't valid JSON, return empty dict
        return {}


def _write_tokens(tokens):
    """Write tokens to storage."""
    # Create directory for the token file if it doesn't exist
    os.makedirs(
        os.path.dirname(TOKEN_FILE) if os.path.dirname(TOKEN_FILE) else ".",
        exist_ok=True,
    )

    basecamp_data_to_write = tokens.get("basecamp", {})
    updated_at_to_write = basecamp_data_to_write.get("updated_at")
    _logger.info(
        f"Writing tokens to {TOKEN_FILE}. Basecamp token updated_at to be written: {updated_at_to_write}"
    )

    # Set secure permissions on the file
    with open(TOKEN_FILE, "w") as f:
        json.dump(tokens, f, indent=2)

    # Set permissions to only allow the current user to read/write
    try:
        os.chmod(TOKEN_FILE, 0o600)
    except Exception:
        pass  # Ignore if chmod fails (might be on Windows)


def store_token(access_token, refresh_token=None, expires_in=None, account_id=None):
    """
    Store OAuth tokens securely.

    Args:
        access_token (str): The OAuth access token
        refresh_token (str, optional): The OAuth refresh token
        expires_in (int, optional): Token expiration time in seconds
        account_id (str, optional): The Basecamp account ID

    Returns:
        bool: True if the token was stored successfully
    """
    if not access_token:
        return False  # Don't store empty tokens

    with _lock:
        tokens = _read_tokens()

        # Calculate expiration time
        expires_at = None
        if expires_in:
            expires_at = (datetime.now() + timedelta(seconds=expires_in)).isoformat()

        # Store the token with metadata
        tokens["basecamp"] = {
            "access_token": access_token,
            "refresh_token": refresh_token,
            "account_id": account_id,
            "expires_at": expires_at,
            "updated_at": datetime.now().isoformat(),
        }

        _write_tokens(tokens)
        return True


def get_token():
    """
    Get the stored OAuth token.

    Returns:
        dict: Token information or None if not found
    """
    with _lock:
        tokens = _read_tokens()
        return tokens.get("basecamp")


def is_token_expired():
    """
    Check if the stored token is expired.

    Returns:
        bool: True if the token is expired or not found
    """
    with _lock:
        tokens = _read_tokens()
        token_data = tokens.get("basecamp")

        if not token_data or not token_data.get("expires_at"):
            return True

        try:
            expires_at = datetime.fromisoformat(token_data["expires_at"])
            # Add a buffer of 5 minutes to account for clock differences
            return datetime.now() > (expires_at - timedelta(minutes=5))
        except (ValueError, TypeError):
            return True


def clear_tokens():
    """Clear all stored tokens."""
    with _lock:
        if os.path.exists(TOKEN_FILE):
            os.remove(TOKEN_FILE)
        return True
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`"""`
			`Token storage module for securely storing OAuth tokens.`

			`This module provides a simple interface for storing and retrieving OAuth tokens.`
			`In a production environment, this should be replaced with a more secure solution`
			`like a database or a secure token storage service.`
			`"""`

			`import os`
			`import json`
			`import threading`
			`from datetime import datetime, timedelta`
refactor: Remove deprecated files and clean up codebase This commit deletes obsolete files related to the Basecamp MCP integration, including: - `basecamp_client.py` - `basecamp_oauth.py` - `composio_client_example.py` - `composio_integration.py` - `mcp_integration.py` - `setup.sh` - `start_basecamp_mcp.sh` Additionally, a new file `mcp_server_cli.py` is introduced to streamline the MCP server functionality. The README has been updated to reflect these changes and provide clearer setup instructions. This cleanup aims to enhance maintainability and focus on the core components of the integration. 2025-06-02 17:11:39 +01:00			`import logging`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00
fix: resolve read-only file system issues for Nix packaging - Add config_paths.py for XDG-compliant path resolution - Update all servers to use user-writable locations (logs, tokens, .env) - Make .env file optional - server works with environment variables only - Default paths: ~/.local/share for data, ~/.local/state for logs - Update Nix wrapper with XDG defaults and helpful postInstall message - Update README.md with environment variable configuration documentation Fixes OSError when running in Nix store (read-only filesystem) 2026-01-21 20:42:05 +01:00			`from config_paths import get_token_file_path`

refactor: Remove deprecated files and clean up codebase This commit deletes obsolete files related to the Basecamp MCP integration, including: - `basecamp_client.py` - `basecamp_oauth.py` - `composio_client_example.py` - `composio_integration.py` - `mcp_integration.py` - `setup.sh` - `start_basecamp_mcp.sh` Additionally, a new file `mcp_server_cli.py` is introduced to streamline the MCP server functionality. The README has been updated to reflect these changes and provide clearer setup instructions. This cleanup aims to enhance maintainability and focus on the core components of the integration. 2025-06-02 17:11:39 +01:00			`SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`TOKEN_FILE = os.environ.get(`
fix: resolve read-only file system issues for Nix packaging - Add config_paths.py for XDG-compliant path resolution - Update all servers to use user-writable locations (logs, tokens, .env) - Make .env file optional - server works with environment variables only - Default paths: ~/.local/share for data, ~/.local/state for logs - Update Nix wrapper with XDG defaults and helpful postInstall message - Update README.md with environment variable configuration documentation Fixes OSError when running in Nix store (read-only filesystem) 2026-01-21 20:42:05 +01:00			`"BASECAMP_TOKEN_FILE",`
			`str(get_token_file_path()),`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`)`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00
			`# Lock for thread-safe operations`
			`_lock = threading.Lock()`
refactor: Remove deprecated files and clean up codebase This commit deletes obsolete files related to the Basecamp MCP integration, including: - `basecamp_client.py` - `basecamp_oauth.py` - `composio_client_example.py` - `composio_integration.py` - `mcp_integration.py` - `setup.sh` - `start_basecamp_mcp.sh` Additionally, a new file `mcp_server_cli.py` is introduced to streamline the MCP server functionality. The README has been updated to reflect these changes and provide clearer setup instructions. This cleanup aims to enhance maintainability and focus on the core components of the integration. 2025-06-02 17:11:39 +01:00			`_logger = logging.getLogger(__name__)`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`def _read_tokens():`
			`"""Read tokens from storage."""`
			`try:`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`with open(TOKEN_FILE, "r") as f:`
refactor: Remove deprecated files and clean up codebase This commit deletes obsolete files related to the Basecamp MCP integration, including: - `basecamp_client.py` - `basecamp_oauth.py` - `composio_client_example.py` - `composio_integration.py` - `mcp_integration.py` - `setup.sh` - `start_basecamp_mcp.sh` Additionally, a new file `mcp_server_cli.py` is introduced to streamline the MCP server functionality. The README has been updated to reflect these changes and provide clearer setup instructions. This cleanup aims to enhance maintainability and focus on the core components of the integration. 2025-06-02 17:11:39 +01:00			`data = json.load(f)`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`basecamp_data = data.get("basecamp", {})`
			`updated_at = basecamp_data.get("updated_at")`
			`_logger.info(`
			`f"Read tokens from {TOKEN_FILE}. Basecamp token updated_at: {updated_at}"`
			`)`
refactor: Remove deprecated files and clean up codebase This commit deletes obsolete files related to the Basecamp MCP integration, including: - `basecamp_client.py` - `basecamp_oauth.py` - `composio_client_example.py` - `composio_integration.py` - `mcp_integration.py` - `setup.sh` - `start_basecamp_mcp.sh` Additionally, a new file `mcp_server_cli.py` is introduced to streamline the MCP server functionality. The README has been updated to reflect these changes and provide clearer setup instructions. This cleanup aims to enhance maintainability and focus on the core components of the integration. 2025-06-02 17:11:39 +01:00			`return data`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`except FileNotFoundError:`
refactor: Remove deprecated files and clean up codebase This commit deletes obsolete files related to the Basecamp MCP integration, including: - `basecamp_client.py` - `basecamp_oauth.py` - `composio_client_example.py` - `composio_integration.py` - `mcp_integration.py` - `setup.sh` - `start_basecamp_mcp.sh` Additionally, a new file `mcp_server_cli.py` is introduced to streamline the MCP server functionality. The README has been updated to reflect these changes and provide clearer setup instructions. This cleanup aims to enhance maintainability and focus on the core components of the integration. 2025-06-02 17:11:39 +01:00			`_logger.info(f"{TOKEN_FILE} not found. Returning empty tokens.")`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`return {} # Return empty dict if file doesn't exist`
			`except json.JSONDecodeError:`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`_logger.warning(`
			`f"Error decoding JSON from {TOKEN_FILE}. Returning empty tokens."`
			`)`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`# If file exists but isn't valid JSON, return empty dict`
			`return {}`

feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`def _write_tokens(tokens):`
			`"""Write tokens to storage."""`
			`# Create directory for the token file if it doesn't exist`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`os.makedirs(`
			`os.path.dirname(TOKEN_FILE) if os.path.dirname(TOKEN_FILE) else ".",`
			`exist_ok=True,`
			`)`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`basecamp_data_to_write = tokens.get("basecamp", {})`
			`updated_at_to_write = basecamp_data_to_write.get("updated_at")`
			`_logger.info(`
			`f"Writing tokens to {TOKEN_FILE}. Basecamp token updated_at to be written: {updated_at_to_write}"`
			`)`
refactor: Remove deprecated files and clean up codebase This commit deletes obsolete files related to the Basecamp MCP integration, including: - `basecamp_client.py` - `basecamp_oauth.py` - `composio_client_example.py` - `composio_integration.py` - `mcp_integration.py` - `setup.sh` - `start_basecamp_mcp.sh` Additionally, a new file `mcp_server_cli.py` is introduced to streamline the MCP server functionality. The README has been updated to reflect these changes and provide clearer setup instructions. This cleanup aims to enhance maintainability and focus on the core components of the integration. 2025-06-02 17:11:39 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`# Set secure permissions on the file`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`with open(TOKEN_FILE, "w") as f:`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`json.dump(tokens, f, indent=2)`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`# Set permissions to only allow the current user to read/write`
			`try:`
			`os.chmod(TOKEN_FILE, 0o600)`
			`except Exception:`
			`pass # Ignore if chmod fails (might be on Windows)`

feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`def store_token(access_token, refresh_token=None, expires_in=None, account_id=None):`
			`"""`
			`Store OAuth tokens securely.`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`Args:`
			`access_token (str): The OAuth access token`
			`refresh_token (str, optional): The OAuth refresh token`
			`expires_in (int, optional): Token expiration time in seconds`
			`account_id (str, optional): The Basecamp account ID`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`Returns:`
			`bool: True if the token was stored successfully`
			`"""`
			`if not access_token:`
			`return False # Don't store empty tokens`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`with _lock:`
			`tokens = _read_tokens()`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`# Calculate expiration time`
			`expires_at = None`
			`if expires_in:`
			`expires_at = (datetime.now() + timedelta(seconds=expires_in)).isoformat()`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`# Store the token with metadata`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`tokens["basecamp"] = {`
			`"access_token": access_token,`
			`"refresh_token": refresh_token,`
			`"account_id": account_id,`
			`"expires_at": expires_at,`
			`"updated_at": datetime.now().isoformat(),`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`}`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`_write_tokens(tokens)`
			`return True`

feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`def get_token():`
			`"""`
			`Get the stored OAuth token.`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`Returns:`
			`dict: Token information or None if not found`
			`"""`
			`with _lock:`
			`tokens = _read_tokens()`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`return tokens.get("basecamp")`

Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00
			`def is_token_expired():`
			`"""`
			`Check if the stored token is expired.`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`Returns:`
			`bool: True if the token is expired or not found`
			`"""`
			`with _lock:`
			`tokens = _read_tokens()`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`token_data = tokens.get("basecamp")`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`if not token_data or not token_data.get("expires_at"):`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`return True`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`try:`
feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00			`expires_at = datetime.fromisoformat(token_data["expires_at"])`
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`# Add a buffer of 5 minutes to account for clock differences`
			`return datetime.now() > (expires_at - timedelta(minutes=5))`
			`except (ValueError, TypeError):`
			`return True`

feat: add BASECAMP_TOKEN_FILE env var for configurable token storage 2026-01-21 19:20:43 +01:00
Initial commit: Basecamp MCP server with OAuth authentication 2025-03-09 16:42:28 +00:00			`def clear_tokens():`
			`"""Clear all stored tokens."""`
			`with _lock:`
			`if os.path.exists(TOKEN_FILE):`
			`os.remove(TOKEN_FILE)`
chore: remove trailing spaces and ensure newline 2025-06-06 10:23:50 +01:00			`return True`