feat(planning): grille hebdomadaire complète avec API et filtres

- Connexion API via proxy Angular (résolution CORS, base path /api)
- Import CSS ng-zorro global pour les modales et composants
- Filtres Camion/Show câblés sur l'affichage de la grille
- Camions affichés via TrucksService (linkés au show du même créneau)
- Panneau de détails : spectacles + camions du jour sélectionné
- Modale de création de spectacle stylisée avec fond et centrage
- Positionnement précis des events à la minute dans leur créneau
- Auto-scroll vers l'heure courante au chargement
- Ligne "maintenant" sur la colonne du jour actuel
- Régénération des services OpenAPI (nouveaux noms de types)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

node_modules/@modelcontextprotocol/sdk/dist/cjs/server/auth/router.js

@@ -13,16 +13,10 @@ const token_js_1 = require("./handlers/token.js");
 const authorize_js_1 = require("./handlers/authorize.js");
 const revoke_js_1 = require("./handlers/revoke.js");
 const metadata_js_1 = require("./handlers/metadata.js");
-// Check for dev mode flag that allows HTTP issuer URLs (for development/testing only)
-const allowInsecureIssuerUrl = process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === 'true' || process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === '1';
-if (allowInsecureIssuerUrl) {
-    // eslint-disable-next-line no-console
-    console.warn('MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL is enabled - HTTP issuer URLs are allowed. Do not use in production.');
-}
 const checkIssuerUrl = (issuer) => {
     // Technically RFC 8414 does not permit a localhost HTTPS exemption, but this will be necessary for ease of testing
-    if (issuer.protocol !== 'https:' && issuer.hostname !== 'localhost' && issuer.hostname !== '127.0.0.1' && !allowInsecureIssuerUrl) {
-        throw new Error('Issuer URL must be HTTPS');
+    if (issuer.protocol !== "https:" && issuer.hostname !== "localhost" && issuer.hostname !== "127.0.0.1") {
+        throw new Error("Issuer URL must be HTTPS");
     }
     if (issuer.hash) {
         throw new Error(`Issuer URL must not have a fragment: ${issuer}`);
@@ -32,26 +26,27 @@ const checkIssuerUrl = (issuer) => {
     }
 };
 const createOAuthMetadata = (options) => {
+    var _a;
     const issuer = options.issuerUrl;
     const baseUrl = options.baseUrl;
     checkIssuerUrl(issuer);
-    const authorization_endpoint = '/authorize';
-    const token_endpoint = '/token';
-    const registration_endpoint = options.provider.clientsStore.registerClient ? '/register' : undefined;
-    const revocation_endpoint = options.provider.revokeToken ? '/revoke' : undefined;
+    const authorization_endpoint = "/authorize";
+    const token_endpoint = "/token";
+    const registration_endpoint = options.provider.clientsStore.registerClient ? "/register" : undefined;
+    const revocation_endpoint = options.provider.revokeToken ? "/revoke" : undefined;
     const metadata = {
         issuer: issuer.href,
-        service_documentation: options.serviceDocumentationUrl?.href,
+        service_documentation: (_a = options.serviceDocumentationUrl) === null || _a === void 0 ? void 0 : _a.href,
         authorization_endpoint: new URL(authorization_endpoint, baseUrl || issuer).href,
-        response_types_supported: ['code'],
-        code_challenge_methods_supported: ['S256'],
+        response_types_supported: ["code"],
+        code_challenge_methods_supported: ["S256"],
         token_endpoint: new URL(token_endpoint, baseUrl || issuer).href,
-        token_endpoint_auth_methods_supported: ['client_secret_post', 'none'],
-        grant_types_supported: ['authorization_code', 'refresh_token'],
+        token_endpoint_auth_methods_supported: ["client_secret_post"],
+        grant_types_supported: ["authorization_code", "refresh_token"],
         scopes_supported: options.scopesSupported,
         revocation_endpoint: revocation_endpoint ? new URL(revocation_endpoint, baseUrl || issuer).href : undefined,
-        revocation_endpoint_auth_methods_supported: revocation_endpoint ? ['client_secret_post'] : undefined,
-        registration_endpoint: registration_endpoint ? new URL(registration_endpoint, baseUrl || issuer).href : undefined
+        revocation_endpoint_auth_methods_supported: revocation_endpoint ? ["client_secret_post"] : undefined,
+        registration_endpoint: registration_endpoint ? new URL(registration_endpoint, baseUrl || issuer).href : undefined,
     };
     return metadata;
 };
@@ -75,8 +70,8 @@ function mcpAuthRouter(options) {
     router.use(new URL(oauthMetadata.token_endpoint).pathname, (0, token_js_1.tokenHandler)({ provider: options.provider, ...options.tokenOptions }));
     router.use(mcpAuthMetadataRouter({
         oauthMetadata,
-        // Prefer explicit RS; otherwise fall back to AS baseUrl, then to issuer (back-compat)
-        resourceServerUrl: options.resourceServerUrl ?? options.baseUrl ?? new URL(oauthMetadata.issuer),
+        // This router is used for AS+RS combo's, so the issuer is also the resource server
+        resourceServerUrl: new URL(oauthMetadata.issuer),
         serviceDocumentationUrl: options.serviceDocumentationUrl,
         scopesSupported: options.scopesSupported,
         resourceName: options.resourceName
@@ -84,7 +79,7 @@ function mcpAuthRouter(options) {
     if (oauthMetadata.registration_endpoint) {
         router.use(new URL(oauthMetadata.registration_endpoint).pathname, (0, register_js_1.clientRegistrationHandler)({
             clientsStore: options.provider.clientsStore,
-            ...options.clientRegistrationOptions
+            ...options.clientRegistrationOptions,
         }));
     }
     if (oauthMetadata.revocation_endpoint) {
@@ -93,20 +88,21 @@ function mcpAuthRouter(options) {
     return router;
 }
 function mcpAuthMetadataRouter(options) {
+    var _a;
     checkIssuerUrl(new URL(options.oauthMetadata.issuer));
     const router = express_1.default.Router();
     const protectedResourceMetadata = {
         resource: options.resourceServerUrl.href,
-        authorization_servers: [options.oauthMetadata.issuer],
+        authorization_servers: [
+            options.oauthMetadata.issuer
+        ],
         scopes_supported: options.scopesSupported,
         resource_name: options.resourceName,
-        resource_documentation: options.serviceDocumentationUrl?.href
+        resource_documentation: (_a = options.serviceDocumentationUrl) === null || _a === void 0 ? void 0 : _a.href,
     };
-    // Serve PRM at the path-specific URL per RFC 9728
-    const rsPath = new URL(options.resourceServerUrl.href).pathname;
-    router.use(`/.well-known/oauth-protected-resource${rsPath === '/' ? '' : rsPath}`, (0, metadata_js_1.metadataHandler)(protectedResourceMetadata));
-    // Always add this for OAuth Authorization Server metadata per RFC 8414
-    router.use('/.well-known/oauth-authorization-server', (0, metadata_js_1.metadataHandler)(options.oauthMetadata));
+    router.use("/.well-known/oauth-protected-resource", (0, metadata_js_1.metadataHandler)(protectedResourceMetadata));
+    // Always add this for backwards compatibility
+    router.use("/.well-known/oauth-authorization-server", (0, metadata_js_1.metadataHandler)(options.oauthMetadata));
     return router;
 }
 /**
@@ -118,11 +114,9 @@ function mcpAuthMetadataRouter(options) {
  *
  * @example
  * getOAuthProtectedResourceMetadataUrl(new URL('https://api.example.com/mcp'))
- * // Returns: 'https://api.example.com/.well-known/oauth-protected-resource/mcp'
+ * // Returns: 'https://api.example.com/.well-known/oauth-protected-resource'
  */
 function getOAuthProtectedResourceMetadataUrl(serverUrl) {
-    const u = new URL(serverUrl.href);
-    const rsPath = u.pathname && u.pathname !== '/' ? u.pathname : '';
-    return new URL(`/.well-known/oauth-protected-resource${rsPath}`, u).href;
+    return new URL('/.well-known/oauth-protected-resource', serverUrl).href;
 }
 //# sourceMappingURL=router.js.map