mirrors/mcphub
1
0
Fork 0
mirror of https://github.com/samanhappy/mcphub.git synced 2026-01-01 20:28:42 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:copilot/add-oauth-oidc-support
Branches Tags
mirrors:main mirrors:copilot/add-oauth-oidc-support mirrors:copilot/add-activity-log-page mirrors:copilot/add-oauth2-oidc-login-support mirrors:copilot/implement-compression-mechanism mirrors:copilot/set-nonstream-response mirrors:copilot/fix-access-token-refresh-issue mirrors:copilot/fix-json-schema-export-import mirrors:cluster mirrors:copilot/upgrade-glob-to-10-5-0 mirrors:copilot/fix-password-change-issue mirrors:copilot/fix-servers-page-description mirrors:copilot/fix-path-matching-issue mirrors:copilot/fix-security-dependency-issue mirrors:copilot/fix-excessive-api-calls mirrors:copilot/create-authentication-bypass-tests mirrors:copilot/fix-authentication-bypass-issue mirrors:copilot/fix-login-issue-with-base-path mirrors:copilot/fix-2755122-957825149-90b80786-8395-4845-bd6d-1c18c49b8c86 mirrors:copilot/fix-mcp-pdf-reader-error mirrors:copilot/add-one-click-install-button mirrors:copilot/fix-server-status-update mirrors:copilot/fix-jira-cloud-connection mirrors:copilot/add-cluster-functionality mirrors:codex/implement-cluster-functionality-for-mcphub mirrors:copilot/fix-playwright-parallel-execution mirrors:copilot/fix-group-adding-issue
mirrors:v0.11.11 mirrors:v0.11.10 mirrors:v0.11.9 mirrors:v0.11.8 mirrors:v0.11.7 mirrors:v0.11.6 mirrors:v0.11.5 mirrors:v0.11.4 mirrors:v0.11.3 mirrors:v0.11.2 mirrors:v0.11.1 mirrors:v0.11.0 mirrors:v0.10.6 mirrors:v0.10.5 mirrors:v0.10.4 mirrors:v0.10.3 mirrors:v0.10.2 mirrors:v0.10.1 mirrors:v0.10.0 mirrors:v0.9.16 mirrors:v0.9.15 mirrors:v0.9.14 mirrors:v0.9.13 mirrors:v0.9.12 mirrors:v0.9.11 mirrors:v0.9.10 mirrors:v0.9.9 mirrors:v0.9.8 mirrors:v0.9.7 mirrors:v0.9.6 mirrors:v0.9.5 mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.7 mirrors:v0.8.6 mirrors:v0.8.5 mirrors:v0.8.4 mirrors:v0.8.3 mirrors:v0.8.2 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.7 mirrors:v0.7.6 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.3 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.2 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.4 mirrors:v0.5.3 mirrors:v0.5.2 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.3 mirrors:v0.4.2 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.8 mirrors:v0.3.7 mirrors:v0.3.6 mirrors:v0.3.5 mirrors:v0.3.4 mirrors:v0.3.3 mirrors:v0.3.2 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.0 mirrors:v0.1.1 mirrors:v0.1.0
..
compare: mirrors:v0.11.11
Branches Tags
mirrors:main mirrors:copilot/add-oauth-oidc-support mirrors:copilot/add-activity-log-page mirrors:copilot/add-oauth2-oidc-login-support mirrors:copilot/implement-compression-mechanism mirrors:copilot/set-nonstream-response mirrors:copilot/fix-access-token-refresh-issue mirrors:copilot/fix-json-schema-export-import mirrors:cluster mirrors:copilot/upgrade-glob-to-10-5-0 mirrors:copilot/fix-password-change-issue mirrors:copilot/fix-servers-page-description mirrors:copilot/fix-path-matching-issue mirrors:copilot/fix-security-dependency-issue mirrors:copilot/fix-excessive-api-calls mirrors:copilot/create-authentication-bypass-tests mirrors:copilot/fix-authentication-bypass-issue mirrors:copilot/fix-login-issue-with-base-path mirrors:copilot/fix-2755122-957825149-90b80786-8395-4845-bd6d-1c18c49b8c86 mirrors:copilot/fix-mcp-pdf-reader-error mirrors:copilot/add-one-click-install-button mirrors:copilot/fix-server-status-update mirrors:copilot/fix-jira-cloud-connection mirrors:copilot/add-cluster-functionality mirrors:codex/implement-cluster-functionality-for-mcphub mirrors:copilot/fix-playwright-parallel-execution mirrors:copilot/fix-group-adding-issue
mirrors:v0.11.11 mirrors:v0.11.10 mirrors:v0.11.9 mirrors:v0.11.8 mirrors:v0.11.7 mirrors:v0.11.6 mirrors:v0.11.5 mirrors:v0.11.4 mirrors:v0.11.3 mirrors:v0.11.2 mirrors:v0.11.1 mirrors:v0.11.0 mirrors:v0.10.6 mirrors:v0.10.5 mirrors:v0.10.4 mirrors:v0.10.3 mirrors:v0.10.2 mirrors:v0.10.1 mirrors:v0.10.0 mirrors:v0.9.16 mirrors:v0.9.15 mirrors:v0.9.14 mirrors:v0.9.13 mirrors:v0.9.12 mirrors:v0.9.11 mirrors:v0.9.10 mirrors:v0.9.9 mirrors:v0.9.8 mirrors:v0.9.7 mirrors:v0.9.6 mirrors:v0.9.5 mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.7 mirrors:v0.8.6 mirrors:v0.8.5 mirrors:v0.8.4 mirrors:v0.8.3 mirrors:v0.8.2 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.7 mirrors:v0.7.6 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.3 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.2 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.4 mirrors:v0.5.3 mirrors:v0.5.2 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.3 mirrors:v0.4.2 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.8 mirrors:v0.3.7 mirrors:v0.3.6 mirrors:v0.3.5 mirrors:v0.3.4 mirrors:v0.3.3 mirrors:v0.3.2 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.0 mirrors:v0.1.1 mirrors:v0.1.0

9 Commits
copilot/ad ... v0.11.11

Author SHA1 Message Date
samanhappy
b279a1a62c chore: update mcp sdk dependencies to latest versions (#546) 2026-01-01 22:41:46 +08:00
dependabot[bot]
760cc462b9 chore(deps-dev): bump tsx from 4.20.5 to 4.21.0 (#541) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 22:01:13 +08:00
dependabot[bot]
431bc8f6f8 chore(deps-dev): bump next from 15.5.9 to 16.1.1 (#543) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 22:00:51 +08:00
dependabot[bot]
fb6af75f5b chore(deps-dev): bump ts-jest from 29.4.1 to 29.4.6 (#540) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 22:00:17 +08:00
dependabot[bot]
33b440973f chore(deps): bump axios from 1.13.1 to 1.13.2 (#544) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 21:59:57 +08:00
dependabot[bot]
2d248e953e chore(deps): bump dotenv from 16.6.1 to 17.2.3 (#542) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 21:59:38 +08:00
samanhappy
d36c6ac5ad fix: rename DATABASE_URL to DB_URL for consistency across configurations (#545) 2026-01-01 21:58:11 +08:00
Zhyim
0be6c36e12 feat: implement pagination for server list with customizable items pe… (#534) 2026-01-01 13:36:09 +08:00
samanhappy
7f2fca9636 feat: add proxy configuration support for STDIO servers on Linux and macOS (#537) 2026-01-01 12:45:50 +08:00
51 changed files with 1277 additions and 2348 deletions
Expand all files Collapse all files

2
.github/workflows/ci.yml vendored
View File

@@ -106,7 +106,7 @@ jobs:
# - name: Run integration tests
# run: |
# export DATABASE_URL="postgresql://postgres:postgres@localhost:5432/mcphub_test"
# export DB_URL="postgresql://postgres:postgres@localhost:5432/mcphub_test"
# node test-integration.ts
# env:
# NODE_ENV: test

6
docs/configuration/docker-setup.mdx
View File

@@ -106,7 +106,7 @@ services:
- NODE_ENV=production
- PORT=3000
- JWT_SECRET=${JWT_SECRET:-your-jwt-secret}
- DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub
volumes:
- ./mcp_settings.json:/app/mcp_settings.json:ro
- ./servers.json:/app/servers.json:ro
@@ -180,7 +180,7 @@ services:
- PORT=3000
- JWT_SECRET=${JWT_SECRET}
- JWT_EXPIRES_IN=${JWT_EXPIRES_IN:-24h}
- DATABASE_URL=postgresql://mcphub:${POSTGRES_PASSWORD}@postgres:5432/mcphub
- DB_URL=postgresql://mcphub:${POSTGRES_PASSWORD}@postgres:5432/mcphub
- OPENAI_API_KEY=${OPENAI_API_KEY}
- REDIS_URL=redis://redis:6379
volumes:
@@ -293,7 +293,7 @@ services:
environment:
- NODE_ENV=development
- PORT=3000
- DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub
volumes:
- .:/app
- /app/node_modules

86
docs/configuration/mcp-settings.mdx
View File

@@ -259,6 +259,92 @@ MCPHub supports environment variable substitution using `${VAR_NAME}` syntax:
}
```
### Proxy Configuration (proxychains4)
MCPHub supports routing STDIO server network traffic through a proxy using **proxychains4**. This feature is available on **Linux and macOS only** (Windows is not supported).
<Note>
To use this feature, you must have `proxychains4` installed on your system:
- **Debian/Ubuntu**: `apt install proxychains4`
- **macOS**: `brew install proxychains-ng`
- **Arch Linux**: `pacman -S proxychains-ng`
</Note>
#### Basic Proxy Configuration
```json
{
"mcpServers": {
"fetch-via-proxy": {
"command": "uvx",
"args": ["mcp-server-fetch"],
"proxy": {
"enabled": true,
"type": "socks5",
"host": "127.0.0.1",
"port": 1080
}
}
}
}
```
#### Proxy Configuration Options
| Field | Type | Default | Description |
| ------------ | ------- | --------- | ------------------------------------------------ |
| `enabled` | boolean | `false` | Enable/disable proxy routing |
| `type` | string | `socks5` | Proxy protocol: `socks4`, `socks5`, or `http` |
| `host` | string | - | Proxy server hostname or IP address |
| `port` | number | - | Proxy server port |
| `username` | string | - | Proxy authentication username (optional) |
| `password` | string | - | Proxy authentication password (optional) |
| `configPath` | string | - | Path to custom proxychains4 config file |
#### Proxy with Authentication
```json
{
"mcpServers": {
"secure-server": {
"command": "npx",
"args": ["-y", "@example/mcp-server"],
"proxy": {
"enabled": true,
"type": "http",
"host": "proxy.example.com",
"port": 8080,
"username": "${PROXY_USER}",
"password": "${PROXY_PASSWORD}"
}
}
}
}
```
#### Using Custom proxychains4 Configuration
For advanced use cases, you can provide your own proxychains4 configuration file:
```json
{
"mcpServers": {
"custom-proxy-server": {
"command": "python",
"args": ["-m", "custom_mcp_server"],
"proxy": {
"enabled": true,
"configPath": "/etc/proxychains4/custom.conf"
}
}
}
}
```
<Tip>
When `configPath` is specified, all other proxy settings (`type`, `host`, `port`, etc.) are ignored, and the custom configuration file is used directly.
</Tip>
{/* ### Custom Server Scripts
#### Local Python Server

218
docs/configuration/oauth-sso.mdx
View File

@@ -1,218 +0,0 @@
---
title: OAuth SSO Configuration
description: Configure OAuth 2.0 / OIDC Single Sign-On for MCPHub
---
# OAuth SSO Configuration
MCPHub supports OAuth 2.0 / OIDC Single Sign-On (SSO) for enterprise authentication, allowing users to log in using their existing identity provider accounts (Google, Microsoft, GitHub, or custom OIDC providers).
## Overview
SSO support allows:
- Login via major providers (Google, Microsoft, GitHub)
- Custom OIDC provider integration
- Auto-provisioning of new users from OAuth profiles
- Role mapping from provider claims/groups
- Hybrid auth (both SSO and local username/password)
## Configuration
Add the `oauthSSO` section to your `mcp_settings.json` under `systemConfig`:
```json
{
"systemConfig": {
"oauthSSO": {
"enabled": true,
"allowLocalAuth": true,
"callbackBaseUrl": "https://your-mcphub-domain.com",
"providers": [
{
"id": "google",
"name": "Google",
"type": "google",
"clientId": "your-google-client-id",
"clientSecret": "your-google-client-secret"
},
{
"id": "github",
"name": "GitHub",
"type": "github",
"clientId": "your-github-client-id",
"clientSecret": "your-github-client-secret"
},
{
"id": "microsoft",
"name": "Microsoft",
"type": "microsoft",
"clientId": "your-microsoft-client-id",
"clientSecret": "your-microsoft-client-secret"
}
]
}
}
}
```
## Provider Configuration
### Google
1. Go to [Google Cloud Console](https://console.cloud.google.com/)
2. Create a new project or select existing one
3. Navigate to "APIs & Services" → "Credentials"
4. Create OAuth 2.0 Client ID (Web application)
5. Add authorized redirect URI: `https://your-domain/auth/sso/google/callback`
6. Copy Client ID and Client Secret
```json
{
"id": "google",
"name": "Google",
"type": "google",
"clientId": "YOUR_GOOGLE_CLIENT_ID.apps.googleusercontent.com",
"clientSecret": "YOUR_GOOGLE_CLIENT_SECRET"
}
```
### GitHub
1. Go to [GitHub Developer Settings](https://github.com/settings/developers)
2. Click "New OAuth App"
3. Set Authorization callback URL: `https://your-domain/auth/sso/github/callback`
4. Copy Client ID and generate Client Secret
```json
{
"id": "github",
"name": "GitHub",
"type": "github",
"clientId": "YOUR_GITHUB_CLIENT_ID",
"clientSecret": "YOUR_GITHUB_CLIENT_SECRET"
}
```
### Microsoft (Azure AD)
1. Go to [Azure Portal](https://portal.azure.com/) → Azure Active Directory
2. Navigate to "App registrations" → "New registration"
3. Add redirect URI: `https://your-domain/auth/sso/microsoft/callback`
4. Under "Certificates & secrets", create a new client secret
5. Copy Application (client) ID and client secret value
```json
{
"id": "microsoft",
"name": "Microsoft",
"type": "microsoft",
"clientId": "YOUR_AZURE_CLIENT_ID",
"clientSecret": "YOUR_AZURE_CLIENT_SECRET"
}
```
### Custom OIDC Provider
For other OIDC-compatible identity providers:
```json
{
"id": "custom-idp",
"name": "Corporate SSO",
"type": "oidc",
"issuerUrl": "https://idp.example.com",
"authorizationUrl": "https://idp.example.com/oauth2/authorize",
"tokenUrl": "https://idp.example.com/oauth2/token",
"userInfoUrl": "https://idp.example.com/oauth2/userinfo",
"clientId": "YOUR_CLIENT_ID",
"clientSecret": "YOUR_CLIENT_SECRET",
"scopes": ["openid", "email", "profile"],
"attributeMapping": {
"username": "preferred_username",
"email": "email",
"name": "name"
}
}
```
## Role Mapping
Configure automatic admin role assignment based on provider claims:
```json
{
"id": "google",
"name": "Google",
"type": "google",
"clientId": "...",
"clientSecret": "...",
"roleMapping": {
"adminClaim": "groups",
"adminValues": ["mcphub-admins", "engineering-leads"],
"defaultIsAdmin": false
}
}
```
This configuration:
- Checks the `groups` claim in the user's profile
- Grants admin access if any value matches `mcphub-admins` or `engineering-leads`
- Non-matching users get regular (non-admin) access
## Configuration Options
### Global Options
| Option | Type | Default | Description |
|--------|------|---------|-------------|
| `enabled` | boolean | `false` | Enable/disable SSO globally |
| `allowLocalAuth` | boolean | `true` | Allow local username/password auth alongside SSO |
| `callbackBaseUrl` | string | auto-detected | Base URL for OAuth callbacks |
### Provider Options
| Option | Type | Required | Description |
|--------|------|----------|-------------|
| `id` | string | Yes | Unique identifier for the provider |
| `name` | string | Yes | Display name shown on login page |
| `type` | string | Yes | Provider type: `google`, `github`, `microsoft`, or `oidc` |
| `clientId` | string | Yes | OAuth client ID from the provider |
| `clientSecret` | string | Yes | OAuth client secret from the provider |
| `enabled` | boolean | No | Enable/disable this specific provider (default: true) |
| `scopes` | string[] | No | OAuth scopes to request |
| `autoProvision` | boolean | No | Auto-create users on first SSO login (default: true) |
| `allowLinking` | boolean | No | Allow existing users to link their accounts (default: true) |
### Custom OIDC Options (type: "oidc")
| Option | Type | Required | Description |
|--------|------|----------|-------------|
| `issuerUrl` | string | No | OIDC issuer URL for discovery |
| `authorizationUrl` | string | Yes | OAuth authorization endpoint |
| `tokenUrl` | string | Yes | OAuth token endpoint |
| `userInfoUrl` | string | Yes | OIDC userinfo endpoint |
| `attributeMapping` | object | No | Map provider claims to user attributes |
## Security Notes
1. **PKCE Support**: MCPHub uses PKCE (Proof Key for Code Exchange) for all providers except GitHub (which doesn't support it)
2. **State Parameter**: A cryptographically random state is generated for each login to prevent CSRF attacks
3. **Token Storage**: OAuth tokens from providers are not stored; only MCPHub's JWT is issued after successful authentication
4. **Rate Limiting**: Consider implementing rate limiting at infrastructure level (reverse proxy) for SSO endpoints
## Troubleshooting
### Common Issues
1. **"OAuth provider not found"**: Check that the provider is enabled and configured correctly
2. **"Invalid or expired OAuth state"**: The login attempt took too long (>10 minutes) or was a replay attack
3. **"Could not determine username"**: The provider didn't return expected user attributes; check `attributeMapping`
4. **"User account not found and auto-provisioning is disabled"**: Set `autoProvision: true` or pre-create the user
### Debug Mode
Enable debug logging by setting the `DEBUG` environment variable:
```bash
DEBUG=oauth* node dist/index.js
```

2
docs/development/getting-started.mdx
View File

@@ -47,7 +47,7 @@ PORT=3000
NODE_ENV=development
# Database Configuration
DATABASE_URL=postgresql://username:password@localhost:5432/mcphub
DB_URL=postgresql://username:password@localhost:5432/mcphub
# JWT Configuration
JWT_SECRET=your-secret-key

16
docs/features/smart-routing.mdx
View File

@@ -69,7 +69,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
ports:
- "3000:3000"
environment:
- DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub
- OPENAI_API_KEY=your_openai_api_key
- ENABLE_SMART_ROUTING=true
depends_on:
@@ -114,7 +114,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
2. **Set Environment Variables**:
```bash
export DATABASE_URL="postgresql://mcphub:your_password@localhost:5432/mcphub"
export DB_URL="postgresql://mcphub:your_password@localhost:5432/mcphub"
export OPENAI_API_KEY="your_openai_api_key"
export ENABLE_SMART_ROUTING="true"
```
@@ -178,7 +178,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
- name: mcphub
image: samanhappy/mcphub:latest
env:
- name: DATABASE_URL
- name: DB_URL
value: "postgresql://mcphub:password@postgres:5432/mcphub"
- name: OPENAI_API_KEY
valueFrom:
@@ -202,7 +202,7 @@ Configure Smart Routing with these environment variables:
```bash
# Required
DATABASE_URL=postgresql://user:password@host:5432/database
DB_URL=postgresql://user:password@host:5432/database
OPENAI_API_KEY=your_openai_api_key
# Optional
@@ -219,10 +219,10 @@ EMBEDDING_BATCH_SIZE=100
<Accordion title="Database Configuration">
```bash
# Full PostgreSQL connection string
DATABASE_URL=postgresql://username:password@host:port/database?schema=public
DB_URL=postgresql://username:password@host:port/database?schema=public
# SSL configuration for cloud databases
DATABASE_URL=postgresql://user:pass@host:5432/db?sslmode=require
DB_URL=postgresql://user:pass@host:5432/db?sslmode=require
# Connection pool settings
DATABASE_POOL_SIZE=20
@@ -673,11 +673,11 @@ curl -X POST http://localhost:3000/api/smart-routing/feedback \
**Solutions:**
1. Verify PostgreSQL is running
2. Check DATABASE_URL format
2. Check DB_URL format
3. Ensure pgvector extension is installed
4. Test connection manually:
```bash
psql $DATABASE_URL -c "SELECT 1;"
psql $DB_URL -c "SELECT 1;"
```
</Accordion>

6
docs/installation.mdx
View File

@@ -445,7 +445,7 @@ Set the following environment variables:
```bash
# Database connection
DATABASE_URL=postgresql://mcphub:your_password@localhost:5432/mcphub
DB_URL=postgresql://mcphub:your_password@localhost:5432/mcphub
# OpenAI API for embeddings
OPENAI_API_KEY=your_openai_api_key
@@ -563,10 +563,10 @@ curl -X POST http://localhost:3000/mcp \
**Database connection failed:**
```bash
# Test database connection
psql $DATABASE_URL -c "SELECT 1;"
psql $DB_URL -c "SELECT 1;"
# Check if pgvector is installed
psql $DATABASE_URL -c "CREATE EXTENSION IF NOT EXISTS vector;"
psql $DB_URL -c "CREATE EXTENSION IF NOT EXISTS vector;"
```
**Embedding service errors:**

6
docs/zh/configuration/docker-setup.mdx
View File

@@ -106,7 +106,7 @@ services:
- NODE_ENV=production
- PORT=3000
- JWT_SECRET=${JWT_SECRET:-your-jwt-secret}
- DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub
volumes:
- ./mcp_settings.json:/app/mcp_settings.json:ro
- ./servers.json:/app/servers.json:ro
@@ -180,7 +180,7 @@ services:
- PORT=3000
- JWT_SECRET=${JWT_SECRET}
- JWT_EXPIRES_IN=${JWT_EXPIRES_IN:-24h}
- DATABASE_URL=postgresql://mcphub:${POSTGRES_PASSWORD}@postgres:5432/mcphub
- DB_URL=postgresql://mcphub:${POSTGRES_PASSWORD}@postgres:5432/mcphub
- OPENAI_API_KEY=${OPENAI_API_KEY}
- REDIS_URL=redis://redis:6379
volumes:
@@ -293,7 +293,7 @@ services:
environment:
- NODE_ENV=development
- PORT=3000
- DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub
volumes:
- .:/app
- /app/node_modules

2
docs/zh/configuration/mcp-settings.mdx
View File

@@ -290,7 +290,7 @@ MCPHub 支持使用 `${VAR_NAME}` 语法进行环境变量替换:
"command": "python",
"args": ["-m", "db_server"],
"env": {
"DB_URL": "${NODE_ENV:development == 'production' ? DATABASE_URL : DEV_DATABASE_URL}"
"DB_URL": "${NODE_ENV:development == 'production' ? DB_URL : DEV_DB_URL}"
}
}
}

2
docs/zh/development/getting-started.mdx
View File

@@ -47,7 +47,7 @@ PORT=3000
NODE_ENV=development
# 数据库配置
DATABASE_URL=postgresql://username:password@localhost:5432/mcphub
DB_URL=postgresql://username:password@localhost:5432/mcphub
# JWT 配置
JWT_SECRET=your-secret-key

4
docs/zh/essentials/code.mdx
View File

@@ -480,7 +480,7 @@ docker run -d \
--name mcphub \
-p 3000:3000 \
-e NODE_ENV=production \
-e DATABASE_URL=postgresql://user:pass@host:5432/mcphub \
-e DB_URL=postgresql://user:pass@host:5432/mcphub \
-e JWT_SECRET=your-secret-key \
mcphub/server:latest
@@ -504,7 +504,7 @@ docker run -d \
--name mcphub \
-p 3000:3000 \
-e NODE_ENV=production \
-e DATABASE_URL=postgresql://user:pass@host:5432/mcphub \
-e DB_URL=postgresql://user:pass@host:5432/mcphub \
-e JWT_SECRET=your-secret-key \
mcphub/server:latest

4
docs/zh/essentials/markdown.mdx
View File

@@ -159,7 +159,7 @@ services:
- '3000:3000'
environment:
- NODE_ENV=production
- DATABASE_URL=postgresql://user:pass@db:5432/mcphub
- DB_URL=postgresql://user:pass@db:5432/mcphub
```
````
@@ -172,7 +172,7 @@ services:
- '3000:3000'
environment:
- NODE_ENV=production
- DATABASE_URL=postgresql://user:pass@db:5432/mcphub
- DB_URL=postgresql://user:pass@db:5432/mcphub
```
### 终端命令

4
docs/zh/features/smart-routing.mdx
View File

@@ -245,11 +245,11 @@ curl -X POST http://localhost:3000/api/smart-routing/feedback \
**解决方案:**
1. 验证 PostgreSQL 是否正在运行
2. 检查 DATABASE_URL 格式
2. 检查 DB_URL 格式
3. 确保安装了 pgvector 扩展
4. 手动测试连接:
```bash
psql $DATABASE_URL -c "SELECT 1;"
psql $DB_URL -c "SELECT 1;"
```
</Accordion>

6
docs/zh/installation.mdx
View File

@@ -420,7 +420,7 @@ description: '各种平台的详细安装说明'
```bash
# 数据库连接
DATABASE_URL=postgresql://mcphub:your_password@localhost:5432/mcphub
DB_URL=postgresql://mcphub:your_password@localhost:5432/mcphub
# 用于嵌入的 OpenAI API
OPENAI_API_KEY=your_openai_api_key
@@ -538,10 +538,10 @@ curl -X POST http://localhost:3000/mcp \
**数据库连接失败:**
```bash
# 测试数据库连接
psql $DATABASE_URL -c "SELECT 1;"
psql $DB_URL -c "SELECT 1;"
# 检查是否安装了 pgvector
psql $DATABASE_URL -c "CREATE EXTENSION IF NOT EXISTS vector;"
psql $DB_URL -c "CREATE EXTENSION IF NOT EXISTS vector;"
```
**嵌入服务错误:**

50
examples/mcp_settings_with_env_vars.json
View File

@@ -28,7 +28,48 @@
"env": {
"API_KEY": "${MY_API_KEY}",
"DEBUG": "${DEBUG_MODE}",
"DATABASE_URL": "${DATABASE_URL}"
"DB_URL": "${DB_URL}"
}
},
"example-stdio-with-proxy": {
"type": "stdio",
"command": "uvx",
"args": [
"mcp-server-fetch"
],
"proxy": {
"enabled": true,
"type": "socks5",
"host": "${PROXY_HOST}",
"port": 1080
}
},
"example-stdio-with-auth-proxy": {
"type": "stdio",
"command": "npx",
"args": [
"-y",
"@example/mcp-server"
],
"proxy": {
"enabled": true,
"type": "http",
"host": "${HTTP_PROXY_HOST}",
"port": 8080,
"username": "${PROXY_USERNAME}",
"password": "${PROXY_PASSWORD}"
}
},
"example-stdio-with-custom-proxy-config": {
"type": "stdio",
"command": "python",
"args": [
"-m",
"custom_mcp_server"
],
"proxy": {
"enabled": true,
"configPath": "/etc/proxychains4/custom.conf"
}
},
"example-openapi-server": {
@@ -55,7 +96,10 @@
"clientId": "${OAUTH_CLIENT_ID}",
"clientSecret": "${OAUTH_CLIENT_SECRET}",
"accessToken": "${OAUTH_ACCESS_TOKEN}",
"scopes": ["read", "write"]
"scopes": [
"read",
"write"
]
}
}
},
@@ -77,4 +121,4 @@
"baseUrl": "${MCPROUTER_BASE_URL}"
}
}
}
}

2
frontend/src/App.tsx
View File

@@ -8,7 +8,6 @@ import { SettingsProvider } from './contexts/SettingsContext';
import MainLayout from './layouts/MainLayout';
import ProtectedRoute from './components/ProtectedRoute';
import LoginPage from './pages/LoginPage';
import SSOCallbackPage from './pages/SSOCallbackPage';
import DashboardPage from './pages/Dashboard';
import ServersPage from './pages/ServersPage';
import GroupsPage from './pages/GroupsPage';
@@ -36,7 +35,6 @@ function App() {
<Routes>
{/* 公共路由 */}
<Route path="/login" element={<LoginPage />} />
<Route path="/sso-callback" element={<SSOCallbackPage />} />
{/* 受保护的路由,使用 MainLayout 作为布局容器 */}
<Route element={<ProtectedRoute />}>

194
frontend/src/components/GroupCard.tsx
View File

@@ -1,99 +1,103 @@
import { useState, useRef, useEffect } from 'react'
import { useTranslation } from 'react-i18next'
import { Group, Server, IGroupServerConfig } from '@/types'
import { Edit, Trash, Copy, Check, Link, FileCode, DropdownIcon, Wrench } from '@/components/icons/LucideIcons'
import DeleteDialog from '@/components/ui/DeleteDialog'
import { useToast } from '@/contexts/ToastContext'
import { useSettingsData } from '@/hooks/useSettingsData'
import { useState, useRef, useEffect } from 'react';
import { useTranslation } from 'react-i18next';
import { Group, Server, IGroupServerConfig } from '@/types';
import {
Edit,
Trash,
Copy,
Check,
Link,
FileCode,
DropdownIcon,
Wrench,
} from '@/components/icons/LucideIcons';
import DeleteDialog from '@/components/ui/DeleteDialog';
import { useToast } from '@/contexts/ToastContext';
import { useSettingsData } from '@/hooks/useSettingsData';
interface GroupCardProps {
group: Group
servers: Server[]
onEdit: (group: Group) => void
onDelete: (groupId: string) => void
group: Group;
servers: Server[];
onEdit: (group: Group) => void;
onDelete: (groupId: string) => void;
}
const GroupCard = ({
group,
servers,
onEdit,
onDelete
}: GroupCardProps) => {
const { t } = useTranslation()
const { showToast } = useToast()
const { installConfig } = useSettingsData()
const [showDeleteDialog, setShowDeleteDialog] = useState(false)
const [copied, setCopied] = useState(false)
const [showCopyDropdown, setShowCopyDropdown] = useState(false)
const [expandedServer, setExpandedServer] = useState<string | null>(null)
const dropdownRef = useRef<HTMLDivElement>(null)
const GroupCard = ({ group, servers, onEdit, onDelete }: GroupCardProps) => {
const { t } = useTranslation();
const { showToast } = useToast();
const { installConfig } = useSettingsData();
const [showDeleteDialog, setShowDeleteDialog] = useState(false);
const [copied, setCopied] = useState(false);
const [showCopyDropdown, setShowCopyDropdown] = useState(false);
const [expandedServer, setExpandedServer] = useState<string | null>(null);
const dropdownRef = useRef<HTMLDivElement>(null);
// Close dropdown when clicking outside
useEffect(() => {
const handleClickOutside = (event: MouseEvent) => {
if (dropdownRef.current && !dropdownRef.current.contains(event.target as Node)) {
setShowCopyDropdown(false)
setShowCopyDropdown(false);
}
}
};
document.addEventListener('mousedown', handleClickOutside)
document.addEventListener('mousedown', handleClickOutside);
return () => {
document.removeEventListener('mousedown', handleClickOutside)
}
}, [])
document.removeEventListener('mousedown', handleClickOutside);
};
}, []);
const handleEdit = () => {
onEdit(group)
}
onEdit(group);
};
const handleDelete = () => {
setShowDeleteDialog(true)
}
setShowDeleteDialog(true);
};
const handleConfirmDelete = () => {
onDelete(group.id)
setShowDeleteDialog(false)
}
onDelete(group.id);
setShowDeleteDialog(false);
};
const copyToClipboard = (text: string) => {
if (navigator.clipboard && window.isSecureContext) {
navigator.clipboard.writeText(text).then(() => {
setCopied(true)
setShowCopyDropdown(false)
showToast(t('common.copySuccess'), 'success')
setTimeout(() => setCopied(false), 2000)
})
setCopied(true);
setShowCopyDropdown(false);
showToast(t('common.copySuccess'), 'success');
setTimeout(() => setCopied(false), 2000);
});
} else {
// Fallback for HTTP or unsupported clipboard API
const textArea = document.createElement('textarea')
textArea.value = text
const textArea = document.createElement('textarea');
textArea.value = text;
// Avoid scrolling to bottom
textArea.style.position = 'fixed'
textArea.style.left = '-9999px'
document.body.appendChild(textArea)
textArea.focus()
textArea.select()
textArea.style.position = 'fixed';
textArea.style.left = '-9999px';
document.body.appendChild(textArea);
textArea.focus();
textArea.select();
try {
document.execCommand('copy')
setCopied(true)
setShowCopyDropdown(false)
showToast(t('common.copySuccess'), 'success')
setTimeout(() => setCopied(false), 2000)
document.execCommand('copy');
setCopied(true);
setShowCopyDropdown(false);
showToast(t('common.copySuccess'), 'success');
setTimeout(() => setCopied(false), 2000);
} catch (err) {
showToast(t('common.copyFailed') || 'Copy failed', 'error')
console.error('Copy to clipboard failed:', err)
showToast(t('common.copyFailed') || 'Copy failed', 'error');
console.error('Copy to clipboard failed:', err);
}
document.body.removeChild(textArea)
document.body.removeChild(textArea);
}
}
};
const handleCopyId = () => {
copyToClipboard(group.id)
}
copyToClipboard(group.id);
};
const handleCopyUrl = () => {
copyToClipboard(`${installConfig.baseUrl}/mcp/${group.id}`)
}
copyToClipboard(`${installConfig.baseUrl}/mcp/${group.id}`);
};
const handleCopyJson = () => {
const jsonConfig = {
@@ -101,23 +105,23 @@ const GroupCard = ({
mcphub: {
url: `${installConfig.baseUrl}/mcp/${group.id}`,
headers: {
Authorization: "Bearer <your-access-token>"
}
}
}
}
copyToClipboard(JSON.stringify(jsonConfig, null, 2))
}
Authorization: 'Bearer <your-access-token>',
},
},
},
};
copyToClipboard(JSON.stringify(jsonConfig, null, 2));
};
// Helper function to normalize group servers to get server names
const getServerNames = (servers: string[] | IGroupServerConfig[]): string[] => {
return servers.map(server => typeof server === 'string' ? server : server.name);
return servers.map((server) => (typeof server === 'string' ? server : server.name));
};
// Helper function to get server configuration
const getServerConfig = (serverName: string): IGroupServerConfig | undefined => {
const server = group.servers.find(s =>
typeof s === 'string' ? s === serverName : s.name === serverName
const server = group.servers.find((s) =>
typeof s === 'string' ? s === serverName : s.name === serverName,
);
if (typeof server === 'string') {
return { name: server, tools: 'all' };
@@ -127,11 +131,11 @@ const GroupCard = ({
// Get servers that belong to this group
const serverNames = getServerNames(group.servers);
const groupServers = servers.filter(server => serverNames.includes(server.name));
const groupServers = servers.filter((server) => serverNames.includes(server.name));
return (
<div className="bg-white shadow rounded-lg p-6 ">
<div className="flex justify-between items-center mb-4">
<div className="bg-white shadow rounded-lg p-4">
<div className="flex justify-between items-center">
<div>
<div className="flex items-center">
<h2 className="text-xl font-semibold text-gray-800">{group.name}</h2>
@@ -175,9 +179,7 @@ const GroupCard = ({
</div>
</div>
</div>
{group.description && (
<p className="text-gray-600 text-sm mt-1">{group.description}</p>
)}
{group.description && <p className="text-gray-600 text-sm mt-1">{group.description}</p>}
</div>
<div className="flex items-center space-x-3">
<div className="bg-blue-50 text-blue-700 px-3 py-1 rounded-full text-sm btn-secondary">
@@ -200,17 +202,19 @@ const GroupCard = ({
</div>
</div>
<div className="mt-4">
<div className="">
{groupServers.length === 0 ? (
<p className="text-gray-500 italic">{t('groups.noServers')}</p>
) : (
<div className="flex flex-wrap gap-2">
{groupServers.map(server => {
{groupServers.map((server) => {
const serverConfig = getServerConfig(server.name);
const hasToolRestrictions = serverConfig && serverConfig.tools !== 'all' && Array.isArray(serverConfig.tools);
const toolCount = hasToolRestrictions && Array.isArray(serverConfig?.tools)
? serverConfig.tools.length
: (server.tools?.length || 0); // Show total tool count when all tools are selected
const hasToolRestrictions =
serverConfig && serverConfig.tools !== 'all' && Array.isArray(serverConfig.tools);
const toolCount =
hasToolRestrictions && Array.isArray(serverConfig?.tools)
? serverConfig.tools.length
: server.tools?.length || 0; // Show total tool count when all tools are selected
const isExpanded = expandedServer === server.name;
@@ -219,7 +223,7 @@ const GroupCard = ({
if (hasToolRestrictions && Array.isArray(serverConfig?.tools)) {
return serverConfig.tools;
} else if (server.tools && server.tools.length > 0) {
return server.tools.map(tool => tool.name);
return server.tools.map((tool) => tool.name);
}
return [];
};
@@ -235,9 +239,15 @@ const GroupCard = ({
onClick={handleServerClick}
>
<span className="font-medium text-gray-700 text-sm">{server.name}</span>
<span className={`inline-block h-2 w-2 rounded-full ${server.status === 'connected' ? 'bg-green-500' :
server.status === 'connecting' ? 'bg-yellow-500' : 'bg-red-500'
}`}></span>
<span
className={`inline-block h-2 w-2 rounded-full ${
server.status === 'connected'
? 'bg-green-500'
: server.status === 'connecting'
? 'bg-yellow-500'
: 'bg-red-500'
}`}
></span>
{toolCount > 0 && (
<span className="text-xs text-blue-600 bg-blue-100 px-2 py-0.5 rounded flex items-center gap-1">
<Wrench size={12} />
@@ -278,7 +288,7 @@ const GroupCard = ({
isGroup={true}
/>
</div>
)
}
);
};
export default GroupCard
export default GroupCard;

21
frontend/src/components/ServerCard.tsx
View File

@@ -18,7 +18,14 @@ interface ServerCardProps {
onReload?: (server: Server) => Promise<boolean>;
}
const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh, onReload }: ServerCardProps) => {
const ServerCard = ({
server,
onRemove,
onEdit,
onToggle,
onRefresh,
onReload,
}: ServerCardProps) => {
const { t } = useTranslation();
const { showToast } = useToast();
const [isExpanded, setIsExpanded] = useState(false);
@@ -232,10 +239,10 @@ const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh, onReload }:
return (
<>
<div
className={`bg-white shadow rounded-lg p-6 mb-6 page-card transition-all duration-200 ${server.enabled === false ? 'opacity-60' : ''}`}
className={`bg-white shadow rounded-lg mb-6 page-card transition-all duration-200 ${server.enabled === false ? 'opacity-60' : ''}`}
>
<div
className="flex justify-between items-center cursor-pointer"
className="flex justify-between items-center cursor-pointer p-4"
onClick={() => setIsExpanded(!isExpanded)}
>
<div className="flex items-center space-x-3">
@@ -385,9 +392,9 @@ const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh, onReload }:
{isExpanded && (
<>
{server.tools && (
<div className="mt-6">
<div className="px-4">
<h6
className={`font-medium ${server.enabled === false ? 'text-gray-600' : 'text-gray-900'} mb-4`}
className={`font-medium ${server.enabled === false ? 'text-gray-600' : 'text-gray-900'} mb-2`}
>
{t('server.tools')}
</h6>
@@ -405,9 +412,9 @@ const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh, onReload }:
)}
{server.prompts && (
<div className="mt-6">
<div className="px-4 pb-2">
<h6
className={`font-medium ${server.enabled === false ? 'text-gray-600' : 'text-gray-900'} mb-4`}
className={`font-medium ${server.enabled === false ? 'text-gray-600' : 'text-gray-900'}`}
>
{t('server.prompts')}
</h6>

18
frontend/src/components/ui/Pagination.tsx
View File

@@ -1,16 +1,20 @@
import React from 'react';
import { useTranslation } from 'react-i18next';
interface PaginationProps {
currentPage: number;
totalPages: number;
onPageChange: (page: number) => void;
disabled?: boolean;
}
const Pagination: React.FC<PaginationProps> = ({
currentPage,
totalPages,
onPageChange
onPageChange,
disabled = false
}) => {
const { t } = useTranslation();
// Generate page buttons
const getPageButtons = () => {
const buttons = [];
@@ -95,26 +99,26 @@ const Pagination: React.FC<PaginationProps> = ({
<div className="flex justify-center items-center my-6">
<button
onClick={() => onPageChange(Math.max(1, currentPage - 1))}
disabled={currentPage === 1}
className={`px-3 py-1 rounded mr-2 ${currentPage === 1
disabled={disabled || currentPage === 1}
className={`px-3 py-1 rounded mr-2 ${disabled || currentPage === 1
? 'bg-gray-100 text-gray-400 cursor-not-allowed'
: 'bg-gray-200 hover:bg-gray-300 text-gray-700 btn-secondary'
}`}
>
&laquo; Prev
&laquo; {t('common.previous')}
</button>
<div className="flex">{getPageButtons()}</div>
<button
onClick={() => onPageChange(Math.min(totalPages, currentPage + 1))}
disabled={currentPage === totalPages}
className={`px-3 py-1 rounded ml-2 ${currentPage === totalPages
disabled={disabled || currentPage === totalPages}
className={`px-3 py-1 rounded ml-2 ${disabled || currentPage === totalPages
? 'bg-gray-100 text-gray-400 cursor-not-allowed'
: 'bg-gray-200 hover:bg-gray-300 text-gray-700 btn-secondary'
}`}
>
Next &raquo;
{t('common.next')} &raquo;
</button>
</div>
);

4
frontend/src/components/ui/PromptCard.tsx
View File

@@ -171,9 +171,9 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
};
return (
<div className="bg-white border border-gray-200 shadow rounded-lg p-4 mb-4">
<div className="bg-white border border-gray-200 shadow rounded-lg mb-4">
<div
className="flex justify-between items-center cursor-pointer"
className="flex justify-between items-center p-2 cursor-pointer"
onClick={() => setIsExpanded(!isExpanded)}
>
<div className="flex-1">

259
frontend/src/components/ui/ToolCard.tsx
View File

@@ -1,19 +1,27 @@
import { useState, useCallback, useRef, useEffect } from 'react'
import { useTranslation } from 'react-i18next'
import { Tool } from '@/types'
import { ChevronDown, ChevronRight, Play, Loader, Edit, Check, Copy } from '@/components/icons/LucideIcons'
import { callTool, ToolCallResult, updateToolDescription } from '@/services/toolService'
import { useSettingsData } from '@/hooks/useSettingsData'
import { useToast } from '@/contexts/ToastContext'
import { Switch } from './ToggleGroup'
import DynamicForm from './DynamicForm'
import ToolResult from './ToolResult'
import { useState, useCallback, useRef, useEffect } from 'react';
import { useTranslation } from 'react-i18next';
import { Tool } from '@/types';
import {
ChevronDown,
ChevronRight,
Play,
Loader,
Edit,
Check,
Copy,
} from '@/components/icons/LucideIcons';
import { callTool, ToolCallResult, updateToolDescription } from '@/services/toolService';
import { useSettingsData } from '@/hooks/useSettingsData';
import { useToast } from '@/contexts/ToastContext';
import { Switch } from './ToggleGroup';
import DynamicForm from './DynamicForm';
import ToolResult from './ToolResult';
interface ToolCardProps {
server: string
tool: Tool
onToggle?: (toolName: string, enabled: boolean) => void
onDescriptionUpdate?: (toolName: string, description: string) => void
server: string;
tool: Tool;
onToggle?: (toolName: string, enabled: boolean) => void;
onDescriptionUpdate?: (toolName: string, description: string) => void;
}
// Helper to check for "empty" values
@@ -26,165 +34,173 @@ function isEmptyValue(value: any): boolean {
}
const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps) => {
const { t } = useTranslation()
const { showToast } = useToast()
const { nameSeparator } = useSettingsData()
const [isExpanded, setIsExpanded] = useState(false)
const [showRunForm, setShowRunForm] = useState(false)
const [isRunning, setIsRunning] = useState(false)
const [result, setResult] = useState<ToolCallResult | null>(null)
const [isEditingDescription, setIsEditingDescription] = useState(false)
const [customDescription, setCustomDescription] = useState(tool.description || '')
const descriptionInputRef = useRef<HTMLInputElement>(null)
const descriptionTextRef = useRef<HTMLSpanElement>(null)
const [textWidth, setTextWidth] = useState<number>(0)
const [copiedToolName, setCopiedToolName] = useState(false)
const { t } = useTranslation();
const { showToast } = useToast();
const { nameSeparator } = useSettingsData();
const [isExpanded, setIsExpanded] = useState(false);
const [showRunForm, setShowRunForm] = useState(false);
const [isRunning, setIsRunning] = useState(false);
const [result, setResult] = useState<ToolCallResult | null>(null);
const [isEditingDescription, setIsEditingDescription] = useState(false);
const [customDescription, setCustomDescription] = useState(tool.description || '');
const descriptionInputRef = useRef<HTMLInputElement>(null);
const descriptionTextRef = useRef<HTMLSpanElement>(null);
const [textWidth, setTextWidth] = useState<number>(0);
const [copiedToolName, setCopiedToolName] = useState(false);
// Focus the input when editing mode is activated
useEffect(() => {
if (isEditingDescription && descriptionInputRef.current) {
descriptionInputRef.current.focus()
descriptionInputRef.current.focus();
// Set input width to match text width
if (textWidth > 0) {
descriptionInputRef.current.style.width = `${textWidth + 20}px` // Add some padding
descriptionInputRef.current.style.width = `${textWidth + 20}px`; // Add some padding
}
}
}, [isEditingDescription, textWidth])
}, [isEditingDescription, textWidth]);
// Measure text width when not editing
useEffect(() => {
if (!isEditingDescription && descriptionTextRef.current) {
setTextWidth(descriptionTextRef.current.offsetWidth)
setTextWidth(descriptionTextRef.current.offsetWidth);
}
}, [isEditingDescription, customDescription])
}, [isEditingDescription, customDescription]);
// Generate a unique key for localStorage based on tool name and server
const getStorageKey = useCallback(() => {
return `mcphub_tool_form_${server ? `${server}_` : ''}${tool.name}`
}, [tool.name, server])
return `mcphub_tool_form_${server ? `${server}_` : ''}${tool.name}`;
}, [tool.name, server]);
// Clear form data from localStorage
const clearStoredFormData = useCallback(() => {
localStorage.removeItem(getStorageKey())
}, [getStorageKey])
localStorage.removeItem(getStorageKey());
}, [getStorageKey]);
const handleToggle = (enabled: boolean) => {
if (onToggle) {
onToggle(tool.name, enabled)
onToggle(tool.name, enabled);
}
}
};
const handleDescriptionEdit = () => {
setIsEditingDescription(true)
}
setIsEditingDescription(true);
};
const handleDescriptionSave = async () => {
try {
const result = await updateToolDescription(server, tool.name, customDescription)
const result = await updateToolDescription(server, tool.name, customDescription);
if (result.success) {
setIsEditingDescription(false)
setIsEditingDescription(false);
if (onDescriptionUpdate) {
onDescriptionUpdate(tool.name, customDescription)
onDescriptionUpdate(tool.name, customDescription);
}
} else {
// Revert on error
setCustomDescription(tool.description || '')
console.error('Failed to update tool description:', result.error)
setCustomDescription(tool.description || '');
console.error('Failed to update tool description:', result.error);
}
} catch (error) {
console.error('Error updating tool description:', error)
setCustomDescription(tool.description || '')
setIsEditingDescription(false)
console.error('Error updating tool description:', error);
setCustomDescription(tool.description || '');
setIsEditingDescription(false);
}
}
};
const handleDescriptionChange = (e: React.ChangeEvent<HTMLInputElement>) => {
setCustomDescription(e.target.value)
}
setCustomDescription(e.target.value);
};
const handleDescriptionKeyDown = (e: React.KeyboardEvent<HTMLInputElement>) => {
if (e.key === 'Enter') {
handleDescriptionSave()
handleDescriptionSave();
} else if (e.key === 'Escape') {
setCustomDescription(tool.description || '')
setIsEditingDescription(false)
setCustomDescription(tool.description || '');
setIsEditingDescription(false);
}
}
};
const handleCopyToolName = async (e: React.MouseEvent) => {
e.stopPropagation()
e.stopPropagation();
try {
if (navigator.clipboard && window.isSecureContext) {
await navigator.clipboard.writeText(tool.name)
setCopiedToolName(true)
showToast(t('common.copySuccess'), 'success')
setTimeout(() => setCopiedToolName(false), 2000)
await navigator.clipboard.writeText(tool.name);
setCopiedToolName(true);
showToast(t('common.copySuccess'), 'success');
setTimeout(() => setCopiedToolName(false), 2000);
} else {
// Fallback for HTTP or unsupported clipboard API
const textArea = document.createElement('textarea')
textArea.value = tool.name
textArea.style.position = 'fixed'
textArea.style.left = '-9999px'
document.body.appendChild(textArea)
textArea.focus()
textArea.select()
const textArea = document.createElement('textarea');
textArea.value = tool.name;
textArea.style.position = 'fixed';
textArea.style.left = '-9999px';
document.body.appendChild(textArea);
textArea.focus();
textArea.select();
try {
document.execCommand('copy')
setCopiedToolName(true)
showToast(t('common.copySuccess'), 'success')
setTimeout(() => setCopiedToolName(false), 2000)
document.execCommand('copy');
setCopiedToolName(true);
showToast(t('common.copySuccess'), 'success');
setTimeout(() => setCopiedToolName(false), 2000);
} catch (err) {
showToast(t('common.copyFailed'), 'error')
console.error('Copy to clipboard failed:', err)
showToast(t('common.copyFailed'), 'error');
console.error('Copy to clipboard failed:', err);
}
document.body.removeChild(textArea)
document.body.removeChild(textArea);
}
} catch (error) {
showToast(t('common.copyFailed'), 'error')
console.error('Copy to clipboard failed:', error)
showToast(t('common.copyFailed'), 'error');
console.error('Copy to clipboard failed:', error);
}
}
};
const handleRunTool = async (arguments_: Record<string, any>) => {
setIsRunning(true)
setIsRunning(true);
try {
// filter empty values
arguments_ = Object.fromEntries(Object.entries(arguments_).filter(([_, v]) => !isEmptyValue(v)))
const result = await callTool({
toolName: tool.name,
arguments: arguments_,
}, server)
arguments_ = Object.fromEntries(
Object.entries(arguments_).filter(([_, v]) => !isEmptyValue(v)),
);
const result = await callTool(
{
toolName: tool.name,
arguments: arguments_,
},
server,
);
setResult(result)
setResult(result);
// Clear form data on successful submission
// clearStoredFormData()
} catch (error) {
setResult({
success: false,
error: error instanceof Error ? error.message : 'Unknown error occurred',
})
});
} finally {
setIsRunning(false)
setIsRunning(false);
}
}
};
const handleCancelRun = () => {
setShowRunForm(false)
setShowRunForm(false);
// Clear form data when cancelled
clearStoredFormData()
setResult(null)
}
clearStoredFormData();
setResult(null);
};
const handleCloseResult = () => {
setResult(null)
}
setResult(null);
};
return (
<div className="bg-white border border-gray-200 shadow rounded-lg p-4 mb-4">
<div className="bg-white border border-gray-200 shadow rounded-lg mb-4">
<div
className="flex justify-between items-center cursor-pointer"
onClick={() => setIsExpanded(!isExpanded)}
className="flex justify-between items-center cursor-pointer p-2"
onClick={(e) => {
e.stopPropagation();
setIsExpanded(!isExpanded);
}}
>
<div className="flex-1">
<h3 className="text-lg font-medium text-gray-900 inline-flex items-center">
@@ -194,11 +210,7 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
onClick={handleCopyToolName}
title={t('common.copy')}
>
{copiedToolName ? (
<Check size={16} className="text-green-500" />
) : (
<Copy size={16} />
)}
{copiedToolName ? <Check size={16} className="text-green-500" /> : <Copy size={16} />}
</button>
<span className="ml-2 text-sm font-normal text-gray-600 inline-flex items-center">
{isEditingDescription ? (
@@ -213,14 +225,14 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
onClick={(e) => e.stopPropagation()}
style={{
minWidth: '100px',
width: textWidth > 0 ? `${textWidth + 20}px` : 'auto'
width: textWidth > 0 ? `${textWidth + 20}px` : 'auto',
}}
/>
<button
className="ml-2 p-1 text-green-600 hover:text-green-800 cursor-pointer transition-colors"
onClick={(e) => {
e.stopPropagation()
handleDescriptionSave()
e.stopPropagation();
handleDescriptionSave();
}}
>
<Check size={16} />
@@ -228,12 +240,14 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
</>
) : (
<>
<span ref={descriptionTextRef}>{customDescription || t('tool.noDescription')}</span>
<span ref={descriptionTextRef}>
{customDescription || t('tool.noDescription')}
</span>
<button
className="ml-2 p-1 text-gray-500 hover:text-blue-600 cursor-pointer transition-colors"
onClick={(e) => {
e.stopPropagation()
handleDescriptionEdit()
e.stopPropagation();
handleDescriptionEdit();
}}
>
<Edit size={14} />
@@ -244,10 +258,7 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
</h3>
</div>
<div className="flex items-center space-x-2">
<div
className="flex items-center space-x-2"
onClick={(e) => e.stopPropagation()}
>
<div className="flex items-center space-x-2" onClick={(e) => e.stopPropagation()}>
<Switch
checked={tool.enabled ?? true}
onCheckedChange={handleToggle}
@@ -256,18 +267,14 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
</div>
<button
onClick={(e) => {
e.stopPropagation()
setIsExpanded(true) // Ensure card is expanded when showing run form
setShowRunForm(true)
e.stopPropagation();
setIsExpanded(true); // Ensure card is expanded when showing run form
setShowRunForm(true);
}}
className="flex items-center space-x-1 px-3 py-1 text-sm text-blue-600 bg-blue-50 hover:bg-blue-100 rounded-md transition-colors btn-primary"
disabled={isRunning || !tool.enabled}
>
{isRunning ? (
<Loader size={14} className="animate-spin" />
) : (
<Play size={14} />
)}
{isRunning ? <Loader size={14} className="animate-spin" /> : <Play size={14} />}
<span>{isRunning ? t('tool.running') : t('tool.run')}</span>
</button>
<button className="text-gray-400 hover:text-gray-600">
@@ -297,7 +304,9 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
onCancel={handleCancelRun}
loading={isRunning}
storageKey={getStorageKey()}
title={t('tool.runToolWithName', { name: tool.name.replace(server + nameSeparator, '') })}
title={t('tool.runToolWithName', {
name: tool.name.replace(server + nameSeparator, ''),
})}
/>
{/* Tool Result */}
{result && (
@@ -307,12 +316,10 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
)}
</div>
)}
</div>
)}
</div>
)
}
);
};
export default ToolCard
export default ToolCard;

67
frontend/src/contexts/ServerContext.tsx
View File

@@ -17,6 +17,16 @@ const CONFIG = {
},
};
// Pagination info type
interface PaginationInfo {
page: number;
limit: number;
total: number;
totalPages: number;
hasNextPage: boolean;
hasPrevPage: boolean;
}
// Context type definition
interface ServerContextType {
servers: Server[];
@@ -24,6 +34,11 @@ interface ServerContextType {
setError: (error: string | null) => void;
isLoading: boolean;
fetchAttempts: number;
pagination: PaginationInfo | null;
currentPage: number;
serversPerPage: number;
setCurrentPage: (page: number) => void;
setServersPerPage: (limit: number) => void;
triggerRefresh: () => void;
refreshIfNeeded: () => void; // Smart refresh with debounce
handleServerAdd: () => void;
@@ -45,6 +60,9 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
const [refreshKey, setRefreshKey] = useState(0);
const [isInitialLoading, setIsInitialLoading] = useState(true);
const [fetchAttempts, setFetchAttempts] = useState(0);
const [pagination, setPagination] = useState<PaginationInfo | null>(null);
const [currentPage, setCurrentPage] = useState(1);
const [serversPerPage, setServersPerPage] = useState(10);
// Timer reference for polling
const intervalRef = useRef<NodeJS.Timeout | null>(null);
@@ -73,18 +91,31 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
const fetchServers = async () => {
try {
console.log('[ServerContext] Fetching servers from API...');
const data = await apiGet('/servers');
// Build query parameters for pagination
const params = new URLSearchParams();
params.append('page', currentPage.toString());
params.append('limit', serversPerPage.toString());
const data = await apiGet(`/servers?${params.toString()}`);
// Update last fetch time
lastFetchTimeRef.current = Date.now();
if (data && data.success && Array.isArray(data.data)) {
setServers(data.data);
// Update pagination info if available
if (data.pagination) {
setPagination(data.pagination);
} else {
setPagination(null);
}
} else if (data && Array.isArray(data)) {
// Compatibility handling for non-paginated responses
setServers(data);
setPagination(null);
} else {
console.error('Invalid server data format:', data);
setServers([]);
setPagination(null);
}
// Reset error state
@@ -114,7 +145,7 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
// Set up regular polling
intervalRef.current = setInterval(fetchServers, CONFIG.normal.pollingInterval);
},
[t],
[t, currentPage, serversPerPage],
);
// Watch for authentication status changes
@@ -150,7 +181,11 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
const fetchInitialData = async () => {
try {
console.log('[ServerContext] Initial fetch - attempt', attemptsRef.current + 1);
const data = await apiGet('/servers');
// Build query parameters for pagination
const params = new URLSearchParams();
params.append('page', currentPage.toString());
params.append('limit', serversPerPage.toString());
const data = await apiGet(`/servers?${params.toString()}`);
// Update last fetch time
lastFetchTimeRef.current = Date.now();
@@ -158,6 +193,12 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
// Handle API response wrapper object, extract data field
if (data && data.success && Array.isArray(data.data)) {
setServers(data.data);
// Update pagination info if available
if (data.pagination) {
setPagination(data.pagination);
} else {
setPagination(null);
}
setIsInitialLoading(false);
// Initialization successful, start normal polling (skip immediate to avoid duplicate fetch)
startNormalPolling({ immediate: false });
@@ -165,6 +206,7 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
} else if (data && Array.isArray(data)) {
// Compatibility handling, if API directly returns array
setServers(data);
setPagination(null);
setIsInitialLoading(false);
// Initialization successful, start normal polling (skip immediate to avoid duplicate fetch)
startNormalPolling({ immediate: false });
@@ -173,6 +215,7 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
// If data format is not as expected, set to empty array
console.error('Invalid server data format:', data);
setServers([]);
setPagination(null);
setIsInitialLoading(false);
// Initialization successful but data is empty, start normal polling (skip immediate)
startNormalPolling({ immediate: false });
@@ -227,7 +270,7 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
return () => {
clearTimer();
};
}, [refreshKey, t, isInitialLoading, startNormalPolling]);
}, [refreshKey, t, isInitialLoading, startNormalPolling, currentPage, serversPerPage]);
// Manually trigger refresh (always refreshes)
const triggerRefresh = useCallback(() => {
@@ -383,12 +426,28 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
[t, triggerRefresh],
);
// Handle page change
const handlePageChange = useCallback((page: number) => {
setCurrentPage(page);
}, []);
// Handle servers per page change
const handleServersPerPageChange = useCallback((limit: number) => {
setServersPerPage(limit);
setCurrentPage(1); // Reset to first page when changing page size
}, []);
const value: ServerContextType = {
servers,
error,
setError,
isLoading: isInitialLoading,
fetchAttempts,
pagination,
currentPage,
serversPerPage,
setCurrentPage: handlePageChange,
setServersPerPage: handleServersPerPageChange,
triggerRefresh,
refreshIfNeeded,
handleServerAdd,

213
frontend/src/pages/LoginPage.tsx
View File

@@ -1,12 +1,11 @@
import React, { useState, useMemo, useCallback, useEffect } from 'react';
import React, { useState, useMemo, useCallback } from 'react';
import { useLocation, useNavigate } from 'react-router-dom';
import { useTranslation } from 'react-i18next';
import { useAuth } from '../contexts/AuthContext';
import { getToken, getSSOConfig, initiateSSOLogin } from '../services/authService';
import { getToken } from '../services/authService';
import ThemeSwitch from '@/components/ui/ThemeSwitch';
import LanguageSwitch from '@/components/ui/LanguageSwitch';
import DefaultPasswordWarningModal from '@/components/ui/DefaultPasswordWarningModal';
import { SSOProvider } from '../types';
const sanitizeReturnUrl = (value: string | null): string | null => {
if (!value) {
@@ -30,65 +29,6 @@ const sanitizeReturnUrl = (value: string | null): string | null => {
}
};
// Provider icons (SVG)
const ProviderIcon: React.FC<{ type: string; className?: string }> = ({
type,
className = 'w-5 h-5',
}) => {
switch (type) {
case 'google':
return (
<svg className={className} viewBox="0 0 24 24" fill="currentColor">
<path
d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
fill="#4285F4"
/>
<path
d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
fill="#34A853"
/>
<path
d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
fill="#FBBC05"
/>
<path
d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
fill="#EA4335"
/>
</svg>
);
case 'github':
return (
<svg className={className} viewBox="0 0 24 24" fill="currentColor">
<path d="M12 0C5.37 0 0 5.37 0 12c0 5.31 3.435 9.795 8.205 11.385.6.105.825-.255.825-.57 0-.285-.015-1.23-.015-2.235-3.015.555-3.795-.735-4.035-1.41-.135-.345-.72-1.41-1.23-1.695-.42-.225-1.02-.78-.015-.795.945-.015 1.62.87 1.845 1.23 1.08 1.815 2.805 1.305 3.495.99.105-.78.42-1.305.765-1.605-2.67-.3-5.46-1.335-5.46-5.925 0-1.305.465-2.385 1.23-3.225-.12-.3-.54-1.53.12-3.18 0 0 1.005-.315 3.3 1.23.96-.27 1.98-.405 3-.405s2.04.135 3 .405c2.295-1.56 3.3-1.23 3.3-1.23.66 1.65.24 2.88.12 3.18.765.84 1.23 1.905 1.23 3.225 0 4.605-2.805 5.625-5.475 5.925.435.375.81 1.095.81 2.22 0 1.605-.015 2.895-.015 3.3 0 .315.225.69.825.57A12.02 12.02 0 0024 12c0-6.63-5.37-12-12-12z" />
</svg>
);
case 'microsoft':
return (
<svg className={className} viewBox="0 0 24 24" fill="currentColor">
<path fill="#F25022" d="M1 1h10v10H1z" />
<path fill="#00A4EF" d="M1 13h10v10H1z" />
<path fill="#7FBA00" d="M13 1h10v10H13z" />
<path fill="#FFB900" d="M13 13h10v10H13z" />
</svg>
);
default:
// Generic OAuth/OIDC icon
return (
<svg
className={className}
viewBox="0 0 24 24"
fill="none"
stroke="currentColor"
strokeWidth="2"
>
<circle cx="12" cy="12" r="10" />
<path d="M12 6v6l4 2" />
</svg>
);
}
};
const LoginPage: React.FC = () => {
const { t } = useTranslation();
const [username, setUsername] = useState('');
@@ -96,9 +36,6 @@ const LoginPage: React.FC = () => {
const [error, setError] = useState<string | null>(null);
const [loading, setLoading] = useState(false);
const [showDefaultPasswordWarning, setShowDefaultPasswordWarning] = useState(false);
const [ssoProviders, setSsoProviders] = useState<SSOProvider[]>([]);
const [ssoEnabled, setSsoEnabled] = useState(false);
const [allowLocalAuth, setAllowLocalAuth] = useState(true);
const { login } = useAuth();
const location = useLocation();
const navigate = useNavigate();
@@ -107,17 +44,6 @@ const LoginPage: React.FC = () => {
return sanitizeReturnUrl(params.get('returnUrl'));
}, [location.search]);
// Load SSO configuration on mount
useEffect(() => {
const loadSSOConfig = async () => {
const config = await getSSOConfig();
setSsoEnabled(config.enabled);
setSsoProviders(config.providers);
setAllowLocalAuth(config.allowLocalAuth);
};
loadSSOConfig();
}, []);
const isServerUnavailableError = useCallback((message?: string) => {
if (!message) return false;
const normalized = message.toLowerCase();
@@ -211,10 +137,6 @@ const LoginPage: React.FC = () => {
}
};
const handleSSOLogin = (providerId: string) => {
initiateSSOLogin(providerId, returnUrl || undefined);
};
const handleCloseWarning = () => {
setShowDefaultPasswordWarning(false);
redirectAfterLogin();
@@ -271,97 +193,58 @@ const LoginPage: React.FC = () => {
<div className="login-card relative w-full rounded-2xl border border-white/10 bg-white/60 p-8 shadow-xl backdrop-blur-md transition dark:border-white/10 dark:bg-gray-900/60">
<div className="absolute -top-24 right-12 h-40 w-40 -translate-y-6 rounded-full bg-indigo-500/30 blur-3xl" />
<div className="absolute -bottom-24 -left-12 h-40 w-40 translate-y-6 rounded-full bg-cyan-500/20 blur-3xl" />
{/* Local auth form - only show if allowed */}
{allowLocalAuth && (
<form className="mt-4 space-y-4" onSubmit={handleSubmit}>
<div className="space-y-4">
<div>
<label htmlFor="username" className="sr-only">
{t('auth.username')}
</label>
<input
id="username"
name="username"
type="text"
autoComplete="username"
required
className="login-input appearance-none relative block w-full rounded-md border border-gray-300/60 bg-white/70 px-3 py-3 text-gray-900 shadow-sm outline-none ring-0 transition-all placeholder:text-gray-500 focus:border-indigo-500 focus:ring-2 focus:ring-indigo-500 dark:border-gray-700/60 dark:bg-gray-800/70 dark:text-white dark:placeholder:text-gray-400"
placeholder={t('auth.username')}
value={username}
onChange={(e) => setUsername(e.target.value)}
/>
</div>
<div>
<label htmlFor="password" className="sr-only">
{t('auth.password')}
</label>
<input
id="password"
name="password"
type="password"
autoComplete="current-password"
required
className="login-input appearance-none relative block w-full rounded-md border border-gray-300/60 bg-white/70 px-3 py-3 text-gray-900 shadow-sm outline-none ring-0 transition-all placeholder:text-gray-500 focus:border-indigo-500 focus:ring-2 focus:ring-indigo-500 dark:border-gray-700/60 dark:bg-gray-800/70 dark:text-white dark:placeholder:text-gray-400"
placeholder={t('auth.password')}
value={password}
onChange={(e) => setPassword(e.target.value)}
/>
</div>
</div>
{error && (
<div className="error-box rounded border border-red-500/20 bg-red-500/10 p-2 text-center text-sm text-red-600 dark:text-red-400">
{error}
</div>
)}
<form className="mt-4 space-y-4" onSubmit={handleSubmit}>
<div className="space-y-4">
<div>
<button
type="submit"
disabled={loading}
className="login-button btn-primary group relative flex w-full items-center justify-center rounded-md border border-transparent bg-indigo-600 px-4 py-2 text-sm font-medium text-white transition-all hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-70"
>
{loading ? t('auth.loggingIn') : t('auth.login')}
</button>
<label htmlFor="username" className="sr-only">
{t('auth.username')}
</label>
<input
id="username"
name="username"
type="text"
autoComplete="username"
required
className="login-input appearance-none relative block w-full rounded-md border border-gray-300/60 bg-white/70 px-3 py-3 text-gray-900 shadow-sm outline-none ring-0 transition-all placeholder:text-gray-500 focus:border-indigo-500 focus:ring-2 focus:ring-indigo-500 dark:border-gray-700/60 dark:bg-gray-800/70 dark:text-white dark:placeholder:text-gray-400"
placeholder={t('auth.username')}
value={username}
onChange={(e) => setUsername(e.target.value)}
/>
</div>
</form>
)}
{/* SSO Buttons */}
{ssoEnabled && ssoProviders.length > 0 && (
<div className="space-y-3 mb-6">
{/* Divider */}
<div className="relative my-4">
<div className="absolute inset-0 flex items-center">
<div className="w-full border-t border-gray-300/60 dark:border-gray-600/60" />
</div>
<div className="relative flex justify-center text-sm">
<span className="px-2 bg-white/60 text-gray-500 dark:bg-gray-900/60 dark:text-gray-400">
{t('auth.orContinueWith')}
</span>
</div>
<div>
<label htmlFor="password" className="sr-only">
{t('auth.password')}
</label>
<input
id="password"
name="password"
type="password"
autoComplete="current-password"
required
className="login-input appearance-none relative block w-full rounded-md border border-gray-300/60 bg-white/70 px-3 py-3 text-gray-900 shadow-sm outline-none ring-0 transition-all placeholder:text-gray-500 focus:border-indigo-500 focus:ring-2 focus:ring-indigo-500 dark:border-gray-700/60 dark:bg-gray-800/70 dark:text-white dark:placeholder:text-gray-400"
placeholder={t('auth.password')}
value={password}
onChange={(e) => setPassword(e.target.value)}
/>
</div>
{ssoProviders.map((provider) => (
<button
key={provider.id}
type="button"
onClick={() => handleSSOLogin(provider.id)}
className="sso-button group relative flex w-full items-center justify-center gap-3 rounded-md border border-gray-300/60 bg-white/80 px-4 py-2.5 text-sm font-medium text-gray-700 shadow-sm transition-all hover:bg-gray-50 hover:border-gray-400/60 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:ring-offset-2 dark:border-gray-600/60 dark:bg-gray-800/80 dark:text-gray-200 dark:hover:bg-gray-700/80"
>
<ProviderIcon type={provider.type} />
<span>{t('auth.continueWith', { provider: provider.name })}</span>
</button>
))}
</div>
)}
{/* Show message if only SSO is available and no providers configured */}
{!allowLocalAuth && ssoProviders.length === 0 && (
<div className="text-center text-gray-500 dark:text-gray-400">
{t('auth.noLoginMethodsAvailable')}
{error && (
<div className="error-box rounded border border-red-500/20 bg-red-500/10 p-2 text-center text-sm text-red-600 dark:text-red-400">
{error}
</div>
)}
<div>
<button
type="submit"
disabled={loading}
className="login-button btn-primary group relative flex w-full items-center justify-center rounded-md border border-transparent bg-indigo-600 px-4 py-2 text-sm font-medium text-white transition-all hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-70"
>
{loading ? t('auth.loggingIn') : t('auth.login')}
</button>
</div>
)}
</form>
</div>
</div>
</div>

108
frontend/src/pages/SSOCallbackPage.tsx
View File

@@ -1,108 +0,0 @@
import React, { useEffect, useState } from 'react';
import { useNavigate, useLocation } from 'react-router-dom';
import { useTranslation } from 'react-i18next';
import { handleSSOToken, getCurrentUser } from '../services/authService';
import { useAuth } from '../contexts/AuthContext';
/**
* SSO Callback Page
* Handles the redirect from OAuth SSO callback, extracts token, and redirects to destination
*/
const SSOCallbackPage: React.FC = () => {
const { t } = useTranslation();
const navigate = useNavigate();
const location = useLocation();
const { auth } = useAuth();
const [error, setError] = useState<string | null>(null);
useEffect(() => {
const handleCallback = async () => {
const params = new URLSearchParams(location.search);
const token = params.get('token');
const returnUrl = params.get('returnUrl') || '/';
const errorParam = params.get('error');
// Handle OAuth errors
if (errorParam) {
setError(errorParam);
setTimeout(() => {
navigate('/login');
}, 3000);
return;
}
// Handle successful SSO login
if (token) {
try {
// Store the token
handleSSOToken(token);
// Verify the token by fetching current user
const response = await getCurrentUser();
if (response.success) {
// Redirect to the return URL or dashboard
if (returnUrl.startsWith('/oauth/authorize')) {
// For OAuth authorize flow, pass the token
const url = new URL(returnUrl, window.location.origin);
url.searchParams.set('token', token);
window.location.assign(`${url.pathname}${url.search}`);
} else {
navigate(returnUrl);
}
} else {
setError(t('auth.ssoTokenInvalid'));
setTimeout(() => {
navigate('/login');
}, 3000);
}
} catch (err) {
console.error('SSO callback error:', err);
setError(t('auth.ssoCallbackError'));
setTimeout(() => {
navigate('/login');
}, 3000);
}
} else {
// No token provided
setError(t('auth.ssoNoToken'));
setTimeout(() => {
navigate('/login');
}, 3000);
}
};
// Only handle callback if not already authenticated
if (!auth.isAuthenticated) {
handleCallback();
} else {
// Already authenticated, redirect to home
navigate('/');
}
}, [location.search, navigate, auth.isAuthenticated, t]);
return (
<div className="relative min-h-screen w-full overflow-hidden bg-gray-50 dark:bg-gray-950 flex items-center justify-center">
<div className="text-center">
{error ? (
<div className="space-y-4">
<div className="text-red-600 dark:text-red-400 text-lg font-medium">
{error}
</div>
<p className="text-gray-500 dark:text-gray-400 text-sm">
{t('auth.redirectingToLogin')}
</p>
</div>
) : (
<div className="space-y-4">
<div className="animate-spin rounded-full h-12 w-12 border-b-2 border-indigo-600 mx-auto"></div>
<p className="text-gray-600 dark:text-gray-300 text-lg">
{t('auth.ssoProcessing')}
</p>
</div>
)}
</div>
</div>
);
};
export default SSOCallbackPage;

79
frontend/src/pages/ServersPage.tsx
View File

@@ -8,6 +8,7 @@ import EditServerForm from '@/components/EditServerForm';
import { useServerData } from '@/hooks/useServerData';
import DxtUploadForm from '@/components/DxtUploadForm';
import JSONImportForm from '@/components/JSONImportForm';
import Pagination from '@/components/ui/Pagination';
const ServersPage: React.FC = () => {
const { t } = useTranslation();
@@ -17,6 +18,11 @@ const ServersPage: React.FC = () => {
error,
setError,
isLoading,
pagination,
currentPage,
serversPerPage,
setCurrentPage,
setServersPerPage,
handleServerAdd,
handleServerEdit,
handleServerRemove,
@@ -151,19 +157,66 @@ const ServersPage: React.FC = () => {
<p className="text-gray-600">{t('app.noServers')}</p>
</div>
) : (
<div className="space-y-6">
{servers.map((server, index) => (
<ServerCard
key={index}
server={server}
onRemove={handleServerRemove}
onEdit={handleEditClick}
onToggle={handleServerToggle}
onRefresh={triggerRefresh}
onReload={handleServerReload}
/>
))}
</div>
<>
<div className="space-y-6">
{servers.map((server, index) => (
<ServerCard
key={index}
server={server}
onRemove={handleServerRemove}
onEdit={handleEditClick}
onToggle={handleServerToggle}
onRefresh={triggerRefresh}
onReload={handleServerReload}
/>
))}
</div>
<div className="flex items-center mb-4">
<div className="flex-[2] text-sm text-gray-500">
{pagination ? (
t('common.showing', {
start: (pagination.page - 1) * pagination.limit + 1,
end: Math.min(pagination.page * pagination.limit, pagination.total),
total: pagination.total
})
) : (
t('common.showing', {
start: 1,
end: servers.length,
total: servers.length
})
)}
</div>
<div className="flex-[4] flex justify-center">
{pagination && pagination.totalPages > 1 && (
<Pagination
currentPage={currentPage}
totalPages={pagination.totalPages}
onPageChange={setCurrentPage}
disabled={isLoading}
/>
)}
</div>
<div className="flex-[2] flex items-center justify-end space-x-2">
<label htmlFor="perPage" className="text-sm text-gray-600">
{t('common.itemsPerPage')}:
</label>
<select
id="perPage"
value={serversPerPage}
onChange={(e) => setServersPerPage(Number(e.target.value))}
disabled={isLoading}
className="border rounded p-1 text-sm btn-secondary outline-none disabled:opacity-50 disabled:cursor-not-allowed"
>
<option value={5}>5</option>
<option value={10}>10</option>
<option value={20}>20</option>
<option value={50}>50</option>
</select>
</div>
</div>
</>
)}
{editingServer && (

41
frontend/src/services/authService.ts
View File

@@ -1,54 +1,15 @@
import { getBasePath } from '@/utils/runtime';
import {
AuthResponse,
LoginCredentials,
RegisterCredentials,
ChangePasswordCredentials,
SSOConfig,
} from '../types';
import { apiPost, apiGet, fetchWithInterceptors } from '../utils/fetchInterceptor';
import { apiPost, apiGet } from '../utils/fetchInterceptor';
import { getToken, setToken, removeToken } from '../utils/interceptors';
// Export token management functions
export { getToken, setToken, removeToken };
// Get SSO configuration
export const getSSOConfig = async (): Promise<SSOConfig> => {
try {
const basePath = getBasePath();
// const response = await apiGet<{ success: boolean; data: SSOConfig }>('/auth/sso/config');
const response = await fetchWithInterceptors(`${basePath}/auth/sso/config`, {
method: 'GET',
headers: {
'Content-Type': 'application/json',
},
});
if (response.ok) {
const data: { success: boolean; data: SSOConfig } = await response.json();
return data.data;
}
return { enabled: false, providers: [], allowLocalAuth: true };
} catch (error) {
console.error('Get SSO config error:', error);
return { enabled: false, providers: [], allowLocalAuth: true };
}
};
// Initiate SSO login (redirects to provider)
export const initiateSSOLogin = (providerId: string, returnUrl?: string): void => {
const basePath = import.meta.env.VITE_API_BASE_PATH || '';
let url = `${basePath}/auth/sso/${providerId}`;
if (returnUrl) {
url += `?returnUrl=${encodeURIComponent(returnUrl)}`;
}
window.location.href = url;
};
// Handle SSO callback token (called from SSO callback page)
export const handleSSOToken = (token: string): void => {
setToken(token);
};
// Login user
export const login = async (credentials: LoginCredentials): Promise<AuthResponse> => {
try {

26
frontend/src/types/index.ts
View File

@@ -105,6 +105,17 @@ export interface Prompt {
enabled?: boolean;
}
// Proxychains4 configuration for STDIO servers (Linux/macOS only)
export interface ProxychainsConfig {
enabled?: boolean; // Enable/disable proxychains4 proxy routing
type?: 'socks4' | 'socks5' | 'http'; // Proxy protocol type
host?: string; // Proxy server hostname or IP address
port?: number; // Proxy server port
username?: string; // Proxy authentication username (optional)
password?: string; // Proxy authentication password (optional)
configPath?: string; // Path to custom proxychains4 configuration file (optional)
}
// Server config types
export interface ServerConfig {
type?: 'stdio' | 'sse' | 'streamable-http' | 'openapi';
@@ -123,6 +134,8 @@ export interface ServerConfig {
resetTimeoutOnProgress?: boolean; // Reset timeout on progress notifications
maxTotalTimeout?: number; // Maximum total timeout in milliseconds
}; // MCP request options configuration
// Proxychains4 proxy configuration for STDIO servers (Linux/macOS only, Windows not supported)
proxy?: ProxychainsConfig;
// OAuth authentication for upstream MCP servers
oauth?: {
clientId?: string; // OAuth client ID
@@ -329,19 +342,6 @@ export interface IUser {
permissions?: string[];
}
// OAuth SSO types
export interface SSOProvider {
id: string;
name: string;
type: string;
}
export interface SSOConfig {
enabled: boolean;
providers: SSOProvider[];
allowLocalAuth: boolean;
}
// User management types
export interface User {
username: string;

14
locales/en.json
View File

@@ -79,15 +79,7 @@
"passwordRequireLetter": "Password must contain at least one letter",
"passwordRequireNumber": "Password must contain at least one number",
"passwordRequireSpecial": "Password must contain at least one special character",
"passwordStrengthHint": "Password must be at least 8 characters and contain letters, numbers, and special characters",
"continueWith": "Continue with {{provider}}",
"orContinueWith": "or continue with",
"noLoginMethodsAvailable": "No login methods available. Please contact your administrator.",
"ssoProcessing": "Processing login...",
"ssoTokenInvalid": "Authentication failed. Please try again.",
"ssoCallbackError": "An error occurred during authentication.",
"ssoNoToken": "No authentication token received.",
"redirectingToLogin": "Redirecting to login page..."
"passwordStrengthHint": "Password must be at least 8 characters and contain letters, numbers, and special characters"
},
"server": {
"addServer": "Add Server",
@@ -256,6 +248,10 @@
"wechat": "WeChat",
"discord": "Discord",
"required": "Required",
"itemsPerPage": "Items per page",
"showing": "Showing {{start}}-{{end}} of {{total}}",
"previous": "Previous",
"next": "Next",
"secret": "Secret",
"default": "Default",
"value": "Value",

4
locales/fr.json
View File

@@ -248,6 +248,10 @@
"github": "GitHub",
"wechat": "WeChat",
"discord": "Discord",
"itemsPerPage": "Éléments par page",
"showing": "Affichage de {{start}}-{{end}} sur {{total}}",
"previous": "Précédent",
"next": "Suivant",
"required": "Requis",
"secret": "Secret",
"default": "Défaut",

4
locales/tr.json
View File

@@ -248,6 +248,10 @@
"github": "GitHub",
"wechat": "WeChat",
"discord": "Discord",
"itemsPerPage": "Sayfa başına öğe",
"showing": "{{total}} öğeden {{start}}-{{end}} gösteriliyor",
"previous": "Önceki",
"next": "Sonraki",
"required": "Gerekli",
"secret": "Gizli",
"default": "Varsayılan",

14
locales/zh.json
View File

@@ -79,15 +79,7 @@
"passwordRequireLetter": "密码必须包含至少一个字母",
"passwordRequireNumber": "密码必须包含至少一个数字",
"passwordRequireSpecial": "密码必须包含至少一个特殊字符",
"passwordStrengthHint": "密码必须至少 8 个字符,且包含字母、数字和特殊字符",
"continueWith": "使用 {{provider}} 登录",
"orContinueWith": "或使用账号登录",
"noLoginMethodsAvailable": "没有可用的登录方式,请联系管理员。",
"ssoProcessing": "正在处理登录...",
"ssoTokenInvalid": "认证失败,请重试。",
"ssoCallbackError": "认证过程中发生错误。",
"ssoNoToken": "未收到认证令牌。",
"redirectingToLogin": "正在跳转到登录页面..."
"passwordStrengthHint": "密码必须至少 8 个字符,且包含字母、数字和特殊字符"
},
"server": {
"addServer": "添加服务器",
@@ -256,6 +248,10 @@
"dismiss": "忽略",
"github": "GitHub",
"wechat": "微信",
"itemsPerPage": "每页显示",
"showing": "显示第 {{start}}-{{end}} 条,共 {{total}} 条",
"previous": "上一页",
"next": "下一页",
"discord": "Discord",
"required": "必填",
"secret": "敏感",

28
mcp_settings.json
View File

@@ -43,34 +43,6 @@
}
],
"systemConfig": {
"oauthSSO": {
"enabled": true,
"allowLocalAuth": true,
"callbackBaseUrl": "https://your-mcphub-domain.com",
"providers": [
{
"id": "google",
"name": "Google",
"type": "google",
"clientId": "your-google-client-id",
"clientSecret": "your-google-client-secret"
},
{
"id": "github",
"name": "GitHub",
"type": "github",
"clientId": "your-github-client-id",
"clientSecret": "your-github-client-secret"
},
{
"id": "microsoft",
"name": "Microsoft",
"type": "microsoft",
"clientId": "your-microsoft-client-id",
"clientSecret": "your-microsoft-client-secret"
}
]
},
"oauthServer": {
"enabled": true,
"accessTokenLifetime": 3600,

6
package.json
View File

@@ -46,7 +46,7 @@
"license": "ISC",
"dependencies": {
"@apidevtools/swagger-parser": "^12.0.0",
"@modelcontextprotocol/sdk": "^1.20.2",
"@modelcontextprotocol/sdk": "^1.25.1",
"@node-oauth/oauth2-server": "^5.2.1",
"@types/adm-zip": "^0.5.7",
"@types/bcrypt": "^6.0.0",
@@ -57,7 +57,7 @@
"bcrypt": "^6.0.0",
"bcryptjs": "^3.0.2",
"cors": "^2.8.5",
"dotenv": "^16.6.1",
"dotenv": "^17.2.3",
"dotenv-expand": "^12.0.2",
"express": "^4.21.2",
"express-validator": "^7.3.1",
@@ -108,7 +108,7 @@
"jest-environment-node": "^30.0.5",
"jest-mock-extended": "4.0.0",
"lucide-react": "^0.552.0",
"next": "^15.5.0",
"next": "^16.1.1",
"postcss": "^8.5.6",
"prettier": "^3.6.2",
"react": "19.2.1",

425
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

171
src/controllers/oauthSSOController.ts
View File

@@ -1,171 +0,0 @@
import { Request, Response } from 'express';
import { loadSettings } from '../config/index.js';
import {
isOAuthSSOEnabled,
isLocalAuthAllowed,
getEnabledProviders,
getProviderById,
generateAuthorizationUrl,
handleOAuthCallback as handleCallback,
} from '../services/oauthSSOService.js';
/**
* Get OAuth SSO configuration for frontend
* Returns list of enabled providers and whether local auth is allowed
*/
export const getSSOConfig = async (req: Request, res: Response): Promise<void> => {
try {
const enabled = isOAuthSSOEnabled();
const providers = getEnabledProviders();
const allowLocalAuth = isLocalAuthAllowed();
res.json({
success: true,
data: {
enabled,
providers,
allowLocalAuth,
},
});
} catch (error) {
console.error('Error getting SSO config:', error);
res.status(500).json({
success: false,
message: 'Failed to get SSO configuration',
});
}
};
/**
* Initiate OAuth SSO flow for a specific provider
* Redirects user to the OAuth provider's authorization page
*/
export const initiateSSOLogin = async (req: Request, res: Response): Promise<void> => {
const { provider } = req.params;
try {
// Check if SSO is enabled
if (!isOAuthSSOEnabled()) {
res.status(400).json({
success: false,
message: 'OAuth SSO is not enabled',
});
return;
}
// Check if provider exists
const providerConfig = getProviderById(provider);
if (!providerConfig) {
res.status(404).json({
success: false,
message: `OAuth provider '${provider}' not found or disabled`,
});
return;
}
// Build redirect URI
const settings = loadSettings();
const callbackBaseUrl =
settings.systemConfig?.oauthSSO?.callbackBaseUrl || `${req.protocol}://${req.get('host')}`;
const redirectUri = `${callbackBaseUrl}/auth/sso/${provider}/callback`;
// Generate authorization URL
const result = generateAuthorizationUrl(provider, redirectUri);
if (!result) {
res.status(500).json({
success: false,
message: 'Failed to generate authorization URL',
});
return;
}
// Store the return URL in a cookie if provided (for after-login redirect)
const returnUrl = req.query.returnUrl as string;
if (returnUrl) {
res.cookie('sso_return_url', returnUrl, {
httpOnly: true,
secure: req.secure,
maxAge: 10 * 60 * 1000, // 10 minutes
sameSite: 'lax',
});
}
// Redirect to OAuth provider
res.redirect(result.url);
} catch (error) {
console.error(`Error initiating SSO login for ${provider}:`, error);
res.status(500).json({
success: false,
message: 'Failed to initiate SSO login',
});
}
};
/**
* Handle OAuth callback from provider
* Exchanges code for tokens, gets user info, creates/updates user, returns JWT
*
* Note: OAuth callback data (code, state) is received via query parameters as per OAuth 2.0 spec.
* This is secure because:
* - The authorization code is single-use and tied to a specific state
* - The state parameter prevents CSRF attacks
* - PKCE provides additional security for the token exchange
*/
export const handleSSOCallback = async (req: Request, res: Response): Promise<void> => {
const { provider } = req.params;
// lgtm[js/sensitive-get-query] - OAuth 2.0 requires code/state in query params
const { code, state, error: oauthError, error_description } = req.query;
try {
// Check for OAuth error from provider
if (oauthError) {
console.error(`OAuth SSO error from ${provider}:`, oauthError, error_description);
res.redirect(`/login?error=${encodeURIComponent(String(error_description || oauthError))}`);
return;
}
// Validate required parameters
if (!code || !state) {
res.redirect('/login?error=missing_oauth_parameters');
return;
}
// Build redirect URI (must match the one used in initiation)
const settings = loadSettings();
const callbackBaseUrl =
settings.systemConfig?.oauthSSO?.callbackBaseUrl || `${req.protocol}://${req.get('host')}`;
const redirectUri = `${callbackBaseUrl}/auth/sso/${provider}/callback`;
// Handle the callback
const result = await handleCallback(String(state), String(code), redirectUri);
if (!result.success) {
console.error(`OAuth SSO callback failed for ${provider}:`, result.error);
res.redirect(`/login?error=${encodeURIComponent(result.error || 'sso_failed')}`);
return;
}
// Get the return URL from cookie
const returnUrl = req.cookies?.sso_return_url || '/';
res.clearCookie('sso_return_url');
// Build redirect URL with token
// Note: For security, we use a short-lived token in URL and the frontend
// should immediately exchange it and store in localStorage
const redirectUrl = new URL(returnUrl, `${req.protocol}://${req.get('host')}`);
// For OAuth authorize flow, append token as query param
if (returnUrl.startsWith('/oauth/authorize')) {
redirectUrl.searchParams.set('token', result.token!);
res.redirect(redirectUrl.pathname + redirectUrl.search);
} else {
// For normal login, redirect to a special callback page that handles the token
res.redirect(
`/sso-callback?token=${encodeURIComponent(result.token!)}&returnUrl=${encodeURIComponent(returnUrl)}`,
);
}
} catch (error) {
console.error(`Error handling SSO callback for ${provider}:`, error);
res.redirect('/login?error=sso_callback_error');
}
};

61
src/controllers/serverController.ts
View File

@@ -7,6 +7,7 @@ import {
BatchCreateServersResponse,
BatchServerResult,
ServerConfig,
ServerInfo,
} from '../types/index.js';
import {
getServersInfo,
@@ -24,13 +25,66 @@ import { createSafeJSON } from '../utils/serialization.js';
import { cloneDefaultOAuthServerConfig } from '../constants/oauthServerDefaults.js';
import { getServerDao, getGroupDao, getSystemConfigDao } from '../dao/DaoFactory.js';
import { getBearerKeyDao } from '../dao/DaoFactory.js';
import { UserContextService } from '../services/userContextService.js';
export const getAllServers = async (_: Request, res: Response): Promise<void> => {
export const getAllServers = async (req: Request, res: Response): Promise<void> => {
try {
const serversInfo = await getServersInfo();
// Parse pagination parameters from query string
const page = req.query.page ? parseInt(req.query.page as string, 10) : 1;
const limit = req.query.limit ? parseInt(req.query.limit as string, 10) : undefined;
// Validate pagination parameters
if (page < 1) {
res.status(400).json({
success: false,
message: 'Page number must be greater than 0',
});
return;
}
if (limit !== undefined && (limit < 1 || limit > 1000)) {
res.status(400).json({
success: false,
message: 'Limit must be between 1 and 1000',
});
return;
}
// Get current user for filtering
const currentUser = UserContextService.getInstance().getCurrentUser();
const isAdmin = !currentUser || currentUser.isAdmin;
// Get servers info with pagination if limit is specified
let serversInfo: Omit<ServerInfo, 'client' | 'transport'>[];
let pagination = undefined;
if (limit !== undefined) {
// Use DAO layer pagination with proper filtering
const serverDao = getServerDao();
const paginatedResult = isAdmin
? await serverDao.findAllPaginated(page, limit)
: await serverDao.findByOwnerPaginated(currentUser!.username, page, limit);
// Get runtime info for paginated servers
serversInfo = await getServersInfo(page, limit, currentUser);
pagination = {
page: paginatedResult.page,
limit: paginatedResult.limit,
total: paginatedResult.total,
totalPages: paginatedResult.totalPages,
hasNextPage: paginatedResult.page < paginatedResult.totalPages,
hasPrevPage: paginatedResult.page > 1,
};
} else {
// No pagination, get all servers (will be filtered by mcpService)
serversInfo = await getServersInfo();
}
const response: ApiResponse = {
success: true,
data: createSafeJSON(serversInfo),
...(pagination && { pagination }),
};
res.json(response);
} catch (error) {
@@ -564,10 +618,9 @@ export const updateServer = async (req: Request, res: Response): Promise<void> =
});
}
} catch (error) {
console.error('Failed to update server:', error);
res.status(500).json({
success: false,
message: error instanceof Error ? error.message : 'Internal server error',
message: 'Internal server error',
});
}
};

76
src/dao/ServerDao.ts
View File

@@ -2,10 +2,31 @@ import { ServerConfig } from '../types/index.js';
import { BaseDao } from './base/BaseDao.js';
import { JsonFileBaseDao } from './base/JsonFileBaseDao.js';
/**
* Pagination result interface
*/
export interface PaginatedResult<T> {
data: T[];
total: number;
page: number;
limit: number;
totalPages: number;
}
/**
* Server DAO interface with server-specific operations
*/
export interface ServerDao extends BaseDao<ServerConfigWithName, string> {
/**
* Find all servers with pagination
*/
findAllPaginated(page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>>;
/**
* Find servers by owner with pagination
*/
findByOwnerPaginated(owner: string, page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>>;
/**
* Find servers by owner
*/
@@ -176,6 +197,61 @@ export class ServerDaoImpl extends JsonFileBaseDao implements ServerDao {
return servers.length;
}
async findAllPaginated(page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>> {
const allServers = await this.getAll();
// Sort: enabled servers first, then by creation time
const sortedServers = allServers.sort((a, b) => {
const aEnabled = a.enabled !== false;
const bEnabled = b.enabled !== false;
if (aEnabled !== bEnabled) {
return aEnabled ? -1 : 1;
}
return 0; // Keep original order for same enabled status
});
const total = sortedServers.length;
const totalPages = Math.ceil(total / limit);
const startIndex = (page - 1) * limit;
const endIndex = startIndex + limit;
const data = sortedServers.slice(startIndex, endIndex);
return {
data,
total,
page,
limit,
totalPages,
};
}
async findByOwnerPaginated(owner: string, page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>> {
const allServers = await this.getAll();
const filteredServers = allServers.filter((server) => server.owner === owner);
// Sort: enabled servers first, then by creation time
const sortedServers = filteredServers.sort((a, b) => {
const aEnabled = a.enabled !== false;
const bEnabled = b.enabled !== false;
if (aEnabled !== bEnabled) {
return aEnabled ? -1 : 1;
}
return 0; // Keep original order for same enabled status
});
const total = sortedServers.length;
const totalPages = Math.ceil(total / limit);
const startIndex = (page - 1) * limit;
const endIndex = startIndex + limit;
const data = sortedServers.slice(startIndex, endIndex);
return {
data,
total,
page,
limit,
totalPages,
};
}
async findByOwner(owner: string): Promise<ServerConfigWithName[]> {
const servers = await this.getAll();
return servers.filter((server) => server.owner === owner);

32
src/dao/ServerDaoDbImpl.ts
View File

@@ -1,4 +1,4 @@
import { ServerDao, ServerConfigWithName } from './index.js';
import { ServerDao, ServerConfigWithName, PaginatedResult } from './index.js';
import { ServerRepository } from '../db/repositories/ServerRepository.js';
/**
@@ -16,6 +16,32 @@ export class ServerDaoDbImpl implements ServerDao {
return servers.map((s) => this.mapToServerConfig(s));
}
async findAllPaginated(page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>> {
const { data, total } = await this.repository.findAllPaginated(page, limit);
const totalPages = Math.ceil(total / limit);
return {
data: data.map((s) => this.mapToServerConfig(s)),
total,
page,
limit,
totalPages,
};
}
async findByOwnerPaginated(owner: string, page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>> {
const { data, total } = await this.repository.findByOwnerPaginated(owner, page, limit);
const totalPages = Math.ceil(total / limit);
return {
data: data.map((s) => this.mapToServerConfig(s)),
total,
page,
limit,
totalPages,
};
}
async findById(name: string): Promise<ServerConfigWithName | null> {
const server = await this.repository.findByName(name);
return server ? this.mapToServerConfig(server) : null;
@@ -38,6 +64,7 @@ export class ServerDaoDbImpl implements ServerDao {
prompts: entity.prompts,
options: entity.options,
oauth: entity.oauth,
proxy: entity.proxy,
openapi: entity.openapi,
});
return this.mapToServerConfig(server);
@@ -62,6 +89,7 @@ export class ServerDaoDbImpl implements ServerDao {
prompts: entity.prompts,
options: entity.options,
oauth: entity.oauth,
proxy: entity.proxy,
openapi: entity.openapi,
});
return server ? this.mapToServerConfig(server) : null;
@@ -140,6 +168,7 @@ export class ServerDaoDbImpl implements ServerDao {
prompts?: Record<string, { enabled: boolean; description?: string }>;
options?: Record<string, any>;
oauth?: Record<string, any>;
proxy?: Record<string, any>;
openapi?: Record<string, any>;
}): ServerConfigWithName {
return {
@@ -158,6 +187,7 @@ export class ServerDaoDbImpl implements ServerDao {
prompts: server.prompts,
options: server.options,
oauth: server.oauth,
proxy: server.proxy,
openapi: server.openapi,
};
}

7
src/dao/UserDaoDbImpl.ts
View File

@@ -19,7 +19,6 @@ export class UserDaoDbImpl implements UserDao {
username: u.username,
password: u.password,
isAdmin: u.isAdmin,
oauthLinks: u.oauthLinks ?? undefined,
}));
}
@@ -30,7 +29,6 @@ export class UserDaoDbImpl implements UserDao {
username: user.username,
password: user.password,
isAdmin: user.isAdmin,
oauthLinks: user.oauthLinks ?? undefined,
};
}
@@ -43,13 +41,11 @@ export class UserDaoDbImpl implements UserDao {
username: entity.username,
password: entity.password,
isAdmin: entity.isAdmin || false,
oauthLinks: entity.oauthLinks ?? null,
});
return {
username: user.username,
password: user.password,
isAdmin: user.isAdmin,
oauthLinks: user.oauthLinks ?? undefined,
};
}
@@ -66,14 +62,12 @@ export class UserDaoDbImpl implements UserDao {
const user = await this.repository.update(username, {
password: entity.password,
isAdmin: entity.isAdmin,
oauthLinks: entity.oauthLinks ?? undefined,
});
if (!user) return null;
return {
username: user.username,
password: user.password,
isAdmin: user.isAdmin,
oauthLinks: user.oauthLinks ?? undefined,
};
}
@@ -109,7 +103,6 @@ export class UserDaoDbImpl implements UserDao {
username: u.username,
password: u.password,
isAdmin: u.isAdmin,
oauthLinks: u.oauthLinks ?? undefined,
}));
}
}

3
src/db/entities/Server.ts
View File

@@ -59,6 +59,9 @@ export class Server {
@Column({ type: 'simple-json', nullable: true })
oauth?: Record<string, any>;
@Column({ type: 'simple-json', nullable: true })
proxy?: Record<string, any>;
@Column({ type: 'simple-json', nullable: true })
openapi?: Record<string, any>;

3
src/db/entities/SystemConfig.ts
View File

@@ -30,9 +30,6 @@ export class SystemConfig {
@Column({ type: 'simple-json', nullable: true })
oauthServer?: Record<string, any>;
@Column({ type: 'simple-json', nullable: true })
oauthSSO?: Record<string, any>;
@Column({ type: 'boolean', nullable: true })
enableSessionRebuild?: boolean;

4
src/db/entities/User.ts
View File

@@ -5,7 +5,6 @@ import {
CreateDateColumn,
UpdateDateColumn,
} from 'typeorm';
import { IOAuthLink } from '../../types/index.js';
/**
* User entity for database storage
@@ -24,9 +23,6 @@ export class User {
@Column({ type: 'boolean', default: false })
isAdmin: boolean;
@Column({ type: 'simple-json', nullable: true })
oauthLinks: IOAuthLink[] | null;
@CreateDateColumn({ name: 'created_at', type: 'timestamp' })
createdAt: Date;

35
src/db/repositories/ServerRepository.ts
View File

@@ -69,6 +69,41 @@ export class ServerRepository {
return await this.repository.count();
}
/**
* Find servers with pagination
*/
async findAllPaginated(page: number, limit: number): Promise<{ data: Server[]; total: number }> {
const skip = (page - 1) * limit;
const [data, total] = await this.repository.findAndCount({
order: {
enabled: 'DESC', // Enabled servers first
createdAt: 'ASC' // Then by creation time
},
skip,
take: limit,
});
return { data, total };
}
/**
* Find servers by owner with pagination
*/
async findByOwnerPaginated(owner: string, page: number, limit: number): Promise<{ data: Server[]; total: number }> {
const skip = (page - 1) * limit;
const [data, total] = await this.repository.findAndCount({
where: { owner },
order: {
enabled: 'DESC', // Enabled servers first
createdAt: 'ASC' // Then by creation time
},
skip,
take: limit,
});
return { data, total };
}
/**
* Find servers by owner
*/

10
src/routes/index.ts
View File

@@ -66,11 +66,6 @@ import {
getRegistryServerVersion,
} from '../controllers/registryController.js';
import { login, register, getCurrentUser, changePassword } from '../controllers/authController.js';
import {
getSSOConfig,
initiateSSOLogin,
handleSSOCallback,
} from '../controllers/oauthSSOController.js';
import { getAllLogs, clearLogs, streamLogs } from '../controllers/logController.js';
import {
getRuntimeConfig,
@@ -278,11 +273,6 @@ export const initRoutes = (app: express.Application): void => {
changePassword,
);
// OAuth SSO routes (no auth required - public endpoints)
app.get(`${config.basePath}/auth/sso/config`, getSSOConfig); // Get SSO configuration for frontend
app.get(`${config.basePath}/auth/sso/:provider`, initiateSSOLogin); // Initiate SSO login
app.get(`${config.basePath}/auth/sso/:provider/callback`, handleSSOCallback); // Handle OAuth callback
// Runtime configuration endpoint (no auth required for frontend initialization)
app.get(`${config.basePath}/config`, getRuntimeConfig);

209
src/services/mcpService.ts
View File

@@ -1,4 +1,6 @@
import os from 'os';
import path from 'path';
import fs from 'fs';
import { Server } from '@modelcontextprotocol/sdk/server/index.js';
import {
CallToolRequestSchema,
@@ -15,7 +17,7 @@ import {
StreamableHTTPClientTransportOptions,
} from '@modelcontextprotocol/sdk/client/streamableHttp.js';
import { createFetchWithProxy, getProxyConfigFromEnv } from './proxy.js';
import { ServerInfo, ServerConfig, Tool } from '../types/index.js';
import { ServerInfo, ServerConfig, Tool, ProxychainsConfig } from '../types/index.js';
import { expandEnvVars, replaceEnvVars, getNameSeparator } from '../config/index.js';
import config from '../config/index.js';
import { getGroup } from './sseService.js';
@@ -32,6 +34,150 @@ const servers: { [sessionId: string]: Server } = {};
import { setupClientKeepAlive } from './keepAliveService.js';
/**
* Check if proxychains4 is available on the system (Linux/macOS only).
* Returns the path to proxychains4 if found, null otherwise.
*/
const findProxychains4 = (): string | null => {
// Windows is not supported
if (process.platform === 'win32') {
return null;
}
// Common proxychains4 binary paths
const possiblePaths = [
'/usr/bin/proxychains4',
'/usr/local/bin/proxychains4',
'/opt/homebrew/bin/proxychains4', // macOS Homebrew ARM
'/usr/local/Cellar/proxychains-ng/*/bin/proxychains4', // macOS Homebrew Intel
];
for (const p of possiblePaths) {
if (fs.existsSync(p)) {
return p;
}
}
// Try to find in PATH
const pathEnv = process.env.PATH || '';
const pathDirs = pathEnv.split(path.delimiter);
for (const dir of pathDirs) {
const fullPath = path.join(dir, 'proxychains4');
if (fs.existsSync(fullPath)) {
return fullPath;
}
}
return null;
};
/**
* Generate a temporary proxychains4 configuration file.
* Returns the path to the generated config file.
*/
const generateProxychainsConfig = (
serverName: string,
proxyConfig: ProxychainsConfig,
): string | null => {
// If a custom config path is provided, use it directly
if (proxyConfig.configPath) {
if (fs.existsSync(proxyConfig.configPath)) {
return proxyConfig.configPath;
}
console.warn(
`[${serverName}] Custom proxychains config not found: ${proxyConfig.configPath}`,
);
return null;
}
// Validate required fields
if (!proxyConfig.host || !proxyConfig.port) {
console.warn(`[${serverName}] Proxy host and port are required for proxychains4`);
return null;
}
const proxyType = proxyConfig.type || 'socks5';
const proxyLine = proxyConfig.username && proxyConfig.password
? `${proxyType} ${proxyConfig.host} ${proxyConfig.port} ${proxyConfig.username} ${proxyConfig.password}`
: `${proxyType} ${proxyConfig.host} ${proxyConfig.port}`;
const configContent = `# Proxychains4 configuration for MCP server: ${serverName}
# Generated by MCPHub
strict_chain
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
${proxyLine}
`;
// Create temp directory if needed
const tempDir = path.join(os.tmpdir(), 'mcphub-proxychains');
if (!fs.existsSync(tempDir)) {
fs.mkdirSync(tempDir, { recursive: true });
}
// Write config file
const configPath = path.join(tempDir, `${serverName.replace(/[^a-zA-Z0-9-_]/g, '_')}.conf`);
fs.writeFileSync(configPath, configContent, 'utf-8');
console.log(`[${serverName}] Generated proxychains4 config: ${configPath}`);
return configPath;
};
/**
* Wrap a command with proxychains4 if proxy is configured and available.
* Returns modified command and args if proxychains4 is used, original values otherwise.
*/
const wrapWithProxychains = (
serverName: string,
command: string,
args: string[],
proxyConfig?: ProxychainsConfig,
): { command: string; args: string[] } => {
// Skip if proxy is not enabled or not configured
if (!proxyConfig?.enabled) {
return { command, args };
}
// Check platform - Windows is not supported
if (process.platform === 'win32') {
console.warn(
`[${serverName}] proxychains4 proxy is not supported on Windows, ignoring proxy configuration`,
);
return { command, args };
}
// Find proxychains4 binary
const proxychains4Path = findProxychains4();
if (!proxychains4Path) {
console.warn(
`[${serverName}] proxychains4 not found on system, install it with: apt install proxychains4 (Debian/Ubuntu) or brew install proxychains-ng (macOS)`,
);
return { command, args };
}
// Generate or get config file
const configPath = generateProxychainsConfig(serverName, proxyConfig);
if (!configPath) {
console.warn(`[${serverName}] Failed to setup proxychains4 configuration, skipping proxy`);
return { command, args };
}
// Wrap command with proxychains4
console.log(
`[${serverName}] Using proxychains4 proxy: ${proxyConfig.type || 'socks5'}://${proxyConfig.host}:${proxyConfig.port}`,
);
return {
command: proxychains4Path,
args: ['-f', configPath, command, ...args],
};
};
export const initUpstreamServers = async (): Promise<void> => {
// Initialize OAuth clients for servers with dynamic registration
await initializeAllOAuthClients();
@@ -209,11 +355,19 @@ export const createTransportFromConfig = async (name: string, conf: ServerConfig
env['npm_config_registry'] = systemConfig.install.npmRegistry;
}
// Expand environment variables in command
// Apply proxychains4 wrapper if proxy is configured (Linux/macOS only)
const { command: finalCommand, args: finalArgs } = wrapWithProxychains(
name,
conf.command,
replaceEnvVars(conf.args) as string[],
conf.proxy,
);
// Create STDIO transport with potentially wrapped command
transport = new StdioClientTransport({
cwd: os.homedir(),
command: conf.command,
args: replaceEnvVars(conf.args) as string[],
command: finalCommand,
args: finalArgs,
env: env,
stderr: 'pipe',
});
@@ -618,9 +772,19 @@ export const registerAllTools = async (isInit: boolean, serverName?: string): Pr
};
// Get all server information
export const getServersInfo = async (): Promise<Omit<ServerInfo, 'client' | 'transport'>[]> => {
const allServers: ServerConfigWithName[] = await getServerDao().findAll();
export const getServersInfo = async (
page?: number,
limit?: number,
user?: any,
): Promise<Omit<ServerInfo, 'client' | 'transport'>[]> => {
const dataService = getDataService();
// Get paginated or all server configurations from DAO
// If pagination is used with a non-admin user, filtering is already done at DAO level
const isPaginated = limit !== undefined && page !== undefined;
const allServers: ServerConfigWithName[] = isPaginated
? (await getServerDao().findAllPaginated(page, limit)).data
: await getServerDao().findAll();
// Ensure that servers recently added via DAO but not yet initialized in serverInfos
// are still visible in the servers list. This avoids a race condition where
@@ -629,10 +793,19 @@ export const getServersInfo = async (): Promise<Omit<ServerInfo, 'client' | 'tra
const combinedServerInfos: ServerInfo[] = [...serverInfos];
const existingNames = new Set(combinedServerInfos.map((s) => s.name));
// Create a set of server names we're interested in (for pagination)
const requestedServerNames = new Set(allServers.map((s) => s.name));
// Filter serverInfos to only include requested servers if pagination is used
const filteredServerInfos = isPaginated
? combinedServerInfos.filter((s) => requestedServerNames.has(s.name))
: combinedServerInfos;
// Add servers from DAO that don't have runtime info yet
for (const server of allServers) {
if (!existingNames.has(server.name)) {
const isEnabled = server.enabled === undefined ? true : server.enabled;
combinedServerInfos.push({
filteredServerInfos.push({
name: server.name,
owner: server.owner,
// Newly created servers that are enabled should appear as "connecting"
@@ -648,12 +821,16 @@ export const getServersInfo = async (): Promise<Omit<ServerInfo, 'client' | 'tra
}
}
const filterServerInfos: ServerInfo[] = dataService.filterData
? dataService.filterData(combinedServerInfos)
: combinedServerInfos;
// Apply user filtering only when NOT using pagination (pagination already filtered at DAO level)
// Or when no pagination parameters provided (backward compatibility)
const shouldApplyUserFilter = !isPaginated;
const filterServerInfos: ServerInfo[] = shouldApplyUserFilter && dataService.filterData
? dataService.filterData(filteredServerInfos, user)
: filteredServerInfos;
const infos = filterServerInfos.map(
({ name, status, tools, prompts, createTime, error, oauth }) => {
const infos = filterServerInfos
.filter((info) => requestedServerNames.has(info.name)) // Only include requested servers
.map(({ name, status, tools, prompts, createTime, error, oauth }) => {
const serverConfig = allServers.find((server) => server.name === name);
const enabled = serverConfig ? serverConfig.enabled !== false : true;
@@ -692,12 +869,8 @@ export const getServersInfo = async (): Promise<Omit<ServerInfo, 'client' | 'tra
}
: undefined,
};
},
);
infos.sort((a, b) => {
if (a.enabled === b.enabled) return 0;
return a.enabled ? -1 : 1;
});
});
// Sorting is now handled at DAO layer for consistent pagination results
return infos;
};

600
src/services/oauthSSOService.ts
View File

@@ -1,600 +0,0 @@
import jwt from 'jsonwebtoken';
import crypto from 'crypto';
import { loadSettings } from '../config/index.js';
import { JWT_SECRET } from '../config/jwt.js';
import { OAuthSSOConfig, OAuthSSOProvider, IUser, IOAuthLink } from '../types/index.js';
import { getUserDao } from '../dao/index.js';
import { getDataService } from './services.js';
// Built-in provider configurations for Google, GitHub, Microsoft
const BUILTIN_PROVIDERS: Record<string, Omit<OAuthSSOProvider, 'clientId' | 'clientSecret' | 'id' | 'name'>> = {
google: {
type: 'google',
issuerUrl: 'https://accounts.google.com',
authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
tokenUrl: 'https://oauth2.googleapis.com/token',
userInfoUrl: 'https://openidconnect.googleapis.com/v1/userinfo',
scopes: ['openid', 'email', 'profile'],
attributeMapping: {
username: 'email',
email: 'email',
name: 'name',
},
},
github: {
type: 'github',
authorizationUrl: 'https://github.com/login/oauth/authorize',
tokenUrl: 'https://github.com/login/oauth/access_token',
userInfoUrl: 'https://api.github.com/user',
scopes: ['read:user', 'user:email'],
attributeMapping: {
username: 'login',
email: 'email',
name: 'name',
},
},
microsoft: {
type: 'microsoft',
issuerUrl: 'https://login.microsoftonline.com/common/v2.0',
authorizationUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
tokenUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
userInfoUrl: 'https://graph.microsoft.com/oidc/userinfo',
scopes: ['openid', 'email', 'profile'],
attributeMapping: {
username: 'email',
email: 'email',
name: 'name',
},
},
};
// In-memory store for OAuth state (should be replaced with Redis/DB in production)
const pendingStates = new Map<string, { provider: string; expiresAt: number; codeVerifier?: string }>();
// JWT token expiry for SSO logins
const TOKEN_EXPIRY = '24h';
/**
* Get OAuth SSO configuration from settings
*/
export function getOAuthSSOConfig(): OAuthSSOConfig | undefined {
const settings = loadSettings();
return settings.systemConfig?.oauthSSO;
}
/**
* Check if OAuth SSO is enabled
*/
export function isOAuthSSOEnabled(): boolean {
const config = getOAuthSSOConfig();
return config?.enabled === true && (config.providers?.length ?? 0) > 0;
}
/**
* Check if local authentication is allowed alongside SSO
*/
export function isLocalAuthAllowed(): boolean {
const config = getOAuthSSOConfig();
// Default to true - allow local auth unless explicitly disabled
return config?.allowLocalAuth !== false;
}
/**
* Get list of enabled SSO providers for frontend display
*/
export function getEnabledProviders(): Array<{ id: string; name: string; type: string }> {
const config = getOAuthSSOConfig();
if (!config?.enabled || !config.providers) {
return [];
}
return config.providers
.filter((p) => p.enabled !== false)
.map((p) => ({
id: p.id,
name: p.name,
type: p.type,
}));
}
/**
* Get provider configuration by ID
*/
export function getProviderById(providerId: string): OAuthSSOProvider | undefined {
const config = getOAuthSSOConfig();
if (!config?.enabled || !config.providers) {
return undefined;
}
return config.providers.find((p) => p.id === providerId && p.enabled !== false);
}
/**
* Generate PKCE code verifier and challenge
*/
function generatePKCE(): { codeVerifier: string; codeChallenge: string } {
const codeVerifier = crypto.randomBytes(32).toString('base64url');
const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url');
return { codeVerifier, codeChallenge };
}
/**
* Build the complete provider configuration (merge with built-in defaults)
*/
function buildProviderConfig(provider: OAuthSSOProvider): OAuthSSOProvider {
const builtin = BUILTIN_PROVIDERS[provider.type];
if (builtin && provider.type !== 'oidc') {
return {
...builtin,
...provider,
scopes: provider.scopes ?? builtin.scopes,
attributeMapping: { ...builtin.attributeMapping, ...provider.attributeMapping },
};
}
return provider;
}
/**
* Generate OAuth authorization URL for a provider
*/
export function generateAuthorizationUrl(
providerId: string,
redirectUri: string,
): { url: string; state: string } | null {
const provider = getProviderById(providerId);
if (!provider) {
return null;
}
const config = buildProviderConfig(provider);
const authUrl = config.authorizationUrl;
if (!authUrl) {
console.error(`OAuth SSO: No authorization URL configured for provider ${providerId}`);
return null;
}
// Generate state and PKCE
const state = crypto.randomBytes(16).toString('hex');
const { codeVerifier, codeChallenge } = generatePKCE();
// Store state for validation (expires in 10 minutes)
pendingStates.set(state, {
provider: providerId,
expiresAt: Date.now() + 10 * 60 * 1000,
codeVerifier,
});
// Clean up expired states periodically
cleanupExpiredStates();
// Build authorization URL
const url = new URL(authUrl);
url.searchParams.set('client_id', config.clientId);
url.searchParams.set('redirect_uri', redirectUri);
url.searchParams.set('response_type', 'code');
url.searchParams.set('state', state);
// Add scopes
const scopes = config.scopes ?? ['openid', 'email', 'profile'];
url.searchParams.set('scope', scopes.join(' '));
// Add PKCE if not GitHub (GitHub doesn't support PKCE)
if (config.type !== 'github') {
url.searchParams.set('code_challenge', codeChallenge);
url.searchParams.set('code_challenge_method', 'S256');
}
return { url: url.toString(), state };
}
/**
* Cleanup expired OAuth states
*/
function cleanupExpiredStates(): void {
const now = Date.now();
for (const [state, data] of pendingStates.entries()) {
if (data.expiresAt < now) {
pendingStates.delete(state);
}
}
}
/**
* Validate OAuth state and get stored data
*/
function validateState(state: string): { provider: string; codeVerifier?: string } | null {
const data = pendingStates.get(state);
if (!data) {
return null;
}
// Remove state to prevent replay
pendingStates.delete(state);
// Check expiration
if (data.expiresAt < Date.now()) {
return null;
}
return { provider: data.provider, codeVerifier: data.codeVerifier };
}
/**
* Exchange authorization code for tokens
*/
async function exchangeCodeForTokens(
provider: OAuthSSOProvider,
code: string,
redirectUri: string,
codeVerifier?: string,
): Promise<{ accessToken: string; idToken?: string } | null> {
const config = buildProviderConfig(provider);
const tokenUrl = config.tokenUrl;
if (!tokenUrl) {
console.error(`OAuth SSO: No token URL configured for provider ${provider.id}`);
return null;
}
const params = new URLSearchParams();
params.set('grant_type', 'authorization_code');
params.set('code', code);
params.set('redirect_uri', redirectUri);
params.set('client_id', config.clientId);
params.set('client_secret', config.clientSecret);
// Add PKCE verifier if available (not for GitHub)
if (codeVerifier && config.type !== 'github') {
params.set('code_verifier', codeVerifier);
}
try {
const response = await fetch(tokenUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
Accept: 'application/json',
},
body: params.toString(),
});
if (!response.ok) {
const errorText = await response.text();
console.error(`OAuth SSO: Token exchange failed for ${provider.id}:`, errorText);
return null;
}
const data = await response.json();
return {
accessToken: data.access_token,
idToken: data.id_token,
};
} catch (error) {
console.error(`OAuth SSO: Token exchange error for ${provider.id}:`, error);
return null;
}
}
/**
* Get user info from the OAuth provider
*/
async function getUserInfo(
provider: OAuthSSOProvider,
accessToken: string,
): Promise<Record<string, unknown> | null> {
const config = buildProviderConfig(provider);
const userInfoUrl = config.userInfoUrl;
if (!userInfoUrl) {
console.error(`OAuth SSO: No userinfo URL configured for provider ${provider.id}`);
return null;
}
try {
const response = await fetch(userInfoUrl, {
headers: {
Authorization: `Bearer ${accessToken}`,
Accept: 'application/json',
},
});
if (!response.ok) {
const errorText = await response.text();
console.error(`OAuth SSO: UserInfo request failed for ${provider.id}:`, errorText);
return null;
}
return await response.json();
} catch (error) {
console.error(`OAuth SSO: UserInfo error for ${provider.id}:`, error);
return null;
}
}
/**
* For GitHub, we need to make a separate request to get email if not public
*/
async function getGitHubEmail(accessToken: string): Promise<string | null> {
try {
const response = await fetch('https://api.github.com/user/emails', {
headers: {
Authorization: `Bearer ${accessToken}`,
Accept: 'application/json',
},
});
if (!response.ok) {
return null;
}
const emails = (await response.json()) as Array<{ email: string; primary: boolean; verified: boolean }>;
const primaryEmail = emails.find((e) => e.primary && e.verified);
return primaryEmail?.email ?? emails[0]?.email ?? null;
} catch {
return null;
}
}
/**
* Extract user attributes from provider userinfo based on attribute mapping
*/
function extractUserAttributes(
provider: OAuthSSOProvider,
userInfo: Record<string, unknown>,
): { providerId: string; username: string; email?: string; name?: string } {
const config = buildProviderConfig(provider);
const mapping = config.attributeMapping ?? {};
// Get provider user ID
let providerId: string;
if (provider.type === 'github') {
providerId = String(userInfo.id);
} else {
providerId = String(userInfo.sub ?? userInfo.id);
}
// Get username
const usernameField = mapping.username ?? 'email';
let username = String(userInfo[usernameField] ?? '');
if (!username && userInfo.email) {
username = String(userInfo.email);
}
// Get email
const emailField = mapping.email ?? 'email';
const email = userInfo[emailField] ? String(userInfo[emailField]) : undefined;
// Get display name
const nameField = mapping.name ?? 'name';
const name = userInfo[nameField] ? String(userInfo[nameField]) : undefined;
return { providerId, username, email, name };
}
/**
* Determine if user should be admin based on role mapping
*/
function determineAdminStatus(provider: OAuthSSOProvider, userInfo: Record<string, unknown>): boolean {
const config = buildProviderConfig(provider);
const roleMapping = config.roleMapping;
if (!roleMapping) {
return false;
}
// Check if admin claim is configured
if (roleMapping.adminClaim && roleMapping.adminValues?.length) {
const claimValue = userInfo[roleMapping.adminClaim];
if (claimValue) {
// Handle both single value and array claims
const values = Array.isArray(claimValue) ? claimValue : [claimValue];
for (const value of values) {
if (roleMapping.adminValues.includes(String(value))) {
return true;
}
}
}
}
return roleMapping.defaultIsAdmin ?? false;
}
/**
* Handle OAuth callback - exchange code, get user info, create/update user, return JWT
*/
export async function handleOAuthCallback(
state: string,
code: string,
redirectUri: string,
): Promise<{
success: boolean;
token?: string;
user?: { username: string; isAdmin: boolean; permissions?: string[] };
error?: string;
}> {
// Validate state
const stateData = validateState(state);
if (!stateData) {
return { success: false, error: 'Invalid or expired OAuth state' };
}
// Get provider
const provider = getProviderById(stateData.provider);
if (!provider) {
return { success: false, error: 'OAuth provider not found or disabled' };
}
// Exchange code for tokens
const tokens = await exchangeCodeForTokens(provider, code, redirectUri, stateData.codeVerifier);
if (!tokens) {
return { success: false, error: 'Failed to exchange authorization code for tokens' };
}
// Get user info
let userInfo = await getUserInfo(provider, tokens.accessToken);
if (!userInfo) {
return { success: false, error: 'Failed to get user information from provider' };
}
// For GitHub, get email separately if not in userinfo
if (provider.type === 'github' && !userInfo.email) {
const email = await getGitHubEmail(tokens.accessToken);
if (email) {
userInfo = { ...userInfo, email };
}
}
// Extract user attributes
const { providerId, username, email, name } = extractUserAttributes(provider, userInfo);
if (!username) {
return { success: false, error: 'Could not determine username from OAuth provider' };
}
// Determine admin status
const isAdmin = determineAdminStatus(provider, userInfo);
// Find or create user
const userDao = getUserDao();
const config = buildProviderConfig(provider);
// First, try to find user by OAuth link
let user = await findUserByOAuthLink(provider.id, providerId);
if (!user) {
// Try to find by username (for linking existing accounts)
user = await userDao.findByUsername(username);
if (user) {
// Existing user found - link their account if allowed
if (config.allowLinking !== false) {
const oauthLink: IOAuthLink = {
provider: provider.id,
providerId,
email,
name,
linkedAt: new Date().toISOString(),
};
user = await linkOAuthAccount(user.username, oauthLink);
}
} else if (config.autoProvision !== false) {
// Auto-provision new user
try {
// Generate a random secure password (user won't need it with SSO)
const randomPassword = crypto.randomBytes(32).toString('hex');
user = await userDao.createWithHashedPassword(username, randomPassword, isAdmin);
// Link OAuth account
const oauthLink: IOAuthLink = {
provider: provider.id,
providerId,
email,
name,
linkedAt: new Date().toISOString(),
};
user = await linkOAuthAccount(username, oauthLink);
console.log(`OAuth SSO: Auto-provisioned user ${username} via ${provider.id}`);
} catch (error) {
console.error(`OAuth SSO: Failed to create user ${username}:`, error);
return { success: false, error: 'Failed to create user account' };
}
} else {
return { success: false, error: 'User account not found and auto-provisioning is disabled' };
}
}
if (!user) {
return { success: false, error: 'Failed to find or create user account' };
}
// Generate JWT token
const payload = {
user: {
username: user.username,
isAdmin: user.isAdmin || false,
},
};
return new Promise((resolve) => {
jwt.sign(payload, JWT_SECRET, { expiresIn: TOKEN_EXPIRY }, (err, token) => {
if (err || !token) {
console.error('OAuth SSO: Failed to generate JWT:', err);
resolve({ success: false, error: 'Failed to generate authentication token' });
return;
}
const dataService = getDataService();
resolve({
success: true,
token,
user: {
username: user!.username,
isAdmin: user!.isAdmin || false,
permissions: dataService.getPermissions(user!),
},
});
});
});
}
/**
* Find user by OAuth link
*/
async function findUserByOAuthLink(providerId: string, providerUserId: string): Promise<IUser | null> {
const userDao = getUserDao();
const users = await userDao.findAll();
for (const user of users) {
if (user.oauthLinks?.some((link) => link.provider === providerId && link.providerId === providerUserId)) {
return user;
}
}
return null;
}
/**
* Link OAuth account to existing user
*/
async function linkOAuthAccount(username: string, oauthLink: IOAuthLink): Promise<IUser | null> {
const userDao = getUserDao();
const user = await userDao.findByUsername(username);
if (!user) {
return null;
}
// Add or update OAuth link
const existingLinks = user.oauthLinks ?? [];
const linkIndex = existingLinks.findIndex((l) => l.provider === oauthLink.provider);
if (linkIndex >= 0) {
existingLinks[linkIndex] = oauthLink;
} else {
existingLinks.push(oauthLink);
}
return await userDao.update(username, { oauthLinks: existingLinks });
}
/**
* Unlink OAuth account from user
*/
export async function unlinkOAuthAccount(username: string, providerId: string): Promise<IUser | null> {
const userDao = getUserDao();
const user = await userDao.findByUsername(username);
if (!user || !user.oauthLinks) {
return null;
}
const updatedLinks = user.oauthLinks.filter((l) => l.provider !== providerId);
return await userDao.update(username, { oauthLinks: updatedLinks });
}
/**
* Get OAuth links for a user
*/
export async function getUserOAuthLinks(username: string): Promise<IOAuthLink[]> {
const userDao = getUserDao();
const user = await userDao.findByUsername(username);
return user?.oauthLinks ?? [];
}

73
src/types/index.ts
View File

@@ -5,21 +5,11 @@ import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/
import { RequestOptions } from '@modelcontextprotocol/sdk/shared/protocol.js';
import { SmartRoutingConfig } from '../utils/smartRouting.js';
// OAuth SSO linked account information
export interface IOAuthLink {
provider: string; // Provider ID (e.g., 'google', 'github', 'microsoft', or custom OIDC provider name)
providerId: string; // User ID from the OAuth provider
email?: string; // Email from the OAuth provider
name?: string; // Display name from the OAuth provider
linkedAt?: string; // ISO timestamp when the account was linked
}
// User interface
export interface IUser {
username: string;
password: string;
isAdmin?: boolean;
oauthLinks?: IOAuthLink[]; // Linked OAuth accounts for SSO
}
// Group interface for server grouping
@@ -159,55 +149,6 @@ export interface OAuthProviderConfig {
}>;
}
// OAuth SSO Provider Configuration for external identity providers (Google, Microsoft, GitHub, custom OIDC)
export interface OAuthSSOProvider {
id: string; // Unique identifier for this provider (e.g., 'google', 'github', 'microsoft', 'custom-oidc')
name: string; // Display name shown on login page (e.g., 'Google', 'GitHub')
enabled?: boolean; // Enable/disable this provider (default: true)
type: 'google' | 'github' | 'microsoft' | 'oidc'; // Provider type for built-in or custom OIDC
// OAuth/OIDC endpoints (required for 'oidc' type, auto-discovered for built-in types)
issuerUrl?: string; // OIDC issuer URL for discovery (e.g., 'https://accounts.google.com')
authorizationUrl?: string; // OAuth authorization endpoint
tokenUrl?: string; // OAuth token endpoint
userInfoUrl?: string; // OIDC userinfo endpoint
// Client credentials
clientId: string; // OAuth client ID from the provider
clientSecret: string; // OAuth client secret from the provider
// Scope configuration
scopes?: string[]; // Scopes to request (default: ['openid', 'email', 'profile'])
// Role/admin mapping configuration
roleMapping?: {
// Map provider claims/groups to MCPHub admin role
adminClaim?: string; // Claim name to check for admin status (e.g., 'groups', 'roles')
adminValues?: string[]; // Values that grant admin access (e.g., ['admin', 'mcphub-admin'])
// Default role for new users (if not matched by adminValues)
defaultIsAdmin?: boolean; // Default admin status for auto-provisioned users (default: false)
};
// User attribute mapping (for custom OIDC providers)
attributeMapping?: {
username?: string; // Claim to use as username (default: 'email' or 'preferred_username')
email?: string; // Claim to use as email (default: 'email')
name?: string; // Claim to use as display name (default: 'name')
};
// Auto-provisioning settings
autoProvision?: boolean; // Auto-create users on first SSO login (default: true)
allowLinking?: boolean; // Allow existing users to link their accounts (default: true)
}
// OAuth SSO Configuration (stored in systemConfig.oauthSSO)
export interface OAuthSSOConfig {
enabled?: boolean; // Enable/disable SSO functionality globally (default: false)
providers?: OAuthSSOProvider[]; // Array of configured SSO providers
callbackBaseUrl?: string; // Base URL for OAuth callbacks (auto-detected if not set)
allowLocalAuth?: boolean; // Allow local username/password auth alongside SSO (default: true)
}
export interface SystemConfig {
routing?: {
enableGlobalRoute?: boolean; // Controls whether the /sse endpoint without group is enabled
@@ -231,7 +172,6 @@ export interface SystemConfig {
nameSeparator?: string; // Separator used between server name and tool/prompt name (default: '-')
oauth?: OAuthProviderConfig; // OAuth provider configuration for upstream MCP servers
oauthServer?: OAuthServerConfig; // OAuth authorization server configuration for MCPHub itself
oauthSSO?: OAuthSSOConfig; // OAuth SSO configuration for external identity providers (Google, Microsoft, GitHub, OIDC)
enableSessionRebuild?: boolean; // Controls whether server session rebuild is enabled
}
@@ -330,6 +270,17 @@ export interface McpSettings {
bearerKeys?: BearerKey[]; // Bearer authentication keys (multi-key configuration)
}
// Proxychains4 configuration for STDIO servers (Linux/macOS only)
export interface ProxychainsConfig {
enabled?: boolean; // Enable/disable proxychains4 proxy routing
type?: 'socks4' | 'socks5' | 'http'; // Proxy protocol type
host?: string; // Proxy server hostname or IP address
port?: number; // Proxy server port
username?: string; // Proxy authentication username (optional)
password?: string; // Proxy authentication password (optional)
configPath?: string; // Path to custom proxychains4 configuration file (optional, overrides above settings)
}
// Configuration details for an individual server
export interface ServerConfig {
type?: 'stdio' | 'sse' | 'streamable-http' | 'openapi'; // Type of server
@@ -345,6 +296,8 @@ export interface ServerConfig {
tools?: Record<string, { enabled: boolean; description?: string }>; // Tool-specific configurations with enable/disable state and custom descriptions
prompts?: Record<string, { enabled: boolean; description?: string }>; // Prompt-specific configurations with enable/disable state and custom descriptions
options?: Partial<Pick<RequestOptions, 'timeout' | 'resetTimeoutOnProgress' | 'maxTotalTimeout'>>; // MCP request options configuration
// Proxychains4 proxy configuration for STDIO servers (Linux/macOS only, Windows not supported)
proxy?: ProxychainsConfig;
// OAuth authentication for upstream MCP servers
oauth?: {
// Static client configuration (traditional OAuth flow)

1
src/utils/migration.ts
View File

@@ -46,7 +46,6 @@ export async function migrateToDatabase(): Promise<boolean> {
username: user.username,
password: user.password,
isAdmin: user.isAdmin || false,
oauthLinks: user.oauthLinks ?? null,
});
console.log(` - Created user: ${user.username}`);
} else {

2
src/utils/smartRouting.ts
View File

@@ -17,7 +17,7 @@ export interface SmartRoutingConfig {
*
* Priority order for each setting:
* 1. Specific environment variables (ENABLE_SMART_ROUTING, SMART_ROUTING_ENABLED, etc.)
* 2. Generic environment variables (OPENAI_API_KEY, DATABASE_URL, etc.)
* 2. Generic environment variables (OPENAI_API_KEY, DB_URL, etc.)
* 3. Settings configuration (systemConfig.smartRouting)
* 4. Default values
*

393
tests/services/oauthSSOService.test.ts
View File

@@ -1,393 +0,0 @@
// Tests for OAuth SSO Service
import {
isOAuthSSOEnabled,
isLocalAuthAllowed,
getEnabledProviders,
getProviderById,
generateAuthorizationUrl,
} from '../../src/services/oauthSSOService.js';
// Mock the config loading
jest.mock('../../src/config/index.js', () => ({
loadSettings: jest.fn(),
}));
import { loadSettings } from '../../src/config/index.js';
const mockLoadSettings = loadSettings as jest.MockedFunction<typeof loadSettings>;
describe('OAuth SSO Service', () => {
beforeEach(() => {
jest.clearAllMocks();
});
describe('isOAuthSSOEnabled', () => {
it('should return false when oauthSSO is not configured', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {},
});
expect(isOAuthSSOEnabled()).toBe(false);
});
it('should return false when oauthSSO.enabled is false', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: false,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
expect(isOAuthSSOEnabled()).toBe(false);
});
it('should return false when no providers are configured', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [],
},
},
});
expect(isOAuthSSOEnabled()).toBe(false);
});
it('should return true when enabled and providers exist', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
expect(isOAuthSSOEnabled()).toBe(true);
});
});
describe('isLocalAuthAllowed', () => {
it('should return true by default when not configured', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {},
});
expect(isLocalAuthAllowed()).toBe(true);
});
it('should return true when allowLocalAuth is not explicitly set', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [],
},
},
});
expect(isLocalAuthAllowed()).toBe(true);
});
it('should return false when allowLocalAuth is false', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
allowLocalAuth: false,
providers: [],
},
},
});
expect(isLocalAuthAllowed()).toBe(false);
});
it('should return true when allowLocalAuth is true', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
allowLocalAuth: true,
providers: [],
},
},
});
expect(isLocalAuthAllowed()).toBe(true);
});
});
describe('getEnabledProviders', () => {
it('should return empty array when SSO is not enabled', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {},
});
expect(getEnabledProviders()).toEqual([]);
});
it('should return only enabled providers', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
enabled: true,
},
{
id: 'github',
name: 'GitHub',
type: 'github',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
enabled: false,
},
{
id: 'microsoft',
name: 'Microsoft',
type: 'microsoft',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
// enabled is undefined, defaults to true
},
],
},
},
});
const providers = getEnabledProviders();
expect(providers).toHaveLength(2);
expect(providers[0]).toEqual({ id: 'google', name: 'Google', type: 'google' });
expect(providers[1]).toEqual({ id: 'microsoft', name: 'Microsoft', type: 'microsoft' });
});
});
describe('getProviderById', () => {
it('should return undefined when provider not found', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
expect(getProviderById('github')).toBeUndefined();
});
it('should return undefined when provider is disabled', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
enabled: false,
},
],
},
},
});
expect(getProviderById('google')).toBeUndefined();
});
it('should return provider when found and enabled', () => {
const provider = {
id: 'google',
name: 'Google',
type: 'google' as const,
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
};
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [provider],
},
},
});
expect(getProviderById('google')).toEqual(provider);
});
});
describe('generateAuthorizationUrl', () => {
it('should return null when provider not found', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [],
},
},
});
expect(generateAuthorizationUrl('google', 'http://localhost/callback')).toBeNull();
});
it('should generate authorization URL for Google provider', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
const result = generateAuthorizationUrl('google', 'http://localhost/callback');
expect(result).not.toBeNull();
expect(result!.url).toContain('https://accounts.google.com/o/oauth2/v2/auth');
expect(result!.url).toContain('client_id=test-client-id');
expect(result!.url).toContain('redirect_uri=http%3A%2F%2Flocalhost%2Fcallback');
expect(result!.url).toContain('response_type=code');
expect(result!.url).toContain('scope=openid+email+profile');
expect(result!.url).toContain('code_challenge=');
expect(result!.state).toBeDefined();
});
it('should generate authorization URL for GitHub provider without PKCE', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'github',
name: 'GitHub',
type: 'github',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
const result = generateAuthorizationUrl('github', 'http://localhost/callback');
expect(result).not.toBeNull();
expect(result!.url).toContain('https://github.com/login/oauth/authorize');
expect(result!.url).not.toContain('code_challenge=');
expect(result!.state).toBeDefined();
});
it('should generate authorization URL for Microsoft provider', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'microsoft',
name: 'Microsoft',
type: 'microsoft',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
const result = generateAuthorizationUrl('microsoft', 'http://localhost/callback');
expect(result).not.toBeNull();
expect(result!.url).toContain('https://login.microsoftonline.com/common/oauth2/v2.0/authorize');
expect(result!.url).toContain('code_challenge=');
expect(result!.state).toBeDefined();
});
it('should include custom scopes when configured', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
scopes: ['custom-scope', 'another-scope'],
},
],
},
},
});
const result = generateAuthorizationUrl('google', 'http://localhost/callback');
expect(result).not.toBeNull();
expect(result!.url).toContain('scope=custom-scope+another-scope');
});
});
});

4
tests/setup.ts
View File

@@ -5,7 +5,7 @@ import 'reflect-metadata';
Object.assign(process.env, {
NODE_ENV: 'test',
JWT_SECRET: 'test-jwt-secret-key',
DATABASE_URL: 'sqlite::memory:',
DB_URL: 'sqlite::memory:',
});
// Mock moduleDir to avoid import.meta parsing issues in Jest
@@ -40,7 +40,7 @@ expect.extend({
};
}
},
toBeValidUUID(received: any) {
const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
const pass = typeof received === 'string' && uuidRegex.test(received);