mirrors/mcphub
1
0
Fork 0
mirror of https://github.com/samanhappy/mcphub.git synced 2026-01-04 21:58:42 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:v0.11.11
Branches Tags
mirrors:main mirrors:copilot/add-oauth-oidc-support mirrors:copilot/add-activity-log-page mirrors:copilot/add-oauth2-oidc-login-support mirrors:copilot/implement-compression-mechanism mirrors:copilot/set-nonstream-response mirrors:copilot/fix-access-token-refresh-issue mirrors:copilot/fix-json-schema-export-import mirrors:cluster mirrors:copilot/upgrade-glob-to-10-5-0 mirrors:copilot/fix-password-change-issue mirrors:copilot/fix-servers-page-description mirrors:copilot/fix-path-matching-issue mirrors:copilot/fix-security-dependency-issue mirrors:copilot/fix-excessive-api-calls mirrors:copilot/create-authentication-bypass-tests mirrors:copilot/fix-authentication-bypass-issue mirrors:copilot/fix-login-issue-with-base-path mirrors:copilot/fix-2755122-957825149-90b80786-8395-4845-bd6d-1c18c49b8c86 mirrors:copilot/fix-mcp-pdf-reader-error mirrors:copilot/add-one-click-install-button mirrors:copilot/fix-server-status-update mirrors:copilot/fix-jira-cloud-connection mirrors:copilot/add-cluster-functionality mirrors:codex/implement-cluster-functionality-for-mcphub mirrors:copilot/fix-playwright-parallel-execution mirrors:copilot/fix-group-adding-issue
mirrors:v0.11.11 mirrors:v0.11.10 mirrors:v0.11.9 mirrors:v0.11.8 mirrors:v0.11.7 mirrors:v0.11.6 mirrors:v0.11.5 mirrors:v0.11.4 mirrors:v0.11.3 mirrors:v0.11.2 mirrors:v0.11.1 mirrors:v0.11.0 mirrors:v0.10.6 mirrors:v0.10.5 mirrors:v0.10.4 mirrors:v0.10.3 mirrors:v0.10.2 mirrors:v0.10.1 mirrors:v0.10.0 mirrors:v0.9.16 mirrors:v0.9.15 mirrors:v0.9.14 mirrors:v0.9.13 mirrors:v0.9.12 mirrors:v0.9.11 mirrors:v0.9.10 mirrors:v0.9.9 mirrors:v0.9.8 mirrors:v0.9.7 mirrors:v0.9.6 mirrors:v0.9.5 mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.7 mirrors:v0.8.6 mirrors:v0.8.5 mirrors:v0.8.4 mirrors:v0.8.3 mirrors:v0.8.2 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.7 mirrors:v0.7.6 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.3 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.2 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.4 mirrors:v0.5.3 mirrors:v0.5.2 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.3 mirrors:v0.4.2 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.8 mirrors:v0.3.7 mirrors:v0.3.6 mirrors:v0.3.5 mirrors:v0.3.4 mirrors:v0.3.3 mirrors:v0.3.2 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.0 mirrors:v0.1.1 mirrors:v0.1.0
..
compare: mirrors:copilot/add-oauth-oidc-support
Branches Tags
mirrors:main mirrors:copilot/add-oauth-oidc-support mirrors:copilot/add-activity-log-page mirrors:copilot/add-oauth2-oidc-login-support mirrors:copilot/implement-compression-mechanism mirrors:copilot/set-nonstream-response mirrors:copilot/fix-access-token-refresh-issue mirrors:copilot/fix-json-schema-export-import mirrors:cluster mirrors:copilot/upgrade-glob-to-10-5-0 mirrors:copilot/fix-password-change-issue mirrors:copilot/fix-servers-page-description mirrors:copilot/fix-path-matching-issue mirrors:copilot/fix-security-dependency-issue mirrors:copilot/fix-excessive-api-calls mirrors:copilot/create-authentication-bypass-tests mirrors:copilot/fix-authentication-bypass-issue mirrors:copilot/fix-login-issue-with-base-path mirrors:copilot/fix-2755122-957825149-90b80786-8395-4845-bd6d-1c18c49b8c86 mirrors:copilot/fix-mcp-pdf-reader-error mirrors:copilot/add-one-click-install-button mirrors:copilot/fix-server-status-update mirrors:copilot/fix-jira-cloud-connection mirrors:copilot/add-cluster-functionality mirrors:codex/implement-cluster-functionality-for-mcphub mirrors:copilot/fix-playwright-parallel-execution mirrors:copilot/fix-group-adding-issue
mirrors:v0.11.11 mirrors:v0.11.10 mirrors:v0.11.9 mirrors:v0.11.8 mirrors:v0.11.7 mirrors:v0.11.6 mirrors:v0.11.5 mirrors:v0.11.4 mirrors:v0.11.3 mirrors:v0.11.2 mirrors:v0.11.1 mirrors:v0.11.0 mirrors:v0.10.6 mirrors:v0.10.5 mirrors:v0.10.4 mirrors:v0.10.3 mirrors:v0.10.2 mirrors:v0.10.1 mirrors:v0.10.0 mirrors:v0.9.16 mirrors:v0.9.15 mirrors:v0.9.14 mirrors:v0.9.13 mirrors:v0.9.12 mirrors:v0.9.11 mirrors:v0.9.10 mirrors:v0.9.9 mirrors:v0.9.8 mirrors:v0.9.7 mirrors:v0.9.6 mirrors:v0.9.5 mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.7 mirrors:v0.8.6 mirrors:v0.8.5 mirrors:v0.8.4 mirrors:v0.8.3 mirrors:v0.8.2 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.7 mirrors:v0.7.6 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.3 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.2 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.4 mirrors:v0.5.3 mirrors:v0.5.2 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.3 mirrors:v0.4.2 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.8 mirrors:v0.3.7 mirrors:v0.3.6 mirrors:v0.3.5 mirrors:v0.3.4 mirrors:v0.3.3 mirrors:v0.3.2 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.0 mirrors:v0.1.1 mirrors:v0.1.0

4 Commits
v0.11.11 ... copilot/ad

Author SHA1 Message Date
samanhappy
fb1f670d88 feat: Implement OAuth 2.0 / OIDC SSO support with configuration and routing updates 2026-01-01 13:20:39 +08:00
copilot-swe-agent[bot]
93f4861953 fix: Address code review feedback and add SSO documentation 
- Remove duplicate route registration
- Fix return type for OAuth callback handler
- Add OAuth SSO configuration documentation
- Add security comments for OAuth query parameters

Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>
 2025-12-31 15:16:19 +00:00
copilot-swe-agent[bot]
4721146e8a feat: Add OAuth 2.0 / OIDC SSO login support 
- Add OAuth SSO type definitions (OAuthSSOProvider, OAuthSSOConfig, IOAuthLink)
- Add oauthSSO field to SystemConfig for provider configuration
- Update IUser interface to support OAuth-linked accounts
- Create OAuth SSO service with provider management and token exchange
- Add SSO controller with login initiation and callback handling
- Update frontend login page with SSO provider buttons
- Add SSOCallbackPage for handling OAuth redirects
- Update database entities and DAOs for OAuth link storage
- Add i18n translations for SSO-related UI elements
- Add comprehensive unit tests for OAuth SSO service

Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>
 2025-12-31 15:08:10 +00:00
copilot-swe-agent[bot]
53d3545f60 Initial plan 2025-12-31 14:51:49 +00:00
51 changed files with 2350 additions and 1279 deletions
Expand all files Collapse all files

2
.github/workflows/ci.yml vendored
View File

@@ -106,7 +106,7 @@ jobs:
# - name: Run integration tests # - name: Run integration tests
# run: | # run: |
# export DB_URL="postgresql://postgres:postgres@localhost:5432/mcphub_test" # export DATABASE_URL="postgresql://postgres:postgres@localhost:5432/mcphub_test"
# node test-integration.ts # node test-integration.ts
# env: # env:
# NODE_ENV: test # NODE_ENV: test

6
docs/configuration/docker-setup.mdx
View File

@@ -106,7 +106,7 @@ services:
- NODE_ENV=production - NODE_ENV=production
- PORT=3000 - PORT=3000
- JWT_SECRET=${JWT_SECRET:-your-jwt-secret} - JWT_SECRET=${JWT_SECRET:-your-jwt-secret}
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub - DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
volumes: volumes:
- ./mcp_settings.json:/app/mcp_settings.json:ro - ./mcp_settings.json:/app/mcp_settings.json:ro
- ./servers.json:/app/servers.json:ro - ./servers.json:/app/servers.json:ro
@@ -180,7 +180,7 @@ services:
- PORT=3000 - PORT=3000
- JWT_SECRET=${JWT_SECRET} - JWT_SECRET=${JWT_SECRET}
- JWT_EXPIRES_IN=${JWT_EXPIRES_IN:-24h} - JWT_EXPIRES_IN=${JWT_EXPIRES_IN:-24h}
- DB_URL=postgresql://mcphub:${POSTGRES_PASSWORD}@postgres:5432/mcphub - DATABASE_URL=postgresql://mcphub:${POSTGRES_PASSWORD}@postgres:5432/mcphub
- OPENAI_API_KEY=${OPENAI_API_KEY} - OPENAI_API_KEY=${OPENAI_API_KEY}
- REDIS_URL=redis://redis:6379 - REDIS_URL=redis://redis:6379
volumes: volumes:
@@ -293,7 +293,7 @@ services:
environment: environment:
- NODE_ENV=development - NODE_ENV=development
- PORT=3000 - PORT=3000
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub - DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
volumes: volumes:
- .:/app - .:/app
- /app/node_modules - /app/node_modules

86
docs/configuration/mcp-settings.mdx
View File

@@ -259,92 +259,6 @@ MCPHub supports environment variable substitution using `${VAR_NAME}` syntax:
} }
``` ```
### Proxy Configuration (proxychains4)
MCPHub supports routing STDIO server network traffic through a proxy using **proxychains4**. This feature is available on **Linux and macOS only** (Windows is not supported).
<Note>
To use this feature, you must have `proxychains4` installed on your system:
- **Debian/Ubuntu**: `apt install proxychains4`
- **macOS**: `brew install proxychains-ng`
- **Arch Linux**: `pacman -S proxychains-ng`
</Note>
#### Basic Proxy Configuration
```json
{
"mcpServers": {
"fetch-via-proxy": {
"command": "uvx",
"args": ["mcp-server-fetch"],
"proxy": {
"enabled": true,
"type": "socks5",
"host": "127.0.0.1",
"port": 1080
}
}
}
}
```
#### Proxy Configuration Options
| Field | Type | Default | Description |
| ------------ | ------- | --------- | ------------------------------------------------ |
| `enabled` | boolean | `false` | Enable/disable proxy routing |
| `type` | string | `socks5` | Proxy protocol: `socks4`, `socks5`, or `http` |
| `host` | string | - | Proxy server hostname or IP address |
| `port` | number | - | Proxy server port |
| `username` | string | - | Proxy authentication username (optional) |
| `password` | string | - | Proxy authentication password (optional) |
| `configPath` | string | - | Path to custom proxychains4 config file |
#### Proxy with Authentication
```json
{
"mcpServers": {
"secure-server": {
"command": "npx",
"args": ["-y", "@example/mcp-server"],
"proxy": {
"enabled": true,
"type": "http",
"host": "proxy.example.com",
"port": 8080,
"username": "${PROXY_USER}",
"password": "${PROXY_PASSWORD}"
}
}
}
}
```
#### Using Custom proxychains4 Configuration
For advanced use cases, you can provide your own proxychains4 configuration file:
```json
{
"mcpServers": {
"custom-proxy-server": {
"command": "python",
"args": ["-m", "custom_mcp_server"],
"proxy": {
"enabled": true,
"configPath": "/etc/proxychains4/custom.conf"
}
}
}
}
```
<Tip>
When `configPath` is specified, all other proxy settings (`type`, `host`, `port`, etc.) are ignored, and the custom configuration file is used directly.
</Tip>
{/* ### Custom Server Scripts {/* ### Custom Server Scripts
#### Local Python Server #### Local Python Server

218
docs/configuration/oauth-sso.mdx Normal file
View File

@@ -0,0 +1,218 @@
---
title: OAuth SSO Configuration
description: Configure OAuth 2.0 / OIDC Single Sign-On for MCPHub
---
# OAuth SSO Configuration
MCPHub supports OAuth 2.0 / OIDC Single Sign-On (SSO) for enterprise authentication, allowing users to log in using their existing identity provider accounts (Google, Microsoft, GitHub, or custom OIDC providers).
## Overview
SSO support allows:
- Login via major providers (Google, Microsoft, GitHub)
- Custom OIDC provider integration
- Auto-provisioning of new users from OAuth profiles
- Role mapping from provider claims/groups
- Hybrid auth (both SSO and local username/password)
## Configuration
Add the `oauthSSO` section to your `mcp_settings.json` under `systemConfig`:
```json
{
"systemConfig": {
"oauthSSO": {
"enabled": true,
"allowLocalAuth": true,
"callbackBaseUrl": "https://your-mcphub-domain.com",
"providers": [
{
"id": "google",
"name": "Google",
"type": "google",
"clientId": "your-google-client-id",
"clientSecret": "your-google-client-secret"
},
{
"id": "github",
"name": "GitHub",
"type": "github",
"clientId": "your-github-client-id",
"clientSecret": "your-github-client-secret"
},
{
"id": "microsoft",
"name": "Microsoft",
"type": "microsoft",
"clientId": "your-microsoft-client-id",
"clientSecret": "your-microsoft-client-secret"
}
]
}
}
}
```
## Provider Configuration
### Google
1. Go to [Google Cloud Console](https://console.cloud.google.com/)
2. Create a new project or select existing one
3. Navigate to "APIs & Services" → "Credentials"
4. Create OAuth 2.0 Client ID (Web application)
5. Add authorized redirect URI: `https://your-domain/auth/sso/google/callback`
6. Copy Client ID and Client Secret
```json
{
"id": "google",
"name": "Google",
"type": "google",
"clientId": "YOUR_GOOGLE_CLIENT_ID.apps.googleusercontent.com",
"clientSecret": "YOUR_GOOGLE_CLIENT_SECRET"
}
```
### GitHub
1. Go to [GitHub Developer Settings](https://github.com/settings/developers)
2. Click "New OAuth App"
3. Set Authorization callback URL: `https://your-domain/auth/sso/github/callback`
4. Copy Client ID and generate Client Secret
```json
{
"id": "github",
"name": "GitHub",
"type": "github",
"clientId": "YOUR_GITHUB_CLIENT_ID",
"clientSecret": "YOUR_GITHUB_CLIENT_SECRET"
}
```
### Microsoft (Azure AD)
1. Go to [Azure Portal](https://portal.azure.com/) → Azure Active Directory
2. Navigate to "App registrations" → "New registration"
3. Add redirect URI: `https://your-domain/auth/sso/microsoft/callback`
4. Under "Certificates & secrets", create a new client secret
5. Copy Application (client) ID and client secret value
```json
{
"id": "microsoft",
"name": "Microsoft",
"type": "microsoft",
"clientId": "YOUR_AZURE_CLIENT_ID",
"clientSecret": "YOUR_AZURE_CLIENT_SECRET"
}
```
### Custom OIDC Provider
For other OIDC-compatible identity providers:
```json
{
"id": "custom-idp",
"name": "Corporate SSO",
"type": "oidc",
"issuerUrl": "https://idp.example.com",
"authorizationUrl": "https://idp.example.com/oauth2/authorize",
"tokenUrl": "https://idp.example.com/oauth2/token",
"userInfoUrl": "https://idp.example.com/oauth2/userinfo",
"clientId": "YOUR_CLIENT_ID",
"clientSecret": "YOUR_CLIENT_SECRET",
"scopes": ["openid", "email", "profile"],
"attributeMapping": {
"username": "preferred_username",
"email": "email",
"name": "name"
}
}
```
## Role Mapping
Configure automatic admin role assignment based on provider claims:
```json
{
"id": "google",
"name": "Google",
"type": "google",
"clientId": "...",
"clientSecret": "...",
"roleMapping": {
"adminClaim": "groups",
"adminValues": ["mcphub-admins", "engineering-leads"],
"defaultIsAdmin": false
}
}
```
This configuration:
- Checks the `groups` claim in the user's profile
- Grants admin access if any value matches `mcphub-admins` or `engineering-leads`
- Non-matching users get regular (non-admin) access
## Configuration Options
### Global Options
| Option | Type | Default | Description |
|--------|------|---------|-------------|
| `enabled` | boolean | `false` | Enable/disable SSO globally |
| `allowLocalAuth` | boolean | `true` | Allow local username/password auth alongside SSO |
| `callbackBaseUrl` | string | auto-detected | Base URL for OAuth callbacks |
### Provider Options
| Option | Type | Required | Description |
|--------|------|----------|-------------|
| `id` | string | Yes | Unique identifier for the provider |
| `name` | string | Yes | Display name shown on login page |
| `type` | string | Yes | Provider type: `google`, `github`, `microsoft`, or `oidc` |
| `clientId` | string | Yes | OAuth client ID from the provider |
| `clientSecret` | string | Yes | OAuth client secret from the provider |
| `enabled` | boolean | No | Enable/disable this specific provider (default: true) |
| `scopes` | string[] | No | OAuth scopes to request |
| `autoProvision` | boolean | No | Auto-create users on first SSO login (default: true) |
| `allowLinking` | boolean | No | Allow existing users to link their accounts (default: true) |
### Custom OIDC Options (type: "oidc")
| Option | Type | Required | Description |
|--------|------|----------|-------------|
| `issuerUrl` | string | No | OIDC issuer URL for discovery |
| `authorizationUrl` | string | Yes | OAuth authorization endpoint |
| `tokenUrl` | string | Yes | OAuth token endpoint |
| `userInfoUrl` | string | Yes | OIDC userinfo endpoint |
| `attributeMapping` | object | No | Map provider claims to user attributes |
## Security Notes
1. **PKCE Support**: MCPHub uses PKCE (Proof Key for Code Exchange) for all providers except GitHub (which doesn't support it)
2. **State Parameter**: A cryptographically random state is generated for each login to prevent CSRF attacks
3. **Token Storage**: OAuth tokens from providers are not stored; only MCPHub's JWT is issued after successful authentication
4. **Rate Limiting**: Consider implementing rate limiting at infrastructure level (reverse proxy) for SSO endpoints
## Troubleshooting
### Common Issues
1. **"OAuth provider not found"**: Check that the provider is enabled and configured correctly
2. **"Invalid or expired OAuth state"**: The login attempt took too long (>10 minutes) or was a replay attack
3. **"Could not determine username"**: The provider didn't return expected user attributes; check `attributeMapping`
4. **"User account not found and auto-provisioning is disabled"**: Set `autoProvision: true` or pre-create the user
### Debug Mode
Enable debug logging by setting the `DEBUG` environment variable:
```bash
DEBUG=oauth* node dist/index.js
```

2
docs/development/getting-started.mdx
View File

@@ -47,7 +47,7 @@ PORT=3000
NODE_ENV=development NODE_ENV=development
# Database Configuration # Database Configuration
DB_URL=postgresql://username:password@localhost:5432/mcphub DATABASE_URL=postgresql://username:password@localhost:5432/mcphub
# JWT Configuration # JWT Configuration
JWT_SECRET=your-secret-key JWT_SECRET=your-secret-key

16
docs/features/smart-routing.mdx
View File

@@ -69,7 +69,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
ports: ports:
- "3000:3000" - "3000:3000"
environment: environment:
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub - DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
- OPENAI_API_KEY=your_openai_api_key - OPENAI_API_KEY=your_openai_api_key
- ENABLE_SMART_ROUTING=true - ENABLE_SMART_ROUTING=true
depends_on: depends_on:
@@ -114,7 +114,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
2. **Set Environment Variables**: 2. **Set Environment Variables**:
```bash ```bash
export DB_URL="postgresql://mcphub:your_password@localhost:5432/mcphub" export DATABASE_URL="postgresql://mcphub:your_password@localhost:5432/mcphub"
export OPENAI_API_KEY="your_openai_api_key" export OPENAI_API_KEY="your_openai_api_key"
export ENABLE_SMART_ROUTING="true" export ENABLE_SMART_ROUTING="true"
``` ```
@@ -178,7 +178,7 @@ Smart Routing requires additional setup compared to basic MCPHub usage:
- name: mcphub - name: mcphub
image: samanhappy/mcphub:latest image: samanhappy/mcphub:latest
env: env:
- name: DB_URL - name: DATABASE_URL
value: "postgresql://mcphub:password@postgres:5432/mcphub" value: "postgresql://mcphub:password@postgres:5432/mcphub"
- name: OPENAI_API_KEY - name: OPENAI_API_KEY
valueFrom: valueFrom:
@@ -202,7 +202,7 @@ Configure Smart Routing with these environment variables:
```bash ```bash
# Required # Required
DB_URL=postgresql://user:password@host:5432/database DATABASE_URL=postgresql://user:password@host:5432/database
OPENAI_API_KEY=your_openai_api_key OPENAI_API_KEY=your_openai_api_key
# Optional # Optional
@@ -219,10 +219,10 @@ EMBEDDING_BATCH_SIZE=100
<Accordion title="Database Configuration"> <Accordion title="Database Configuration">
```bash ```bash
# Full PostgreSQL connection string # Full PostgreSQL connection string
DB_URL=postgresql://username:password@host:port/database?schema=public DATABASE_URL=postgresql://username:password@host:port/database?schema=public
# SSL configuration for cloud databases # SSL configuration for cloud databases
DB_URL=postgresql://user:pass@host:5432/db?sslmode=require DATABASE_URL=postgresql://user:pass@host:5432/db?sslmode=require
# Connection pool settings # Connection pool settings
DATABASE_POOL_SIZE=20 DATABASE_POOL_SIZE=20
@@ -673,11 +673,11 @@ curl -X POST http://localhost:3000/api/smart-routing/feedback \
**Solutions:** **Solutions:**
1. Verify PostgreSQL is running 1. Verify PostgreSQL is running
2. Check DB_URL format 2. Check DATABASE_URL format
3. Ensure pgvector extension is installed 3. Ensure pgvector extension is installed
4. Test connection manually: 4. Test connection manually:
```bash ```bash
psql $DB_URL -c "SELECT 1;" psql $DATABASE_URL -c "SELECT 1;"
``` ```
</Accordion> </Accordion>

6
docs/installation.mdx
View File

@@ -445,7 +445,7 @@ Set the following environment variables:
```bash ```bash
# Database connection # Database connection
DB_URL=postgresql://mcphub:your_password@localhost:5432/mcphub DATABASE_URL=postgresql://mcphub:your_password@localhost:5432/mcphub
# OpenAI API for embeddings # OpenAI API for embeddings
OPENAI_API_KEY=your_openai_api_key OPENAI_API_KEY=your_openai_api_key
@@ -563,10 +563,10 @@ curl -X POST http://localhost:3000/mcp \
**Database connection failed:** **Database connection failed:**
```bash ```bash
# Test database connection # Test database connection
psql $DB_URL -c "SELECT 1;" psql $DATABASE_URL -c "SELECT 1;"
# Check if pgvector is installed # Check if pgvector is installed
psql $DB_URL -c "CREATE EXTENSION IF NOT EXISTS vector;" psql $DATABASE_URL -c "CREATE EXTENSION IF NOT EXISTS vector;"
``` ```
**Embedding service errors:** **Embedding service errors:**

6
docs/zh/configuration/docker-setup.mdx
View File

@@ -106,7 +106,7 @@ services:
- NODE_ENV=production - NODE_ENV=production
- PORT=3000 - PORT=3000
- JWT_SECRET=${JWT_SECRET:-your-jwt-secret} - JWT_SECRET=${JWT_SECRET:-your-jwt-secret}
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub - DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
volumes: volumes:
- ./mcp_settings.json:/app/mcp_settings.json:ro - ./mcp_settings.json:/app/mcp_settings.json:ro
- ./servers.json:/app/servers.json:ro - ./servers.json:/app/servers.json:ro
@@ -180,7 +180,7 @@ services:
- PORT=3000 - PORT=3000
- JWT_SECRET=${JWT_SECRET} - JWT_SECRET=${JWT_SECRET}
- JWT_EXPIRES_IN=${JWT_EXPIRES_IN:-24h} - JWT_EXPIRES_IN=${JWT_EXPIRES_IN:-24h}
- DB_URL=postgresql://mcphub:${POSTGRES_PASSWORD}@postgres:5432/mcphub - DATABASE_URL=postgresql://mcphub:${POSTGRES_PASSWORD}@postgres:5432/mcphub
- OPENAI_API_KEY=${OPENAI_API_KEY} - OPENAI_API_KEY=${OPENAI_API_KEY}
- REDIS_URL=redis://redis:6379 - REDIS_URL=redis://redis:6379
volumes: volumes:
@@ -293,7 +293,7 @@ services:
environment: environment:
- NODE_ENV=development - NODE_ENV=development
- PORT=3000 - PORT=3000
- DB_URL=postgresql://mcphub:password@postgres:5432/mcphub - DATABASE_URL=postgresql://mcphub:password@postgres:5432/mcphub
volumes: volumes:
- .:/app - .:/app
- /app/node_modules - /app/node_modules

2
docs/zh/configuration/mcp-settings.mdx
View File

@@ -290,7 +290,7 @@ MCPHub 支持使用 `${VAR_NAME}` 语法进行环境变量替换:
"command": "python", "command": "python",
"args": ["-m", "db_server"], "args": ["-m", "db_server"],
"env": { "env": {
"DB_URL": "${NODE_ENV:development == 'production' ? DB_URL : DEV_DB_URL}" "DB_URL": "${NODE_ENV:development == 'production' ? DATABASE_URL : DEV_DATABASE_URL}"
} }
} }
} }

2
docs/zh/development/getting-started.mdx
View File

@@ -47,7 +47,7 @@ PORT=3000
NODE_ENV=development NODE_ENV=development
# 数据库配置 # 数据库配置
DB_URL=postgresql://username:password@localhost:5432/mcphub DATABASE_URL=postgresql://username:password@localhost:5432/mcphub
# JWT 配置 # JWT 配置
JWT_SECRET=your-secret-key JWT_SECRET=your-secret-key

4
docs/zh/essentials/code.mdx
View File

@@ -480,7 +480,7 @@ docker run -d \
--name mcphub \ --name mcphub \
-p 3000:3000 \ -p 3000:3000 \
-e NODE_ENV=production \ -e NODE_ENV=production \
-e DB_URL=postgresql://user:pass@host:5432/mcphub \ -e DATABASE_URL=postgresql://user:pass@host:5432/mcphub \
-e JWT_SECRET=your-secret-key \ -e JWT_SECRET=your-secret-key \
mcphub/server:latest mcphub/server:latest
@@ -504,7 +504,7 @@ docker run -d \
--name mcphub \ --name mcphub \
-p 3000:3000 \ -p 3000:3000 \
-e NODE_ENV=production \ -e NODE_ENV=production \
-e DB_URL=postgresql://user:pass@host:5432/mcphub \ -e DATABASE_URL=postgresql://user:pass@host:5432/mcphub \
-e JWT_SECRET=your-secret-key \ -e JWT_SECRET=your-secret-key \
mcphub/server:latest mcphub/server:latest

4
docs/zh/essentials/markdown.mdx
View File

@@ -159,7 +159,7 @@ services:
- '3000:3000' - '3000:3000'
environment: environment:
- NODE_ENV=production - NODE_ENV=production
- DB_URL=postgresql://user:pass@db:5432/mcphub - DATABASE_URL=postgresql://user:pass@db:5432/mcphub
``` ```
```` ````
@@ -172,7 +172,7 @@ services:
- '3000:3000' - '3000:3000'
environment: environment:
- NODE_ENV=production - NODE_ENV=production
- DB_URL=postgresql://user:pass@db:5432/mcphub - DATABASE_URL=postgresql://user:pass@db:5432/mcphub
``` ```
### 终端命令 ### 终端命令

4
docs/zh/features/smart-routing.mdx
View File

@@ -245,11 +245,11 @@ curl -X POST http://localhost:3000/api/smart-routing/feedback \
**解决方案:** **解决方案:**
1. 验证 PostgreSQL 是否正在运行 1. 验证 PostgreSQL 是否正在运行
2. 检查 DB_URL 格式 2. 检查 DATABASE_URL 格式
3. 确保安装了 pgvector 扩展 3. 确保安装了 pgvector 扩展
4. 手动测试连接: 4. 手动测试连接:
```bash ```bash
psql $DB_URL -c "SELECT 1;" psql $DATABASE_URL -c "SELECT 1;"
``` ```
</Accordion> </Accordion>

6
docs/zh/installation.mdx
View File

@@ -420,7 +420,7 @@ description: '各种平台的详细安装说明'
```bash ```bash
# 数据库连接 # 数据库连接
DB_URL=postgresql://mcphub:your_password@localhost:5432/mcphub DATABASE_URL=postgresql://mcphub:your_password@localhost:5432/mcphub
# 用于嵌入的 OpenAI API # 用于嵌入的 OpenAI API
OPENAI_API_KEY=your_openai_api_key OPENAI_API_KEY=your_openai_api_key
@@ -538,10 +538,10 @@ curl -X POST http://localhost:3000/mcp \
**数据库连接失败:** **数据库连接失败:**
```bash ```bash
# 测试数据库连接 # 测试数据库连接
psql $DB_URL -c "SELECT 1;" psql $DATABASE_URL -c "SELECT 1;"
# 检查是否安装了 pgvector # 检查是否安装了 pgvector
psql $DB_URL -c "CREATE EXTENSION IF NOT EXISTS vector;" psql $DATABASE_URL -c "CREATE EXTENSION IF NOT EXISTS vector;"
``` ```
**嵌入服务错误:** **嵌入服务错误:**

48
examples/mcp_settings_with_env_vars.json
View File

@@ -28,48 +28,7 @@
"env": { "env": {
"API_KEY": "${MY_API_KEY}", "API_KEY": "${MY_API_KEY}",
"DEBUG": "${DEBUG_MODE}", "DEBUG": "${DEBUG_MODE}",
"DB_URL": "${DB_URL}" "DATABASE_URL": "${DATABASE_URL}"
}
},
"example-stdio-with-proxy": {
"type": "stdio",
"command": "uvx",
"args": [
"mcp-server-fetch"
],
"proxy": {
"enabled": true,
"type": "socks5",
"host": "${PROXY_HOST}",
"port": 1080
}
},
"example-stdio-with-auth-proxy": {
"type": "stdio",
"command": "npx",
"args": [
"-y",
"@example/mcp-server"
],
"proxy": {
"enabled": true,
"type": "http",
"host": "${HTTP_PROXY_HOST}",
"port": 8080,
"username": "${PROXY_USERNAME}",
"password": "${PROXY_PASSWORD}"
}
},
"example-stdio-with-custom-proxy-config": {
"type": "stdio",
"command": "python",
"args": [
"-m",
"custom_mcp_server"
],
"proxy": {
"enabled": true,
"configPath": "/etc/proxychains4/custom.conf"
} }
}, },
"example-openapi-server": { "example-openapi-server": {
@@ -96,10 +55,7 @@
"clientId": "${OAUTH_CLIENT_ID}", "clientId": "${OAUTH_CLIENT_ID}",
"clientSecret": "${OAUTH_CLIENT_SECRET}", "clientSecret": "${OAUTH_CLIENT_SECRET}",
"accessToken": "${OAUTH_ACCESS_TOKEN}", "accessToken": "${OAUTH_ACCESS_TOKEN}",
"scopes": [ "scopes": ["read", "write"]
"read",
"write"
]
} }
} }
}, },

2
frontend/src/App.tsx
View File

@@ -8,6 +8,7 @@ import { SettingsProvider } from './contexts/SettingsContext';
import MainLayout from './layouts/MainLayout'; import MainLayout from './layouts/MainLayout';
import ProtectedRoute from './components/ProtectedRoute'; import ProtectedRoute from './components/ProtectedRoute';
import LoginPage from './pages/LoginPage'; import LoginPage from './pages/LoginPage';
import SSOCallbackPage from './pages/SSOCallbackPage';
import DashboardPage from './pages/Dashboard'; import DashboardPage from './pages/Dashboard';
import ServersPage from './pages/ServersPage'; import ServersPage from './pages/ServersPage';
import GroupsPage from './pages/GroupsPage'; import GroupsPage from './pages/GroupsPage';
@@ -35,6 +36,7 @@ function App() {
<Routes> <Routes>
{/* 公共路由 */} {/* 公共路由 */}
<Route path="/login" element={<LoginPage />} /> <Route path="/login" element={<LoginPage />} />
<Route path="/sso-callback" element={<SSOCallbackPage />} />
{/* 受保护的路由,使用 MainLayout 作为布局容器 */} {/* 受保护的路由,使用 MainLayout 作为布局容器 */}
<Route element={<ProtectedRoute />}> <Route element={<ProtectedRoute />}>

192
frontend/src/components/GroupCard.tsx
View File

@@ -1,103 +1,99 @@
import { useState, useRef, useEffect } from 'react'; import { useState, useRef, useEffect } from 'react'
import { useTranslation } from 'react-i18next'; import { useTranslation } from 'react-i18next'
import { Group, Server, IGroupServerConfig } from '@/types'; import { Group, Server, IGroupServerConfig } from '@/types'
import { import { Edit, Trash, Copy, Check, Link, FileCode, DropdownIcon, Wrench } from '@/components/icons/LucideIcons'
Edit, import DeleteDialog from '@/components/ui/DeleteDialog'
Trash, import { useToast } from '@/contexts/ToastContext'
Copy, import { useSettingsData } from '@/hooks/useSettingsData'
Check,
Link,
FileCode,
DropdownIcon,
Wrench,
} from '@/components/icons/LucideIcons';
import DeleteDialog from '@/components/ui/DeleteDialog';
import { useToast } from '@/contexts/ToastContext';
import { useSettingsData } from '@/hooks/useSettingsData';
interface GroupCardProps { interface GroupCardProps {
group: Group; group: Group
servers: Server[]; servers: Server[]
onEdit: (group: Group) => void; onEdit: (group: Group) => void
onDelete: (groupId: string) => void; onDelete: (groupId: string) => void
} }
const GroupCard = ({ group, servers, onEdit, onDelete }: GroupCardProps) => { const GroupCard = ({
const { t } = useTranslation(); group,
const { showToast } = useToast(); servers,
const { installConfig } = useSettingsData(); onEdit,
const [showDeleteDialog, setShowDeleteDialog] = useState(false); onDelete
const [copied, setCopied] = useState(false); }: GroupCardProps) => {
const [showCopyDropdown, setShowCopyDropdown] = useState(false); const { t } = useTranslation()
const [expandedServer, setExpandedServer] = useState<string | null>(null); const { showToast } = useToast()
const dropdownRef = useRef<HTMLDivElement>(null); const { installConfig } = useSettingsData()
const [showDeleteDialog, setShowDeleteDialog] = useState(false)
const [copied, setCopied] = useState(false)
const [showCopyDropdown, setShowCopyDropdown] = useState(false)
const [expandedServer, setExpandedServer] = useState<string | null>(null)
const dropdownRef = useRef<HTMLDivElement>(null)
// Close dropdown when clicking outside // Close dropdown when clicking outside
useEffect(() => { useEffect(() => {
const handleClickOutside = (event: MouseEvent) => { const handleClickOutside = (event: MouseEvent) => {
if (dropdownRef.current && !dropdownRef.current.contains(event.target as Node)) { if (dropdownRef.current && !dropdownRef.current.contains(event.target as Node)) {
setShowCopyDropdown(false); setShowCopyDropdown(false)
}
} }
};
document.addEventListener('mousedown', handleClickOutside); document.addEventListener('mousedown', handleClickOutside)
return () => { return () => {
document.removeEventListener('mousedown', handleClickOutside); document.removeEventListener('mousedown', handleClickOutside)
}; }
}, []); }, [])
const handleEdit = () => { const handleEdit = () => {
onEdit(group); onEdit(group)
}; }
const handleDelete = () => { const handleDelete = () => {
setShowDeleteDialog(true); setShowDeleteDialog(true)
}; }
const handleConfirmDelete = () => { const handleConfirmDelete = () => {
onDelete(group.id); onDelete(group.id)
setShowDeleteDialog(false); setShowDeleteDialog(false)
}; }
const copyToClipboard = (text: string) => { const copyToClipboard = (text: string) => {
if (navigator.clipboard && window.isSecureContext) { if (navigator.clipboard && window.isSecureContext) {
navigator.clipboard.writeText(text).then(() => { navigator.clipboard.writeText(text).then(() => {
setCopied(true); setCopied(true)
setShowCopyDropdown(false); setShowCopyDropdown(false)
showToast(t('common.copySuccess'), 'success'); showToast(t('common.copySuccess'), 'success')
setTimeout(() => setCopied(false), 2000); setTimeout(() => setCopied(false), 2000)
}); })
} else { } else {
// Fallback for HTTP or unsupported clipboard API // Fallback for HTTP or unsupported clipboard API
const textArea = document.createElement('textarea'); const textArea = document.createElement('textarea')
textArea.value = text; textArea.value = text
// Avoid scrolling to bottom // Avoid scrolling to bottom
textArea.style.position = 'fixed'; textArea.style.position = 'fixed'
textArea.style.left = '-9999px'; textArea.style.left = '-9999px'
document.body.appendChild(textArea); document.body.appendChild(textArea)
textArea.focus(); textArea.focus()
textArea.select(); textArea.select()
try { try {
document.execCommand('copy'); document.execCommand('copy')
setCopied(true); setCopied(true)
setShowCopyDropdown(false); setShowCopyDropdown(false)
showToast(t('common.copySuccess'), 'success'); showToast(t('common.copySuccess'), 'success')
setTimeout(() => setCopied(false), 2000); setTimeout(() => setCopied(false), 2000)
} catch (err) { } catch (err) {
showToast(t('common.copyFailed') || 'Copy failed', 'error'); showToast(t('common.copyFailed') || 'Copy failed', 'error')
console.error('Copy to clipboard failed:', err); console.error('Copy to clipboard failed:', err)
}
document.body.removeChild(textArea)
} }
document.body.removeChild(textArea);
} }
};
const handleCopyId = () => { const handleCopyId = () => {
copyToClipboard(group.id); copyToClipboard(group.id)
}; }
const handleCopyUrl = () => { const handleCopyUrl = () => {
copyToClipboard(`${installConfig.baseUrl}/mcp/${group.id}`); copyToClipboard(`${installConfig.baseUrl}/mcp/${group.id}`)
}; }
const handleCopyJson = () => { const handleCopyJson = () => {
const jsonConfig = { const jsonConfig = {
@@ -105,23 +101,23 @@ const GroupCard = ({ group, servers, onEdit, onDelete }: GroupCardProps) => {
mcphub: { mcphub: {
url: `${installConfig.baseUrl}/mcp/${group.id}`, url: `${installConfig.baseUrl}/mcp/${group.id}`,
headers: { headers: {
Authorization: 'Bearer <your-access-token>', Authorization: "Bearer <your-access-token>"
}, }
}, }
}, }
}; }
copyToClipboard(JSON.stringify(jsonConfig, null, 2)); copyToClipboard(JSON.stringify(jsonConfig, null, 2))
}; }
// Helper function to normalize group servers to get server names // Helper function to normalize group servers to get server names
const getServerNames = (servers: string[] | IGroupServerConfig[]): string[] => { const getServerNames = (servers: string[] | IGroupServerConfig[]): string[] => {
return servers.map((server) => (typeof server === 'string' ? server : server.name)); return servers.map(server => typeof server === 'string' ? server : server.name);
}; };
// Helper function to get server configuration // Helper function to get server configuration
const getServerConfig = (serverName: string): IGroupServerConfig | undefined => { const getServerConfig = (serverName: string): IGroupServerConfig | undefined => {
const server = group.servers.find((s) => const server = group.servers.find(s =>
typeof s === 'string' ? s === serverName : s.name === serverName, typeof s === 'string' ? s === serverName : s.name === serverName
); );
if (typeof server === 'string') { if (typeof server === 'string') {
return { name: server, tools: 'all' }; return { name: server, tools: 'all' };
@@ -131,11 +127,11 @@ const GroupCard = ({ group, servers, onEdit, onDelete }: GroupCardProps) => {
// Get servers that belong to this group // Get servers that belong to this group
const serverNames = getServerNames(group.servers); const serverNames = getServerNames(group.servers);
const groupServers = servers.filter((server) => serverNames.includes(server.name)); const groupServers = servers.filter(server => serverNames.includes(server.name));
return ( return (
<div className="bg-white shadow rounded-lg p-4"> <div className="bg-white shadow rounded-lg p-6 ">
<div className="flex justify-between items-center"> <div className="flex justify-between items-center mb-4">
<div> <div>
<div className="flex items-center"> <div className="flex items-center">
<h2 className="text-xl font-semibold text-gray-800">{group.name}</h2> <h2 className="text-xl font-semibold text-gray-800">{group.name}</h2>
@@ -179,7 +175,9 @@ const GroupCard = ({ group, servers, onEdit, onDelete }: GroupCardProps) => {
</div> </div>
</div> </div>
</div> </div>
{group.description && <p className="text-gray-600 text-sm mt-1">{group.description}</p>} {group.description && (
<p className="text-gray-600 text-sm mt-1">{group.description}</p>
)}
</div> </div>
<div className="flex items-center space-x-3"> <div className="flex items-center space-x-3">
<div className="bg-blue-50 text-blue-700 px-3 py-1 rounded-full text-sm btn-secondary"> <div className="bg-blue-50 text-blue-700 px-3 py-1 rounded-full text-sm btn-secondary">
@@ -202,19 +200,17 @@ const GroupCard = ({ group, servers, onEdit, onDelete }: GroupCardProps) => {
</div> </div>
</div> </div>
<div className=""> <div className="mt-4">
{groupServers.length === 0 ? ( {groupServers.length === 0 ? (
<p className="text-gray-500 italic">{t('groups.noServers')}</p> <p className="text-gray-500 italic">{t('groups.noServers')}</p>
) : ( ) : (
<div className="flex flex-wrap gap-2"> <div className="flex flex-wrap gap-2">
{groupServers.map((server) => { {groupServers.map(server => {
const serverConfig = getServerConfig(server.name); const serverConfig = getServerConfig(server.name);
const hasToolRestrictions = const hasToolRestrictions = serverConfig && serverConfig.tools !== 'all' && Array.isArray(serverConfig.tools);
serverConfig && serverConfig.tools !== 'all' && Array.isArray(serverConfig.tools); const toolCount = hasToolRestrictions && Array.isArray(serverConfig?.tools)
const toolCount =
hasToolRestrictions && Array.isArray(serverConfig?.tools)
? serverConfig.tools.length ? serverConfig.tools.length
: server.tools?.length || 0; // Show total tool count when all tools are selected : (server.tools?.length || 0); // Show total tool count when all tools are selected
const isExpanded = expandedServer === server.name; const isExpanded = expandedServer === server.name;
@@ -223,7 +219,7 @@ const GroupCard = ({ group, servers, onEdit, onDelete }: GroupCardProps) => {
if (hasToolRestrictions && Array.isArray(serverConfig?.tools)) { if (hasToolRestrictions && Array.isArray(serverConfig?.tools)) {
return serverConfig.tools; return serverConfig.tools;
} else if (server.tools && server.tools.length > 0) { } else if (server.tools && server.tools.length > 0) {
return server.tools.map((tool) => tool.name); return server.tools.map(tool => tool.name);
} }
return []; return [];
}; };
@@ -239,15 +235,9 @@ const GroupCard = ({ group, servers, onEdit, onDelete }: GroupCardProps) => {
onClick={handleServerClick} onClick={handleServerClick}
> >
<span className="font-medium text-gray-700 text-sm">{server.name}</span> <span className="font-medium text-gray-700 text-sm">{server.name}</span>
<span <span className={`inline-block h-2 w-2 rounded-full ${server.status === 'connected' ? 'bg-green-500' :
className={`inline-block h-2 w-2 rounded-full ${ server.status === 'connecting' ? 'bg-yellow-500' : 'bg-red-500'
server.status === 'connected' }`}></span>
? 'bg-green-500'
: server.status === 'connecting'
? 'bg-yellow-500'
: 'bg-red-500'
}`}
></span>
{toolCount > 0 && ( {toolCount > 0 && (
<span className="text-xs text-blue-600 bg-blue-100 px-2 py-0.5 rounded flex items-center gap-1"> <span className="text-xs text-blue-600 bg-blue-100 px-2 py-0.5 rounded flex items-center gap-1">
<Wrench size={12} /> <Wrench size={12} />
@@ -288,7 +278,7 @@ const GroupCard = ({ group, servers, onEdit, onDelete }: GroupCardProps) => {
isGroup={true} isGroup={true}
/> />
</div> </div>
); )
}; }
export default GroupCard; export default GroupCard

21
frontend/src/components/ServerCard.tsx
View File

@@ -18,14 +18,7 @@ interface ServerCardProps {
onReload?: (server: Server) => Promise<boolean>; onReload?: (server: Server) => Promise<boolean>;
} }
const ServerCard = ({ const ServerCard = ({ server, onRemove, onEdit, onToggle, onRefresh, onReload }: ServerCardProps) => {
server,
onRemove,
onEdit,
onToggle,
onRefresh,
onReload,
}: ServerCardProps) => {
const { t } = useTranslation(); const { t } = useTranslation();
const { showToast } = useToast(); const { showToast } = useToast();
const [isExpanded, setIsExpanded] = useState(false); const [isExpanded, setIsExpanded] = useState(false);
@@ -239,10 +232,10 @@ const ServerCard = ({
return ( return (
<> <>
<div <div
className={`bg-white shadow rounded-lg mb-6 page-card transition-all duration-200 ${server.enabled === false ? 'opacity-60' : ''}`} className={`bg-white shadow rounded-lg p-6 mb-6 page-card transition-all duration-200 ${server.enabled === false ? 'opacity-60' : ''}`}
> >
<div <div
className="flex justify-between items-center cursor-pointer p-4" className="flex justify-between items-center cursor-pointer"
onClick={() => setIsExpanded(!isExpanded)} onClick={() => setIsExpanded(!isExpanded)}
> >
<div className="flex items-center space-x-3"> <div className="flex items-center space-x-3">
@@ -392,9 +385,9 @@ const ServerCard = ({
{isExpanded && ( {isExpanded && (
<> <>
{server.tools && ( {server.tools && (
<div className="px-4"> <div className="mt-6">
<h6 <h6
className={`font-medium ${server.enabled === false ? 'text-gray-600' : 'text-gray-900'} mb-2`} className={`font-medium ${server.enabled === false ? 'text-gray-600' : 'text-gray-900'} mb-4`}
> >
{t('server.tools')} {t('server.tools')}
</h6> </h6>
@@ -412,9 +405,9 @@ const ServerCard = ({
)} )}
{server.prompts && ( {server.prompts && (
<div className="px-4 pb-2"> <div className="mt-6">
<h6 <h6
className={`font-medium ${server.enabled === false ? 'text-gray-600' : 'text-gray-900'}`} className={`font-medium ${server.enabled === false ? 'text-gray-600' : 'text-gray-900'} mb-4`}
> >
{t('server.prompts')} {t('server.prompts')}
</h6> </h6>

18
frontend/src/components/ui/Pagination.tsx
View File

@@ -1,20 +1,16 @@
import React from 'react'; import React from 'react';
import { useTranslation } from 'react-i18next';
interface PaginationProps { interface PaginationProps {
currentPage: number; currentPage: number;
totalPages: number; totalPages: number;
onPageChange: (page: number) => void; onPageChange: (page: number) => void;
disabled?: boolean;
} }
const Pagination: React.FC<PaginationProps> = ({ const Pagination: React.FC<PaginationProps> = ({
currentPage, currentPage,
totalPages, totalPages,
onPageChange, onPageChange
disabled = false
}) => { }) => {
const { t } = useTranslation();
// Generate page buttons // Generate page buttons
const getPageButtons = () => { const getPageButtons = () => {
const buttons = []; const buttons = [];
@@ -99,26 +95,26 @@ const Pagination: React.FC<PaginationProps> = ({
<div className="flex justify-center items-center my-6"> <div className="flex justify-center items-center my-6">
<button <button
onClick={() => onPageChange(Math.max(1, currentPage - 1))} onClick={() => onPageChange(Math.max(1, currentPage - 1))}
disabled={disabled || currentPage === 1} disabled={currentPage === 1}
className={`px-3 py-1 rounded mr-2 ${disabled || currentPage === 1 className={`px-3 py-1 rounded mr-2 ${currentPage === 1
? 'bg-gray-100 text-gray-400 cursor-not-allowed' ? 'bg-gray-100 text-gray-400 cursor-not-allowed'
: 'bg-gray-200 hover:bg-gray-300 text-gray-700 btn-secondary' : 'bg-gray-200 hover:bg-gray-300 text-gray-700 btn-secondary'
}`} }`}
> >
&laquo; {t('common.previous')} &laquo; Prev
</button> </button>
<div className="flex">{getPageButtons()}</div> <div className="flex">{getPageButtons()}</div>
<button <button
onClick={() => onPageChange(Math.min(totalPages, currentPage + 1))} onClick={() => onPageChange(Math.min(totalPages, currentPage + 1))}
disabled={disabled || currentPage === totalPages} disabled={currentPage === totalPages}
className={`px-3 py-1 rounded ml-2 ${disabled || currentPage === totalPages className={`px-3 py-1 rounded ml-2 ${currentPage === totalPages
? 'bg-gray-100 text-gray-400 cursor-not-allowed' ? 'bg-gray-100 text-gray-400 cursor-not-allowed'
: 'bg-gray-200 hover:bg-gray-300 text-gray-700 btn-secondary' : 'bg-gray-200 hover:bg-gray-300 text-gray-700 btn-secondary'
}`} }`}
> >
{t('common.next')} &raquo; Next &raquo;
</button> </button>
</div> </div>
); );

4
frontend/src/components/ui/PromptCard.tsx
View File

@@ -171,9 +171,9 @@ const PromptCard = ({ prompt, server, onToggle, onDescriptionUpdate }: PromptCar
}; };
return ( return (
<div className="bg-white border border-gray-200 shadow rounded-lg mb-4"> <div className="bg-white border border-gray-200 shadow rounded-lg p-4 mb-4">
<div <div
className="flex justify-between items-center p-2 cursor-pointer" className="flex justify-between items-center cursor-pointer"
onClick={() => setIsExpanded(!isExpanded)} onClick={() => setIsExpanded(!isExpanded)}
> >
<div className="flex-1"> <div className="flex-1">

253
frontend/src/components/ui/ToolCard.tsx
View File

@@ -1,27 +1,19 @@
import { useState, useCallback, useRef, useEffect } from 'react'; import { useState, useCallback, useRef, useEffect } from 'react'
import { useTranslation } from 'react-i18next'; import { useTranslation } from 'react-i18next'
import { Tool } from '@/types'; import { Tool } from '@/types'
import { import { ChevronDown, ChevronRight, Play, Loader, Edit, Check, Copy } from '@/components/icons/LucideIcons'
ChevronDown, import { callTool, ToolCallResult, updateToolDescription } from '@/services/toolService'
ChevronRight, import { useSettingsData } from '@/hooks/useSettingsData'
Play, import { useToast } from '@/contexts/ToastContext'
Loader, import { Switch } from './ToggleGroup'
Edit, import DynamicForm from './DynamicForm'
Check, import ToolResult from './ToolResult'
Copy,
} from '@/components/icons/LucideIcons';
import { callTool, ToolCallResult, updateToolDescription } from '@/services/toolService';
import { useSettingsData } from '@/hooks/useSettingsData';
import { useToast } from '@/contexts/ToastContext';
import { Switch } from './ToggleGroup';
import DynamicForm from './DynamicForm';
import ToolResult from './ToolResult';
interface ToolCardProps { interface ToolCardProps {
server: string; server: string
tool: Tool; tool: Tool
onToggle?: (toolName: string, enabled: boolean) => void; onToggle?: (toolName: string, enabled: boolean) => void
onDescriptionUpdate?: (toolName: string, description: string) => void; onDescriptionUpdate?: (toolName: string, description: string) => void
} }
// Helper to check for "empty" values // Helper to check for "empty" values
@@ -34,173 +26,165 @@ function isEmptyValue(value: any): boolean {
} }
const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps) => { const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps) => {
const { t } = useTranslation(); const { t } = useTranslation()
const { showToast } = useToast(); const { showToast } = useToast()
const { nameSeparator } = useSettingsData(); const { nameSeparator } = useSettingsData()
const [isExpanded, setIsExpanded] = useState(false); const [isExpanded, setIsExpanded] = useState(false)
const [showRunForm, setShowRunForm] = useState(false); const [showRunForm, setShowRunForm] = useState(false)
const [isRunning, setIsRunning] = useState(false); const [isRunning, setIsRunning] = useState(false)
const [result, setResult] = useState<ToolCallResult | null>(null); const [result, setResult] = useState<ToolCallResult | null>(null)
const [isEditingDescription, setIsEditingDescription] = useState(false); const [isEditingDescription, setIsEditingDescription] = useState(false)
const [customDescription, setCustomDescription] = useState(tool.description || ''); const [customDescription, setCustomDescription] = useState(tool.description || '')
const descriptionInputRef = useRef<HTMLInputElement>(null); const descriptionInputRef = useRef<HTMLInputElement>(null)
const descriptionTextRef = useRef<HTMLSpanElement>(null); const descriptionTextRef = useRef<HTMLSpanElement>(null)
const [textWidth, setTextWidth] = useState<number>(0); const [textWidth, setTextWidth] = useState<number>(0)
const [copiedToolName, setCopiedToolName] = useState(false); const [copiedToolName, setCopiedToolName] = useState(false)
// Focus the input when editing mode is activated // Focus the input when editing mode is activated
useEffect(() => { useEffect(() => {
if (isEditingDescription && descriptionInputRef.current) { if (isEditingDescription && descriptionInputRef.current) {
descriptionInputRef.current.focus(); descriptionInputRef.current.focus()
// Set input width to match text width // Set input width to match text width
if (textWidth > 0) { if (textWidth > 0) {
descriptionInputRef.current.style.width = `${textWidth + 20}px`; // Add some padding descriptionInputRef.current.style.width = `${textWidth + 20}px` // Add some padding
} }
} }
}, [isEditingDescription, textWidth]); }, [isEditingDescription, textWidth])
// Measure text width when not editing // Measure text width when not editing
useEffect(() => { useEffect(() => {
if (!isEditingDescription && descriptionTextRef.current) { if (!isEditingDescription && descriptionTextRef.current) {
setTextWidth(descriptionTextRef.current.offsetWidth); setTextWidth(descriptionTextRef.current.offsetWidth)
} }
}, [isEditingDescription, customDescription]); }, [isEditingDescription, customDescription])
// Generate a unique key for localStorage based on tool name and server // Generate a unique key for localStorage based on tool name and server
const getStorageKey = useCallback(() => { const getStorageKey = useCallback(() => {
return `mcphub_tool_form_${server ? `${server}_` : ''}${tool.name}`; return `mcphub_tool_form_${server ? `${server}_` : ''}${tool.name}`
}, [tool.name, server]); }, [tool.name, server])
// Clear form data from localStorage // Clear form data from localStorage
const clearStoredFormData = useCallback(() => { const clearStoredFormData = useCallback(() => {
localStorage.removeItem(getStorageKey()); localStorage.removeItem(getStorageKey())
}, [getStorageKey]); }, [getStorageKey])
const handleToggle = (enabled: boolean) => { const handleToggle = (enabled: boolean) => {
if (onToggle) { if (onToggle) {
onToggle(tool.name, enabled); onToggle(tool.name, enabled)
}
} }
};
const handleDescriptionEdit = () => { const handleDescriptionEdit = () => {
setIsEditingDescription(true); setIsEditingDescription(true)
}; }
const handleDescriptionSave = async () => { const handleDescriptionSave = async () => {
try { try {
const result = await updateToolDescription(server, tool.name, customDescription); const result = await updateToolDescription(server, tool.name, customDescription)
if (result.success) { if (result.success) {
setIsEditingDescription(false); setIsEditingDescription(false)
if (onDescriptionUpdate) { if (onDescriptionUpdate) {
onDescriptionUpdate(tool.name, customDescription); onDescriptionUpdate(tool.name, customDescription)
} }
} else { } else {
// Revert on error // Revert on error
setCustomDescription(tool.description || ''); setCustomDescription(tool.description || '')
console.error('Failed to update tool description:', result.error); console.error('Failed to update tool description:', result.error)
} }
} catch (error) { } catch (error) {
console.error('Error updating tool description:', error); console.error('Error updating tool description:', error)
setCustomDescription(tool.description || ''); setCustomDescription(tool.description || '')
setIsEditingDescription(false); setIsEditingDescription(false)
}
} }
};
const handleDescriptionChange = (e: React.ChangeEvent<HTMLInputElement>) => { const handleDescriptionChange = (e: React.ChangeEvent<HTMLInputElement>) => {
setCustomDescription(e.target.value); setCustomDescription(e.target.value)
}; }
const handleDescriptionKeyDown = (e: React.KeyboardEvent<HTMLInputElement>) => { const handleDescriptionKeyDown = (e: React.KeyboardEvent<HTMLInputElement>) => {
if (e.key === 'Enter') { if (e.key === 'Enter') {
handleDescriptionSave(); handleDescriptionSave()
} else if (e.key === 'Escape') { } else if (e.key === 'Escape') {
setCustomDescription(tool.description || ''); setCustomDescription(tool.description || '')
setIsEditingDescription(false); setIsEditingDescription(false)
}
} }
};
const handleCopyToolName = async (e: React.MouseEvent) => { const handleCopyToolName = async (e: React.MouseEvent) => {
e.stopPropagation(); e.stopPropagation()
try { try {
if (navigator.clipboard && window.isSecureContext) { if (navigator.clipboard && window.isSecureContext) {
await navigator.clipboard.writeText(tool.name); await navigator.clipboard.writeText(tool.name)
setCopiedToolName(true); setCopiedToolName(true)
showToast(t('common.copySuccess'), 'success'); showToast(t('common.copySuccess'), 'success')
setTimeout(() => setCopiedToolName(false), 2000); setTimeout(() => setCopiedToolName(false), 2000)
} else { } else {
// Fallback for HTTP or unsupported clipboard API // Fallback for HTTP or unsupported clipboard API
const textArea = document.createElement('textarea'); const textArea = document.createElement('textarea')
textArea.value = tool.name; textArea.value = tool.name
textArea.style.position = 'fixed'; textArea.style.position = 'fixed'
textArea.style.left = '-9999px'; textArea.style.left = '-9999px'
document.body.appendChild(textArea); document.body.appendChild(textArea)
textArea.focus(); textArea.focus()
textArea.select(); textArea.select()
try { try {
document.execCommand('copy'); document.execCommand('copy')
setCopiedToolName(true); setCopiedToolName(true)
showToast(t('common.copySuccess'), 'success'); showToast(t('common.copySuccess'), 'success')
setTimeout(() => setCopiedToolName(false), 2000); setTimeout(() => setCopiedToolName(false), 2000)
} catch (err) { } catch (err) {
showToast(t('common.copyFailed'), 'error'); showToast(t('common.copyFailed'), 'error')
console.error('Copy to clipboard failed:', err); console.error('Copy to clipboard failed:', err)
} }
document.body.removeChild(textArea); document.body.removeChild(textArea)
} }
} catch (error) { } catch (error) {
showToast(t('common.copyFailed'), 'error'); showToast(t('common.copyFailed'), 'error')
console.error('Copy to clipboard failed:', error); console.error('Copy to clipboard failed:', error)
}
} }
};
const handleRunTool = async (arguments_: Record<string, any>) => { const handleRunTool = async (arguments_: Record<string, any>) => {
setIsRunning(true); setIsRunning(true)
try { try {
// filter empty values // filter empty values
arguments_ = Object.fromEntries( arguments_ = Object.fromEntries(Object.entries(arguments_).filter(([_, v]) => !isEmptyValue(v)))
Object.entries(arguments_).filter(([_, v]) => !isEmptyValue(v)), const result = await callTool({
);
const result = await callTool(
{
toolName: tool.name, toolName: tool.name,
arguments: arguments_, arguments: arguments_,
}, }, server)
server,
);
setResult(result); setResult(result)
// Clear form data on successful submission // Clear form data on successful submission
// clearStoredFormData() // clearStoredFormData()
} catch (error) { } catch (error) {
setResult({ setResult({
success: false, success: false,
error: error instanceof Error ? error.message : 'Unknown error occurred', error: error instanceof Error ? error.message : 'Unknown error occurred',
}); })
} finally { } finally {
setIsRunning(false); setIsRunning(false)
}
} }
};
const handleCancelRun = () => { const handleCancelRun = () => {
setShowRunForm(false); setShowRunForm(false)
// Clear form data when cancelled // Clear form data when cancelled
clearStoredFormData(); clearStoredFormData()
setResult(null); setResult(null)
}; }
const handleCloseResult = () => { const handleCloseResult = () => {
setResult(null); setResult(null)
}; }
return ( return (
<div className="bg-white border border-gray-200 shadow rounded-lg mb-4"> <div className="bg-white border border-gray-200 shadow rounded-lg p-4 mb-4">
<div <div
className="flex justify-between items-center cursor-pointer p-2" className="flex justify-between items-center cursor-pointer"
onClick={(e) => { onClick={() => setIsExpanded(!isExpanded)}
e.stopPropagation();
setIsExpanded(!isExpanded);
}}
> >
<div className="flex-1"> <div className="flex-1">
<h3 className="text-lg font-medium text-gray-900 inline-flex items-center"> <h3 className="text-lg font-medium text-gray-900 inline-flex items-center">
@@ -210,7 +194,11 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
onClick={handleCopyToolName} onClick={handleCopyToolName}
title={t('common.copy')} title={t('common.copy')}
> >
{copiedToolName ? <Check size={16} className="text-green-500" /> : <Copy size={16} />} {copiedToolName ? (
<Check size={16} className="text-green-500" />
) : (
<Copy size={16} />
)}
</button> </button>
<span className="ml-2 text-sm font-normal text-gray-600 inline-flex items-center"> <span className="ml-2 text-sm font-normal text-gray-600 inline-flex items-center">
{isEditingDescription ? ( {isEditingDescription ? (
@@ -225,14 +213,14 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
onClick={(e) => e.stopPropagation()} onClick={(e) => e.stopPropagation()}
style={{ style={{
minWidth: '100px', minWidth: '100px',
width: textWidth > 0 ? `${textWidth + 20}px` : 'auto', width: textWidth > 0 ? `${textWidth + 20}px` : 'auto'
}} }}
/> />
<button <button
className="ml-2 p-1 text-green-600 hover:text-green-800 cursor-pointer transition-colors" className="ml-2 p-1 text-green-600 hover:text-green-800 cursor-pointer transition-colors"
onClick={(e) => { onClick={(e) => {
e.stopPropagation(); e.stopPropagation()
handleDescriptionSave(); handleDescriptionSave()
}} }}
> >
<Check size={16} /> <Check size={16} />
@@ -240,14 +228,12 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
</> </>
) : ( ) : (
<> <>
<span ref={descriptionTextRef}> <span ref={descriptionTextRef}>{customDescription || t('tool.noDescription')}</span>
{customDescription || t('tool.noDescription')}
</span>
<button <button
className="ml-2 p-1 text-gray-500 hover:text-blue-600 cursor-pointer transition-colors" className="ml-2 p-1 text-gray-500 hover:text-blue-600 cursor-pointer transition-colors"
onClick={(e) => { onClick={(e) => {
e.stopPropagation(); e.stopPropagation()
handleDescriptionEdit(); handleDescriptionEdit()
}} }}
> >
<Edit size={14} /> <Edit size={14} />
@@ -258,7 +244,10 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
</h3> </h3>
</div> </div>
<div className="flex items-center space-x-2"> <div className="flex items-center space-x-2">
<div className="flex items-center space-x-2" onClick={(e) => e.stopPropagation()}> <div
className="flex items-center space-x-2"
onClick={(e) => e.stopPropagation()}
>
<Switch <Switch
checked={tool.enabled ?? true} checked={tool.enabled ?? true}
onCheckedChange={handleToggle} onCheckedChange={handleToggle}
@@ -267,14 +256,18 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
</div> </div>
<button <button
onClick={(e) => { onClick={(e) => {
e.stopPropagation(); e.stopPropagation()
setIsExpanded(true); // Ensure card is expanded when showing run form setIsExpanded(true) // Ensure card is expanded when showing run form
setShowRunForm(true); setShowRunForm(true)
}} }}
className="flex items-center space-x-1 px-3 py-1 text-sm text-blue-600 bg-blue-50 hover:bg-blue-100 rounded-md transition-colors btn-primary" className="flex items-center space-x-1 px-3 py-1 text-sm text-blue-600 bg-blue-50 hover:bg-blue-100 rounded-md transition-colors btn-primary"
disabled={isRunning || !tool.enabled} disabled={isRunning || !tool.enabled}
> >
{isRunning ? <Loader size={14} className="animate-spin" /> : <Play size={14} />} {isRunning ? (
<Loader size={14} className="animate-spin" />
) : (
<Play size={14} />
)}
<span>{isRunning ? t('tool.running') : t('tool.run')}</span> <span>{isRunning ? t('tool.running') : t('tool.run')}</span>
</button> </button>
<button className="text-gray-400 hover:text-gray-600"> <button className="text-gray-400 hover:text-gray-600">
@@ -304,9 +297,7 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
onCancel={handleCancelRun} onCancel={handleCancelRun}
loading={isRunning} loading={isRunning}
storageKey={getStorageKey()} storageKey={getStorageKey()}
title={t('tool.runToolWithName', { title={t('tool.runToolWithName', { name: tool.name.replace(server + nameSeparator, '') })}
name: tool.name.replace(server + nameSeparator, ''),
})}
/> />
{/* Tool Result */} {/* Tool Result */}
{result && ( {result && (
@@ -316,10 +307,12 @@ const ToolCard = ({ tool, server, onToggle, onDescriptionUpdate }: ToolCardProps
)} )}
</div> </div>
)} )}
</div> </div>
)} )}
</div> </div>
); )
}; }
export default ToolCard; export default ToolCard

67
frontend/src/contexts/ServerContext.tsx
View File

@@ -17,16 +17,6 @@ const CONFIG = {
}, },
}; };
// Pagination info type
interface PaginationInfo {
page: number;
limit: number;
total: number;
totalPages: number;
hasNextPage: boolean;
hasPrevPage: boolean;
}
// Context type definition // Context type definition
interface ServerContextType { interface ServerContextType {
servers: Server[]; servers: Server[];
@@ -34,11 +24,6 @@ interface ServerContextType {
setError: (error: string | null) => void; setError: (error: string | null) => void;
isLoading: boolean; isLoading: boolean;
fetchAttempts: number; fetchAttempts: number;
pagination: PaginationInfo | null;
currentPage: number;
serversPerPage: number;
setCurrentPage: (page: number) => void;
setServersPerPage: (limit: number) => void;
triggerRefresh: () => void; triggerRefresh: () => void;
refreshIfNeeded: () => void; // Smart refresh with debounce refreshIfNeeded: () => void; // Smart refresh with debounce
handleServerAdd: () => void; handleServerAdd: () => void;
@@ -60,9 +45,6 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
const [refreshKey, setRefreshKey] = useState(0); const [refreshKey, setRefreshKey] = useState(0);
const [isInitialLoading, setIsInitialLoading] = useState(true); const [isInitialLoading, setIsInitialLoading] = useState(true);
const [fetchAttempts, setFetchAttempts] = useState(0); const [fetchAttempts, setFetchAttempts] = useState(0);
const [pagination, setPagination] = useState<PaginationInfo | null>(null);
const [currentPage, setCurrentPage] = useState(1);
const [serversPerPage, setServersPerPage] = useState(10);
// Timer reference for polling // Timer reference for polling
const intervalRef = useRef<NodeJS.Timeout | null>(null); const intervalRef = useRef<NodeJS.Timeout | null>(null);
@@ -91,31 +73,18 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
const fetchServers = async () => { const fetchServers = async () => {
try { try {
console.log('[ServerContext] Fetching servers from API...'); console.log('[ServerContext] Fetching servers from API...');
// Build query parameters for pagination const data = await apiGet('/servers');
const params = new URLSearchParams();
params.append('page', currentPage.toString());
params.append('limit', serversPerPage.toString());
const data = await apiGet(`/servers?${params.toString()}`);
// Update last fetch time // Update last fetch time
lastFetchTimeRef.current = Date.now(); lastFetchTimeRef.current = Date.now();
if (data && data.success && Array.isArray(data.data)) { if (data && data.success && Array.isArray(data.data)) {
setServers(data.data); setServers(data.data);
// Update pagination info if available
if (data.pagination) {
setPagination(data.pagination);
} else {
setPagination(null);
}
} else if (data && Array.isArray(data)) { } else if (data && Array.isArray(data)) {
// Compatibility handling for non-paginated responses
setServers(data); setServers(data);
setPagination(null);
} else { } else {
console.error('Invalid server data format:', data); console.error('Invalid server data format:', data);
setServers([]); setServers([]);
setPagination(null);
} }
// Reset error state // Reset error state
@@ -145,7 +114,7 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
// Set up regular polling // Set up regular polling
intervalRef.current = setInterval(fetchServers, CONFIG.normal.pollingInterval); intervalRef.current = setInterval(fetchServers, CONFIG.normal.pollingInterval);
}, },
[t, currentPage, serversPerPage], [t],
); );
// Watch for authentication status changes // Watch for authentication status changes
@@ -181,11 +150,7 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
const fetchInitialData = async () => { const fetchInitialData = async () => {
try { try {
console.log('[ServerContext] Initial fetch - attempt', attemptsRef.current + 1); console.log('[ServerContext] Initial fetch - attempt', attemptsRef.current + 1);
// Build query parameters for pagination const data = await apiGet('/servers');
const params = new URLSearchParams();
params.append('page', currentPage.toString());
params.append('limit', serversPerPage.toString());
const data = await apiGet(`/servers?${params.toString()}`);
// Update last fetch time // Update last fetch time
lastFetchTimeRef.current = Date.now(); lastFetchTimeRef.current = Date.now();
@@ -193,12 +158,6 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
// Handle API response wrapper object, extract data field // Handle API response wrapper object, extract data field
if (data && data.success && Array.isArray(data.data)) { if (data && data.success && Array.isArray(data.data)) {
setServers(data.data); setServers(data.data);
// Update pagination info if available
if (data.pagination) {
setPagination(data.pagination);
} else {
setPagination(null);
}
setIsInitialLoading(false); setIsInitialLoading(false);
// Initialization successful, start normal polling (skip immediate to avoid duplicate fetch) // Initialization successful, start normal polling (skip immediate to avoid duplicate fetch)
startNormalPolling({ immediate: false }); startNormalPolling({ immediate: false });
@@ -206,7 +165,6 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
} else if (data && Array.isArray(data)) { } else if (data && Array.isArray(data)) {
// Compatibility handling, if API directly returns array // Compatibility handling, if API directly returns array
setServers(data); setServers(data);
setPagination(null);
setIsInitialLoading(false); setIsInitialLoading(false);
// Initialization successful, start normal polling (skip immediate to avoid duplicate fetch) // Initialization successful, start normal polling (skip immediate to avoid duplicate fetch)
startNormalPolling({ immediate: false }); startNormalPolling({ immediate: false });
@@ -215,7 +173,6 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
// If data format is not as expected, set to empty array // If data format is not as expected, set to empty array
console.error('Invalid server data format:', data); console.error('Invalid server data format:', data);
setServers([]); setServers([]);
setPagination(null);
setIsInitialLoading(false); setIsInitialLoading(false);
// Initialization successful but data is empty, start normal polling (skip immediate) // Initialization successful but data is empty, start normal polling (skip immediate)
startNormalPolling({ immediate: false }); startNormalPolling({ immediate: false });
@@ -270,7 +227,7 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
return () => { return () => {
clearTimer(); clearTimer();
}; };
}, [refreshKey, t, isInitialLoading, startNormalPolling, currentPage, serversPerPage]); }, [refreshKey, t, isInitialLoading, startNormalPolling]);
// Manually trigger refresh (always refreshes) // Manually trigger refresh (always refreshes)
const triggerRefresh = useCallback(() => { const triggerRefresh = useCallback(() => {
@@ -426,28 +383,12 @@ export const ServerProvider: React.FC<{ children: React.ReactNode }> = ({ childr
[t, triggerRefresh], [t, triggerRefresh],
); );
// Handle page change
const handlePageChange = useCallback((page: number) => {
setCurrentPage(page);
}, []);
// Handle servers per page change
const handleServersPerPageChange = useCallback((limit: number) => {
setServersPerPage(limit);
setCurrentPage(1); // Reset to first page when changing page size
}, []);
const value: ServerContextType = { const value: ServerContextType = {
servers, servers,
error, error,
setError, setError,
isLoading: isInitialLoading, isLoading: isInitialLoading,
fetchAttempts, fetchAttempts,
pagination,
currentPage,
serversPerPage,
setCurrentPage: handlePageChange,
setServersPerPage: handleServersPerPageChange,
triggerRefresh, triggerRefresh,
refreshIfNeeded, refreshIfNeeded,
handleServerAdd, handleServerAdd,

121
frontend/src/pages/LoginPage.tsx
View File

@@ -1,11 +1,12 @@
import React, { useState, useMemo, useCallback } from 'react'; import React, { useState, useMemo, useCallback, useEffect } from 'react';
import { useLocation, useNavigate } from 'react-router-dom'; import { useLocation, useNavigate } from 'react-router-dom';
import { useTranslation } from 'react-i18next'; import { useTranslation } from 'react-i18next';
import { useAuth } from '../contexts/AuthContext'; import { useAuth } from '../contexts/AuthContext';
import { getToken } from '../services/authService'; import { getToken, getSSOConfig, initiateSSOLogin } from '../services/authService';
import ThemeSwitch from '@/components/ui/ThemeSwitch'; import ThemeSwitch from '@/components/ui/ThemeSwitch';
import LanguageSwitch from '@/components/ui/LanguageSwitch'; import LanguageSwitch from '@/components/ui/LanguageSwitch';
import DefaultPasswordWarningModal from '@/components/ui/DefaultPasswordWarningModal'; import DefaultPasswordWarningModal from '@/components/ui/DefaultPasswordWarningModal';
import { SSOProvider } from '../types';
const sanitizeReturnUrl = (value: string | null): string | null => { const sanitizeReturnUrl = (value: string | null): string | null => {
if (!value) { if (!value) {
@@ -29,6 +30,65 @@ const sanitizeReturnUrl = (value: string | null): string | null => {
} }
}; };
// Provider icons (SVG)
const ProviderIcon: React.FC<{ type: string; className?: string }> = ({
type,
className = 'w-5 h-5',
}) => {
switch (type) {
case 'google':
return (
<svg className={className} viewBox="0 0 24 24" fill="currentColor">
<path
d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
fill="#4285F4"
/>
<path
d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
fill="#34A853"
/>
<path
d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
fill="#FBBC05"
/>
<path
d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
fill="#EA4335"
/>
</svg>
);
case 'github':
return (
<svg className={className} viewBox="0 0 24 24" fill="currentColor">
<path d="M12 0C5.37 0 0 5.37 0 12c0 5.31 3.435 9.795 8.205 11.385.6.105.825-.255.825-.57 0-.285-.015-1.23-.015-2.235-3.015.555-3.795-.735-4.035-1.41-.135-.345-.72-1.41-1.23-1.695-.42-.225-1.02-.78-.015-.795.945-.015 1.62.87 1.845 1.23 1.08 1.815 2.805 1.305 3.495.99.105-.78.42-1.305.765-1.605-2.67-.3-5.46-1.335-5.46-5.925 0-1.305.465-2.385 1.23-3.225-.12-.3-.54-1.53.12-3.18 0 0 1.005-.315 3.3 1.23.96-.27 1.98-.405 3-.405s2.04.135 3 .405c2.295-1.56 3.3-1.23 3.3-1.23.66 1.65.24 2.88.12 3.18.765.84 1.23 1.905 1.23 3.225 0 4.605-2.805 5.625-5.475 5.925.435.375.81 1.095.81 2.22 0 1.605-.015 2.895-.015 3.3 0 .315.225.69.825.57A12.02 12.02 0 0024 12c0-6.63-5.37-12-12-12z" />
</svg>
);
case 'microsoft':
return (
<svg className={className} viewBox="0 0 24 24" fill="currentColor">
<path fill="#F25022" d="M1 1h10v10H1z" />
<path fill="#00A4EF" d="M1 13h10v10H1z" />
<path fill="#7FBA00" d="M13 1h10v10H13z" />
<path fill="#FFB900" d="M13 13h10v10H13z" />
</svg>
);
default:
// Generic OAuth/OIDC icon
return (
<svg
className={className}
viewBox="0 0 24 24"
fill="none"
stroke="currentColor"
strokeWidth="2"
>
<circle cx="12" cy="12" r="10" />
<path d="M12 6v6l4 2" />
</svg>
);
}
};
const LoginPage: React.FC = () => { const LoginPage: React.FC = () => {
const { t } = useTranslation(); const { t } = useTranslation();
const [username, setUsername] = useState(''); const [username, setUsername] = useState('');
@@ -36,6 +96,9 @@ const LoginPage: React.FC = () => {
const [error, setError] = useState<string | null>(null); const [error, setError] = useState<string | null>(null);
const [loading, setLoading] = useState(false); const [loading, setLoading] = useState(false);
const [showDefaultPasswordWarning, setShowDefaultPasswordWarning] = useState(false); const [showDefaultPasswordWarning, setShowDefaultPasswordWarning] = useState(false);
const [ssoProviders, setSsoProviders] = useState<SSOProvider[]>([]);
const [ssoEnabled, setSsoEnabled] = useState(false);
const [allowLocalAuth, setAllowLocalAuth] = useState(true);
const { login } = useAuth(); const { login } = useAuth();
const location = useLocation(); const location = useLocation();
const navigate = useNavigate(); const navigate = useNavigate();
@@ -44,6 +107,17 @@ const LoginPage: React.FC = () => {
return sanitizeReturnUrl(params.get('returnUrl')); return sanitizeReturnUrl(params.get('returnUrl'));
}, [location.search]); }, [location.search]);
// Load SSO configuration on mount
useEffect(() => {
const loadSSOConfig = async () => {
const config = await getSSOConfig();
setSsoEnabled(config.enabled);
setSsoProviders(config.providers);
setAllowLocalAuth(config.allowLocalAuth);
};
loadSSOConfig();
}, []);
const isServerUnavailableError = useCallback((message?: string) => { const isServerUnavailableError = useCallback((message?: string) => {
if (!message) return false; if (!message) return false;
const normalized = message.toLowerCase(); const normalized = message.toLowerCase();
@@ -137,6 +211,10 @@ const LoginPage: React.FC = () => {
} }
}; };
const handleSSOLogin = (providerId: string) => {
initiateSSOLogin(providerId, returnUrl || undefined);
};
const handleCloseWarning = () => { const handleCloseWarning = () => {
setShowDefaultPasswordWarning(false); setShowDefaultPasswordWarning(false);
redirectAfterLogin(); redirectAfterLogin();
@@ -193,6 +271,9 @@ const LoginPage: React.FC = () => {
<div className="login-card relative w-full rounded-2xl border border-white/10 bg-white/60 p-8 shadow-xl backdrop-blur-md transition dark:border-white/10 dark:bg-gray-900/60"> <div className="login-card relative w-full rounded-2xl border border-white/10 bg-white/60 p-8 shadow-xl backdrop-blur-md transition dark:border-white/10 dark:bg-gray-900/60">
<div className="absolute -top-24 right-12 h-40 w-40 -translate-y-6 rounded-full bg-indigo-500/30 blur-3xl" /> <div className="absolute -top-24 right-12 h-40 w-40 -translate-y-6 rounded-full bg-indigo-500/30 blur-3xl" />
<div className="absolute -bottom-24 -left-12 h-40 w-40 translate-y-6 rounded-full bg-cyan-500/20 blur-3xl" /> <div className="absolute -bottom-24 -left-12 h-40 w-40 translate-y-6 rounded-full bg-cyan-500/20 blur-3xl" />
{/* Local auth form - only show if allowed */}
{allowLocalAuth && (
<form className="mt-4 space-y-4" onSubmit={handleSubmit}> <form className="mt-4 space-y-4" onSubmit={handleSubmit}>
<div className="space-y-4"> <div className="space-y-4">
<div> <div>
@@ -245,6 +326,42 @@ const LoginPage: React.FC = () => {
</button> </button>
</div> </div>
</form> </form>
)}
{/* SSO Buttons */}
{ssoEnabled && ssoProviders.length > 0 && (
<div className="space-y-3 mb-6">
{/* Divider */}
<div className="relative my-4">
<div className="absolute inset-0 flex items-center">
<div className="w-full border-t border-gray-300/60 dark:border-gray-600/60" />
</div>
<div className="relative flex justify-center text-sm">
<span className="px-2 bg-white/60 text-gray-500 dark:bg-gray-900/60 dark:text-gray-400">
{t('auth.orContinueWith')}
</span>
</div>
</div>
{ssoProviders.map((provider) => (
<button
key={provider.id}
type="button"
onClick={() => handleSSOLogin(provider.id)}
className="sso-button group relative flex w-full items-center justify-center gap-3 rounded-md border border-gray-300/60 bg-white/80 px-4 py-2.5 text-sm font-medium text-gray-700 shadow-sm transition-all hover:bg-gray-50 hover:border-gray-400/60 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:ring-offset-2 dark:border-gray-600/60 dark:bg-gray-800/80 dark:text-gray-200 dark:hover:bg-gray-700/80"
>
<ProviderIcon type={provider.type} />
<span>{t('auth.continueWith', { provider: provider.name })}</span>
</button>
))}
</div>
)}
{/* Show message if only SSO is available and no providers configured */}
{!allowLocalAuth && ssoProviders.length === 0 && (
<div className="text-center text-gray-500 dark:text-gray-400">
{t('auth.noLoginMethodsAvailable')}
</div>
)}
</div> </div>
</div> </div>
</div> </div>

108
frontend/src/pages/SSOCallbackPage.tsx Normal file
View File

@@ -0,0 +1,108 @@
import React, { useEffect, useState } from 'react';
import { useNavigate, useLocation } from 'react-router-dom';
import { useTranslation } from 'react-i18next';
import { handleSSOToken, getCurrentUser } from '../services/authService';
import { useAuth } from '../contexts/AuthContext';
/**
* SSO Callback Page
* Handles the redirect from OAuth SSO callback, extracts token, and redirects to destination
*/
const SSOCallbackPage: React.FC = () => {
const { t } = useTranslation();
const navigate = useNavigate();
const location = useLocation();
const { auth } = useAuth();
const [error, setError] = useState<string | null>(null);
useEffect(() => {
const handleCallback = async () => {
const params = new URLSearchParams(location.search);
const token = params.get('token');
const returnUrl = params.get('returnUrl') || '/';
const errorParam = params.get('error');
// Handle OAuth errors
if (errorParam) {
setError(errorParam);
setTimeout(() => {
navigate('/login');
}, 3000);
return;
}
// Handle successful SSO login
if (token) {
try {
// Store the token
handleSSOToken(token);
// Verify the token by fetching current user
const response = await getCurrentUser();
if (response.success) {
// Redirect to the return URL or dashboard
if (returnUrl.startsWith('/oauth/authorize')) {
// For OAuth authorize flow, pass the token
const url = new URL(returnUrl, window.location.origin);
url.searchParams.set('token', token);
window.location.assign(`${url.pathname}${url.search}`);
} else {
navigate(returnUrl);
}
} else {
setError(t('auth.ssoTokenInvalid'));
setTimeout(() => {
navigate('/login');
}, 3000);
}
} catch (err) {
console.error('SSO callback error:', err);
setError(t('auth.ssoCallbackError'));
setTimeout(() => {
navigate('/login');
}, 3000);
}
} else {
// No token provided
setError(t('auth.ssoNoToken'));
setTimeout(() => {
navigate('/login');
}, 3000);
}
};
// Only handle callback if not already authenticated
if (!auth.isAuthenticated) {
handleCallback();
} else {
// Already authenticated, redirect to home
navigate('/');
}
}, [location.search, navigate, auth.isAuthenticated, t]);
return (
<div className="relative min-h-screen w-full overflow-hidden bg-gray-50 dark:bg-gray-950 flex items-center justify-center">
<div className="text-center">
{error ? (
<div className="space-y-4">
<div className="text-red-600 dark:text-red-400 text-lg font-medium">
{error}
</div>
<p className="text-gray-500 dark:text-gray-400 text-sm">
{t('auth.redirectingToLogin')}
</p>
</div>
) : (
<div className="space-y-4">
<div className="animate-spin rounded-full h-12 w-12 border-b-2 border-indigo-600 mx-auto"></div>
<p className="text-gray-600 dark:text-gray-300 text-lg">
{t('auth.ssoProcessing')}
</p>
</div>
)}
</div>
</div>
);
};
export default SSOCallbackPage;

53
frontend/src/pages/ServersPage.tsx
View File

@@ -8,7 +8,6 @@ import EditServerForm from '@/components/EditServerForm';
import { useServerData } from '@/hooks/useServerData'; import { useServerData } from '@/hooks/useServerData';
import DxtUploadForm from '@/components/DxtUploadForm'; import DxtUploadForm from '@/components/DxtUploadForm';
import JSONImportForm from '@/components/JSONImportForm'; import JSONImportForm from '@/components/JSONImportForm';
import Pagination from '@/components/ui/Pagination';
const ServersPage: React.FC = () => { const ServersPage: React.FC = () => {
const { t } = useTranslation(); const { t } = useTranslation();
@@ -18,11 +17,6 @@ const ServersPage: React.FC = () => {
error, error,
setError, setError,
isLoading, isLoading,
pagination,
currentPage,
serversPerPage,
setCurrentPage,
setServersPerPage,
handleServerAdd, handleServerAdd,
handleServerEdit, handleServerEdit,
handleServerRemove, handleServerRemove,
@@ -157,7 +151,6 @@ const ServersPage: React.FC = () => {
<p className="text-gray-600">{t('app.noServers')}</p> <p className="text-gray-600">{t('app.noServers')}</p>
</div> </div>
) : ( ) : (
<>
<div className="space-y-6"> <div className="space-y-6">
{servers.map((server, index) => ( {servers.map((server, index) => (
<ServerCard <ServerCard
@@ -171,52 +164,6 @@ const ServersPage: React.FC = () => {
/> />
))} ))}
</div> </div>
<div className="flex items-center mb-4">
<div className="flex-[2] text-sm text-gray-500">
{pagination ? (
t('common.showing', {
start: (pagination.page - 1) * pagination.limit + 1,
end: Math.min(pagination.page * pagination.limit, pagination.total),
total: pagination.total
})
) : (
t('common.showing', {
start: 1,
end: servers.length,
total: servers.length
})
)}
</div>
<div className="flex-[4] flex justify-center">
{pagination && pagination.totalPages > 1 && (
<Pagination
currentPage={currentPage}
totalPages={pagination.totalPages}
onPageChange={setCurrentPage}
disabled={isLoading}
/>
)}
</div>
<div className="flex-[2] flex items-center justify-end space-x-2">
<label htmlFor="perPage" className="text-sm text-gray-600">
{t('common.itemsPerPage')}:
</label>
<select
id="perPage"
value={serversPerPage}
onChange={(e) => setServersPerPage(Number(e.target.value))}
disabled={isLoading}
className="border rounded p-1 text-sm btn-secondary outline-none disabled:opacity-50 disabled:cursor-not-allowed"
>
<option value={5}>5</option>
<option value={10}>10</option>
<option value={20}>20</option>
<option value={50}>50</option>
</select>
</div>
</div>
</>
)} )}
{editingServer && ( {editingServer && (

41
frontend/src/services/authService.ts
View File

@@ -1,15 +1,54 @@
import { getBasePath } from '@/utils/runtime';
import { import {
AuthResponse, AuthResponse,
LoginCredentials, LoginCredentials,
RegisterCredentials, RegisterCredentials,
ChangePasswordCredentials, ChangePasswordCredentials,
SSOConfig,
} from '../types'; } from '../types';
import { apiPost, apiGet } from '../utils/fetchInterceptor'; import { apiPost, apiGet, fetchWithInterceptors } from '../utils/fetchInterceptor';
import { getToken, setToken, removeToken } from '../utils/interceptors'; import { getToken, setToken, removeToken } from '../utils/interceptors';
// Export token management functions // Export token management functions
export { getToken, setToken, removeToken }; export { getToken, setToken, removeToken };
// Get SSO configuration
export const getSSOConfig = async (): Promise<SSOConfig> => {
try {
const basePath = getBasePath();
// const response = await apiGet<{ success: boolean; data: SSOConfig }>('/auth/sso/config');
const response = await fetchWithInterceptors(`${basePath}/auth/sso/config`, {
method: 'GET',
headers: {
'Content-Type': 'application/json',
},
});
if (response.ok) {
const data: { success: boolean; data: SSOConfig } = await response.json();
return data.data;
}
return { enabled: false, providers: [], allowLocalAuth: true };
} catch (error) {
console.error('Get SSO config error:', error);
return { enabled: false, providers: [], allowLocalAuth: true };
}
};
// Initiate SSO login (redirects to provider)
export const initiateSSOLogin = (providerId: string, returnUrl?: string): void => {
const basePath = import.meta.env.VITE_API_BASE_PATH || '';
let url = `${basePath}/auth/sso/${providerId}`;
if (returnUrl) {
url += `?returnUrl=${encodeURIComponent(returnUrl)}`;
}
window.location.href = url;
};
// Handle SSO callback token (called from SSO callback page)
export const handleSSOToken = (token: string): void => {
setToken(token);
};
// Login user // Login user
export const login = async (credentials: LoginCredentials): Promise<AuthResponse> => { export const login = async (credentials: LoginCredentials): Promise<AuthResponse> => {
try { try {

26
frontend/src/types/index.ts
View File

@@ -105,17 +105,6 @@ export interface Prompt {
enabled?: boolean; enabled?: boolean;
} }
// Proxychains4 configuration for STDIO servers (Linux/macOS only)
export interface ProxychainsConfig {
enabled?: boolean; // Enable/disable proxychains4 proxy routing
type?: 'socks4' | 'socks5' | 'http'; // Proxy protocol type
host?: string; // Proxy server hostname or IP address
port?: number; // Proxy server port
username?: string; // Proxy authentication username (optional)
password?: string; // Proxy authentication password (optional)
configPath?: string; // Path to custom proxychains4 configuration file (optional)
}
// Server config types // Server config types
export interface ServerConfig { export interface ServerConfig {
type?: 'stdio' | 'sse' | 'streamable-http' | 'openapi'; type?: 'stdio' | 'sse' | 'streamable-http' | 'openapi';
@@ -134,8 +123,6 @@ export interface ServerConfig {
resetTimeoutOnProgress?: boolean; // Reset timeout on progress notifications resetTimeoutOnProgress?: boolean; // Reset timeout on progress notifications
maxTotalTimeout?: number; // Maximum total timeout in milliseconds maxTotalTimeout?: number; // Maximum total timeout in milliseconds
}; // MCP request options configuration }; // MCP request options configuration
// Proxychains4 proxy configuration for STDIO servers (Linux/macOS only, Windows not supported)
proxy?: ProxychainsConfig;
// OAuth authentication for upstream MCP servers // OAuth authentication for upstream MCP servers
oauth?: { oauth?: {
clientId?: string; // OAuth client ID clientId?: string; // OAuth client ID
@@ -342,6 +329,19 @@ export interface IUser {
permissions?: string[]; permissions?: string[];
} }
// OAuth SSO types
export interface SSOProvider {
id: string;
name: string;
type: string;
}
export interface SSOConfig {
enabled: boolean;
providers: SSOProvider[];
allowLocalAuth: boolean;
}
// User management types // User management types
export interface User { export interface User {
username: string; username: string;

14
locales/en.json
View File

@@ -79,7 +79,15 @@
"passwordRequireLetter": "Password must contain at least one letter", "passwordRequireLetter": "Password must contain at least one letter",
"passwordRequireNumber": "Password must contain at least one number", "passwordRequireNumber": "Password must contain at least one number",
"passwordRequireSpecial": "Password must contain at least one special character", "passwordRequireSpecial": "Password must contain at least one special character",
"passwordStrengthHint": "Password must be at least 8 characters and contain letters, numbers, and special characters" "passwordStrengthHint": "Password must be at least 8 characters and contain letters, numbers, and special characters",
"continueWith": "Continue with {{provider}}",
"orContinueWith": "or continue with",
"noLoginMethodsAvailable": "No login methods available. Please contact your administrator.",
"ssoProcessing": "Processing login...",
"ssoTokenInvalid": "Authentication failed. Please try again.",
"ssoCallbackError": "An error occurred during authentication.",
"ssoNoToken": "No authentication token received.",
"redirectingToLogin": "Redirecting to login page..."
}, },
"server": { "server": {
"addServer": "Add Server", "addServer": "Add Server",
@@ -248,10 +256,6 @@
"wechat": "WeChat", "wechat": "WeChat",
"discord": "Discord", "discord": "Discord",
"required": "Required", "required": "Required",
"itemsPerPage": "Items per page",
"showing": "Showing {{start}}-{{end}} of {{total}}",
"previous": "Previous",
"next": "Next",
"secret": "Secret", "secret": "Secret",
"default": "Default", "default": "Default",
"value": "Value", "value": "Value",

4
locales/fr.json
View File

@@ -248,10 +248,6 @@
"github": "GitHub", "github": "GitHub",
"wechat": "WeChat", "wechat": "WeChat",
"discord": "Discord", "discord": "Discord",
"itemsPerPage": "Éléments par page",
"showing": "Affichage de {{start}}-{{end}} sur {{total}}",
"previous": "Précédent",
"next": "Suivant",
"required": "Requis", "required": "Requis",
"secret": "Secret", "secret": "Secret",
"default": "Défaut", "default": "Défaut",

4
locales/tr.json
View File

@@ -248,10 +248,6 @@
"github": "GitHub", "github": "GitHub",
"wechat": "WeChat", "wechat": "WeChat",
"discord": "Discord", "discord": "Discord",
"itemsPerPage": "Sayfa başına öğe",
"showing": "{{total}} öğeden {{start}}-{{end}} gösteriliyor",
"previous": "Önceki",
"next": "Sonraki",
"required": "Gerekli", "required": "Gerekli",
"secret": "Gizli", "secret": "Gizli",
"default": "Varsayılan", "default": "Varsayılan",

14
locales/zh.json
View File

@@ -79,7 +79,15 @@
"passwordRequireLetter": "密码必须包含至少一个字母", "passwordRequireLetter": "密码必须包含至少一个字母",
"passwordRequireNumber": "密码必须包含至少一个数字", "passwordRequireNumber": "密码必须包含至少一个数字",
"passwordRequireSpecial": "密码必须包含至少一个特殊字符", "passwordRequireSpecial": "密码必须包含至少一个特殊字符",
"passwordStrengthHint": "密码必须至少 8 个字符,且包含字母、数字和特殊字符" "passwordStrengthHint": "密码必须至少 8 个字符,且包含字母、数字和特殊字符",
"continueWith": "使用 {{provider}} 登录",
"orContinueWith": "或使用账号登录",
"noLoginMethodsAvailable": "没有可用的登录方式,请联系管理员。",
"ssoProcessing": "正在处理登录...",
"ssoTokenInvalid": "认证失败,请重试。",
"ssoCallbackError": "认证过程中发生错误。",
"ssoNoToken": "未收到认证令牌。",
"redirectingToLogin": "正在跳转到登录页面..."
}, },
"server": { "server": {
"addServer": "添加服务器", "addServer": "添加服务器",
@@ -248,10 +256,6 @@
"dismiss": "忽略", "dismiss": "忽略",
"github": "GitHub", "github": "GitHub",
"wechat": "微信", "wechat": "微信",
"itemsPerPage": "每页显示",
"showing": "显示第 {{start}}-{{end}} 条,共 {{total}} 条",
"previous": "上一页",
"next": "下一页",
"discord": "Discord", "discord": "Discord",
"required": "必填", "required": "必填",
"secret": "敏感", "secret": "敏感",

28
mcp_settings.json
View File

@@ -43,6 +43,34 @@
} }
], ],
"systemConfig": { "systemConfig": {
"oauthSSO": {
"enabled": true,
"allowLocalAuth": true,
"callbackBaseUrl": "https://your-mcphub-domain.com",
"providers": [
{
"id": "google",
"name": "Google",
"type": "google",
"clientId": "your-google-client-id",
"clientSecret": "your-google-client-secret"
},
{
"id": "github",
"name": "GitHub",
"type": "github",
"clientId": "your-github-client-id",
"clientSecret": "your-github-client-secret"
},
{
"id": "microsoft",
"name": "Microsoft",
"type": "microsoft",
"clientId": "your-microsoft-client-id",
"clientSecret": "your-microsoft-client-secret"
}
]
},
"oauthServer": { "oauthServer": {
"enabled": true, "enabled": true,
"accessTokenLifetime": 3600, "accessTokenLifetime": 3600,

6
package.json
View File

@@ -46,7 +46,7 @@
"license": "ISC", "license": "ISC",
"dependencies": { "dependencies": {
"@apidevtools/swagger-parser": "^12.0.0", "@apidevtools/swagger-parser": "^12.0.0",
"@modelcontextprotocol/sdk": "^1.25.1", "@modelcontextprotocol/sdk": "^1.20.2",
"@node-oauth/oauth2-server": "^5.2.1", "@node-oauth/oauth2-server": "^5.2.1",
"@types/adm-zip": "^0.5.7", "@types/adm-zip": "^0.5.7",
"@types/bcrypt": "^6.0.0", "@types/bcrypt": "^6.0.0",
@@ -57,7 +57,7 @@
"bcrypt": "^6.0.0", "bcrypt": "^6.0.0",
"bcryptjs": "^3.0.2", "bcryptjs": "^3.0.2",
"cors": "^2.8.5", "cors": "^2.8.5",
"dotenv": "^17.2.3", "dotenv": "^16.6.1",
"dotenv-expand": "^12.0.2", "dotenv-expand": "^12.0.2",
"express": "^4.21.2", "express": "^4.21.2",
"express-validator": "^7.3.1", "express-validator": "^7.3.1",
@@ -108,7 +108,7 @@
"jest-environment-node": "^30.0.5", "jest-environment-node": "^30.0.5",
"jest-mock-extended": "4.0.0", "jest-mock-extended": "4.0.0",
"lucide-react": "^0.552.0", "lucide-react": "^0.552.0",
"next": "^16.1.1", "next": "^15.5.0",
"postcss": "^8.5.6", "postcss": "^8.5.6",
"prettier": "^3.6.2", "prettier": "^3.6.2",
"react": "19.2.1", "react": "19.2.1",

425
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

171
src/controllers/oauthSSOController.ts Normal file
View File

@@ -0,0 +1,171 @@
import { Request, Response } from 'express';
import { loadSettings } from '../config/index.js';
import {
isOAuthSSOEnabled,
isLocalAuthAllowed,
getEnabledProviders,
getProviderById,
generateAuthorizationUrl,
handleOAuthCallback as handleCallback,
} from '../services/oauthSSOService.js';
/**
* Get OAuth SSO configuration for frontend
* Returns list of enabled providers and whether local auth is allowed
*/
export const getSSOConfig = async (req: Request, res: Response): Promise<void> => {
try {
const enabled = isOAuthSSOEnabled();
const providers = getEnabledProviders();
const allowLocalAuth = isLocalAuthAllowed();
res.json({
success: true,
data: {
enabled,
providers,
allowLocalAuth,
},
});
} catch (error) {
console.error('Error getting SSO config:', error);
res.status(500).json({
success: false,
message: 'Failed to get SSO configuration',
});
}
};
/**
* Initiate OAuth SSO flow for a specific provider
* Redirects user to the OAuth provider's authorization page
*/
export const initiateSSOLogin = async (req: Request, res: Response): Promise<void> => {
const { provider } = req.params;
try {
// Check if SSO is enabled
if (!isOAuthSSOEnabled()) {
res.status(400).json({
success: false,
message: 'OAuth SSO is not enabled',
});
return;
}
// Check if provider exists
const providerConfig = getProviderById(provider);
if (!providerConfig) {
res.status(404).json({
success: false,
message: `OAuth provider '${provider}' not found or disabled`,
});
return;
}
// Build redirect URI
const settings = loadSettings();
const callbackBaseUrl =
settings.systemConfig?.oauthSSO?.callbackBaseUrl || `${req.protocol}://${req.get('host')}`;
const redirectUri = `${callbackBaseUrl}/auth/sso/${provider}/callback`;
// Generate authorization URL
const result = generateAuthorizationUrl(provider, redirectUri);
if (!result) {
res.status(500).json({
success: false,
message: 'Failed to generate authorization URL',
});
return;
}
// Store the return URL in a cookie if provided (for after-login redirect)
const returnUrl = req.query.returnUrl as string;
if (returnUrl) {
res.cookie('sso_return_url', returnUrl, {
httpOnly: true,
secure: req.secure,
maxAge: 10 * 60 * 1000, // 10 minutes
sameSite: 'lax',
});
}
// Redirect to OAuth provider
res.redirect(result.url);
} catch (error) {
console.error(`Error initiating SSO login for ${provider}:`, error);
res.status(500).json({
success: false,
message: 'Failed to initiate SSO login',
});
}
};
/**
* Handle OAuth callback from provider
* Exchanges code for tokens, gets user info, creates/updates user, returns JWT
*
* Note: OAuth callback data (code, state) is received via query parameters as per OAuth 2.0 spec.
* This is secure because:
* - The authorization code is single-use and tied to a specific state
* - The state parameter prevents CSRF attacks
* - PKCE provides additional security for the token exchange
*/
export const handleSSOCallback = async (req: Request, res: Response): Promise<void> => {
const { provider } = req.params;
// lgtm[js/sensitive-get-query] - OAuth 2.0 requires code/state in query params
const { code, state, error: oauthError, error_description } = req.query;
try {
// Check for OAuth error from provider
if (oauthError) {
console.error(`OAuth SSO error from ${provider}:`, oauthError, error_description);
res.redirect(`/login?error=${encodeURIComponent(String(error_description || oauthError))}`);
return;
}
// Validate required parameters
if (!code || !state) {
res.redirect('/login?error=missing_oauth_parameters');
return;
}
// Build redirect URI (must match the one used in initiation)
const settings = loadSettings();
const callbackBaseUrl =
settings.systemConfig?.oauthSSO?.callbackBaseUrl || `${req.protocol}://${req.get('host')}`;
const redirectUri = `${callbackBaseUrl}/auth/sso/${provider}/callback`;
// Handle the callback
const result = await handleCallback(String(state), String(code), redirectUri);
if (!result.success) {
console.error(`OAuth SSO callback failed for ${provider}:`, result.error);
res.redirect(`/login?error=${encodeURIComponent(result.error || 'sso_failed')}`);
return;
}
// Get the return URL from cookie
const returnUrl = req.cookies?.sso_return_url || '/';
res.clearCookie('sso_return_url');
// Build redirect URL with token
// Note: For security, we use a short-lived token in URL and the frontend
// should immediately exchange it and store in localStorage
const redirectUrl = new URL(returnUrl, `${req.protocol}://${req.get('host')}`);
// For OAuth authorize flow, append token as query param
if (returnUrl.startsWith('/oauth/authorize')) {
redirectUrl.searchParams.set('token', result.token!);
res.redirect(redirectUrl.pathname + redirectUrl.search);
} else {
// For normal login, redirect to a special callback page that handles the token
res.redirect(
`/sso-callback?token=${encodeURIComponent(result.token!)}&returnUrl=${encodeURIComponent(returnUrl)}`,
);
}
} catch (error) {
console.error(`Error handling SSO callback for ${provider}:`, error);
res.redirect('/login?error=sso_callback_error');
}
};

61
src/controllers/serverController.ts
View File

@@ -7,7 +7,6 @@ import {
BatchCreateServersResponse, BatchCreateServersResponse,
BatchServerResult, BatchServerResult,
ServerConfig, ServerConfig,
ServerInfo,
} from '../types/index.js'; } from '../types/index.js';
import { import {
getServersInfo, getServersInfo,
@@ -25,66 +24,13 @@ import { createSafeJSON } from '../utils/serialization.js';
import { cloneDefaultOAuthServerConfig } from '../constants/oauthServerDefaults.js'; import { cloneDefaultOAuthServerConfig } from '../constants/oauthServerDefaults.js';
import { getServerDao, getGroupDao, getSystemConfigDao } from '../dao/DaoFactory.js'; import { getServerDao, getGroupDao, getSystemConfigDao } from '../dao/DaoFactory.js';
import { getBearerKeyDao } from '../dao/DaoFactory.js'; import { getBearerKeyDao } from '../dao/DaoFactory.js';
import { UserContextService } from '../services/userContextService.js';
export const getAllServers = async (req: Request, res: Response): Promise<void> => { export const getAllServers = async (_: Request, res: Response): Promise<void> => {
try { try {
// Parse pagination parameters from query string const serversInfo = await getServersInfo();
const page = req.query.page ? parseInt(req.query.page as string, 10) : 1;
const limit = req.query.limit ? parseInt(req.query.limit as string, 10) : undefined;
// Validate pagination parameters
if (page < 1) {
res.status(400).json({
success: false,
message: 'Page number must be greater than 0',
});
return;
}
if (limit !== undefined && (limit < 1 || limit > 1000)) {
res.status(400).json({
success: false,
message: 'Limit must be between 1 and 1000',
});
return;
}
// Get current user for filtering
const currentUser = UserContextService.getInstance().getCurrentUser();
const isAdmin = !currentUser || currentUser.isAdmin;
// Get servers info with pagination if limit is specified
let serversInfo: Omit<ServerInfo, 'client' | 'transport'>[];
let pagination = undefined;
if (limit !== undefined) {
// Use DAO layer pagination with proper filtering
const serverDao = getServerDao();
const paginatedResult = isAdmin
? await serverDao.findAllPaginated(page, limit)
: await serverDao.findByOwnerPaginated(currentUser!.username, page, limit);
// Get runtime info for paginated servers
serversInfo = await getServersInfo(page, limit, currentUser);
pagination = {
page: paginatedResult.page,
limit: paginatedResult.limit,
total: paginatedResult.total,
totalPages: paginatedResult.totalPages,
hasNextPage: paginatedResult.page < paginatedResult.totalPages,
hasPrevPage: paginatedResult.page > 1,
};
} else {
// No pagination, get all servers (will be filtered by mcpService)
serversInfo = await getServersInfo();
}
const response: ApiResponse = { const response: ApiResponse = {
success: true, success: true,
data: createSafeJSON(serversInfo), data: createSafeJSON(serversInfo),
...(pagination && { pagination }),
}; };
res.json(response); res.json(response);
} catch (error) { } catch (error) {
@@ -618,9 +564,10 @@ export const updateServer = async (req: Request, res: Response): Promise<void> =
}); });
} }
} catch (error) { } catch (error) {
console.error('Failed to update server:', error);
res.status(500).json({ res.status(500).json({
success: false, success: false,
message: 'Internal server error', message: error instanceof Error ? error.message : 'Internal server error',
}); });
} }
}; };

76
src/dao/ServerDao.ts
View File

@@ -2,31 +2,10 @@ import { ServerConfig } from '../types/index.js';
import { BaseDao } from './base/BaseDao.js'; import { BaseDao } from './base/BaseDao.js';
import { JsonFileBaseDao } from './base/JsonFileBaseDao.js'; import { JsonFileBaseDao } from './base/JsonFileBaseDao.js';
/**
* Pagination result interface
*/
export interface PaginatedResult<T> {
data: T[];
total: number;
page: number;
limit: number;
totalPages: number;
}
/** /**
* Server DAO interface with server-specific operations * Server DAO interface with server-specific operations
*/ */
export interface ServerDao extends BaseDao<ServerConfigWithName, string> { export interface ServerDao extends BaseDao<ServerConfigWithName, string> {
/**
* Find all servers with pagination
*/
findAllPaginated(page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>>;
/**
* Find servers by owner with pagination
*/
findByOwnerPaginated(owner: string, page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>>;
/** /**
* Find servers by owner * Find servers by owner
*/ */
@@ -197,61 +176,6 @@ export class ServerDaoImpl extends JsonFileBaseDao implements ServerDao {
return servers.length; return servers.length;
} }
async findAllPaginated(page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>> {
const allServers = await this.getAll();
// Sort: enabled servers first, then by creation time
const sortedServers = allServers.sort((a, b) => {
const aEnabled = a.enabled !== false;
const bEnabled = b.enabled !== false;
if (aEnabled !== bEnabled) {
return aEnabled ? -1 : 1;
}
return 0; // Keep original order for same enabled status
});
const total = sortedServers.length;
const totalPages = Math.ceil(total / limit);
const startIndex = (page - 1) * limit;
const endIndex = startIndex + limit;
const data = sortedServers.slice(startIndex, endIndex);
return {
data,
total,
page,
limit,
totalPages,
};
}
async findByOwnerPaginated(owner: string, page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>> {
const allServers = await this.getAll();
const filteredServers = allServers.filter((server) => server.owner === owner);
// Sort: enabled servers first, then by creation time
const sortedServers = filteredServers.sort((a, b) => {
const aEnabled = a.enabled !== false;
const bEnabled = b.enabled !== false;
if (aEnabled !== bEnabled) {
return aEnabled ? -1 : 1;
}
return 0; // Keep original order for same enabled status
});
const total = sortedServers.length;
const totalPages = Math.ceil(total / limit);
const startIndex = (page - 1) * limit;
const endIndex = startIndex + limit;
const data = sortedServers.slice(startIndex, endIndex);
return {
data,
total,
page,
limit,
totalPages,
};
}
async findByOwner(owner: string): Promise<ServerConfigWithName[]> { async findByOwner(owner: string): Promise<ServerConfigWithName[]> {
const servers = await this.getAll(); const servers = await this.getAll();
return servers.filter((server) => server.owner === owner); return servers.filter((server) => server.owner === owner);

32
src/dao/ServerDaoDbImpl.ts
View File

@@ -1,4 +1,4 @@
import { ServerDao, ServerConfigWithName, PaginatedResult } from './index.js'; import { ServerDao, ServerConfigWithName } from './index.js';
import { ServerRepository } from '../db/repositories/ServerRepository.js'; import { ServerRepository } from '../db/repositories/ServerRepository.js';
/** /**
@@ -16,32 +16,6 @@ export class ServerDaoDbImpl implements ServerDao {
return servers.map((s) => this.mapToServerConfig(s)); return servers.map((s) => this.mapToServerConfig(s));
} }
async findAllPaginated(page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>> {
const { data, total } = await this.repository.findAllPaginated(page, limit);
const totalPages = Math.ceil(total / limit);
return {
data: data.map((s) => this.mapToServerConfig(s)),
total,
page,
limit,
totalPages,
};
}
async findByOwnerPaginated(owner: string, page: number, limit: number): Promise<PaginatedResult<ServerConfigWithName>> {
const { data, total } = await this.repository.findByOwnerPaginated(owner, page, limit);
const totalPages = Math.ceil(total / limit);
return {
data: data.map((s) => this.mapToServerConfig(s)),
total,
page,
limit,
totalPages,
};
}
async findById(name: string): Promise<ServerConfigWithName | null> { async findById(name: string): Promise<ServerConfigWithName | null> {
const server = await this.repository.findByName(name); const server = await this.repository.findByName(name);
return server ? this.mapToServerConfig(server) : null; return server ? this.mapToServerConfig(server) : null;
@@ -64,7 +38,6 @@ export class ServerDaoDbImpl implements ServerDao {
prompts: entity.prompts, prompts: entity.prompts,
options: entity.options, options: entity.options,
oauth: entity.oauth, oauth: entity.oauth,
proxy: entity.proxy,
openapi: entity.openapi, openapi: entity.openapi,
}); });
return this.mapToServerConfig(server); return this.mapToServerConfig(server);
@@ -89,7 +62,6 @@ export class ServerDaoDbImpl implements ServerDao {
prompts: entity.prompts, prompts: entity.prompts,
options: entity.options, options: entity.options,
oauth: entity.oauth, oauth: entity.oauth,
proxy: entity.proxy,
openapi: entity.openapi, openapi: entity.openapi,
}); });
return server ? this.mapToServerConfig(server) : null; return server ? this.mapToServerConfig(server) : null;
@@ -168,7 +140,6 @@ export class ServerDaoDbImpl implements ServerDao {
prompts?: Record<string, { enabled: boolean; description?: string }>; prompts?: Record<string, { enabled: boolean; description?: string }>;
options?: Record<string, any>; options?: Record<string, any>;
oauth?: Record<string, any>; oauth?: Record<string, any>;
proxy?: Record<string, any>;
openapi?: Record<string, any>; openapi?: Record<string, any>;
}): ServerConfigWithName { }): ServerConfigWithName {
return { return {
@@ -187,7 +158,6 @@ export class ServerDaoDbImpl implements ServerDao {
prompts: server.prompts, prompts: server.prompts,
options: server.options, options: server.options,
oauth: server.oauth, oauth: server.oauth,
proxy: server.proxy,
openapi: server.openapi, openapi: server.openapi,
}; };
} }

7
src/dao/UserDaoDbImpl.ts
View File

@@ -19,6 +19,7 @@ export class UserDaoDbImpl implements UserDao {
username: u.username, username: u.username,
password: u.password, password: u.password,
isAdmin: u.isAdmin, isAdmin: u.isAdmin,
oauthLinks: u.oauthLinks ?? undefined,
})); }));
} }
@@ -29,6 +30,7 @@ export class UserDaoDbImpl implements UserDao {
username: user.username, username: user.username,
password: user.password, password: user.password,
isAdmin: user.isAdmin, isAdmin: user.isAdmin,
oauthLinks: user.oauthLinks ?? undefined,
}; };
} }
@@ -41,11 +43,13 @@ export class UserDaoDbImpl implements UserDao {
username: entity.username, username: entity.username,
password: entity.password, password: entity.password,
isAdmin: entity.isAdmin || false, isAdmin: entity.isAdmin || false,
oauthLinks: entity.oauthLinks ?? null,
}); });
return { return {
username: user.username, username: user.username,
password: user.password, password: user.password,
isAdmin: user.isAdmin, isAdmin: user.isAdmin,
oauthLinks: user.oauthLinks ?? undefined,
}; };
} }
@@ -62,12 +66,14 @@ export class UserDaoDbImpl implements UserDao {
const user = await this.repository.update(username, { const user = await this.repository.update(username, {
password: entity.password, password: entity.password,
isAdmin: entity.isAdmin, isAdmin: entity.isAdmin,
oauthLinks: entity.oauthLinks ?? undefined,
}); });
if (!user) return null; if (!user) return null;
return { return {
username: user.username, username: user.username,
password: user.password, password: user.password,
isAdmin: user.isAdmin, isAdmin: user.isAdmin,
oauthLinks: user.oauthLinks ?? undefined,
}; };
} }
@@ -103,6 +109,7 @@ export class UserDaoDbImpl implements UserDao {
username: u.username, username: u.username,
password: u.password, password: u.password,
isAdmin: u.isAdmin, isAdmin: u.isAdmin,
oauthLinks: u.oauthLinks ?? undefined,
})); }));
} }
} }

3
src/db/entities/Server.ts
View File

@@ -59,9 +59,6 @@ export class Server {
@Column({ type: 'simple-json', nullable: true }) @Column({ type: 'simple-json', nullable: true })
oauth?: Record<string, any>; oauth?: Record<string, any>;
@Column({ type: 'simple-json', nullable: true })
proxy?: Record<string, any>;
@Column({ type: 'simple-json', nullable: true }) @Column({ type: 'simple-json', nullable: true })
openapi?: Record<string, any>; openapi?: Record<string, any>;

3
src/db/entities/SystemConfig.ts
View File

@@ -30,6 +30,9 @@ export class SystemConfig {
@Column({ type: 'simple-json', nullable: true }) @Column({ type: 'simple-json', nullable: true })
oauthServer?: Record<string, any>; oauthServer?: Record<string, any>;
@Column({ type: 'simple-json', nullable: true })
oauthSSO?: Record<string, any>;
@Column({ type: 'boolean', nullable: true }) @Column({ type: 'boolean', nullable: true })
enableSessionRebuild?: boolean; enableSessionRebuild?: boolean;

4
src/db/entities/User.ts
View File

@@ -5,6 +5,7 @@ import {
CreateDateColumn, CreateDateColumn,
UpdateDateColumn, UpdateDateColumn,
} from 'typeorm'; } from 'typeorm';
import { IOAuthLink } from '../../types/index.js';
/** /**
* User entity for database storage * User entity for database storage
@@ -23,6 +24,9 @@ export class User {
@Column({ type: 'boolean', default: false }) @Column({ type: 'boolean', default: false })
isAdmin: boolean; isAdmin: boolean;
@Column({ type: 'simple-json', nullable: true })
oauthLinks: IOAuthLink[] | null;
@CreateDateColumn({ name: 'created_at', type: 'timestamp' }) @CreateDateColumn({ name: 'created_at', type: 'timestamp' })
createdAt: Date; createdAt: Date;

35
src/db/repositories/ServerRepository.ts
View File

@@ -69,41 +69,6 @@ export class ServerRepository {
return await this.repository.count(); return await this.repository.count();
} }
/**
* Find servers with pagination
*/
async findAllPaginated(page: number, limit: number): Promise<{ data: Server[]; total: number }> {
const skip = (page - 1) * limit;
const [data, total] = await this.repository.findAndCount({
order: {
enabled: 'DESC', // Enabled servers first
createdAt: 'ASC' // Then by creation time
},
skip,
take: limit,
});
return { data, total };
}
/**
* Find servers by owner with pagination
*/
async findByOwnerPaginated(owner: string, page: number, limit: number): Promise<{ data: Server[]; total: number }> {
const skip = (page - 1) * limit;
const [data, total] = await this.repository.findAndCount({
where: { owner },
order: {
enabled: 'DESC', // Enabled servers first
createdAt: 'ASC' // Then by creation time
},
skip,
take: limit,
});
return { data, total };
}
/** /**
* Find servers by owner * Find servers by owner
*/ */

10
src/routes/index.ts
View File

@@ -66,6 +66,11 @@ import {
getRegistryServerVersion, getRegistryServerVersion,
} from '../controllers/registryController.js'; } from '../controllers/registryController.js';
import { login, register, getCurrentUser, changePassword } from '../controllers/authController.js'; import { login, register, getCurrentUser, changePassword } from '../controllers/authController.js';
import {
getSSOConfig,
initiateSSOLogin,
handleSSOCallback,
} from '../controllers/oauthSSOController.js';
import { getAllLogs, clearLogs, streamLogs } from '../controllers/logController.js'; import { getAllLogs, clearLogs, streamLogs } from '../controllers/logController.js';
import { import {
getRuntimeConfig, getRuntimeConfig,
@@ -273,6 +278,11 @@ export const initRoutes = (app: express.Application): void => {
changePassword, changePassword,
); );
// OAuth SSO routes (no auth required - public endpoints)
app.get(`${config.basePath}/auth/sso/config`, getSSOConfig); // Get SSO configuration for frontend
app.get(`${config.basePath}/auth/sso/:provider`, initiateSSOLogin); // Initiate SSO login
app.get(`${config.basePath}/auth/sso/:provider/callback`, handleSSOCallback); // Handle OAuth callback
// Runtime configuration endpoint (no auth required for frontend initialization) // Runtime configuration endpoint (no auth required for frontend initialization)
app.get(`${config.basePath}/config`, getRuntimeConfig); app.get(`${config.basePath}/config`, getRuntimeConfig);

207
src/services/mcpService.ts
View File

@@ -1,6 +1,4 @@
import os from 'os'; import os from 'os';
import path from 'path';
import fs from 'fs';
import { Server } from '@modelcontextprotocol/sdk/server/index.js'; import { Server } from '@modelcontextprotocol/sdk/server/index.js';
import { import {
CallToolRequestSchema, CallToolRequestSchema,
@@ -17,7 +15,7 @@ import {
StreamableHTTPClientTransportOptions, StreamableHTTPClientTransportOptions,
} from '@modelcontextprotocol/sdk/client/streamableHttp.js'; } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
import { createFetchWithProxy, getProxyConfigFromEnv } from './proxy.js'; import { createFetchWithProxy, getProxyConfigFromEnv } from './proxy.js';
import { ServerInfo, ServerConfig, Tool, ProxychainsConfig } from '../types/index.js'; import { ServerInfo, ServerConfig, Tool } from '../types/index.js';
import { expandEnvVars, replaceEnvVars, getNameSeparator } from '../config/index.js'; import { expandEnvVars, replaceEnvVars, getNameSeparator } from '../config/index.js';
import config from '../config/index.js'; import config from '../config/index.js';
import { getGroup } from './sseService.js'; import { getGroup } from './sseService.js';
@@ -34,150 +32,6 @@ const servers: { [sessionId: string]: Server } = {};
import { setupClientKeepAlive } from './keepAliveService.js'; import { setupClientKeepAlive } from './keepAliveService.js';
/**
* Check if proxychains4 is available on the system (Linux/macOS only).
* Returns the path to proxychains4 if found, null otherwise.
*/
const findProxychains4 = (): string | null => {
// Windows is not supported
if (process.platform === 'win32') {
return null;
}
// Common proxychains4 binary paths
const possiblePaths = [
'/usr/bin/proxychains4',
'/usr/local/bin/proxychains4',
'/opt/homebrew/bin/proxychains4', // macOS Homebrew ARM
'/usr/local/Cellar/proxychains-ng/*/bin/proxychains4', // macOS Homebrew Intel
];
for (const p of possiblePaths) {
if (fs.existsSync(p)) {
return p;
}
}
// Try to find in PATH
const pathEnv = process.env.PATH || '';
const pathDirs = pathEnv.split(path.delimiter);
for (const dir of pathDirs) {
const fullPath = path.join(dir, 'proxychains4');
if (fs.existsSync(fullPath)) {
return fullPath;
}
}
return null;
};
/**
* Generate a temporary proxychains4 configuration file.
* Returns the path to the generated config file.
*/
const generateProxychainsConfig = (
serverName: string,
proxyConfig: ProxychainsConfig,
): string | null => {
// If a custom config path is provided, use it directly
if (proxyConfig.configPath) {
if (fs.existsSync(proxyConfig.configPath)) {
return proxyConfig.configPath;
}
console.warn(
`[${serverName}] Custom proxychains config not found: ${proxyConfig.configPath}`,
);
return null;
}
// Validate required fields
if (!proxyConfig.host || !proxyConfig.port) {
console.warn(`[${serverName}] Proxy host and port are required for proxychains4`);
return null;
}
const proxyType = proxyConfig.type || 'socks5';
const proxyLine = proxyConfig.username && proxyConfig.password
? `${proxyType} ${proxyConfig.host} ${proxyConfig.port} ${proxyConfig.username} ${proxyConfig.password}`
: `${proxyType} ${proxyConfig.host} ${proxyConfig.port}`;
const configContent = `# Proxychains4 configuration for MCP server: ${serverName}
# Generated by MCPHub
strict_chain
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
${proxyLine}
`;
// Create temp directory if needed
const tempDir = path.join(os.tmpdir(), 'mcphub-proxychains');
if (!fs.existsSync(tempDir)) {
fs.mkdirSync(tempDir, { recursive: true });
}
// Write config file
const configPath = path.join(tempDir, `${serverName.replace(/[^a-zA-Z0-9-_]/g, '_')}.conf`);
fs.writeFileSync(configPath, configContent, 'utf-8');
console.log(`[${serverName}] Generated proxychains4 config: ${configPath}`);
return configPath;
};
/**
* Wrap a command with proxychains4 if proxy is configured and available.
* Returns modified command and args if proxychains4 is used, original values otherwise.
*/
const wrapWithProxychains = (
serverName: string,
command: string,
args: string[],
proxyConfig?: ProxychainsConfig,
): { command: string; args: string[] } => {
// Skip if proxy is not enabled or not configured
if (!proxyConfig?.enabled) {
return { command, args };
}
// Check platform - Windows is not supported
if (process.platform === 'win32') {
console.warn(
`[${serverName}] proxychains4 proxy is not supported on Windows, ignoring proxy configuration`,
);
return { command, args };
}
// Find proxychains4 binary
const proxychains4Path = findProxychains4();
if (!proxychains4Path) {
console.warn(
`[${serverName}] proxychains4 not found on system, install it with: apt install proxychains4 (Debian/Ubuntu) or brew install proxychains-ng (macOS)`,
);
return { command, args };
}
// Generate or get config file
const configPath = generateProxychainsConfig(serverName, proxyConfig);
if (!configPath) {
console.warn(`[${serverName}] Failed to setup proxychains4 configuration, skipping proxy`);
return { command, args };
}
// Wrap command with proxychains4
console.log(
`[${serverName}] Using proxychains4 proxy: ${proxyConfig.type || 'socks5'}://${proxyConfig.host}:${proxyConfig.port}`,
);
return {
command: proxychains4Path,
args: ['-f', configPath, command, ...args],
};
};
export const initUpstreamServers = async (): Promise<void> => { export const initUpstreamServers = async (): Promise<void> => {
// Initialize OAuth clients for servers with dynamic registration // Initialize OAuth clients for servers with dynamic registration
await initializeAllOAuthClients(); await initializeAllOAuthClients();
@@ -355,19 +209,11 @@ export const createTransportFromConfig = async (name: string, conf: ServerConfig
env['npm_config_registry'] = systemConfig.install.npmRegistry; env['npm_config_registry'] = systemConfig.install.npmRegistry;
} }
// Apply proxychains4 wrapper if proxy is configured (Linux/macOS only) // Expand environment variables in command
const { command: finalCommand, args: finalArgs } = wrapWithProxychains(
name,
conf.command,
replaceEnvVars(conf.args) as string[],
conf.proxy,
);
// Create STDIO transport with potentially wrapped command
transport = new StdioClientTransport({ transport = new StdioClientTransport({
cwd: os.homedir(), cwd: os.homedir(),
command: finalCommand, command: conf.command,
args: finalArgs, args: replaceEnvVars(conf.args) as string[],
env: env, env: env,
stderr: 'pipe', stderr: 'pipe',
}); });
@@ -772,20 +618,10 @@ export const registerAllTools = async (isInit: boolean, serverName?: string): Pr
}; };
// Get all server information // Get all server information
export const getServersInfo = async ( export const getServersInfo = async (): Promise<Omit<ServerInfo, 'client' | 'transport'>[]> => {
page?: number, const allServers: ServerConfigWithName[] = await getServerDao().findAll();
limit?: number,
user?: any,
): Promise<Omit<ServerInfo, 'client' | 'transport'>[]> => {
const dataService = getDataService(); const dataService = getDataService();
// Get paginated or all server configurations from DAO
// If pagination is used with a non-admin user, filtering is already done at DAO level
const isPaginated = limit !== undefined && page !== undefined;
const allServers: ServerConfigWithName[] = isPaginated
? (await getServerDao().findAllPaginated(page, limit)).data
: await getServerDao().findAll();
// Ensure that servers recently added via DAO but not yet initialized in serverInfos // Ensure that servers recently added via DAO but not yet initialized in serverInfos
// are still visible in the servers list. This avoids a race condition where // are still visible in the servers list. This avoids a race condition where
// a POST /api/servers immediately followed by GET /api/servers would not // a POST /api/servers immediately followed by GET /api/servers would not
@@ -793,19 +629,10 @@ export const getServersInfo = async (
const combinedServerInfos: ServerInfo[] = [...serverInfos]; const combinedServerInfos: ServerInfo[] = [...serverInfos];
const existingNames = new Set(combinedServerInfos.map((s) => s.name)); const existingNames = new Set(combinedServerInfos.map((s) => s.name));
// Create a set of server names we're interested in (for pagination)
const requestedServerNames = new Set(allServers.map((s) => s.name));
// Filter serverInfos to only include requested servers if pagination is used
const filteredServerInfos = isPaginated
? combinedServerInfos.filter((s) => requestedServerNames.has(s.name))
: combinedServerInfos;
// Add servers from DAO that don't have runtime info yet
for (const server of allServers) { for (const server of allServers) {
if (!existingNames.has(server.name)) { if (!existingNames.has(server.name)) {
const isEnabled = server.enabled === undefined ? true : server.enabled; const isEnabled = server.enabled === undefined ? true : server.enabled;
filteredServerInfos.push({ combinedServerInfos.push({
name: server.name, name: server.name,
owner: server.owner, owner: server.owner,
// Newly created servers that are enabled should appear as "connecting" // Newly created servers that are enabled should appear as "connecting"
@@ -821,16 +648,12 @@ export const getServersInfo = async (
} }
} }
// Apply user filtering only when NOT using pagination (pagination already filtered at DAO level) const filterServerInfos: ServerInfo[] = dataService.filterData
// Or when no pagination parameters provided (backward compatibility) ? dataService.filterData(combinedServerInfos)
const shouldApplyUserFilter = !isPaginated; : combinedServerInfos;
const filterServerInfos: ServerInfo[] = shouldApplyUserFilter && dataService.filterData
? dataService.filterData(filteredServerInfos, user)
: filteredServerInfos;
const infos = filterServerInfos const infos = filterServerInfos.map(
.filter((info) => requestedServerNames.has(info.name)) // Only include requested servers ({ name, status, tools, prompts, createTime, error, oauth }) => {
.map(({ name, status, tools, prompts, createTime, error, oauth }) => {
const serverConfig = allServers.find((server) => server.name === name); const serverConfig = allServers.find((server) => server.name === name);
const enabled = serverConfig ? serverConfig.enabled !== false : true; const enabled = serverConfig ? serverConfig.enabled !== false : true;
@@ -869,8 +692,12 @@ export const getServersInfo = async (
} }
: undefined, : undefined,
}; };
},
);
infos.sort((a, b) => {
if (a.enabled === b.enabled) return 0;
return a.enabled ? -1 : 1;
}); });
// Sorting is now handled at DAO layer for consistent pagination results
return infos; return infos;
}; };

600
src/services/oauthSSOService.ts Normal file
View File

@@ -0,0 +1,600 @@
import jwt from 'jsonwebtoken';
import crypto from 'crypto';
import { loadSettings } from '../config/index.js';
import { JWT_SECRET } from '../config/jwt.js';
import { OAuthSSOConfig, OAuthSSOProvider, IUser, IOAuthLink } from '../types/index.js';
import { getUserDao } from '../dao/index.js';
import { getDataService } from './services.js';
// Built-in provider configurations for Google, GitHub, Microsoft
const BUILTIN_PROVIDERS: Record<string, Omit<OAuthSSOProvider, 'clientId' | 'clientSecret' | 'id' | 'name'>> = {
google: {
type: 'google',
issuerUrl: 'https://accounts.google.com',
authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
tokenUrl: 'https://oauth2.googleapis.com/token',
userInfoUrl: 'https://openidconnect.googleapis.com/v1/userinfo',
scopes: ['openid', 'email', 'profile'],
attributeMapping: {
username: 'email',
email: 'email',
name: 'name',
},
},
github: {
type: 'github',
authorizationUrl: 'https://github.com/login/oauth/authorize',
tokenUrl: 'https://github.com/login/oauth/access_token',
userInfoUrl: 'https://api.github.com/user',
scopes: ['read:user', 'user:email'],
attributeMapping: {
username: 'login',
email: 'email',
name: 'name',
},
},
microsoft: {
type: 'microsoft',
issuerUrl: 'https://login.microsoftonline.com/common/v2.0',
authorizationUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
tokenUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
userInfoUrl: 'https://graph.microsoft.com/oidc/userinfo',
scopes: ['openid', 'email', 'profile'],
attributeMapping: {
username: 'email',
email: 'email',
name: 'name',
},
},
};
// In-memory store for OAuth state (should be replaced with Redis/DB in production)
const pendingStates = new Map<string, { provider: string; expiresAt: number; codeVerifier?: string }>();
// JWT token expiry for SSO logins
const TOKEN_EXPIRY = '24h';
/**
* Get OAuth SSO configuration from settings
*/
export function getOAuthSSOConfig(): OAuthSSOConfig | undefined {
const settings = loadSettings();
return settings.systemConfig?.oauthSSO;
}
/**
* Check if OAuth SSO is enabled
*/
export function isOAuthSSOEnabled(): boolean {
const config = getOAuthSSOConfig();
return config?.enabled === true && (config.providers?.length ?? 0) > 0;
}
/**
* Check if local authentication is allowed alongside SSO
*/
export function isLocalAuthAllowed(): boolean {
const config = getOAuthSSOConfig();
// Default to true - allow local auth unless explicitly disabled
return config?.allowLocalAuth !== false;
}
/**
* Get list of enabled SSO providers for frontend display
*/
export function getEnabledProviders(): Array<{ id: string; name: string; type: string }> {
const config = getOAuthSSOConfig();
if (!config?.enabled || !config.providers) {
return [];
}
return config.providers
.filter((p) => p.enabled !== false)
.map((p) => ({
id: p.id,
name: p.name,
type: p.type,
}));
}
/**
* Get provider configuration by ID
*/
export function getProviderById(providerId: string): OAuthSSOProvider | undefined {
const config = getOAuthSSOConfig();
if (!config?.enabled || !config.providers) {
return undefined;
}
return config.providers.find((p) => p.id === providerId && p.enabled !== false);
}
/**
* Generate PKCE code verifier and challenge
*/
function generatePKCE(): { codeVerifier: string; codeChallenge: string } {
const codeVerifier = crypto.randomBytes(32).toString('base64url');
const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url');
return { codeVerifier, codeChallenge };
}
/**
* Build the complete provider configuration (merge with built-in defaults)
*/
function buildProviderConfig(provider: OAuthSSOProvider): OAuthSSOProvider {
const builtin = BUILTIN_PROVIDERS[provider.type];
if (builtin && provider.type !== 'oidc') {
return {
...builtin,
...provider,
scopes: provider.scopes ?? builtin.scopes,
attributeMapping: { ...builtin.attributeMapping, ...provider.attributeMapping },
};
}
return provider;
}
/**
* Generate OAuth authorization URL for a provider
*/
export function generateAuthorizationUrl(
providerId: string,
redirectUri: string,
): { url: string; state: string } | null {
const provider = getProviderById(providerId);
if (!provider) {
return null;
}
const config = buildProviderConfig(provider);
const authUrl = config.authorizationUrl;
if (!authUrl) {
console.error(`OAuth SSO: No authorization URL configured for provider ${providerId}`);
return null;
}
// Generate state and PKCE
const state = crypto.randomBytes(16).toString('hex');
const { codeVerifier, codeChallenge } = generatePKCE();
// Store state for validation (expires in 10 minutes)
pendingStates.set(state, {
provider: providerId,
expiresAt: Date.now() + 10 * 60 * 1000,
codeVerifier,
});
// Clean up expired states periodically
cleanupExpiredStates();
// Build authorization URL
const url = new URL(authUrl);
url.searchParams.set('client_id', config.clientId);
url.searchParams.set('redirect_uri', redirectUri);
url.searchParams.set('response_type', 'code');
url.searchParams.set('state', state);
// Add scopes
const scopes = config.scopes ?? ['openid', 'email', 'profile'];
url.searchParams.set('scope', scopes.join(' '));
// Add PKCE if not GitHub (GitHub doesn't support PKCE)
if (config.type !== 'github') {
url.searchParams.set('code_challenge', codeChallenge);
url.searchParams.set('code_challenge_method', 'S256');
}
return { url: url.toString(), state };
}
/**
* Cleanup expired OAuth states
*/
function cleanupExpiredStates(): void {
const now = Date.now();
for (const [state, data] of pendingStates.entries()) {
if (data.expiresAt < now) {
pendingStates.delete(state);
}
}
}
/**
* Validate OAuth state and get stored data
*/
function validateState(state: string): { provider: string; codeVerifier?: string } | null {
const data = pendingStates.get(state);
if (!data) {
return null;
}
// Remove state to prevent replay
pendingStates.delete(state);
// Check expiration
if (data.expiresAt < Date.now()) {
return null;
}
return { provider: data.provider, codeVerifier: data.codeVerifier };
}
/**
* Exchange authorization code for tokens
*/
async function exchangeCodeForTokens(
provider: OAuthSSOProvider,
code: string,
redirectUri: string,
codeVerifier?: string,
): Promise<{ accessToken: string; idToken?: string } | null> {
const config = buildProviderConfig(provider);
const tokenUrl = config.tokenUrl;
if (!tokenUrl) {
console.error(`OAuth SSO: No token URL configured for provider ${provider.id}`);
return null;
}
const params = new URLSearchParams();
params.set('grant_type', 'authorization_code');
params.set('code', code);
params.set('redirect_uri', redirectUri);
params.set('client_id', config.clientId);
params.set('client_secret', config.clientSecret);
// Add PKCE verifier if available (not for GitHub)
if (codeVerifier && config.type !== 'github') {
params.set('code_verifier', codeVerifier);
}
try {
const response = await fetch(tokenUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
Accept: 'application/json',
},
body: params.toString(),
});
if (!response.ok) {
const errorText = await response.text();
console.error(`OAuth SSO: Token exchange failed for ${provider.id}:`, errorText);
return null;
}
const data = await response.json();
return {
accessToken: data.access_token,
idToken: data.id_token,
};
} catch (error) {
console.error(`OAuth SSO: Token exchange error for ${provider.id}:`, error);
return null;
}
}
/**
* Get user info from the OAuth provider
*/
async function getUserInfo(
provider: OAuthSSOProvider,
accessToken: string,
): Promise<Record<string, unknown> | null> {
const config = buildProviderConfig(provider);
const userInfoUrl = config.userInfoUrl;
if (!userInfoUrl) {
console.error(`OAuth SSO: No userinfo URL configured for provider ${provider.id}`);
return null;
}
try {
const response = await fetch(userInfoUrl, {
headers: {
Authorization: `Bearer ${accessToken}`,
Accept: 'application/json',
},
});
if (!response.ok) {
const errorText = await response.text();
console.error(`OAuth SSO: UserInfo request failed for ${provider.id}:`, errorText);
return null;
}
return await response.json();
} catch (error) {
console.error(`OAuth SSO: UserInfo error for ${provider.id}:`, error);
return null;
}
}
/**
* For GitHub, we need to make a separate request to get email if not public
*/
async function getGitHubEmail(accessToken: string): Promise<string | null> {
try {
const response = await fetch('https://api.github.com/user/emails', {
headers: {
Authorization: `Bearer ${accessToken}`,
Accept: 'application/json',
},
});
if (!response.ok) {
return null;
}
const emails = (await response.json()) as Array<{ email: string; primary: boolean; verified: boolean }>;
const primaryEmail = emails.find((e) => e.primary && e.verified);
return primaryEmail?.email ?? emails[0]?.email ?? null;
} catch {
return null;
}
}
/**
* Extract user attributes from provider userinfo based on attribute mapping
*/
function extractUserAttributes(
provider: OAuthSSOProvider,
userInfo: Record<string, unknown>,
): { providerId: string; username: string; email?: string; name?: string } {
const config = buildProviderConfig(provider);
const mapping = config.attributeMapping ?? {};
// Get provider user ID
let providerId: string;
if (provider.type === 'github') {
providerId = String(userInfo.id);
} else {
providerId = String(userInfo.sub ?? userInfo.id);
}
// Get username
const usernameField = mapping.username ?? 'email';
let username = String(userInfo[usernameField] ?? '');
if (!username && userInfo.email) {
username = String(userInfo.email);
}
// Get email
const emailField = mapping.email ?? 'email';
const email = userInfo[emailField] ? String(userInfo[emailField]) : undefined;
// Get display name
const nameField = mapping.name ?? 'name';
const name = userInfo[nameField] ? String(userInfo[nameField]) : undefined;
return { providerId, username, email, name };
}
/**
* Determine if user should be admin based on role mapping
*/
function determineAdminStatus(provider: OAuthSSOProvider, userInfo: Record<string, unknown>): boolean {
const config = buildProviderConfig(provider);
const roleMapping = config.roleMapping;
if (!roleMapping) {
return false;
}
// Check if admin claim is configured
if (roleMapping.adminClaim && roleMapping.adminValues?.length) {
const claimValue = userInfo[roleMapping.adminClaim];
if (claimValue) {
// Handle both single value and array claims
const values = Array.isArray(claimValue) ? claimValue : [claimValue];
for (const value of values) {
if (roleMapping.adminValues.includes(String(value))) {
return true;
}
}
}
}
return roleMapping.defaultIsAdmin ?? false;
}
/**
* Handle OAuth callback - exchange code, get user info, create/update user, return JWT
*/
export async function handleOAuthCallback(
state: string,
code: string,
redirectUri: string,
): Promise<{
success: boolean;
token?: string;
user?: { username: string; isAdmin: boolean; permissions?: string[] };
error?: string;
}> {
// Validate state
const stateData = validateState(state);
if (!stateData) {
return { success: false, error: 'Invalid or expired OAuth state' };
}
// Get provider
const provider = getProviderById(stateData.provider);
if (!provider) {
return { success: false, error: 'OAuth provider not found or disabled' };
}
// Exchange code for tokens
const tokens = await exchangeCodeForTokens(provider, code, redirectUri, stateData.codeVerifier);
if (!tokens) {
return { success: false, error: 'Failed to exchange authorization code for tokens' };
}
// Get user info
let userInfo = await getUserInfo(provider, tokens.accessToken);
if (!userInfo) {
return { success: false, error: 'Failed to get user information from provider' };
}
// For GitHub, get email separately if not in userinfo
if (provider.type === 'github' && !userInfo.email) {
const email = await getGitHubEmail(tokens.accessToken);
if (email) {
userInfo = { ...userInfo, email };
}
}
// Extract user attributes
const { providerId, username, email, name } = extractUserAttributes(provider, userInfo);
if (!username) {
return { success: false, error: 'Could not determine username from OAuth provider' };
}
// Determine admin status
const isAdmin = determineAdminStatus(provider, userInfo);
// Find or create user
const userDao = getUserDao();
const config = buildProviderConfig(provider);
// First, try to find user by OAuth link
let user = await findUserByOAuthLink(provider.id, providerId);
if (!user) {
// Try to find by username (for linking existing accounts)
user = await userDao.findByUsername(username);
if (user) {
// Existing user found - link their account if allowed
if (config.allowLinking !== false) {
const oauthLink: IOAuthLink = {
provider: provider.id,
providerId,
email,
name,
linkedAt: new Date().toISOString(),
};
user = await linkOAuthAccount(user.username, oauthLink);
}
} else if (config.autoProvision !== false) {
// Auto-provision new user
try {
// Generate a random secure password (user won't need it with SSO)
const randomPassword = crypto.randomBytes(32).toString('hex');
user = await userDao.createWithHashedPassword(username, randomPassword, isAdmin);
// Link OAuth account
const oauthLink: IOAuthLink = {
provider: provider.id,
providerId,
email,
name,
linkedAt: new Date().toISOString(),
};
user = await linkOAuthAccount(username, oauthLink);
console.log(`OAuth SSO: Auto-provisioned user ${username} via ${provider.id}`);
} catch (error) {
console.error(`OAuth SSO: Failed to create user ${username}:`, error);
return { success: false, error: 'Failed to create user account' };
}
} else {
return { success: false, error: 'User account not found and auto-provisioning is disabled' };
}
}
if (!user) {
return { success: false, error: 'Failed to find or create user account' };
}
// Generate JWT token
const payload = {
user: {
username: user.username,
isAdmin: user.isAdmin || false,
},
};
return new Promise((resolve) => {
jwt.sign(payload, JWT_SECRET, { expiresIn: TOKEN_EXPIRY }, (err, token) => {
if (err || !token) {
console.error('OAuth SSO: Failed to generate JWT:', err);
resolve({ success: false, error: 'Failed to generate authentication token' });
return;
}
const dataService = getDataService();
resolve({
success: true,
token,
user: {
username: user!.username,
isAdmin: user!.isAdmin || false,
permissions: dataService.getPermissions(user!),
},
});
});
});
}
/**
* Find user by OAuth link
*/
async function findUserByOAuthLink(providerId: string, providerUserId: string): Promise<IUser | null> {
const userDao = getUserDao();
const users = await userDao.findAll();
for (const user of users) {
if (user.oauthLinks?.some((link) => link.provider === providerId && link.providerId === providerUserId)) {
return user;
}
}
return null;
}
/**
* Link OAuth account to existing user
*/
async function linkOAuthAccount(username: string, oauthLink: IOAuthLink): Promise<IUser | null> {
const userDao = getUserDao();
const user = await userDao.findByUsername(username);
if (!user) {
return null;
}
// Add or update OAuth link
const existingLinks = user.oauthLinks ?? [];
const linkIndex = existingLinks.findIndex((l) => l.provider === oauthLink.provider);
if (linkIndex >= 0) {
existingLinks[linkIndex] = oauthLink;
} else {
existingLinks.push(oauthLink);
}
return await userDao.update(username, { oauthLinks: existingLinks });
}
/**
* Unlink OAuth account from user
*/
export async function unlinkOAuthAccount(username: string, providerId: string): Promise<IUser | null> {
const userDao = getUserDao();
const user = await userDao.findByUsername(username);
if (!user || !user.oauthLinks) {
return null;
}
const updatedLinks = user.oauthLinks.filter((l) => l.provider !== providerId);
return await userDao.update(username, { oauthLinks: updatedLinks });
}
/**
* Get OAuth links for a user
*/
export async function getUserOAuthLinks(username: string): Promise<IOAuthLink[]> {
const userDao = getUserDao();
const user = await userDao.findByUsername(username);
return user?.oauthLinks ?? [];
}

73
src/types/index.ts
View File

@@ -5,11 +5,21 @@ import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/
import { RequestOptions } from '@modelcontextprotocol/sdk/shared/protocol.js'; import { RequestOptions } from '@modelcontextprotocol/sdk/shared/protocol.js';
import { SmartRoutingConfig } from '../utils/smartRouting.js'; import { SmartRoutingConfig } from '../utils/smartRouting.js';
// OAuth SSO linked account information
export interface IOAuthLink {
provider: string; // Provider ID (e.g., 'google', 'github', 'microsoft', or custom OIDC provider name)
providerId: string; // User ID from the OAuth provider
email?: string; // Email from the OAuth provider
name?: string; // Display name from the OAuth provider
linkedAt?: string; // ISO timestamp when the account was linked
}
// User interface // User interface
export interface IUser { export interface IUser {
username: string; username: string;
password: string; password: string;
isAdmin?: boolean; isAdmin?: boolean;
oauthLinks?: IOAuthLink[]; // Linked OAuth accounts for SSO
} }
// Group interface for server grouping // Group interface for server grouping
@@ -149,6 +159,55 @@ export interface OAuthProviderConfig {
}>; }>;
} }
// OAuth SSO Provider Configuration for external identity providers (Google, Microsoft, GitHub, custom OIDC)
export interface OAuthSSOProvider {
id: string; // Unique identifier for this provider (e.g., 'google', 'github', 'microsoft', 'custom-oidc')
name: string; // Display name shown on login page (e.g., 'Google', 'GitHub')
enabled?: boolean; // Enable/disable this provider (default: true)
type: 'google' | 'github' | 'microsoft' | 'oidc'; // Provider type for built-in or custom OIDC
// OAuth/OIDC endpoints (required for 'oidc' type, auto-discovered for built-in types)
issuerUrl?: string; // OIDC issuer URL for discovery (e.g., 'https://accounts.google.com')
authorizationUrl?: string; // OAuth authorization endpoint
tokenUrl?: string; // OAuth token endpoint
userInfoUrl?: string; // OIDC userinfo endpoint
// Client credentials
clientId: string; // OAuth client ID from the provider
clientSecret: string; // OAuth client secret from the provider
// Scope configuration
scopes?: string[]; // Scopes to request (default: ['openid', 'email', 'profile'])
// Role/admin mapping configuration
roleMapping?: {
// Map provider claims/groups to MCPHub admin role
adminClaim?: string; // Claim name to check for admin status (e.g., 'groups', 'roles')
adminValues?: string[]; // Values that grant admin access (e.g., ['admin', 'mcphub-admin'])
// Default role for new users (if not matched by adminValues)
defaultIsAdmin?: boolean; // Default admin status for auto-provisioned users (default: false)
};
// User attribute mapping (for custom OIDC providers)
attributeMapping?: {
username?: string; // Claim to use as username (default: 'email' or 'preferred_username')
email?: string; // Claim to use as email (default: 'email')
name?: string; // Claim to use as display name (default: 'name')
};
// Auto-provisioning settings
autoProvision?: boolean; // Auto-create users on first SSO login (default: true)
allowLinking?: boolean; // Allow existing users to link their accounts (default: true)
}
// OAuth SSO Configuration (stored in systemConfig.oauthSSO)
export interface OAuthSSOConfig {
enabled?: boolean; // Enable/disable SSO functionality globally (default: false)
providers?: OAuthSSOProvider[]; // Array of configured SSO providers
callbackBaseUrl?: string; // Base URL for OAuth callbacks (auto-detected if not set)
allowLocalAuth?: boolean; // Allow local username/password auth alongside SSO (default: true)
}
export interface SystemConfig { export interface SystemConfig {
routing?: { routing?: {
enableGlobalRoute?: boolean; // Controls whether the /sse endpoint without group is enabled enableGlobalRoute?: boolean; // Controls whether the /sse endpoint without group is enabled
@@ -172,6 +231,7 @@ export interface SystemConfig {
nameSeparator?: string; // Separator used between server name and tool/prompt name (default: '-') nameSeparator?: string; // Separator used between server name and tool/prompt name (default: '-')
oauth?: OAuthProviderConfig; // OAuth provider configuration for upstream MCP servers oauth?: OAuthProviderConfig; // OAuth provider configuration for upstream MCP servers
oauthServer?: OAuthServerConfig; // OAuth authorization server configuration for MCPHub itself oauthServer?: OAuthServerConfig; // OAuth authorization server configuration for MCPHub itself
oauthSSO?: OAuthSSOConfig; // OAuth SSO configuration for external identity providers (Google, Microsoft, GitHub, OIDC)
enableSessionRebuild?: boolean; // Controls whether server session rebuild is enabled enableSessionRebuild?: boolean; // Controls whether server session rebuild is enabled
} }
@@ -270,17 +330,6 @@ export interface McpSettings {
bearerKeys?: BearerKey[]; // Bearer authentication keys (multi-key configuration) bearerKeys?: BearerKey[]; // Bearer authentication keys (multi-key configuration)
} }
// Proxychains4 configuration for STDIO servers (Linux/macOS only)
export interface ProxychainsConfig {
enabled?: boolean; // Enable/disable proxychains4 proxy routing
type?: 'socks4' | 'socks5' | 'http'; // Proxy protocol type
host?: string; // Proxy server hostname or IP address
port?: number; // Proxy server port
username?: string; // Proxy authentication username (optional)
password?: string; // Proxy authentication password (optional)
configPath?: string; // Path to custom proxychains4 configuration file (optional, overrides above settings)
}
// Configuration details for an individual server // Configuration details for an individual server
export interface ServerConfig { export interface ServerConfig {
type?: 'stdio' | 'sse' | 'streamable-http' | 'openapi'; // Type of server type?: 'stdio' | 'sse' | 'streamable-http' | 'openapi'; // Type of server
@@ -296,8 +345,6 @@ export interface ServerConfig {
tools?: Record<string, { enabled: boolean; description?: string }>; // Tool-specific configurations with enable/disable state and custom descriptions tools?: Record<string, { enabled: boolean; description?: string }>; // Tool-specific configurations with enable/disable state and custom descriptions
prompts?: Record<string, { enabled: boolean; description?: string }>; // Prompt-specific configurations with enable/disable state and custom descriptions prompts?: Record<string, { enabled: boolean; description?: string }>; // Prompt-specific configurations with enable/disable state and custom descriptions
options?: Partial<Pick<RequestOptions, 'timeout' | 'resetTimeoutOnProgress' | 'maxTotalTimeout'>>; // MCP request options configuration options?: Partial<Pick<RequestOptions, 'timeout' | 'resetTimeoutOnProgress' | 'maxTotalTimeout'>>; // MCP request options configuration
// Proxychains4 proxy configuration for STDIO servers (Linux/macOS only, Windows not supported)
proxy?: ProxychainsConfig;
// OAuth authentication for upstream MCP servers // OAuth authentication for upstream MCP servers
oauth?: { oauth?: {
// Static client configuration (traditional OAuth flow) // Static client configuration (traditional OAuth flow)

1
src/utils/migration.ts
View File

@@ -46,6 +46,7 @@ export async function migrateToDatabase(): Promise<boolean> {
username: user.username, username: user.username,
password: user.password, password: user.password,
isAdmin: user.isAdmin || false, isAdmin: user.isAdmin || false,
oauthLinks: user.oauthLinks ?? null,
}); });
console.log(` - Created user: ${user.username}`); console.log(` - Created user: ${user.username}`);
} else { } else {

2
src/utils/smartRouting.ts
View File

@@ -17,7 +17,7 @@ export interface SmartRoutingConfig {
* *
* Priority order for each setting: * Priority order for each setting:
* 1. Specific environment variables (ENABLE_SMART_ROUTING, SMART_ROUTING_ENABLED, etc.) * 1. Specific environment variables (ENABLE_SMART_ROUTING, SMART_ROUTING_ENABLED, etc.)
* 2. Generic environment variables (OPENAI_API_KEY, DB_URL, etc.) * 2. Generic environment variables (OPENAI_API_KEY, DATABASE_URL, etc.)
* 3. Settings configuration (systemConfig.smartRouting) * 3. Settings configuration (systemConfig.smartRouting)
* 4. Default values * 4. Default values
* *

393
tests/services/oauthSSOService.test.ts Normal file
View File

@@ -0,0 +1,393 @@
// Tests for OAuth SSO Service
import {
isOAuthSSOEnabled,
isLocalAuthAllowed,
getEnabledProviders,
getProviderById,
generateAuthorizationUrl,
} from '../../src/services/oauthSSOService.js';
// Mock the config loading
jest.mock('../../src/config/index.js', () => ({
loadSettings: jest.fn(),
}));
import { loadSettings } from '../../src/config/index.js';
const mockLoadSettings = loadSettings as jest.MockedFunction<typeof loadSettings>;
describe('OAuth SSO Service', () => {
beforeEach(() => {
jest.clearAllMocks();
});
describe('isOAuthSSOEnabled', () => {
it('should return false when oauthSSO is not configured', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {},
});
expect(isOAuthSSOEnabled()).toBe(false);
});
it('should return false when oauthSSO.enabled is false', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: false,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
expect(isOAuthSSOEnabled()).toBe(false);
});
it('should return false when no providers are configured', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [],
},
},
});
expect(isOAuthSSOEnabled()).toBe(false);
});
it('should return true when enabled and providers exist', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
expect(isOAuthSSOEnabled()).toBe(true);
});
});
describe('isLocalAuthAllowed', () => {
it('should return true by default when not configured', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {},
});
expect(isLocalAuthAllowed()).toBe(true);
});
it('should return true when allowLocalAuth is not explicitly set', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [],
},
},
});
expect(isLocalAuthAllowed()).toBe(true);
});
it('should return false when allowLocalAuth is false', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
allowLocalAuth: false,
providers: [],
},
},
});
expect(isLocalAuthAllowed()).toBe(false);
});
it('should return true when allowLocalAuth is true', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
allowLocalAuth: true,
providers: [],
},
},
});
expect(isLocalAuthAllowed()).toBe(true);
});
});
describe('getEnabledProviders', () => {
it('should return empty array when SSO is not enabled', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {},
});
expect(getEnabledProviders()).toEqual([]);
});
it('should return only enabled providers', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
enabled: true,
},
{
id: 'github',
name: 'GitHub',
type: 'github',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
enabled: false,
},
{
id: 'microsoft',
name: 'Microsoft',
type: 'microsoft',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
// enabled is undefined, defaults to true
},
],
},
},
});
const providers = getEnabledProviders();
expect(providers).toHaveLength(2);
expect(providers[0]).toEqual({ id: 'google', name: 'Google', type: 'google' });
expect(providers[1]).toEqual({ id: 'microsoft', name: 'Microsoft', type: 'microsoft' });
});
});
describe('getProviderById', () => {
it('should return undefined when provider not found', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
expect(getProviderById('github')).toBeUndefined();
});
it('should return undefined when provider is disabled', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
enabled: false,
},
],
},
},
});
expect(getProviderById('google')).toBeUndefined();
});
it('should return provider when found and enabled', () => {
const provider = {
id: 'google',
name: 'Google',
type: 'google' as const,
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
};
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [provider],
},
},
});
expect(getProviderById('google')).toEqual(provider);
});
});
describe('generateAuthorizationUrl', () => {
it('should return null when provider not found', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [],
},
},
});
expect(generateAuthorizationUrl('google', 'http://localhost/callback')).toBeNull();
});
it('should generate authorization URL for Google provider', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
const result = generateAuthorizationUrl('google', 'http://localhost/callback');
expect(result).not.toBeNull();
expect(result!.url).toContain('https://accounts.google.com/o/oauth2/v2/auth');
expect(result!.url).toContain('client_id=test-client-id');
expect(result!.url).toContain('redirect_uri=http%3A%2F%2Flocalhost%2Fcallback');
expect(result!.url).toContain('response_type=code');
expect(result!.url).toContain('scope=openid+email+profile');
expect(result!.url).toContain('code_challenge=');
expect(result!.state).toBeDefined();
});
it('should generate authorization URL for GitHub provider without PKCE', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'github',
name: 'GitHub',
type: 'github',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
const result = generateAuthorizationUrl('github', 'http://localhost/callback');
expect(result).not.toBeNull();
expect(result!.url).toContain('https://github.com/login/oauth/authorize');
expect(result!.url).not.toContain('code_challenge=');
expect(result!.state).toBeDefined();
});
it('should generate authorization URL for Microsoft provider', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'microsoft',
name: 'Microsoft',
type: 'microsoft',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
},
],
},
},
});
const result = generateAuthorizationUrl('microsoft', 'http://localhost/callback');
expect(result).not.toBeNull();
expect(result!.url).toContain('https://login.microsoftonline.com/common/oauth2/v2.0/authorize');
expect(result!.url).toContain('code_challenge=');
expect(result!.state).toBeDefined();
});
it('should include custom scopes when configured', () => {
mockLoadSettings.mockReturnValue({
mcpServers: {},
systemConfig: {
oauthSSO: {
enabled: true,
providers: [
{
id: 'google',
name: 'Google',
type: 'google',
clientId: 'test-client-id',
clientSecret: 'test-client-secret',
scopes: ['custom-scope', 'another-scope'],
},
],
},
},
});
const result = generateAuthorizationUrl('google', 'http://localhost/callback');
expect(result).not.toBeNull();
expect(result!.url).toContain('scope=custom-scope+another-scope');
});
});
});

2
tests/setup.ts
View File

@@ -5,7 +5,7 @@ import 'reflect-metadata';
Object.assign(process.env, { Object.assign(process.env, {
NODE_ENV: 'test', NODE_ENV: 'test',
JWT_SECRET: 'test-jwt-secret-key', JWT_SECRET: 'test-jwt-secret-key',
DB_URL: 'sqlite::memory:', DATABASE_URL: 'sqlite::memory:',
}); });
// Mock moduleDir to avoid import.meta parsing issues in Jest // Mock moduleDir to avoid import.meta parsing issues in Jest