@cloudbase/cloudbase-mcp 1.0.7 → 1.0.9

package/dist/index.js

@@ -6,6 +6,8 @@ import { registerFileTools } from "./tools/file.js";
 import { registerFunctionTools } from "./tools/functions.js";
 import { registerDatabaseTools } from "./tools/database.js";
 import { registerHostingTools } from "./tools/hosting.js";
+import { registerDownloadTools } from "./tools/download.js";
+import { registerStorageTools } from "./tools/storage.js";
 // Create server instance
 const server = new McpServer({
     name: "cloudbase-mcp",
@@ -25,6 +27,10 @@ registerDatabaseTools(server);
 registerHostingTools(server);
 // Register function management tools
 registerFunctionTools(server);
+// Register download tools
+registerDownloadTools(server);
+// Register storage tools
+registerStorageTools(server);
 async function main() {
     const transport = new StdioServerTransport();
     await server.connect(transport);

package/dist/tools/download.js

@@ -0,0 +1,247 @@
+import { z } from "zod";
+import * as fsPromises from "fs/promises";
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
+import * as crypto from "crypto";
+import * as https from "https";
+import * as http from "http";
+import { URL } from "url";
+import * as net from "net";
+import * as dns from "dns";
+// 常量定义
+const MAX_FILE_SIZE = 100 * 1024 * 1024; // 100MB
+const ALLOWED_PROTOCOLS = ["http:", "https:"];
+const ALLOWED_CONTENT_TYPES = [
+    "text/",
+    "image/",
+    "application/json",
+    "application/xml",
+    "application/pdf",
+    "application/zip",
+    "application/x-zip-compressed"
+];
+// 检查是否为内网 IP
+function isPrivateIP(ip) {
+    // 如果不是有效的 IP 地址，返回 true（保守处理）
+    if (!net.isIP(ip)) {
+        return true;
+    }
+    // 检查特殊地址
+    if (ip === '127.0.0.1' ||
+        ip === 'localhost' ||
+        ip === '::1' || // IPv6 本地回环
+        ip.startsWith('169.254.') || // 链路本地地址
+        ip.startsWith('0.')) { // 特殊用途地址
+        return true;
+    }
+    // 转换 IP 地址为长整数进行范围检查
+    const ipv4Parts = ip.split('.').map(part => parseInt(part, 10));
+    if (ipv4Parts.length === 4) {
+        const ipNum = (ipv4Parts[0] << 24) + (ipv4Parts[1] << 16) + (ipv4Parts[2] << 8) + ipv4Parts[3];
+        // 检查私有 IP 范围
+        // 10.0.0.0 - 10.255.255.255
+        if (ipNum >= 167772160 && ipNum <= 184549375)
+            return true;
+        // 172.16.0.0 - 172.31.255.255
+        if (ipNum >= 2886729728 && ipNum <= 2887778303)
+            return true;
+        // 192.168.0.0 - 192.168.255.255
+        if (ipNum >= 3232235520 && ipNum <= 3232301055)
+            return true;
+    }
+    // 检查 IPv6 私有地址
+    if (net.isIPv6(ip)) {
+        const normalizedIP = ip.toLowerCase();
+        if (normalizedIP.startsWith('fc00:') || // 唯一本地地址
+            normalizedIP.startsWith('fe80:') || // 链路本地地址
+            normalizedIP.startsWith('fec0:') || // 站点本地地址
+            normalizedIP.startsWith('::1')) { // 本地回环
+            return true;
+        }
+    }
+    return false;
+}
+// 检查域名是否解析到内网 IP
+async function doesDomainResolveToPrivateIP(hostname) {
+    try {
+        const addresses = await new Promise((resolve, reject) => {
+            dns.resolve(hostname, (err, addresses) => {
+                if (err)
+                    reject(err);
+                else
+                    resolve(addresses);
+            });
+        });
+        return addresses.some(ip => isPrivateIP(ip));
+    }
+    catch (error) {
+        // 如果解析失败，为安全起见返回 true
+        return true;
+    }
+}
+// 生成随机文件名
+function generateRandomFileName(extension = '') {
+    const randomBytes = crypto.randomBytes(16);
+    const fileName = randomBytes.toString('hex');
+    return `${fileName}${extension}`;
+}
+// 获取安全的临时文件路径
+function getSafeTempFilePath(fileName) {
+    return path.join(os.tmpdir(), fileName);
+}
+// 从 URL 或 Content-Disposition 获取文件扩展名
+function getFileExtension(url, contentType, contentDisposition) {
+    let extension = "";
+    // 从 URL 获取扩展名
+    const urlPath = new URL(url).pathname;
+    const urlExt = path.extname(urlPath);
+    if (urlExt) {
+        extension = urlExt;
+    }
+    // 从 Content-Disposition 获取扩展名
+    if (contentDisposition) {
+        const filenameMatch = contentDisposition.match(/filename=["']?([^"']+)["']?/);
+        if (filenameMatch) {
+            const dispositionExt = path.extname(filenameMatch[1]);
+            if (dispositionExt) {
+                extension = dispositionExt;
+            }
+        }
+    }
+    // 从 Content-Type 获取扩展名
+    if (!extension && contentType) {
+        const mimeToExt = {
+            "text/plain": ".txt",
+            "text/html": ".html",
+            "text/css": ".css",
+            "text/javascript": ".js",
+            "image/jpeg": ".jpg",
+            "image/png": ".png",
+            "image/gif": ".gif",
+            "image/webp": ".webp",
+            "application/json": ".json",
+            "application/xml": ".xml",
+            "application/pdf": ".pdf",
+            "application/zip": ".zip",
+            "application/x-zip-compressed": ".zip"
+        };
+        extension = mimeToExt[contentType] || "";
+    }
+    return extension;
+}
+// 验证 URL 和内容类型是否安全
+async function isUrlAndContentTypeSafe(url, contentType) {
+    try {
+        const parsedUrl = new URL(url);
+        // 检查协议
+        if (!ALLOWED_PROTOCOLS.includes(parsedUrl.protocol)) {
+            return false;
+        }
+        // 检查主机名是否为 IP 地址
+        const hostname = parsedUrl.hostname;
+        if (net.isIP(hostname) && isPrivateIP(hostname)) {
+            return false;
+        }
+        // 如果是域名，检查它是否解析到内网 IP
+        if (!net.isIP(hostname) && await doesDomainResolveToPrivateIP(hostname)) {
+            return false;
+        }
+        // 检查内容类型
+        return ALLOWED_CONTENT_TYPES.some(allowedType => contentType.startsWith(allowedType));
+    }
+    catch {
+        return false;
+    }
+}
+// 下载文件
+function downloadFile(url) {
+    return new Promise((resolve, reject) => {
+        const client = url.startsWith('https:') ? https : http;
+        client.get(url, async (res) => {
+            if (res.statusCode !== 200) {
+                reject(new Error(`HTTP Error: ${res.statusCode}`));
+                return;
+            }
+            const contentType = res.headers['content-type'] || '';
+            const contentLength = parseInt(res.headers['content-length'] || '0', 10);
+            const contentDisposition = res.headers['content-disposition'];
+            // 安全检查
+            if (!await isUrlAndContentTypeSafe(url, contentType)) {
+                reject(new Error('不安全的 URL 或内容类型，或者目标为内网地址'));
+                return;
+            }
+            // 文件大小检查
+            if (contentLength > MAX_FILE_SIZE) {
+                reject(new Error(`文件大小 ${contentLength} 字节超过 ${MAX_FILE_SIZE} 字节限制`));
+                return;
+            }
+            // 生成临时文件路径
+            const extension = getFileExtension(url, contentType, contentDisposition);
+            const fileName = generateRandomFileName(extension);
+            const filePath = getSafeTempFilePath(fileName);
+            // 创建写入流
+            const fileStream = fs.createWriteStream(filePath);
+            let downloadedSize = 0;
+            res.on('data', (chunk) => {
+                downloadedSize += chunk.length;
+                if (downloadedSize > MAX_FILE_SIZE) {
+                    fileStream.destroy();
+                    fsPromises.unlink(filePath).catch(() => { });
+                    reject(new Error(`文件大小超过 ${MAX_FILE_SIZE} 字节限制`));
+                }
+            });
+            res.pipe(fileStream);
+            fileStream.on('finish', () => {
+                resolve({
+                    filePath,
+                    contentType,
+                    fileSize: downloadedSize
+                });
+            });
+            fileStream.on('error', (error) => {
+                fsPromises.unlink(filePath).catch(() => { });
+                reject(error);
+            });
+        }).on('error', (error) => {
+            reject(error);
+        });
+    });
+}
+export function registerDownloadTools(server) {
+    server.tool("downloadRemoteFile", "下载远程文件到本地临时文件，返回一个系统的绝对路径", {
+        url: z.string().describe("远程文件的 URL 地址"),
+    }, async ({ url }) => {
+        try {
+            const result = await downloadFile(url);
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            success: true,
+                            filePath: result.filePath,
+                            contentType: result.contentType,
+                            fileSize: result.fileSize,
+                            message: "文件下载成功"
+                        }, null, 2)
+                    }
+                ]
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            success: false,
+                            error: error.message,
+                            message: "文件下载失败"
+                        }, null, 2)
+                    }
+                ]
+            };
+        }
+    });
+}

package/dist/tools/functions.js

@@ -48,10 +48,10 @@ export function registerFunctionTools(server) {
                 version: z.number()
             })).optional().describe("Layer配置")
         }).describe("函数配置"),
-        functionRootPath: z.string().optional().describe("函数根目录"),
+        functionRootPath: z.string().optional().describe("函数根目录（云函数目录的父目录），这里需要传操作系统上文件的绝对路径，指定之后可以自动上传这部分的文件作为代码"),
         force: z.boolean().describe("是否覆盖"),
-        base64Code: z.string().optional().describe("base64编码的代码"),
-        codeSecret: z.string().optional().describe("代码保护密钥")
+        base64Code: z.string().optional().describe("base64编码的代码，一般不采用这种方式"),
+        codeSecret: z.string().optional().describe("代码保护密钥，一般无需配置")
     }, async ({ func, functionRootPath, force, base64Code, codeSecret }) => {
         const result = await cloudbase.functions.createFunction({
             func,
@@ -74,9 +74,9 @@ export function registerFunctionTools(server) {
         func: z.object({
             name: z.string().describe("函数名称")
         }).describe("函数配置"),
-        functionRootPath: z.string().optional().describe("函数根目录"),
-        base64Code: z.string().optional().describe("base64编码的代码"),
-        codeSecret: z.string().optional().describe("代码保护密钥")
+        functionRootPath: z.string().optional().describe("函数根目录（云函数目录的父目录），这里需要传操作系统上文件的绝对路径，指定之后可以自动上传这部分的文件作为代码"),
+        base64Code: z.string().optional().describe("base64编码的代码，这种方式也可以更新代码，不推荐使用"),
+        codeSecret: z.string().optional().describe("代码保护密钥，一般无需配置")
     }, async ({ func, functionRootPath, base64Code, codeSecret }) => {
         const result = await cloudbase.functions.updateFunctionCode({
             func,

package/dist/tools/hosting.js

@@ -36,7 +36,9 @@ export function registerHostingTools(server) {
                 {
                     type: "text",
                     text: JSON.stringify({
-                        uploadResult: result,
+                        uploadResult: result?.files.map((item) => {
+                            return item.Key;
+                        }),
                         staticWebsiteUrl: staticDomain ? `https://${staticDomain}` : "",
                         // 返回文件的完整访问URL
                         fileUrl: staticDomain && cloudPath ? `https://${staticDomain}/${cloudPath}` : ""

package/dist/tools/storage.js

@@ -0,0 +1,43 @@
+import { z } from "zod";
+import CloudBase from "@cloudbase/manager-node";
+// 初始化CloudBase
+const cloudbase = new CloudBase({
+    secretId: process.env.TENCENTCLOUD_SECRETID,
+    secretKey: process.env.TENCENTCLOUD_SECRETKEY,
+    envId: process.env.CLOUDBASE_ENV_ID,
+    token: process.env.TENCENTCLOUD_SESSIONTOKEN
+});
+export function registerStorageTools(server) {
+    // uploadFile - 上传文件到云存储
+    server.tool("uploadFile", "上传文件到云存储（区别于静态网站托管，云存储更适合存储业务数据文件）", {
+        localPath: z.string().describe("本地文件路径，建议传入绝对路径，例如 /tmp/files/data.txt"),
+        cloudPath: z.string().describe("云端文件路径，例如 files/data.txt"),
+    }, async ({ localPath, cloudPath }) => {
+        // 上传文件
+        await cloudbase.storage.uploadFile({
+            localPath,
+            cloudPath,
+            onProgress: (progressData) => {
+                console.log("Upload progress:", progressData);
+            }
+        });
+        // 获取文件临时下载地址
+        const fileUrls = await cloudbase.storage.getTemporaryUrl([{
+                cloudPath: cloudPath,
+                maxAge: 3600 // 临时链接有效期1小时
+            }]);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({
+                        message: "文件上传成功",
+                        cloudPath: cloudPath,
+                        temporaryUrl: fileUrls[0]?.url || "",
+                        expireTime: "1小时"
+                    }, null, 2)
+                }
+            ]
+        };
+    });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloudbase/cloudbase-mcp",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "description": "腾讯云开发 MCP Server，支持静态托管/环境查询/",
   "main": "index.js",
   "type": "module",