@jgardner04/ghost-mcp-server 1.0.0 → 1.1.1

package/src/services/postService.js

@@ -1,12 +1,12 @@
-import sanitizeHtml from "sanitize-html";
-import Joi from "joi";
-import { createContextLogger } from "../utils/logger.js";
+import sanitizeHtml from 'sanitize-html';
+import Joi from 'joi';
+import { createContextLogger } from '../utils/logger.js';
 import {
   createPost as createGhostPost,
   getTags as getGhostTags,
   createTag as createGhostTag,
   // Import other necessary functions from ghostService later
-} from "./ghostService.js"; // Note the relative path
+} from './ghostService.js'; // Note the relative path
 
 /**
  * Helper to generate a simple meta description from HTML content.
@@ -16,21 +16,21 @@ import {
  * @returns {string} A plain text truncated description.
  */
 const generateSimpleMetaDescription = (htmlContent, maxLength = 500) => {
-  if (!htmlContent) return "";
-  
+  if (!htmlContent) return '';
+
   // Use sanitize-html to safely remove all HTML tags
   // This prevents ReDoS attacks and properly handles malformed HTML
   const textContent = sanitizeHtml(htmlContent, {
     allowedTags: [], // Remove all HTML tags
     allowedAttributes: {},
-    textFilter: function(text) {
+    textFilter: function (text) {
       return text.replace(/\s\s+/g, ' ').trim();
-    }
+    },
   });
-  
+
   // Truncate and add ellipsis if needed
   return textContent.length > maxLength
-    ? textContent.substring(0, maxLength - 3) + "..."
+    ? textContent.substring(0, maxLength - 3) + '...'
     : textContent;
 };
 
@@ -52,22 +52,22 @@ const postInputSchema = Joi.object({
   feature_image_alt: Joi.string().max(255).optional(),
   feature_image_caption: Joi.string().max(500).optional(),
   meta_title: Joi.string().max(70).optional(),
-  meta_description: Joi.string().max(160).optional()
+  meta_description: Joi.string().max(160).optional(),
 });
 
 const createPostService = async (postInput) => {
   const logger = createContextLogger('post-service');
-  
+
   // Validate input to prevent format string vulnerabilities
   const { error, value: validatedInput } = postInputSchema.validate(postInput);
   if (error) {
     logger.error('Post input validation failed', {
       error: error.details[0].message,
-      inputKeys: Object.keys(postInput)
+      inputKeys: Object.keys(postInput),
     });
     throw new Error(`Invalid post input: ${error.details[0].message}`);
   }
-  
+
   const {
     title,
     html,
@@ -88,7 +88,7 @@ const createPostService = async (postInput) => {
     logger.info('Resolving provided tag names', { tagCount: tags.length, tags });
     resolvedTags = await Promise.all(
       tags.map(async (tagName) => {
-        if (typeof tagName !== "string" || !tagName.trim()) {
+        if (typeof tagName !== 'string' || !tagName.trim()) {
           logger.warn('Skipping invalid tag name', { tagName, type: typeof tagName });
           return null; // Skip invalid entries
         }
@@ -100,7 +100,7 @@ const createPostService = async (postInput) => {
           if (existingTags && existingTags.length > 0) {
             logger.debug('Found existing tag', {
               tagName,
-              tagId: existingTags[0].id
+              tagId: existingTags[0].id,
             });
             // Use the existing tag (Ghost usually accepts name, slug, or id)
             return { name: tagName }; // Or { id: existingTags[0].id } or { slug: existingTags[0].slug }
@@ -110,7 +110,7 @@ const createPostService = async (postInput) => {
             const newTag = await createGhostTag({ name: tagName });
             logger.info('Created new tag successfully', {
               tagName,
-              tagId: newTag.id
+              tagId: newTag.id,
             });
             // Use the new tag
             return { name: tagName }; // Or { id: newTag.id }
@@ -118,7 +118,7 @@ const createPostService = async (postInput) => {
         } catch (tagError) {
           logger.error('Error processing tag', {
             tagName,
-            error: tagError.message
+            error: tagError.message,
           });
           return null; // Skip tags that cause errors during processing
         }
@@ -128,7 +128,7 @@ const createPostService = async (postInput) => {
     resolvedTags = resolvedTags.filter((tag) => tag !== null);
     logger.debug('Resolved tags for API', {
       resolvedTagCount: resolvedTags.length,
-      resolvedTags
+      resolvedTags,
     });
   }
   // --- End Tag Resolution ---
@@ -140,7 +140,7 @@ const createPostService = async (postInput) => {
   // Ensure description does not exceed limit even after defaulting
   const truncatedMetaDescription =
     finalMetaDescription.length > 500
-      ? finalMetaDescription.substring(0, 497) + "..."
+      ? finalMetaDescription.substring(0, 497) + '...'
       : finalMetaDescription;
   // --- End Metadata Defaults ---
 
@@ -149,7 +149,7 @@ const createPostService = async (postInput) => {
     title,
     html,
     custom_excerpt,
-    status: status || "draft", // Default to draft
+    status: status || 'draft', // Default to draft
     published_at,
     tags: resolvedTags,
     feature_image,
@@ -164,7 +164,7 @@ const createPostService = async (postInput) => {
     title: postDataForApi.title,
     status: postDataForApi.status,
     tagCount: postDataForApi.tags?.length || 0,
-    hasFeatureImage: !!postDataForApi.feature_image
+    hasFeatureImage: !!postDataForApi.feature_image,
   });
   // Call the lower-level ghostService function
   const newPost = await createGhostPost(postDataForApi);

package/src/utils/logger.js

@@ -12,7 +12,7 @@ const isDevelopment = process.env.NODE_ENV === 'development';
 // Define custom log format
 const logFormat = winston.format.combine(
   winston.format.timestamp({
-    format: 'YYYY-MM-DD HH:mm:ss'
+    format: 'YYYY-MM-DD HH:mm:ss',
   }),
   winston.format.errors({ stack: true }),
   winston.format.json(),
@@ -22,7 +22,7 @@ const logFormat = winston.format.combine(
 // Development format (more readable)
 const devFormat = winston.format.combine(
   winston.format.timestamp({
-    format: 'HH:mm:ss'
+    format: 'HH:mm:ss',
   }),
   winston.format.colorize(),
   winston.format.printf(({ level, message, timestamp, metadata }) => {
@@ -38,52 +38,52 @@ const devFormat = winston.format.combine(
 const logger = winston.createLogger({
   level: logLevel,
   format: isDevelopment ? devFormat : logFormat,
-  defaultMeta: { 
+  defaultMeta: {
     service: 'ghost-mcp-server',
-    pid: process.pid
+    pid: process.pid,
   },
   transports: [
     // Console output
     new winston.transports.Console({
-      level: isDevelopment ? 'debug' : 'info'
-    })
+      level: isDevelopment ? 'debug' : 'info',
+    }),
   ],
   // Handle uncaught exceptions
-  exceptionHandlers: [
-    new winston.transports.Console()
-  ],
+  exceptionHandlers: [new winston.transports.Console()],
   // Handle unhandled promise rejections
-  rejectionHandlers: [
-    new winston.transports.Console()
-  ]
+  rejectionHandlers: [new winston.transports.Console()],
 });
 
 // Add file logging in production
 if (!isDevelopment) {
   const logDir = path.join(__dirname, '../../logs');
-  
+
   // Create logs directory if it doesn't exist
-  import('fs').then(fs => {
+  import('fs').then((fs) => {
     if (!fs.existsSync(logDir)) {
       fs.mkdirSync(logDir, { recursive: true });
     }
   });
-  
+
   // Add file transports for production
-  logger.add(new winston.transports.File({
-    filename: path.join(logDir, 'error.log'),
-    level: 'error',
-    maxsize: 10 * 1024 * 1024, // 10MB
-    maxFiles: 5,
-    tailable: true
-  }));
-  
-  logger.add(new winston.transports.File({
-    filename: path.join(logDir, 'combined.log'),
-    maxsize: 10 * 1024 * 1024, // 10MB
-    maxFiles: 10,
-    tailable: true
-  }));
+  logger.add(
+    new winston.transports.File({
+      filename: path.join(logDir, 'error.log'),
+      level: 'error',
+      maxsize: 10 * 1024 * 1024, // 10MB
+      maxFiles: 5,
+      tailable: true,
+    })
+  );
+
+  logger.add(
+    new winston.transports.File({
+      filename: path.join(logDir, 'combined.log'),
+      maxsize: 10 * 1024 * 1024, // 10MB
+      maxFiles: 10,
+      tailable: true,
+    })
+  );
 }
 
 // Create helper functions for common logging patterns
@@ -93,41 +93,41 @@ const createContextLogger = (context) => {
     info: (message, meta = {}) => logger.info(message, { ...meta, context }),
     warn: (message, meta = {}) => logger.warn(message, { ...meta, context }),
     error: (message, meta = {}) => logger.error(message, { ...meta, context }),
-    
+
     // Convenience methods for common patterns
-    apiRequest: (method, url, meta = {}) => 
+    apiRequest: (method, url, meta = {}) =>
       logger.info(`${method} ${url}`, { ...meta, context, type: 'api_request' }),
-    
+
     apiResponse: (method, url, status, meta = {}) =>
       logger.info(`${method} ${url} -> ${status}`, { ...meta, context, type: 'api_response' }),
-    
+
     apiError: (method, url, error, meta = {}) =>
-      logger.error(`${method} ${url} failed`, { 
-        ...meta, 
-        context, 
+      logger.error(`${method} ${url} failed`, {
+        ...meta,
+        context,
         type: 'api_error',
         error: error.message,
-        stack: error.stack 
+        stack: error.stack,
       }),
-    
+
     toolExecution: (toolName, input, meta = {}) =>
-      logger.info(`Executing tool: ${toolName}`, { 
-        ...meta, 
-        context, 
+      logger.info(`Executing tool: ${toolName}`, {
+        ...meta,
+        context,
         type: 'tool_execution',
         tool: toolName,
-        inputKeys: Object.keys(input || {})
+        inputKeys: Object.keys(input || {}),
       }),
-    
+
     toolSuccess: (toolName, result, meta = {}) =>
       logger.info(`Tool ${toolName} completed successfully`, {
         ...meta,
         context,
         type: 'tool_success',
         tool: toolName,
-        resultType: typeof result
+        resultType: typeof result,
       }),
-    
+
     toolError: (toolName, error, meta = {}) =>
       logger.error(`Tool ${toolName} failed`, {
         ...meta,
@@ -135,19 +135,19 @@ const createContextLogger = (context) => {
         type: 'tool_error',
         tool: toolName,
         error: error.message,
-        stack: error.stack
+        stack: error.stack,
       }),
-      
+
     fileOperation: (operation, filePath, meta = {}) =>
       logger.debug(`File operation: ${operation}`, {
         ...meta,
         context,
         type: 'file_operation',
         operation,
-        file: path.basename(filePath)
-      })
+        file: path.basename(filePath),
+      }),
   };
 };
 
 export default logger;
-export { createContextLogger };
+export { createContextLogger };

package/src/utils/urlValidator.js

@@ -26,7 +26,7 @@ const ALLOWED_DOMAINS = [
   'pexels.com',
   'images.pexels.com',
   'pixabay.com',
-  'cdn.pixabay.com'
+  'cdn.pixabay.com',
 ];
 
 // Private/internal IP ranges to block
@@ -44,7 +44,7 @@ const BLOCKED_IP_PATTERNS = [
   /^::/, // IPv6 unspecified
   /^fc00:/, // IPv6 unique local
   /^fe80:/, // IPv6 link local
-  /^ff00:/ // IPv6 multicast
+  /^ff00:/, // IPv6 multicast
 ];
 
 /**
@@ -56,16 +56,16 @@ const isSafeHost = (hostname) => {
   // Check if hostname is an IP address
   const ipv4Pattern = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
   const ipv6Pattern = /^[0-9a-f:]+$/i;
-  
+
   if (ipv4Pattern.test(hostname) || ipv6Pattern.test(hostname)) {
     // Check against blocked IP patterns
-    return !BLOCKED_IP_PATTERNS.some(pattern => pattern.test(hostname));
+    return !BLOCKED_IP_PATTERNS.some((pattern) => pattern.test(hostname));
   }
-  
+
   // For domain names, check against allowlist
   const normalizedHost = hostname.toLowerCase();
-  return ALLOWED_DOMAINS.some(allowed => 
-    normalizedHost === allowed || normalizedHost.endsWith('.' + allowed)
+  return ALLOWED_DOMAINS.some(
+    (allowed) => normalizedHost === allowed || normalizedHost.endsWith('.' + allowed)
   );
 };
 
@@ -77,68 +77,71 @@ const isSafeHost = (hostname) => {
 const validateImageUrl = (url) => {
   try {
     // Basic URL validation with Joi
-    const urlSchema = Joi.string().uri({
-      scheme: ['http', 'https'],
-      allowRelative: false
-    }).required();
-    
+    const urlSchema = Joi.string()
+      .uri({
+        scheme: ['http', 'https'],
+        allowRelative: false,
+      })
+      .required();
+
     const validation = urlSchema.validate(url);
     if (validation.error) {
       return {
         isValid: false,
-        error: `Invalid URL format: ${validation.error.details[0].message}`
+        error: `Invalid URL format: ${validation.error.details[0].message}`,
       };
     }
-    
+
     // Parse URL for additional security checks
     const parsedUrl = new URL(url);
-    
+
     // Only allow HTTP/HTTPS
     if (!['http:', 'https:'].includes(parsedUrl.protocol)) {
       return {
         isValid: false,
-        error: 'Only HTTP and HTTPS protocols are allowed'
+        error: 'Only HTTP and HTTPS protocols are allowed',
       };
     }
-    
+
     // Check if host is safe (not internal/private)
     if (!isSafeHost(parsedUrl.hostname)) {
       return {
         isValid: false,
-        error: `Requests to ${parsedUrl.hostname} are not allowed for security reasons`
+        error: `Requests to ${parsedUrl.hostname} are not allowed for security reasons`,
       };
     }
-    
+
     // Prevent requests to non-standard ports (common in SSRF attacks)
     const port = parsedUrl.port;
     if (port && !['80', '443', '8080', '8443'].includes(port)) {
       return {
         isValid: false,
-        error: `Requests to non-standard port ${port} are not allowed`
+        error: `Requests to non-standard port ${port} are not allowed`,
       };
     }
-    
+
     // Additional checks for suspicious patterns
-    if (parsedUrl.hostname.includes('localhost') || 
-        parsedUrl.hostname === '0.0.0.0' ||
-        parsedUrl.hostname.startsWith('192.168.') ||
-        parsedUrl.hostname.startsWith('10.') ||
-        parsedUrl.hostname.includes('.local')) {
+    if (
+      parsedUrl.hostname.includes('localhost') ||
+      parsedUrl.hostname === '0.0.0.0' ||
+      parsedUrl.hostname.startsWith('192.168.') ||
+      parsedUrl.hostname.startsWith('10.') ||
+      parsedUrl.hostname.includes('.local')
+    ) {
       return {
         isValid: false,
-        error: 'Requests to local/private addresses are not allowed'
+        error: 'Requests to local/private addresses are not allowed',
       };
     }
-    
+
     return {
       isValid: true,
-      sanitizedUrl: parsedUrl.href
+      sanitizedUrl: parsedUrl.href,
     };
-    
   } catch (error) {
     return {
       isValid: false,
-      error: `URL parsing failed: ${error.message}`
+      error: `URL parsing failed: ${error.message}`,
     };
   }
 };
@@ -157,13 +160,9 @@ const createSecureAxiosConfig = (url) => {
     maxContentLength: 50 * 1024 * 1024, // 50MB max response
     validateStatus: (status) => status >= 200 && status < 300, // Only accept 2xx
     headers: {
-      'User-Agent': 'Ghost-MCP-Server/1.0'
-    }
+      'User-Agent': 'Ghost-MCP-Server/1.0',
+    },
   };
 };
 
-export {
-  validateImageUrl,
-  createSecureAxiosConfig,
-  ALLOWED_DOMAINS
-};
+export { validateImageUrl, createSecureAxiosConfig, ALLOWED_DOMAINS };