@jgardner04/ghost-mcp-server 1.0.0 → 1.1.1

package/src/routes/imageRoutes.js

@@ -1,6 +1,6 @@
-import express from "express";
-import rateLimit from "express-rate-limit";
-import { upload, handleImageUpload } from "../controllers/imageController.js";
+import express from 'express';
+import rateLimit from 'express-rate-limit';
+import { upload, handleImageUpload } from '../controllers/imageController.js';
 
 const router = express.Router();
 
@@ -9,16 +9,16 @@ const router = express.Router();
 const imageUploadRateLimiter = rateLimit({
   windowMs: 60 * 1000, // 1 minute
   max: 10, // Limit each IP to 10 requests per windowMs
-  message: "Too many image upload attempts from this IP, please try again after a minute",
+  message: 'Too many image upload attempts from this IP, please try again after a minute',
   standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
   legacyHeaders: false, // Disable the `X-RateLimit-*` headers
   handler: (req, res) => {
     res.status(429).json({
-      error: "Too many requests",
-      message: "You have exceeded the 10 image uploads per minute limit. Please try again later.",
-      retryAfter: 60
+      error: 'Too many requests',
+      message: 'You have exceeded the 10 image uploads per minute limit. Please try again later.',
+      retryAfter: 60,
     });
-  }
+  },
 });
 
 // Define the route for uploading an image
@@ -26,7 +26,7 @@ const imageUploadRateLimiter = rateLimit({
 // The `upload.single('image')` middleware handles the file upload.
 // 'image' should match the field name in the form-data request.
 // Added rate limiting to prevent abuse of file system operations
-router.post("/", imageUploadRateLimiter, upload.single("image"), handleImageUpload);
+router.post('/', imageUploadRateLimiter, upload.single('image'), handleImageUpload);
 
 // Add other image-related routes here later if needed
 

package/src/routes/postRoutes.js

@@ -1,51 +1,45 @@
-import express from "express";
-import { body, validationResult } from "express-validator";
-import { createPost } from "../controllers/postController.js";
-import { createContextLogger } from "../utils/logger.js";
+import express from 'express';
+import { body, validationResult } from 'express-validator';
+import { createPost } from '../controllers/postController.js';
+import { createContextLogger } from '../utils/logger.js';
 
 const router = express.Router();
 
 // Validation middleware for post creation
 const validatePostCreation = [
   // Title must exist and be a non-empty string
-  body("title").notEmpty().withMessage("Post title is required.").isString(),
+  body('title').notEmpty().withMessage('Post title is required.').isString(),
   // HTML content must exist and be a non-empty string
-  body("html")
-    .notEmpty()
-    .withMessage("Post HTML content is required.")
-    .isString(),
+  body('html').notEmpty().withMessage('Post HTML content is required.').isString(),
   // Status must be one of the allowed values if provided
-  body("status")
+  body('status')
     .optional()
-    .isIn(["published", "draft", "scheduled"])
-    .withMessage("Invalid status value."),
+    .isIn(['published', 'draft', 'scheduled'])
+    .withMessage('Invalid status value.'),
   // custom_excerpt should be a string if provided
-  body("custom_excerpt").optional().isString(),
+  body('custom_excerpt').optional().isString(),
   // published_at should be a valid ISO 8601 date if provided
-  body("published_at")
+  body('published_at')
     .optional()
     .isISO8601()
-    .withMessage("Invalid date format for published_at (should be ISO 8601)."),
+    .withMessage('Invalid date format for published_at (should be ISO 8601).'),
   // tags should be an array if provided
-  body("tags").optional().isArray().withMessage("Tags must be an array."),
+  body('tags').optional().isArray().withMessage('Tags must be an array.'),
   // Add validation for featured image fields (optional)
-  body("feature_image")
-    .optional()
-    .isURL()
-    .withMessage("Feature image must be a valid URL."),
-  body("feature_image_alt").optional().isString(),
-  body("feature_image_caption").optional().isString(),
+  body('feature_image').optional().isURL().withMessage('Feature image must be a valid URL.'),
+  body('feature_image_alt').optional().isString(),
+  body('feature_image_caption').optional().isString(),
   // Add validation for metadata fields (optional strings)
-  body("meta_title")
+  body('meta_title')
     .optional()
     .isString()
     .isLength({ max: 300 })
-    .withMessage("Meta title cannot exceed 300 characters."),
-  body("meta_description")
+    .withMessage('Meta title cannot exceed 300 characters.'),
+  body('meta_description')
     .optional()
     .isString()
     .isLength({ max: 500 })
-    .withMessage("Meta description cannot exceed 500 characters."),
+    .withMessage('Meta description cannot exceed 500 characters.'),
   // Handle validation results
   (req, res, next) => {
     const logger = createContextLogger('post-routes');
@@ -54,7 +48,7 @@ const validatePostCreation = [
       // Log the validation errors
       logger.warn('Post validation errors', {
         errors: errors.array(),
-        title: req.body?.title
+        title: req.body?.title,
       });
       return res.status(400).json({ errors: errors.array() });
     }
@@ -65,7 +59,7 @@ const validatePostCreation = [
 // Define the route for creating a post
 // POST /api/posts
 // Apply the validation middleware before the controller
-router.post("/", validatePostCreation, createPost);
+router.post('/', validatePostCreation, createPost);
 
 // Add other post-related routes here later (e.g., GET /posts/:id, PUT /posts/:id)
 

package/src/routes/tagRoutes.js

@@ -1,25 +1,23 @@
-import express from "express";
-import { body, validationResult } from "express-validator"; // Import for validation
-import { getTags, createTag } from "../controllers/tagController.js";
-import { createContextLogger } from "../utils/logger.js";
+import express from 'express';
+import { body, validationResult } from 'express-validator'; // Import for validation
+import { getTags, createTag } from '../controllers/tagController.js';
+import { createContextLogger } from '../utils/logger.js';
 
 const router = express.Router();
 
 // Validation middleware for tag creation
 const validateTagCreation = [
-  body("name").notEmpty().withMessage("Tag name is required.").isString(),
-  body("description")
+  body('name').notEmpty().withMessage('Tag name is required.').isString(),
+  body('description')
     .optional()
     .isString()
     .isLength({ max: 500 })
-    .withMessage("Tag description cannot exceed 500 characters."),
-  body("slug")
+    .withMessage('Tag description cannot exceed 500 characters.'),
+  body('slug')
     .optional()
     .isString()
     .matches(/^[a-z0-9]+(?:-[a-z0-9]+)*$/)
-    .withMessage(
-      "Tag slug can only contain lower-case letters, numbers, and hyphens."
-    ),
+    .withMessage('Tag slug can only contain lower-case letters, numbers, and hyphens.'),
   // Handle validation results
   (req, res, next) => {
     const logger = createContextLogger('tag-routes');
@@ -27,7 +25,7 @@ const validateTagCreation = [
     if (!errors.isEmpty()) {
       logger.warn('Tag validation errors', {
         errors: errors.array(),
-        tagName: req.body?.name
+        tagName: req.body?.name,
       });
       return res.status(400).json({ errors: errors.array() });
     }
@@ -37,10 +35,10 @@ const validateTagCreation = [
 
 // Define routes
 // GET /api/tags (supports ?name=... query for filtering)
-router.get("/", getTags);
+router.get('/', getTags);
 
 // POST /api/tags
-router.post("/", validateTagCreation, createTag);
+router.post('/', validateTagCreation, createTag);
 
 // Add routes for other CRUD operations (GET /:id, PUT /:id, DELETE /:id) later if needed
 

package/src/services/__tests__/ghostService.test.js

@@ -0,0 +1,118 @@
+import { describe, it, expect, vi } from 'vitest';
+
+// Mock the Ghost Admin API
+vi.mock('@tryghost/admin-api', () => {
+  const GhostAdminAPI = vi.fn(function () {
+    return {
+      posts: {
+        add: vi.fn(),
+      },
+      tags: {
+        add: vi.fn(),
+        browse: vi.fn(),
+      },
+      site: {
+        read: vi.fn(),
+      },
+      images: {
+        upload: vi.fn(),
+      },
+    };
+  });
+
+  return {
+    default: GhostAdminAPI,
+  };
+});
+
+// Mock dotenv
+vi.mock('dotenv', () => ({
+  default: {
+    config: vi.fn(),
+  },
+}));
+
+// Mock logger
+vi.mock('../../utils/logger.js', () => ({
+  createContextLogger: vi.fn(() => ({
+    apiRequest: vi.fn(),
+    apiResponse: vi.fn(),
+    apiError: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+  })),
+}));
+
+// Import after setting up mocks and environment
+import { createPost, createTag, getTags } from '../ghostService.js';
+
+describe('ghostService', () => {
+  describe('createPost', () => {
+    it('should throw error when title is missing', async () => {
+      await expect(createPost({})).rejects.toThrow('Post title is required');
+    });
+
+    it('should set default status to draft when not provided', async () => {
+      const postData = { title: 'Test Post', html: '<p>Content</p>' };
+
+      // The function should call the API with default status
+      try {
+        await createPost(postData);
+      } catch (_error) {
+        // Expected to fail since we're using a mock, but we can verify the behavior
+      }
+
+      expect(postData.title).toBe('Test Post');
+    });
+  });
+
+  describe('createTag', () => {
+    it('should throw error when tag name is missing', async () => {
+      await expect(createTag({})).rejects.toThrow('Tag name is required');
+    });
+
+    it('should accept valid tag data', async () => {
+      const tagData = { name: 'Test Tag', slug: 'test-tag' };
+
+      try {
+        await createTag(tagData);
+      } catch (_error) {
+        // Expected to fail with mock, but validates input handling
+      }
+
+      expect(tagData.name).toBe('Test Tag');
+    });
+  });
+
+  describe('getTags', () => {
+    it('should reject tag names with invalid characters', async () => {
+      await expect(getTags("'; DROP TABLE tags; --")).rejects.toThrow(
+        'Tag name contains invalid characters'
+      );
+    });
+
+    it('should accept valid tag names', async () => {
+      const validNames = ['Test Tag', 'test-tag', 'test_tag', 'Tag123'];
+
+      for (const name of validNames) {
+        try {
+          await getTags(name);
+        } catch (_error) {
+          // Expected to fail with mock, but should not throw validation error
+          expect(_error.message).not.toContain('invalid characters');
+        }
+      }
+    });
+
+    it('should handle tag names without filter when name is not provided', async () => {
+      try {
+        await getTags();
+      } catch (_error) {
+        // Expected to fail with mock
+      }
+
+      // Should not throw validation error
+      expect(true).toBe(true);
+    });
+  });
+});

package/src/services/ghostService.js

@@ -1,6 +1,6 @@
-import GhostAdminAPI from "@tryghost/admin-api";
-import dotenv from "dotenv";
-import { createContextLogger } from "../utils/logger.js";
+import GhostAdminAPI from '@tryghost/admin-api';
+import dotenv from 'dotenv';
+import { createContextLogger } from '../utils/logger.js';
 
 dotenv.config();
 
@@ -8,7 +8,7 @@ const logger = createContextLogger('ghost-service');
 const { GHOST_ADMIN_API_URL, GHOST_ADMIN_API_KEY } = process.env;
 
 if (!GHOST_ADMIN_API_URL || !GHOST_ADMIN_API_KEY) {
-  throw new Error("Ghost Admin API URL and Key must be provided in .env file");
+  throw new Error('Ghost Admin API URL and Key must be provided in .env file');
 }
 
 // Configure the Ghost Admin API client
@@ -17,7 +17,7 @@ const api = new GhostAdminAPI({
   key: GHOST_ADMIN_API_KEY,
   // Specify the Ghost Admin API version
   // Check your Ghost installation for the correct version
-  version: "v5.0", // Adjust if necessary
+  version: 'v5.0', // Adjust if necessary
 });
 
 /**
@@ -30,21 +30,18 @@ const api = new GhostAdminAPI({
  * @param {number} retries - The number of retry attempts remaining.
  * @returns {Promise<object>} The result from the Ghost Admin API.
  */
-const handleApiRequest = async (
-  resource,
-  action,
-  data = {},
-  options = {},
-  retries = 3
-) => {
-  if (!api[resource] || typeof api[resource][action] !== "function") {
+const handleApiRequest = async (resource, action, data = {}, options = {}, retries = 3) => {
+  if (!api[resource] || typeof api[resource][action] !== 'function') {
     const errorMsg = `Invalid Ghost API resource or action: ${resource}.${action}`;
     console.error(errorMsg);
     throw new Error(errorMsg);
   }
 
   try {
-    logger.apiRequest(`${resource}.${action}`, '', { retries, hasData: !!Object.keys(data).length });
+    logger.apiRequest(`${resource}.${action}`, '', {
+      retries,
+      hasData: !!Object.keys(data).length,
+    });
     // Log data payload carefully, avoiding sensitive info if necessary
     // logger.debug('API request payload', { resource, action, dataKeys: Object.keys(data) });
 
@@ -54,9 +51,9 @@ const handleApiRequest = async (
       // Actions like 'browse', 'read' might take options first, then data (like an ID)
       // The Ghost Admin API library structure varies slightly, this is a basic attempt
       // We might need more specific handlers if this proves too simple.
-      if (action === "add" || action === "edit") {
+      if (action === 'add' || action === 'edit') {
         result = await api[resource][action](data, options);
-      } else if (action === "upload") {
+      } else if (action === 'upload') {
         // Upload action has a specific signature
         result = await api[resource][action](data); // data here is { ref, file } or similar
       } else {
@@ -68,9 +65,9 @@ const handleApiRequest = async (
       result = await api[resource][action](data);
     }
 
-    logger.apiResponse(`${resource}.${action}`, '', 200, { 
+    logger.apiResponse(`${resource}.${action}`, '', 200, {
       resultType: typeof result,
-      hasResult: !!result
+      hasResult: !!result,
     });
     return result;
   } catch (error) {
@@ -81,8 +78,7 @@ const handleApiRequest = async (
     const statusCode = error.response?.status; // Example: Check for Axios-like error structure
     const isRateLimit = statusCode === 429;
     const isServerError = statusCode >= 500;
-    const isNetworkError =
-      error.code === "ECONNREFUSED" || error.code === "ETIMEDOUT"; // Example network errors
+    const isNetworkError = error.code === 'ECONNREFUSED' || error.code === 'ETIMEDOUT'; // Example network errors
 
     if ((isRateLimit || isServerError || isNetworkError) && retries > 0) {
       const delay = isRateLimit ? 5000 : 1000 * (4 - retries); // Longer delay for rate limit, increasing delay for others
@@ -91,7 +87,7 @@ const handleApiRequest = async (
         action,
         delay,
         retriesLeft: retries - 1,
-        reason: isRateLimit ? 'rate_limit' : isServerError ? 'server_error' : 'network_error'
+        reason: isRateLimit ? 'rate_limit' : isServerError ? 'server_error' : 'network_error',
       });
       await new Promise((resolve) => setTimeout(resolve, delay));
       // Recursively call with decremented retries
@@ -101,7 +97,7 @@ const handleApiRequest = async (
         resource,
         action,
         id: data.id || 'N/A',
-        statusCode
+        statusCode,
       });
       // Decide how to handle 404 - maybe return null or let the error propagate
       throw error; // Or return null;
@@ -110,7 +106,7 @@ const handleApiRequest = async (
         resource,
         action,
         statusCode,
-        error: error.message
+        error: error.message,
       });
       throw error; // Re-throw for upstream handling
     }
@@ -119,7 +115,7 @@ const handleApiRequest = async (
 
 // Example function (will be expanded later)
 const getSiteInfo = async () => {
-  return handleApiRequest("site", "read");
+  return handleApiRequest('site', 'read');
   // try {
   //   const site = await api.site.read();
   //   console.log("Connected to Ghost site:", site.title);
@@ -137,19 +133,19 @@ const getSiteInfo = async () => {
  * @param {object} options - Optional parameters like source: 'html'.
  * @returns {Promise<object>} The created post object.
  */
-const createPost = async (postData, options = { source: "html" }) => {
+const createPost = async (postData, options = { source: 'html' }) => {
   if (!postData.title) {
-    throw new Error("Post title is required.");
+    throw new Error('Post title is required.');
   }
   // Add more validation as needed (e.g., for content)
 
   // Default status to draft if not provided
   const dataWithDefaults = {
-    status: "draft",
+    status: 'draft',
     ...postData,
   };
 
-  return handleApiRequest("posts", "add", dataWithDefaults, options);
+  return handleApiRequest('posts', 'add', dataWithDefaults, options);
 };
 
 /**
@@ -160,14 +156,14 @@ const createPost = async (postData, options = { source: "html" }) => {
  */
 const uploadImage = async (imagePath) => {
   if (!imagePath) {
-    throw new Error("Image path is required for upload.");
+    throw new Error('Image path is required for upload.');
   }
 
   // The Ghost Admin API expects an object with a 'file' property containing the path
   const imageData = { file: imagePath };
 
   // Use the handleApiRequest function for consistency
-  return handleApiRequest("images", "upload", imageData);
+  return handleApiRequest('images', 'upload', imageData);
 };
 
 /**
@@ -177,10 +173,10 @@ const uploadImage = async (imagePath) => {
  */
 const createTag = async (tagData) => {
   if (!tagData.name) {
-    throw new Error("Tag name is required.");
+    throw new Error('Tag name is required.');
   }
   // Ghost automatically generates slug if not provided, but providing is good practice
-  return handleApiRequest("tags", "add", tagData);
+  return handleApiRequest('tags', 'add', tagData);
 };
 
 /**
@@ -190,32 +186,24 @@ const createTag = async (tagData) => {
  */
 const getTags = async (name) => {
   const options = {
-    limit: "all", // Get all tags
+    limit: 'all', // Get all tags
   };
-  
+
   // Safely construct filter to prevent injection
   if (name) {
     // Additional validation: only allow alphanumeric, spaces, hyphens, underscores
     if (!/^[a-zA-Z0-9\s\-_]+$/.test(name)) {
-      throw new Error("Tag name contains invalid characters");
+      throw new Error('Tag name contains invalid characters');
     }
     // Escape single quotes and backslashes to prevent injection
     const safeName = name.replace(/\\/g, '\\\\').replace(/'/g, "\\'");
     options.filter = `name:'${safeName}'`;
   }
-  
-  return handleApiRequest("tags", "browse", {}, options);
+
+  return handleApiRequest('tags', 'browse', {}, options);
 };
 
 // Add other content management functions here (createTag, etc.)
 
 // Export the API client instance and any service functions
-export {
-  api,
-  getSiteInfo,
-  handleApiRequest,
-  createPost,
-  uploadImage,
-  createTag,
-  getTags,
-};
+export { api, getSiteInfo, handleApiRequest, createPost, uploadImage, createTag, getTags };