@jtalk22/slack-mcp 1.1.5 → 1.1.6

package/lib/handlers.js

@@ -4,7 +4,7 @@
  * Implementation of all MCP tool handlers.
  */
 
-import { writeFileSync, readFileSync, existsSync, renameSync, unlinkSync } from "fs";
+import { writeFileSync, readFileSync, existsSync, renameSync, unlinkSync, mkdirSync } from "fs";
 import { homedir, platform } from "os";
 import { join } from "path";
 import { loadTokens, saveTokens, extractFromChrome, isAutoRefreshAvailable } from "./token-store.js";
@@ -404,11 +404,20 @@ export async function handleGetFullConversation(args) {
     messages: allMessages
   };
 
-  // Save to file if requested
+  // Save to file if requested (restricted to ~/.slack-mcp-exports/ for security)
   if (args.output_file) {
-    const outputPath = args.output_file.startsWith('/')
-      ? args.output_file
-      : join(homedir(), args.output_file);
+    const exportDir = join(homedir(), '.slack-mcp-exports');
+    // Ensure export directory exists
+    try { mkdirSync(exportDir, { recursive: true }); } catch {}
+
+    // Sanitize filename - remove any path traversal attempts
+    const sanitizedName = args.output_file
+      .replace(/^.*[\\\/]/, '')  // Remove any path components
+      .replace(/\.\./g, '')       // Remove .. sequences
+      .replace(/[<>:"|?*]/g, '') // Remove invalid chars
+      || 'export.json';
+
+    const outputPath = join(exportDir, sanitizedName);
     writeFileSync(outputPath, JSON.stringify(output, null, 2));
     output.saved_to = outputPath;
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jtalk22/slack-mcp",
-  "version": "1.1.5",
+  "version": "1.1.6",
   "description": "Full Slack access for Claude - DMs, channels, search. No OAuth. No admin approval. Just works.",
   "type": "module",
   "main": "src/server.js",

package/src/web-server.js

@@ -67,9 +67,20 @@ const API_KEY = getOrCreateAPIKey();
 app.use(express.json());
 app.use(express.static(join(__dirname, "../public")));
 
-// CORS for local development
+// CORS - restricted to localhost for security
+// Using * would allow any website to make requests to your local server
+const ALLOWED_ORIGINS = [
+  `http://localhost:${PORT}`,
+  `http://127.0.0.1:${PORT}`,
+  'http://localhost:3000',
+  'http://127.0.0.1:3000'
+];
+
 app.use((req, res, next) => {
-  res.header("Access-Control-Allow-Origin", "*");
+  const origin = req.headers.origin;
+  if (ALLOWED_ORIGINS.includes(origin)) {
+    res.header("Access-Control-Allow-Origin", origin);
+  }
   res.header("Access-Control-Allow-Headers", "Content-Type, Authorization");
   res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
   if (req.method === "OPTIONS") {
@@ -280,7 +291,8 @@ async function main() {
     console.log(`Credentials loaded from: ${credentials.source}`);
   }
 
-  app.listen(PORT, () => {
+  // Bind to localhost only - prevents access from other devices on the network
+  app.listen(PORT, '127.0.0.1', () => {
     // Print to stderr to keep logs clean (stdout reserved for JSON in some setups)
     console.error(`\n${"═".repeat(60)}`);
     console.error(`  Slack Web API Server v1.1.0`);
@@ -288,6 +300,7 @@ async function main() {
     console.error(`\n  Dashboard: http://localhost:${PORT}/?key=${API_KEY}`);
     console.error(`\n  API Key:   ${API_KEY}`);
     console.error(`\n  curl -H "Authorization: Bearer ${API_KEY}" http://localhost:${PORT}/health`);
+    console.error(`\n  Security: Bound to localhost only (127.0.0.1)`);
     console.error(`\n${"═".repeat(60)}\n`);
   });
 }