@mcp-ts/sdk 1.6.1 → 2.0.0

package/src/server/storage/memory-backend.ts

@@ -1,16 +1,16 @@
-import { StorageBackend, SessionData, SetClientOptions } from './types.js';
+import type { SessionStore, Session, SetClientOptions } from './types.js';
 import { generateSessionId } from '../../shared/utils.js';
 
 /**
- * In-memory implementation of StorageBackend
+ * In-memory implementation of SessionStore
  * Useful for local development or testing
  */
-export class MemoryStorageBackend implements StorageBackend {
-    // Map<identity:sessionId, SessionData>
-    private sessions = new Map<string, SessionData>();
+export class MemoryStorageBackend implements SessionStore {
+    // Map<userId:sessionId, Session>
+    private sessions = new Map<string, Session>();
 
-    // Map<identity, Set<sessionId>>
-    private identitySessions = new Map<string, Set<string>>();
+    // Map<userId, Set<sessionId>>
+    private userIdSessions = new Map<string, Set<string>>();
 
     constructor() { }
 
@@ -18,19 +18,19 @@ export class MemoryStorageBackend implements StorageBackend {
         console.log('[mcp-ts][Storage] Memory: ✓ internal memory store active.');
     }
 
-    private getSessionKey(identity: string, sessionId: string): string {
-        return `${identity}:${sessionId}`;
+    private getSessionKey(userId: string, sessionId: string): string {
+        return `${userId}:${sessionId}`;
     }
 
     generateSessionId(): string {
         return generateSessionId();
     }
 
-    async createSession(session: SessionData, ttl?: number): Promise<void> {
-        const { sessionId, identity } = session;
-        if (!sessionId || !identity) throw new Error('identity and sessionId required');
+    async create(session: Session, ttl?: number): Promise<void> {
+        const { sessionId, userId } = session;
+        if (!sessionId || !userId) throw new Error('userId and sessionId required');
 
-        const sessionKey = this.getSessionKey(identity, sessionId);
+        const sessionKey = this.getSessionKey(userId, sessionId);
         if (this.sessions.has(sessionKey)) {
             throw new Error(`Session ${sessionId} already exists`);
         }
@@ -38,17 +38,17 @@ export class MemoryStorageBackend implements StorageBackend {
         this.sessions.set(sessionKey, session);
 
         // Update index
-        if (!this.identitySessions.has(identity)) {
-            this.identitySessions.set(identity, new Set());
+        if (!this.userIdSessions.has(userId)) {
+            this.userIdSessions.set(userId, new Set());
         }
-        this.identitySessions.get(identity)!.add(sessionId);
+        this.userIdSessions.get(userId)!.add(sessionId);
         // Note: TTL is ignored in memory backend - sessions don't auto-expire
     }
 
-    async updateSession(identity: string, sessionId: string, data: Partial<SessionData>, ttl?: number): Promise<void> {
-        if (!identity || !sessionId) throw new Error('identity and sessionId required');
+    async update(userId: string, sessionId: string, data: Partial<Session>, ttl?: number): Promise<void> {
+        if (!userId || !sessionId) throw new Error('userId and sessionId required');
 
-        const sessionKey = this.getSessionKey(identity, sessionId);
+        const sessionKey = this.getSessionKey(userId, sessionId);
         const current = this.sessions.get(sessionKey);
 
         if (!current) {
@@ -65,23 +65,23 @@ export class MemoryStorageBackend implements StorageBackend {
     }
 
 
-    async getSession(identity: string, sessionId: string): Promise<SessionData | null> {
-        const sessionKey = this.getSessionKey(identity, sessionId);
+    async get(userId: string, sessionId: string): Promise<Session | null> {
+        const sessionKey = this.getSessionKey(userId, sessionId);
         return this.sessions.get(sessionKey) || null;
     }
 
-    async getIdentityMcpSessions(identity: string): Promise<string[]> {
-        const set = this.identitySessions.get(identity);
+    async listIds(userId: string): Promise<string[]> {
+        const set = this.userIdSessions.get(userId);
         return set ? Array.from(set) : [];
     }
 
-    async getIdentitySessionsData(identity: string): Promise<SessionData[]> {
-        const set = this.identitySessions.get(identity);
+    async list(userId: string): Promise<Session[]> {
+        const set = this.userIdSessions.get(userId);
         if (!set) return [];
 
-        const results: SessionData[] = [];
+        const results: Session[] = [];
         for (const sessionId of set) {
-            const session = this.sessions.get(this.getSessionKey(identity, sessionId));
+            const session = this.sessions.get(this.getSessionKey(userId, sessionId));
             if (session) {
                 results.push(session);
             }
@@ -89,29 +89,29 @@ export class MemoryStorageBackend implements StorageBackend {
         return results;
     }
 
-    async removeSession(identity: string, sessionId: string): Promise<void> {
-        const sessionKey = this.getSessionKey(identity, sessionId);
+    async delete(userId: string, sessionId: string): Promise<void> {
+        const sessionKey = this.getSessionKey(userId, sessionId);
         this.sessions.delete(sessionKey);
 
-        const set = this.identitySessions.get(identity);
+        const set = this.userIdSessions.get(userId);
         if (set) {
             set.delete(sessionId);
             if (set.size === 0) {
-                this.identitySessions.delete(identity);
+                this.userIdSessions.delete(userId);
             }
         }
     }
 
-    async getAllSessionIds(): Promise<string[]> {
+    async listAllIds(): Promise<string[]> {
         return Array.from(this.sessions.values()).map(s => s.sessionId);
     }
 
     async clearAll(): Promise<void> {
         this.sessions.clear();
-        this.identitySessions.clear();
+        this.userIdSessions.clear();
     }
 
-    async cleanupExpiredSessions(): Promise<void> {
+    async cleanupExpired(): Promise<void> {
         // In-memory doesn't implement TTL automatically, 
         // but we could check createdAt + TTL here if needed.
         // For now, no-op.

package/src/server/storage/neon-backend.ts

@@ -0,0 +1,281 @@
+import type { SessionStore, Session } from './types.js';
+import { SESSION_TTL_SECONDS } from '../../shared/constants.js';
+import { generateSessionId } from '../../shared/utils.js';
+import { encryptObject, decryptObject } from './crypto.js';
+
+export interface NeonStorageOptions {
+    schema?: string;
+    table?: string;
+}
+
+type NeonSql = {
+    query(queryWithPlaceholders: string, params?: unknown[]): Promise<any[]>;
+};
+
+type NeonSessionRow = {
+    session_id: string;
+    server_id?: string | null;
+    server_name?: string | null;
+    server_url: string;
+    transport_type: 'sse' | 'streamable-http';
+    callback_url: string;
+    created_at: string | Date;
+    user_id: string;
+    headers?: unknown;
+    active?: boolean | null;
+    client_information?: unknown;
+    tokens?: unknown;
+    code_verifier?: string | null;
+    client_id?: string | null;
+};
+
+export class NeonStorageBackend implements SessionStore {
+    private readonly DEFAULT_TTL = SESSION_TTL_SECONDS;
+    private readonly tableName: string;
+
+    constructor(
+        private readonly sql: NeonSql,
+        options: NeonStorageOptions = {}
+    ) {
+        const schema = options.schema || 'public';
+        const table = options.table || 'mcp_sessions';
+        this.tableName = `${this.quoteIdentifier(schema)}.${this.quoteIdentifier(table)}`;
+    }
+
+    async init(): Promise<void> {
+        const [{ exists } = { exists: null }] = await this.sql.query(
+            'SELECT to_regclass($1) AS exists',
+            [this.tableName.replace(/"/g, '')]
+        ) as Array<{ exists: string | null }>;
+
+        if (!exists) {
+            throw new Error(
+                '[NeonStorage] Table "mcp_sessions" not found in your database. ' +
+                'Please create it using the Neon storage guide in docs/storage-backends/neon.md.'
+            );
+        }
+
+        console.log('[mcp-ts][Storage] Neon: "mcp_sessions" table verified.');
+    }
+
+    generateSessionId(): string {
+        return generateSessionId();
+    }
+
+    private quoteIdentifier(identifier: string): string {
+        if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(identifier)) {
+            throw new Error(`Invalid Neon storage identifier: ${identifier}`);
+        }
+        return `"${identifier}"`;
+    }
+
+    private mapRowToSessionData(row: NeonSessionRow): Session {
+        return {
+            sessionId: row.session_id,
+            serverId: row.server_id ?? undefined,
+            serverName: row.server_name ?? undefined,
+            serverUrl: row.server_url,
+            transportType: row.transport_type,
+            callbackUrl: row.callback_url,
+            createdAt: new Date(row.created_at).getTime(),
+            userId: row.user_id,
+            headers: decryptObject(row.headers),
+            active: row.active ?? false,
+            clientInformation: row.client_information as Session['clientInformation'],
+            tokens: decryptObject(row.tokens),
+            codeVerifier: row.code_verifier ?? undefined,
+            clientId: row.client_id ?? undefined,
+        };
+    }
+
+    async create(session: Session, ttl?: number): Promise<void> {
+        const { sessionId, userId } = session;
+        if (!sessionId || !userId) throw new Error('userId and sessionId required');
+
+        const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+        const expiresAt = new Date(Date.now() + effectiveTtl * 1000).toISOString();
+
+        try {
+            await this.sql.query(
+                `INSERT INTO ${this.tableName} (
+                    session_id,
+                    user_id,
+                    server_id,
+                    server_name,
+                    server_url,
+                    transport_type,
+                    callback_url,
+                    created_at,
+                    headers,
+                    active,
+                    client_information,
+                    tokens,
+                    code_verifier,
+                    client_id,
+                    expires_at
+                ) VALUES (
+                    $1, $2, $3, $4, $5, $6, $7, $8,
+                    $9, $10, $11, $12, $13, $14, $15
+                )`,
+                [
+                    sessionId,
+                    userId,
+                    session.serverId,
+                    session.serverName,
+                    session.serverUrl,
+                    session.transportType,
+                    session.callbackUrl,
+                    new Date(session.createdAt || Date.now()).toISOString(),
+                    encryptObject(session.headers),
+                    session.active ?? false,
+                    session.clientInformation,
+                    encryptObject(session.tokens),
+                    session.codeVerifier,
+                    session.clientId,
+                    expiresAt,
+                ]
+            );
+        } catch (error: any) {
+            if (error.code === '23505') {
+                throw new Error(`Session ${sessionId} already exists`);
+            }
+            throw new Error(`Failed to create session in Neon: ${error.message}`);
+        }
+    }
+
+    async update(userId: string, sessionId: string, data: Partial<Session>, ttl?: number): Promise<void> {
+        const currentSession = await this.get(userId, sessionId);
+        if (!currentSession) {
+            throw new Error(`Session ${sessionId} not found for userId ${userId}`);
+        }
+
+        const updatedSession = { ...currentSession, ...data };
+        const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+        const expiresAt = new Date(Date.now() + effectiveTtl * 1000).toISOString();
+
+        const updatedRows = await this.sql.query(
+            `UPDATE ${this.tableName}
+             SET
+                server_id = $1,
+                server_name = $2,
+                server_url = $3,
+                transport_type = $4,
+                callback_url = $5,
+                active = $6,
+                headers = $7,
+                client_information = $8,
+                tokens = $9,
+                code_verifier = $10,
+                client_id = $11,
+                expires_at = $12,
+                updated_at = now()
+             WHERE user_id = $13 AND session_id = $14
+             RETURNING id`,
+            [
+                updatedSession.serverId,
+                updatedSession.serverName,
+                updatedSession.serverUrl,
+                updatedSession.transportType,
+                updatedSession.callbackUrl,
+                updatedSession.active ?? false,
+                encryptObject(updatedSession.headers),
+                updatedSession.clientInformation,
+                encryptObject(updatedSession.tokens),
+                updatedSession.codeVerifier,
+                updatedSession.clientId,
+                expiresAt,
+                userId,
+                sessionId,
+            ]
+        ) as Array<{ id: string }>;
+
+        if (updatedRows.length === 0) {
+            throw new Error(`Session ${sessionId} not found for userId ${userId}`);
+        }
+    }
+
+    async get(userId: string, sessionId: string): Promise<Session | null> {
+        try {
+            const rows = await this.sql.query(
+                `SELECT * FROM ${this.tableName} WHERE user_id = $1 AND session_id = $2`,
+                [userId, sessionId]
+            ) as NeonSessionRow[];
+            return rows[0] ? this.mapRowToSessionData(rows[0]) : null;
+        } catch (error) {
+            console.error('[NeonStorage] Failed to get session:', error);
+            return null;
+        }
+    }
+
+    async list(userId: string): Promise<Session[]> {
+        try {
+            const rows = await this.sql.query(
+                `SELECT * FROM ${this.tableName} WHERE user_id = $1`,
+                [userId]
+            ) as NeonSessionRow[];
+            return rows.map((row) => this.mapRowToSessionData(row));
+        } catch (error) {
+            console.error(`[NeonStorage] Failed to get session data for ${userId}:`, error);
+            return [];
+        }
+    }
+
+    async delete(userId: string, sessionId: string): Promise<void> {
+        try {
+            await this.sql.query(
+                `DELETE FROM ${this.tableName} WHERE user_id = $1 AND session_id = $2`,
+                [userId, sessionId]
+            );
+        } catch (error) {
+            console.error('[NeonStorage] Failed to remove session:', error);
+        }
+    }
+
+    async listIds(userId: string): Promise<string[]> {
+        try {
+            const rows = await this.sql.query(
+                `SELECT session_id FROM ${this.tableName} WHERE user_id = $1`,
+                [userId]
+            ) as Array<{ session_id: string }>;
+            return rows.map((row) => row.session_id);
+        } catch (error) {
+            console.error(`[NeonStorage] Failed to get sessions for ${userId}:`, error);
+            return [];
+        }
+    }
+
+    async listAllIds(): Promise<string[]> {
+        try {
+            const rows = await this.sql.query(
+                `SELECT session_id FROM ${this.tableName}`
+            ) as Array<{ session_id: string }>;
+            return rows.map((row) => row.session_id);
+        } catch (error) {
+            console.error('[NeonStorage] Failed to get all sessions:', error);
+            return [];
+        }
+    }
+
+    async clearAll(): Promise<void> {
+        try {
+            await this.sql.query(`DELETE FROM ${this.tableName}`);
+        } catch (error) {
+            console.error('[NeonStorage] Failed to clear sessions:', error);
+        }
+    }
+
+    async cleanupExpired(): Promise<void> {
+        try {
+            await this.sql.query(
+                `DELETE FROM ${this.tableName} WHERE expires_at < $1`,
+                [new Date().toISOString()]
+            );
+        } catch (error) {
+            console.error('[NeonStorage] Failed to cleanup expired sessions:', error);
+        }
+    }
+
+    async disconnect(): Promise<void> {
+        // Neon HTTP queries do not hold a persistent connection.
+    }
+}