@mctx-ai/mcp-server 0.5.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/server.js +8 -9
  2. package/package.json +1 -1
  3. package/src/server.js +8 -9
package/dist/server.js CHANGED
@@ -456,11 +456,12 @@ export function createServer(options = {}) {
456
456
  handler = resources.get(normalizedUri);
457
457
  } else {
458
458
  // Try template matching using uri.js module
459
- // Canonicalize registered URIs for consistent matching
460
459
  for (const [registeredUri, h] of resources.entries()) {
461
- // Canonicalize the registered URI for comparison
462
- // This ensures consistent matching regardless of registration format
463
- const normalizedRegisteredUri = canonicalizePath(registeredUri);
460
+ // Normalize registered URI for consistent matching (slash deduplication only)
461
+ // Don't apply security validation to developer-provided templates
462
+ const normalizedRegisteredUri = registeredUri
463
+ .replace(/\\/g, "/") // Convert backslashes to forward slashes
464
+ .replace(/\/+/g, "/"); // Remove duplicate slashes
464
465
  const match = matchUri(normalizedRegisteredUri, normalizedUri);
465
466
  if (match) {
466
467
  handler = h;
@@ -789,11 +790,9 @@ export function createServer(options = {}) {
789
790
  return handleLoggingSetLevel(params);
790
791
 
791
792
  default: {
792
- {
793
- const error = new Error("Method not found");
794
- error.code = -32601;
795
- throw error;
796
- }
793
+ const error = new Error("Method not found");
794
+ error.code = -32601;
795
+ throw error;
797
796
  }
798
797
  }
799
798
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mctx-ai/mcp-server",
3
- "version": "0.5.1",
3
+ "version": "0.5.2",
4
4
  "description": "Build MCP servers with an Express-like API — no protocol knowledge required",
5
5
  "type": "module",
6
6
  "main": "./src/index.js",
package/src/server.js CHANGED
@@ -456,11 +456,12 @@ export function createServer(options = {}) {
456
456
  handler = resources.get(normalizedUri);
457
457
  } else {
458
458
  // Try template matching using uri.js module
459
- // Canonicalize registered URIs for consistent matching
460
459
  for (const [registeredUri, h] of resources.entries()) {
461
- // Canonicalize the registered URI for comparison
462
- // This ensures consistent matching regardless of registration format
463
- const normalizedRegisteredUri = canonicalizePath(registeredUri);
460
+ // Normalize registered URI for consistent matching (slash deduplication only)
461
+ // Don't apply security validation to developer-provided templates
462
+ const normalizedRegisteredUri = registeredUri
463
+ .replace(/\\/g, "/") // Convert backslashes to forward slashes
464
+ .replace(/\/+/g, "/"); // Remove duplicate slashes
464
465
  const match = matchUri(normalizedRegisteredUri, normalizedUri);
465
466
  if (match) {
466
467
  handler = h;
@@ -789,11 +790,9 @@ export function createServer(options = {}) {
789
790
  return handleLoggingSetLevel(params);
790
791
 
791
792
  default: {
792
- {
793
- const error = new Error("Method not found");
794
- error.code = -32601;
795
- throw error;
796
- }
793
+ const error = new Error("Method not found");
794
+ error.code = -32601;
795
+ throw error;
797
796
  }
798
797
  }
799
798
  }