npm - @mgsoftwarebv/mg-dashboard-mcp - Versions diffs - 3.3.0 → 3.4.0 - Mend

@mgsoftwarebv/mg-dashboard-mcp 3.3.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -9,7 +9,7 @@ import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
 import { ListToolsRequestSchema, CallToolRequestSchema, isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
 import { createServer } from 'http';
-import { randomUUID, randomBytes, createHash, createCipheriv, createDecipheriv } from 'crypto';
+import { randomUUID, createHash, randomBytes, createCipheriv, createDecipheriv } from 'crypto';
 import { createClient } from '@supabase/supabase-js';
 import { readFile, mkdtemp, writeFile, rm } from 'fs/promises';
 import { tmpdir } from 'os';
@@ -1173,8 +1173,8 @@ var encryptionKey = getArg2("encryption-key") || process.env.ENCRYPTION_KEY;
 var mijnhostApiKey = getArg2("mijnhost-api-key") || process.env.MIJNHOST_API_KEY;
 var httpMode = args.includes("--http");
 var httpPort = Number(getArg2("port")) || 3100;
-if (!apiKey && !sshKeyPath) {
-  console.error("Authentication required. Use --api-key=dk_xxx, --ssh-key=PATH (path to your SSH private or public key), or set MG_DASHBOARD_API_KEY / MG_DASHBOARD_SSH_KEY.");
+if (!apiKey || !sshKeyPath) {
+  console.error("Authentication required. Use both --api-key=dk_xxx and --ssh-key=PATH (path to your SSH private or public key), or set MG_DASHBOARD_API_KEY and MG_DASHBOARD_SSH_KEY.");
   process.exit(1);
 }
 if (!supabaseUrl || !supabaseKey) {
@@ -1466,7 +1466,7 @@ async function sshKeygenVerify(pubkeyLine, signature, challenge, namespace) {
     await rm(dir, { recursive: true, force: true }).catch(() => void 0);
   }
 }
-async function validateSshKey(pubkeyPathInput) {
+async function validateSshKey(pubkeyPathInput, expectedApiKeyId) {
   let pubPath;
   let pubText;
   try {
@@ -1513,6 +1513,12 @@ async function validateSshKey(pubkeyPathInput) {
     );
     return null;
   }
+  if (keyRow.api_key_id !== expectedApiKeyId) {
+    console.error(
+      `SSH key "${keyRow.name}" is registered, but it is not linked to the provided MCP API key. Add this SSH key under the same MCP API Key entry used by --api-key.`
+    );
+    return null;
+  }
   const { data: apiRow, error: apiErr } = await supabase.from("dashboard_mcp_api_key").select("id, name, created_by, allowed_server_ids, is_active, expires_at").eq("id", keyRow.api_key_id).eq("is_active", true).maybeSingle();
   if (apiErr || !apiRow) {
     console.error("SSH key is linked to an inactive or missing MCP API key entry.");
@@ -3177,18 +3183,15 @@ function createMcpServer() {
 var server = createMcpServer();
 async function main() {
   console.error("Starting MG Dashboard MCP Server...");
-  if (sshKeyPath) {
-    authContext = await validateSshKey(sshKeyPath);
-    if (!authContext) {
-      console.error("SSH-key authentication failed");
-      process.exit(1);
-    }
-  } else {
-    authContext = await validateApiKey(apiKey);
-    if (!authContext) {
-      console.error("API key validation failed");
-      process.exit(1);
-    }
+  const apiAuthContext = await validateApiKey(apiKey);
+  if (!apiAuthContext) {
+    console.error("API key validation failed");
+    process.exit(1);
+  }
+  authContext = await validateSshKey(sshKeyPath, apiAuthContext.apiKeyId);
+  if (!authContext) {
+    console.error("SSH-key authentication failed");
+    process.exit(1);
   }
   console.error(`[Security] MCP v${MCP_VERSION} | Key: ${authContext.apiKeyName}`);
   const toolNames = TOOLS.map((t) => t.name).join(", ");