npm - @mieubrisse/notion-mcp-server - Versions diffs - 2.0.0 - Mend

@mieubrisse/notion-mcp-server 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/.devcontainer/devcontainer.json +4 -0
package/.dockerignore +3 -0
package/.github/pull_request_template.md +8 -0
package/.github/workflows/ci.yml +42 -0
package/Dockerfile +36 -0
package/LICENSE +7 -0
package/README.md +412 -0
package/docker-compose.yml +6 -0
package/docs/images/connections.png +0 -0
package/docs/images/integration-access.png +0 -0
package/docs/images/integrations-capabilities.png +0 -0
package/docs/images/integrations-creation.png +0 -0
package/docs/images/page-access-edit.png +0 -0
package/package.json +63 -0
package/scripts/build-cli.js +30 -0
package/scripts/notion-openapi.json +2238 -0
package/scripts/start-server.ts +243 -0
package/src/init-server.ts +50 -0
package/src/openapi-mcp-server/README.md +3 -0
package/src/openapi-mcp-server/auth/index.ts +2 -0
package/src/openapi-mcp-server/auth/template.ts +24 -0
package/src/openapi-mcp-server/auth/types.ts +26 -0
package/src/openapi-mcp-server/client/__tests__/http-client-upload.test.ts +205 -0
package/src/openapi-mcp-server/client/__tests__/http-client.integration.test.ts +282 -0
package/src/openapi-mcp-server/client/__tests__/http-client.test.ts +537 -0
package/src/openapi-mcp-server/client/http-client.ts +198 -0
package/src/openapi-mcp-server/client/polyfill-headers.ts +42 -0
package/src/openapi-mcp-server/index.ts +3 -0
package/src/openapi-mcp-server/mcp/__tests__/proxy.test.ts +479 -0
package/src/openapi-mcp-server/mcp/proxy.ts +250 -0
package/src/openapi-mcp-server/openapi/__tests__/file-upload.test.ts +100 -0
package/src/openapi-mcp-server/openapi/__tests__/parser-multipart.test.ts +602 -0
package/src/openapi-mcp-server/openapi/__tests__/parser.test.ts +1448 -0
package/src/openapi-mcp-server/openapi/file-upload.ts +40 -0
package/src/openapi-mcp-server/openapi/parser.ts +529 -0
package/tsconfig.json +26 -0

package/scripts/start-server.ts ADDED Viewed

@@ -0,0 +1,243 @@
+import path from 'node:path'
+import { fileURLToPath } from 'url'
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js'
+import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js'
+import { randomUUID, randomBytes } from 'node:crypto'
+import express from 'express'
+import { initProxy, ValidationError } from '../src/init-server'
+export async function startServer(args: string[] = process.argv) {
+  const filename = fileURLToPath(import.meta.url)
+  const directory = path.dirname(filename)
+  const specPath = path.resolve(directory, '../scripts/notion-openapi.json')
+  const baseUrl = process.env.BASE_URL ?? undefined
+  // Parse command line arguments manually (similar to slack-mcp approach)
+  function parseArgs() {
+    const args = process.argv.slice(2);
+    let transport = 'stdio'; // default
+    let port = 3000;
+    let authToken: string | undefined;
+    for (let i = 0; i < args.length; i++) {
+      if (args[i] === '--transport' && i + 1 < args.length) {
+        transport = args[i + 1];
+        i++; // skip next argument
+      } else if (args[i] === '--port' && i + 1 < args.length) {
+        port = parseInt(args[i + 1], 10);
+        i++; // skip next argument
+      } else if (args[i] === '--auth-token' && i + 1 < args.length) {
+        authToken = args[i + 1];
+        i++; // skip next argument
+      } else if (args[i] === '--help' || args[i] === '-h') {
+        console.log(`
+Usage: notion-mcp-server [options]
+Options:
+  --transport <type>     Transport type: 'stdio' or 'http' (default: stdio)
+  --port <number>        Port for HTTP server when using Streamable HTTP transport (default: 3000)
+  --auth-token <token>   Bearer token for HTTP transport authentication (optional)
+  --help, -h             Show this help message
+Environment Variables:
+  NOTION_TOKEN           Notion integration token (recommended)
+  OPENAPI_MCP_HEADERS    JSON string with Notion API headers (alternative)
+  AUTH_TOKEN             Bearer token for HTTP transport authentication (alternative to --auth-token)
+Examples:
+  notion-mcp-server                                    # Use stdio transport (default)
+  notion-mcp-server --transport stdio                  # Use stdio transport explicitly
+  notion-mcp-server --transport http                   # Use Streamable HTTP transport on port 3000
+  notion-mcp-server --transport http --port 8080       # Use Streamable HTTP transport on port 8080
+  notion-mcp-server --transport http --auth-token mytoken # Use Streamable HTTP transport with custom auth token
+  AUTH_TOKEN=mytoken notion-mcp-server --transport http # Use Streamable HTTP transport with auth token from env var
+`);
+        process.exit(0);
+      }
+      // Ignore unrecognized arguments (like command name passed by Docker)
+    }
+    return { transport: transport.toLowerCase(), port, authToken };
+  }
+  const options = parseArgs()
+  const transport = options.transport
+  if (transport === 'stdio') {
+    // Use stdio transport (default)
+    const proxy = await initProxy(specPath, baseUrl)
+    await proxy.connect(new StdioServerTransport())
+    return proxy.getServer()
+  } else if (transport === 'http') {
+    // Use Streamable HTTP transport
+    const app = express()
+    app.use(express.json())
+    // Generate or use provided auth token (from CLI arg or env var)
+    const authToken = options.authToken || process.env.AUTH_TOKEN || randomBytes(32).toString('hex')
+    if (!options.authToken && !process.env.AUTH_TOKEN) {
+      console.log(`Generated auth token: ${authToken}`)
+      console.log(`Use this token in the Authorization header: Bearer ${authToken}`)
+    }
+    // Authorization middleware
+    const authenticateToken = (req: express.Request, res: express.Response, next: express.NextFunction): void => {
+      const authHeader = req.headers['authorization']
+      const token = authHeader && authHeader.split(' ')[1] // Bearer TOKEN
+      if (!token) {
+        res.status(401).json({
+          jsonrpc: '2.0',
+          error: {
+            code: -32001,
+            message: 'Unauthorized: Missing bearer token',
+          },
+          id: null,
+        })
+        return
+      }
+      if (token !== authToken) {
+        res.status(403).json({
+          jsonrpc: '2.0',
+          error: {
+            code: -32002,
+            message: 'Forbidden: Invalid bearer token',
+          },
+          id: null,
+        })
+        return
+      }
+      next()
+    }
+    // Health endpoint (no authentication required)
+    app.get('/health', (req, res) => {
+      res.status(200).json({
+        status: 'healthy',
+        timestamp: new Date().toISOString(),
+        transport: 'http',
+        port: options.port
+      })
+    })
+    // Apply authentication to all /mcp routes
+    app.use('/mcp', authenticateToken)
+    // Map to store transports by session ID
+    const transports: { [sessionId: string]: StreamableHTTPServerTransport } = {}
+    // Handle POST requests for client-to-server communication
+    app.post('/mcp', async (req, res) => {
+      try {
+        // Check for existing session ID
+        const sessionId = req.headers['mcp-session-id'] as string | undefined
+        let transport: StreamableHTTPServerTransport
+        if (sessionId && transports[sessionId]) {
+          // Reuse existing transport
+          transport = transports[sessionId]
+        } else if (!sessionId && isInitializeRequest(req.body)) {
+          // New initialization request
+          transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: () => randomUUID(),
+            onsessioninitialized: (sessionId) => {
+              // Store the transport by session ID
+              transports[sessionId] = transport
+            }
+          })
+          // Clean up transport when closed
+          transport.onclose = () => {
+            if (transport.sessionId) {
+              delete transports[transport.sessionId]
+            }
+          }
+          const proxy = await initProxy(specPath, baseUrl)
+          await proxy.connect(transport)
+        } else {
+          // Invalid request
+          res.status(400).json({
+            jsonrpc: '2.0',
+            error: {
+              code: -32000,
+              message: 'Bad Request: No valid session ID provided',
+            },
+            id: null,
+          })
+          return
+        }
+        // Handle the request
+        await transport.handleRequest(req, res, req.body)
+      } catch (error) {
+        console.error('Error handling MCP request:', error)
+        if (!res.headersSent) {
+          res.status(500).json({
+            jsonrpc: '2.0',
+            error: {
+              code: -32603,
+              message: 'Internal server error',
+            },
+            id: null,
+          })
+        }
+      }
+    })
+    // Handle GET requests for server-to-client notifications via Streamable HTTP
+    app.get('/mcp', async (req, res) => {
+      const sessionId = req.headers['mcp-session-id'] as string | undefined
+      if (!sessionId || !transports[sessionId]) {
+        res.status(400).send('Invalid or missing session ID')
+        return
+      }
+      const transport = transports[sessionId]
+      await transport.handleRequest(req, res)
+    })
+    // Handle DELETE requests for session termination
+    app.delete('/mcp', async (req, res) => {
+      const sessionId = req.headers['mcp-session-id'] as string | undefined
+      if (!sessionId || !transports[sessionId]) {
+        res.status(400).send('Invalid or missing session ID')
+        return
+      }
+      const transport = transports[sessionId]
+      await transport.handleRequest(req, res)
+    })
+    const port = options.port
+    app.listen(port, '0.0.0.0', () => {
+      console.log(`MCP Server listening on port ${port}`)
+      console.log(`Endpoint: http://0.0.0.0:${port}/mcp`)
+      console.log(`Health check: http://0.0.0.0:${port}/health`)
+      console.log(`Authentication: Bearer token required`)
+      if (options.authToken) {
+        console.log(`Using provided auth token`)
+      }
+    })
+    // Return a dummy server for compatibility
+    return { close: () => {} }
+  } else {
+    throw new Error(`Unsupported transport: ${transport}. Use 'stdio' or 'http'.`)
+  }
+}
+startServer(process.argv).catch(error => {
+  if (error instanceof ValidationError) {
+    console.error('Invalid OpenAPI 3.1 specification:')
+    error.errors.forEach(err => console.error(err))
+  } else {
+    console.error('Error:', error)
+  }
+  process.exit(1)
+})

package/src/init-server.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import fs from 'node:fs'
+import path from 'node:path'
+import { OpenAPIV3 } from 'openapi-types'
+import OpenAPISchemaValidator from 'openapi-schema-validator'
+import { MCPProxy } from './openapi-mcp-server/mcp/proxy'
+export class ValidationError extends Error {
+  constructor(public errors: any[]) {
+    super('OpenAPI validation failed')
+    this.name = 'ValidationError'
+  }
+}
+async function loadOpenApiSpec(specPath: string, baseUrl: string | undefined): Promise<OpenAPIV3.Document> {
+  let rawSpec: string
+  try {
+    rawSpec = fs.readFileSync(path.resolve(process.cwd(), specPath), 'utf-8')
+  } catch (error) {
+    console.error('Failed to read OpenAPI specification file:', (error as Error).message)
+    process.exit(1)
+  }
+  // Parse and validate the OpenApi Spec
+  try {
+    const parsed = JSON.parse(rawSpec)
+    // Override baseUrl if specified.
+    if (baseUrl) {
+      parsed.servers[0].url = baseUrl
+    }
+    return parsed as OpenAPIV3.Document
+  } catch (error) {
+    if (error instanceof ValidationError) {
+      throw error
+    }
+    console.error('Failed to parse OpenAPI spec:', (error as Error).message)
+    process.exit(1)
+  }
+}
+export async function initProxy(specPath: string, baseUrl: string |undefined) {
+  const openApiSpec = await loadOpenApiSpec(specPath, baseUrl)
+  const proxy = new MCPProxy('Notion API', openApiSpec)
+  return proxy
+}

package/src/openapi-mcp-server/README.md ADDED Viewed

@@ -0,0 +1,3 @@
+Note: This is a fork from v1 of https://github.com/snaggle-ai/openapi-mcp-server. The library took a different direction with v2 which is not compatible with our development approach.
+Forked to upgrade vulnerable dependencies and easier setup.

package/src/openapi-mcp-server/auth/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './types'
2	+ export * from './template'

package/src/openapi-mcp-server/auth/template.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import Mustache from 'mustache'
+import { AuthTemplate, TemplateContext } from './types'
+export function renderAuthTemplate(template: AuthTemplate, context: TemplateContext): AuthTemplate {
+  // Disable HTML escaping for URLs
+  Mustache.escape = (text) => text
+  // Render URL with template variables
+  const renderedUrl = Mustache.render(template.url, context)
+  // Create a new template object with rendered values
+  const renderedTemplate: AuthTemplate = {
+    ...template,
+    url: renderedUrl,
+    headers: { ...template.headers }, // Create a new headers object to avoid modifying the original
+  }
+  // Render body if it exists
+  if (template.body) {
+    renderedTemplate.body = Mustache.render(template.body, context)
+  }
+  return renderedTemplate
+}

package/src/openapi-mcp-server/auth/types.ts ADDED Viewed

@@ -0,0 +1,26 @@
+export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH'
+export interface AuthTemplate {
+  url: string
+  method: HttpMethod
+  headers: Record<string, string>
+  body?: string
+}
+export interface SecurityScheme {
+  [key: string]: {
+    tokenUrl?: string
+    [key: string]: any
+  }
+}
+export interface Server {
+  url: string
+  description?: string
+}
+export interface TemplateContext {
+  securityScheme?: SecurityScheme
+  servers?: Server[]
+  args: Record<string, string>
+}

package/src/openapi-mcp-server/client/__tests__/http-client-upload.test.ts ADDED Viewed

@@ -0,0 +1,205 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+import { HttpClient } from '../http-client'
+import { OpenAPIV3 } from 'openapi-types'
+import fs from 'fs'
+import FormData from 'form-data'
+vi.mock('fs')
+vi.mock('form-data')
+describe('HttpClient File Upload', () => {
+  let client: HttpClient
+  const mockApiInstance = {
+    uploadFile: vi.fn(),
+  }
+  const baseConfig = {
+    baseUrl: 'http://test.com',
+    headers: {},
+  }
+  const mockOpenApiSpec: OpenAPIV3.Document = {
+    openapi: '3.0.0',
+    info: {
+      title: 'Test API',
+      version: '1.0.0',
+    },
+    paths: {
+      '/upload': {
+        post: {
+          operationId: 'uploadFile',
+          responses: {
+            '200': {
+              description: 'File uploaded successfully',
+              content: {
+                'application/json': {
+                  schema: {
+                    type: 'object',
+                    properties: {
+                      success: {
+                        type: 'boolean',
+                      },
+                    },
+                  },
+                },
+              },
+            },
+          },
+          requestBody: {
+            content: {
+              'multipart/form-data': {
+                schema: {
+                  type: 'object',
+                  properties: {
+                    file: {
+                      type: 'string',
+                      format: 'binary',
+                    },
+                    description: {
+                      type: 'string',
+                    },
+                  },
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+  }
+  beforeEach(() => {
+    vi.clearAllMocks()
+    client = new HttpClient(baseConfig, mockOpenApiSpec)
+    // @ts-expect-error - Mock the private api property
+    client['api'] = Promise.resolve(mockApiInstance)
+  })
+  it('should handle file uploads with FormData', async () => {
+    const mockFormData = new FormData()
+    const mockFileStream = { pipe: vi.fn() }
+    const mockFormDataHeaders = { 'content-type': 'multipart/form-data; boundary=---123' }
+    vi.mocked(fs.createReadStream).mockReturnValue(mockFileStream as any)
+    vi.spyOn(FormData.prototype, 'append').mockImplementation(() => {})
+    vi.spyOn(FormData.prototype, 'getHeaders').mockReturnValue(mockFormDataHeaders)
+    const uploadPath = mockOpenApiSpec.paths['/upload']
+    if (!uploadPath?.post) {
+      throw new Error('Upload path not found in spec')
+    }
+    const operation = uploadPath.post as OpenAPIV3.OperationObject & { method: string; path: string }
+    const params = {
+      file: '/path/to/test.txt',
+      description: 'Test file',
+    }
+    mockApiInstance.uploadFile.mockResolvedValue({
+      data: { success: true },
+      status: 200,
+      headers: {},
+    })
+    await client.executeOperation(operation, params)
+    expect(fs.createReadStream).toHaveBeenCalledWith('/path/to/test.txt')
+    expect(FormData.prototype.append).toHaveBeenCalledWith('file', mockFileStream)
+    expect(FormData.prototype.append).toHaveBeenCalledWith('description', 'Test file')
+    expect(mockApiInstance.uploadFile).toHaveBeenCalledWith({}, expect.any(FormData), { headers: mockFormDataHeaders })
+  })
+  it('should throw error for invalid file path', async () => {
+    vi.mocked(fs.createReadStream).mockImplementation(() => {
+      throw new Error('File not found')
+    })
+    const uploadPath = mockOpenApiSpec.paths['/upload']
+    if (!uploadPath?.post) {
+      throw new Error('Upload path not found in spec')
+    }
+    const operation = uploadPath.post as OpenAPIV3.OperationObject & { method: string; path: string }
+    const params = {
+      file: '/nonexistent/file.txt',
+      description: 'Test file',
+    }
+    await expect(client.executeOperation(operation, params)).rejects.toThrow('Failed to read file at /nonexistent/file.txt')
+  })
+  it('should handle multiple file uploads', async () => {
+    const mockFormData = new FormData()
+    const mockFileStream1 = { pipe: vi.fn() }
+    const mockFileStream2 = { pipe: vi.fn() }
+    const mockFormDataHeaders = { 'content-type': 'multipart/form-data; boundary=---123' }
+    vi.mocked(fs.createReadStream)
+      .mockReturnValueOnce(mockFileStream1 as any)
+      .mockReturnValueOnce(mockFileStream2 as any)
+    vi.spyOn(FormData.prototype, 'append').mockImplementation(() => {})
+    vi.spyOn(FormData.prototype, 'getHeaders').mockReturnValue(mockFormDataHeaders)
+    const operation: OpenAPIV3.OperationObject = {
+      operationId: 'uploadFile',
+      responses: {
+        '200': {
+          description: 'Files uploaded successfully',
+          content: {
+            'application/json': {
+              schema: {
+                type: 'object',
+                properties: {
+                  success: {
+                    type: 'boolean',
+                  },
+                },
+              },
+            },
+          },
+        },
+      },
+      requestBody: {
+        content: {
+          'multipart/form-data': {
+            schema: {
+              type: 'object',
+              properties: {
+                file1: {
+                  type: 'string',
+                  format: 'binary',
+                },
+                file2: {
+                  type: 'string',
+                  format: 'binary',
+                },
+                description: {
+                  type: 'string',
+                },
+              },
+            },
+          },
+        },
+      },
+    }
+    const params = {
+      file1: '/path/to/test1.txt',
+      file2: '/path/to/test2.txt',
+      description: 'Test files',
+    }
+    mockApiInstance.uploadFile.mockResolvedValue({
+      data: { success: true },
+      status: 200,
+      headers: {},
+    })
+    await client.executeOperation(operation as OpenAPIV3.OperationObject & { method: string; path: string }, params)
+    expect(fs.createReadStream).toHaveBeenCalledWith('/path/to/test1.txt')
+    expect(fs.createReadStream).toHaveBeenCalledWith('/path/to/test2.txt')
+    expect(FormData.prototype.append).toHaveBeenCalledWith('file1', mockFileStream1)
+    expect(FormData.prototype.append).toHaveBeenCalledWith('file2', mockFileStream2)
+    expect(FormData.prototype.append).toHaveBeenCalledWith('description', 'Test files')
+    expect(mockApiInstance.uploadFile).toHaveBeenCalledWith({}, expect.any(FormData), { headers: mockFormDataHeaders })
+  })
+})