@softeria/ms-365-mcp-server 0.117.0 → 0.118.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/lib/log-redactor.js +38 -0
- package/dist/logger.js +14 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -582,6 +582,7 @@ Environment variables:
|
|
|
582
582
|
- `MS365_MCP_CLOUD_TYPE=global|china`: Microsoft cloud environment (alternative to --cloud flag)
|
|
583
583
|
- `LOG_LEVEL`: Set logging level (default: 'info')
|
|
584
584
|
- `SILENT=true|1`: Disable console output
|
|
585
|
+
- `MS365_MCP_REDACT_PII=true|1`: Scrub JWTs, Bearer headers, OAuth token fields, and email addresses from log messages before they are written (default: disabled). Useful when logs are shipped to a central store or shared host.
|
|
585
586
|
- `MS365_MCP_CLIENT_ID`: Custom Azure app client ID (defaults to built-in app)
|
|
586
587
|
- `MS365_MCP_TENANT_ID`: Custom tenant ID (defaults to 'common' for multi-tenant)
|
|
587
588
|
- `MS365_MCP_OAUTH_TOKEN`: Pre-existing OAuth token for Microsoft Graph API (BYOT method)
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
const REDACTIONS = [
|
|
2
|
+
// JSON Web Tokens (header.payload.signature) — access_token, id_token, etc.
|
|
3
|
+
{
|
|
4
|
+
pattern: /eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g,
|
|
5
|
+
replacement: "[REDACTED_JWT]"
|
|
6
|
+
},
|
|
7
|
+
// Authorization: Bearer <token>
|
|
8
|
+
{
|
|
9
|
+
pattern: /(Bearer\s+)[A-Za-z0-9._~+/-]+=*/gi,
|
|
10
|
+
replacement: "$1[REDACTED]"
|
|
11
|
+
},
|
|
12
|
+
// OAuth token fields in query strings or JSON bodies:
|
|
13
|
+
// refresh_token=..., "access_token": "...", code=..., client_secret=...
|
|
14
|
+
{
|
|
15
|
+
pattern: /(["']?(?:refresh_token|access_token|id_token|client_secret|code|assertion)["']?\s*[=:]\s*["']?)[A-Za-z0-9._~+/-]+=*/gi,
|
|
16
|
+
replacement: "$1[REDACTED]"
|
|
17
|
+
},
|
|
18
|
+
// Email addresses / UPNs
|
|
19
|
+
{
|
|
20
|
+
pattern: /[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}/g,
|
|
21
|
+
replacement: "[REDACTED_EMAIL]"
|
|
22
|
+
}
|
|
23
|
+
];
|
|
24
|
+
function redactionEnabled() {
|
|
25
|
+
const raw = process.env.MS365_MCP_REDACT_PII;
|
|
26
|
+
return raw === "true" || raw === "1";
|
|
27
|
+
}
|
|
28
|
+
function redactSensitive(input) {
|
|
29
|
+
let out = input;
|
|
30
|
+
for (const { pattern, replacement } of REDACTIONS) {
|
|
31
|
+
out = out.replace(pattern, replacement);
|
|
32
|
+
}
|
|
33
|
+
return out;
|
|
34
|
+
}
|
|
35
|
+
export {
|
|
36
|
+
redactSensitive,
|
|
37
|
+
redactionEnabled
|
|
38
|
+
};
|
package/dist/logger.js
CHANGED
|
@@ -3,6 +3,14 @@ import path from "path";
|
|
|
3
3
|
import { fileURLToPath } from "url";
|
|
4
4
|
import fs from "fs";
|
|
5
5
|
import os from "os";
|
|
6
|
+
import { redactionEnabled, redactSensitive } from "./lib/log-redactor.js";
|
|
7
|
+
const redactFormat = winston.format((info) => {
|
|
8
|
+
if (!redactionEnabled()) return info;
|
|
9
|
+
if (typeof info.message === "string") {
|
|
10
|
+
info.message = redactSensitive(info.message);
|
|
11
|
+
}
|
|
12
|
+
return info;
|
|
13
|
+
});
|
|
6
14
|
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
|
7
15
|
const logsDir = process.env.MS365_MCP_LOG_DIR || path.join(os.homedir(), ".ms-365-mcp-server", "logs");
|
|
8
16
|
if (!fs.existsSync(logsDir)) {
|
|
@@ -29,6 +37,7 @@ ensureFileMode(serverLogPath);
|
|
|
29
37
|
const logger = winston.createLogger({
|
|
30
38
|
level: process.env.LOG_LEVEL || "info",
|
|
31
39
|
format: winston.format.combine(
|
|
40
|
+
redactFormat(),
|
|
32
41
|
winston.format.timestamp({
|
|
33
42
|
format: "YYYY-MM-DD HH:mm:ss"
|
|
34
43
|
}),
|
|
@@ -51,7 +60,11 @@ const logger = winston.createLogger({
|
|
|
51
60
|
const enableConsoleLogging = () => {
|
|
52
61
|
logger.add(
|
|
53
62
|
new winston.transports.Console({
|
|
54
|
-
format: winston.format.combine(
|
|
63
|
+
format: winston.format.combine(
|
|
64
|
+
redactFormat(),
|
|
65
|
+
winston.format.colorize(),
|
|
66
|
+
winston.format.simple()
|
|
67
|
+
),
|
|
55
68
|
silent: process.env.SILENT === "true" || process.env.SILENT === "1"
|
|
56
69
|
})
|
|
57
70
|
);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@softeria/ms-365-mcp-server",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.118.0",
|
|
4
4
|
"description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|