@wsh19991219/mcp-server 0.1.2 → 0.1.4

package/README.md

@@ -74,7 +74,7 @@ npm install -g @data_mgr/mcp-server
 
 | 变量 | 说明 | 默认值 |
 | --- | --- | --- |
-| `DATA_MGR_API_URL` | 后端 API 地址 | `http://127.0.0.1:8092` |
+| `DATA_MGR_API_URL` | 后端 API 地址（可选；未设置时在登录页填写） | — |
 | `DATA_MGR_CONFIG_DIR` | 配置文件目录 | `~/.data-mgr` |
 
 ## 使用示例

package/SKILL.md

@@ -135,7 +135,7 @@ npm install -g @data_mgr/mcp-server
 
 | 变量 | 说明 | 默认值 |
 | --- | --- | --- |
-| `DATA_MGR_API_URL` | 后端 API 地址 | `http://127.0.0.1:8092` |
+| `DATA_MGR_API_URL` | 后端 API 地址（可选；未设置时在登录页填写） | — |
 | `DATA_MGR_CONFIG_DIR` | 配置文件目录 | `~/.data-mgr` |
 
 ## 错误处理

package/lib/config.js

@@ -8,9 +8,48 @@ const CONFIG_FILE = path.join(CONFIG_DIR, "config.json");
 
 /** @typedef {{ apiUrl?: string, token?: string, username?: string, userId?: number, tenantId?: number, expiresIn?: string, expiresAt?: string, loggedInAt?: string }} DataMgrConfig */
 
-export const DEFAULT_API_URL = "http://127.0.0.1:8092";
 export const LOGIN_PATH = "/api/v1/auth/login";
 
+/** @param {string} [url] */
+export function normalizeApiUrl(url) {
+  return String(url ?? "").trim().replace(/\/$/, "");
+}
+
+/**
+ * Validate and normalize API base URL (adds http:// if scheme omitted).
+ * @param {string} url
+ * @returns {string}
+ */
+export function parseApiUrl(url) {
+  let trimmed = normalizeApiUrl(url);
+  if (!trimmed) {
+    throw new Error("API 地址不能为空");
+  }
+  if (!/^https?:\/\//i.test(trimmed)) {
+    trimmed = `http://${trimmed}`;
+  }
+  let u;
+  try {
+    u = new URL(trimmed);
+  } catch {
+    throw new Error(`无效的 API 地址: ${url}`);
+  }
+  if (u.protocol !== "http:" && u.protocol !== "https:") {
+    throw new Error("仅支持 http 或 https");
+  }
+  const path = u.pathname === "/" ? "" : u.pathname.replace(/\/$/, "");
+  return u.origin + path;
+}
+
+/** Saved API URL from env or config (no default). */
+export function getSavedApiUrl() {
+  const fromEnv = process.env.DATA_MGR_API_URL?.trim();
+  if (fromEnv) return normalizeApiUrl(fromEnv);
+  const cfg = loadConfig();
+  if (cfg.apiUrl) return normalizeApiUrl(cfg.apiUrl);
+  return undefined;
+}
+
 /** @param {string | number | undefined} expiresIn @param {Date} [from] */
 export function computeExpiresAt(expiresIn, from = new Date()) {
   if (expiresIn === undefined || expiresIn === null || expiresIn === "") return undefined;
@@ -67,11 +106,11 @@ export function getConfigPath() {
 
 /** @returns {string} */
 export function getApiUrl() {
-  const fromEnv = process.env.DATA_MGR_API_URL?.trim();
-  if (fromEnv) return fromEnv.replace(/\/$/, "");
-  const cfg = loadConfig();
-  if (cfg.apiUrl) return cfg.apiUrl.replace(/\/$/, "");
-  return DEFAULT_API_URL;
+  const url = getSavedApiUrl();
+  if (!url) {
+    throw new Error("未配置 API 地址。请运行 login 在登录页填写服务器地址，或设置 DATA_MGR_API_URL / config api-url。");
+  }
+  return url;
 }
 
 export function hasValidToken() {

package/lib/login-server.js

@@ -1,7 +1,46 @@
 import http from "node:http";
 import { randomBytes } from "node:crypto";
 import { spawn } from "node:child_process";
-import { getApiUrl, LOGIN_PATH } from "./config.js";
+import { getSavedApiUrl, parseApiUrl, LOGIN_PATH } from "./config.js";
+
+/** @param {string} [defaultApiUrl] */
+function renderLoginPage(defaultApiUrl) {
+  return LOGIN_PAGE.replace("__DEFAULT_API_URL_JSON__", JSON.stringify(defaultApiUrl ?? ""));
+}
+
+const CORS_HEADERS = {
+  "Access-Control-Allow-Origin": "*",
+  "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
+  "Access-Control-Allow-Headers": "Content-Type",
+};
+
+/** @param {import('node:http').ServerResponse} res @param {number} status @param {Record<string, unknown>} body */
+function sendJson(res, status, body) {
+  res.writeHead(status, { "Content-Type": "application/json; charset=utf-8", ...CORS_HEADERS });
+  res.end(JSON.stringify(body));
+}
+
+/** @param {unknown} err @param {string} apiUrl */
+function formatUpstreamError(err, apiUrl) {
+  const base = err instanceof Error ? err : new Error(String(err));
+  const cause = base.cause instanceof Error ? base.cause : null;
+  const code = /** @type {{ code?: string }} */ (cause ?? base).code;
+  const msg = cause?.message ?? base.message;
+
+  if (code === "ECONNREFUSED" || code === "ENOTFOUND" || code === "ETIMEDOUT") {
+    return `无法连接 API（${apiUrl}）：${msg}`;
+  }
+  if (/packet length too long/i.test(msg)) {
+    return `协议不匹配：${apiUrl} 使用了 HTTPS，但该端口可能只提供 HTTP。请改为 http:// 或配置 443 反向代理。`;
+  }
+  if (/certificate|UNABLE_TO_VERIFY|self signed|ALTNAME_INVALID/i.test(msg)) {
+    return `HTTPS 证书校验失败（${apiUrl}）。请使用与证书匹配的域名，或配置 NODE_EXTRA_CA_CERTS。`;
+  }
+  if (base.name === "TypeError" && /fetch failed/i.test(base.message)) {
+    return `请求 API 失败（${apiUrl}）：${msg || base.message}`;
+  }
+  return msg || base.message;
+}
 
 const LOGIN_PAGE = String.raw`<!DOCTYPE html>
 <html lang="zh-CN">
@@ -46,8 +85,11 @@ const LOGIN_PAGE = String.raw`<!DOCTYPE html>
 <body>
   <div class="card">
     <h1>Data Manager</h1>
-    <p>请输入账号和密码，登录成功后 CLI 将自动保存 token。</p>
+    <p>请输入 API 地址、账号和密码。登录成功后将保存服务器地址与 token。</p>
     <form id="form">
+      <label for="apiUrl">API 地址</label>
+      <input id="apiUrl" name="apiUrl" type="url" autocomplete="url"
+        placeholder="http://host:8092" required />
       <label for="username">账号</label>
       <input id="username" name="username" autocomplete="username" required />
       <label for="password">密码</label>
@@ -55,12 +97,19 @@ const LOGIN_PAGE = String.raw`<!DOCTYPE html>
       <button type="submit" id="btn">登录</button>
     </form>
     <div id="msg" class="msg"></div>
-    <div class="api">API: __API_URL__</div>
   </div>
   <script>
     const form = document.getElementById('form');
     const msg = document.getElementById('msg');
     const btn = document.getElementById('btn');
+    const defaultApiUrl = __DEFAULT_API_URL_JSON__;
+    if (defaultApiUrl) form.apiUrl.value = defaultApiUrl;
+    else {
+      try {
+        const last = localStorage.getItem('data-mgr-api-url');
+        if (last) form.apiUrl.value = last;
+      } catch (_) {}
+    }
     form.addEventListener('submit', async (e) => {
       e.preventDefault();
       msg.textContent = '';
@@ -72,6 +121,7 @@ const LOGIN_PAGE = String.raw`<!DOCTYPE html>
           method: 'POST',
           headers: { 'Content-Type': 'application/json' },
           body: JSON.stringify({
+            apiUrl: form.apiUrl.value.trim(),
             username: form.username.value,
             password: form.password.value,
           }),
@@ -80,6 +130,7 @@ const LOGIN_PAGE = String.raw`<!DOCTYPE html>
         if (!res.ok) {
           throw new Error(data.message || data.error || ('HTTP ' + res.status));
         }
+        try { localStorage.setItem('data-mgr-api-url', form.apiUrl.value.trim()); } catch (_) {}
         window.location.href = '/success';
       } catch (err) {
         msg.textContent = err.message || '登录失败';
@@ -124,20 +175,21 @@ const SUCCESS_PAGE = String.raw`<!DOCTYPE html>
  * @property {string} [expiresIn]
  * @property {string} [expiresAt]
  * @property {string} loggedInAt
+ * @property {string} apiUrl
  * @property {string} loginUrl - The URL the user should visit to log in
  */
 
 /**
  * Start local login server, open browser, return token when login succeeds.
  * Modified for MCP: uses onLoginUrl callback instead of console.log.
- * @param {{ timeoutMs?: number, openBrowser?: boolean, onLoginUrl?: (url: string) => void }} [options]
+ * @param {{ timeoutMs?: number, openBrowser?: boolean, apiUrl?: string, onLoginUrl?: (url: string) => void }} [options]
  * @returns {Promise<LoginResult>}
  */
 export function runBrowserLogin(options = {}) {
   const timeoutMs = options.timeoutMs ?? 5 * 60 * 1000;
   const openBrowser = options.openBrowser !== false;
   const onLoginUrl = options.onLoginUrl ?? (() => {});
-  const apiUrl = getApiUrl();
+  const defaultApiUrl = options.apiUrl ?? getSavedApiUrl() ?? "";
   const state = randomBytes(16).toString("hex");
 
   return new Promise((resolve, reject) => {
@@ -154,9 +206,15 @@ export function runBrowserLogin(options = {}) {
     server = http.createServer(async (req, res) => {
       const url = new URL(req.url ?? "/", "http://127.0.0.1");
 
+      if (req.method === "OPTIONS" && url.pathname === "/api/login") {
+        res.writeHead(204, CORS_HEADERS);
+        res.end();
+        return;
+      }
+
       if (req.method === "GET" && (url.pathname === "/" || url.pathname === "/login")) {
         res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
-        res.end(LOGIN_PAGE.replace("__API_URL__", apiUrl));
+        res.end(renderLoginPage(defaultApiUrl));
         return;
       }
 
@@ -164,27 +222,43 @@ export function runBrowserLogin(options = {}) {
         let body = "";
         req.on("data", (chunk) => { body += chunk; });
         req.on("end", async () => {
+          let loginApiUrl = defaultApiUrl;
           try {
-            const { username, password } = JSON.parse(body);
+            const { username, password, apiUrl: rawApiUrl } = JSON.parse(body || "{}");
+            try {
+              loginApiUrl = parseApiUrl(rawApiUrl);
+            } catch (parseErr) {
+              const message = parseErr instanceof Error ? parseErr.message : String(parseErr);
+              sendJson(res, 400, { error: message, message });
+              return;
+            }
             if (!username || !password) {
-              res.writeHead(400, { "Content-Type": "application/json" });
-              res.end(JSON.stringify({ error: "username and password required" }));
+              sendJson(res, 400, { error: "username and password required" });
               return;
             }
 
-            const loginRes = await fetch(`${apiUrl}${LOGIN_PATH}`, {
-              method: "POST",
-              headers: { "Content-Type": "application/json" },
-              body: JSON.stringify({ username, password }),
-            });
+            const loginEndpoint = `${loginApiUrl}${LOGIN_PATH}`;
+            let loginRes;
+            try {
+              loginRes = await fetch(loginEndpoint, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({ username, password }),
+              });
+            } catch (fetchErr) {
+              sendJson(res, 502, {
+                error: formatUpstreamError(fetchErr, loginApiUrl),
+                message: formatUpstreamError(fetchErr, loginApiUrl),
+              });
+              return;
+            }
 
             const data = await loginRes.json().catch(() => ({}));
 
             // API returns {code, message, data} — check code for errors
             if (!loginRes.ok || (data.code != null && data.code !== 0)) {
               const message = data.message ?? data.error ?? `Login failed (HTTP ${loginRes.status}, code ${data.code})`;
-              res.writeHead(loginRes.ok ? 401 : loginRes.status, { "Content-Type": "application/json" });
-              res.end(JSON.stringify({ error: message }));
+              sendJson(res, loginRes.ok ? 401 : loginRes.status, { error: message, message });
               return;
             }
 
@@ -192,16 +266,15 @@ export function runBrowserLogin(options = {}) {
             const inner = data.data ?? {};
             const token = data.token ?? inner.token ?? inner.access_token;
             if (!token) {
-              res.writeHead(502, { "Content-Type": "application/json" });
-              res.end(JSON.stringify({
+              sendJson(res, 502, {
                 error: "API response missing token field",
+                message: "API response missing token field",
                 debug: { topKeys: Object.keys(data), innerKeys: Object.keys(inner) },
-              }));
+              });
               return;
             }
 
-            res.writeHead(200, { "Content-Type": "application/json" });
-            res.end(JSON.stringify({ ok: true }));
+            sendJson(res, 200, { ok: true });
 
             const loggedInAt = new Date().toISOString();
             const expiresIn = (inner.expires_in ?? data.expires_in) != null
@@ -210,6 +283,7 @@ export function runBrowserLogin(options = {}) {
             cleanup();
             resolve({
               token,
+              apiUrl: loginApiUrl,
               username: inner.username ?? data.username ?? username,
               userId: inner.user_id ?? data.user_id,
               tenantId: inner.tenant_id ?? data.tenant_id,
@@ -218,9 +292,9 @@ export function runBrowserLogin(options = {}) {
               loginUrl: `http://127.0.0.1:${server?.address()?.port ?? "?"}/login`,
             });
           } catch (err) {
-            const message = err instanceof Error ? err.message : String(err);
-            res.writeHead(500, { "Content-Type": "application/json" });
-            res.end(JSON.stringify({ error: message }));
+            const message = formatUpstreamError(err, loginApiUrl);
+            console.error("[data-mgr login]", message, err);
+            sendJson(res, 500, { error: message, message });
           }
         });
         return;

package/lib/tools.js

@@ -2,7 +2,7 @@ import { z } from "zod";
 import {
   loadConfig,
   saveConfig,
-  getApiUrl,
+  getSavedApiUrl,
   hasValidToken,
   computeExpiresAt,
   getConfigPath,
@@ -125,7 +125,7 @@ export function registerTools(server) {
     {},
     async () => {
       const cfg = loadConfig();
-      const apiUrl = getApiUrl();
+      const apiUrl = getSavedApiUrl() ?? "(未配置，登录时填写)";
       const loggedIn = hasValidToken();
 
       const expiresAt =
@@ -184,6 +184,7 @@ export function registerTools(server) {
         const expiresAt = computeExpiresAt(result.expiresIn, new Date(result.loggedInAt));
 
         saveConfig({
+          apiUrl: result.apiUrl,
           token: result.token,
           username: result.username,
           userId: result.userId,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wsh19991219/mcp-server",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "MCP server for Data Manager API — stdio transport, JWT auth",
   "type": "module",
   "main": "lib/tools.js",