@wsh19991219/mcp-server 0.1.3 → 0.1.4

package/README.md

@@ -74,7 +74,7 @@ npm install -g @data_mgr/mcp-server
 
 | 变量 | 说明 | 默认值 |
 | --- | --- | --- |
-| `DATA_MGR_API_URL` | 后端 API 地址 | `http://42.194.226.85:8092` |
+| `DATA_MGR_API_URL` | 后端 API 地址（可选；未设置时在登录页填写） | — |
 | `DATA_MGR_CONFIG_DIR` | 配置文件目录 | `~/.data-mgr` |
 
 ## 使用示例

package/SKILL.md

@@ -135,7 +135,7 @@ npm install -g @data_mgr/mcp-server
 
 | 变量 | 说明 | 默认值 |
 | --- | --- | --- |
-| `DATA_MGR_API_URL` | 后端 API 地址 | `http://127.0.0.1:8092` |
+| `DATA_MGR_API_URL` | 后端 API 地址（可选；未设置时在登录页填写） | — |
 | `DATA_MGR_CONFIG_DIR` | 配置文件目录 | `~/.data-mgr` |
 
 ## 错误处理

package/lib/config.js

@@ -8,13 +8,46 @@ const CONFIG_FILE = path.join(CONFIG_DIR, "config.json");
 
 /** @typedef {{ apiUrl?: string, token?: string, username?: string, userId?: number, tenantId?: number, expiresIn?: string, expiresAt?: string, loggedInAt?: string }} DataMgrConfig */
 
-/** Production API (port 8092 serves plain HTTP; use HTTPS only via reverse proxy on 443). */
-export const DEFAULT_API_URL = "http://42.194.226.85:8092";
 export const LOGIN_PATH = "/api/v1/auth/login";
 
-/** @param {string} url */
+/** @param {string} [url] */
 export function normalizeApiUrl(url) {
-  return String(url).trim().replace(/\/$/, "");
+  return String(url ?? "").trim().replace(/\/$/, "");
+}
+
+/**
+ * Validate and normalize API base URL (adds http:// if scheme omitted).
+ * @param {string} url
+ * @returns {string}
+ */
+export function parseApiUrl(url) {
+  let trimmed = normalizeApiUrl(url);
+  if (!trimmed) {
+    throw new Error("API 地址不能为空");
+  }
+  if (!/^https?:\/\//i.test(trimmed)) {
+    trimmed = `http://${trimmed}`;
+  }
+  let u;
+  try {
+    u = new URL(trimmed);
+  } catch {
+    throw new Error(`无效的 API 地址: ${url}`);
+  }
+  if (u.protocol !== "http:" && u.protocol !== "https:") {
+    throw new Error("仅支持 http 或 https");
+  }
+  const path = u.pathname === "/" ? "" : u.pathname.replace(/\/$/, "");
+  return u.origin + path;
+}
+
+/** Saved API URL from env or config (no default). */
+export function getSavedApiUrl() {
+  const fromEnv = process.env.DATA_MGR_API_URL?.trim();
+  if (fromEnv) return normalizeApiUrl(fromEnv);
+  const cfg = loadConfig();
+  if (cfg.apiUrl) return normalizeApiUrl(cfg.apiUrl);
+  return undefined;
 }
 
 /** @param {string | number | undefined} expiresIn @param {Date} [from] */
@@ -73,11 +106,11 @@ export function getConfigPath() {
 
 /** @returns {string} */
 export function getApiUrl() {
-  const fromEnv = process.env.DATA_MGR_API_URL?.trim();
-  if (fromEnv) return normalizeApiUrl(fromEnv);
-  const cfg = loadConfig();
-  if (cfg.apiUrl) return normalizeApiUrl(cfg.apiUrl);
-  return DEFAULT_API_URL;
+  const url = getSavedApiUrl();
+  if (!url) {
+    throw new Error("未配置 API 地址。请运行 login 在登录页填写服务器地址，或设置 DATA_MGR_API_URL / config api-url。");
+  }
+  return url;
 }
 
 export function hasValidToken() {

package/lib/login-server.js

@@ -1,7 +1,12 @@
 import http from "node:http";
 import { randomBytes } from "node:crypto";
 import { spawn } from "node:child_process";
-import { getApiUrl, LOGIN_PATH } from "./config.js";
+import { getSavedApiUrl, parseApiUrl, LOGIN_PATH } from "./config.js";
+
+/** @param {string} [defaultApiUrl] */
+function renderLoginPage(defaultApiUrl) {
+  return LOGIN_PAGE.replace("__DEFAULT_API_URL_JSON__", JSON.stringify(defaultApiUrl ?? ""));
+}
 
 const CORS_HEADERS = {
   "Access-Control-Allow-Origin": "*",
@@ -80,8 +85,11 @@ const LOGIN_PAGE = String.raw`<!DOCTYPE html>
 <body>
   <div class="card">
     <h1>Data Manager</h1>
-    <p>请输入账号和密码，登录成功后 CLI 将自动保存 token。</p>
+    <p>请输入 API 地址、账号和密码。登录成功后将保存服务器地址与 token。</p>
     <form id="form">
+      <label for="apiUrl">API 地址</label>
+      <input id="apiUrl" name="apiUrl" type="url" autocomplete="url"
+        placeholder="http://host:8092" required />
       <label for="username">账号</label>
       <input id="username" name="username" autocomplete="username" required />
       <label for="password">密码</label>
@@ -89,12 +97,19 @@ const LOGIN_PAGE = String.raw`<!DOCTYPE html>
       <button type="submit" id="btn">登录</button>
     </form>
     <div id="msg" class="msg"></div>
-    <div class="api">API: __API_URL__</div>
   </div>
   <script>
     const form = document.getElementById('form');
     const msg = document.getElementById('msg');
     const btn = document.getElementById('btn');
+    const defaultApiUrl = __DEFAULT_API_URL_JSON__;
+    if (defaultApiUrl) form.apiUrl.value = defaultApiUrl;
+    else {
+      try {
+        const last = localStorage.getItem('data-mgr-api-url');
+        if (last) form.apiUrl.value = last;
+      } catch (_) {}
+    }
     form.addEventListener('submit', async (e) => {
       e.preventDefault();
       msg.textContent = '';
@@ -106,6 +121,7 @@ const LOGIN_PAGE = String.raw`<!DOCTYPE html>
           method: 'POST',
           headers: { 'Content-Type': 'application/json' },
           body: JSON.stringify({
+            apiUrl: form.apiUrl.value.trim(),
             username: form.username.value,
             password: form.password.value,
           }),
@@ -114,6 +130,7 @@ const LOGIN_PAGE = String.raw`<!DOCTYPE html>
         if (!res.ok) {
           throw new Error(data.message || data.error || ('HTTP ' + res.status));
         }
+        try { localStorage.setItem('data-mgr-api-url', form.apiUrl.value.trim()); } catch (_) {}
         window.location.href = '/success';
       } catch (err) {
         msg.textContent = err.message || '登录失败';
@@ -158,6 +175,7 @@ const SUCCESS_PAGE = String.raw`<!DOCTYPE html>
  * @property {string} [expiresIn]
  * @property {string} [expiresAt]
  * @property {string} loggedInAt
+ * @property {string} apiUrl
  * @property {string} loginUrl - The URL the user should visit to log in
  */
 
@@ -171,7 +189,7 @@ export function runBrowserLogin(options = {}) {
   const timeoutMs = options.timeoutMs ?? 5 * 60 * 1000;
   const openBrowser = options.openBrowser !== false;
   const onLoginUrl = options.onLoginUrl ?? (() => {});
-  const apiUrl = options.apiUrl ?? getApiUrl();
+  const defaultApiUrl = options.apiUrl ?? getSavedApiUrl() ?? "";
   const state = randomBytes(16).toString("hex");
 
   return new Promise((resolve, reject) => {
@@ -196,7 +214,7 @@ export function runBrowserLogin(options = {}) {
 
       if (req.method === "GET" && (url.pathname === "/" || url.pathname === "/login")) {
         res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
-        res.end(LOGIN_PAGE.replace("__API_URL__", apiUrl));
+        res.end(renderLoginPage(defaultApiUrl));
         return;
       }
 
@@ -204,14 +222,22 @@ export function runBrowserLogin(options = {}) {
         let body = "";
         req.on("data", (chunk) => { body += chunk; });
         req.on("end", async () => {
+          let loginApiUrl = defaultApiUrl;
           try {
-            const { username, password } = JSON.parse(body || "{}");
+            const { username, password, apiUrl: rawApiUrl } = JSON.parse(body || "{}");
+            try {
+              loginApiUrl = parseApiUrl(rawApiUrl);
+            } catch (parseErr) {
+              const message = parseErr instanceof Error ? parseErr.message : String(parseErr);
+              sendJson(res, 400, { error: message, message });
+              return;
+            }
             if (!username || !password) {
               sendJson(res, 400, { error: "username and password required" });
               return;
             }
 
-            const loginEndpoint = `${apiUrl}${LOGIN_PATH}`;
+            const loginEndpoint = `${loginApiUrl}${LOGIN_PATH}`;
             let loginRes;
             try {
               loginRes = await fetch(loginEndpoint, {
@@ -221,8 +247,8 @@ export function runBrowserLogin(options = {}) {
               });
             } catch (fetchErr) {
               sendJson(res, 502, {
-                error: formatUpstreamError(fetchErr, apiUrl),
-                message: formatUpstreamError(fetchErr, apiUrl),
+                error: formatUpstreamError(fetchErr, loginApiUrl),
+                message: formatUpstreamError(fetchErr, loginApiUrl),
               });
               return;
             }
@@ -257,6 +283,7 @@ export function runBrowserLogin(options = {}) {
             cleanup();
             resolve({
               token,
+              apiUrl: loginApiUrl,
               username: inner.username ?? data.username ?? username,
               userId: inner.user_id ?? data.user_id,
               tenantId: inner.tenant_id ?? data.tenant_id,
@@ -265,7 +292,7 @@ export function runBrowserLogin(options = {}) {
               loginUrl: `http://127.0.0.1:${server?.address()?.port ?? "?"}/login`,
             });
           } catch (err) {
-            const message = formatUpstreamError(err, apiUrl);
+            const message = formatUpstreamError(err, loginApiUrl);
             console.error("[data-mgr login]", message, err);
             sendJson(res, 500, { error: message, message });
           }

package/lib/tools.js

@@ -2,7 +2,7 @@ import { z } from "zod";
 import {
   loadConfig,
   saveConfig,
-  getApiUrl,
+  getSavedApiUrl,
   hasValidToken,
   computeExpiresAt,
   getConfigPath,
@@ -125,7 +125,7 @@ export function registerTools(server) {
     {},
     async () => {
       const cfg = loadConfig();
-      const apiUrl = getApiUrl();
+      const apiUrl = getSavedApiUrl() ?? "(未配置，登录时填写)";
       const loggedIn = hasValidToken();
 
       const expiresAt =
@@ -184,7 +184,7 @@ export function registerTools(server) {
         const expiresAt = computeExpiresAt(result.expiresIn, new Date(result.loggedInAt));
 
         saveConfig({
-          apiUrl: getApiUrl(),
+          apiUrl: result.apiUrl,
           token: result.token,
           username: result.username,
           userId: result.userId,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wsh19991219/mcp-server",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "MCP server for Data Manager API — stdio transport, JWT auth",
   "type": "module",
   "main": "lib/tools.js",