crawlforge-mcp-server 3.0.0 → 3.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CLAUDE.md +186 -45
- package/README.md +19 -15
- package/package.json +9 -6
- package/server.js +13 -16
- package/setup.js +5 -5
- package/src/core/ActionExecutor.js +16 -1
- package/src/core/AuthManager.js +2 -2
- package/src/core/ChangeTracker.js +5 -963
- package/src/core/WebhookDispatcher.js +4 -0
|
@@ -704,7 +704,23 @@ export class ActionExecutor extends EventEmitter {
|
|
|
704
704
|
* @param {Object} action - JavaScript action
|
|
705
705
|
* @returns {Promise<Object>} JavaScript result
|
|
706
706
|
*/
|
|
707
|
+
|
|
707
708
|
async executeJavaScriptAction(page, action) {
|
|
709
|
+
// SECURITY: JavaScript execution is disabled by default for security
|
|
710
|
+
// Set ALLOW_JAVASCRIPT_EXECUTION=true to enable (NOT recommended in production)
|
|
711
|
+
const allowJsExecution = process.env.ALLOW_JAVASCRIPT_EXECUTION === 'true';
|
|
712
|
+
|
|
713
|
+
if (!allowJsExecution) {
|
|
714
|
+
throw new Error(
|
|
715
|
+
'JavaScript execution is disabled for security reasons. ' +
|
|
716
|
+
'Set ALLOW_JAVASCRIPT_EXECUTION=true environment variable to enable (NOT recommended in production). ' +
|
|
717
|
+
'This feature allows arbitrary code execution and should only be used in trusted environments.'
|
|
718
|
+
);
|
|
719
|
+
}
|
|
720
|
+
|
|
721
|
+
// Log security warning when JS execution is enabled
|
|
722
|
+
console.warn('⚠️ SECURITY WARNING: JavaScript execution is enabled. This allows arbitrary code execution!');
|
|
723
|
+
|
|
708
724
|
const result = await page.evaluate(
|
|
709
725
|
new Function('...args', action.script),
|
|
710
726
|
...action.args
|
|
@@ -716,7 +732,6 @@ export class ActionExecutor extends EventEmitter {
|
|
|
716
732
|
result: action.returnResult ? result : undefined
|
|
717
733
|
};
|
|
718
734
|
}
|
|
719
|
-
|
|
720
735
|
/**
|
|
721
736
|
* Capture screenshot
|
|
722
737
|
* @param {Page} page - Playwright page
|
package/src/core/AuthManager.js
CHANGED
|
@@ -9,7 +9,7 @@ import path from 'path';
|
|
|
9
9
|
|
|
10
10
|
class AuthManager {
|
|
11
11
|
constructor() {
|
|
12
|
-
this.apiEndpoint = process.env.CRAWLFORGE_API_URL || 'https://api.crawlforge.
|
|
12
|
+
this.apiEndpoint = process.env.CRAWLFORGE_API_URL || 'https://api.crawlforge.dev';
|
|
13
13
|
this.configPath = path.join(process.env.HOME || process.env.USERPROFILE, '.crawlforge', 'config.json');
|
|
14
14
|
this.config = null;
|
|
15
15
|
this.creditCache = new Map();
|
|
@@ -95,7 +95,7 @@ class AuthManager {
|
|
|
95
95
|
|
|
96
96
|
if (!apiKey) {
|
|
97
97
|
console.log('❌ API key is required for setup');
|
|
98
|
-
console.log('Get your API key from: https://crawlforge.
|
|
98
|
+
console.log('Get your API key from: https://www.crawlforge.dev/dashboard/api-keys');
|
|
99
99
|
return false;
|
|
100
100
|
}
|
|
101
101
|
|