fantsec-docmost-cli 2.2.1 → 2.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/__tests__/mcp.test.js +28 -0
- package/build/mcp.js +13 -5
- package/package.json +1 -1
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { afterEach, beforeEach, describe, expect, it } from "vitest";
|
|
2
|
+
import { resolveToolAuthContext } from "../mcp.js";
|
|
3
|
+
const ORIGINAL_ENV = { ...process.env };
|
|
4
|
+
beforeEach(() => {
|
|
5
|
+
process.env = {
|
|
6
|
+
...ORIGINAL_ENV,
|
|
7
|
+
DOCMOST_API_URL: "https://docs.example.com/api",
|
|
8
|
+
};
|
|
9
|
+
});
|
|
10
|
+
afterEach(() => {
|
|
11
|
+
process.env = { ...ORIGINAL_ENV };
|
|
12
|
+
});
|
|
13
|
+
describe("docmost MCP auth resolution", () => {
|
|
14
|
+
it("falls back to env auth for local stdio calls without request headers", () => {
|
|
15
|
+
expect(resolveToolAuthContext(undefined)).toBeUndefined();
|
|
16
|
+
});
|
|
17
|
+
it("parses bearer token headers for remote calls", () => {
|
|
18
|
+
expect(resolveToolAuthContext({
|
|
19
|
+
authorization: "Bearer token-123",
|
|
20
|
+
})).toEqual({
|
|
21
|
+
apiUrl: process.env.DOCMOST_API_URL,
|
|
22
|
+
token: "token-123",
|
|
23
|
+
});
|
|
24
|
+
});
|
|
25
|
+
it("rejects remote calls that omit authorization headers", () => {
|
|
26
|
+
expect(() => resolveToolAuthContext({})).toThrow("Authorization header is required for remote Docmost tool calls.");
|
|
27
|
+
});
|
|
28
|
+
});
|
package/build/mcp.js
CHANGED
|
@@ -74,11 +74,7 @@ export function createMcpServer() {
|
|
|
74
74
|
inputSchema: tool.inputSchema,
|
|
75
75
|
annotations: tool.annotations,
|
|
76
76
|
}, async (args, extra) => {
|
|
77
|
-
const
|
|
78
|
-
if (!authHeader) {
|
|
79
|
-
throw new Error("Authorization header is required for Docmost tool calls.");
|
|
80
|
-
}
|
|
81
|
-
const auth = parseDocmostBearer(extractBearerToken(authHeader));
|
|
77
|
+
const auth = resolveToolAuthContext(extra?.requestInfo?.headers);
|
|
82
78
|
const result = await executeTool(tool, args, auth);
|
|
83
79
|
return {
|
|
84
80
|
content: [
|
|
@@ -93,6 +89,18 @@ export function createMcpServer() {
|
|
|
93
89
|
}
|
|
94
90
|
return server;
|
|
95
91
|
}
|
|
92
|
+
export function resolveToolAuthContext(headers) {
|
|
93
|
+
const authHeader = getAuthorizationHeader(headers);
|
|
94
|
+
if (authHeader) {
|
|
95
|
+
return parseDocmostBearer(extractBearerToken(authHeader));
|
|
96
|
+
}
|
|
97
|
+
// Local stdio MCP calls do not provide request headers. In that case we
|
|
98
|
+
// intentionally fall back to DOCMOST_* env vars so local client configs work.
|
|
99
|
+
if (!headers) {
|
|
100
|
+
return undefined;
|
|
101
|
+
}
|
|
102
|
+
throw new Error("Authorization header is required for remote Docmost tool calls.");
|
|
103
|
+
}
|
|
96
104
|
function getAuthorizationHeader(headers) {
|
|
97
105
|
if (!headers) {
|
|
98
106
|
return undefined;
|