mcp-wordpress 1.2.2 → 1.3.0

package/src/security/SecurityConfig.ts

@@ -2,68 +2,68 @@
  * Security configuration and constants for MCP WordPress
  */
 
-import { randomBytes } from 'crypto';
+import { randomBytes } from "crypto";
 
 export const SecurityConfig = {
   // Rate limiting
   rateLimiting: {
     default: {
       windowMs: 60 * 1000, // 1 minute
-      maxRequests: 60
+      maxRequests: 60,
     },
     authentication: {
       windowMs: 5 * 60 * 1000, // 5 minutes
-      maxAttempts: 5
+      maxAttempts: 5,
     },
     upload: {
       windowMs: 60 * 1000, // 1 minute
-      maxRequests: 10
-    }
+      maxRequests: 10,
+    },
   },
 
   // File upload restrictions
   fileUpload: {
     maxSizeMB: 10,
     allowedMimeTypes: [
-      'image/jpeg',
-      'image/png',
-      'image/gif',
-      'image/webp',
-      'image/svg+xml',
-      'application/pdf',
-      'application/msword',
-      'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
-      'application/vnd.ms-excel',
-      'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
-      'text/plain',
-      'text/csv'
+      "image/jpeg",
+      "image/png",
+      "image/gif",
+      "image/webp",
+      "image/svg+xml",
+      "application/pdf",
+      "application/msword",
+      "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+      "application/vnd.ms-excel",
+      "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+      "text/plain",
+      "text/csv",
     ],
     // Dangerous file extensions to block
     blockedExtensions: [
-      '.exe',
-      '.bat',
-      '.cmd',
-      '.com',
-      '.pif',
-      '.scr',
-      '.vbs',
-      '.js',
-      '.jar',
-      '.zip',
-      '.rar',
-      '.tar',
-      '.php',
-      '.php3',
-      '.php4',
-      '.php5',
-      '.phtml',
-      '.sh',
-      '.bash',
-      '.zsh',
-      '.fish',
-      '.ps1',
-      '.psm1'
-    ]
+      ".exe",
+      ".bat",
+      ".cmd",
+      ".com",
+      ".pif",
+      ".scr",
+      ".vbs",
+      ".js",
+      ".jar",
+      ".zip",
+      ".rar",
+      ".tar",
+      ".php",
+      ".php3",
+      ".php4",
+      ".php5",
+      ".phtml",
+      ".sh",
+      ".bash",
+      ".zsh",
+      ".fish",
+      ".ps1",
+      ".psm1",
+    ],
   },
 
   // Input validation
@@ -76,58 +76,58 @@ export const SecurityConfig = {
     maxUsernameLength: 60,
     minUsernameLength: 3,
     maxPasswordLength: 128,
-    minPasswordLength: 8
+    minPasswordLength: 8,
   },
 
   // Request timeouts (milliseconds)
   timeouts: {
     default: 30000, // 30 seconds
     upload: 600000, // 10 minutes
-    auth: 10000 // 10 seconds
+    auth: 10000, // 10 seconds
   },
 
   // Security headers
   headers: {
-    'X-Content-Type-Options': 'nosniff',
-    'X-Frame-Options': 'DENY',
-    'X-XSS-Protection': '1; mode=block',
-    'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
-    'Content-Security-Policy': 'default-src \'self\''
+    "X-Content-Type-Options": "nosniff",
+    "X-Frame-Options": "DENY",
+    "X-XSS-Protection": "1; mode=block",
+    "Strict-Transport-Security": "max-age=31536000; includeSubDomains",
+    "Content-Security-Policy": "default-src 'self'",
   },
 
   // Error messages (generic to avoid information disclosure)
   errorMessages: {
-    authentication: 'Authentication failed. Please check your credentials.',
-    authorization: 'You do not have permission to perform this action.',
-    validation: 'Invalid input provided.',
-    rateLimit: 'Too many requests. Please try again later.',
-    serverError: 'An error occurred processing your request.',
-    notFound: 'The requested resource was not found.'
+    authentication: "Authentication failed. Please check your credentials.",
+    authorization: "You do not have permission to perform this action.",
+    validation: "Invalid input provided.",
+    rateLimit: "Too many requests. Please try again later.",
+    serverError: "An error occurred processing your request.",
+    notFound: "The requested resource was not found.",
   },
 
   // Logging configuration
   logging: {
     // Fields to exclude from logs
     excludeFields: [
-      'password',
-      'appPassword',
-      'app_password',
-      'token',
-      'secret',
-      'authorization',
-      'cookie',
-      'session',
-      'key',
-      'apiKey',
-      'api_key'
+      "password",
+      "appPassword",
+      "app_password",
+      "token",
+      "secret",
+      "authorization",
+      "cookie",
+      "session",
+      "key",
+      "apiKey",
+      "api_key",
     ],
     // Patterns to redact in log messages
     redactPatterns: [
       /password["\s:=]+["']?([^"'\s]+)["']?/gi,
       /token["\s:=]+["']?([^"'\s]+)["']?/gi,
       /secret["\s:=]+["']?([^"'\s]+)["']?/gi,
-      /key["\s:=]+["']?([^"'\s]+)["']?/gi
-    ]
+      /key["\s:=]+["']?([^"'\s]+)["']?/gi,
+    ],
   },
 
   // Cache configuration
@@ -145,16 +145,16 @@ export const SecurityConfig = {
       semiStatic: 2 * 60 * 60 * 1000, // 2 hours - categories, tags, user profiles
       dynamic: 15 * 60 * 1000, // 15 minutes - posts, pages, comments
       session: 30 * 60 * 1000, // 30 minutes - authentication, current user
-      realtime: 60 * 1000 // 1 minute - real-time data
+      realtime: 60 * 1000, // 1 minute - real-time data
     },
 
     // Cache-Control headers by data type
     cacheHeaders: {
-      static: 'public, max-age=14400', // 4 hours
-      semiStatic: 'public, max-age=7200', // 2 hours
-      dynamic: 'public, max-age=900', // 15 minutes
-      session: 'private, max-age=1800', // 30 minutes
-      realtime: 'public, max-age=60' // 1 minute
+      static: "public, max-age=14400", // 4 hours
+      semiStatic: "public, max-age=7200", // 2 hours
+      dynamic: "public, max-age=900", // 15 minutes
+      session: "private, max-age=1800", // 30 minutes
+      realtime: "public, max-age=60", // 1 minute
     },
 
     // Invalidation settings
@@ -162,16 +162,16 @@ export const SecurityConfig = {
       enabled: true,
       batchSize: 100, // Max events to process in one batch
       queueTimeout: 5000, // Max time to wait before processing queue (ms)
-      enableCascading: true // Allow cascading invalidations
+      enableCascading: true, // Allow cascading invalidations
     },
 
     // Memory management
     cleanup: {
       interval: 60 * 1000, // Cleanup interval in milliseconds (1 minute)
       maxMemoryMB: 50, // Maximum memory usage for cache
-      evictionThreshold: 0.8 // Start evicting when 80% full
-    }
-  }
+      evictionThreshold: 0.8, // Start evicting when 80% full
+    },
+  },
 };
 
 /**
@@ -182,7 +182,7 @@ export class SecurityUtils {
    * Redact sensitive information from objects
    */
   static redactSensitiveData(obj: any): any {
-    if (typeof obj !== 'object' || obj === null) {
+    if (typeof obj !== "object" || obj === null) {
       return obj;
     }
 
@@ -191,11 +191,11 @@ export class SecurityUtils {
     for (const key in redacted) {
       if (
         SecurityConfig.logging.excludeFields.some((field) =>
-          key.toLowerCase().includes(field.toLowerCase())
+          key.toLowerCase().includes(field.toLowerCase()),
         )
       ) {
-        redacted[key] = '[REDACTED]';
-      } else if (typeof redacted[key] === 'object') {
+        redacted[key] = "[REDACTED]";
+      } else if (typeof redacted[key] === "object") {
         redacted[key] = SecurityUtils.redactSensitiveData(redacted[key]);
       }
     }
@@ -210,7 +210,7 @@ export class SecurityUtils {
     let redacted = str;
     for (const pattern of SecurityConfig.logging.redactPatterns) {
       redacted = redacted.replace(pattern, (match, value) => {
-        return match.replace(value, '[REDACTED]');
+        return match.replace(value, "[REDACTED]");
       });
     }
     return redacted;
@@ -221,10 +221,10 @@ export class SecurityUtils {
    */
   static generateSecureToken(length: number = 32): string {
     const chars =
-      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
     const array = new Uint8Array(length);
 
-    if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+    if (typeof crypto !== "undefined" && crypto.getRandomValues) {
       crypto.getRandomValues(array);
     } else {
       // Fallback for Node.js
@@ -232,7 +232,7 @@ export class SecurityUtils {
       array.set(buffer);
     }
 
-    return Array.from(array, (byte) => chars[byte % chars.length]).join('');
+    return Array.from(array, (byte) => chars[byte % chars.length]).join("");
   }
 
   /**
@@ -247,10 +247,10 @@ export class SecurityUtils {
    * Sanitize log output
    */
   static sanitizeForLog(data: any): any {
-    if (typeof data === 'string') {
+    if (typeof data === "string") {
       return SecurityUtils.redactString(data);
     }
-    if (typeof data === 'object') {
+    if (typeof data === "object") {
       return SecurityUtils.redactSensitiveData(data);
     }
     return data;
@@ -262,18 +262,18 @@ export class SecurityUtils {
  */
 export function createSecureError(
   error: any,
-  fallbackMessage: string = SecurityConfig.errorMessages.serverError
+  fallbackMessage: string = SecurityConfig.errorMessages.serverError,
 ): Error {
   // Log the actual error for debugging (with sanitization)
-  if (process.env.NODE_ENV !== 'production') {
-    console.error('Secure Error:', SecurityUtils.sanitizeForLog(error));
+  if (process.env.NODE_ENV !== "production") {
+    console.error("Secure Error:", SecurityUtils.sanitizeForLog(error));
   }
 
   // Return generic error to prevent information disclosure
   const secureError = new Error(fallbackMessage);
 
   // Preserve error code if it's safe
-  if (error && typeof error.code === 'string' && !error.code.includes('_')) {
+  if (error && typeof error.code === "string" && !error.code.includes("_")) {
     (secureError as any).code = error.code;
   }
 
@@ -281,7 +281,7 @@ export function createSecureError(
 }
 
 // Import path for file extension checking
-import * as path from 'path';
+import * as path from "path";
 
 /**
  * Environment-specific security settings
@@ -291,11 +291,11 @@ export function getEnvironmentSecurity(): {
   verboseErrors: boolean;
   enforceHttps: boolean;
   } {
-  const isProduction = process.env.NODE_ENV === 'production';
+  const isProduction = process.env.NODE_ENV === "production";
 
   return {
     strictMode: isProduction,
     verboseErrors: !isProduction,
-    enforceHttps: isProduction
+    enforceHttps: isProduction,
   };
 }

package/src/server/ConnectionTester.ts

@@ -1,5 +1,5 @@
-import { WordPressClient } from '../client/api.js';
-import { getErrorMessage } from '../utils/error.js';
+import { WordPressClient } from "../client/api.js";
+import { getErrorMessage } from "../utils/error.js";
 
 /**
  * Service for testing WordPress client connections
@@ -10,27 +10,33 @@ export class ConnectionTester {
    * Test connections to all configured WordPress sites
    */
   public static async testClientConnections(
-    wordpressClients: Map<string, WordPressClient>
+    wordpressClients: Map<string, WordPressClient>,
   ): Promise<void> {
-    console.error('INFO: Testing connections to all configured WordPress sites...');
-    
+    console.error(
+      "INFO: Testing connections to all configured WordPress sites...",
+    );
+
     const connectionPromises = Array.from(wordpressClients.entries()).map(
       async ([siteId, client]) => {
         try {
           await client.ping();
           console.error(`SUCCESS: Connection to site '${siteId}' successful.`);
         } catch (error) {
-          console.error(`ERROR: Failed to connect to site '${siteId}': ${getErrorMessage(error)}`);
-          
+          console.error(
+            `ERROR: Failed to connect to site '${siteId}': ${getErrorMessage(error)}`,
+          );
+
           if (ConnectionTester.isAuthenticationError(error)) {
-            console.error(`Authentication may have failed for site '${siteId}'. Please check credentials.`);
+            console.error(
+              `Authentication may have failed for site '${siteId}'. Please check credentials.`,
+            );
           }
         }
-      }
+      },
     );
-    
+
     await Promise.all(connectionPromises);
-    console.error('INFO: Connection tests complete.');
+    console.error("INFO: Connection tests complete.");
   }
 
   /**
@@ -40,7 +46,7 @@ export class ConnectionTester {
     if (error?.response?.status && [401, 403].includes(error.response.status)) {
       return true;
     }
-    return error?.code === 'WORDPRESS_AUTH_ERROR';
+    return error?.code === "WORDPRESS_AUTH_ERROR";
   }
 
   /**
@@ -60,15 +66,15 @@ export class ConnectionTester {
    * Perform health checks for all clients
    */
   public static async healthCheckAll(
-    wordpressClients: Map<string, WordPressClient>
+    wordpressClients: Map<string, WordPressClient>,
   ): Promise<Map<string, boolean>> {
     const results = new Map<string, boolean>();
-    
+
     for (const [siteId, client] of wordpressClients.entries()) {
       const isHealthy = await ConnectionTester.healthCheck(client);
       results.set(siteId, isHealthy);
     }
-    
+
     return results;
   }
 }

package/src/server/ToolRegistry.ts

@@ -1,8 +1,8 @@
-import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-import { WordPressClient } from '../client/api.js';
-import { getErrorMessage } from '../utils/error.js';
-import * as Tools from '../tools/index.js';
-import { z } from 'zod';
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { WordPressClient } from "../client/api.js";
+import { getErrorMessage } from "../utils/error.js";
+import * as Tools from "../tools/index.js";
+import { z } from "zod";
 
 /**
  * Interface for tool definition
@@ -27,7 +27,10 @@ export class ToolRegistry {
   private server: McpServer;
   private wordpressClients: Map<string, WordPressClient>;
 
-  constructor(server: McpServer, wordpressClients: Map<string, WordPressClient>) {
+  constructor(
+    server: McpServer,
+    wordpressClients: Map<string, WordPressClient>,
+  ) {
     this.server = server;
     this.wordpressClients = wordpressClients;
   }
@@ -39,14 +42,17 @@ export class ToolRegistry {
     // Register all tools from the tools directory
     Object.values(Tools).forEach((ToolClass) => {
       let toolInstance: any;
-      
+
       // Cache and Performance tools need the clients map
-      if (ToolClass.name === 'CacheTools' || ToolClass.name === 'PerformanceTools') {
+      if (
+        ToolClass.name === "CacheTools" ||
+        ToolClass.name === "PerformanceTools"
+      ) {
         toolInstance = new ToolClass(this.wordpressClients);
       } else {
         toolInstance = new (ToolClass as new () => any)();
       }
-      
+
       const tools = toolInstance.getTools();
 
       tools.forEach((tool: ToolDefinition) => {
@@ -65,8 +71,8 @@ export class ToolRegistry {
         .string()
         .optional()
         .describe(
-          'The ID of the WordPress site to target (from mcp-wordpress.config.json). Required if multiple sites are configured.'
-        )
+          "The ID of the WordPress site to target (from mcp-wordpress.config.json). Required if multiple sites are configured.",
+        ),
     };
 
     // Merge with tool-specific parameters
@@ -75,7 +81,7 @@ export class ToolRegistry {
     // Make site parameter required if multiple sites are configured
     if (this.wordpressClients.size > 1) {
       parameterSchema.site = parameterSchema.site.describe(
-        'The ID of the WordPress site to target (from mcp-wordpress.config.json). Required when multiple sites are configured.'
+        "The ID of the WordPress site to target (from mcp-wordpress.config.json). Required when multiple sites are configured.",
       );
     }
 
@@ -85,19 +91,21 @@ export class ToolRegistry {
       parameterSchema,
       async (args: any) => {
         try {
-          const siteId = args.site || 'default';
+          const siteId = args.site || "default";
           const client = this.wordpressClients.get(siteId);
 
           if (!client) {
-            const availableSites = Array.from(this.wordpressClients.keys()).join(', ');
+            const availableSites = Array.from(
+              this.wordpressClients.keys(),
+            ).join(", ");
             return {
               content: [
                 {
-                  type: 'text' as const,
-                  text: `Error: Site with ID '${siteId}' not found. Available sites: ${availableSites}`
-                }
+                  type: "text" as const,
+                  text: `Error: Site with ID '${siteId}' not found. Available sites: ${availableSites}`,
+                },
               ],
-              isError: true
+              isError: true,
             };
           }
 
@@ -107,35 +115,38 @@ export class ToolRegistry {
           return {
             content: [
               {
-                type: 'text' as const,
-                text: typeof result === 'string' ? result : JSON.stringify(result, null, 2)
-              }
-            ]
+                type: "text" as const,
+                text:
+                  typeof result === "string"
+                    ? result
+                    : JSON.stringify(result, null, 2),
+              },
+            ],
           };
         } catch (error) {
           if (this.isAuthenticationError(error)) {
             return {
               content: [
                 {
-                  type: 'text' as const,
-                  text: `Authentication failed for site '${args.site || 'default'}'. Please check your credentials.`
-                }
+                  type: "text" as const,
+                  text: `Authentication failed for site '${args.site || "default"}'. Please check your credentials.`,
+                },
               ],
-              isError: true
+              isError: true,
             };
           }
 
           return {
             content: [
               {
-                type: 'text' as const,
-                text: `Error: ${getErrorMessage(error)}`
-              }
+                type: "text" as const,
+                text: `Error: ${getErrorMessage(error)}`,
+              },
             ],
-            isError: true
+            isError: true,
           };
         }
-      }
+      },
     );
   }
 
@@ -143,23 +154,25 @@ export class ToolRegistry {
    * Build Zod parameter schema from tool definition
    */
   private buildParameterSchema(tool: ToolDefinition, baseSchema: any): any {
-    return tool.parameters?.reduce(
-      (schema: any, param: any) => {
-        let zodType = this.getZodTypeForParameter(param);
+    return (
+      tool.parameters?.reduce(
+        (schema: any, param: any) => {
+          let zodType = this.getZodTypeForParameter(param);
 
-        if (param.description) {
-          zodType = zodType.describe(param.description);
-        }
+          if (param.description) {
+            zodType = zodType.describe(param.description);
+          }
 
-        if (!param.required) {
-          zodType = zodType.optional();
-        }
+          if (!param.required) {
+            zodType = zodType.optional();
+          }
 
-        schema[param.name] = zodType;
-        return schema;
-      },
-      { ...baseSchema }
-    ) || baseSchema;
+          schema[param.name] = zodType;
+          return schema;
+        },
+        { ...baseSchema },
+      ) || baseSchema
+    );
   }
 
   /**
@@ -167,15 +180,15 @@ export class ToolRegistry {
    */
   private getZodTypeForParameter(param: any): z.ZodType {
     switch (param.type) {
-    case 'string':
+    case "string":
       return z.string();
-    case 'number':
+    case "number":
       return z.number();
-    case 'boolean':
+    case "boolean":
       return z.boolean();
-    case 'array':
+    case "array":
       return z.array(z.string());
-    case 'object':
+    case "object":
       return z.record(z.any());
     default:
       return z.string();
@@ -189,6 +202,6 @@ export class ToolRegistry {
     if (error?.response?.status && [401, 403].includes(error.response.status)) {
       return true;
     }
-    return error?.code === 'WORDPRESS_AUTH_ERROR';
+    return error?.code === "WORDPRESS_AUTH_ERROR";
   }
 }

package/src/server.ts

@@ -3,5 +3,5 @@
  * Re-exports the main MCP server class for backward compatibility
  */
 
-export { default as MCPWordPressServer } from './index.js';
-export { default } from './index.js';
+export { default as MCPWordPressServer } from "./index.js";
+export { default } from "./index.js";