projoflow-mcp-server 1.1.2 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.js +24 -2
  2. package/package.json +1 -1
package/index.js CHANGED
@@ -68,11 +68,18 @@ async function authenticate() {
68
68
 
69
69
  // For client tokens, fetch accessible project IDs
70
70
  if (authContext.token_type === 'client' && authContext.client_id) {
71
- const { data: projectIds } = await supabase.rpc('get_client_project_ids', {
71
+ console.error(`Fetching projects for client ${authContext.client_id}...`);
72
+ const { data: projectIds, error: projectError } = await supabase.rpc('get_client_project_ids', {
72
73
  p_user_id: authContext.user_id,
73
74
  p_client_id: authContext.client_id
74
75
  });
75
- authContext.accessible_project_ids = projectIds || [];
76
+
77
+ if (projectError) {
78
+ console.error(`Error fetching projects: ${projectError.message}`);
79
+ }
80
+ console.error(`Raw projectIds response: ${JSON.stringify(projectIds)}`);
81
+
82
+ authContext.accessible_project_ids = Array.isArray(projectIds) ? projectIds : [];
76
83
  console.error(`Authenticated as CLIENT via API key (${authContext.accessible_project_ids.length} projects accessible)`);
77
84
  } else {
78
85
  console.error(`Authenticated via API key for workspace ${authContext.workspace_id}`);
@@ -831,6 +838,11 @@ async function handleTool(name, args) {
831
838
  }
832
839
 
833
840
  case "get_project_context": {
841
+ // Check access for client tokens
842
+ if (authContext?.token_type === 'client' && !canAccessProject(args.project_id)) {
843
+ throw new Error("Access denied: You don't have access to this project");
844
+ }
845
+
834
846
  const { data, error } = await supabase
835
847
  .from("projects")
836
848
  .select("id, name, context")
@@ -845,6 +857,11 @@ async function handleTool(name, args) {
845
857
  }
846
858
 
847
859
  case "update_project_context": {
860
+ // Check access for client tokens
861
+ if (authContext?.token_type === 'client' && !canAccessProject(args.project_id)) {
862
+ throw new Error("Access denied: You don't have access to this project");
863
+ }
864
+
848
865
  const { data, error } = await supabase
849
866
  .from("projects")
850
867
  .update({ context: args.context })
@@ -861,6 +878,11 @@ async function handleTool(name, args) {
861
878
  }
862
879
 
863
880
  case "list_project_documents": {
881
+ // Check access for client tokens
882
+ if (authContext?.token_type === 'client' && !canAccessProject(args.project_id)) {
883
+ throw new Error("Access denied: You don't have access to this project");
884
+ }
885
+
864
886
  const { data, error } = await supabase
865
887
  .from("project_documents")
866
888
  .select("id, name, description, file_path, file_size, mime_type, created_at")
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "projoflow-mcp-server",
3
- "version": "1.1.2",
3
+ "version": "1.1.4",
4
4
  "description": "MCP server for ProjoFlow project management - connect AI tools to your projects",
5
5
  "main": "index.js",
6
6
  "type": "module",