npm - vmoo-mcp-database-server - Versions diffs - 1.2.0 → 1.2.2 - Mend

vmoo-mcp-database-server 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +214 -178
package/bin/vmoo-mcp-deliver.js +45 -45
package/bin/vmoo-mcp-dev.js +45 -45
package/bin/vmoo-mcp-prod.js +45 -45
package/bin/vmoo-mcp-server.js +81 -81
package/index.js +38 -38
package/package.json +61 -61
package/shared/database-utils.js +123 -102
package/shared/privacy-utils.js +207 -207
package/shared/security-utils.js +219 -219
package/shared/time-utils.js +62 -62
package/vmoo-database-deliver/config.json +25 -25
package/vmoo-database-deliver/package.json +26 -26
package/vmoo-database-deliver/server.js +297 -297
package/vmoo-database-dev/config.json +25 -25
package/vmoo-database-dev/package.json +32 -32
package/vmoo-database-dev/server.js +294 -294
package/vmoo-database-prod/config.json +41 -41
package/vmoo-database-prod/package.json +33 -33
package/vmoo-database-prod/server.js +313 -313

package/shared/security-utils.js CHANGED Viewed

@@ -1,219 +1,219 @@
-// VMOO MCP服务器安全检查工具
-/**
- * 安全检查配置
- */
-const SECURITY_LEVELS = {
-  PRODUCTION: 'production',    // 生产环境：只读+防爬虫+数据匿名化
-  DEVELOPMENT: 'development'   // 开发环境：读写但禁止删除
-};
-/**
- * 查询频率限制器
- */
-class QueryRateLimiter {
-  constructor() {
-    this.queryHistory = new Map(); // clientId -> [timestamps]
-    this.maxQueriesPerMinute = 10;
-    this.cleanupInterval = 60000; // 1分钟清理一次
-    // 定期清理过期记录
-    setInterval(() => this.cleanup(), this.cleanupInterval);
-  }
-  /**
-   * 检查查询频率是否超限
-   * @param {string} clientId 客户端ID
-   * @returns {boolean} 是否允许查询
-   */
-  checkRateLimit(clientId = 'default') {
-    const now = Date.now();
-    const oneMinuteAgo = now - 60000;
-    if (!this.queryHistory.has(clientId)) {
-      this.queryHistory.set(clientId, []);
-    }
-    const clientQueries = this.queryHistory.get(clientId);
-    // 移除1分钟前的查询记录
-    const recentQueries = clientQueries.filter(timestamp => timestamp > oneMinuteAgo);
-    if (recentQueries.length >= this.maxQueriesPerMinute) {
-      return false; // 超过频率限制
-    }
-    // 记录本次查询
-    recentQueries.push(now);
-    this.queryHistory.set(clientId, recentQueries);
-    return true;
-  }
-  /**
-   * 清理过期记录
-   */
-  cleanup() {
-    const oneMinuteAgo = Date.now() - 60000;
-    for (const [clientId, queries] of this.queryHistory.entries()) {
-      const recentQueries = queries.filter(timestamp => timestamp > oneMinuteAgo);
-      if (recentQueries.length === 0) {
-        this.queryHistory.delete(clientId);
-      } else {
-        this.queryHistory.set(clientId, recentQueries);
-      }
-    }
-  }
-}
-// 全局频率限制器实例
-const rateLimiter = new QueryRateLimiter();
-/**
- * 检查查询复杂度，防止爬虫
- * @param {string} query SQL查询语句
- * @returns {Object} 检查结果
- */
-function checkQueryComplexity(query) {
-  const lowerQuery = query.toLowerCase();
-  // 检查可能的批量爬取模式
-  const suspiciousPatterns = [
-    /select\s+\*\s+from\s+\w+\s*$/i,                    // SELECT * FROM table (无WHERE条件)
-    /select\s+\*\s+from\s+\w+\s+limit\s+[5-9]\d+/i,    // 大量LIMIT (50+)
-    /select\s+\*\s+from\s+\w+\s+where\s+id\s*>\s*\d+\s+limit\s+\d+/i, // 按ID范围批量查询
-    /union\s+all/i,                                     // UNION ALL 可能用于批量查询
-    /order\s+by\s+id\s+limit\s+\d+\s*,\s*\d+/i,        // 分页查询大量数据
-  ];
-  for (const pattern of suspiciousPatterns) {
-    if (pattern.test(query)) {
-      return {
-        allowed: false,
-        reason: '检测到可能的批量数据爬取行为，查询被拒绝'
-      };
-    }
-  }
-  // 检查LIMIT值
-  const limitMatch = query.match(/limit\s+(\d+)/i);
-  if (limitMatch) {
-    const limitValue = parseInt(limitMatch[1]);
-    if (limitValue > 50) {
-      return {
-        allowed: false,
-        reason: '单次查询最多返回50条记录，防止数据爬取'
-      };
-    }
-  }
-  return { allowed: true, reason: '查询复杂度检查通过' };
-}
-/**
- * 执行安全检查
- * @param {string} query SQL查询语句
- * @param {string} securityLevel 安全级别
- * @param {string} clientId 客户端ID
- * @returns {Object} 检查结果
- */
-function performSecurityCheck(query, securityLevel = SECURITY_LEVELS.DEVELOPMENT, clientId = 'default') {
-  const trimmedQuery = query.trim();
-  // 生产环境需要检查频率限制
-  if (securityLevel === SECURITY_LEVELS.PRODUCTION) {
-    if (!rateLimiter.checkRateLimit(clientId)) {
-      return {
-        allowed: false,
-        reason: '查询频率过高，请稍后再试（每分钟最多10次查询）'
-      };
-    }
-    // 检查查询复杂度
-    const complexityCheck = checkQueryComplexity(trimmedQuery);
-    if (!complexityCheck.allowed) {
-      return complexityCheck;
-    }
-  }
-  switch (securityLevel) {
-    case SECURITY_LEVELS.PRODUCTION:
-      return checkProductionSecurity(trimmedQuery);
-    case SECURITY_LEVELS.DEVELOPMENT:
-      return checkDevelopmentSecurity(trimmedQuery);
-    default:
-      return {
-        allowed: false,
-        reason: '未知的安全级别'
-      };
-  }
-}
-/**
- * 生产环境安全检查：只读
- */
-function checkProductionSecurity(query) {
-  // 只允许查询操作
-  const allowedPattern = /^\s*(SELECT|SHOW|DESCRIBE|DESC|EXPLAIN)\s+/i;
-  if (!allowedPattern.test(query)) {
-    return {
-      allowed: false,
-      reason: '生产环境仅支持查询操作（SELECT、SHOW、DESCRIBE等）'
-    };
-  }
-  return { allowed: true, reason: '查询操作被允许' };
-}
-/**
- * 开发环境安全检查：读写但禁止删除
- */
-function checkDevelopmentSecurity(query) {
-  // 禁止所有删除操作
-  const dangerousPattern = /^\s*(DROP\s+(DATABASE|SCHEMA)|TRUNCATE\s+DATABASE|DELETE\s+FROM)/i;
-  if (dangerousPattern.test(query)) {
-    return {
-      allowed: false,
-      reason: '禁止执行删除操作，开发环境仅支持查询、插入和更新操作'
-    };
-  }
-  // 允许的操作
-  const allowedPattern = /^\s*(SELECT|SHOW|DESCRIBE|DESC|EXPLAIN|INSERT|UPDATE|ALTER\s+TABLE|CREATE\s+TABLE)\s+/i;
-  if (!allowedPattern.test(query)) {
-    return {
-      allowed: false,
-      reason: '仅支持SELECT、INSERT、UPDATE、ALTER TABLE、CREATE TABLE等操作'
-    };
-  }
-  return { allowed: true, reason: '操作被允许' };
-}
-/**
- * 处理查询限制
- * @param {string} query 原始查询
- * @param {number} defaultLimit 默认限制
- * @returns {string} 处理后的查询
- */
-function applyQueryLimits(query, defaultLimit = 100) {
-  // 如果是SELECT查询且没有LIMIT，添加LIMIT
-  if (/^\s*SELECT\s+/i.test(query) && !/\bLIMIT\s+\d+/i.test(query)) {
-    return `${query} LIMIT ${defaultLimit}`;
-  }
-  return query;
-}
-export {
-  SECURITY_LEVELS,
-  performSecurityCheck,
-  applyQueryLimits,
-  checkQueryComplexity,
-  QueryRateLimiter
-};
+// VMOO MCP服务器安全检查工具
+/**
+ * 安全检查配置
+ */
+const SECURITY_LEVELS = {
+  PRODUCTION: 'production',    // 生产环境：只读+防爬虫+数据匿名化
+  DEVELOPMENT: 'development'   // 开发环境：读写但禁止删除
+};
+/**
+ * 查询频率限制器
+ */
+class QueryRateLimiter {
+  constructor() {
+    this.queryHistory = new Map(); // clientId -> [timestamps]
+    this.maxQueriesPerMinute = 10;
+    this.cleanupInterval = 60000; // 1分钟清理一次
+    // 定期清理过期记录
+    setInterval(() => this.cleanup(), this.cleanupInterval);
+  }
+  /**
+   * 检查查询频率是否超限
+   * @param {string} clientId 客户端ID
+   * @returns {boolean} 是否允许查询
+   */
+  checkRateLimit(clientId = 'default') {
+    const now = Date.now();
+    const oneMinuteAgo = now - 60000;
+    if (!this.queryHistory.has(clientId)) {
+      this.queryHistory.set(clientId, []);
+    }
+    const clientQueries = this.queryHistory.get(clientId);
+    // 移除1分钟前的查询记录
+    const recentQueries = clientQueries.filter(timestamp => timestamp > oneMinuteAgo);
+    if (recentQueries.length >= this.maxQueriesPerMinute) {
+      return false; // 超过频率限制
+    }
+    // 记录本次查询
+    recentQueries.push(now);
+    this.queryHistory.set(clientId, recentQueries);
+    return true;
+  }
+  /**
+   * 清理过期记录
+   */
+  cleanup() {
+    const oneMinuteAgo = Date.now() - 60000;
+    for (const [clientId, queries] of this.queryHistory.entries()) {
+      const recentQueries = queries.filter(timestamp => timestamp > oneMinuteAgo);
+      if (recentQueries.length === 0) {
+        this.queryHistory.delete(clientId);
+      } else {
+        this.queryHistory.set(clientId, recentQueries);
+      }
+    }
+  }
+}
+// 全局频率限制器实例
+const rateLimiter = new QueryRateLimiter();
+/**
+ * 检查查询复杂度，防止爬虫
+ * @param {string} query SQL查询语句
+ * @returns {Object} 检查结果
+ */
+function checkQueryComplexity(query) {
+  const lowerQuery = query.toLowerCase();
+  // 检查可能的批量爬取模式
+  const suspiciousPatterns = [
+    /select\s+\*\s+from\s+\w+\s*$/i,                    // SELECT * FROM table (无WHERE条件)
+    /select\s+\*\s+from\s+\w+\s+limit\s+[5-9]\d+/i,    // 大量LIMIT (50+)
+    /select\s+\*\s+from\s+\w+\s+where\s+id\s*>\s*\d+\s+limit\s+\d+/i, // 按ID范围批量查询
+    /union\s+all/i,                                     // UNION ALL 可能用于批量查询
+    /order\s+by\s+id\s+limit\s+\d+\s*,\s*\d+/i,        // 分页查询大量数据
+  ];
+  for (const pattern of suspiciousPatterns) {
+    if (pattern.test(query)) {
+      return {
+        allowed: false,
+        reason: '检测到可能的批量数据爬取行为，查询被拒绝'
+      };
+    }
+  }
+  // 检查LIMIT值
+  const limitMatch = query.match(/limit\s+(\d+)/i);
+  if (limitMatch) {
+    const limitValue = parseInt(limitMatch[1]);
+    if (limitValue > 50) {
+      return {
+        allowed: false,
+        reason: '单次查询最多返回50条记录，防止数据爬取'
+      };
+    }
+  }
+  return { allowed: true, reason: '查询复杂度检查通过' };
+}
+/**
+ * 执行安全检查
+ * @param {string} query SQL查询语句
+ * @param {string} securityLevel 安全级别
+ * @param {string} clientId 客户端ID
+ * @returns {Object} 检查结果
+ */
+function performSecurityCheck(query, securityLevel = SECURITY_LEVELS.DEVELOPMENT, clientId = 'default') {
+  const trimmedQuery = query.trim();
+  // 生产环境需要检查频率限制
+  if (securityLevel === SECURITY_LEVELS.PRODUCTION) {
+    if (!rateLimiter.checkRateLimit(clientId)) {
+      return {
+        allowed: false,
+        reason: '查询频率过高，请稍后再试（每分钟最多10次查询）'
+      };
+    }
+    // 检查查询复杂度
+    const complexityCheck = checkQueryComplexity(trimmedQuery);
+    if (!complexityCheck.allowed) {
+      return complexityCheck;
+    }
+  }
+  switch (securityLevel) {
+    case SECURITY_LEVELS.PRODUCTION:
+      return checkProductionSecurity(trimmedQuery);
+    case SECURITY_LEVELS.DEVELOPMENT:
+      return checkDevelopmentSecurity(trimmedQuery);
+    default:
+      return {
+        allowed: false,
+        reason: '未知的安全级别'
+      };
+  }
+}
+/**
+ * 生产环境安全检查：只读
+ */
+function checkProductionSecurity(query) {
+  // 只允许查询操作
+  const allowedPattern = /^\s*(SELECT|SHOW|DESCRIBE|DESC|EXPLAIN)\s+/i;
+  if (!allowedPattern.test(query)) {
+    return {
+      allowed: false,
+      reason: '生产环境仅支持查询操作（SELECT、SHOW、DESCRIBE等）'
+    };
+  }
+  return { allowed: true, reason: '查询操作被允许' };
+}
+/**
+ * 开发环境安全检查：读写但禁止删除
+ */
+function checkDevelopmentSecurity(query) {
+  // 禁止所有删除操作
+  const dangerousPattern = /^\s*(DROP\s+(DATABASE|SCHEMA)|TRUNCATE\s+DATABASE|DELETE\s+FROM)/i;
+  if (dangerousPattern.test(query)) {
+    return {
+      allowed: false,
+      reason: '禁止执行删除操作，开发环境仅支持查询、插入和更新操作'
+    };
+  }
+  // 允许的操作
+  const allowedPattern = /^\s*(SELECT|SHOW|DESCRIBE|DESC|EXPLAIN|INSERT|UPDATE|ALTER\s+TABLE|CREATE\s+TABLE)\s+/i;
+  if (!allowedPattern.test(query)) {
+    return {
+      allowed: false,
+      reason: '仅支持SELECT、INSERT、UPDATE、ALTER TABLE、CREATE TABLE等操作'
+    };
+  }
+  return { allowed: true, reason: '操作被允许' };
+}
+/**
+ * 处理查询限制
+ * @param {string} query 原始查询
+ * @param {number} defaultLimit 默认限制
+ * @returns {string} 处理后的查询
+ */
+function applyQueryLimits(query, defaultLimit = 100) {
+  // 如果是SELECT查询且没有LIMIT，添加LIMIT
+  if (/^\s*SELECT\s+/i.test(query) && !/\bLIMIT\s+\d+/i.test(query)) {
+    return `${query} LIMIT ${defaultLimit}`;
+  }
+  return query;
+}
+export {
+  SECURITY_LEVELS,
+  performSecurityCheck,
+  applyQueryLimits,
+  checkQueryComplexity,
+  QueryRateLimiter
+};

package/shared/time-utils.js CHANGED Viewed

@@ -1,62 +1,62 @@
-// VMOO时区处理工具函数
-/**
- * VMOO时区处理函数 - 将UTC时间戳转换为北京时间
- * @param {number} utcTimestamp UTC时间戳
- * @param {string} format 格式化字符串
- * @returns {string} 格式化后的北京时间
- */
-function toVmooDate(utcTimestamp, format = 'Y-m-d H:i:s') {
-  if (!utcTimestamp) return '';
-  // VMOO的TIME_ZONE配置为8（北京时间）
-  const timezone = 8;
-  const beijingTime = utcTimestamp + timezone * 3600;
-  const date = new Date(beijingTime * 1000);
-  // 格式化日期
-  const year = date.getFullYear();
-  const month = String(date.getMonth() + 1).padStart(2, '0');
-  const day = String(date.getDate()).padStart(2, '0');
-  const hour = String(date.getHours()).padStart(2, '0');
-  const minute = String(date.getMinutes()).padStart(2, '0');
-  const second = String(date.getSeconds()).padStart(2, '0');
-  if (format === 'Y-m-d H:i:s') {
-    return `${year}-${month}-${day} ${hour}:${minute}:${second}`;
-  } else if (format === 'Y-m-d') {
-    return `${year}-${month}-${day}`;
-  }
-  return `${year}-${month}-${day} ${hour}:${minute}:${second}`;
-}
-/**
- * 处理查询结果中的时间字段
- * @param {Array} rows 查询结果
- * @returns {Array} 处理后的结果
- */
-function processTimeFields(rows) {
-  if (!Array.isArray(rows)) return rows;
-  const timeFields = ['create_time', 'update_time', 'delivery_time', 'pickup_time', 'order_time', 'pay_time'];
-  return rows.map(row => {
-    const processedRow = { ...row };
-    timeFields.forEach(field => {
-      if (processedRow[field] && typeof processedRow[field] === 'number') {
-        // 添加格式化后的时间字段
-        processedRow[`${field}_formatted`] = toVmooDate(processedRow[field]);
-      }
-    });
-    return processedRow;
-  });
-}
-export {
-  toVmooDate,
-  processTimeFields
-};
+// VMOO时区处理工具函数
+/**
+ * VMOO时区处理函数 - 将UTC时间戳转换为北京时间
+ * @param {number} utcTimestamp UTC时间戳
+ * @param {string} format 格式化字符串
+ * @returns {string} 格式化后的北京时间
+ */
+function toVmooDate(utcTimestamp, format = 'Y-m-d H:i:s') {
+  if (!utcTimestamp) return '';
+  // VMOO的TIME_ZONE配置为8（北京时间）
+  const timezone = 8;
+  const beijingTime = utcTimestamp + timezone * 3600;
+  const date = new Date(beijingTime * 1000);
+  // 格式化日期
+  const year = date.getFullYear();
+  const month = String(date.getMonth() + 1).padStart(2, '0');
+  const day = String(date.getDate()).padStart(2, '0');
+  const hour = String(date.getHours()).padStart(2, '0');
+  const minute = String(date.getMinutes()).padStart(2, '0');
+  const second = String(date.getSeconds()).padStart(2, '0');
+  if (format === 'Y-m-d H:i:s') {
+    return `${year}-${month}-${day} ${hour}:${minute}:${second}`;
+  } else if (format === 'Y-m-d') {
+    return `${year}-${month}-${day}`;
+  }
+  return `${year}-${month}-${day} ${hour}:${minute}:${second}`;
+}
+/**
+ * 处理查询结果中的时间字段
+ * @param {Array} rows 查询结果
+ * @returns {Array} 处理后的结果
+ */
+function processTimeFields(rows) {
+  if (!Array.isArray(rows)) return rows;
+  const timeFields = ['create_time', 'update_time', 'delivery_time', 'pickup_time', 'order_time', 'pay_time'];
+  return rows.map(row => {
+    const processedRow = { ...row };
+    timeFields.forEach(field => {
+      if (processedRow[field] && typeof processedRow[field] === 'number') {
+        // 添加格式化后的时间字段
+        processedRow[`${field}_formatted`] = toVmooDate(processedRow[field]);
+      }
+    });
+    return processedRow;
+  });
+}
+export {
+  toVmooDate,
+  processTimeFields
+};

package/vmoo-database-deliver/config.json CHANGED Viewed

@@ -1,25 +1,25 @@
-{
-  "database": {
-    "host": "118.25.190.11",
-    "port": 3306,
-    "user": "ceshi_deliver",
-    "password": "Gf8G3pEnm7pjRMGE",
-    "database": "ceshi_deliver",
-    "charset": "utf8mb4"
-  },
-  "security": {
-    "level": "development",
-    "description": "配送测试站：允许查询、插入、更新，禁止删除操作",
-    "features": [
-      "SELECT、INSERT、UPDATE、ALTER TABLE、CREATE TABLE",
-      "禁止DELETE、DROP TABLE、DROP DATABASE",
-      "自动LIMIT限制",
-      "时区自动转换"
-    ]
-  },
-  "server": {
-    "name": "vmoo-database-deliver-server",
-    "version": "1.0.0",
-    "description": "配送测试站数据库服务器"
-  }
-}
+{
+  "database": {
+    "host": "118.25.190.11",
+    "port": 3306,
+    "user": "ceshi_deliver",
+    "password": "${DELIVER_PASSWORD}",
+    "database": "ceshi_deliver",
+    "charset": "utf8mb4"
+  },
+  "security": {
+    "level": "development",
+    "description": "配送测试站：允许查询、插入、更新，禁止删除操作",
+    "features": [
+      "SELECT、INSERT、UPDATE、ALTER TABLE、CREATE TABLE",
+      "禁止DELETE、DROP TABLE、DROP DATABASE",
+      "自动LIMIT限制",
+      "时区自动转换"
+    ]
+  },
+  "server": {
+    "name": "vmoo-database-deliver-server",
+    "version": "1.0.0",
+    "description": "配送测试站数据库服务器"
+  }
+}

package/vmoo-database-deliver/package.json CHANGED Viewed

@@ -1,26 +1,26 @@
-{
-  "name": "vmoo-database-deliver-server",
-  "version": "1.0.0",
-  "description": "VMOO配送测试站数据库MCP服务器",
-  "type": "module",
-  "main": "server.js",
-  "scripts": {
-    "start": "node server.js",
-    "dev": "node server.js",
-    "test": "echo \"配送测试站MCP服务器测试通过\" && exit 0"
-  },
-  "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.17.2",
-    "mysql2": "^3.6.5"
-  },
-  "keywords": [
-    "mcp",
-    "database",
-    "mysql",
-    "vmoo",
-    "deliver",
-    "配送测试站"
-  ],
-  "author": "VMOO Team",
-  "license": "MIT"
-}
+{
+  "name": "vmoo-database-deliver-server",
+  "version": "1.0.0",
+  "description": "VMOO配送测试站数据库MCP服务器",
+  "type": "module",
+  "main": "server.js",
+  "scripts": {
+    "start": "node server.js",
+    "dev": "node server.js",
+    "test": "echo \"配送测试站MCP服务器测试通过\" && exit 0"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.17.2",
+    "mysql2": "^3.6.5"
+  },
+  "keywords": [
+    "mcp",
+    "database",
+    "mysql",
+    "vmoo",
+    "deliver",
+    "配送测试站"
+  ],
+  "author": "VMOO Team",
+  "license": "MIT"
+}