safely parse session id
This commit is contained in:
49
src/main.ts
49
src/main.ts
@@ -1,12 +1,13 @@
|
|||||||
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
|
|
||||||
import pino from "pino";
|
|
||||||
import express from "express";
|
|
||||||
import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
|
import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
|
||||||
import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
|
import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
|
||||||
import crypto from "crypto";
|
import express from "express";
|
||||||
|
import pino from "pino";
|
||||||
|
import { z } from "zod";
|
||||||
|
|
||||||
import { outlineMcpFactory } from "./outline";
|
import { outlineMcpFactory } from "./outline";
|
||||||
|
|
||||||
|
const sessionIdSchema = z.string().uuid();
|
||||||
|
|
||||||
async function main() {
|
async function main() {
|
||||||
const logger = pino({
|
const logger = pino({
|
||||||
level: "debug",
|
level: "debug",
|
||||||
@@ -24,12 +25,40 @@ async function main() {
|
|||||||
},
|
},
|
||||||
"Received MCP request"
|
"Received MCP request"
|
||||||
);
|
);
|
||||||
const sessionId = req.headers["mcp-session-id"] as string | undefined;
|
const sessionIdHeader = req.headers["mcp-session-id"] as string | undefined;
|
||||||
let transport: StreamableHTTPServerTransport;
|
let transport: StreamableHTTPServerTransport;
|
||||||
|
|
||||||
if (sessionId && transports[sessionId]) {
|
if (sessionIdHeader) {
|
||||||
transport = transports[sessionId];
|
const safeSessionId = sessionIdSchema.safeParse(sessionIdHeader);
|
||||||
} else if (!sessionId && isInitializeRequest(req.body)) {
|
if (!safeSessionId.success) {
|
||||||
|
logger.error("Invalid session ID format");
|
||||||
|
res.status(400).json({
|
||||||
|
jsonrpc: "2.0",
|
||||||
|
error: {
|
||||||
|
code: -32000,
|
||||||
|
message: "Invalid session ID format",
|
||||||
|
},
|
||||||
|
id: null,
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const sessionId = safeSessionId.data;
|
||||||
|
if (transports[sessionId]) {
|
||||||
|
transport = transports[sessionId];
|
||||||
|
} else {
|
||||||
|
logger.error("Session not found");
|
||||||
|
res.status(400).json({
|
||||||
|
jsonrpc: "2.0",
|
||||||
|
error: {
|
||||||
|
code: -32000,
|
||||||
|
message: "Session not found",
|
||||||
|
},
|
||||||
|
id: null,
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else if (isInitializeRequest(req.body)) {
|
||||||
transport = new StreamableHTTPServerTransport({
|
transport = new StreamableHTTPServerTransport({
|
||||||
sessionIdGenerator: () => crypto.randomUUID(),
|
sessionIdGenerator: () => crypto.randomUUID(),
|
||||||
onsessioninitialized: (sessionId) => {
|
onsessioninitialized: (sessionId) => {
|
||||||
@@ -42,7 +71,9 @@ async function main() {
|
|||||||
delete transports[transport.sessionId];
|
delete transports[transport.sessionId];
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
const outlineMcpServer = outlineMcpFactory(logger);
|
const outlineMcpServer = outlineMcpFactory(
|
||||||
|
logger.child({ sessionId: transport.sessionId })
|
||||||
|
);
|
||||||
|
|
||||||
await outlineMcpServer.connect(transport);
|
await outlineMcpServer.connect(transport);
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Reference in New Issue
Block a user