Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-07 08:25:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat(mcp): enhance MCP server dialog with headers, custom variables, and comprehensive tests

Browse source 
- Add HTTP headers section with secret toggle and variable picker
- Add custom user variables definition section
- Add chat menu and server instructions options in advanced section
- Implement form validation and encryption for sensitive data
- Add comprehensive unit tests (110 tests) for all new components
- Fix useWatch synchronization issues in form components
- Raise variable picker z-index to avoid dialog overlap
This commit is contained in:
Airam Hernández Hernández 2026-03-24 16:31:34 +00:00
parent 5a373825a5
commit 0ff3b46ebd
20 changed files with 3019 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

101
packages/api/src/mcp/registry/db/ServerConfigsDB.ts
View file

@ -217,6 +217,45 @@ export class ServerConfigsDB implements IServerConfigsRepositoryInterface {
};
}
// Retain existing encrypted values for secret headers that were submitted with blank values.
// A blank value means "don't change this secret header" (same pattern as oauth.client_secret).
// Only preserve when:
// 1. The key is explicitly present with an empty string (not omitted entirely)
// 2. The key was already secret in the existing config (to avoid copying plaintext as encrypted)
const newSecretKeys = configToSave.secretHeaderKeys;
if (newSecretKeys?.length && existingServer?.config) {
const existingHeaders = (
existingServer.config as ParsedServerConfig & { headers?: Record<string, string> }
).headers;
const existingSecretKeys = new Set(
(existingServer.config as ParsedServerConfig & { secretHeaderKeys?: string[] })
.secretHeaderKeys ?? [],
);
const currentHeaders = (
configToSave as ParsedServerConfig & { headers?: Record<string, string> }
).headers;
if (existingHeaders && currentHeaders) {
const retainedHeaders = { ...currentHeaders };
for (const secretKey of newSecretKeys) {
// Check if the header key exists in the payload with an explicitly blank string value.
// If the key is omitted entirely, allow removal; only preserve on blank string (masked).
// Also verify this key was already secret to avoid treating plaintext as encrypted.
if (
Object.prototype.hasOwnProperty.call(retainedHeaders, secretKey) &&
retainedHeaders[secretKey] === '' &&
existingSecretKeys.has(secretKey)
) {
const existingValue = existingHeaders[secretKey];
if (existingValue) {
retainedHeaders[secretKey] = existingValue;
}
}
}
(configToSave as ParsedServerConfig & { headers?: Record<string, string> }).headers =
retainedHeaders;
}
}
await this._dbMethods.updateMCPServer(serverName, { config: configToSave });
}
@ -469,7 +508,8 @@ export class ServerConfigsDB implements IServerConfigsRepositoryInterface {
/**
* Encrypts sensitive fields in config before database storage.
* Encrypts oauth.client_secret and apiKey.key (when source === 'admin').
* Encrypts oauth.client_secret, apiKey.key (when source === 'admin'),
* and header values listed in secretHeaderKeys.
* Throws on failure to prevent storing plaintext secrets.
*/
private async encryptConfig(config: ParsedServerConfig): Promise<ParsedServerConfig> {
@ -502,12 +542,41 @@ export class ServerConfigsDB implements IServerConfigsRepositoryInterface {
}
}
const secretHeaderKeys = result.secretHeaderKeys;
if (secretHeaderKeys?.length) {
const resultWithHeaders = result as ParsedServerConfig & { headers?: Record<string, string> };
if (resultWithHeaders.headers) {
const encryptedHeaders = { ...resultWithHeaders.headers };
// Deduplicate to avoid double-encryption
const uniqueSecretKeys = Array.from(new Set(secretHeaderKeys));
for (const secretKey of uniqueSecretKeys) {
const val = encryptedHeaders[secretKey];
if (val) {
try {
encryptedHeaders[secretKey] = await encryptV2(val);
} catch (error) {
logger.error(
`[ServerConfigsDB.encryptConfig] Failed to encrypt header "${secretKey}"`,
error,
);
throw new Error('Failed to encrypt MCP server configuration');
}
}
}
resultWithHeaders.headers = encryptedHeaders;
// Normalize secretHeaderKeys to the deduped list for consistency
result.secretHeaderKeys = uniqueSecretKeys;
result = resultWithHeaders as ParsedServerConfig;
}
}
return result;
}
/**
* Decrypts sensitive fields in config after database retrieval.
* Decrypts oauth.client_secret and apiKey.key (when source === 'admin').
* Decrypts oauth.client_secret, apiKey.key (when source === 'admin'),
* and header values listed in secretHeaderKeys.
* Returns config without secret on failure (graceful degradation).
*/
private async decryptConfig(config: ParsedServerConfig): Promise<ParsedServerConfig> {
@ -554,6 +623,34 @@ export class ServerConfigsDB implements IServerConfigsRepositoryInterface {
}
}
const secretHeaderKeys = result.secretHeaderKeys;
if (secretHeaderKeys?.length) {
const resultWithHeaders = result as ParsedServerConfig & { headers?: Record<string, string> };
if (resultWithHeaders.headers) {
const decryptedHeaders = { ...resultWithHeaders.headers };
// Deduplicate to avoid double-decryption
const uniqueSecretKeys = Array.from(new Set(secretHeaderKeys));
for (const secretKey of uniqueSecretKeys) {
const val = decryptedHeaders[secretKey];
if (val) {
try {
decryptedHeaders[secretKey] = await decryptV2(val);
} catch (error) {
logger.warn(
`[ServerConfigsDB.decryptConfig] Failed to decrypt header "${secretKey}", returning empty value`,
error,
);
decryptedHeaders[secretKey] = '';
}
}
}
resultWithHeaders.headers = decryptedHeaders;
// Normalize secretHeaderKeys to the deduped list for consistency
result.secretHeaderKeys = uniqueSecretKeys;
result = resultWithHeaders as ParsedServerConfig;
}
}
return result;
}
}