mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-16 08:20:14 +01:00
ef1b7f0157
* Decouple mcp config from start up config * Chore: Work on AI Review and Copilot Comments - setRawConfig is not needed since the private raw config is not needed any more - !!serversLoading bug fixed - added unit tests for route /api/mcp/servers - copilot comments addressed * chore: remove comments * chore: rename data-provider dir for MCP * chore: reorganize mcp specific query hooks * fix: consolidate imports for MCP server manager * chore: add dev-staging branch to frontend review workflow triggers * feat: add GitHub Actions workflow for building and pushing Docker images to GitHub Container Registry and Docker Hub * fix: update label for tag input in BookmarkForm tests to improve clarity --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Danny Avila <danny@librechat.ai>
579 lines
18 KiB
JavaScript
579 lines
18 KiB
JavaScript
const { Router } = require('express');
|
|
const { logger } = require('@librechat/data-schemas');
|
|
const { CacheKeys, Constants } = require('librechat-data-provider');
|
|
const {
|
|
createSafeUser,
|
|
MCPOAuthHandler,
|
|
MCPTokenStorage,
|
|
getUserMCPAuthMap,
|
|
mcpServersRegistry,
|
|
} = require('@librechat/api');
|
|
const { getMCPManager, getFlowStateManager, getOAuthReconnectionManager } = require('~/config');
|
|
const { getMCPSetupData, getServerConnectionStatus } = require('~/server/services/MCP');
|
|
const { findToken, updateToken, createToken, deleteTokens } = require('~/models');
|
|
const { getUserPluginAuthValue } = require('~/server/services/PluginService');
|
|
const { updateMCPServerTools } = require('~/server/services/Config/mcp');
|
|
const { reinitMCPServer } = require('~/server/services/Tools/mcp');
|
|
const { getMCPServersList } = require('~/server/controllers/mcp');
|
|
const { getMCPTools } = require('~/server/controllers/mcp');
|
|
const { requireJwtAuth } = require('~/server/middleware');
|
|
const { findPluginAuthsByKeys } = require('~/models');
|
|
const { getLogStores } = require('~/cache');
|
|
|
|
const router = Router();
|
|
|
|
/**
|
|
* Get all MCP tools available to the user
|
|
* Returns only MCP tools, completely decoupled from regular LibreChat tools
|
|
*/
|
|
router.get('/tools', requireJwtAuth, async (req, res) => {
|
|
return getMCPTools(req, res);
|
|
});
|
|
|
|
/**
|
|
* Initiate OAuth flow
|
|
* This endpoint is called when the user clicks the auth link in the UI
|
|
*/
|
|
router.get('/:serverName/oauth/initiate', requireJwtAuth, async (req, res) => {
|
|
try {
|
|
const { serverName } = req.params;
|
|
const { userId, flowId } = req.query;
|
|
const user = req.user;
|
|
|
|
// Verify the userId matches the authenticated user
|
|
if (userId !== user.id) {
|
|
return res.status(403).json({ error: 'User mismatch' });
|
|
}
|
|
|
|
logger.debug('[MCP OAuth] Initiate request', { serverName, userId, flowId });
|
|
|
|
const flowsCache = getLogStores(CacheKeys.FLOWS);
|
|
const flowManager = getFlowStateManager(flowsCache);
|
|
|
|
/** Flow state to retrieve OAuth config */
|
|
const flowState = await flowManager.getFlowState(flowId, 'mcp_oauth');
|
|
if (!flowState) {
|
|
logger.error('[MCP OAuth] Flow state not found', { flowId });
|
|
return res.status(404).json({ error: 'Flow not found' });
|
|
}
|
|
|
|
const { serverUrl, oauth: oauthConfig } = flowState.metadata || {};
|
|
if (!serverUrl || !oauthConfig) {
|
|
logger.error('[MCP OAuth] Missing server URL or OAuth config in flow state');
|
|
return res.status(400).json({ error: 'Invalid flow state' });
|
|
}
|
|
|
|
const oauthHeaders = await getOAuthHeaders(serverName, userId);
|
|
const { authorizationUrl, flowId: oauthFlowId } = await MCPOAuthHandler.initiateOAuthFlow(
|
|
serverName,
|
|
serverUrl,
|
|
userId,
|
|
oauthHeaders,
|
|
oauthConfig,
|
|
);
|
|
|
|
logger.debug('[MCP OAuth] OAuth flow initiated', { oauthFlowId, authorizationUrl });
|
|
|
|
// Redirect user to the authorization URL
|
|
res.redirect(authorizationUrl);
|
|
} catch (error) {
|
|
logger.error('[MCP OAuth] Failed to initiate OAuth', error);
|
|
res.status(500).json({ error: 'Failed to initiate OAuth' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* OAuth callback handler
|
|
* This handles the OAuth callback after the user has authorized the application
|
|
*/
|
|
router.get('/:serverName/oauth/callback', async (req, res) => {
|
|
try {
|
|
const { serverName } = req.params;
|
|
const { code, state, error: oauthError } = req.query;
|
|
|
|
logger.debug('[MCP OAuth] Callback received', {
|
|
serverName,
|
|
code: code ? 'present' : 'missing',
|
|
state,
|
|
error: oauthError,
|
|
});
|
|
|
|
if (oauthError) {
|
|
logger.error('[MCP OAuth] OAuth error received', { error: oauthError });
|
|
return res.redirect(`/oauth/error?error=${encodeURIComponent(String(oauthError))}`);
|
|
}
|
|
|
|
if (!code || typeof code !== 'string') {
|
|
logger.error('[MCP OAuth] Missing or invalid code');
|
|
return res.redirect('/oauth/error?error=missing_code');
|
|
}
|
|
|
|
if (!state || typeof state !== 'string') {
|
|
logger.error('[MCP OAuth] Missing or invalid state');
|
|
return res.redirect('/oauth/error?error=missing_state');
|
|
}
|
|
|
|
const flowId = state;
|
|
logger.debug('[MCP OAuth] Using flow ID from state', { flowId });
|
|
|
|
const flowsCache = getLogStores(CacheKeys.FLOWS);
|
|
const flowManager = getFlowStateManager(flowsCache);
|
|
|
|
logger.debug('[MCP OAuth] Getting flow state for flowId: ' + flowId);
|
|
const flowState = await MCPOAuthHandler.getFlowState(flowId, flowManager);
|
|
|
|
if (!flowState) {
|
|
logger.error('[MCP OAuth] Flow state not found for flowId:', flowId);
|
|
return res.redirect('/oauth/error?error=invalid_state');
|
|
}
|
|
|
|
logger.debug('[MCP OAuth] Flow state details', {
|
|
serverName: flowState.serverName,
|
|
userId: flowState.userId,
|
|
hasMetadata: !!flowState.metadata,
|
|
hasClientInfo: !!flowState.clientInfo,
|
|
hasCodeVerifier: !!flowState.codeVerifier,
|
|
});
|
|
|
|
/** Check if this flow has already been completed (idempotency protection) */
|
|
const currentFlowState = await flowManager.getFlowState(flowId, 'mcp_oauth');
|
|
if (currentFlowState?.status === 'COMPLETED') {
|
|
logger.warn('[MCP OAuth] Flow already completed, preventing duplicate token exchange', {
|
|
flowId,
|
|
serverName,
|
|
});
|
|
return res.redirect(`/oauth/success?serverName=${encodeURIComponent(serverName)}`);
|
|
}
|
|
|
|
logger.debug('[MCP OAuth] Completing OAuth flow');
|
|
const oauthHeaders = await getOAuthHeaders(serverName, flowState.userId);
|
|
const tokens = await MCPOAuthHandler.completeOAuthFlow(flowId, code, flowManager, oauthHeaders);
|
|
logger.info('[MCP OAuth] OAuth flow completed, tokens received in callback route');
|
|
|
|
/** Persist tokens immediately so reconnection uses fresh credentials */
|
|
if (flowState?.userId && tokens) {
|
|
try {
|
|
await MCPTokenStorage.storeTokens({
|
|
userId: flowState.userId,
|
|
serverName,
|
|
tokens,
|
|
createToken,
|
|
updateToken,
|
|
findToken,
|
|
clientInfo: flowState.clientInfo,
|
|
metadata: flowState.metadata,
|
|
});
|
|
logger.debug('[MCP OAuth] Stored OAuth tokens prior to reconnection', {
|
|
serverName,
|
|
userId: flowState.userId,
|
|
});
|
|
} catch (error) {
|
|
logger.error('[MCP OAuth] Failed to store OAuth tokens after callback', error);
|
|
throw error;
|
|
}
|
|
|
|
/**
|
|
* Clear any cached `mcp_get_tokens` flow result so subsequent lookups
|
|
* re-fetch the freshly stored credentials instead of returning stale nulls.
|
|
*/
|
|
if (typeof flowManager?.deleteFlow === 'function') {
|
|
try {
|
|
await flowManager.deleteFlow(flowId, 'mcp_get_tokens');
|
|
} catch (error) {
|
|
logger.warn('[MCP OAuth] Failed to clear cached token flow state', error);
|
|
}
|
|
}
|
|
}
|
|
|
|
try {
|
|
const mcpManager = getMCPManager(flowState.userId);
|
|
logger.debug(`[MCP OAuth] Attempting to reconnect ${serverName} with new OAuth tokens`);
|
|
|
|
if (flowState.userId !== 'system') {
|
|
const user = { id: flowState.userId };
|
|
|
|
const userConnection = await mcpManager.getUserConnection({
|
|
user,
|
|
serverName,
|
|
flowManager,
|
|
tokenMethods: {
|
|
findToken,
|
|
updateToken,
|
|
createToken,
|
|
deleteTokens,
|
|
},
|
|
});
|
|
|
|
logger.info(
|
|
`[MCP OAuth] Successfully reconnected ${serverName} for user ${flowState.userId}`,
|
|
);
|
|
|
|
// clear any reconnection attempts
|
|
const oauthReconnectionManager = getOAuthReconnectionManager();
|
|
oauthReconnectionManager.clearReconnection(flowState.userId, serverName);
|
|
|
|
const tools = await userConnection.fetchTools();
|
|
await updateMCPServerTools({
|
|
userId: flowState.userId,
|
|
serverName,
|
|
tools,
|
|
});
|
|
} else {
|
|
logger.debug(`[MCP OAuth] System-level OAuth completed for ${serverName}`);
|
|
}
|
|
} catch (error) {
|
|
logger.warn(
|
|
`[MCP OAuth] Failed to reconnect ${serverName} after OAuth, but tokens are saved:`,
|
|
error,
|
|
);
|
|
}
|
|
|
|
/** ID of the flow that the tool/connection is waiting for */
|
|
const toolFlowId = flowState.metadata?.toolFlowId;
|
|
if (toolFlowId) {
|
|
logger.debug('[MCP OAuth] Completing tool flow', { toolFlowId });
|
|
await flowManager.completeFlow(toolFlowId, 'mcp_oauth', tokens);
|
|
}
|
|
|
|
/** Redirect to success page with flowId and serverName */
|
|
const redirectUrl = `/oauth/success?serverName=${encodeURIComponent(serverName)}`;
|
|
res.redirect(redirectUrl);
|
|
} catch (error) {
|
|
logger.error('[MCP OAuth] OAuth callback error', error);
|
|
res.redirect('/oauth/error?error=callback_failed');
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Get OAuth tokens for a completed flow
|
|
* This is primarily for user-level OAuth flows
|
|
*/
|
|
router.get('/oauth/tokens/:flowId', requireJwtAuth, async (req, res) => {
|
|
try {
|
|
const { flowId } = req.params;
|
|
const user = req.user;
|
|
|
|
if (!user?.id) {
|
|
return res.status(401).json({ error: 'User not authenticated' });
|
|
}
|
|
|
|
if (!flowId.startsWith(`${user.id}:`) && !flowId.startsWith('system:')) {
|
|
return res.status(403).json({ error: 'Access denied' });
|
|
}
|
|
|
|
const flowsCache = getLogStores(CacheKeys.FLOWS);
|
|
const flowManager = getFlowStateManager(flowsCache);
|
|
|
|
const flowState = await flowManager.getFlowState(flowId, 'mcp_oauth');
|
|
if (!flowState) {
|
|
return res.status(404).json({ error: 'Flow not found' });
|
|
}
|
|
|
|
if (flowState.status !== 'COMPLETED') {
|
|
return res.status(400).json({ error: 'Flow not completed' });
|
|
}
|
|
|
|
res.json({ tokens: flowState.result });
|
|
} catch (error) {
|
|
logger.error('[MCP OAuth] Failed to get tokens', error);
|
|
res.status(500).json({ error: 'Failed to get tokens' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Check OAuth flow status
|
|
* This endpoint can be used to poll the status of an OAuth flow
|
|
*/
|
|
router.get('/oauth/status/:flowId', async (req, res) => {
|
|
try {
|
|
const { flowId } = req.params;
|
|
const flowsCache = getLogStores(CacheKeys.FLOWS);
|
|
const flowManager = getFlowStateManager(flowsCache);
|
|
|
|
const flowState = await flowManager.getFlowState(flowId, 'mcp_oauth');
|
|
if (!flowState) {
|
|
return res.status(404).json({ error: 'Flow not found' });
|
|
}
|
|
|
|
res.json({
|
|
status: flowState.status,
|
|
completed: flowState.status === 'COMPLETED',
|
|
failed: flowState.status === 'FAILED',
|
|
error: flowState.error,
|
|
});
|
|
} catch (error) {
|
|
logger.error('[MCP OAuth] Failed to get flow status', error);
|
|
res.status(500).json({ error: 'Failed to get flow status' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Cancel OAuth flow
|
|
* This endpoint cancels a pending OAuth flow
|
|
*/
|
|
router.post('/oauth/cancel/:serverName', requireJwtAuth, async (req, res) => {
|
|
try {
|
|
const { serverName } = req.params;
|
|
const user = req.user;
|
|
|
|
if (!user?.id) {
|
|
return res.status(401).json({ error: 'User not authenticated' });
|
|
}
|
|
|
|
logger.info(`[MCP OAuth Cancel] Cancelling OAuth flow for ${serverName} by user ${user.id}`);
|
|
|
|
const flowsCache = getLogStores(CacheKeys.FLOWS);
|
|
const flowManager = getFlowStateManager(flowsCache);
|
|
const flowId = MCPOAuthHandler.generateFlowId(user.id, serverName);
|
|
const flowState = await flowManager.getFlowState(flowId, 'mcp_oauth');
|
|
|
|
if (!flowState) {
|
|
logger.debug(`[MCP OAuth Cancel] No active flow found for ${serverName}`);
|
|
return res.json({
|
|
success: true,
|
|
message: 'No active OAuth flow to cancel',
|
|
});
|
|
}
|
|
|
|
await flowManager.failFlow(flowId, 'mcp_oauth', 'User cancelled OAuth flow');
|
|
|
|
logger.info(`[MCP OAuth Cancel] Successfully cancelled OAuth flow for ${serverName}`);
|
|
|
|
res.json({
|
|
success: true,
|
|
message: `OAuth flow for ${serverName} cancelled successfully`,
|
|
});
|
|
} catch (error) {
|
|
logger.error('[MCP OAuth Cancel] Failed to cancel OAuth flow', error);
|
|
res.status(500).json({ error: 'Failed to cancel OAuth flow' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Reinitialize MCP server
|
|
* This endpoint allows reinitializing a specific MCP server
|
|
*/
|
|
router.post('/:serverName/reinitialize', requireJwtAuth, async (req, res) => {
|
|
try {
|
|
const { serverName } = req.params;
|
|
const user = createSafeUser(req.user);
|
|
|
|
if (!user.id) {
|
|
return res.status(401).json({ error: 'User not authenticated' });
|
|
}
|
|
|
|
logger.info(`[MCP Reinitialize] Reinitializing server: ${serverName}`);
|
|
|
|
const mcpManager = getMCPManager();
|
|
const serverConfig = await mcpServersRegistry.getServerConfig(serverName, user.id);
|
|
if (!serverConfig) {
|
|
return res.status(404).json({
|
|
error: `MCP server '${serverName}' not found in configuration`,
|
|
});
|
|
}
|
|
|
|
await mcpManager.disconnectUserConnection(user.id, serverName);
|
|
logger.info(
|
|
`[MCP Reinitialize] Disconnected existing user connection for server: ${serverName}`,
|
|
);
|
|
|
|
/** @type {Record<string, Record<string, string>> | undefined} */
|
|
let userMCPAuthMap;
|
|
if (serverConfig.customUserVars && typeof serverConfig.customUserVars === 'object') {
|
|
userMCPAuthMap = await getUserMCPAuthMap({
|
|
userId: user.id,
|
|
servers: [serverName],
|
|
findPluginAuthsByKeys,
|
|
});
|
|
}
|
|
|
|
const result = await reinitMCPServer({
|
|
user,
|
|
serverName,
|
|
userMCPAuthMap,
|
|
});
|
|
|
|
if (!result) {
|
|
return res.status(500).json({ error: 'Failed to reinitialize MCP server for user' });
|
|
}
|
|
|
|
const { success, message, oauthRequired, oauthUrl } = result;
|
|
|
|
res.json({
|
|
success,
|
|
message,
|
|
oauthUrl,
|
|
serverName,
|
|
oauthRequired,
|
|
});
|
|
} catch (error) {
|
|
logger.error('[MCP Reinitialize] Unexpected error', error);
|
|
res.status(500).json({ error: 'Internal server error' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Get connection status for all MCP servers
|
|
* This endpoint returns all app level and user-scoped connection statuses from MCPManager without disconnecting idle connections
|
|
*/
|
|
router.get('/connection/status', requireJwtAuth, async (req, res) => {
|
|
try {
|
|
const user = req.user;
|
|
|
|
if (!user?.id) {
|
|
return res.status(401).json({ error: 'User not authenticated' });
|
|
}
|
|
|
|
const { mcpConfig, appConnections, userConnections, oauthServers } = await getMCPSetupData(
|
|
user.id,
|
|
);
|
|
const connectionStatus = {};
|
|
|
|
for (const [serverName, config] of Object.entries(mcpConfig)) {
|
|
try {
|
|
connectionStatus[serverName] = await getServerConnectionStatus(
|
|
user.id,
|
|
serverName,
|
|
config,
|
|
appConnections,
|
|
userConnections,
|
|
oauthServers,
|
|
);
|
|
} catch (error) {
|
|
const message = `Failed to get status for server "${serverName}"`;
|
|
logger.error(`[MCP Connection Status] ${message},`, error);
|
|
connectionStatus[serverName] = {
|
|
connectionState: 'error',
|
|
requiresOAuth: oauthServers.has(serverName),
|
|
error: message,
|
|
};
|
|
}
|
|
}
|
|
|
|
res.json({
|
|
success: true,
|
|
connectionStatus,
|
|
});
|
|
} catch (error) {
|
|
if (error.message === 'MCP config not found') {
|
|
return res.status(404).json({ error: error.message });
|
|
}
|
|
logger.error('[MCP Connection Status] Failed to get connection status', error);
|
|
res.status(500).json({ error: 'Failed to get connection status' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Get connection status for a single MCP server
|
|
* This endpoint returns the connection status for a specific server for a given user
|
|
*/
|
|
router.get('/connection/status/:serverName', requireJwtAuth, async (req, res) => {
|
|
try {
|
|
const user = req.user;
|
|
const { serverName } = req.params;
|
|
|
|
if (!user?.id) {
|
|
return res.status(401).json({ error: 'User not authenticated' });
|
|
}
|
|
|
|
const { mcpConfig, appConnections, userConnections, oauthServers } = await getMCPSetupData(
|
|
user.id,
|
|
);
|
|
|
|
if (!mcpConfig[serverName]) {
|
|
return res
|
|
.status(404)
|
|
.json({ error: `MCP server '${serverName}' not found in configuration` });
|
|
}
|
|
|
|
const serverStatus = await getServerConnectionStatus(
|
|
user.id,
|
|
serverName,
|
|
mcpConfig[serverName],
|
|
appConnections,
|
|
userConnections,
|
|
oauthServers,
|
|
);
|
|
|
|
res.json({
|
|
success: true,
|
|
serverName,
|
|
connectionStatus: serverStatus.connectionState,
|
|
requiresOAuth: serverStatus.requiresOAuth,
|
|
});
|
|
} catch (error) {
|
|
if (error.message === 'MCP config not found') {
|
|
return res.status(404).json({ error: error.message });
|
|
}
|
|
logger.error(
|
|
`[MCP Per-Server Status] Failed to get connection status for ${req.params.serverName}`,
|
|
error,
|
|
);
|
|
res.status(500).json({ error: 'Failed to get connection status' });
|
|
}
|
|
});
|
|
|
|
/**
|
|
* Check which authentication values exist for a specific MCP server
|
|
* This endpoint returns only boolean flags indicating if values are set, not the actual values
|
|
*/
|
|
router.get('/:serverName/auth-values', requireJwtAuth, async (req, res) => {
|
|
try {
|
|
const { serverName } = req.params;
|
|
const user = req.user;
|
|
|
|
if (!user?.id) {
|
|
return res.status(401).json({ error: 'User not authenticated' });
|
|
}
|
|
|
|
const serverConfig = await mcpServersRegistry.getServerConfig(serverName, user.id);
|
|
if (!serverConfig) {
|
|
return res.status(404).json({
|
|
error: `MCP server '${serverName}' not found in configuration`,
|
|
});
|
|
}
|
|
|
|
const pluginKey = `${Constants.mcp_prefix}${serverName}`;
|
|
const authValueFlags = {};
|
|
|
|
if (serverConfig.customUserVars && typeof serverConfig.customUserVars === 'object') {
|
|
for (const varName of Object.keys(serverConfig.customUserVars)) {
|
|
try {
|
|
const value = await getUserPluginAuthValue(user.id, varName, false, pluginKey);
|
|
authValueFlags[varName] = !!(value && value.length > 0);
|
|
} catch (err) {
|
|
logger.error(
|
|
`[MCP Auth Value Flags] Error checking ${varName} for user ${user.id}:`,
|
|
err,
|
|
);
|
|
authValueFlags[varName] = false;
|
|
}
|
|
}
|
|
}
|
|
|
|
res.json({
|
|
success: true,
|
|
serverName,
|
|
authValueFlags,
|
|
});
|
|
} catch (error) {
|
|
logger.error(
|
|
`[MCP Auth Value Flags] Failed to check auth value flags for ${req.params.serverName}`,
|
|
error,
|
|
);
|
|
res.status(500).json({ error: 'Failed to check auth value flags' });
|
|
}
|
|
});
|
|
|
|
async function getOAuthHeaders(serverName, userId) {
|
|
const serverConfig = await mcpServersRegistry.getServerConfig(serverName, userId);
|
|
return serverConfig?.oauth_headers ?? {};
|
|
}
|
|
/**
|
|
* Get list of accessible MCP servers
|
|
* @route GET /api/mcp/servers
|
|
* @returns {MCPServersListResponse} 200 - Success response - application/json
|
|
*/
|
|
router.get('/servers', requireJwtAuth, getMCPServersList);
|
|
|
|
module.exports = router;
|