mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-06-29 15:31:05 +08:00
b8db200757
## Summary Ports the MCP (Model Context Protocol) server management endpoints that power `web/src/pages/user-setting/mcp/` from Python (`api/apps/restful_apis/mcp_api.py`) to Go. There were no MCP routes in the Go server before this change. Closes #15275 (subtask of #15240). ## Endpoints implemented (base path `/api/v1`) | Method | Path | Description | |--------|------|-------------| | GET | `/mcp/servers` | List tenant servers (keyword / order / pagination) | | POST | `/mcp/servers` | Create a server | | GET | `/mcp/servers/{mcp_id}` | Get one (`?mode=download` exports config) | | PUT | `/mcp/servers/{mcp_id}` | Update a server | | DELETE | `/mcp/servers/{mcp_id}` | Delete a server | | POST | `/mcp/import` | Bulk import from JSON config | | POST | `/mcp/servers/{mcp_id}/test` | Connect + list tools (see notes) | ## Implementation Follows the existing `handler → service → dao` layering (per PR #14790): - **entity** (`internal/entity/mcp.go`): added `MCPServerType` constants and `IsValidMCPServerType` over the existing `MCPServer` model. - **dao** (`internal/dao/mcp.go`): new `MCPServerDAO` with tenant-scoped CRUD, a keyword filter, and a **whitelisted order-column map** (guards against SQL injection via the caller-supplied `orderby`). - **service** (`internal/service/mcp.go`): new `MCPService` — list/get/export/create/update/delete/import/test — mirroring `MCPServerService` and the `mcp_api` request validation, with sentinel errors for clean code mapping. - **handler** (`internal/handler/mcp.go`): new `MCPHandler` with the seven handlers and Python-compatible response codes. - **router / server_main**: registered the `/mcp` group and wired the handler. ## Deviations from Python (documented in code) 1. **Bulk import is at `POST /mcp/import`, not `/mcp/servers/import`.** gin (v1.9.1) cannot register a static segment and a path param at the same tree node, so `/mcp/servers/import` would collide with `/mcp/servers/:mcp_id` and panic at startup. The frontend should call `/mcp/import`. 2. **No live tool discovery on create/update/import.** The Python path runs `get_mcp_tools` over SSE / streamable-HTTP and stores `variables.tools`. The Go server has no MCP client yet, so these persist `variables`/`headers` but leave `variables.tools` unpopulated. 3. **`/test` returns a data error (`ErrMCPTestUnsupported`)** until a Go MCP client lands. Per the issue, the live-connection path is scoped as a follow-up; the handler still validates `url` + `server_type`. ## Testing - Added `internal/service/mcp_test.go` covering `IsValidMCPServerType` and the `TestServer` validation/short-circuit paths (no DB required). - No Go toolchain was available in the dev environment, so `go build ./...` / `go vet ./...` verification is left to CI. ## Follow-ups - Go MCP client (SSE / streamable-HTTP) to enable live tool discovery and the real `/test` behavior. - Reconcile the `/mcp/import` vs `/mcp/servers/import` path with the frontend. ---------
157 lines
3.9 KiB
Go
157 lines
3.9 KiB
Go
//
|
|
// Copyright 2026 The InfiniFlow Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
|
|
package utility
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestAssertURLSafe(t *testing.T) {
|
|
orig := LookupHost
|
|
defer func() { LookupHost = orig }()
|
|
|
|
type want struct {
|
|
errSubstr string
|
|
host string
|
|
ip string
|
|
}
|
|
cases := []struct {
|
|
name string
|
|
url string
|
|
ips []string
|
|
err string
|
|
want want
|
|
}{
|
|
{
|
|
name: "public IPv4",
|
|
url: "https://example.com/path",
|
|
ips: []string{"93.184.216.34"},
|
|
want: want{host: "example.com", ip: "93.184.216.34"},
|
|
},
|
|
{
|
|
name: "loopback rejected",
|
|
url: "http://localhost/x",
|
|
ips: []string{"127.0.0.1"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
{
|
|
name: "private 10.x rejected",
|
|
url: "http://internal/x",
|
|
ips: []string{"10.0.0.5"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
{
|
|
name: "private 192.168.x rejected",
|
|
url: "http://router/x",
|
|
ips: []string{"192.168.1.1"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
{
|
|
name: "CGNAT 100.64/10 rejected",
|
|
url: "http://carrier/x",
|
|
ips: []string{"100.64.1.1"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
{
|
|
name: "IPv4-mapped IPv6 loopback rejected",
|
|
url: "http://[::ffff:127.0.0.1]/x",
|
|
ips: []string{"::ffff:127.0.0.1"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
{
|
|
name: "link-local IPv6 rejected",
|
|
url: "http://[fe80::1]/x",
|
|
ips: []string{"fe80::1"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
{
|
|
name: "documentation 2001:db8 rejected",
|
|
url: "http://[2001:db8::1]/x",
|
|
ips: []string{"2001:db8::1"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
{
|
|
name: "disallowed scheme ftp",
|
|
url: "ftp://example.com/",
|
|
ips: []string{"93.184.216.34"},
|
|
want: want{errSubstr: "Disallowed URL scheme"},
|
|
},
|
|
{
|
|
name: "missing host",
|
|
url: "http:///path",
|
|
want: want{errSubstr: "missing a host"},
|
|
},
|
|
{
|
|
name: "resolution fails",
|
|
url: "http://nosuchhost.test/x",
|
|
err: "no such host",
|
|
want: want{errSubstr: "Could not resolve"},
|
|
},
|
|
{
|
|
name: "all addresses must be public",
|
|
url: "http://mixed.example.com/",
|
|
ips: []string{"93.184.216.34", "127.0.0.1"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
{
|
|
name: "literal IPv4 loopback rejected",
|
|
url: "http://127.0.0.1/",
|
|
ips: []string{"127.0.0.1"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
{
|
|
name: "documentation TEST-NET-3 rejected",
|
|
url: "http://stub/",
|
|
ips: []string{"203.0.113.5"},
|
|
want: want{errSubstr: "non-public address"},
|
|
},
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
tc := tc
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
LookupHost = func(host string) ([]string, error) {
|
|
if tc.err != "" {
|
|
return nil, &mockErr{tc.err}
|
|
}
|
|
return tc.ips, nil
|
|
}
|
|
host, ip, err := AssertURLSafe(tc.url)
|
|
if tc.want.errSubstr != "" {
|
|
if err == nil || !strings.Contains(err.Error(), tc.want.errSubstr) {
|
|
t.Fatalf("expected error containing %q, got %v", tc.want.errSubstr, err)
|
|
}
|
|
return
|
|
}
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if host != tc.want.host {
|
|
t.Errorf("host: got %q, want %q", host, tc.want.host)
|
|
}
|
|
if ip != tc.want.ip {
|
|
t.Errorf("ip: got %q, want %q", ip, tc.want.ip)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
type mockErr struct{ s string }
|
|
|
|
func (e *mockErr) Error() string { return e.s }
|