nextcloud-mcp-server

brandon/nextcloud-mcp-server

Fork 0

Commit Graph

Author	SHA1	Message	Date
Chris Coutinho	44391d3d1d	fix: address critical code review issues (4 fixes) This commit addresses 4 critical issues identified in code review: 1. Token Rotation Race Condition (token_broker.py) - Added per-user locking mechanism to prevent concurrent refresh token corruption - Implemented double-check pattern for cache after acquiring lock - Users can now safely refresh concurrently without token desync 2. Hardcoded OAuth Client ID (PHP files) - Made client ID configurable via `astroglobe_client_id` in system config - Updated McpServerClient to provide getClientId() method - Injected McpServerClient into IdpTokenRefresher and OAuthController - Updated admin settings UI to display client ID configuration status - App gracefully handles missing client ID with warnings in admin UI 3. Missing Cache Invalidation (management.py:revoke_user_access) - Added cache.invalidate() call when revoking user access - Ensures both storage AND cache are cleared atomically - Prevents stale cached tokens from being used after revocation 4. Error Message Exposure (management.py) - Created _sanitize_error_for_client() helper function - Updated all error handlers to log detailed errors internally - Returns generic messages to clients to prevent information leakage - Protects against exposing database paths, API URLs, tokens, etc. All changes are backward compatible and preserve existing functionality. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2025-12-18 00:01:54 +01:00
Chris Coutinho	dfc81923ba	fix: resolve CI linting issues for Astroglobe Fix all ESLint, Stylelint, PHP CS Fixer, and Psalm workflow errors. Changes: - ESLint fixes: - Remove unused APP_NAME constant - Remove unused TextBoxOutline and TextBoxRemoveOutline components - Remove unused container variable in adminSettings.js - Auto-fix trailing commas, line breaks, attribute ordering - PHP CS Fixer: - Add trailing commas after last function parameters - Convert double quotes to single quotes in log messages - Remove unused NoCSRFRequired import - Fix arrow function formatting - Stylelint: - Update config to use @nextcloud/stylelint-config - Fix extends directive (was using non-existent package) - Psalm workflow: - Fix jq object indexing (.include[0] instead of .[0]) - Correctly extract OCP version from matrix output All checks now pass locally. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2025-12-18 00:01:54 +01:00
Chris Coutinho	0f7e87a91c	feat(astrolabe): add OAuth token refresh and webhook presets Implement automatic token refresh and pre-configured webhook bundles to simplify vector sync configuration. Changes: - Add IdpTokenRefresher service for automatic OAuth token renewal - Works with both Nextcloud OIDC and external IdPs (Keycloak) - Uses OIDC discovery for automatic endpoint detection - Supports confidential clients with client_secret - Add WebhookPresets service with pre-configured bundles: - Notes sync (file created/written/deleted in Notes folder) - Calendar sync (calendar object created/updated/deleted) - Tables sync (row added/updated/deleted, Nextcloud 30+) - Forms sync (form submitted, Nextcloud 30+) - Update ApiController to use automatic token refresh - Pass refresh callback to McpTokenStorage - Add getWebhookPresets endpoint (admin-only) - Add configureWebhooks endpoint for bulk setup - Update OAuthController for webhook management - Add new API routes for webhook configuration Benefits: - Eliminates manual token refresh - Simplifies webhook setup with one-click presets - Provides app-aware filtering (only shows presets for installed apps) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2025-12-18 00:01:35 +01:00

Author

SHA1

Message

Date

Chris Coutinho

44391d3d1d

fix: address critical code review issues (4 fixes)

This commit addresses 4 critical issues identified in code review:

1. **Token Rotation Race Condition** (token_broker.py)
   - Added per-user locking mechanism to prevent concurrent refresh token corruption
   - Implemented double-check pattern for cache after acquiring lock
   - Users can now safely refresh concurrently without token desync

2. **Hardcoded OAuth Client ID** (PHP files)
   - Made client ID configurable via `astroglobe_client_id` in system config
   - Updated McpServerClient to provide getClientId() method
   - Injected McpServerClient into IdpTokenRefresher and OAuthController
   - Updated admin settings UI to display client ID configuration status
   - App gracefully handles missing client ID with warnings in admin UI

3. **Missing Cache Invalidation** (management.py:revoke_user_access)
   - Added cache.invalidate() call when revoking user access
   - Ensures both storage AND cache are cleared atomically
   - Prevents stale cached tokens from being used after revocation

4. **Error Message Exposure** (management.py)
   - Created _sanitize_error_for_client() helper function
   - Updated all error handlers to log detailed errors internally
   - Returns generic messages to clients to prevent information leakage
   - Protects against exposing database paths, API URLs, tokens, etc.

All changes are backward compatible and preserve existing functionality.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2025-12-18 00:01:54 +01:00

Chris Coutinho

dfc81923ba

fix: resolve CI linting issues for Astroglobe

Fix all ESLint, Stylelint, PHP CS Fixer, and Psalm workflow errors.

Changes:
- ESLint fixes:
  - Remove unused APP_NAME constant
  - Remove unused TextBoxOutline and TextBoxRemoveOutline components
  - Remove unused container variable in adminSettings.js
  - Auto-fix trailing commas, line breaks, attribute ordering
- PHP CS Fixer:
  - Add trailing commas after last function parameters
  - Convert double quotes to single quotes in log messages
  - Remove unused NoCSRFRequired import
  - Fix arrow function formatting
- Stylelint:
  - Update config to use @nextcloud/stylelint-config
  - Fix extends directive (was using non-existent package)
- Psalm workflow:
  - Fix jq object indexing (.include[0] instead of .[0])
  - Correctly extract OCP version from matrix output

All checks now pass locally.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2025-12-18 00:01:54 +01:00

Chris Coutinho

0f7e87a91c

feat(astrolabe): add OAuth token refresh and webhook presets

Implement automatic token refresh and pre-configured webhook bundles
to simplify vector sync configuration.

Changes:
- Add IdpTokenRefresher service for automatic OAuth token renewal
  - Works with both Nextcloud OIDC and external IdPs (Keycloak)
  - Uses OIDC discovery for automatic endpoint detection
  - Supports confidential clients with client_secret
- Add WebhookPresets service with pre-configured bundles:
  - Notes sync (file created/written/deleted in Notes folder)
  - Calendar sync (calendar object created/updated/deleted)
  - Tables sync (row added/updated/deleted, Nextcloud 30+)
  - Forms sync (form submitted, Nextcloud 30+)
- Update ApiController to use automatic token refresh
  - Pass refresh callback to McpTokenStorage
  - Add getWebhookPresets endpoint (admin-only)
  - Add configureWebhooks endpoint for bulk setup
- Update OAuthController for webhook management
- Add new API routes for webhook configuration

Benefits:
- Eliminates manual token refresh
- Simplifies webhook setup with one-click presets
- Provides app-aware filtering (only shows presets for installed apps)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2025-12-18 00:01:35 +01:00

3 Commits