MySQL MCP Server

mysql-mcp
src
transports

http.ts•8.14 kB

/** * mysql-mcp - HTTP Transport * * HTTP/SSE transport with OAuth 2.0 support. */ import { createServer, type IncomingMessage, type ServerResponse } from 'node:http'; import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js'; import type { OAuthResourceServer } from '../auth/OAuthResourceServer.js'; import type { TokenValidator } from '../auth/TokenValidator.js'; import { validateAuth, formatOAuthError } from '../auth/middleware.js'; import { logger } from '../utils/logger.js'; /** * HTTP transport configuration */ export interface HttpTransportConfig { /** Port to listen on */ port: number; /** Host to bind to (default: localhost) */ host?: string; /** OAuth resource server (optional) */ resourceServer?: OAuthResourceServer; /** Token validator (optional, required if resourceServer is provided) */ tokenValidator?: TokenValidator; /** CORS allowed origins (default: none) */ corsOrigins?: string[]; } /** * HTTP Transport for MCP */ export class HttpTransport { private server: ReturnType<typeof createServer> | null = null; private readonly config: HttpTransportConfig; private transport: StreamableHTTPServerTransport | null = null; private readonly onConnect?: (transport: StreamableHTTPServerTransport) => void; constructor(config: HttpTransportConfig, onConnect?: (transport: StreamableHTTPServerTransport) => void) { this.config = { ...config, host: config.host ?? 'localhost' }; this.onConnect = onConnect; } /** * Start the HTTP server */ async start(): Promise<void> { return new Promise((resolve, reject) => { this.server = createServer((req, res) => { this.handleRequest(req, res).catch((error: unknown) => { logger.error('HTTP request handler error', { error: String(error) }); if (!res.headersSent) { res.writeHead(500); res.end(JSON.stringify({ error: 'Internal server error' })); } }); }); this.server.on('error', reject); this.server.listen(this.config.port, this.config.host, () => { logger.info(`HTTP transport listening on ${this.config.host}:${this.config.port}`); resolve(); }); }); } /** * Stop the HTTP server */ async stop(): Promise<void> { return new Promise((resolve) => { if (this.server) { this.server.close(() => { logger.info('HTTP transport stopped'); resolve(); }); } else { resolve(); } }); } /** * Handle incoming HTTP request */ private async handleRequest(req: IncomingMessage, res: ServerResponse): Promise<void> { // Set security headers for all responses this.setSecurityHeaders(res); // Set CORS headers this.setCorsHeaders(req, res); // Handle preflight if (req.method === 'OPTIONS') { res.writeHead(204); res.end(); return; } const url = new URL(req.url ?? '/', `http://${req.headers.host}`); // Handle well-known endpoints if (url.pathname === '/.well-known/oauth-protected-resource') { this.handleProtectedResourceMetadata(res); return; } // Health check if (url.pathname === '/health') { this.handleHealthCheck(res); return; } // Authenticate if OAuth is configured // Note: For SSE connection (/sse), we authenticate via query param or header if (this.config.resourceServer && this.config.tokenValidator) { try { // For regular requests await validateAuth(req.headers.authorization, { tokenValidator: this.config.tokenValidator, required: true }); } catch (error) { const { status, body } = formatOAuthError(error); res.writeHead(status, { 'Content-Type': 'application/json', 'WWW-Authenticate': 'Bearer' }); res.end(JSON.stringify(body)); return; } } // Handle MCP requests if (url.pathname === '/sse') { await this.handleSSERequest(req, res); return; } if (url.pathname === '/messages') { await this.handleMessageRequest(req, res); return; } res.writeHead(404); res.end(JSON.stringify({ error: 'Not found' })); } /** * Handle SSE connection request */ private async handleSSERequest(req: IncomingMessage, res: ServerResponse): Promise<void> { // StreamableHTTPServerTransport usage guided by type feedback and introspection const transport = new StreamableHTTPServerTransport(); this.transport = transport; await transport.start(); if (this.onConnect) { this.onConnect(transport); } // Handle the request (keeps connection open for SSE) await transport.handleRequest(req, res); } /** * Handle MCP message request */ private async handleMessageRequest(req: IncomingMessage, res: ServerResponse): Promise<void> { if (!this.transport) { res.writeHead(400); res.end(JSON.stringify({ error: 'No active connection' })); return; } await this.transport.handleRequest(req, res); } /** * Handle protected resource metadata endpoint */ private handleProtectedResourceMetadata(res: ServerResponse): void { if (!this.config.resourceServer) { res.writeHead(404); res.end(JSON.stringify({ error: 'OAuth not configured' })); return; } const metadata = this.config.resourceServer.getMetadata(); res.writeHead(200, { 'Content-Type': 'application/json' }); res.end(JSON.stringify(metadata)); } /** * Handle health check endpoint */ private handleHealthCheck(res: ServerResponse): void { res.writeHead(200, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ status: 'healthy', timestamp: new Date().toISOString() })); } /** * Set security headers for all responses */ private setSecurityHeaders(res: ServerResponse): void { // Prevent MIME type sniffing res.setHeader('X-Content-Type-Options', 'nosniff'); // Prevent clickjacking res.setHeader('X-Frame-Options', 'DENY'); // Enable XSS filtering res.setHeader('X-XSS-Protection', '1; mode=block'); // Prevent caching of API responses res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate'); // Content Security Policy - API server has no content to load res.setHeader('Content-Security-Policy', "default-src 'none'; frame-ancestors 'none'"); } /** * Set CORS headers */ private setCorsHeaders(req: IncomingMessage, res: ServerResponse): void { const origin = req.headers.origin; // Only allow configured origins if (origin && this.config.corsOrigins?.includes(origin)) { res.setHeader('Access-Control-Allow-Origin', origin); res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS'); res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); res.setHeader('Access-Control-Max-Age', '86400'); } } } /** * Create an HTTP transport instance */ export function createHttpTransport(config: HttpTransportConfig, onConnect?: (transport: StreamableHTTPServerTransport) => void): HttpTransport { return new HttpTransport(config, onConnect); }

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/neverinfamous/mysql-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

http.ts•8.14 kB