UNPKG

github-repos-manager-mcp

Version:

Model Context Protocol (MCP) server that enables your MCP client (e.g., Claude Desktop, Cline, Roo Code, Cursor, Windsurf, etc.) to interact with GitHub repositories using your GitHub personal access token.

55 lines (48 loc) 2.01 kB
const crypto = require("crypto"); /** * Validates a GitHub webhook signature. * @param {string} secret - The webhook secret configured in GitHub. * @param {string} payloadBody - The raw request body string. * @param {string} signatureHeader - The value of the 'X-Hub-Signature-256' header. * @returns {boolean} - True if the signature is valid, false otherwise. */ function isValidWebhookSignature(secret, payloadBody, signatureHeader) { if (!secret || !payloadBody || !signatureHeader) { console.error("Webhook signature validation missing required parameters."); return false; } const signature = signatureHeader.startsWith("sha256=") ? signatureHeader.substring(7) : signatureHeader; const hmac = crypto.createHmac("sha256", secret); hmac.update(payloadBody, "utf-8"); const expectedSignature = hmac.digest("hex"); return crypto.timingSafeEqual( Buffer.from(signature, "hex"), Buffer.from(expectedSignature, "hex") ); } /** * Placeholder for permission checking logic. * This would need to be expanded based on specific permission requirements * for different tools and user roles/contexts if the MCP server itself * needs to enforce permissions beyond what the GitHub token provides. * * @param {object} userContext - Information about the user/caller. * @param {string} toolName - The name of the tool being called. * @param {object} args - The arguments for the tool. * @param {object} defaultRepo - The default repository context. * @returns {Promise<boolean>} - True if permission is granted, false otherwise. */ async function checkPermissions(userContext, toolName, args, defaultRepo) { // TODO: Implement actual permission checking logic. // For now, assume permission is granted if the GitHub token is valid for the operation. console.warn( `Permission check for tool '${toolName}' is a placeholder and currently always returns true.` ); return true; } module.exports = { isValidWebhookSignature, checkPermissions, };