UNPKG

obsidian-mcp-server

Version:

Model Context Protocol (MCP) server designed for LLMs to interact with Obsidian vaults. Provides secure, token-aware tools for seamless knowledge base management through a standardized interface.

github.com/cyanheads/obsidian-mcp-server

cyanheads/obsidian-mcp-server

95 lines (83 loc) 3.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/** * Validation utilities for the Obsidian MCP Server */ /** * Validates a file path to prevent path traversal attacks and other security issues * @param filepath The path to validate * @throws Error if the path is invalid */ export function validateFilePath(filepath: string): void { // Prevent path traversal attacks const normalizedPath = filepath.replace(/\\/g, '/'); if (normalizedPath.includes('../') || normalizedPath.includes('..\\')) { throw new Error('Invalid file path: Path traversal not allowed'); } // Additional path validations if (normalizedPath.startsWith('/') || /^[a-zA-Z]:/.test(normalizedPath)) { throw new Error('Invalid file path: Absolute paths not allowed'); } } /** * Sanitizes a header value to prevent header injection attacks * @param value The header value to sanitize * @returns The sanitized header value */ export function sanitizeHeader(value: string): string { // Remove any potentially harmful characters from header values return value.replace(/[^\w\s\-\._~:/?#\[\]@!$&'()*+,;=]/g, ''); } /** * Validates tool arguments against a JSON schema * @param args The arguments to validate * @param schema The JSON schema to validate against * @returns Validation result with errors if any */ export function validateToolArguments(args: unknown, schema: any): { valid: boolean; errors: string[] } { if (typeof args !== 'object' || args === null) { return { valid: false, errors: ['Arguments must be an object'] }; } const errors: string[] = []; const required = schema.required || []; // Check required fields for (const field of required) { if (!(field in (args as Record<string, unknown>))) { errors.push(`Missing required field: ${field}`); } } // Check field types const properties = schema.properties || {}; for (const [key, value] of Object.entries(args as Record<string, unknown>)) { const propSchema = properties[key]; if (!propSchema) { errors.push(`Unknown field: ${key}`); continue; } // Skip validation for undefined optional fields if (value === undefined && !required.includes(key)) { continue; } // Type validation if (propSchema.type === 'string' && typeof value !== 'string') { errors.push(`Field ${key} must be a string`); } else if (propSchema.type === 'number' && typeof value !== 'number') { errors.push(`Field ${key} must be a number`); } else if (propSchema.type === 'boolean' && typeof value !== 'boolean') { errors.push(`Field ${key} must be a boolean`); } else if (propSchema.type === 'array' && !Array.isArray(value)) { errors.push(`Field ${key} must be an array`); } // Enum validation if (propSchema.enum && value !== undefined && !propSchema.enum.includes(value)) { errors.push(`Field ${key} must be one of: ${propSchema.enum.join(', ')}`); } // Format validation for paths if (propSchema.format === 'path' && typeof value === 'string') { try { validateFilePath(value); } catch (error) { errors.push(`Field ${key}: ${(error as Error).message}`); } } } return { valid: errors.length === 0, errors }; }