Bill/obsidian-mcp-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Release v1.2.0: Enhanced Authentication & Parent Folder Detection

Browse Source 
Phase 1.5 Complete:
- Add automatic API key generation with secure random generation
- Add createParents parameter to create_note tool
- Fix authentication vulnerability (auth enabled without key)
- Add MCP client configuration snippet generator
- Improve UI/UX for authentication management
- Add comprehensive test coverage

Security:
- Fixed critical vulnerability in authentication middleware
- Implement three-layer defense (UI, server start, middleware)
- Cryptographically secure key generation (32 chars)

Features:
- Auto-generate API key when authentication enabled
- Copy/regenerate buttons for API key management
- Recursive parent folder creation for nested paths
- Enhanced error messages with actionable guidance
- Selectable connection information and config snippets

Documentation:
- Updated CHANGELOG.md with v1.2.0 release notes
- Updated ROADMAP.md (Phase 1.5 marked complete)
- Created IMPLEMENTATION_NOTES_AUTH.md
- Created RELEASE_NOTES_v1.2.0.md
This commit is contained in:
Bill Ballou
2025-10-16 22:11:33 -04:00
parent 7524271eaa
commit d074470d11
15 changed files with 823 additions and 375 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/utils/auth-utils.ts Normal file
View File

@@ -0,0 +1,40 @@
/**
* Utility functions for authentication and API key management
*/
/**
* Generates a cryptographically secure random API key
* @param length Length of the API key (default: 32 characters)
* @returns A random API key string
*/
export function generateApiKey(length: number = 32): string {
const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
const values = new Uint8Array(length);
// Use crypto.getRandomValues for cryptographically secure random numbers
crypto.getRandomValues(values);
let result = '';
for (let i = 0; i < length; i++) {
result += charset[values[i] % charset.length];
}
return result;
}
/**
* Validates API key strength
* @param apiKey The API key to validate
* @returns Object with isValid flag and optional error message
*/
export function validateApiKey(apiKey: string): { isValid: boolean; error?: string } {
if (!apiKey || apiKey.trim() === '') {
return { isValid: false, error: 'API key cannot be empty' };
}
if (apiKey.length < 16) {
return { isValid: false, error: 'API key must be at least 16 characters long' };
}
return { isValid: true };
}