release(secrets-mcp): 0.5.3 — 审计日志分页与 Web；CONTRIBUTING；文档与模板修正

2026-04-05 10:45:33 +08:00
parent dd24f7cc44
commit 1860cce86c
12 changed files with 405 additions and 59 deletions
--- a/crates/secrets-mcp/src/main.rs
+++ b/crates/secrets-mcp/src/main.rs
@@ -165,30 +165,7 @@ async fn main() -> Result<()> {
        Some("prod" | "production")
    );

-    let cors = if is_production {
-        // Only use the origin part (scheme://host:port) of BASE_URL for CORS.
-        // Browsers send Origin without path, so including a path would cause mismatches.
-        let allowed_origin = if let Ok(parsed) = base_url.parse::<url::Url>() {
-            let origin = parsed.origin().ascii_serialization();
-            origin
-                .parse::<axum::http::HeaderValue>()
-                .unwrap_or_else(|_| panic!("invalid BASE_URL origin: {}", origin))
-        } else {
-            base_url
-                .parse::<axum::http::HeaderValue>()
-                .unwrap_or_else(|_| panic!("invalid BASE_URL: {}", base_url))
-        };
-        CorsLayer::new()
-            .allow_origin(allowed_origin)
-            .allow_methods(Any)
-            .allow_headers(Any)
-            .allow_credentials(true)
-    } else {
-        CorsLayer::new()
-            .allow_origin(Any)
-            .allow_methods(Any)
-            .allow_headers(Any)
-    };
+    let cors = build_cors_layer(&base_url, is_production);

    // Rate limiting
    let rate_limit_state = rate_limit::RateLimitState::new();
@@ -257,3 +234,86 @@ async fn shutdown_signal() {

    tracing::info!("Shutting down gracefully...");
 }
+
+/// Production CORS allowed headers.
+///
+/// When adding a new custom header to the MCP or Web API, this list must be
+/// updated accordingly — otherwise browsers will block the request during
+/// the CORS preflight check.
+fn production_allowed_headers() -> [axum::http::HeaderName; 5] {
+    [
+        axum::http::header::AUTHORIZATION,
+        axum::http::header::CONTENT_TYPE,
+        axum::http::HeaderName::from_static("x-encryption-key"),
+        axum::http::HeaderName::from_static("mcp-session-id"),
+        axum::http::HeaderName::from_static("x-mcp-session"),
+    ]
+}
+
+/// Build the CORS layer for the application.
+///
+/// In production mode the origin is restricted to the BASE_URL origin
+/// (scheme://host:port, path stripped) and credentials are allowed.
+/// `allow_headers` uses an explicit whitelist to avoid the tower-http
+/// restriction on `allow_credentials(true)` + `allow_headers(Any)`.
+///
+/// In development mode all origins, methods and headers are allowed.
+fn build_cors_layer(base_url: &str, is_production: bool) -> CorsLayer {
+    if is_production {
+        let allowed_origin = if let Ok(parsed) = base_url.parse::<url::Url>() {
+            let origin = parsed.origin().ascii_serialization();
+            origin
+                .parse::<axum::http::HeaderValue>()
+                .unwrap_or_else(|_| panic!("invalid BASE_URL origin: {}", origin))
+        } else {
+            base_url
+                .parse::<axum::http::HeaderValue>()
+                .unwrap_or_else(|_| panic!("invalid BASE_URL: {}", base_url))
+        };
+        CorsLayer::new()
+            .allow_origin(allowed_origin)
+            .allow_methods(Any)
+            .allow_headers(production_allowed_headers())
+            .allow_credentials(true)
+    } else {
+        CorsLayer::new()
+            .allow_origin(Any)
+            .allow_methods(Any)
+            .allow_headers(Any)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn production_cors_does_not_panic() {
+        let layer = build_cors_layer("https://secrets.example.com/app", true);
+        let _ = layer;
+    }
+
+    #[test]
+    fn production_cors_headers_include_all_required() {
+        let headers = production_allowed_headers();
+        let names: Vec<&str> = headers.iter().map(|h| h.as_str()).collect();
+        assert!(names.contains(&"authorization"));
+        assert!(names.contains(&"content-type"));
+        assert!(names.contains(&"x-encryption-key"));
+        assert!(names.contains(&"mcp-session-id"));
+        assert!(names.contains(&"x-mcp-session"));
+    }
+
+    #[test]
+    fn production_cors_normalizes_base_url_with_path() {
+        let url = url::Url::parse("https://secrets.example.com/secrets/app").unwrap();
+        let origin = url.origin().ascii_serialization();
+        assert_eq!(origin, "https://secrets.example.com");
+    }
+
+    #[test]
+    fn development_cors_allows_everything() {
+        let layer = build_cors_layer("http://localhost:9315", false);
+        let _ = layer;
+    }
+}
--- a/crates/secrets-mcp/src/tools.rs
+++ b/crates/secrets-mcp/src/tools.rs
@@ -335,6 +335,9 @@ struct FindInput {
    #[schemars(description = "Max results (default 20)")]
    #[serde(default, deserialize_with = "deser::option_u32_from_string")]
    limit: Option<u32>,
+    #[schemars(description = "Offset for pagination (default 0)")]
+    #[serde(default, deserialize_with = "deser::option_u32_from_string")]
+    offset: Option<u32>,
 }

 #[derive(Debug, Deserialize, JsonSchema)]
@@ -680,13 +683,33 @@ impl SecretsService {
                query: input.query.as_deref(),
                sort: "name",
                limit: input.limit.unwrap_or(20),
-                offset: 0,
+                offset: input.offset.unwrap_or(0),
                user_id: Some(user_id),
            },
        )
        .await
        .map_err(|e| mcp_err_internal_logged("secrets_find", Some(user_id), e))?;

+        let count_params = SearchParams {
+            folder: input.folder.as_deref(),
+            entry_type: input.entry_type.as_deref(),
+            name: input.name.as_deref(),
+            name_query: input.name_query.as_deref(),
+            tags: &tags,
+            query: input.query.as_deref(),
+            sort: "name",
+            limit: 0,
+            offset: 0,
+            user_id: Some(user_id),
+        };
+
+        let total_count = secrets_core::service::search::count_entries(&self.pool, &count_params)
+            .await
+            .inspect_err(
+                |e| tracing::warn!(tool = "secrets_find", error = %e, "count_entries failed"),
+            )
+            .unwrap_or(0);
+
        let entries: Vec<serde_json::Value> = result
            .entries
            .iter()
@@ -719,14 +742,20 @@ impl SecretsService {
            })
            .collect();

+        let output = serde_json::json!({
+            "total_count": total_count,
+            "entries": entries,
+        });
+
        tracing::info!(
            tool = "secrets_find",
            ?user_id,
            result_count = entries.len(),
+            total_count,
            elapsed_ms = t.elapsed().as_millis(),
            "tool call ok",
        );
-        let json = serde_json::to_string_pretty(&entries).unwrap_or_else(|_| "[]".to_string());
+        let json = serde_json::to_string_pretty(&output).unwrap_or_else(|_| "{}".to_string());
        Ok(CallToolResult::success(vec![Content::text(json)]))
    }

--- a/crates/secrets-mcp/src/web.rs
+++ b/crates/secrets-mcp/src/web.rs
@@ -20,9 +20,9 @@ use secrets_core::crypto::hex;
 use secrets_core::error::AppError;
 use secrets_core::service::{
    api_key::{ensure_api_key, regenerate_api_key},
-    audit_log::list_for_user,
+    audit_log::{count_for_user, list_for_user},
    delete::delete_by_id,
-    search::{SearchParams, fetch_secret_schemas, ilike_pattern, list_entries},
+    search::{SearchParams, count_entries, fetch_secret_schemas, ilike_pattern, list_entries},
    update::{UpdateEntryFieldsByIdParams, update_fields_by_id},
    user::{
        OAuthProfile, bind_oauth_account, find_or_create_user, get_user_by_id,
@@ -72,6 +72,9 @@ struct AuditPageTemplate {
    user_name: String,
    user_email: String,
    entries: Vec<AuditEntryView>,
+    current_page: u32,
+    total_pages: u32,
+    total_count: i64,
    version: &'static str,
 }

@@ -95,6 +98,9 @@ struct EntriesPageTemplate {
    filter_folder: String,
    filter_name: String,
    filter_type: String,
+    current_page: u32,
+    total_pages: u32,
+    total_count: i64,
    version: &'static str,
 }

@@ -131,7 +137,8 @@ struct FolderTabView {
 }

 /// Cap for HTML list (avoids loading unbounded rows into memory).
-const ENTRIES_PAGE_LIMIT: u32 = 5_000;
+const ENTRIES_PAGE_LIMIT: u32 = 50;
+const AUDIT_PAGE_LIMIT: i64 = 10;

 #[derive(Deserialize)]
 struct EntriesQuery {
@@ -140,6 +147,7 @@ struct EntriesQuery {
    /// URL query key is `type` (maps to DB column `entries.type`).
    #[serde(rename = "type")]
    entry_type: Option<String>,
+    page: Option<u32>,
 }

 // ── App state helpers ─────────────────────────────────────────────────────────
@@ -596,6 +604,8 @@ async fn entries_page(
        .map(|s| s.trim())
        .filter(|s| !s.is_empty())
        .map(|s| s.to_string());
+    let page = q.page.unwrap_or(1).max(1);
+    let offset = (page - 1) * ENTRIES_PAGE_LIMIT;
    let params = SearchParams {
        folder: folder_filter.as_deref(),
        entry_type: type_filter.as_deref(),
@@ -605,10 +615,17 @@ async fn entries_page(
        query: None,
        sort: "updated",
        limit: ENTRIES_PAGE_LIMIT,
-        offset: 0,
+        offset,
        user_id: Some(user_id),
    };

+    let total_count = count_entries(&state.pool, &params)
+        .await
+        .inspect_err(|e| tracing::warn!(error = %e, "count_entries failed for web entries page"))
+        .unwrap_or(0);
+    let total_pages = (total_count as u32).div_ceil(ENTRIES_PAGE_LIMIT).max(1);
+    let current_page = page.min(total_pages);
+
    let rows = list_entries(&state.pool, params).await.map_err(|e| {
        tracing::error!(error = %e, "failed to load entries list for web");
        StatusCode::INTERNAL_SERVER_ERROR
@@ -681,7 +698,12 @@ async fn entries_page(
        type_options.sort_unstable();
    }

-    fn entries_href(folder: Option<&str>, entry_type: Option<&str>, name: Option<&str>) -> String {
+    fn entries_href(
+        folder: Option<&str>,
+        entry_type: Option<&str>,
+        name: Option<&str>,
+        page: Option<u32>,
+    ) -> String {
        let mut pairs: Vec<String> = Vec::new();
        if let Some(f) = folder
            && !f.is_empty()
@@ -698,6 +720,9 @@ async fn entries_page(
        {
            pairs.push(format!("name={}", urlencoding::encode(n)));
        }
+        if let Some(p) = page {
+            pairs.push(format!("page={}", p));
+        }
        if pairs.is_empty() {
            "/entries".to_string()
        } else {
@@ -710,13 +735,23 @@ async fn entries_page(
    folder_tabs.push(FolderTabView {
        name: "全部".to_string(),
        count: all_count,
-        href: entries_href(None, type_filter.as_deref(), name_filter.as_deref()),
+        href: entries_href(
+            None,
+            type_filter.as_deref(),
+            name_filter.as_deref(),
+            Some(1),
+        ),
        active: folder_filter.is_none(),
    });
    for r in folder_rows {
        let name = r.folder;
        folder_tabs.push(FolderTabView {
-            href: entries_href(Some(&name), type_filter.as_deref(), name_filter.as_deref()),
+            href: entries_href(
+                Some(&name),
+                type_filter.as_deref(),
+                name_filter.as_deref(),
+                Some(1),
+            ),
            active: folder_filter.as_deref() == Some(name.as_str()),
            name,
            count: r.count,
@@ -773,15 +808,24 @@ async fn entries_page(
        filter_folder: folder_filter.unwrap_or_default(),
        filter_name: name_filter.unwrap_or_default(),
        filter_type: type_filter.unwrap_or_default(),
+        current_page,
+        total_pages,
+        total_count,
        version: env!("CARGO_PKG_VERSION"),
    };

    render_template(tmpl)
 }

+#[derive(Deserialize)]
+struct AuditQuery {
+    page: Option<u32>,
+}
+
 async fn audit_page(
    State(state): State<AppState>,
    session: Session,
+    Query(aq): Query<AuditQuery>,
 ) -> Result<Response, StatusCode> {
    let Some(user_id) = current_user_id(&session).await else {
        return Ok(Redirect::to("/login").into_response());
@@ -795,7 +839,20 @@ async fn audit_page(
        None => return Ok(Redirect::to("/login").into_response()),
    };

-    let rows = list_for_user(&state.pool, user_id, 100)
+    let page = aq.page.unwrap_or(1).max(1);
+
+    let total_count = count_for_user(&state.pool, user_id).await.map_err(|e| {
+        tracing::error!(error = %e, "failed to count audit log for user");
+        StatusCode::INTERNAL_SERVER_ERROR
+    })?;
+
+    let total_pages = (total_count as u32)
+        .div_ceil(AUDIT_PAGE_LIMIT as u32)
+        .max(1);
+    let current_page = page.min(total_pages);
+    let actual_offset = ((current_page - 1) as i64) * AUDIT_PAGE_LIMIT;
+
+    let rows = list_for_user(&state.pool, user_id, AUDIT_PAGE_LIMIT, actual_offset)
        .await
        .map_err(|e| {
            tracing::error!(error = %e, "failed to load audit log for user");
@@ -816,6 +873,9 @@ async fn audit_page(
        user_name: user.name.clone(),
        user_email: user.email.clone().unwrap_or_default(),
        entries,
+        current_page,
+        total_pages,
+        total_count,
        version: env!("CARGO_PKG_VERSION"),
    };