From d65d81dbd13ed9240221187255bea8fa3e50343b Mon Sep 17 00:00:00 2001 From: Dmytro Stanchiev Date: Tue, 21 Apr 2026 21:48:34 -0400 Subject: [PATCH] refactor: remove mcp cookie parameters --- packages/mcp-server/src/protocol/handler.ts | 2 - packages/mcp-server/src/protocol/tools.ts | 9 ---- packages/mcp-server/test/protocol.test.ts | 51 +++++++++++++++++++++ 3 files changed, 51 insertions(+), 11 deletions(-) create mode 100644 packages/mcp-server/test/protocol.test.ts diff --git a/packages/mcp-server/src/protocol/handler.ts b/packages/mcp-server/src/protocol/handler.ts index 410b392..19dd850 100644 --- a/packages/mcp-server/src/protocol/handler.ts +++ b/packages/mcp-server/src/protocol/handler.ts @@ -155,7 +155,6 @@ export async function handleMcpRequest(req: Request): Promise { if (args.location) params.append("location", args.location); if (args.maxItems) params.append("maxItems", args.maxItems.toString()); - if (args.cookiesSource) params.append("cookies", args.cookiesSource); console.log( `[MCP] Calling Facebook API: ${API_BASE_URL}/facebook?${params.toString()}`, @@ -208,7 +207,6 @@ export async function handleMcpRequest(req: Request): Promise { params.append("canadaOnly", args.canadaOnly.toString()); if (args.maxItems) params.append("maxItems", args.maxItems.toString()); - if (args.cookies) params.append("cookies", args.cookies); console.log( `[MCP] Calling eBay API: ${API_BASE_URL}/ebay?${params.toString()}`, diff --git a/packages/mcp-server/src/protocol/tools.ts b/packages/mcp-server/src/protocol/tools.ts index 643459d..a50c01b 100644 --- a/packages/mcp-server/src/protocol/tools.ts +++ b/packages/mcp-server/src/protocol/tools.ts @@ -81,10 +81,6 @@ export const tools = [ description: "Maximum number of items to return", default: 5, }, - cookiesSource: { - type: "string", - description: "Optional Facebook session cookies source", - }, }, required: ["query"], }, @@ -138,11 +134,6 @@ export const tools = [ description: "Maximum number of items to return", default: 5, }, - cookies: { - type: "string", - description: - "Optional: eBay session cookies to bypass bot detection (format: 'name1=value1; name2=value2')", - }, }, required: ["query"], }, diff --git a/packages/mcp-server/test/protocol.test.ts b/packages/mcp-server/test/protocol.test.ts new file mode 100644 index 0000000..8666221 --- /dev/null +++ b/packages/mcp-server/test/protocol.test.ts @@ -0,0 +1,51 @@ +import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test"; +import { handleMcpRequest } from "../src/protocol/handler"; +import { tools } from "../src/protocol/tools"; + +const originalFetch = global.fetch; + +describe("MCP protocol cookie inputs", () => { + beforeEach(() => { + global.fetch = mock(() => + Promise.resolve(new Response(JSON.stringify([]), { status: 200 })), + ) as typeof fetch; + }); + + afterEach(() => { + global.fetch = originalFetch; + }); + + test("search tools should not expose Facebook or eBay cookie inputs", () => { + const searchFacebookTool = tools.find((tool) => tool.name === "search_facebook"); + const searchEbayTool = tools.find((tool) => tool.name === "search_ebay"); + + expect(searchFacebookTool?.inputSchema.properties).not.toHaveProperty( + "cookiesSource", + ); + expect(searchEbayTool?.inputSchema.properties).not.toHaveProperty("cookies"); + }); + + test("search_facebook should not forward cookies query parameters", async () => { + await handleMcpRequest( + new Request("http://localhost", { + method: "POST", + body: JSON.stringify({ + jsonrpc: "2.0", + id: 1, + method: "tools/call", + params: { + name: "search_facebook", + arguments: { + query: "laptop", + cookiesSource: "c_user=1", + }, + }, + }), + }), + ); + + const calledUrl = (global.fetch as ReturnType).mock.calls[0]?.[0]; + expect(String(calledUrl)).toContain("/facebook?q=laptop"); + expect(String(calledUrl)).not.toContain("cookies="); + }); +});