refactor: remove mcp cookie parameters

2026-04-21 21:48:34 -04:00
parent 1a2c0cf6b8
commit d65d81dbd1
3 changed files with 51 additions and 11 deletions
--- a/packages/mcp-server/src/protocol/handler.ts
+++ b/packages/mcp-server/src/protocol/handler.ts
@@ -155,7 +155,6 @@ export async function handleMcpRequest(req: Request): Promise<Response> {
          if (args.location) params.append("location", args.location);
          if (args.maxItems)
            params.append("maxItems", args.maxItems.toString());
-          if (args.cookiesSource) params.append("cookies", args.cookiesSource);

          console.log(
            `[MCP] Calling Facebook API: ${API_BASE_URL}/facebook?${params.toString()}`,
@@ -208,7 +207,6 @@ export async function handleMcpRequest(req: Request): Promise<Response> {
            params.append("canadaOnly", args.canadaOnly.toString());
          if (args.maxItems)
            params.append("maxItems", args.maxItems.toString());
-          if (args.cookies) params.append("cookies", args.cookies);

          console.log(
            `[MCP] Calling eBay API: ${API_BASE_URL}/ebay?${params.toString()}`,
--- a/packages/mcp-server/src/protocol/tools.ts
+++ b/packages/mcp-server/src/protocol/tools.ts
@@ -81,10 +81,6 @@ export const tools = [
          description: "Maximum number of items to return",
          default: 5,
        },
-        cookiesSource: {
-          type: "string",
-          description: "Optional Facebook session cookies source",
-        },
      },
      required: ["query"],
    },
@@ -138,11 +134,6 @@ export const tools = [
          description: "Maximum number of items to return",
          default: 5,
        },
-        cookies: {
-          type: "string",
-          description:
-            "Optional: eBay session cookies to bypass bot detection (format: 'name1=value1; name2=value2')",
-        },
      },
      required: ["query"],
    },
--- a/packages/mcp-server/test/protocol.test.ts
+++ b/packages/mcp-server/test/protocol.test.ts
@@ -0,0 +1,51 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
+import { handleMcpRequest } from "../src/protocol/handler";
+import { tools } from "../src/protocol/tools";
+
+const originalFetch = global.fetch;
+
+describe("MCP protocol cookie inputs", () => {
+  beforeEach(() => {
+    global.fetch = mock(() =>
+      Promise.resolve(new Response(JSON.stringify([]), { status: 200 })),
+    ) as typeof fetch;
+  });
+
+  afterEach(() => {
+    global.fetch = originalFetch;
+  });
+
+  test("search tools should not expose Facebook or eBay cookie inputs", () => {
+    const searchFacebookTool = tools.find((tool) => tool.name === "search_facebook");
+    const searchEbayTool = tools.find((tool) => tool.name === "search_ebay");
+
+    expect(searchFacebookTool?.inputSchema.properties).not.toHaveProperty(
+      "cookiesSource",
+    );
+    expect(searchEbayTool?.inputSchema.properties).not.toHaveProperty("cookies");
+  });
+
+  test("search_facebook should not forward cookies query parameters", async () => {
+    await handleMcpRequest(
+      new Request("http://localhost", {
+        method: "POST",
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          id: 1,
+          method: "tools/call",
+          params: {
+            name: "search_facebook",
+            arguments: {
+              query: "laptop",
+              cookiesSource: "c_user=1",
+            },
+          },
+        }),
+      }),
+    );
+
+    const calledUrl = (global.fetch as ReturnType<typeof mock>).mock.calls[0]?.[0];
+    expect(String(calledUrl)).toContain("/facebook?q=laptop");
+    expect(String(calledUrl)).not.toContain("cookies=");
+  });
+});