Added https support

Author: stevenpeh-tw

mcp-openapi/README.md

@@ -232,6 +232,7 @@ curl http://localhost:4000/info
 - **Banking Examples**: Use the pre-configured banking examples in `./examples/` for testing
 - **Authentication Testing**: Set environment variables for token passthrough testing
 - **Mode Selection**: Choose stdio for IDE integration, HTTP for web APIs
+- **Testing**: ⚠️ **Stop `sample-banking-api` server before running tests** - tests expect specific error conditions
 
 ## Usage Modes
 
@@ -800,8 +801,14 @@ mcp-openapi-server --verbose
 
 The project includes comprehensive unit and integration tests:
 
+⚠️ **Important Testing Requirement**: 
+**Stop the `sample-banking-api` server before running tests**. The integration tests will fail if the banking API server is running because the tests expect specific error conditions that get masked when the real API responds.
+
 ```bash
-# Run all tests
+# FIRST: Stop the sample-banking-api if it's running
+# (In the sample-banking-api directory: Ctrl+C or kill the process)
+
+# THEN: Run all tests
 npm test
 
 # Run unit tests only

mcp-openapi/src/cli.ts

@@ -21,6 +21,12 @@ program
   .option('--max-tool-name-length <number>', 'Maximum length for generated tool names', '48')
   .option('--max-request-size <size>', 'Maximum size for JSON request bodies', '2mb')
   .option('--http', 'Run in HTTP server mode instead of stdio', false)
+  .option('--https', 'Enable HTTPS mode (requires --key-file and --cert-file or --pfx-file)', false)
+  .option('--https-port <number>', 'Port for HTTPS server mode', '4443')
+  .option('--key-file <path>', 'Path to private key file for HTTPS')
+  .option('--cert-file <path>', 'Path to certificate file for HTTPS')
+  .option('--pfx-file <path>', 'Path to PFX/PKCS12 file for HTTPS (alternative to key/cert)')
+  .option('--passphrase <passphrase>', 'Passphrase for encrypted private key')
   .option('-v, --verbose', 'Enable verbose logging', true)
   .action(async (options) => {
     const serverOptions: ServerOptions = {
@@ -31,13 +37,20 @@ program
       verbose: options.verbose,
       ...(options.baseUrl && { baseUrl: options.baseUrl }),
       ...(options.maxToolNameLength && { maxToolNameLength: parseInt(options.maxToolNameLength) }),
-      ...(options.maxRequestSize && { maxRequestSize: options.maxRequestSize })
+      ...(options.maxRequestSize && { maxRequestSize: options.maxRequestSize }),
+      // HTTPS options
+      https: options.https,
+      ...(options.httpsPort && { httpsPort: parseInt(options.httpsPort) }),
+      ...(options.keyFile && { keyFile: options.keyFile }),
+      ...(options.certFile && { certFile: options.certFile }),
+      ...(options.pfxFile && { pfxFile: options.pfxFile }),
+      ...(options.passphrase && { passphrase: options.passphrase })
     };
 
     const server = new MCPOpenAPIServer(serverOptions);
 
     try {
-      if (options.http) {
+      if (options.http || options.https) {
         await server.runHttp();
       } else {
         await server.runStdio();

mcp-openapi/src/httpSetup.ts

@@ -1,5 +1,7 @@
 import express from 'express';
-import { MCPTool, MCPResource, PromptSpec, OpenAPISpec } from './types.js';
+import https from 'https';
+import fs from 'fs';
+import { MCPTool, MCPResource, PromptSpec, OpenAPISpec, ServerOptions } from './types.js';
 import { Telemetry } from './telemetry.js';
 import { PACKAGE_VERSION } from './package-info.js';
 
@@ -10,6 +12,7 @@ export interface HttpSetupContext {
   resources: MCPResource[];
   prompts: Map<string, PromptSpec>;
   telemetry: Telemetry;
+  options: ServerOptions;
   executeTool: (toolName: string, args: any, userContext?: { token?: string }) => Promise<any>;
   readResource: (uri: string, userContext?: { token?: string }, resourceParams?: Record<string, any>) => Promise<any>;
   getPrompt: (promptName: string, args: any) => Promise<any>;
@@ -162,23 +165,112 @@ export class HttpSetup {
     });
   }
 
-  startServer(port: number): Promise<void> {
-    return new Promise((resolve) => {
-      const server = this.context.app.listen(port, () => {
-        // HTTP server startup - use info level
-        const address = server.address();
-        const host = typeof address === 'object' && address ? 
-          (address.family === 'IPv6' ? `[${address.address}]` : address.address) : 
-          'localhost';
+  startServer(port?: number): Promise<void> {
+    return new Promise((resolve, reject) => {
+      const { options } = this.context;
+      
+      // Determine if HTTPS is enabled and which port to use
+      const useHttps = options.https;
+      const serverPort = useHttps ? 
+        (options.httpsPort || 4443) : 
+        (port || options.port || 4000);
+      
+      if (useHttps) {
+        // HTTPS server setup
+        const httpsOptions = this.createHttpsOptions();
+        if (!httpsOptions) {
+          reject(new Error('HTTPS enabled but no valid certificate configuration provided'));
+          return;
+        }
 
-        this.context.telemetry.info(`🚀 MCP OpenAPI Server running on port ${port}`);
-        this.context.telemetry.info(`📊 Health check: http://${host}:${port}/health`);
-        this.context.telemetry.info(`ℹ️  Server info: http://${host}:${port}/info`);
+        const server = https.createServer(httpsOptions, this.context.app);
+        server.listen(serverPort, () => {
+          const address = server.address();
+          const host = typeof address === 'object' && address ? 
+            (address.family === 'IPv6' ? `[${address.address}]` : address.address) : 
+            'localhost';
+          
+          this.context.telemetry.info(`🔒 MCP OpenAPI HTTPS Server running on port ${serverPort}`);
+          this.context.telemetry.info(`📊 Health check: https://${host}:${serverPort}/health`);
+          this.context.telemetry.info(`ℹ️  Server info: https://${host}:${serverPort}/info`);
+          
+          this.context.telemetry.debug(`📋 Loaded ${this.context.specs.size} specs, ${this.context.tools.length} tools, ${this.context.resources.length} resources, ${this.context.prompts.size} prompts`);
+          
+          resolve();
+        });
 
-        this.context.telemetry.debug(`📋 Loaded ${this.context.specs.size} specs, ${this.context.tools.length} tools, ${this.context.resources.length} resources, ${this.context.prompts.size} prompts`);
+        server.on('error', (error) => {
+          reject(error);
+        });
+      } else {
+        // HTTP server setup (default)
+        const server = this.context.app.listen(serverPort, () => {
+          const address = server.address();
+          const host = typeof address === 'object' && address ? 
+            (address.family === 'IPv6' ? `[${address.address}]` : address.address) : 
+            'localhost';
+          
+          this.context.telemetry.info(`🚀 MCP OpenAPI Server running on port ${serverPort}`);
+          this.context.telemetry.info(`📊 Health check: http://${host}:${serverPort}/health`);
+          this.context.telemetry.info(`ℹ️  Server info: http://${host}:${serverPort}/info`);
+          
+          this.context.telemetry.debug(`📋 Loaded ${this.context.specs.size} specs, ${this.context.tools.length} tools, ${this.context.resources.length} resources, ${this.context.prompts.size} prompts`);
+          
+          resolve();
+        });
 
-        resolve();
-      });
+        server.on('error', (error) => {
+          reject(error);
+        });
+      }
     });
   }
+
+  private createHttpsOptions(): https.ServerOptions | null {
+    const { options } = this.context;
+    
+    try {
+      // Option 1: PFX/PKCS12 file
+      if (options.pfxFile) {
+        if (!fs.existsSync(options.pfxFile)) {
+          this.context.telemetry.warn(`⚠️  PFX file not found: ${options.pfxFile}`);
+          return null;
+        }
+        
+        const pfx = fs.readFileSync(options.pfxFile);
+        return {
+          pfx,
+          ...(options.passphrase && { passphrase: options.passphrase })
+        };
+      }
+      
+      // Option 2: Separate key and certificate files
+      if (options.keyFile && options.certFile) {
+        if (!fs.existsSync(options.keyFile)) {
+          this.context.telemetry.warn(`⚠️  Private key file not found: ${options.keyFile}`);
+          return null;
+        }
+        
+        if (!fs.existsSync(options.certFile)) {
+          this.context.telemetry.warn(`⚠️  Certificate file not found: ${options.certFile}`);
+          return null;
+        }
+        
+        const key = fs.readFileSync(options.keyFile);
+        const cert = fs.readFileSync(options.certFile);
+        
+        return {
+          key,
+          cert,
+          ...(options.passphrase && { passphrase: options.passphrase })
+        };
+      }
+      
+      this.context.telemetry.warn('⚠️  HTTPS enabled but no certificate files provided. Use --key-file and --cert-file, or --pfx-file');
+      return null;
+    } catch (error) {
+      this.context.telemetry.warn(`⚠️  Error reading HTTPS certificate files: ${(error as Error).message}`);
+      return null;
+    }
+  }
 }

mcp-openapi/src/server.ts

@@ -835,8 +835,11 @@ export class MCPOpenAPIServer {
     }
   }
 
-
-
+  /**
+   * Reads an MCP resource by URI, handling special server info resource and
+   * parameter substitution. Supports both exact and template-based resource URIs.
+   * Returns the resource content as JSON.
+   */
   private async readResource(uri: string, userContext?: { token?: string }, resourceParams?: Record<string, any>) {
     // Handle special server info resource
     if (uri === 'mcp-openapi://server/info') {
@@ -861,8 +864,6 @@ export class MCPOpenAPIServer {
       throw new Error(`Resource ${uri} not found`);
     }
 
-
-
     // Parse URI to get spec and path
     const [specId, pathAfterProtocol] = uri.split('://');
 
@@ -1159,6 +1160,7 @@ export class MCPOpenAPIServer {
       resources: this.resources,
       prompts: this.prompts,
       telemetry: this.telemetry,
+      options: this.options,
       executeTool: this.executeTool.bind(this),
       readResource: this.readResource.bind(this),
       getPrompt: this.getPrompt.bind(this),

mcp-openapi/src/types.ts

@@ -87,4 +87,11 @@ export interface ServerOptions {
   baseUrl?: string;
   maxToolNameLength?: number;
   maxRequestSize?: string;
+  // HTTPS configuration
+  https?: boolean;
+  httpsPort?: number;
+  keyFile?: string;
+  certFile?: string;
+  pfxFile?: string;
+  passphrase?: string;
 } 

mcp-test-client/test-data/prompts.json

@@ -4,7 +4,7 @@
       "id": "fraud_investigation",
       "name": "Fraud Investigation - Power Company Payment", 
       "description": "Investigate a high-value utility payment using real sample data",
-      "userPrompt": "I need to investigate a $750 payment made to 'Power Company Australia' (payee_9n8m7l6k5j4i3h2g) from account 9876543210. Can you help me analyze this for potential fraud using the fraud analysis tools?"
+      "userPrompt": "I need to investigate a $750 payment made to 'Power Company Australia' (payee_9n8m7l6k5j4i3h2g) from account 9876543210 for potential fraud."
     },
     {
       "id": "loan_recommendation",