neoris/openapi-mcp-generator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow insecure HTTPS connections (self-signed certificates)

Browse Source
This commit is contained in:
Sylvain Afchain 2025-09-18 01:48:19 +02:00
parent f29c277860
commit f1125a0119
No known key found for this signature in database
5 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -59,6 +59,7 @@ openapi-mcp-generator --input path/to/openapi.json --output path/to/output/dir -
| `--port` | `-p` | Port for web-based transports | `3000` |
| `--default-include` | | Default behavior for x-mcp filtering. Accepts `true` or `false` (case-insensitive). `true` = include by default, `false` = exclude by default. | `true` |
| `--force` | | Overwrite existing files in the output directory without confirmation | `false` |
| `--insecure` | `-k` | Allow insecure HTTPS connections (self-signed certificates) | `false` |
## 📦 Programmatic API

3
src/generator/server-code.ts
View File

@ -35,7 +35,7 @@ export function generateMcpServerCode(
// Generate code for API tool execution
const executeApiToolFunctionCode = generateExecuteApiToolFunction(
api.components?.securitySchemes
api.components?.securitySchemes, options.insecure,
);
// Generate code for request handlers
@ -105,6 +105,7 @@ import {
import { z, ZodError } from 'zod';
import { jsonSchemaToZod } from 'json-schema-to-zod';
import axios, { type AxiosRequestConfig, type AxiosError } from 'axios';
import https from 'https';
/**
* Type definition for JSON objects

5
src/index.ts
View File

@ -87,6 +87,11 @@ program
true
)
.option('--force', 'Overwrite existing files without prompting')
.option(
'-k, --insecure',
'Allow insecure HTTPS connections (self-signed certificates)',
(val) => normalizeBoolean(val)
)
.version(pkg.version) // Match package.json version
.action((options) => {
runGenerator(options).catch((error) => {

2
src/types/index.ts
View File

@ -35,6 +35,8 @@ export interface CliOptions {
* false = exclude by default unless x-mcp explicitly enables.
*/
defaultInclude?: boolean;
/** Allow insecure HTTPS connections (self-signed certificates) */
insecure?: boolean;
}
/**

10
src/utils/security.ts
View File

@ -82,7 +82,7 @@ export function generateHttpSecurityCode(): string {
*
* @returns Generated code for OAuth2 token acquisition
*/
export function generateOAuth2TokenAcquisitionCode(): string {
export function generateOAuth2TokenAcquisitionCode(insecure?: boolean): string {
return `
/**
* Type definition for cached OAuth tokens
@ -165,7 +165,8 @@ async function acquireOAuth2Token(schemeName: string, scheme: any): Promise<stri
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': \`Basic \${Buffer.from(\`\${clientId}:\${clientSecret}\`).toString('base64')}\`
},
data: formData.toString()
data: formData.toString(),
${insecure ? 'httpsAgent: new https.Agent({ rejectUnauthorized: false })' : ''}
});
// Process the response
@ -201,10 +202,10 @@ async function acquireOAuth2Token(schemeName: string, scheme: any): Promise<stri
* @returns Generated code for the execute API tool function
*/
export function generateExecuteApiToolFunction(
securitySchemes?: OpenAPIV3.ComponentsObject['securitySchemes']
securitySchemes?: OpenAPIV3.ComponentsObject['securitySchemes'], insecure?: boolean
): string {
// Generate OAuth2 token acquisition function
const oauth2TokenAcquisitionCode = generateOAuth2TokenAcquisitionCode();
const oauth2TokenAcquisitionCode = generateOAuth2TokenAcquisitionCode(insecure);
// Generate security handling code for checking, applying security
const securityCode = `
@ -443,6 +444,7 @@ ${securityCode}
params: queryParams,
headers: headers,
...(requestBodyData !== undefined && { data: requestBodyData }),
${insecure ? 'httpsAgent: new https.Agent({ rejectUnauthorized: false })' : ''}
};
// Log request info to stderr (doesn't affect MCP output)