feat(yapi): global/current MCP config buttons (#28)

leeguooooo · web-flow · commit 3712fd2b3ccd · 2025-12-17T10:48:31.000+09:00
* feat(yapi): add global/current MCP config buttons

* docs: clarify YApi MCP buttons

* feat(yapi): all-projects MCP config with email autofill

* fix(yapi): validate email before injecting into MCP config

* fix(yapi): autofill email via user/status for all-projects config

* fix: avoid breaking non-yapi pages

* chore(yapi): use @leeguoo/yapi-auto-mcp package

* chore(yapi): switch MCP package to @leeguoo/yapi-mcp
diff --git a/README.md b/README.md
@@ -37,8 +37,9 @@ cd cross-request-master
 安装后直接在 YApi 页面发送请求即可，扩展会自动处理跨域、显示 cURL，并把 JSON 响应解析为对象供脚本使用。
 
 在接口详情页（基本信息区域右上角）额外提供：
-- **MCP 配置**：自动拼好 Cursor / Codex / Gemini CLI / Claude Code 的配置并可一键复制
-- **复制给 AI**：把当前接口信息整理成 Markdown（仅接口相关字段）复制到剪贴板
+- **所有项目 MCP 配置**：全局模式（账号密码登录），只需配置一次，后续可自动缓存所有项目 token（生成配置默认使用 `@leeguoo/yapi-mcp`）
+- **当前项目 MCP 配置**：项目 token 模式（自动拼好 `projectId:token`），适合单项目/少量项目
+- **复制当前页面给 AI**：把当前接口信息整理成 Markdown（仅接口相关字段）复制到剪贴板
 
 ### YApi OpenAPI（Yapi-MCP tool 同名方法）
 
diff --git a/content-script.js b/content-script.js
@@ -215,6 +215,15 @@ const CrossRequest = {
       return true;
     };
 
+    const looksLikeEmail = (val) => {
+      if (typeof val !== 'string') return false;
+      const s = val.trim();
+      if (!s) return false;
+      if (s.length > 128) return false;
+      if (/[\s"'<>]/.test(s)) return false;
+      return /^[^@]+@[^@]+\.[^@]+$/.test(s);
+    };
+
     const findTokenInObject = (obj) => {
       if (!obj || typeof obj !== 'object') return '';
       const queue = [{ value: obj, depth: 0, key: '' }];
@@ -373,6 +382,7 @@ const CrossRequest = {
     };
 
     const buildMcpConfigBlocks = ({ origin, projectId, projectName, token }) => {
+      const mcpPkg = '@leeguoo/yapi-mcp';
       const baseUrl = String(origin || '').replace(/\/$/, '');
       const yapiToken = `${projectId}:${token}`;
       const normalizedProjectName = String(projectName || '')
@@ -385,7 +395,7 @@ const CrossRequest = {
 
       const stdioArgs = [
         '-y',
-        'yapi-auto-mcp',
+        mcpPkg,
         '--stdio',
         `--yapi-base-url=${baseUrl}`,
         `--yapi-token=${yapiToken}`
@@ -441,6 +451,124 @@ const CrossRequest = {
         serverName
       };
     };
+    const buildGlobalMcpConfigBlocks = ({ origin, email }) => {
+      const mcpPkg = '@leeguoo/yapi-mcp';
+      const baseUrl = String(origin || '').replace(/\/$/, '');
+      const host = String(location.hostname || 'yapi').replace(/[^a-zA-Z0-9._-]/g, '');
+      const serverName = `yapi-global-${host.replace(/\./g, '-')}-mcp`;
+      const cliServerName = /\s/.test(serverName) ? JSON.stringify(serverName) : serverName;
+      const safeEmail = looksLikeEmail(email) ? String(email).trim() : 'YOUR_EMAIL';
+
+      const stdioArgs = [
+        '-y',
+        mcpPkg,
+        '--stdio',
+        `--yapi-base-url=${baseUrl}`,
+        '--yapi-auth-mode=global',
+        `--yapi-email=${safeEmail}`,
+        '--yapi-password=YOUR_PASSWORD'
+      ];
+
+      const cursor = JSON.stringify(
+        {
+          mcpServers: {
+            [serverName]: {
+              command: 'npx',
+              args: stdioArgs
+            }
+          }
+        },
+        null,
+        2
+      );
+
+      const codex = `[mcp_servers.${JSON.stringify(serverName)}]\ncommand = "npx"\nargs = ${JSON.stringify(
+        stdioArgs
+      )}\n`;
+
+      const gemini = JSON.stringify(
+        {
+          mcpServers: {
+            [serverName]: {
+              command: 'npx',
+              args: stdioArgs
+            }
+          }
+        },
+        null,
+        2
+      );
+
+      const claudeCode = `claude mcp add --transport stdio ${cliServerName} -- npx ${stdioArgs
+        .map((a) => (a.includes(' ') ? JSON.stringify(a) : a))
+        .join(' ')}`;
+
+      const geminiCli = `gemini mcp add --transport stdio ${cliServerName} npx ${stdioArgs
+        .map((a) => (a.includes(' ') ? JSON.stringify(a) : a))
+        .join(' ')}`;
+
+      const rawCommand = `npx ${stdioArgs.join(' ')}`;
+
+      return {
+        cursor,
+        codex,
+        gemini,
+        claudeCode,
+        geminiCli,
+        rawCommand,
+        serverName
+      };
+    };
+
+    const getCookieValue = (key) => {
+      const name = `${String(key || '').trim()}=`;
+      if (!name || name === '=') return '';
+      const cookies = String(document.cookie || '').split(';');
+      for (const c of cookies) {
+        const trimmed = String(c || '').trim();
+        if (!trimmed.startsWith(name)) continue;
+        return trimmed.slice(name.length);
+      }
+      return '';
+    };
+
+    const resolveCurrentUserEmail = async (origin) => {
+      // 1) 优先用 status（不依赖读取 cookie；只要 fetch 带 credentials 即可）
+      try {
+        const statusUrl = `${origin}/api/user/status`;
+        const statusPayload = await fetchJson(statusUrl);
+        const emailFromStatus = statusPayload && statusPayload.data && statusPayload.data.email;
+        if (looksLikeEmail(emailFromStatus)) return String(emailFromStatus).trim();
+
+        const uidFromStatus =
+          statusPayload && statusPayload.data && (statusPayload.data.uid || statusPayload.data._id);
+        if (uidFromStatus) {
+          const url = `${origin}/api/user/find?id=${encodeURIComponent(String(uidFromStatus))}`;
+          const payload = await fetchJson(url);
+          if (
+            payload &&
+            payload.errcode === 0 &&
+            payload.data &&
+            looksLikeEmail(payload.data.email)
+          ) {
+            return String(payload.data.email || '').trim();
+          }
+        }
+      } catch {
+        // ignore
+      }
+
+      // 2) 兜底：尝试从非 HttpOnly 的 _yapi_uid 读取
+      const uid = getCookieValue('_yapi_uid');
+      if (!uid) return '';
+      const url = `${origin}/api/user/find?id=${encodeURIComponent(uid)}`;
+      const payload = await fetchJson(url);
+      if (payload && payload.errcode === 0 && payload.data && looksLikeEmail(payload.data.email)) {
+        return String(payload.data.email || '').trim();
+      }
+      return '';
+    };
+
     const isTruthyRequired = (val) => {
       if (val === true) return true;
       if (val === 1) return true;
@@ -791,8 +919,8 @@ const CrossRequest = {
 	          </div>
 	          <div class="crm-body">
 	            <div class="crm-section">
-	              <h3>MCP 配置</h3>
-	              <div class="crm-hint">已按当前项目自动拼好（Cursor / Codex / Gemini CLI / Claude Code）。</div>
+	              <h3 id="crm-mcp-title">MCP 配置</h3>
+	              <div class="crm-hint" id="crm-mcp-hint">已按当前项目自动拼好（Cursor / Codex / Gemini CLI / Claude Code）。</div>
 	              <div id="crm-mcp-content" style="margin-top: 10px;"></div>
 	            </div>
 	          </div>
@@ -831,30 +959,56 @@ const CrossRequest = {
       return container;
     };
 
-    const openModal = async () => {
+    const openModal = async (mode) => {
       const route = parseYapiInterfaceRoute();
       if (!route) return;
 
       ensureStyle();
       const modal = ensureModal();
       modal.style.display = 'block';
 
+      const headerTitle = modal.querySelector('.crm-title');
+      const panelTitle = modal.querySelector('#crm-mcp-title');
+      const panelHint = modal.querySelector('#crm-mcp-hint');
+
       const mcpContainer = modal.querySelector('#crm-mcp-content');
       mcpContainer.textContent = '生成中...';
 
       const origin = location.origin;
 
       try {
-        const [token, projectName] = await Promise.all([
-          resolveProjectToken(origin, route.projectId),
-          resolveProjectName(origin, route.projectId)
-        ]);
-        const blocks = buildMcpConfigBlocks({
-          origin,
-          projectId: route.projectId,
-          projectName,
-          token
-        });
+        const mcpMode = mode === 'global' ? 'global' : 'project';
+        if (mcpMode === 'global') {
+          if (headerTitle) headerTitle.textContent = 'MCP 配置（所有项目）';
+          if (panelTitle) panelTitle.textContent = 'MCP 配置（所有项目）';
+          if (panelHint) {
+            panelHint.textContent =
+              '全局模式：邮箱会尽量自动填入；只需填写密码。启动后先在对话里调用一次 yapi_update_token 自动缓存所有项目 token。';
+          }
+        } else {
+          if (headerTitle) headerTitle.textContent = 'MCP 配置（当前项目）';
+          if (panelTitle) panelTitle.textContent = 'MCP 配置（当前项目）';
+          if (panelHint)
+            panelHint.textContent =
+              '已按当前项目自动拼好（Cursor / Codex / Gemini CLI / Claude Code）。';
+        }
+
+        let blocks;
+        if (mcpMode === 'global') {
+          const email = await resolveCurrentUserEmail(origin);
+          blocks = buildGlobalMcpConfigBlocks({ origin, email });
+        } else {
+          const [token, projectName] = await Promise.all([
+            resolveProjectToken(origin, route.projectId),
+            resolveProjectName(origin, route.projectId)
+          ]);
+          blocks = buildMcpConfigBlocks({
+            origin,
+            projectId: route.projectId,
+            projectName,
+            token
+          });
+        }
 
         mcpContainer.textContent = '';
         mcpContainer.style.display = 'block';
@@ -918,19 +1072,26 @@ const CrossRequest = {
       const group = document.createElement('span');
       group.id = BTN_GROUP_ID;
 
-      const mcpBtn = document.createElement('button');
-      mcpBtn.className = 'crm-btn';
-      mcpBtn.type = 'button';
-      mcpBtn.textContent = 'MCP 配置';
-      mcpBtn.addEventListener('click', openModal);
+      const mcpGlobalBtn = document.createElement('button');
+      mcpGlobalBtn.className = 'crm-btn';
+      mcpGlobalBtn.type = 'button';
+      mcpGlobalBtn.textContent = '所有项目 MCP 配置';
+      mcpGlobalBtn.addEventListener('click', () => openModal('global'));
+
+      const mcpProjectBtn = document.createElement('button');
+      mcpProjectBtn.className = 'crm-btn';
+      mcpProjectBtn.type = 'button';
+      mcpProjectBtn.textContent = '当前项目 MCP 配置';
+      mcpProjectBtn.addEventListener('click', () => openModal('project'));
 
       const copyBtn = document.createElement('button');
       copyBtn.className = 'crm-btn crm-primary';
       copyBtn.type = 'button';
       copyBtn.textContent = '复制当前页面给 AI';
       copyBtn.addEventListener('click', () => copyMarkdownDirectly(copyBtn));
 
-      group.appendChild(mcpBtn);
+      group.appendChild(mcpGlobalBtn);
+      group.appendChild(mcpProjectBtn);
       group.appendChild(copyBtn);
       titleEl.appendChild(group);
     };
