Add content filtering functionality and tests

Copilot · SamMorrowDrums · Copilot · commit 4f1dee2b3a49 · 2025-05-23T11:42:45.000Z
Co-authored-by: SamMorrowDrums &lt;4811358+SamMorrowDrums@users.noreply.github.com&gt;
diff --git a/cmd/github-mcp-server/main.go b/cmd/github-mcp-server/main.go
@@ -53,6 +53,7 @@ var (
 				ExportTranslations:   viper.GetBool("export-translations"),
 				EnableCommandLogging: viper.GetBool("enable-command-logging"),
 				LogFilePath:          viper.GetString("log-file"),
+				TrustedRepo:          viper.GetString("trusted-repo"),
 			}
 
 			return ghmcp.RunStdioServer(stdioServerConfig)
@@ -73,6 +74,7 @@ func init() {
 	rootCmd.PersistentFlags().Bool("enable-command-logging", false, "When enabled, the server will log all command requests and responses to the log file")
 	rootCmd.PersistentFlags().Bool("export-translations", false, "Save translations to a JSON file")
 	rootCmd.PersistentFlags().String("gh-host", "", "Specify the GitHub hostname (for GitHub Enterprise etc.)")
+	rootCmd.PersistentFlags().String("trusted-repo", "", "Limit content to users with push access to the specified repo (format: owner/repo)")
 
 	// Bind flag to viper
 	_ = viper.BindPFlag("toolsets", rootCmd.PersistentFlags().Lookup("toolsets"))
@@ -82,6 +84,7 @@ func init() {
 	_ = viper.BindPFlag("enable-command-logging", rootCmd.PersistentFlags().Lookup("enable-command-logging"))
 	_ = viper.BindPFlag("export-translations", rootCmd.PersistentFlags().Lookup("export-translations"))
 	_ = viper.BindPFlag("host", rootCmd.PersistentFlags().Lookup("gh-host"))
+	_ = viper.BindPFlag("trusted-repo", rootCmd.PersistentFlags().Lookup("trusted-repo"))
 
 	// Add subcommands
 	rootCmd.AddCommand(stdioCmd)
diff --git a/internal/ghmcp/server.go b/internal/ghmcp/server.go
@@ -43,11 +43,17 @@ type MCPServerConfig struct {
 	// ReadOnly indicates if we should only offer read-only tools
 	ReadOnly bool
 
+	// TrustedRepo is a repository in the format "owner/repo" used to limit content 
+	// to users with push access to the specified repo
+	TrustedRepo string
+
 	// Translator provides translated text for the server tooling
 	Translator translations.TranslationHelperFunc
 }
 
 func NewMCPServer(cfg MCPServerConfig) (*server.MCPServer, error) {
+	ctx := context.Background()
+	
 	apiHost, err := parseAPIHost(cfg.Host)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse API host: %w", err)
@@ -112,6 +118,14 @@ func NewMCPServer(cfg MCPServerConfig) (*server.MCPServer, error) {
 		return gqlClient, nil // closing over client
 	}
 
+	// Initialize the content filter if a trusted repo is specified
+	if cfg.TrustedRepo != "" {
+		ctx, err := InitContentFilter(ctx, cfg.TrustedRepo, getGQLClient)
+		if err != nil {
+			return nil, fmt.Errorf("failed to initialize content filter: %w", err)
+		}
+	}
+
 	// Create default toolsets
 	toolsets, err := github.InitToolsets(
 		enabledToolsets,
@@ -169,6 +183,10 @@ type StdioServerConfig struct {
 
 	// Path to the log file if not stderr
 	LogFilePath string
+
+	// TrustedRepo is a repository in the format "owner/repo" used to limit content
+	// to users with push access to the specified repo
+	TrustedRepo string
 }
 
 // RunStdioServer is not concurrent safe.
@@ -186,6 +204,7 @@ func RunStdioServer(cfg StdioServerConfig) error {
 		EnabledToolsets: cfg.EnabledToolsets,
 		DynamicToolsets: cfg.DynamicToolsets,
 		ReadOnly:        cfg.ReadOnly,
+		TrustedRepo:     cfg.TrustedRepo,
 		Translator:      t,
 	})
 	if err != nil {
diff --git a/pkg/github/content_filter.go b/pkg/github/content_filter.go
@@ -0,0 +1,196 @@
+package github
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"sync"
+
+	"github.com/shurcooL/githubv4"
+)
+
+// contextKey is a private type used for context keys
+type contextKey int
+
+const (
+	// ContentFilterKey is the key used to access content filter settings from context
+	contentFilterKey contextKey = iota
+)
+
+// ContentFilterSettings holds the configuration for content filtering
+type ContentFilterSettings struct {
+	// Enabled indicates if content filtering is enabled
+	Enabled bool
+	// TrustedRepo is the repository in format "owner/repo" that is used to check permissions
+	TrustedRepo string
+	// OwnerRepo is the parsed owner and repo from TrustedRepo
+	OwnerRepo OwnerRepo
+	// IsPrivate indicates if the trusted repo is private
+	IsPrivate bool
+	// TrustedUsers is a map of users who have been verified to have push access
+	TrustedUsers map[string]bool
+	// mu protects the TrustedUsers map
+	mu sync.RWMutex
+}
+
+// OwnerRepo holds the parsed owner and repo from a string in the format "owner/repo"
+type OwnerRepo struct {
+	Owner string
+	Repo  string
+}
+
+// ParseOwnerRepo parses a string in the format "owner/repo" into an OwnerRepo struct
+func ParseOwnerRepo(s string) (OwnerRepo, error) {
+	parts := strings.Split(s, "/")
+	if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
+		return OwnerRepo{}, fmt.Errorf("invalid format for owner/repo: %s", s)
+	}
+	return OwnerRepo{Owner: parts[0], Repo: parts[1]}, nil
+}
+
+// GetContentFilterFromContext retrieves the content filter settings from the context
+func GetContentFilterFromContext(ctx context.Context) (*ContentFilterSettings, bool) {
+	if ctx == nil {
+		return nil, false
+	}
+	settings, ok := ctx.Value(contentFilterKey).(*ContentFilterSettings)
+	return settings, ok
+}
+
+// InitContentFilter initializes the content filter in the context
+func InitContentFilter(ctx context.Context, trustedRepo string, getGQLClient GetGQLClientFn) (context.Context, error) {
+	if trustedRepo == "" {
+		// Content filtering is not enabled
+		return ctx, nil
+	}
+
+	ownerRepo, err := ParseOwnerRepo(trustedRepo)
+	if err != nil {
+		return ctx, err
+	}
+
+	settings := &ContentFilterSettings{
+		Enabled:     true,
+		TrustedRepo: trustedRepo,
+		OwnerRepo:   ownerRepo,
+		TrustedUsers: map[string]bool{},
+	}
+
+	// Check if the repository is private, if so, disable content filtering
+	isPrivate, err := IsRepoPrivate(ctx, settings.OwnerRepo, getGQLClient)
+	if err != nil {
+		return ctx, fmt.Errorf("failed to check repository visibility: %w", err)
+	}
+	settings.IsPrivate = isPrivate
+
+	return context.WithValue(ctx, contentFilterKey, settings), nil
+}
+
+// IsRepoPrivate checks if a repository is private using GraphQL
+func IsRepoPrivate(ctx context.Context, ownerRepo OwnerRepo, getGQLClient GetGQLClientFn) (bool, error) {
+	client, err := getGQLClient(ctx)
+	if err != nil {
+		return false, fmt.Errorf("failed to get GraphQL client: %w", err)
+	}
+
+	var query struct {
+		Repository struct {
+			IsPrivate githubv4.Boolean
+		} `graphql:"repository(owner: $owner, name: $name)"`
+	}
+
+	variables := map[string]interface{}{
+		"owner": githubv4.String(ownerRepo.Owner),
+		"name":  githubv4.String(ownerRepo.Repo),
+	}
+
+	err = client.Query(ctx, &query, variables)
+	if err != nil {
+		return false, fmt.Errorf("failed to query repository visibility: %w", err)
+	}
+
+	return bool(query.Repository.IsPrivate), nil
+}
+
+// HasPushAccess checks if a user has push access to the trusted repository
+func HasPushAccess(ctx context.Context, username string, getGQLClient GetGQLClientFn) (bool, error) {
+	settings, ok := GetContentFilterFromContext(ctx)
+	if !ok || !settings.Enabled || settings.IsPrivate {
+		// If filtering is not enabled or repo is private, all users are trusted
+		return true, nil
+	}
+
+	// Check cache first
+	settings.mu.RLock()
+	trusted, found := settings.TrustedUsers[username]
+	settings.mu.RUnlock()
+	if found {
+		return trusted, nil
+	}
+
+	// Query GitHub API for permission
+	client, err := getGQLClient(ctx)
+	if err != nil {
+		return false, fmt.Errorf("failed to get GraphQL client: %w", err)
+	}
+
+	var query struct {
+		Repository struct {
+			Collaborators struct {
+				Edges []struct {
+					Permission githubv4.String
+					Node struct {
+						Login githubv4.String
+					}
+				}
+			} `graphql:"collaborators(query: $username, first: 1)"`
+		} `graphql:"repository(owner: $owner, name: $name)"`
+	}
+
+	variables := map[string]interface{}{
+		"owner":    githubv4.String(settings.OwnerRepo.Owner),
+		"name":     githubv4.String(settings.OwnerRepo.Repo),
+		"username": githubv4.String(username),
+	}
+
+	err = client.Query(ctx, &query, variables)
+	if err != nil {
+		return false, fmt.Errorf("failed to query user permissions: %w", err)
+	}
+
+	// Check if the user has push access
+	hasPush := false
+	for _, edge := range query.Repository.Collaborators.Edges {
+		login := string(edge.Node.Login)
+		if strings.EqualFold(login, username) {
+			permission := string(edge.Permission)
+			// WRITE, ADMIN, and MAINTAIN permissions have push access
+			hasPush = permission == "WRITE" || permission == "ADMIN" || permission == "MAINTAIN"
+			break
+		}
+	}
+
+	// Cache the result
+	settings.mu.Lock()
+	settings.TrustedUsers[username] = hasPush
+	settings.mu.Unlock()
+
+	return hasPush, nil
+}
+
+// ShouldIncludeContent checks if content from a user should be included
+func ShouldIncludeContent(ctx context.Context, username string, getGQLClient GetGQLClientFn) bool {
+	settings, ok := GetContentFilterFromContext(ctx)
+	if !ok || !settings.Enabled || settings.IsPrivate {
+		// If filtering is not enabled or repo is private, include all content
+		return true
+	}
+
+	// Check if user has push access
+	hasPush, err := HasPushAccess(ctx, username, getGQLClient)
+	if err != nil {
+		// If there's an error checking permissions, default to not including the content for safety
+		return false
+	}
+	return hasPush
+}
diff --git a/pkg/github/content_filter_test.go b/pkg/github/content_filter_test.go
