@@ -10,8 +10,9 @@ import { SessionStore } from "../common/sessionStore.js";
1010
1111const JSON_RPC_ERROR_CODE_PROCESSING_REQUEST_FAILED = - 32000 ;
1212const JSON_RPC_ERROR_CODE_SESSION_ID_REQUIRED = - 32001 ;
13- const JSON_RPC_ERROR_CODE_SESSION_NOT_FOUND = - 32002 ;
14- const JSON_RPC_ERROR_CODE_INVALID_REQUEST = - 32003 ;
13+ const JSON_RPC_ERROR_CODE_SESSION_ID_INVALID = - 32002 ;
14+ const JSON_RPC_ERROR_CODE_SESSION_NOT_FOUND = - 32003 ;
15+ const JSON_RPC_ERROR_CODE_INVALID_REQUEST = - 32004 ;
1516
1617function promiseHandler (
1718 fn : ( req : express . Request , res : express . Response , next : express . NextFunction ) => Promise < void >
@@ -45,7 +46,7 @@ export class StreamableHttpRunner extends TransportRunnerBase {
4546 app . use ( express . json ( ) ) ;
4647
4748 const handleRequest = async ( req : express . Request , res : express . Response ) => {
48- const sessionId = req . headers [ "mcp-session-id" ] as string ;
49+ const sessionId = req . headers [ "mcp-session-id" ] ;
4950 if ( ! sessionId ) {
5051 res . status ( 400 ) . json ( {
5152 jsonrpc : "2.0" ,
@@ -56,6 +57,16 @@ export class StreamableHttpRunner extends TransportRunnerBase {
5657 } ) ;
5758 return ;
5859 }
60+ if ( typeof sessionId !== "string" ) {
61+ res . status ( 400 ) . json ( {
62+ jsonrpc : "2.0" ,
63+ error : {
64+ code : JSON_RPC_ERROR_CODE_SESSION_ID_INVALID ,
65+ message : `session id is invalid` ,
66+ } ,
67+ } ) ;
68+ return ;
69+ }
5970 const transport = this . sessionStore . getSession ( sessionId ) ;
6071 if ( ! transport ) {
6172 res . status ( 404 ) . json ( {
@@ -73,7 +84,7 @@ export class StreamableHttpRunner extends TransportRunnerBase {
7384 app . post (
7485 "/mcp" ,
7586 promiseHandler ( async ( req : express . Request , res : express . Response ) => {
76- const sessionId = req . headers [ "mcp-session-id" ] as string ;
87+ const sessionId = req . headers [ "mcp-session-id" ] ;
7788 if ( sessionId ) {
7889 await handleRequest ( req , res ) ;
7990 return ;
0 commit comments