dhaan-ish/rust-mcp-sql-server

MCP Server with Google OAuth

A standalone Model Context Protocol (MCP) server that implements Google OAuth2 authentication for secure SSE (Server-Sent Events) connections. This server provides tools for SQL database queries and email sending via Gmail API.

Features

• Google OAuth2 Authentication: Secure authentication using Google's OAuth2 flow with PKCE
• SSE Transport: Real-time communication using Server-Sent Events
• MCP Protocol Support: Full support for tools with authentication context
• SQL Executor Tool: Execute raw SQL queries against a MySQL database
• Email Sender Tool: Send emails through Gmail API using the authenticated user's account
• Web Interface: Simple web interface for OAuth flow management

Prerequisites

Before running this server, you need to:

1. Create a Google Cloud Console project:

   • Go to Google Cloud Console
   • Create a new project or select an existing one
   • Enable the Gmail API (required for email sending)
   • Enable the Google People API or Google+ API (required for OAuth)

2. Create OAuth 2.0 credentials:

   • Go to Credentials page in Google Cloud Console
   • Click "Create Credentials" → "OAuth client ID"
   • Choose "Web application"
   • Add http://localhost:3000/oauth/callback to authorized redirect URIs
   • Note down the Client ID and Client Secret

3. Set up MySQL database (required for SQL executor tool):

   • Install MySQL server
   • Create a database and user with appropriate permissions
   • Note down the connection details

4. Configure OAuth consent screen:

   • In Google Cloud Console, go to OAuth consent screen
   • Add the Gmail send scope: https://www.googleapis.com/auth/gmail.send
   • Add test users if your app is in testing mode

Installation

1. Clone the repository (if not already done):

   git clone <repository-url>
   cd google-oauth
   

2. Set up environment variables:

   cp config.env.example .env
   

   Edit .env and update with your credentials:

   # Google OAuth Configuration
   GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
   GOOGLE_CLIENT_SECRET=your-client-secret
   REDIRECT_URI=http://localhost:3000/oauth/callback
   
   # MySQL Database Configuration
   MYSQL_HOST=localhost
   MYSQL_PORT=3306
   MYSQL_USER=your-mysql-username
   MYSQL_PASS=your-mysql-password
   MYSQL_DB=your-database-name
   
   # Optional: Set logging level
   RUST_LOG=debug
   

3. Build the project:

   cargo build --release
   

Usage

1. Start the server:

   cargo run
   

2. Access the web interface: Open your browser and go to http://localhost:3000

3. Authenticate with Google:

   • Click "Login with Google"
   • Complete the OAuth flow
   • Copy the access token from the success page

4. Connect via MCP: Use the access token to connect to the MCP SSE endpoint:

   URL: http://localhost:3000/sse
   Authorization: Bearer <your-access-token>
   

Available Endpoints

• GET / - Web interface home page
• GET /oauth/login - Initiate Google OAuth login
• GET /oauth/callback - OAuth callback handler (automatic)
• GET /sse - MCP SSE endpoint (requires authentication)
• POST /message - MCP message endpoint (requires authentication)

MCP Tools

The server provides two main tools:

1. SQL Executor (sql_executor)

Execute raw SQL queries against the configured MySQL database.

Parameters:

• raw_query (string, required): The SQL query to execute

Example:

{
  "tool": "sql_executor",
  "parameters": {
    "raw_query": "SELECT * FROM users LIMIT 10"
  }
}

2. Email Sender (send_email)

Send emails using the authenticated user's Gmail account.

Parameters:

• to (string, required): Recipient email address
• subject (string, required): Email subject
• body (string, required): Email body (plain text)
• from (string, optional): Sender name/address (defaults to authenticated user)

Example:

{
  "tool": "send_email",
  "parameters": {
    "to": "recipient@example.com",
    "subject": "Hello from MCP",
    "body": "This is a test email sent via MCP server."
  }
}

Configuration

Key configuration options:

Environment Variables

• GOOGLE_CLIENT_ID: Your Google OAuth Client ID
• GOOGLE_CLIENT_SECRET: Your Google OAuth Client Secret
• REDIRECT_URI: OAuth callback URL (default: "http://localhost:3000/oauth/callback")
• BIND_ADDRESS: Server bind address (default: "127.0.0.1:3000")
• MYSQL_HOST: MySQL server hostname
• MYSQL_PORT: MySQL server port
• MYSQL_USER: MySQL username
• MYSQL_PASS: MySQL password
• MYSQL_DB: MySQL database name
• RUST_LOG: Logging level (debug, info, warn, error)

Constants in Code

If you need to modify default values, update these in src/main.rs:

• BIND_ADDRESS: Server bind address
• DEFAULT_GOOGLE_CLIENT_ID: Fallback client ID if env var not set
• DEFAULT_GOOGLE_CLIENT_SECRET: Fallback client secret if env var not set
• DEFAULT_REDIRECT_URI: Fallback redirect URI if env var not set

Security Notes

• Token Storage: Access tokens are stored in memory and will be lost on server restart
• Token Expiration: Tokens expire after 1 hour (3600 seconds) by default
• Token Validation: The server validates tokens on each request
• PKCE: Proof Key for Code Exchange is used for additional OAuth security
• Database Access: Ensure your MySQL user has only necessary permissions
• Gmail Scope: The server requests gmail.send scope for email functionality

Development

To run in development mode with debug logging:

RUST_LOG=debug cargo run

Troubleshooting

1. OAuth errors: Ensure your redirect URI in Google Cloud Console exactly matches the one in your configuration
2. Database connection errors: Verify MySQL is running and credentials are correct
3. Email sending errors: Make sure Gmail API is enabled and the OAuth consent screen includes the gmail.send scope
4. Token expiration: Re-authenticate if your token has expired (after 1 hour)

License

This project is licensed under the MIT License.