Security hardening: Sheets token encryption, user-scoped storage, rate limits, input validation, error sanitization

- Encrypt Google tokens at rest in Redis (C1) and key by user_id not "current" (C2)
- Add per-user rate limiting on all 5 sheets tools (H3)
- Sanitize error messages to avoid leaking response bodies or internal state (H1, L4)
- Validate A1 range notation to block path traversal and injection chars (M1)
- Sanitize Drive API query to strip non-alphanumeric chars (M6)
- Narrow OAuth scope from drive.readonly to drive.metadata.readonly (M3)
- Re-raise on token storage failure instead of silently swallowing (M4)
- Log only exception type on refresh failure, not full stack trace (M2)
- Use server-provided expires_in for token TTL instead of hardcoded constant (L1)
- Move sheets import into main() so transport is set before registration (L3)
- Mark sheets_write as destructiveHint=True (M5) with audit logging (H4)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: RafaelPo

everyrow-mcp/src/everyrow_mcp/auth.py

@@ -255,7 +255,7 @@ def _supabase_redirect_url(supabase_verifier: str) -> str:
                     'code_challenge_method': 's256',
                     'scopes': (
                         'https://www.googleapis.com/auth/spreadsheets '
-                        'https://www.googleapis.com/auth/drive.readonly'
+                        'https://www.googleapis.com/auth/drive.metadata.readonly'
                     ),
                 }
             )
@@ -473,9 +473,15 @@ async def _issue_token_response(
         if google_access_token:
             from everyrow_mcp.sheets_client import store_google_token  # noqa: PLC0415
 
-            await store_google_token(
-                "current", google_access_token, google_refresh_token or None
-            )
+            try:
+                await store_google_token(
+                    jwt_claims.get("sub", "unknown"),
+                    google_access_token,
+                    google_refresh_token or None,
+                    expires_in=expires_in,
+                )
+            except Exception:
+                logger.warning("Could not store Google token during token issue")
 
         rt_str = secrets.token_urlsafe(32)
         rt = EveryRowRefreshToken(

everyrow-mcp/src/everyrow_mcp/config.py

@@ -125,6 +125,12 @@ class Settings(BaseSettings):
         default=False,
         description="Enable Google Sheets tools (requires HTTP mode with Google OAuth)",
     )
+    sheets_rate_limit: PositiveInt = Field(
+        default=60, description="Max sheets ops per user per rate window"
+    )
+    sheets_rate_window: PositiveInt = Field(
+        default=60, description="Sheets rate limit window in seconds"
+    )
     everyrow_api_key: str | None = Field(default=None, repr=False)
     google_sheets_credentials_json: str | None = Field(
         default=None,

everyrow-mcp/src/everyrow_mcp/server.py

@@ -20,10 +20,6 @@
 )
 from everyrow_mcp.uploads import register_upload_tool
 
-# Only register sheets tools when enabled (requires HTTP mode + Google OAuth)
-if settings.enable_sheets_tools:
-    import everyrow_mcp.sheets_tools  # noqa: F401
-
 
 class InputArgs(BaseModel):
     http: bool = False
@@ -84,6 +80,10 @@ def main():
     settings.transport = transport.value
     mcp._mcp_server.instructions = get_instructions(is_http=input_args.http)
 
+    # Register sheets tools after transport is set (they require HTTP mode)
+    if settings.enable_sheets_tools and settings.is_http:
+        import everyrow_mcp.sheets_tools  # noqa: F401, PLC0415
+
     # tools.py registers everyrow_results_stdio by default.
     # Override with the HTTP variant when running in HTTP mode.
     # ToolManager.add_tool() is a no-op for existing names, so remove first.

everyrow-mcp/src/everyrow_mcp/sheets_client.py

@@ -9,44 +9,59 @@
 
 import json
 import logging
+import re
 import time
 from typing import Any
 
 import httpx
 
-from everyrow_mcp.redis_store import build_key, get_redis_client
+from everyrow_mcp.redis_store import (
+    build_key,
+    decrypt_value,
+    encrypt_value,
+    get_redis_client,
+)
 
 logger = logging.getLogger(__name__)
 
 SHEETS_API_BASE = "https://sheets.googleapis.com/v4/spreadsheets"
 DRIVE_API_BASE = "https://www.googleapis.com/drive/v3"
 
 # Google token TTL and refresh buffer
-GOOGLE_TOKEN_TTL = 3600  # 1 hour
+GOOGLE_TOKEN_TTL_DEFAULT = 3600  # 1 hour
 GOOGLE_TOKEN_REFRESH_BUFFER = 300  # refresh 5 min before expiry
-GOOGLE_TOKEN_REDIS_TTL = 3600  # store for 1 hour in Redis
 
 
 # ── Token resolution ──────────────────────────────────────────────────
 
 
-async def get_google_token() -> str:
+async def get_google_token(user_id: str | None = None) -> str:
     """Resolve a valid Google access token from Redis.
 
     The token is stored during the OAuth callback when the user logs in
     via Google through Supabase. Auto-refreshes if near expiry.
 
     Only available in HTTP mode — sheets tools are removed in stdio mode.
     """
+    if user_id is None:
+        from mcp.server.auth.middleware.auth_context import (  # noqa: PLC0415
+            get_access_token,
+        )
+
+        access_token = get_access_token()
+        user_id = access_token.client_id if access_token else None
+        if not user_id:
+            raise RuntimeError(
+                "No authenticated user. The user must log in with Google "
+                "(with Sheets scopes) to use Google Sheets tools."
+            )
 
     redis = get_redis_client()
 
-    # NOTE: single-tenant — "current" key is shared. If multi-tenancy is
-    # needed, key by session/user ID instead.
-    token_key = build_key("google_token", "current")
-    token_data = await redis.get(token_key)
-    if token_data:
-        data = json.loads(token_data)
+    token_key = build_key("google_token", user_id)
+    raw = await redis.get(token_key)
+    if raw:
+        data = json.loads(decrypt_value(raw))
         expires_at = data.get("expires_at", 0)
         if time.time() < expires_at - GOOGLE_TOKEN_REFRESH_BUFFER:
             return data["access_token"]
@@ -55,11 +70,9 @@ async def get_google_token() -> str:
         refresh_token = data.get("refresh_token")
         if refresh_token:
             try:
-                return await _refresh_google_token_http(refresh_token)
-            except Exception:
-                logger.warning(
-                    "Failed to refresh Google token, using existing", exc_info=True
-                )
+                return await _refresh_google_token_http(refresh_token, user_id)
+            except Exception as e:
+                logger.warning("Failed to refresh Google token: %s", type(e).__name__)
                 if time.time() < expires_at:
                     return data["access_token"]
 
@@ -69,7 +82,7 @@ async def get_google_token() -> str:
     )
 
 
-async def _refresh_google_token_http(refresh_token: str) -> str:
+async def _refresh_google_token_http(refresh_token: str, user_id: str) -> str:
     """Refresh a Google access token using the Supabase-stored refresh token."""
     from everyrow_mcp.config import settings  # noqa: PLC0415
 
@@ -88,38 +101,46 @@ async def _refresh_google_token_http(refresh_token: str) -> str:
 
     provider_token = data.get("provider_token", "")
     provider_refresh_token = data.get("provider_refresh_token", refresh_token)
+    expires_in = data.get("expires_in")
 
     if not provider_token:
         raise RuntimeError("Supabase refresh did not return a Google provider_token")
 
-    await store_google_token("current", provider_token, provider_refresh_token)
+    await store_google_token(
+        user_id, provider_token, provider_refresh_token, expires_in=expires_in
+    )
     return provider_token
 
 
 async def store_google_token(
     user_id: str,
     access_token: str,
     refresh_token: str | None = None,
+    *,
+    expires_in: int | None = None,
 ) -> None:
     """Store Google access token in Redis with TTL."""
     try:
         redis = get_redis_client()
     except Exception:
-        return
+        logger.error("Failed to obtain Redis client for Google token storage")
+        raise
+    ttl = expires_in if expires_in and expires_in > 0 else GOOGLE_TOKEN_TTL_DEFAULT
     try:
-        data = {
+        data: dict[str, Any] = {
             "access_token": access_token,
-            "expires_at": time.time() + GOOGLE_TOKEN_TTL,
+            "expires_at": time.time() + ttl,
         }
         if refresh_token:
             data["refresh_token"] = refresh_token
         await redis.setex(
             build_key("google_token", user_id),
-            GOOGLE_TOKEN_REDIS_TTL,
-            json.dumps(data),
+            ttl,
+            encrypt_value(json.dumps(data)),
         )
     except Exception:
-        logger.warning("Failed to store Google token in Redis for %s", user_id)
+        logger.error("Failed to store Google token in Redis for %s", user_id)
+        raise
 
 
 # ── Sheets API client ─────────────────────────────────────────────────
@@ -224,8 +245,7 @@ async def list_spreadsheets(
         """
         q = "mimeType='application/vnd.google-apps.spreadsheet' and trashed=false"
         if query:
-            # Escape single quotes in the user's query
-            safe_query = query.replace("'", "\\'")
+            safe_query = re.sub(r"[^a-zA-Z0-9 ]", "", query)
             q += f" and name contains '{safe_query}'"
 
         resp = await self._client.get(

everyrow-mcp/src/everyrow_mcp/sheets_models.py

@@ -10,6 +10,10 @@
 # Matches the 44-char alphanumeric spreadsheet ID in a Google Sheets URL
 _SHEETS_URL_RE = re.compile(r"/spreadsheets/d/([a-zA-Z0-9_-]+)")
 
+# A1 notation range validation
+_A1_RANGE_RE = re.compile(r"^[A-Za-z0-9_' !:$]+$")
+_MAX_RANGE_LENGTH = 200
+
 
 def _extract_spreadsheet_id(v: str) -> str:
     """Accept a full Google Sheets URL or a bare spreadsheet ID.
@@ -31,6 +35,18 @@ def _extract_spreadsheet_id(v: str) -> str:
     )
 
 
+def _validate_a1_range(v: str) -> str:
+    """Validate an A1 notation range string."""
+    if len(v) > _MAX_RANGE_LENGTH:
+        raise ValueError(f"Range too long ({len(v)} chars, max {_MAX_RANGE_LENGTH})")
+    if not _A1_RANGE_RE.fullmatch(v):
+        raise ValueError(
+            "Invalid range: contains disallowed characters. "
+            "Use A1 notation (e.g. 'Sheet1!A1:D10')."
+        )
+    return v
+
+
 class SheetsReadInput(BaseModel):
     """Input for the sheets_read tool."""
 
@@ -53,6 +69,11 @@ class SheetsReadInput(BaseModel):
     def extract_id(cls, v: str) -> str:
         return _extract_spreadsheet_id(v)
 
+    @field_validator("range")
+    @classmethod
+    def validate_range(cls, v: str) -> str:
+        return _validate_a1_range(v)
+
 
 class SheetsWriteInput(BaseModel):
     """Input for the sheets_write tool."""
@@ -84,6 +105,11 @@ class SheetsWriteInput(BaseModel):
     def extract_id(cls, v: str) -> str:
         return _extract_spreadsheet_id(v)
 
+    @field_validator("range")
+    @classmethod
+    def validate_range(cls, v: str) -> str:
+        return _validate_a1_range(v)
+
 
 class SheetsCreateInput(BaseModel):
     """Input for the sheets_create tool."""