mathias/gitea-mcp
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): JWT-or-static middleware + /.well-known/oauth-protected-resource (issue #5)
Some checks failed
CD / Lint / Test / Vet (push) Failing after 2s
Details
CD / Build & Import (push) Has been skipped
Details
CD / Deploy via GitOps (push) Has been skipped
Details

Browse Source 
- internal/auth/jwt.go: JWTValidator via lestrrat-go/jwx/v2, JWKS auto-refresh
- internal/auth/bearer.go: replace Gitea PAT validation with JWT->static->default chain
- internal/gitea/client.go: always use service PAT; remove TokenFromContext lookup
- internal/config/config.go: add DexIssuerURL, MCPAudience, MCPResourceURL, StaticToken
- cmd/gitea-mcp/main.go: wire validator, fix /.well-known to return real AS list
- bearer_test.go: rewrite for new API
This commit is contained in:
Mathias Bergqvist
2026-05-12 11:30:52 +02:00
parent efbbd37882
commit 91be18c100
20 changed files with 1745 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/gitea/client.go
View File

@@ -7,7 +7,6 @@ import (
"net/http"
"time"
"gitea.d-ma.be/mathias/gitea-mcp/internal/auth"
"github.com/hashicorp/golang-lru/v2/expirable"
)
@@ -50,10 +49,7 @@ func (c *Client) doOnce(ctx context.Context, method, path string, body []byte) (
if err != nil {
return nil, 0, err
}
token := auth.TokenFromContext(ctx)
if token == "" {
token = c.token
}
token := c.token
if token != "" {
req.Header.Set("Authorization", "token "+token)
}
@@ -119,10 +115,7 @@ func (c *Client) doRaw(ctx context.Context, method, path string, body []byte) (*
if err != nil {
return nil, err
}
token := auth.TokenFromContext(ctx)
if token == "" {
token = c.token
}
token := c.token
if token != "" {
req.Header.Set("Authorization", "token "+token)
}