mathias/gitea-mcp
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: replace static API token with per-request Gitea PAT pass-through

Browse Source 
Callers now supply their own Gitea PAT as a Bearer token; the server validates
it against GET /api/v1/user and threads it through context to all downstream
Gitea API calls. GITEA_API_TOKEN env var and the GiteaAPIToken config field are
removed.
This commit is contained in:
Mathias Bergqvist
2026-05-07 21:04:47 +02:00
parent 9a5d0005c5
commit 923689afa5
6 changed files with 150 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
internal/gitea/client.go
View File

@@ -7,6 +7,7 @@ import (
"net/http"
"time"
"gitea.d-ma.be/mathias/gitea-mcp/internal/auth"
"github.com/hashicorp/golang-lru/v2/expirable"
)
@@ -49,8 +50,12 @@ func (c *Client) doOnce(ctx context.Context, method, path string, body []byte) (
if err != nil {
return nil, 0, err
}
if c.token != "" {
req.Header.Set("Authorization", "token "+c.token)
token := auth.TokenFromContext(ctx)
if token == "" {
token = c.token
}
if token != "" {
req.Header.Set("Authorization", "token "+token)
}
if body != nil {
req.Header.Set("Content-Type", "application/json")
@@ -114,8 +119,12 @@ func (c *Client) doRaw(ctx context.Context, method, path string, body []byte) (*
if err != nil {
return nil, err
}
if c.token != "" {
req.Header.Set("Authorization", "token "+c.token)
token := auth.TokenFromContext(ctx)
if token == "" {
token = c.token
}
if token != "" {
req.Header.Set("Authorization", "token "+token)
}
if body != nil {
req.Header.Set("Content-Type", "application/json")