mathias/gitea-mcp

Fork 0

Files

Mathias Bergqvist 91be18c100

CD / Lint / Test / Vet (push) Failing after 2s

Details

CD / Build & Import (push) Has been skipped

Details

CD / Deploy via GitOps (push) Has been skipped

Details

feat(auth): JWT-or-static middleware + /.well-known/oauth-protected-resource (issue #5 )

- internal/auth/jwt.go: JWTValidator via lestrrat-go/jwx/v2, JWKS auto-refresh
- internal/auth/bearer.go: replace Gitea PAT validation with JWT->static->default chain
- internal/gitea/client.go: always use service PAT; remove TokenFromContext lookup
- internal/config/config.go: add DexIssuerURL, MCPAudience, MCPResourceURL, StaticToken
- cmd/gitea-mcp/main.go: wire validator, fix /.well-known to return real AS list
- bearer_test.go: rewrite for new API

2026-05-12 11:30:52 +02:00

1.0 KiB

Raw Blame History

name, description

name	description
htmx-patterns	HTMX conventions — default attributes, form patterns, validation errors, hypermedia-first API design. Use when writing HTMX templates or Go handlers that return HTML fragments.

HTMX patterns

Default attributes

Always include on interactive elements:

hx-indicator for loading states
hx-swap="innerHTML" as default (explicit over implicit)
hx-target pointing to a specific ID, never this in production

Form pattern

<form hx-post="/items" hx-target="#item-list" hx-swap="beforeend" hx-indicator="#spinner">
  <input type="text" name="title" required>
  <button type="submit">Add</button>
  <span id="spinner" class="htmx-indicator">...</span>
</form>

Server-sent validation errors

Return 422 with the error fragment, swap into the form's error container:

hx-target-422="#form-errors"

Prefer hypermedia over JSON

If the endpoint returns data for display, return an HTML fragment. Only use JSON for machine-to-machine APIs or when a non-browser client needs it.

1.0 KiB Raw Blame History

HTMX patterns

Default attributes

Form pattern

Server-sent validation errors

Prefer hypermedia over JSON

1.0 KiB

Raw Blame History