feat(mcp): optional bearer-token auth via SUPERVISOR_MCP_TOKEN
Enables exposing the supervisor MCP via Tailscale Funnel for claude.ai custom-connector tests. Auth is opt-in: empty SUPERVISOR_MCP_TOKEN preserves the existing unauthenticated behavior for tailnet-internal callers and local dev. When the token is set, every request must carry "Authorization: Bearer <token>" or it is rejected with HTTP 401 and a JSON-RPC -32001 error. Comparison uses crypto/subtle.ConstantTimeCompare; the token value and the supplied header are never logged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mathias Bergqvist
@@ -2,8 +2,11 @@ package mcp
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/subtle"
|
||||
"encoding/json"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/mathiasbq/supervisor/internal/registry"
|
||||
)
|
||||
@@ -29,14 +32,22 @@ type rpcError struct {
|
||||
|
||||
// Server is an HTTP handler implementing the MCP JSON-RPC protocol.
|
||||
type Server struct {
|
||||
reg *registry.Registry
|
||||
reg *registry.Registry
|
||||
token string
|
||||
}
|
||||
|
||||
func NewServer(reg *registry.Registry) *Server {
|
||||
return &Server{reg: reg}
|
||||
// NewServer constructs an MCP HTTP handler. If token is non-empty, every
|
||||
// request must carry "Authorization: Bearer <token>" or it is rejected with
|
||||
// HTTP 401 and JSON-RPC error -32001. Empty token disables auth (default).
|
||||
func NewServer(reg *registry.Registry, token string) *Server {
|
||||
return &Server{reg: reg, token: token}
|
||||
}
|
||||
|
||||
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
if !s.checkAuth(w, r) {
|
||||
return
|
||||
}
|
||||
|
||||
var req request
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeError(w, nil, -32700, "parse error")
|
||||
@@ -93,6 +104,29 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
})
|
||||
}
|
||||
|
||||
// checkAuth verifies the bearer token when one is configured. Returns true if
|
||||
// the request may proceed, false if it has been rejected (401 already written).
|
||||
func (s *Server) checkAuth(w http.ResponseWriter, r *http.Request) bool {
|
||||
if s.token == "" {
|
||||
return true
|
||||
}
|
||||
|
||||
const prefix = "Bearer "
|
||||
hdr := r.Header.Get("Authorization")
|
||||
if !strings.HasPrefix(hdr, prefix) ||
|
||||
subtle.ConstantTimeCompare([]byte(hdr[len(prefix):]), []byte(s.token)) != 1 {
|
||||
slog.Warn("mcp auth rejected", "remote", r.RemoteAddr, "method", r.Method)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
_ = json.NewEncoder(w).Encode(response{
|
||||
JSONRPC: "2.0",
|
||||
Error: &rpcError{Code: -32001, Message: "unauthorized"},
|
||||
})
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func writeError(w http.ResponseWriter, id any, code int, msg string) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
_ = json.NewEncoder(w).Encode(response{
|
||||
|
||||
Reference in New Issue
Block a user