feat(auth): add Dex JWT middleware to supervisor, routing pod, and brain MCP
Closes #6 on gitea.d-ma.be/mathias/hyperguild. Dex is deployed at auth.d-ma.be. All three MCP servers now accept JWTs issued by Dex in addition to static bearer tokens, enabling claude.ai OAuth 2.0 integration without abandoning backward-compat CLI auth. Changes: - internal/auth/: new Validator (JWKS auto-refresh via lestrrat-go/jwx/v2), ProtectedResourceHandler (RFC 9728 /.well-known/oauth-protected-resource) - internal/mcp/Server: adds optional *auth.Validator; checkAuth tries JWT first, then static token fallback; both-nil = auth disabled (unchanged default) - cmd/supervisor, cmd/routing: construct Validator from DEX_ISSUER_URL + MCP_AUDIENCE env vars; register protected-resource handler when set - ingestion/internal/auth/: same Validator + handler (separate module) - ingestion/internal/mcp/BearerAuth: same JWT-or-static chain - ingestion/cmd/server: same wiring pattern New env vars (all optional; absent = static-token-only, same as before): DEX_ISSUER_URL — Dex issuer URL (e.g. https://auth.d-ma.be) MCP_AUDIENCE — expected aud claim (e.g. brain, supervisor) MCP_RESOURCE_URL — resource identifier for RFC 9728 metadata response Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mathias Bergqvist
@@ -8,6 +8,7 @@ import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/mathiasbq/supervisor/internal/auth"
|
||||
"github.com/mathiasbq/supervisor/internal/registry"
|
||||
)
|
||||
|
||||
@@ -32,15 +33,16 @@ type rpcError struct {
|
||||
|
||||
// Server is an HTTP handler implementing the MCP JSON-RPC protocol.
|
||||
type Server struct {
|
||||
reg *registry.Registry
|
||||
token string
|
||||
reg *registry.Registry
|
||||
token string
|
||||
validator *auth.Validator
|
||||
}
|
||||
|
||||
// NewServer constructs an MCP HTTP handler. If token is non-empty, every
|
||||
// request must carry "Authorization: Bearer <token>" or it is rejected with
|
||||
// HTTP 401 and JSON-RPC error -32001. Empty token disables auth (default).
|
||||
func NewServer(reg *registry.Registry, token string) *Server {
|
||||
return &Server{reg: reg, token: token}
|
||||
// NewServer constructs an MCP HTTP handler. token is the static bearer token
|
||||
// (empty disables static auth). validator is optional; when non-nil, a valid
|
||||
// JWT from Dex is accepted in addition to the static token.
|
||||
func NewServer(reg *registry.Registry, token string, validator *auth.Validator) *Server {
|
||||
return &Server{reg: reg, token: token, validator: validator}
|
||||
}
|
||||
|
||||
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -120,27 +122,42 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
})
|
||||
}
|
||||
|
||||
// checkAuth verifies the bearer token when one is configured. Returns true if
|
||||
// the request may proceed, false if it has been rejected (401 already written).
|
||||
// checkAuth verifies the bearer token. Accepts a valid Dex JWT (when validator
|
||||
// is configured) or the static token. Returns true if the request may proceed.
|
||||
// When neither token nor validator is configured, auth is disabled (default).
|
||||
func (s *Server) checkAuth(w http.ResponseWriter, r *http.Request) bool {
|
||||
if s.token == "" {
|
||||
if s.token == "" && s.validator == nil {
|
||||
return true
|
||||
}
|
||||
|
||||
const prefix = "Bearer "
|
||||
hdr := r.Header.Get("Authorization")
|
||||
if !strings.HasPrefix(hdr, prefix) ||
|
||||
subtle.ConstantTimeCompare([]byte(hdr[len(prefix):]), []byte(s.token)) != 1 {
|
||||
slog.Warn("mcp auth rejected", "remote", r.RemoteAddr, "method", r.Method)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
_ = json.NewEncoder(w).Encode(response{
|
||||
JSONRPC: "2.0",
|
||||
Error: &rpcError{Code: -32001, Message: "unauthorized"},
|
||||
})
|
||||
rawToken, ok := strings.CutPrefix(r.Header.Get("Authorization"), "Bearer ")
|
||||
if !ok {
|
||||
s.rejectAuth(w, r)
|
||||
return false
|
||||
}
|
||||
return true
|
||||
|
||||
if s.validator != nil {
|
||||
if _, err := s.validator.Validate(r.Context(), rawToken); err == nil {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
if s.token != "" && subtle.ConstantTimeCompare([]byte(rawToken), []byte(s.token)) == 1 {
|
||||
return true
|
||||
}
|
||||
|
||||
s.rejectAuth(w, r)
|
||||
return false
|
||||
}
|
||||
|
||||
func (s *Server) rejectAuth(w http.ResponseWriter, r *http.Request) {
|
||||
slog.Warn("mcp auth rejected", "remote", r.RemoteAddr, "method", r.Method)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
_ = json.NewEncoder(w).Encode(response{
|
||||
JSONRPC: "2.0",
|
||||
Error: &rpcError{Code: -32001, Message: "unauthorized"},
|
||||
})
|
||||
}
|
||||
|
||||
func writeError(w http.ResponseWriter, id any, code int, msg string) {
|
||||
|
||||
Reference in New Issue
Block a user