docs: add MCP OAuth documentation and fix lint

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 09:27:34 +02:00
parent 6dcb421fb0
commit 5fdf4c3019
6 changed files with 51 additions and 13 deletions
--- a/src/db/schema.ts
+++ b/src/db/schema.ts
@@ -154,7 +154,9 @@ export const oauthTokens = sqliteTable("oauth_tokens", {
 	refreshTokenHash: text("refresh_token_hash").notNull().unique(),
 	clientId: text("client_id").notNull(),
 	expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(), // access token expiry
-	refreshExpiresAt: integer("refresh_expires_at", { mode: "timestamp" }).notNull(), // refresh token expiry
+	refreshExpiresAt: integer("refresh_expires_at", {
+		mode: "timestamp",
+	}).notNull(), // refresh token expiry
 	createdAt: integer("created_at", { mode: "timestamp" })
 		.notNull()
 		.$defaultFn(() => new Date()),
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -8,10 +8,10 @@ import { authRoutes } from "./routes/auth.ts";
 import { categoryRoutes } from "./routes/categories.ts";
 import { imageRoutes } from "./routes/images.ts";
 import { itemRoutes } from "./routes/items.ts";
+import { oauthRoutes, wellKnownRoute } from "./routes/oauth.ts";
 import { settingsRoutes } from "./routes/settings.ts";
 import { setupRoutes } from "./routes/setups.ts";
 import { threadRoutes } from "./routes/threads.ts";
-import { oauthRoutes, wellKnownRoute } from "./routes/oauth.ts";
 import { totalRoutes } from "./routes/totals.ts";

 // Seed default data on startup
--- a/src/server/mcp/index.ts
+++ b/src/server/mcp/index.ts
@@ -117,7 +117,8 @@ mcpRoutes.use("/*", async (c, next) => {

 	// No auth provided — return 401 with WWW-Authenticate to trigger OAuth flow
 	return c.text("Unauthorized", 401, {
-		"WWW-Authenticate": 'Bearer resource_metadata="/.well-known/oauth-authorization-server"',
+		"WWW-Authenticate":
+			'Bearer resource_metadata="/.well-known/oauth-authorization-server"',
 	});
 });

--- a/src/server/routes/oauth.ts
+++ b/src/server/routes/oauth.ts
@@ -22,7 +22,8 @@ function escapeHtml(str: string): string {
 }

 function getBaseUrl(c: any): string {
-	if (process.env.GEARBOX_URL) return process.env.GEARBOX_URL.replace(/\/$/, "");
+	if (process.env.GEARBOX_URL)
+		return process.env.GEARBOX_URL.replace(/\/$/, "");
 	return new URL(c.req.url).origin;
 }

@@ -111,7 +112,10 @@ oauthRoutes.post("/register", async (c) => {
 		!Array.isArray(body.redirect_uris) ||
 		body.redirect_uris.length === 0
 	) {
-		return c.json({ error: "redirect_uris is required and must be a non-empty array" }, 400);
+		return c.json(
+			{ error: "redirect_uris is required and must be a non-empty array" },
+			400,
+		);
 	}

 	const clientName = body.client_name || "Unknown Client";
@@ -227,7 +231,13 @@ oauthRoutes.post("/token", async (c) => {
 		const clientId = body.client_id as string;
 		const redirectUri = body.redirect_uri as string;

-		const result = await exchangeCode(db, code, codeVerifier, clientId, redirectUri);
+		const result = await exchangeCode(
+			db,
+			code,
+			codeVerifier,
+			clientId,
+			redirectUri,
+		);
 		if (!result) {
 			return c.json({ error: "invalid_grant" }, 400);
 		}