makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

docs: add MCP OAuth documentation and fix lint

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jean-Luc Makiola
2026-04-04 09:27:34 +02:00
parent 6dcb421fb0
commit 5fdf4c3019
6 changed files with 51 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/server/index.ts
View File

@@ -8,10 +8,10 @@ import { authRoutes } from "./routes/auth.ts";
import { categoryRoutes } from "./routes/categories.ts";
import { imageRoutes } from "./routes/images.ts";
import { itemRoutes } from "./routes/items.ts";
import { oauthRoutes, wellKnownRoute } from "./routes/oauth.ts";
import { settingsRoutes } from "./routes/settings.ts";
import { setupRoutes } from "./routes/setups.ts";
import { threadRoutes } from "./routes/threads.ts";
import { oauthRoutes, wellKnownRoute } from "./routes/oauth.ts";
import { totalRoutes } from "./routes/totals.ts";
// Seed default data on startup

3
src/server/mcp/index.ts
View File

@@ -117,7 +117,8 @@ mcpRoutes.use("/*", async (c, next) => {
// No auth provided — return 401 with WWW-Authenticate to trigger OAuth flow
return c.text("Unauthorized", 401, {
"WWW-Authenticate": 'Bearer resource_metadata="/.well-known/oauth-authorization-server"',
"WWW-Authenticate":
'Bearer resource_metadata="/.well-known/oauth-authorization-server"',
});
});

16
src/server/routes/oauth.ts
View File

@@ -22,7 +22,8 @@ function escapeHtml(str: string): string {
}
function getBaseUrl(c: any): string {
if (process.env.GEARBOX_URL) return process.env.GEARBOX_URL.replace(/\/$/, "");
if (process.env.GEARBOX_URL)
return process.env.GEARBOX_URL.replace(/\/$/, "");
return new URL(c.req.url).origin;
}
@@ -111,7 +112,10 @@ oauthRoutes.post("/register", async (c) => {
!Array.isArray(body.redirect_uris) ||
body.redirect_uris.length === 0
) {
return c.json({ error: "redirect_uris is required and must be a non-empty array" }, 400);
return c.json(
{ error: "redirect_uris is required and must be a non-empty array" },
400,
);
}
const clientName = body.client_name || "Unknown Client";
@@ -227,7 +231,13 @@ oauthRoutes.post("/token", async (c) => {
const clientId = body.client_id as string;
const redirectUri = body.redirect_uri as string;
const result = await exchangeCode(db, code, codeVerifier, clientId, redirectUri);
const result = await exchangeCode(
db,
code,
codeVerifier,
clientId,
redirectUri,
);
if (!result) {
return c.json({ error: "invalid_grant" }, 400);
}