Add MCP server authentication and update Docker configuration
This commit implements several key improvements to the GeoGuessr MCP server: ## MCP Server Authentication - Add Bearer token authentication for MCP server access control - New middleware in src/geoguessr_mcp/middleware/auth.py - Configuration via MCP_AUTH_ENABLED and MCP_API_KEYS environment variables - Support for multiple API keys (comma-separated) - Optional authentication - can be disabled for trusted deployments - Clients connect using Authorization: Bearer YOUR_API_KEY header ## Docker Configuration Updates - Update to use official pre-built image: nyxiumyuuki/geoguessr-mcp:latest - Remove DOCKER_USERNAME and IMAGE_TAG from environment variables - Simplify docker-compose.yml and docker-compose.prod.yml - Remove healthcheck configuration (not necessary for the deployment) ## Deployment Improvements - Move deploy.sh to scripts/deploy.sh for better organization - Update deploy.sh to use official Docker image - Add authentication validation in deployment script - Improve deployment logging and error messages ## Documentation Updates - Update README.md with authentication configuration examples - Add MCP server authentication section with setup instructions - Update environment variables table - Simplify deployment instructions - Update CLAUDE.md with new authentication architecture - Add .env.example configuration for MCP authentication ## Technical Details - Authentication middleware integrates with FastMCP's Starlette ASGI app - Middleware validates Bearer tokens on all requests except /health - Logs authentication attempts and failures - Returns proper 401/403 HTTP status codes - Validates configuration on startup to prevent misconfiguration Resolves TODO items: - [x] Fix Docker username in compose files and env vars - [x] Add authentication to MCP server to allow access only to specific users
This commit is contained in:
Claude
parent
52d2f864a8
commit
07b1cb84b2
10 changed files with 346 additions and 151 deletions
|
|
@ -11,6 +11,7 @@ import sys
|
|||
from mcp.server.fastmcp import FastMCP
|
||||
|
||||
from .config import settings
|
||||
from .middleware import AuthenticationMiddleware
|
||||
from .monitoring import endpoint_monitor
|
||||
from .tools import register_all_tools
|
||||
|
||||
|
|
@ -58,6 +59,12 @@ mcp = FastMCP(
|
|||
# Register all tools
|
||||
services = register_all_tools(mcp)
|
||||
|
||||
# Add authentication middleware if needed
|
||||
if settings.MCP_AUTH_ENABLED:
|
||||
logger.info("Registering authentication middleware")
|
||||
# Add middleware to the underlying ASGI app
|
||||
mcp.app.add_middleware(AuthenticationMiddleware)
|
||||
|
||||
|
||||
async def start_background_tasks():
|
||||
"""Start background monitoring tasks."""
|
||||
|
|
@ -79,11 +86,17 @@ def main():
|
|||
f"with {settings.TRANSPORT} transport"
|
||||
)
|
||||
|
||||
if settings.MCP_AUTH_ENABLED:
|
||||
api_key_count = len(settings.get_api_keys())
|
||||
logger.info(f"MCP server authentication is ENABLED with {api_key_count} API key(s)")
|
||||
else:
|
||||
logger.warning("MCP server authentication is DISABLED - server is publicly accessible")
|
||||
|
||||
if settings.DEFAULT_NCFA_COOKIE:
|
||||
logger.info("Default authentication cookie configured from environment")
|
||||
logger.info("Default GeoGuessr authentication cookie configured from environment")
|
||||
else:
|
||||
logger.warning(
|
||||
"No default authentication cookie set. " "Users will need to login or provide a cookie."
|
||||
"No default GeoGuessr authentication cookie set. " "Users will need to login or provide a cookie."
|
||||
)
|
||||
|
||||
# Run the server
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue