This commit addresses two critical issues in the MCP server:
1. CORS Middleware Fix:
- Move CORS middleware outside the auth check so it's always enabled
- CORS is required for browser-based MCP clients, regardless of auth
- Fixes "OPTIONS /mcp HTTP/1.1 405 Method Not Allowed" error
2. Schema Cache Improvements:
- Add specific handling for corrupted JSON cache files
- Automatically remove corrupted cache files and log the action
- Prevents startup failures due to malformed JSON
- Better error messages to help diagnose cache issues
3. Configuration Updates:
- Change default SCHEMA_CACHE_DIR from /app/data/schemas to ./data/schemas
- Better default for local development (Docker still uses /app/data/schemas)
- Update .env.example with clearer documentation
These fixes improve robustness and make local development easier.
This commit implements several key improvements to the GeoGuessr MCP server:
## MCP Server Authentication
- Add Bearer token authentication for MCP server access control
- New middleware in src/geoguessr_mcp/middleware/auth.py
- Configuration via MCP_AUTH_ENABLED and MCP_API_KEYS environment variables
- Support for multiple API keys (comma-separated)
- Optional authentication - can be disabled for trusted deployments
- Clients connect using Authorization: Bearer YOUR_API_KEY header
## Docker Configuration Updates
- Update to use official pre-built image: nyxiumyuuki/geoguessr-mcp:latest
- Remove DOCKER_USERNAME and IMAGE_TAG from environment variables
- Simplify docker-compose.yml and docker-compose.prod.yml
- Remove healthcheck configuration (not necessary for the deployment)
## Deployment Improvements
- Move deploy.sh to scripts/deploy.sh for better organization
- Update deploy.sh to use official Docker image
- Add authentication validation in deployment script
- Improve deployment logging and error messages
## Documentation Updates
- Update README.md with authentication configuration examples
- Add MCP server authentication section with setup instructions
- Update environment variables table
- Simplify deployment instructions
- Update CLAUDE.md with new authentication architecture
- Add .env.example configuration for MCP authentication
## Technical Details
- Authentication middleware integrates with FastMCP's Starlette ASGI app
- Middleware validates Bearer tokens on all requests except /health
- Logs authentication attempts and failures
- Returns proper 401/403 HTTP status codes
- Validates configuration on startup to prevent misconfiguration
Resolves TODO items:
- [x] Fix Docker username in compose files and env vars
- [x] Add authentication to MCP server to allow access only to specific users
