07b1cb84b2
This commit implements several key improvements to the GeoGuessr MCP server: ## MCP Server Authentication - Add Bearer token authentication for MCP server access control - New middleware in src/geoguessr_mcp/middleware/auth.py - Configuration via MCP_AUTH_ENABLED and MCP_API_KEYS environment variables - Support for multiple API keys (comma-separated) - Optional authentication - can be disabled for trusted deployments - Clients connect using Authorization: Bearer YOUR_API_KEY header ## Docker Configuration Updates - Update to use official pre-built image: nyxiumyuuki/geoguessr-mcp:latest - Remove DOCKER_USERNAME and IMAGE_TAG from environment variables - Simplify docker-compose.yml and docker-compose.prod.yml - Remove healthcheck configuration (not necessary for the deployment) ## Deployment Improvements - Move deploy.sh to scripts/deploy.sh for better organization - Update deploy.sh to use official Docker image - Add authentication validation in deployment script - Improve deployment logging and error messages ## Documentation Updates - Update README.md with authentication configuration examples - Add MCP server authentication section with setup instructions - Update environment variables table - Simplify deployment instructions - Update CLAUDE.md with new authentication architecture - Add .env.example configuration for MCP authentication ## Technical Details - Authentication middleware integrates with FastMCP's Starlette ASGI app - Middleware validates Bearer tokens on all requests except /health - Logs authentication attempts and failures - Returns proper 401/403 HTTP status codes - Validates configuration on startup to prevent misconfiguration Resolves TODO items: - [x] Fix Docker username in compose files and env vars - [x] Add authentication to MCP server to allow access only to specific users
72 lines
2.7 KiB
Text
72 lines
2.7 KiB
Text
# GeoGuessr MCP Server Configuration
|
|
# Copy this file to .env and fill in your values
|
|
|
|
# =============================================================================
|
|
# OPTIONAL: GeoGuessr Authentication
|
|
# =============================================================================
|
|
# Your GeoGuessr _ncfa cookie for API authentication
|
|
# If not set, users must authenticate using the login tool
|
|
#
|
|
# How to get your _ncfa cookie:
|
|
# 1. Log in to GeoGuessr in your browser
|
|
# 2. Open Developer Tools (F12 or Ctrl+Shift+I)
|
|
# 3. Go to the "Application" or "Storage" tab
|
|
# 4. Under "Cookies", find www.geoguessr.com
|
|
# 5. Look for the cookie named "_ncfa"
|
|
# 6. Copy its value and paste it below
|
|
#
|
|
# IMPORTANT: Keep this secret! Anyone with this cookie can access your account.
|
|
|
|
GEOGUESSR_NCFA_COOKIE=
|
|
|
|
# =============================================================================
|
|
# MCP Server Configuration
|
|
# =============================================================================
|
|
# Transport protocol: "streamable-http" (recommended) or "sse" (legacy)
|
|
MCP_TRANSPORT=streamable-http
|
|
|
|
# Host to bind to (0.0.0.0 for all interfaces)
|
|
MCP_HOST=0.0.0.0
|
|
|
|
# Port to expose the server on
|
|
MCP_PORT=8000
|
|
|
|
# =============================================================================
|
|
# MCP Server Authentication
|
|
# =============================================================================
|
|
# Enable authentication for MCP server access (true/false)
|
|
# When enabled, clients must provide a valid API key in the Authorization header
|
|
MCP_AUTH_ENABLED=false
|
|
|
|
# Comma-separated list of valid API keys for MCP server access
|
|
# Example: MCP_API_KEYS=key1,key2,key3
|
|
# Clients connect using: Authorization: Bearer YOUR_API_KEY
|
|
# Generate secure keys with: openssl rand -hex 32
|
|
MCP_API_KEYS=
|
|
|
|
# =============================================================================
|
|
# API Monitoring Configuration
|
|
# =============================================================================
|
|
# Enable automatic API endpoint monitoring
|
|
MONITORING_ENABLED=true
|
|
|
|
# How often to check API endpoints (in hours)
|
|
MONITORING_INTERVAL_HOURS=24
|
|
|
|
# Directory to store schema cache (persisted between restarts)
|
|
SCHEMA_CACHE_DIR=/app/data/schemas
|
|
|
|
# =============================================================================
|
|
# Logging Configuration
|
|
# =============================================================================
|
|
# Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL
|
|
LOG_LEVEL=INFO
|
|
|
|
# =============================================================================
|
|
# Request Configuration
|
|
# =============================================================================
|
|
# Request timeout in seconds
|
|
REQUEST_TIMEOUT=30.0
|
|
|
|
# Maximum retry attempts for failed requests
|
|
MAX_RETRIES=3
|