1
1
import { BearerAuthMiddlewareOptions , requireBearerAuth } from "@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js" ;
2
- import { AuthRouterOptions , mcpAuthRouter } from "@modelcontextprotocol/sdk/server/auth/router.js" ;
2
+ import { AuthRouterOptions , getOAuthProtectedResourceMetadataUrl , mcpAuthRouter } from "@modelcontextprotocol/sdk/server/auth/router.js" ;
3
3
import cors from "cors" ;
4
4
import express from "express" ;
5
5
import path from "path" ;
@@ -44,13 +44,13 @@ const baseSecurityHeaders = (req: express.Request, res: express.Response, next:
44
44
// Structured logging middleware
45
45
const loggingMiddleware = ( req : express . Request , res : express . Response , next : express . NextFunction ) => {
46
46
const startTime = Date . now ( ) ;
47
-
47
+
48
48
// Sanitize headers to remove sensitive information
49
49
const sanitizedHeaders = { ...req . headers } ;
50
50
delete sanitizedHeaders . authorization ;
51
51
delete sanitizedHeaders . cookie ;
52
52
delete sanitizedHeaders [ 'x-api-key' ] ;
53
-
53
+
54
54
// Log request (without sensitive data)
55
55
logger . info ( 'Request received' , {
56
56
method : req . method ,
@@ -145,7 +145,8 @@ const dearerAuthMiddlewareOptions: BearerAuthMiddlewareOptions = {
145
145
// verifyAccessToken(token: string): Promise<AuthInfo>;
146
146
verifier : {
147
147
verifyAccessToken : authProvider . verifyAccessToken . bind ( authProvider ) ,
148
- }
148
+ } ,
149
+ resourceMetadataUrl : getOAuthProtectedResourceMetadataUrl ( new URL ( BASE_URI ) ) ,
149
150
}
150
151
151
152
app . use ( mcpAuthRouter ( options ) ) ;
@@ -166,7 +167,7 @@ app.get("/mcp-logo.png", (req, res) => {
166
167
res . sendFile ( logoPath ) ;
167
168
} ) ;
168
169
169
- // Upstream auth routes
170
+ // Upstream auth routes
170
171
app . get ( "/fakeupstreamauth/authorize" , cors ( corsOptions ) , handleFakeAuthorize ) ;
171
172
app . get ( "/fakeupstreamauth/callback" , cors ( corsOptions ) , handleFakeAuthorizeRedirect ) ;
172
173
0 commit comments