MCP (Model Context Protocol) server providing read-only access to a Gitea instance, gated by OAuth-issued JWT bearer tokens. See README.md for setup.
This commit is contained in:
@@ -0,0 +1,32 @@
|
||||
namespace GiteaMcp.Config;
|
||||
|
||||
/// <summary>
|
||||
/// Gitea 后端连接配置,通过 env / appsettings 注入。
|
||||
/// 生产环境敏感字段(AdminPat)必须通过环境变量注入,不要写进代码。
|
||||
/// </summary>
|
||||
public class GiteaOptions
|
||||
{
|
||||
public const string SectionName = "Gitea";
|
||||
|
||||
/// <summary>Gitea 根 URL(末尾无斜杠),必须通过 env Gitea__BaseUrl 注入</summary>
|
||||
public string BaseUrl { get; set; } = string.Empty;
|
||||
|
||||
/// <summary>
|
||||
/// Gitea Admin PAT(只读权限:read:repository / read:issue / read:user / read:organization / read:package)。
|
||||
/// 生产环境从 env Gitea__AdminPat 注入,本地开发用 dotnet user-secrets。
|
||||
/// 绝对不要 hardcode。
|
||||
/// </summary>
|
||||
public string AdminPat { get; set; } = string.Empty;
|
||||
|
||||
/// <summary>
|
||||
/// 黑名单:逗号分隔的 owner/repo,格式如 "alice/secret-repo,acme/internal"。
|
||||
/// 黑名单内的 repo 不会出现在任何 Tool 的返回值里。默认空(全开放)。
|
||||
/// </summary>
|
||||
public string RepoBlacklist { get; set; } = string.Empty;
|
||||
|
||||
/// <summary>list_repos 的默认 limit(不传时使用)</summary>
|
||||
public int DefaultLimit { get; set; } = 50;
|
||||
|
||||
/// <summary>read_file 的默认最大字节数(1MB)</summary>
|
||||
public int MaxFileBytes { get; set; } = 1 * 1024 * 1024;
|
||||
}
|
||||
@@ -0,0 +1,27 @@
|
||||
namespace GiteaMcp.Config;
|
||||
|
||||
/// <summary>
|
||||
/// JWT 验签配置,与 auth server 共用同款 HS256 对称密钥。
|
||||
/// 环境变量:Jwt__Issuer, Jwt__Audience, Jwt__SigningKey__Current, Jwt__SigningKey__Previous
|
||||
/// </summary>
|
||||
public class JwtOptions
|
||||
{
|
||||
public const string SectionName = "Jwt";
|
||||
|
||||
/// <summary>期望的 iss claim(你的 auth server 的 issuer URL),必须通过 env 注入</summary>
|
||||
public string Issuer { get; set; } = string.Empty;
|
||||
|
||||
/// <summary>期望的 aud claim,默认 gitea</summary>
|
||||
public string Audience { get; set; } = "gitea";
|
||||
|
||||
public SigningKeyPair SigningKey { get; set; } = new();
|
||||
|
||||
public class SigningKeyPair
|
||||
{
|
||||
/// <summary>当前签名密钥(HS256 对称密钥),env: Jwt__SigningKey__Current</summary>
|
||||
public string Current { get; set; } = string.Empty;
|
||||
|
||||
/// <summary>上一轮密钥,密钥轮换过渡期用,env: Jwt__SigningKey__Previous(可为空)</summary>
|
||||
public string? Previous { get; set; }
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,22 @@
|
||||
namespace GiteaMcp.Config;
|
||||
|
||||
/// <summary>
|
||||
/// /.well-known/oauth-authorization-server + /.well-known/oauth-protected-resource
|
||||
/// 端点返回的元数据,字段由 Mcp:OAuthDiscovery:* 配置项驱动。
|
||||
/// </summary>
|
||||
public class McpDiscoveryOptions
|
||||
{
|
||||
public const string SectionName = "Mcp:OAuthDiscovery";
|
||||
|
||||
public string Issuer { get; set; } = string.Empty;
|
||||
public string AuthorizationEndpoint { get; set; } = string.Empty;
|
||||
public string TokenEndpoint { get; set; } = string.Empty;
|
||||
public string RegistrationEndpoint { get; set; } = string.Empty;
|
||||
|
||||
/// <summary>
|
||||
/// 本资源服务的标识符(RFC 9728 PRM 的 `resource` 字段,必须与 auth server
|
||||
/// 上该资源条目的 resource_url 完全一致)。
|
||||
/// 留空时 PRM 端点回退用请求的 `scheme://host`。
|
||||
/// </summary>
|
||||
public string ResourceUrl { get; set; } = string.Empty;
|
||||
}
|
||||
Reference in New Issue
Block a user