gitea-mcp: 初次落地 Gitea MCP Server (.NET 10, V1 only-read)
把 Gitea (git.zhengchentao.win) 通过 MCP 暴露给 Claude.ai:列 repo、读代码、看 commits / issues / PR / orgs / packages / actions。 设计文档见 vault Coding/gitea-mcp/gitea-mcp 设计.md。 代码模板复用 obsidian-mcp(.NET 10 + ModelContextProtocol SDK + JwtBearer)。 19 个只读 Tool(全部 scope=read:gitea): Repo / 文件: - list_repos / read_repo - list_tree(max_entries=500 防爆) - read_file(max_bytes=1MB,超出 truncated=true) - search_code(走 /repos/search-code,indexer 未启用时返回结构化错误说明) 分支 / 提交: - list_branches / list_commits / read_commit(diff 文件数限 50) Issue / PR: - list_issues / read_issue(含评论) - list_pulls / read_pull(含评论 + 改动文件列表) Org / Package(用户额外授权 read:organization + read:package): - list_orgs / read_org - list_packages / read_package Gitea Actions(运维友好): - list_workflow_runs / read_run_log 技术栈: - .NET 10 + ModelContextProtocol SDK 1.0 - HttpClientFactory + Microsoft.Extensions.Http.Resilience(指数 backoff,5xx/429/网络错误重试) - JwtBearer (HS256, Current+Previous fallback, MapInboundClaims=false) - aud=gitea, scope=read:gitea, iss=https://auth.zhengchentao.win Gitea API client: - Authorization: token <PAT> (admin PAT,仅 read scope) - BaseUrl=https://git.zhengchentao.win - 错误映射:401/403 → UnauthorizedAccessException,404 → KeyNotFoundException,5xx → InvalidOperationException - RepoBlacklist 黑名单(owner/repo 精确匹配,默认空) 部署: - Dockerfile multi-stage,COPY --chown,non-root user - .gitea/workflows/build-image.yml:build + deploy 双 job,buildkit v0.13.2 - 容器内 :8080,宿主端口 9092 - 子域名 git-mcp.zhengchentao.win(区别于 Gitea 本体 git.zhengchentao.win) 测试:6/6 单测过(GiteaRepoFilter 黑名单匹配) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,33 @@
|
||||
using GiteaMcp.Config;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace GiteaMcp.Endpoints;
|
||||
|
||||
/// <summary>
|
||||
/// OAuth 2.0 Authorization Server Metadata(RFC 8414)端点。
|
||||
/// Claude.ai 在接入 custom connector 时会先访问 /.well-known/oauth-authorization-server,
|
||||
/// 根据返回的元数据找到 nas-auth 的 authorize / token / register 端点。
|
||||
/// </summary>
|
||||
public static class DiscoveryEndpoints
|
||||
{
|
||||
public static IEndpointRouteBuilder MapDiscovery(this IEndpointRouteBuilder app)
|
||||
{
|
||||
app.MapGet("/.well-known/oauth-authorization-server", (IOptions<McpDiscoveryOptions> opts) =>
|
||||
{
|
||||
var o = opts.Value;
|
||||
return Results.Ok(new
|
||||
{
|
||||
issuer = o.Issuer,
|
||||
authorization_endpoint = o.AuthorizationEndpoint,
|
||||
token_endpoint = o.TokenEndpoint,
|
||||
registration_endpoint = o.RegistrationEndpoint,
|
||||
response_types_supported = new[] { "code" },
|
||||
grant_types_supported = new[] { "authorization_code", "refresh_token" },
|
||||
code_challenge_methods_supported = new[] { "S256" },
|
||||
scopes_supported = new[] { "read:gitea" },
|
||||
});
|
||||
});
|
||||
|
||||
return app;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user