zhengchen.tao
71600adba9
Build Docker Image / build (push) Failing after 1m40s
MCP (Model Context Protocol) server providing read-only access to a Gitea instance, gated by OAuth-issued JWT bearer tokens. See README.md for setup.
51 lines
1.9 KiB
C#
51 lines
1.9 KiB
C#
using GiteaMcp.Config;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace GiteaMcp.Endpoints;
|
|
|
|
/// <summary>
|
|
/// 两个 well-known 端点:
|
|
/// 1. /.well-known/oauth-authorization-server (RFC 8414):指向配置的 AS。
|
|
/// 2. /.well-known/oauth-protected-resource (RFC 9728):声明本资源的 identifier
|
|
/// + 指向哪个 AS。客户端读到 PRM 后会在 /authorize 请求里带
|
|
/// resource=<identifier>,满足 AS 的 RFC 8707 校验。
|
|
/// </summary>
|
|
public static class DiscoveryEndpoints
|
|
{
|
|
public static IEndpointRouteBuilder MapDiscovery(this IEndpointRouteBuilder app)
|
|
{
|
|
app.MapGet("/.well-known/oauth-authorization-server", (IOptions<McpDiscoveryOptions> opts) =>
|
|
{
|
|
var o = opts.Value;
|
|
return Results.Ok(new
|
|
{
|
|
issuer = o.Issuer,
|
|
authorization_endpoint = o.AuthorizationEndpoint,
|
|
token_endpoint = o.TokenEndpoint,
|
|
registration_endpoint = o.RegistrationEndpoint,
|
|
response_types_supported = new[] { "code" },
|
|
grant_types_supported = new[] { "authorization_code", "refresh_token" },
|
|
code_challenge_methods_supported = new[] { "S256" },
|
|
scopes_supported = new[] { "read:gitea" },
|
|
});
|
|
});
|
|
|
|
app.MapGet("/.well-known/oauth-protected-resource", (HttpContext ctx, IOptions<McpDiscoveryOptions> opts) =>
|
|
{
|
|
var o = opts.Value;
|
|
var resourceUrl = string.IsNullOrWhiteSpace(o.ResourceUrl)
|
|
? $"{ctx.Request.Scheme}://{ctx.Request.Host}"
|
|
: o.ResourceUrl;
|
|
return Results.Ok(new
|
|
{
|
|
resource = resourceUrl,
|
|
authorization_servers = new[] { o.Issuer },
|
|
scopes_supported = new[] { "read:gitea" },
|
|
bearer_methods_supported = new[] { "header" },
|
|
});
|
|
});
|
|
|
|
return app;
|
|
}
|
|
}
|