33import { McpServer } from '@modelcontextprotocol/sdk/server/mcp' ;
44import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js' ;
55import { ClientOptions } from '@beeper/desktop-api' ;
6- import cors from 'cors' ;
76import express from 'express' ;
87import pino from 'pino' ;
98import pinoHttp from 'pino-http' ;
@@ -12,11 +11,6 @@ import { getLogger } from './logger';
1211import { McpOptions } from './options' ;
1312import { initMcpServer , newMcpServer } from './server' ;
1413
15- const oauthResourceIdentifier = ( req : express . Request ) : string => {
16- const protocol = req . headers [ 'x-forwarded-proto' ] ?? req . protocol ;
17- return `${ protocol } ://${ req . get ( 'host' ) } /` ;
18- } ;
19-
2014const newServer = async ( {
2115 clientOptions,
2216 mcpOptions,
@@ -32,28 +26,7 @@ const newServer = async ({
3226 const customInstructionsPath = mcpOptions . customInstructionsPath ;
3327 const server = await newMcpServer ( { stainlessApiKey, customInstructionsPath } ) ;
3428
35- // parseClientAuthHeaders throws if the Authorization header uses an unsupported
36- // scheme, or (when the second arg is true) if the header is missing entirely.
37- // On error, we return 401 with WWW-Authenticate pointing to the OAuth metadata
38- // endpoint so clients know how to authenticate (RFC 9728).
39- let authOptions : Partial < ClientOptions > ;
40- try {
41- authOptions = parseClientAuthHeaders ( req , true ) ;
42- } catch ( error ) {
43- const resourceIdentifier = oauthResourceIdentifier ( req ) ;
44- res . set (
45- 'WWW-Authenticate' ,
46- `Bearer resource_metadata="${ resourceIdentifier } .well-known/oauth-protected-resource"` ,
47- ) ;
48- res . status ( 401 ) . json ( {
49- jsonrpc : '2.0' ,
50- error : {
51- code : - 32000 ,
52- message : `Unauthorized: ${ error instanceof Error ? error . message : error } ` ,
53- } ,
54- } ) ;
55- return null ;
56- }
29+ const authOptions = parseClientAuthHeaders ( req , true ) ;
5730
5831 let upstreamClientEnvs : Record < string , string > | undefined ;
5932 const clientEnvsHeader = req . headers [ 'x-stainless-mcp-client-envs' ] ;
@@ -152,16 +125,6 @@ const del = async (req: express.Request, res: express.Response) => {
152125 } ) ;
153126} ;
154127
155- const oauthMetadata = ( req : express . Request , res : express . Response ) => {
156- const resourceIdentifier = oauthResourceIdentifier ( req ) ;
157- res . json ( {
158- resource : resourceIdentifier ,
159- authorization_servers : [ 'http://localhost:23373' ] ,
160- bearer_methods_supported : [ 'header' ] ,
161- scopes_supported : 'read write' ,
162- } ) ;
163- } ;
164-
165128const redactHeaders = ( headers : Record < string , any > ) => {
166129 const hiddenHeaders = / a u t h | c o o k i e | k e y | t o k e n | x - s t a i n l e s s - m c p - c l i e n t - e n v s / i;
167130 const filtered = { ...headers } ;
@@ -231,8 +194,6 @@ export const streamableHTTPApp = ({
231194 } ) ,
232195 ) ;
233196
234- app . get ( '/.well-known/oauth-protected-resource' , cors ( ) , oauthMetadata ) ;
235-
236197 app . get ( '/health' , async ( req : express . Request , res : express . Response ) => {
237198 res . status ( 200 ) . send ( 'OK' ) ;
238199 } ) ;
0 commit comments