Skip to content

Commit f0cef5e

Browse files
msukkariclaude
msukkari
and
claude
authored
feat: gate MCP API behind auth when Ask GitHub is enabled (#994)
* require auth for MCP in ask gh * add CHANGELOG entry for #994 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 4476ac4 commit f0cef5e

File tree

2 files changed

+13
-1
lines changed

2 files changed

+13
-1
lines changed

CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
77

88
## [Unreleased]
99

10+
### Changed
11+
- Gate MCP API behind authentication when Ask GitHub is enabled. [#994](https://github.com/sourcebot-dev/sourcebot/pull/994)
12+
1013
## [4.15.4] - 2026-03-11
1114

1215
### Added

packages/web/src/app/api/(server)/mcp/route.ts

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
33
import { createMcpServer } from '@/features/mcp/server';
44
import { withOptionalAuthV2 } from '@/withAuthV2';
55
import { isServiceError } from '@/lib/utils';
6-
import { serviceErrorResponse, ServiceError } from '@/lib/serviceError';
6+
import { notAuthenticated, serviceErrorResponse, ServiceError } from '@/lib/serviceError';
77
import { ErrorCode } from '@/lib/errorCodes';
88
import { StatusCodes } from 'http-status-codes';
99
import { NextRequest } from 'next/server';
@@ -44,6 +44,9 @@ const sessions = new Map<string, McpSession>();
4444
export const POST = apiHandler(async (request: NextRequest) => {
4545
const response = await sew(() =>
4646
withOptionalAuthV2(async ({ user }) => {
47+
if (env.EXPERIMENT_ASK_GH_ENABLED === 'true' && !user) {
48+
return notAuthenticated();
49+
}
4750
const ownerId = user?.id ?? null;
4851
const sessionId = request.headers.get(MCP_SESSION_ID_HEADER);
4952

@@ -93,6 +96,9 @@ export const POST = apiHandler(async (request: NextRequest) => {
9396
export const DELETE = apiHandler(async (request: NextRequest) => {
9497
const result = await sew(() =>
9598
withOptionalAuthV2(async ({ user }) => {
99+
if (env.EXPERIMENT_ASK_GH_ENABLED === 'true' && !user) {
100+
return notAuthenticated();
101+
}
96102
const ownerId = user?.id ?? null;
97103
const sessionId = request.headers.get(MCP_SESSION_ID_HEADER);
98104
if (!sessionId || !sessions.has(sessionId)) {
@@ -126,6 +132,9 @@ export const DELETE = apiHandler(async (request: NextRequest) => {
126132
export const GET = apiHandler(async (request: NextRequest) => {
127133
const result = await sew(() =>
128134
withOptionalAuthV2(async ({ user }) => {
135+
if (env.EXPERIMENT_ASK_GH_ENABLED === 'true' && !user) {
136+
return notAuthenticated();
137+
}
129138
const ownerId = user?.id ?? null;
130139
const sessionId = request.headers.get(MCP_SESSION_ID_HEADER);
131140
if (!sessionId || !sessions.has(sessionId)) {

0 commit comments

Comments
 (0)