@cyanheads/git-mcp-server/dist/mcp-server/transports/auth/authMiddleware.js

An MCP (Model Context Protocol) server enabling LLMs and AI agents to interact with Git repositories. Provides tools for comprehensive Git operations including clone, commit, branch, diff, log, status, push, pull, merge, rebase, worktree, tag management,

import { BaseErrorCode, McpError } from "../../../types-global/errors.js";
import { ErrorHandler, logger, requestContextService, } from "../../../utils/index.js";
import { authContext } from "./lib/authContext.js";
/**
 * Creates a Hono middleware function that enforces authentication using a given strategy.
 *
 * @param strategy - An instance of a class that implements the `AuthStrategy` interface.
 * @returns A Hono middleware function.
 */
export function createAuthMiddleware(strategy) {
    return async function authMiddleware(c, next) {
        const context = requestContextService.createRequestContext({
            operation: "authMiddleware",
            method: c.req.method,
            path: c.req.path,
        });
        logger.debug("Initiating authentication check.", context);
        const authHeader = c.req.header("Authorization");
        if (!authHeader || !authHeader.startsWith("Bearer ")) {
            logger.warning("Authorization header missing or invalid.", context);
            throw new McpError(BaseErrorCode.UNAUTHORIZED, "Missing or invalid Authorization header. Bearer scheme required.", context);
        }
        const token = authHeader.substring(7);
        if (!token) {
            logger.warning("Bearer token is missing from Authorization header.", context);
            throw new McpError(BaseErrorCode.UNAUTHORIZED, "Authentication token is missing.", context);
        }
        logger.debug("Extracted Bearer token, proceeding to verification.", context);
        try {
            const authInfo = await strategy.verify(token);
            const authLogContext = {
                ...context,
                clientId: authInfo.clientId,
                subject: authInfo.subject,
                scopes: authInfo.scopes,
            };
            logger.info("Authentication successful. Auth context populated.", authLogContext);
            // Run the next middleware in the chain within the populated auth context.
            await authContext.run({ authInfo }, next);
        }
        catch (error) {
            // The strategy is expected to throw an McpError.
            // We re-throw it here to be caught by the global httpErrorHandler.
            logger.warning("Authentication verification failed.", {
                ...context,
                error: error instanceof Error ? error.message : String(error),
            });
            // Ensure consistent error handling
            throw ErrorHandler.handleError(error, {
                operation: "authMiddlewareVerification",
                context,
                rethrow: true, // Rethrow to be caught by Hono's global error handler
                errorCode: BaseErrorCode.UNAUTHORIZED, // Default to unauthorized if not more specific
            });
        }
    };
}
//# sourceMappingURL=authMiddleware.js.map