UNPKG

@cyanheads/jinaai-mcp-server

Version:

A Model Context Protocol (MCP) server that provides intelligent web reading capabilities using the Jina AI Reader API. It extracts clean, LLM-ready content from any URL.

58 lines 2.85 kB
import { BaseErrorCode, McpError } from "../../../types-global/errors.js"; import { ErrorHandler, logger, requestContextService, } from "../../../utils/index.js"; import { authContext } from "./lib/authContext.js"; /** * Creates a Hono middleware function that enforces authentication using a given strategy. * * @param strategy - An instance of a class that implements the `AuthStrategy` interface. * @returns A Hono middleware function. */ export function createAuthMiddleware(strategy) { return async function authMiddleware(c, next) { const context = requestContextService.createRequestContext({ operation: "authMiddleware", method: c.req.method, path: c.req.path, }); logger.debug("Initiating authentication check.", context); const authHeader = c.req.header("Authorization"); if (!authHeader || !authHeader.startsWith("Bearer ")) { logger.warning("Authorization header missing or invalid.", context); throw new McpError(BaseErrorCode.UNAUTHORIZED, "Missing or invalid Authorization header. Bearer scheme required.", context); } const token = authHeader.substring(7); if (!token) { logger.warning("Bearer token is missing from Authorization header.", context); throw new McpError(BaseErrorCode.UNAUTHORIZED, "Authentication token is missing.", context); } logger.debug("Extracted Bearer token, proceeding to verification.", context); try { const authInfo = await strategy.verify(token); const authLogContext = { ...context, clientId: authInfo.clientId, subject: authInfo.subject, scopes: authInfo.scopes, }; logger.info("Authentication successful. Auth context populated.", authLogContext); // Run the next middleware in the chain within the populated auth context. await authContext.run({ authInfo }, next); } catch (error) { // The strategy is expected to throw an McpError. // We re-throw it here to be caught by the global httpErrorHandler. logger.warning("Authentication verification failed.", { ...context, error: error instanceof Error ? error.message : String(error), }); // Ensure consistent error handling throw ErrorHandler.handleError(error, { operation: "authMiddlewareVerification", context, rethrow: true, // Rethrow to be caught by Hono's global error handler errorCode: BaseErrorCode.UNAUTHORIZED, // Default to unauthorized if not more specific }); } }; } //# sourceMappingURL=authMiddleware.js.map