personal-projects/gitea-mcp-remote
1
0
Fork 0
generated from personal-projects/leo-claude-mktplace
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

[Sprint 02] feat: Implement HTTP authentication middleware #13

New Issue
Closed
opened 2026-02-03 21:01:18 +00:00 by lmiranda · 1 comment
lmiranda commented 2026-02-03 21:01:18 +00:00
Owner
Copy Link

Summary

Create auth.py module to implement optional HTTP endpoint authentication.

Tasks

  • Create src/gitea_mcp_remote/auth.py
  • Implement AuthMiddleware class for HTTP auth
  • Support Bearer token authentication via Authorization header
  • Read expected token from config.AUTH_TOKEN
  • If AUTH_TOKEN not set, allow all requests (no auth)
  • If set, require matching Authorization: Bearer <token> header
  • Return 401 Unauthorized for invalid/missing token
  • Add logging for auth attempts (success/failure)

Acceptance Criteria

  • auth.py exists with AuthMiddleware class
  • Bearer token validation works correctly
  • No-auth mode works when AUTH_TOKEN unset
  • Clear error messages for auth failures
  • Logging captures auth events
  • Compatible with MCP HTTP transport spec

Dependencies

Blocked by: #11 (needs config to read AUTH_TOKEN)

Context

Optional security layer for the HTTP endpoint. If deploying publicly, set AUTH_TOKEN to require authentication.

References:

  • Corrective Rebuild specification
  • Step 6 of 14-step rebuild plan

Size: M (2-4 hours)

## Summary Create `auth.py` module to implement optional HTTP endpoint authentication. ## Tasks - [ ] Create `src/gitea_mcp_remote/auth.py` - [ ] Implement `AuthMiddleware` class for HTTP auth - [ ] Support Bearer token authentication via `Authorization` header - [ ] Read expected token from `config.AUTH_TOKEN` - [ ] If `AUTH_TOKEN` not set, allow all requests (no auth) - [ ] If set, require matching `Authorization: Bearer <token>` header - [ ] Return 401 Unauthorized for invalid/missing token - [ ] Add logging for auth attempts (success/failure) ## Acceptance Criteria - `auth.py` exists with `AuthMiddleware` class - Bearer token validation works correctly - No-auth mode works when `AUTH_TOKEN` unset - Clear error messages for auth failures - Logging captures auth events - Compatible with MCP HTTP transport spec ## Dependencies **Blocked by:** #11 (needs config to read AUTH_TOKEN) ## Context Optional security layer for the HTTP endpoint. If deploying publicly, set AUTH_TOKEN to require authentication. **References:** - Corrective Rebuild specification - Step 6 of 14-step rebuild plan **Size:** M (2-4 hours)
lmiranda added this to the Sprint 02: Corrective Rebuild milestone 2026-02-03 21:01:18 +00:00
lmiranda added the Size/MType/FeatureTech/PythonComponent/BackendPriority/High labels 2026-02-03 21:01:18 +00:00
lmiranda commented 2026-02-03 21:01:22 +00:00
Author
Owner
Copy Link

⚠️ Blocked By: #11

⚠️ **Blocked By:** #11
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Component/API
API endpoints, contracts, and integration
 Component/Auth
Authentication and authorization
 Component/Backend
Backend/server-side code
 Component/Backend
Backend service code and business logic
 Component/Core
Core application logic and architecture
 Component/Database
Database schemas, migrations, queries
 Component/Dependencies
Package dependencies and requirements
 Component/Deploy
Deployment, infrastructure, DevOps
 Component/Docker
Docker and containerization
 Component/Docs
Documentation and guides
 Component/Documentation
Documentation and guides
 Component/Frontend
User interface and client-side code
 Component/Infra
Infrastructure and system configuration
 Component/Integration
Integration and end-to-end testing
 Component/Testing
Test infrastructure and frameworks
 Priority/Critical
Critical priority - blocks other work
 Priority/High
High priority items
 Priority/Medium
Medium priority items
 Size/L
Large task (4-8 hours)
 Size/M
Medium task (2-4 hours)
 Size/S
Small task (1-2 hours)
 Tech/Docker
Docker containers and compose
 Tech/FastAPI
FastAPI backend framework
 Tech/JavaScript
JavaScript/Node.js code
 Tech/PostgreSQL
PostgreSQL database
 Tech/Python
Python language and libraries
 Tech/Redis
Redis cache and pub/sub
 Tech/Vue
Vue.js frontend framework
 Type/Build
Build system and dependencies
 Type/Documentation
Documentation updates
 Type/Feature
New feature implementation
 Type/Refactor
Code refactoring and restructuring
 Type/Setup
Initial project setup tasks
 Type/Test
Testing and quality assurance
Complexity/Complex
High uncertainty or many dependencies
 Complexity/Medium
Some unknowns or dependencies
 Complexity/Simple
Straightforward, well-understood
 Effort/L
3-5 days
 Effort/M
1-2 days
 Effort/S
2-4 hours
 Effort/XL
> 1 week
 Effort/XS
< 2 hours
 Priority/Critical
Immediate attention required
 Priority/High
Important, needs attention soon
 Priority/Low
Nice to have, can wait
 Priority/Medium
Normal priority
 Type/Bug
Something isn't working
 Type/Chore
Maintenance tasks
 Type/Documentation
Documentation improvements
 Type/Feature
New feature or request
 Type/Refactor
Code refactoring without changing behavior
 Type/Test
Testing related
No Label Component/Backend Priority/High Size/M Tech/Python Type/Feature
Milestone
No items
No Milestone Sprint 02: Corrective Rebuild
Projects
Clear projects
No project
Assignees
Clear assignees
lmiranda
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: personal-projects/gitea-mcp-remote#13
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?