Adriano/Cerbero-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(V2): audit.py usa actor:str invece di Principal, rimuovi legacy common/auth.py

Browse Source 
- Eliminato src/cerbero_mcp/common/auth.py (V1 Principal/TokenStore/ACL)
- audit_write_op: parametro principal:Principal → actor:str|None
- mcp_bridge.py: TokenStore → valid_tokens:set[str] (V2 bearer model)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
AdrianoDev
2026-04-30 18:14:10 +02:00
parent 3868ba60ce
commit 1a1f9c43ba
3 changed files with 10 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cerbero_mcp/common/mcp_bridge.py
+6 -7
View File
@@ -28,8 +28,6 @@ import httpx
from fastapi import FastAPI, Request
from fastapi.responses import JSONResponse
from cerbero_mcp.common.auth import TokenStore
MCP_PROTOCOL_VERSION = "2024-11-05"
@@ -95,20 +93,22 @@ def mount_mcp_endpoint(
*,
name: str,
version: str,
token_store: TokenStore,
valid_tokens: set[str],
internal_base_url: str,
tools: list[dict],
) -> None:
"""Registra un endpoint MCP JSON-RPC 2.0 su POST /mcp.
Ogni tool è proxato verso POST {internal_base_url}/tools/<name> con il
Bearer token del client MCP (preservando le ACL REST esistenti).
Bearer token del client MCP. L'auth è già gestita dal middleware V2
(bearer testnet/mainnet); qui si ricontrolla che il token sia nei
valid_tokens prima di proxare.
Args:
app: istanza FastAPI del service
name: nome server MCP
version: versione del service
token_store: lo stesso usato dai tool REST
valid_tokens: set di token validi (testnet + mainnet)
internal_base_url: URL base interno (es. "http://localhost:9015")
tools: lista di {"name": str, "description": str, "input_schema"?: dict}
"""
@@ -207,8 +207,7 @@ def mount_mcp_endpoint(
if not auth.startswith("Bearer "):
return JSONResponse({"error": "missing bearer token"}, status_code=401)
token = auth[len("Bearer "):].strip()
principal = token_store.get(token)
if principal is None:
if token not in valid_tokens:
return JSONResponse({"error": "invalid token"}, status_code=403)
body = await request.json()