jason/google-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

simplify cors middleware implementation

Browse Source
This commit is contained in:
Taylor Wilsdon
2025-08-09 11:44:12 -04:00
parent 42dcd54b18
commit 374dc9c3e7
6 changed files with 77 additions and 512 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
core/server.py
View File

@@ -16,8 +16,6 @@ from auth.mcp_session_middleware import MCPSessionMiddleware
from auth.oauth_responses import create_error_response, create_success_response, create_server_error_response
from auth.auth_info_middleware import AuthInfoMiddleware
from auth.fastmcp_google_auth import GoogleWorkspaceAuthProvider
from auth.vscode_compatibility_middleware import VSCodePathNormalizationMiddleware
from auth.cors_security_middleware import CORSSecurityMiddleware
from auth.scopes import SCOPES
from core.config import (
USER_GOOGLE_EMAIL,
@@ -40,10 +38,7 @@ logger = logging.getLogger(__name__)
_auth_provider: Optional[Union[GoogleWorkspaceAuthProvider, GoogleRemoteAuthProvider]] = None
# --- Middleware Definitions ---
# Note: The old wildcard CORS middleware is replaced with secure CORS middleware
session_middleware = Middleware(MCPSessionMiddleware)
vscode_middleware = Middleware(VSCodePathNormalizationMiddleware, debug=False)
cors_security_middleware = Middleware(CORSSecurityMiddleware, debug=True)
# Custom FastMCP that adds secure middleware stack for OAuth 2.1
class SecureFastMCP(FastMCP):
@@ -52,16 +47,12 @@ class SecureFastMCP(FastMCP):
app = super().streamable_http_app()
# Add middleware in order (first added = outermost layer)
# 1. CORS Security - handles CORS with proper origin validation
app.user_middleware.insert(0, cors_security_middleware)
# 2. VS Code Path Normalization - rewrites VS Code paths transparently
app.user_middleware.insert(1, vscode_middleware)
# 3. Session Management - extracts session info for MCP context
app.user_middleware.insert(2, session_middleware)
# Session Management - extracts session info for MCP context
app.user_middleware.insert(0, session_middleware)
# Rebuild middleware stack
app.middleware_stack = app.build_middleware_stack()
logger.info("Added secure middleware stack: CORS Security, VS Code Compatibility, Session Management")
logger.info("Added middleware stack: Session Management")
return app
# --- Server Instance ---