HomeLab/unraid-mcp
2
0
Fork 1
mirror of https://github.com/jmagar/unraid-mcp.git synced 2026-03-23 12:39:24 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(auth): wire GoogleProvider into FastMCP, log auth status on startup

Browse Source 
- Call _build_google_auth() at module level before mcp = FastMCP(...)
- Pass auth=_google_auth to FastMCP() constructor
- Add startup log in run_server(): INFO when OAuth enabled (with redirect URI), WARNING when open/unauthenticated
- Add test verifying mcp has no auth provider when Google vars are absent (baseline + post-wire)
This commit is contained in:
Jacob Magar
2026-03-16 10:42:51 -04:00
parent b319cf4932
commit 2ab61be2df
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tests/test_auth_builder.py
View File

@@ -87,3 +87,25 @@ def test_build_google_auth_warns_on_stdio_transport(monkeypatch):
_build_google_auth() _build_google_auth()
assert any("stdio" in m.lower() for m in warning_messages) assert any("stdio" in m.lower() for m in warning_messages)
def test_mcp_instance_has_no_auth_by_default():
"""The FastMCP mcp instance has no auth provider when Google vars are absent."""
import os
for var in ("GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET", "UNRAID_MCP_BASE_URL"):
os.environ.pop(var, None)
import importlib
import unraid_mcp.config.settings as s
importlib.reload(s)
import unraid_mcp.server as srv
importlib.reload(srv)
# FastMCP stores auth on ._auth_provider or .auth
auth = getattr(srv.mcp, "_auth_provider", None) or getattr(srv.mcp, "auth", None)
assert auth is None

17
unraid_mcp/server.py
View File

@@ -117,11 +117,15 @@ def _build_google_auth() -> "GoogleProvider | None":
return GoogleProvider(**kwargs) return GoogleProvider(**kwargs)
# Build auth provider — returns GoogleProvider when configured, None otherwise.
_google_auth = _build_google_auth()
# Initialize FastMCP instance # Initialize FastMCP instance
mcp = FastMCP( mcp = FastMCP(
name="Unraid MCP Server", name="Unraid MCP Server",
instructions="Provides tools to interact with an Unraid server's GraphQL API.", instructions="Provides tools to interact with an Unraid server's GraphQL API.",
version=VERSION, version=VERSION,
auth=_google_auth,
middleware=[ middleware=[
_logging_middleware, _logging_middleware,
error_middleware, error_middleware,
@@ -181,6 +185,19 @@ def run_server() -> None:
"Only use this in trusted networks or for development." "Only use this in trusted networks or for development."
) )
if _google_auth is not None:
from .config.settings import UNRAID_MCP_BASE_URL
logger.info(
"Google OAuth ENABLED — clients must authenticate before calling tools. "
f"Redirect URI: {UNRAID_MCP_BASE_URL}/auth/callback"
)
else:
logger.warning(
"No authentication configured — MCP server is open to all clients on the network. "
"Set GOOGLE_CLIENT_ID + GOOGLE_CLIENT_SECRET + UNRAID_MCP_BASE_URL to enable OAuth."
)
logger.info( logger.info(
f"Starting Unraid MCP Server on {UNRAID_MCP_HOST}:{UNRAID_MCP_PORT} using {UNRAID_MCP_TRANSPORT} transport..." f"Starting Unraid MCP Server on {UNRAID_MCP_HOST}:{UNRAID_MCP_PORT} using {UNRAID_MCP_TRANSPORT} transport..."
) )