mirror of
https://github.com/jmagar/unraid-mcp.git
synced 2026-03-23 04:29:17 -07:00
cc24f1ec62
- ApiKeyVerifier(TokenVerifier) — validates Authorization: Bearer <key> against UNRAID_MCP_API_KEY; guards against empty-key bypass - _build_auth() replaces module-level _build_google_auth() call: returns MultiAuth(server=google, verifiers=[api_key]) when both set, GoogleProvider alone, ApiKeyVerifier alone, or None - settings.py: add UNRAID_MCP_API_KEY + is_api_key_auth_configured() + api_key_auth_enabled in get_config_summary() - run_server(): improved auth status logging for all three states - tests/test_api_key_auth.py: 9 tests covering verifier + _build_auth - .env.example: add UNRAID_MCP_API_KEY section - docs/GOOGLE_OAUTH.md: add API Key section - README.md / CLAUDE.md: rename section, document both auth methods - Fix pre-existing: test_health.py patched cache_middleware/error_middleware now match renamed _cache_middleware/_error_middleware in server.py
76 lines
2.9 KiB
Plaintext
76 lines
2.9 KiB
Plaintext
# Unraid MCP Server Configuration
|
|
# =================================
|
|
|
|
# Core API Configuration (Required)
|
|
# ---------------------------------
|
|
UNRAID_API_URL=https://your-unraid-server-url/graphql
|
|
UNRAID_API_KEY=your_unraid_api_key
|
|
|
|
# MCP Server Settings
|
|
# -------------------
|
|
UNRAID_MCP_TRANSPORT=streamable-http # Options: streamable-http (recommended), sse (deprecated), stdio
|
|
UNRAID_MCP_HOST=0.0.0.0
|
|
UNRAID_MCP_PORT=6970
|
|
|
|
# Logging Configuration
|
|
# ---------------------
|
|
UNRAID_MCP_LOG_LEVEL=INFO # Options: DEBUG, INFO, WARNING, ERROR
|
|
UNRAID_MCP_LOG_FILE=unraid-mcp.log # Log file name (saved to logs/ directory)
|
|
|
|
# SSL/TLS Configuration
|
|
# --------------------
|
|
# Set to 'false' or '0' to disable SSL verification (e.g., for self-signed certificates)
|
|
# Set to 'true' or '1' to enable SSL verification (default)
|
|
# Set to a file path to use a custom CA bundle
|
|
UNRAID_VERIFY_SSL=true
|
|
|
|
# Real-time Subscription Configuration
|
|
# ------------------------------------
|
|
# Enable automatic subscription startup (true/false)
|
|
UNRAID_AUTO_START_SUBSCRIPTIONS=true
|
|
|
|
# Maximum WebSocket reconnection attempts (numeric)
|
|
UNRAID_MAX_RECONNECT_ATTEMPTS=10
|
|
|
|
# Optional: Custom log file path for subscription auto-start diagnostics
|
|
# Defaults to standard log if not specified
|
|
# UNRAID_AUTOSTART_LOG_PATH=/custom/path/to/autostart.log
|
|
|
|
# Google OAuth Protection (Optional)
|
|
# -----------------------------------
|
|
# Protects the MCP HTTP server — clients must authenticate with Google before calling tools.
|
|
# Requires streamable-http or sse transport (not stdio).
|
|
#
|
|
# Setup:
|
|
# 1. Google Cloud Console → APIs & Services → Credentials
|
|
# 2. Create OAuth 2.0 Client ID (Web application)
|
|
# 3. Authorized redirect URIs: <UNRAID_MCP_BASE_URL>/auth/callback
|
|
# 4. Copy Client ID and Client Secret below
|
|
#
|
|
# UNRAID_MCP_BASE_URL: Public URL clients use to reach THIS server (for redirect URIs).
|
|
# Examples:
|
|
# http://10.1.0.2:6970 (LAN)
|
|
# http://100.x.x.x:6970 (Tailscale)
|
|
# https://mcp.yourdomain.com (reverse proxy)
|
|
#
|
|
# UNRAID_MCP_JWT_SIGNING_KEY: Stable secret for signing FastMCP JWT tokens.
|
|
# Generate once: python3 -c "import secrets; print(secrets.token_hex(32))"
|
|
# NEVER change after first use — all client sessions will be invalidated.
|
|
#
|
|
# Leave GOOGLE_CLIENT_ID empty to disable OAuth (server runs unprotected).
|
|
# GOOGLE_CLIENT_ID=
|
|
# GOOGLE_CLIENT_SECRET=
|
|
# UNRAID_MCP_BASE_URL=http://10.1.0.2:6970
|
|
# UNRAID_MCP_JWT_SIGNING_KEY=<generate with command above>
|
|
|
|
# API Key Authentication (Optional)
|
|
# -----------------------------------
|
|
# Alternative to Google OAuth — clients present this key as a bearer token:
|
|
# Authorization: Bearer <UNRAID_MCP_API_KEY>
|
|
#
|
|
# Can be the same value as UNRAID_API_KEY (reuse your Unraid key), or a
|
|
# separate dedicated secret. Set both GOOGLE_CLIENT_ID and UNRAID_MCP_API_KEY
|
|
# to accept either auth method (MultiAuth).
|
|
#
|
|
# Leave empty to disable API key auth.
|
|
# UNRAID_MCP_API_KEY= |