Merge pull request #71 from metatool-ai/fix-auth

Fix auth + other bug fixes

Author: zhjch05

README.md

@@ -122,6 +122,10 @@ If you have questions, feel free to leave **GitHub issues** or **PRs**.
 - 🔑 **API key auth** for external access via `Authorization: Bearer <api-key>` header
 - Note though: the repo is not designed for multi-tenancy and each org should self-host an instance for org wide. E.g., MCP server has no user_id association, so every account have access to every MCP server configs hosted on the instance.
 
+## SSE conf for Nginx
+
+Since MCP leverages SSE for long connection, if you are using reverse proxy like nginx, please refer to an example setup [nginx.conf.example](nginx.conf.example)
+
 ## 🏗️ Architecture
 
 - **Frontend**: Next.js

apps/frontend/app/(sidebar)/mcp-servers/page.tsx

@@ -44,8 +44,6 @@ export default function MCPServersPage() {
   // tRPC mutation for creating MCP server
   const createServerMutation = trpc.frontend.mcpServers.create.useMutation({
     onSuccess: (data) => {
-      console.log("MCP server response:", data);
-
       // Check if the operation was actually successful
       if (data.success) {
         toast.success("MCP Server Created", {

apps/frontend/app/(sidebar)/search/components/CardGrid.tsx

@@ -4,7 +4,7 @@ import { CreateServerFormData, createServerFormSchema } from "@repo/zod-types";
 import { Github, Plus } from "lucide-react";
 import { ChevronDown } from "lucide-react";
 import Link from "next/link";
-import { useState } from "react";
+import { useEffect, useState } from "react";
 import { useForm } from "react-hook-form";
 import { toast } from "sonner";
 
@@ -63,24 +63,13 @@ function CreateServerDialog({
   // tRPC mutation for creating MCP server
   const createServerMutation = trpc.frontend.mcpServers.create.useMutation({
     onSuccess: (data) => {
-      console.log("MCP server response:", data);
-
       // Check if the operation was actually successful
       if (data.success) {
         toast.success("MCP Server Created", {
           description: `Successfully created "${form.getValues().name}" server`,
         });
         onOpenChange(false);
-        form.reset({
-          name: "",
-          description: "",
-          type: McpServerTypeEnum.Enum.STDIO,
-          command: "",
-          args: "",
-          url: "",
-          bearerToken: "",
-          env: "",
-        });
+        form.reset(defaultValues);
         // Invalidate and refetch the server list
         utils.frontend.mcpServers.list.invalidate();
       } else {
@@ -167,6 +156,16 @@ function CreateServerDialog({
     defaultValues,
   });
 
+  // Reset form when dialog opens with new defaultValues
+  useEffect(() => {
+    if (open) {
+      form.reset(defaultValues);
+    } else {
+      // Reset form when dialog closes to ensure clean state
+      form.reset(defaultValues);
+    }
+  }, [open, defaultValues, form]);
+
   const onSubmit = async (data: CreateServerFormData) => {
     setIsSubmitting(true);
     try {
@@ -391,6 +390,7 @@ function CreateServerDialog({
                 type="button"
                 variant="outline"
                 onClick={() => {
+                  form.reset(defaultValues);
                   onOpenChange(false);
                 }}
                 disabled={isSubmitting}
@@ -416,7 +416,7 @@ export default function CardGrid({ items }: { items: SearchIndex }) {
 
   const handleAddServer = (item: SearchIndex[string]) => {
     // Prepare default values for the form
-    const sanitizedName = item.name.replace(/[^a-zA-Z0-9_-]/g, "_");
+    const sanitizedName = item.name.replace(/[^a-zA-Z0-9_-]/g, "-");
     const envString =
       item.envs && item.envs.length > 0
         ? item.envs.map((env) => `${env}=`).join("\n")

apps/frontend/app/(sidebar)/search/page.tsx

@@ -38,7 +38,6 @@ function SearchContent() {
   });
 
   if (error) console.error("Search error:", error);
-  console.log("Search data:", data);
 
   useEffect(() => {
     const timer = setTimeout(() => {

apps/frontend/middleware.ts

@@ -23,11 +23,24 @@ export default async function middleware(request: NextRequest) {
   }
 
   try {
+    // Get the original host for nginx compatibility
+    const originalHost =
+      request.headers.get("x-forwarded-host") ||
+      request.headers.get("host") ||
+      "";
+
     // Check if user is authenticated by calling the session endpoint
     const { data: session } = await betterFetch("/api/auth/get-session", {
-      baseURL: request.nextUrl.origin,
+      // this hardcoded is correct, because in same container, we should use localhost, outside url won't work
+      baseURL: "http://localhost:12009",
       headers: {
         cookie: request.headers.get("cookie") || "",
+        // Pass nginx-forwarded host headers for better-auth baseURL resolution
+        host: originalHost,
+        // Include nginx forwarding headers if present
+        "x-forwarded-host": request.headers.get("x-forwarded-host") || "",
+        "x-forwarded-proto": request.headers.get("x-forwarded-proto") || "",
+        "x-forwarded-for": request.headers.get("x-forwarded-for") || "",
       },
     });
 

nginx.conf.example

@@ -0,0 +1,144 @@
+
+#user  nobody;
+worker_processes  1;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  300;  # Increased for better SSE support
+
+    #gzip  on;
+
+    server {
+        listen       8080;
+        server_name  localhost;
+
+        #charset koi8-r;
+
+        #access_log  logs/host.access.log  main;
+
+        location / {
+            root   html;
+            index  index.html index.htm;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }
+
+
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+
+    # HTTPS server
+    #
+    #server {
+    #    listen       443 ssl;
+    #    server_name  localhost;
+
+    #    ssl_certificate      cert.pem;
+    #    ssl_certificate_key  cert.key;
+
+    #    ssl_session_cache    shared:SSL:1m;
+    #    ssl_session_timeout  5m;
+
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_prefer_server_ciphers  on;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+    server {
+        listen 8081;
+        server_name metamcp.dev.local;
+
+        location / {
+            proxy_pass http://localhost:12008;  # Your backend/frontend
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            
+            # SSE-specific optimizations
+            proxy_buffering off;
+            proxy_cache off;
+            proxy_read_timeout 86400s;  # 24 hours for long-lived SSE connections
+            proxy_send_timeout 86400s;
+            
+            # HTTP/1.1 with proper connection handling for SSE
+            proxy_set_header Connection '';
+            proxy_http_version 1.1;
+            
+            # Additional headers for better SSE support
+            proxy_set_header Cache-Control 'no-cache';
+            proxy_set_header X-Accel-Buffering 'no';
+        }
+    }
+
+    include servers/*;
+}

packages/zod-types/src/mcp-servers.zod.ts

@@ -12,6 +12,10 @@ export const createServerFormSchema = z
       .regex(
         /^[a-zA-Z0-9_-]+$/,
         "Server name must only contain letters, numbers, underscores, and hyphens",
+      )
+      .refine(
+        (value) => !/_{2,}/.test(value),
+        "Server name cannot contain consecutive underscores",
       ),
     description: z.string().optional(),
     type: McpServerTypeEnum,
@@ -72,6 +76,10 @@ export const EditServerFormSchema = z
       .regex(
         /^[a-zA-Z0-9_-]+$/,
         "Server name must only contain letters, numbers, underscores, and hyphens",
+      )
+      .refine(
+        (value) => !/_{2,}/.test(value),
+        "Server name cannot contain consecutive underscores",
       ),
     description: z.string().optional(),
     type: McpServerTypeEnum,
@@ -131,6 +139,10 @@ export const CreateMcpServerRequestSchema = z
       .regex(
         /^[a-zA-Z0-9_-]+$/,
         "Server name must only contain letters, numbers, underscores, and hyphens",
+      )
+      .refine(
+        (value) => !/_{2,}/.test(value),
+        "Server name cannot contain consecutive underscores",
       ),
     description: z.string().optional(),
     type: McpServerTypeEnum,
@@ -285,6 +297,10 @@ export const UpdateMcpServerRequestSchema = z
       .regex(
         /^[a-zA-Z0-9_-]+$/,
         "Server name must only contain letters, numbers, underscores, and hyphens",
+      )
+      .refine(
+        (value) => !/_{2,}/.test(value),
+        "Server name cannot contain consecutive underscores",
       ),
     description: z.string().optional(),
     type: McpServerTypeEnum,
@@ -349,6 +365,10 @@ export const McpServerCreateInputSchema = z.object({
     .regex(
       /^[a-zA-Z0-9_-]+$/,
       "Server name must only contain letters, numbers, underscores, and hyphens",
+    )
+    .refine(
+      (value) => !/_{2,}/.test(value),
+      "Server name cannot contain consecutive underscores",
     ),
   description: z.string().nullable().optional(),
   type: McpServerTypeEnum,
@@ -367,6 +387,10 @@ export const McpServerUpdateInputSchema = z.object({
       /^[a-zA-Z0-9_-]+$/,
       "Server name must only contain letters, numbers, underscores, and hyphens",
     )
+    .refine(
+      (value) => !/_{2,}/.test(value),
+      "Server name cannot contain consecutive underscores",
+    )
     .optional(),
   description: z.string().nullable().optional(),
   type: McpServerTypeEnum.optional(),