fix: support capability tokens in middleware for MCP server file access #33
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Enables MCP servers to authenticate using capability tokens when accessing files through /api/files/download/ endpoints. Previously, the middleware only checked for X-User-Email headers, causing MCP server requests to fail in production nginx environments. Changes: - Check capability tokens before X-User-Email header validation - Return 401 for unauthenticated API requests instead of redirecting - Maintain backward compatibility with browser-based authentication Fixes authentication flow for MCP servers making programmatic file requests with tokenized URLs while preserving existing browser-based auth behavior. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the authentication middleware to support capability tokens for file downloads, enabling MCP servers and headless tools to access files without session cookies. It also improves the authentication failure handling by distinguishing between API endpoints (return 401) and browser endpoints (redirect to /auth).
Key changes:
- Added capability token authentication for file download URLs
- Distinguished API endpoint authentication failures (401) from browser endpoint failures (redirect)
- Added HTTPException import for proper error handling
Comment on lines
38
to
45
| # Valid capability token - extract user from token and allow request | ||
| user_email = claims.get('u') | ||
| if user_email: | ||
| logger.info(f"Authenticated via capability token for user: {user_email}") | ||
| request.state.user_email = user_email | ||
| return await call_next(request) | ||
| else: | ||
| logger.warning("Valid token but missing user email claim") |
There was a problem hiding this comment.
Missing validation that the file_key in the token matches the requested file. The token contains both user ('u') and file key ('k') claims, but only the user is being verified here. An attacker could reuse a valid token for one file to access a different file. Add validation: file_key = request.url.path.split('/api/files/download/')[1].split('?')[0] and if claims.get('k') != file_key: logger.warning('Token file key mismatch'); continue to standard auth.
Suggested change
| # Valid capability token - extract user from token and allow request | |
| user_email = claims.get('u') | |
| if user_email: | |
| logger.info(f"Authenticated via capability token for user: {user_email}") | |
| request.state.user_email = user_email | |
| return await call_next(request) | |
| else: | |
| logger.warning("Valid token but missing user email claim") | |
| # Validate that the file key in the token matches the requested file | |
| file_key = request.url.path.split('/api/files/download/')[1].split('?')[0] | |
| if claims.get('k') != file_key: | |
| logger.warning("Token file key mismatch") | |
| else: | |
| # Valid capability token - extract user from token and allow request | |
| user_email = claims.get('u') | |
| if user_email: | |
| logger.info(f"Authenticated via capability token for user: {user_email}") | |
| request.state.user_email = user_email | |
| return await call_next(request) | |
| else: | |
| logger.warning("Valid token but missing user email claim") |
Clarifies why the middleware only validates capability token authenticity but not file key matching. The route handler validates file key authorization, maintaining proper separation of concerns between authentication (middleware) and authorization (route handlers). Addresses review feedback from Copilot AI. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Enables MCP servers to authenticate using capability tokens when accessing files through
/api/files/download/endpoints.Previously, the middleware only checked for
X-User-Emailheaders, causing MCP server requests to fail in production nginx environments. The middleware would redirect unauthenticated requests to/auth, which doesn't exist, resulting in 404 errors.Changes
X-User-EmailheadersTechnical Details
Authentication Flow (Before):
Authentication Flow (After):
Testing
Impact
Fixes the issue where MCP servers (like pdfbasic) fail to download files in production K8s environments with nginx authentication proxies. Browser-based requests continue to work as before.
🤖 Generated with Claude Code