fix: PORT range validation, MCP auth middleware, last_used_at tracking

DevanshuNEU · DevanshuNEU · commit 34e33f8319f6 · 2026-03-07T12:25:32.000-05:00
- config.py: PORT now validated 1-65535, falls back to 8080 if out of range
- config.py: added MCP_AUTH_TOKEN env var
- server.py: Bearer token middleware on /mcp endpoint when MCP_AUTH_TOKEN set;
  /health remains public; no auth → 401, wrong token → 401
- auth.py: _validate_api_key now updates last_used_at on successful lookup
  (fire-and-forget, won't block auth on failure)
- 004_api_keys.sql: documented DELETE policy intent (soft-delete via active flag)
- ci.yml: supabase/migrations/** added to mcp path filter
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -31,6 +31,7 @@ jobs:
             - 'frontend/**'
           mcp:
             - 'mcp-server/**'
+            - 'supabase/migrations/**'
 
   test-backend:
     name: Backend Tests
diff --git a/backend/middleware/auth.py b/backend/middleware/auth.py
@@ -122,6 +122,16 @@ def _validate_api_key(token: str) -> Optional[AuthContext]:
             return None
         
         key_data = result.data[0]
+
+        # Update last_used_at timestamp (fire-and-forget, don't block auth)
+        try:
+            from datetime import datetime, timezone
+            db.table("api_keys").update(
+                {"last_used_at": datetime.now(timezone.utc).isoformat()}
+            ).eq("id", key_data["id"]).execute()
+        except Exception:
+            pass  # Non-critical; don't fail auth over timestamp update
+
         return AuthContext(
             api_key_name=key_data.get("name"),
             user_id=key_data.get("user_id"),
diff --git a/mcp-server/.env.example b/mcp-server/.env.example
@@ -8,3 +8,7 @@ MCP_TRANSPORT=stdio
 # Server host/port (only used for streamable-http transport)
 MCP_HOST=0.0.0.0
 PORT=8080
+
+# Auth token for protecting /mcp endpoint (optional, recommended for remote)
+# If set, clients must send Authorization: Bearer <token>
+MCP_AUTH_TOKEN=
diff --git a/mcp-server/config.py b/mcp-server/config.py
@@ -21,5 +21,11 @@
 _port_raw = os.getenv("PORT", "8080")
 try:
     PORT = int(_port_raw)
+    if not (1 <= PORT <= 65535):
+        PORT = 8080
 except ValueError:
     PORT = 8080
+
+# Optional auth token for protecting the MCP endpoint in remote mode.
+# If set, clients must send Authorization: Bearer <token> to /mcp.
+MCP_AUTH_TOKEN = os.getenv("MCP_AUTH_TOKEN", "")
diff --git a/mcp-server/server.py b/mcp-server/server.py
@@ -16,7 +16,7 @@
 from starlette.routing import Route
 from starlette.responses import JSONResponse
 
-from config import SERVER_NAME, SERVER_VERSION, TRANSPORT, HOST, PORT
+from config import SERVER_NAME, SERVER_VERSION, TRANSPORT, HOST, PORT, MCP_AUTH_TOKEN
 from tools import get_tool_schemas
 from handlers import call_tool
 
@@ -64,8 +64,25 @@ async def _health(request):
 
 def _get_http_app():
     """Build the Starlette app with health check + MCP endpoint."""
+    from starlette.middleware.base import BaseHTTPMiddleware
+    from starlette.requests import Request
+
     app = mcp.streamable_http_app()
     app.routes.insert(0, Route("/health", _health, methods=["GET"]))
+
+    if MCP_AUTH_TOKEN:
+        class MCPAuthMiddleware(BaseHTTPMiddleware):
+            """Require Bearer token on /mcp, leave /health public."""
+            async def dispatch(self, request: Request, call_next):
+                if request.url.path == "/health":
+                    return await call_next(request)
+                auth = request.headers.get("authorization", "")
+                if not auth.startswith("Bearer ") or auth[7:] != MCP_AUTH_TOKEN:
+                    return JSONResponse({"error": "Unauthorized"}, status_code=401)
+                return await call_next(request)
+
+        app.add_middleware(MCPAuthMiddleware)
+
     return app
 
 
diff --git a/supabase/migrations/004_api_keys.sql b/supabase/migrations/004_api_keys.sql
@@ -66,5 +66,7 @@ CREATE POLICY "Users can deactivate own keys"
   USING (auth.uid() = user_id)
   WITH CHECK (auth.uid() = user_id);
 
--- Service role (backend) has full access via service_role key
--- No explicit policy needed; service_role bypasses RLS
+-- No DELETE policy: users cannot hard-delete keys.
+-- Deactivation (active=false) is the intended revocation mechanism.
+-- Service role (backend) can hard-delete for compliance if needed.
+-- Service role has full access via service_role key; bypasses RLS.
