Merge pull request #72 from liemle3893/master

Add comprehensive HTTP authentication support

Author: f

cmd/mcptools/commands/call.go

@@ -48,6 +48,15 @@ func CallCmd() *cobra.Command {
 				case (cmdArgs[i] == FlagParams || cmdArgs[i] == FlagParamsShort) && i+1 < len(cmdArgs):
 					ParamsString = cmdArgs[i+1]
 					i += 2
+				case (cmdArgs[i] == FlagTransport) && i+1 < len(cmdArgs):
+					TransportOption = cmdArgs[i+1]
+					i += 2
+				case (cmdArgs[i] == FlagAuthUser) && i+1 < len(cmdArgs):
+					AuthUser = cmdArgs[i+1]
+					i += 2
+				case (cmdArgs[i] == FlagAuthHeader) && i+1 < len(cmdArgs):
+					AuthHeader = cmdArgs[i+1]
+					i += 2
 				case !entityExtracted:
 					entityName = cmdArgs[i]
 					entityExtracted = true

cmd/mcptools/commands/root.go

@@ -9,14 +9,16 @@ import (
 
 // flags.
 const (
-	FlagFormat      = "--format"
-	FlagFormatShort = "-f"
-	FlagParams      = "--params"
-	FlagParamsShort = "-p"
-	FlagHelp        = "--help"
-	FlagHelpShort   = "-h"
-	FlagServerLogs  = "--server-logs"
-	FlagTransport   = "--transport"
+	FlagFormat         = "--format"
+	FlagFormatShort    = "-f"
+	FlagParams         = "--params"
+	FlagParamsShort    = "-p"
+	FlagHelp           = "--help"
+	FlagHelpShort      = "-h"
+	FlagServerLogs     = "--server-logs"
+	FlagTransport      = "--transport"
+	FlagAuthUser       = "--auth-user"
+	FlagAuthHeader     = "--auth-header"
 )
 
 // entity types.
@@ -38,6 +40,10 @@ var (
 	// TransportOption is the transport option for HTTP connections, valid values are "sse" and "http".
 	// Default is "http" (streamable HTTP).
 	TransportOption = "http"
+	// AuthUser contains username:password for basic authentication.
+	AuthUser string
+	// AuthHeader is a custom Authorization header.
+	AuthHeader string
 )
 
 // RootCmd creates the root command.
@@ -53,6 +59,8 @@ It allows you to discover and call tools, list resources, and interact with MCP-
 	cmd.PersistentFlags().
 		StringVarP(&ParamsString, "params", "p", "{}", "JSON string of parameters to pass to the tool (for call command)")
 	cmd.PersistentFlags().StringVar(&TransportOption, "transport", "http", "HTTP transport type (http, sse)")
+	cmd.PersistentFlags().StringVar(&AuthUser, "auth-user", "", "Basic authentication in username:password format")
+	cmd.PersistentFlags().StringVar(&AuthHeader, "auth-header", "", "Custom Authorization header (e.g., 'Bearer token' or 'Basic base64credentials')")
 
 	return cmd
 }

cmd/mcptools/commands/shell.go

@@ -31,16 +31,24 @@ func ShellCmd() *cobra.Command { //nolint:gocyclo
 			cmdArgs := args
 			parsedArgs := []string{}
 
-			for i := 0; i < len(cmdArgs); i++ {
+			i := 0
+			for i < len(cmdArgs) {
 				switch {
 				case (cmdArgs[i] == FlagFormat || cmdArgs[i] == FlagFormatShort) && i+1 < len(cmdArgs):
 					FormatOption = cmdArgs[i+1]
-					i++
+					i += 2
 				case cmdArgs[i] == FlagServerLogs:
 					ShowServerLogs = true
 					i++
+				case cmdArgs[i] == FlagAuthUser && i+1 < len(cmdArgs):
+					AuthUser = cmdArgs[i+1]
+					i += 2
+				case cmdArgs[i] == FlagAuthHeader && i+1 < len(cmdArgs):
+					AuthHeader = cmdArgs[i+1]
+					i += 2
 				default:
 					parsedArgs = append(parsedArgs, cmdArgs[i])
+					i++
 				}
 			}
 

cmd/mcptools/commands/test_helpers.go

@@ -54,6 +54,11 @@ func (m *MockTransport) Close() error {
 	return nil
 }
 
+// GetSessionId returns an empty session ID for the mock transport.
+func (m *MockTransport) GetSessionId() string {
+	return ""
+}
+
 // setupMockClient creates a mock client with the given execute function and returns cleanup function.
 func setupMockClient(executeFunc func(method string, _ any) (map[string]any, error)) func() {
 	// Save original function and restore later

cmd/mcptools/commands/utils.go

@@ -3,14 +3,17 @@ package commands
 import (
 	"bufio"
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"net/url"
 	"strings"
 	"time"
 
 	"github.com/f/mcptools/pkg/alias"
 	"github.com/f/mcptools/pkg/jsonutils"
 	"github.com/mark3labs/mcp-go/client"
+	"github.com/mark3labs/mcp-go/client/transport"
 	"github.com/mark3labs/mcp-go/mcp"
 
 	"github.com/spf13/cobra"
@@ -26,15 +29,70 @@ func IsHTTP(str string) bool {
 	return strings.HasPrefix(str, "http://") || strings.HasPrefix(str, "https://") || strings.HasPrefix(str, "localhost:")
 }
 
+// buildAuthHeader builds an Authorization header from the available auth options.
+// It returns the header value and a cleaned URL (with embedded credentials removed).
+func buildAuthHeader(originalURL string) (string, string, error) {
+	cleanURL := originalURL
+	
+	// First, check if we have explicit auth-user flag with username:password format
+	if AuthUser != "" {
+		// Parse username:password format
+		if !strings.Contains(AuthUser, ":") {
+			return "", originalURL, fmt.Errorf("auth-user must be in username:password format (missing colon)")
+		}
+		
+		parts := strings.SplitN(AuthUser, ":", 2)
+		username := parts[0]
+		password := parts[1]
+		
+		// Allow empty username or password, but not both
+		if username == "" && password == "" {
+			// Both empty, treat as no auth
+		} else {
+			// Create basic auth header
+			auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
+			header := "Basic " + auth
+			return header, cleanURL, nil
+		}
+	}
+	
+	// Check for custom auth header
+	if AuthHeader != "" {
+		return AuthHeader, cleanURL, nil
+	}
+	
+	// Extract credentials from URL if embedded
+	parsedURL, err := url.Parse(originalURL)
+	if err != nil {
+		return "", originalURL, err
+	}
+	
+	if parsedURL.User != nil {
+		username := parsedURL.User.Username()
+		password, _ := parsedURL.User.Password()
+		
+		if username != "" {
+			// Create basic auth header
+			auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
+			
+			// Clean the URL by removing user info
+			parsedURL.User = nil
+			cleanURL = parsedURL.String()
+			
+			return "Basic " + auth, cleanURL, nil
+		}
+	}
+	
+	return "", cleanURL, nil
+}
+
 // CreateClientFunc is the function used to create MCP clients.
 // This can be replaced in tests to use a mock transport.
 var CreateClientFunc = func(args []string, _ ...client.ClientOption) (*client.Client, error) {
 	if len(args) == 0 {
 		return nil, ErrCommandRequired
 	}
 
-	// opts = append(opts, client.SetShowServerLogs(ShowServerLogs))
-
 	// Check if the first argument is an alias
 	if len(args) == 1 {
 		server, found := alias.GetServerCommand(args[0])
@@ -51,13 +109,35 @@ var CreateClientFunc = func(args []string, _ ...client.ClientOption) (*client.Cl
 		if TransportOption != "http" && TransportOption != "sse" {
 			return nil, fmt.Errorf("invalid transport option: %s (supported: http, sse)", TransportOption)
 		}
-		
+
+		// Build authentication header
+		authHeader, cleanURL, authErr := buildAuthHeader(args[0])
+		if authErr != nil {
+			return nil, fmt.Errorf("failed to parse authentication: %w", authErr)
+		}
+
+		// Create headers map if authentication is provided
+		headers := make(map[string]string)
+		if authHeader != "" {
+			headers["Authorization"] = authHeader
+		}
+
 		if TransportOption == "sse" {
-			c, err = client.NewSSEMCPClient(args[0])
+			// For SSE transport, use transport.ClientOption
+			if len(headers) > 0 {
+				c, err = client.NewSSEMCPClient(cleanURL, transport.WithHeaders(headers))
+			} else {
+				c, err = client.NewSSEMCPClient(cleanURL)
+			}
 		} else {
-			// Default to streamable HTTP
-			c, err = client.NewStreamableHttpClient(args[0])
+			// For StreamableHTTP transport, use transport.StreamableHTTPCOption
+			if len(headers) > 0 {
+				c, err = client.NewStreamableHttpClient(cleanURL, transport.WithHTTPHeaders(headers))
+			} else {
+				c, err = client.NewStreamableHttpClient(cleanURL)
+			}
 		}
+
 		if err != nil {
 			return nil, err
 		}
@@ -83,7 +163,14 @@ var CreateClientFunc = func(args []string, _ ...client.ClientOption) (*client.Cl
 	done := make(chan error, 1)
 
 	go func() {
-		_, err := c.Initialize(context.Background(), mcp.InitializeRequest{})
+		initRequest := mcp.InitializeRequest{}
+		initRequest.Params.ProtocolVersion = "2024-11-05"
+		initRequest.Params.Capabilities = mcp.ClientCapabilities{}
+		initRequest.Params.ClientInfo = mcp.Implementation{
+			Name:    "mcptools",
+			Version: "1.0.0",
+		}
+		_, err := c.Initialize(context.Background(), initRequest)
 		done <- err
 	}()
 
@@ -121,6 +208,12 @@ func ProcessFlags(args []string) []string {
 		case args[i] == FlagServerLogs:
 			ShowServerLogs = true
 			i++
+		case args[i] == FlagAuthUser && i+1 < len(args):
+			AuthUser = args[i+1]
+			i += 2
+		case args[i] == FlagAuthHeader && i+1 < len(args):
+			AuthHeader = args[i+1]
+			i += 2
 		default:
 			parsedArgs = append(parsedArgs, args[i])
 			i++

go.sum

@@ -18,8 +18,6 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mark3labs/mcp-go v0.23.1 h1:RzTzZ5kJ+HxwnutKA4rll8N/pKV6Wh5dhCmiJUu5S9I=
-github.com/mark3labs/mcp-go v0.23.1/go.mod h1:rXqOudj/djTORU/ThxYx8fqEVj/5pvTuuebQ2RC7uk4=
 github.com/mark3labs/mcp-go v0.24.1 h1:YV+5X/+W4oBdERLWgiA1uR7AIvenlKJaa5V4hqufI7E=
 github.com/mark3labs/mcp-go v0.24.1/go.mod h1:rXqOudj/djTORU/ThxYx8fqEVj/5pvTuuebQ2RC7uk4=
 github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=