Spaces:

pgurazada1
/

credit-card-database-mcp-server

Sleeping

pgurazada1 commited on May 30

Commit

f87d282

verified ·

1 Parent(s): 7737dc2

Update server.py

Files changed (1) hide show

server.py CHANGED Viewed

@@ -125,8 +125,8 @@ llm = ChatOpenAI(
 # Hugging Face Token Auth Middleware
 class HuggingFaceTokenAuthMiddleware(BaseHTTPMiddleware):
     async def dispatch(self, request: Request, call_next):
-        # Only protect /mcp/ and /tools endpoints, allow "/" open
-        if request.url.path not in ["/", "/mcp/", "/tools"]:
             return await call_next(request)
         # Check Authorization header
         auth = request.headers.get("authorization")
@@ -142,6 +142,7 @@ class HuggingFaceTokenAuthMiddleware(BaseHTTPMiddleware):
             if resp.status_code != 200:
                 return PlainTextResponse("Invalid or expired Hugging Face token", status_code=401)
             hf_user_info = resp.json()
         request.state.hf_user = hf_user_info
         return await call_next(request)
@@ -224,7 +225,7 @@ async def list_tools(request: Request) -> JSONResponse:
     """Return all registered tool metadata as JSON."""
     return JSONResponse(tool_registry)
-# Add the Hugging Face token auth middleware at app construction time
 app = mcp.streamable_http_app()
 app.add_middleware(HuggingFaceTokenAuthMiddleware)

 # Hugging Face Token Auth Middleware
 class HuggingFaceTokenAuthMiddleware(BaseHTTPMiddleware):
     async def dispatch(self, request: Request, call_next):
+        # Allow "/" to be public, protect everything else
+        if request.url.path == "/":
             return await call_next(request)
         # Check Authorization header
         auth = request.headers.get("authorization")
             if resp.status_code != 200:
                 return PlainTextResponse("Invalid or expired Hugging Face token", status_code=401)
             hf_user_info = resp.json()
+        # Attach the HF user info to request.state for downstream use if needed
         request.state.hf_user = hf_user_info
         return await call_next(request)
     """Return all registered tool metadata as JSON."""
     return JSONResponse(tool_registry)
+# --- Build the app and add middleware ---
 app = mcp.streamable_http_app()
 app.add_middleware(HuggingFaceTokenAuthMiddleware)