Void-Homelab/lib/api/middleware/mcp_auth.js

// Auth gate for /mcp. External agents must present a Void agent bearer token
// bound to a Space (scopes.space_id). Owner / CF-Access identities are NOT
// accepted here — external agents never inherit owner powers. CF Access service
// tokens are enforced at the edge (Cloudflare policy on mcp.void.hynesy.com).
import * as agents from '../../db/repos/agents.js';

// Minimal fixed-window in-memory rate limit per token (defense-in-depth; the
// real gate is CF Access + bearer). Window is 60s.
const WINDOW_MS = 60_000;
const hits = new Map(); // token -> { count, resetAt }
export function _resetMcpRate() { hits.clear(); }
function rateLimited(token) {
  const limit = Number(process.env.MCP_RATE_LIMIT || 120);
  const now = Date.now();
  let h = hits.get(token);
  if (!h || now > h.resetAt) { h = { count: 0, resetAt: now + WINDOW_MS }; hits.set(token, h); }
  h.count += 1;
  return h.count > limit;
}

export async function mcpAuth(req, res, next) {
  const auth = req.headers.authorization || '';
  const [scheme, token] = auth.split(' ');
  if (scheme !== 'Bearer' || !token) {
    return res.status(401).json({ error: { code: 'unauthorized', message: 'missing bearer token' } });
  }
  if (process.env.OWNER_TOKEN && token === process.env.OWNER_TOKEN) {
    return res.status(401).json({ error: { code: 'agent_required', message: 'owner token not valid for MCP' } });
  }
  if (rateLimited(token)) {
    return res.status(429).json({ error: { code: 'rate_limited', message: 'too many requests' } });
  }
  let agent;
  try { agent = await agents.verifyToken(token); }
  catch (e) { return next(e); }
  if (!agent) {
    return res.status(401).json({ error: { code: 'unauthorized', message: 'invalid token' } });
  }
  if (!(agent.scopes && agent.scopes.space_id)) {
    return res.status(403).json({ error: { code: 'no_space_scope', message: 'agent has no space scope' } });
  }
  req.mcpAgent = agent;
  next();
}