fix: remove MCP application-level authorization

2026-05-08 12:14:19 +03:00
parent a4e7388bcf
commit 7593a460c7
11 changed files with 20 additions and 363 deletions
--- a/app/mcp.py
+++ b/app/mcp.py
@@ -4,15 +4,12 @@ from fastapi import APIRouter, Depends, Request
 from sqlalchemy import desc, or_, select
 from sqlalchemy.orm import Session

-from app.config import Settings, get_settings
 from app.db import get_db
 from app.models import CrawlRun, Employee
-from app.security import mcp_protected_resource_metadata, require_mcp_auth
 from app.services.admin_data import run_detail_payload
 from app.version import BACKEND_VERSION

 router = APIRouter(prefix="/mcp")
-metadata_router = APIRouter()


 TOOLS = [
@@ -65,9 +62,7 @@ TOOLS = [
 async def mcp_http(
    request: Request,
    db: Session = Depends(get_db),
-    settings: Settings = Depends(get_settings),
 ) -> dict:
-    require_mcp_auth(request, settings)
    payload = await request.json()
    method = payload.get("method")
    request_id = payload.get("id")
@@ -183,8 +178,3 @@ def _run_payload(run: CrawlRun) -> dict:

 def _tool_response(data: object) -> dict:
    return {"content": [{"type": "text", "text": json.dumps(data, ensure_ascii=False, default=str)}]}
-
-
-@metadata_router.get("/.well-known/oauth-protected-resource")
-def oauth_protected_resource(settings: Settings = Depends(get_settings)) -> dict:
-    return mcp_protected_resource_metadata(settings)