From e0beca18cf64b26234348c6ad2b3d71b96ee8703 Mon Sep 17 00:00:00 2001
From: Angel Nunez Mencias <git@angelnu.com>
Date: Mon, 19 May 2025 10:25:27 +0200
Subject: [PATCH] adjust configuration to kvant

---
 .github/workflows/ci.yaml | 71 +++++++++++++++++++++++++++++++++++++++
 Dockerfile                | 47 ++++++++++++++++++++++++++
 cmd/proxy/main.go         |  6 ++--
 config.yaml               | 48 +++++++++++++++++---------
 4 files changed, 153 insertions(+), 19 deletions(-)
 create mode 100644 .github/workflows/ci.yaml
 create mode 100644 Dockerfile

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..775003e
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,71 @@
+name: Build and Push container
+run-name: Build and Push container
+on:
+  workflow_dispatch:
+  #schedule:
+  #  - cron: "0 10 * * *"
+  push:
+    branches:
+      - 'main'
+      - 'master'
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - 'main'
+      - 'master'
+env:
+  IMAGE: git.kvant.cloud/${{github.repository}}
+jobs:
+  build_concierge_backend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set current time
+        uses: https://github.com/gerred/actions/current-time@master
+        id: current_time
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to git.kvant.cloud registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.kvant.cloud
+          username: ${{ vars.ORG_PACKAGE_WRITER_USERNAME }}
+          password: ${{ secrets.ORG_PACKAGE_WRITER_TOKEN }}
+      
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{env.IMAGE}}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+
+      - name: Build and push to gitea registry
+        uses: docker/build-push-action@v6
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          context: .
+          provenance: mode=max
+          sbom: true
+          build-args: |
+            BUILD_DATE=${{ steps.current_time.outputs.time }}
+          cache-from: |
+            type=registry,ref=${{ env.IMAGE }}:buildcache
+            type=registry,ref=${{ env.IMAGE }}:${{ github.ref_name }}
+            type=registry,ref=${{ env.IMAGE }}:main
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max,image-manifest=true
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..2f0b940
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,47 @@
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.24@sha256:d9db32125db0c3a680cfb7a1afcaefb89c898a075ec148fdc2f0f646cc2ed509 AS build
+
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+
+RUN apt update -qq && apt install -qq -y git bash curl g++
+
+# Download libraries
+ADD go.* .
+RUN go mod download
+
+# Build
+ADD cmd cmd
+ADD internal internal
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o webhook -ldflags '-w -extldflags "-static"' -o openmcpauthproxy ./cmd/proxy
+
+#Test
+RUN CGO_ENABLED=1 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go test -v -race ./...
+
+
+# Build production container
+FROM --platform=${BUILDPLATFORM:-linux/amd64} ubuntu:24.04
+
+RUN apt-get update \
+    && apt-get install --no-install-recommends -y \
+    python3-pip \
+    python-is-python3 \
+    npm \
+    && apt-get autoremove \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+COPY --from=build /workspace/openmcpauthproxy /app/
+
+ADD config.yaml /app
+RUN find .
+
+
+ENTRYPOINT ["/app/openmcpauthproxy"]
+
+ARG IMAGE_SOURCE
+LABEL org.opencontainers.image.source=$IMAGE_SOURCE
diff --git a/cmd/proxy/main.go b/cmd/proxy/main.go
index 6424f18..c43dd7d 100644
--- a/cmd/proxy/main.go
+++ b/cmd/proxy/main.go
@@ -12,7 +12,7 @@ import (
 	"github.com/wso2/open-mcp-auth-proxy/internal/authz"
 	"github.com/wso2/open-mcp-auth-proxy/internal/config"
 	"github.com/wso2/open-mcp-auth-proxy/internal/constants"
-	"github.com/wso2/open-mcp-auth-proxy/internal/logging"
+	logger "github.com/wso2/open-mcp-auth-proxy/internal/logging"
 	"github.com/wso2/open-mcp-auth-proxy/internal/proxy"
 	"github.com/wso2/open-mcp-auth-proxy/internal/subprocess"
 	"github.com/wso2/open-mcp-auth-proxy/internal/util"
@@ -58,7 +58,7 @@ func main() {
 			logger.Warn("%v", err)
 			logger.Warn("Subprocess may fail to start due to missing dependencies")
 		}
-    
+
 		procManager = subprocess.NewManager()
 		if err := procManager.Start(cfg); err != nil {
 			logger.Warn("Failed to start subprocess: %v", err)
@@ -95,7 +95,7 @@ func main() {
 	// 5. Build the main router
 	mux := proxy.NewRouter(cfg, provider)
 
-	listen_address := fmt.Sprintf(":%d", cfg.ListenPort)
+	listen_address := fmt.Sprintf("0.0.0.0:%d", cfg.ListenPort)
 
 	// 6. Start the server
 	srv := &http.Server{
diff --git a/config.yaml b/config.yaml
index 5621195..af627c9 100644
--- a/config.yaml
+++ b/config.yaml
@@ -6,13 +6,8 @@ base_url: "http://localhost:8000" # Base URL for the MCP server
 port: 8000 # Port for the MCP server
 timeout_seconds: 10
 
-# Path configuration
-paths:
-  sse: "/sse" # SSE endpoint path
-  messages: "/messages/" # Messages endpoint path
-
 # Transport mode configuration
-transport_mode: "sse" # Options: "sse" or "stdio"
+transport_mode: "stdio" # Options: "sse" or "stdio"
 
 # stdio-specific configuration (used only when transport_mode is "stdio")
 stdio:
@@ -22,13 +17,10 @@ stdio:
   # env:                           # Environment variables (optional)
   #   - "NODE_ENV=development"
 
-# Path mapping (optional)
-path_mapping:
-
-# CORS configuration
+# CORS settings
 cors:
   allowed_origins:
-    - "http://localhost:5173"
+    - "http://localhost:6274"  # Origin of your frontend/client app
   allowed_methods:
     - "GET"
     - "POST"
@@ -40,8 +32,32 @@ cors:
     - "mcp-protocol-version"
   allow_credentials: true
 
-# Demo configuration for Asgardeo
-demo:
-  org_name: "openmcpauthdemo"
-  client_id: "N0U9e_NNGr9mP_0fPnPfPI0a6twa"
-  client_secret: "qFHfiBp5gNGAO9zV4YPnDofBzzfInatfUbHyPZvM0jka"
+# Keycloak endpoint path mappings
+path_mapping:
+  sse: "/sse" # SSE endpoint path
+  messages: "/messages/" # Messages endpoint path
+  /token: /realms/master/protocol/openid-connect/token
+  /register: /realms/master/clients-registrations/openid-connect
+
+# Keycloak configuration block
+default:
+  base_url: "https://iam.phoenix-systems.ch"
+  jwks_url: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/certs"  
+  path:
+    /.well-known/oauth-authorization-server:
+      response:
+        issuer: "https://iam.phoenix-systems.ch/realms/kvant"
+        jwks_uri: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/certs"
+        authorization_endpoint: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/auth"
+        response_types_supported: 
+          - "code"
+        grant_types_supported:
+          - "authorization_code"
+          - "refresh_token"
+        code_challenge_methods_supported:
+          - "S256"
+          - "plain"
+    /token:
+      addBodyParams:
+        - name: "audience"
+          value: "mcp_proxy"
\ No newline at end of file