Merge remote-tracking branch 'origin/main' into handle_duplicate_server_name_catalog_ui

Author: madhav165

.github/tools/update_dependencies.py

@@ -4,7 +4,6 @@ mcp.prof
 mcp.pstats
 .depsorter_cache.json
 .depupdate.*
-update_dependencies.py
 token.txt
 *.db
 *.bak

.gitignore

@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9-minimal:9.6-1752069876
+FROM registry.access.redhat.com/ubi9-minimal:9.6-1752587672
 LABEL maintainer="Mihai Criveti" \
       name="mcp/mcpgateway" \
       version="0.3.1" \

Containerfile

@@ -26,12 +26,12 @@ ARG PYTHON_VERSION=3.11
 ###########################
 # Base image for copying into scratch
 ###########################
-FROM registry.access.redhat.com/ubi9/ubi-micro:9.6-1751962311 AS base
+FROM registry.access.redhat.com/ubi9/ubi-micro:9.6-1752751762 AS base
 
 ###########################
 # Builder stage
 ###########################
-FROM registry.access.redhat.com/ubi9/ubi:9.6-1751897624 AS builder
+FROM registry.access.redhat.com/ubi9/ubi:9.6-1752625787 AS builder
 SHELL ["/bin/bash", "-c"]
 
 ARG PYTHON_VERSION

Containerfile.lite

@@ -38,7 +38,8 @@ FILES_TO_CLEAN := .coverage coverage.xml mcp.prof mcp.pstats \
                   $(DOCS_DIR)/docs/test/sbom.md \
                   $(DOCS_DIR)/docs/test/{unittest,full,index,test}.md \
 				  $(DOCS_DIR)/docs/images/coverage.svg $(LICENSES_MD) $(METRICS_MD) \
-                  *.db *.sqlite *.sqlite3 mcp.db-journal *.py,cover
+                  *.db *.sqlite *.sqlite3 mcp.db-journal *.py,cover \
+				  .depsorter_cache.json .depupdate.*
 
 COVERAGE_DIR ?= $(DOCS_DIR)/docs/coverage
 LICENSES_MD  ?= $(DOCS_DIR)/docs/test/licenses.md
@@ -1002,9 +1003,10 @@ hadolint:
 .PHONY: deps-update containerfile-update
 
 deps-update:
-	@echo "⬆️  Updating project dependencies via update-deps.py..."
-	@test -f update-deps.py || { echo "❌ update-deps.py not found in root directory."; exit 1; }
-	@/bin/bash -c "source $(VENV_DIR)/bin/activate && python3 update-deps.py"
+	@echo "⬆️  Updating project dependencies via update_dependencies.py..."
+	@test -f ./.github/tools/update_dependencies.py || { echo "❌ update_dependencies.py not found in ./.github/tools."; exit 1; }
+	@/bin/bash -c "source $(VENV_DIR)/bin/activate && python3 ./.github/tools/update_dependencies.py --ignore-dependency starlette --file pyproject.toml"
+	@/bin/bash -c "source $(VENV_DIR)/bin/activate && python3 ./.github/tools/update_dependencies.py --file docs/requirements.txt"
 	@echo "✅ Dependencies updated in pyproject.toml and docs/requirements.txt"
 
 containerfile-update:
@@ -1136,6 +1138,7 @@ endef
 # help: 🐳 UNIFIED CONTAINER OPERATIONS (Auto-detects Docker/Podman)
 # help: container-build      - Build image using detected runtime
 # help: container-run        - Run container using detected runtime
+# help: container-run-host   - Run container using detected runtime with host networking
 # help: container-run-ssl    - Run container with TLS using detected runtime
 # help: container-run-ssl-host - Run container with TLS and host networking
 # help: container-push       - Push image (handles localhost/ prefix)
@@ -1151,7 +1154,7 @@ endef
 # help: use-podman           - Switch to Podman runtime
 # help: show-runtime         - Show current container runtime
 
-.PHONY: container-build container-run container-run-ssl container-run-ssl-host \
+.PHONY: container-build container-run container-run-host container-run-ssl container-run-ssl-host \
         container-push container-info container-stop container-logs container-shell \
         container-health image-list image-clean image-retag container-check-image \
         container-build-multi use-docker use-podman show-runtime
@@ -1201,6 +1204,26 @@ container-run: container-check-image
 	@echo "🔍 Health check status:"
 	@$(CONTAINER_RUNTIME) inspect $(PROJECT_NAME) --format='{{.State.Health.Status}}' 2>/dev/null || echo "No health check configured"
 
+container-run-host: container-check-image
+	@echo "🚀 Running with $(CONTAINER_RUNTIME)..."
+	-$(CONTAINER_RUNTIME) stop $(PROJECT_NAME) 2>/dev/null || true
+	-$(CONTAINER_RUNTIME) rm $(PROJECT_NAME) 2>/dev/null || true
+	$(CONTAINER_RUNTIME) run --name $(PROJECT_NAME) \
+		--env-file=.env \
+		--network=host \
+		-p 4444:4444 \
+		--restart=always \
+		--memory=$(CONTAINER_MEMORY) --cpus=$(CONTAINER_CPUS) \
+		--health-cmd="curl --fail http://localhost:4444/health || exit 1" \
+		--health-interval=1m --health-retries=3 \
+		--health-start-period=30s --health-timeout=10s \
+		-d $(call get_image_name)
+	@sleep 2
+	@echo "✅ Container started"
+	@echo "🔍 Health check status:"
+	@$(CONTAINER_RUNTIME) inspect $(PROJECT_NAME) --format='{{.State.Health.Status}}' 2>/dev/null || echo "No health check configured"
+
+
 container-run-ssl: certs container-check-image
 	@echo "🚀 Running with $(CONTAINER_RUNTIME) (TLS)..."
 	-$(CONTAINER_RUNTIME) stop $(PROJECT_NAME) 2>/dev/null || true
@@ -1241,6 +1264,9 @@ container-run-ssl-host: certs container-check-image
 	@sleep 2
 	@echo "✅ Container started with TLS (host networking)"
 
+
+
+
 container-push: container-check-image
 	@echo "📤 Preparing to push image..."
 	@# For Podman, we need to remove localhost/ prefix for push
@@ -1445,6 +1471,7 @@ container-run-ssl-safe: container-validate container-run-ssl
 # help: podman               - Build container image
 # help: podman-prod          - Build production container image (using ubi-micro → scratch). Not supported on macOS.
 # help: podman-run           - Run the container on HTTP  (port 4444)
+# help: podman-run-host      - Run the container on HTTP  (port 4444) with --network-host
 # help: podman-run-shell     - Run the container on HTTP  (port 4444) and start a shell
 # help: podman-run-ssl       - Run the container on HTTPS (port 4444, self-signed)
 # help: podman-run-ssl-host  - Run the container on HTTPS with --network-host (port 4444, self-signed)
@@ -1455,8 +1482,8 @@ container-run-ssl-safe: container-validate container-run-ssl
 # help: podman-top           - Show live top-level process info in container
 
 .PHONY: podman-dev podman podman-prod podman-build podman-run podman-run-shell \
-        podman-run-ssl podman-run-ssl-host podman-stop podman-test podman-logs \
-        podman-stats podman-top podman-shell
+        podman-run-host podman-run-ssl podman-run-ssl-host podman-stop podman-test \
+        podman-logs podman-stats podman-top podman-shell
 
 podman-dev:
 	@$(MAKE) container-build CONTAINER_RUNTIME=podman CONTAINER_FILE=Containerfile
@@ -1473,6 +1500,9 @@ podman-build:
 podman-run:
 	@$(MAKE) container-run CONTAINER_RUNTIME=podman
 
+podman-run-host:
+	@$(MAKE) container-run-host CONTAINER_RUNTIME=podman
+
 podman-run-shell:
 	@echo "🚀  Starting podman container shell..."
 	podman run --name $(PROJECT_NAME)-shell \
@@ -1522,13 +1552,14 @@ podman-top:
 # help: docker               - Build production Docker image
 # help: docker-prod          - Build production container image (using ubi-micro → scratch). Not supported on macOS.
 # help: docker-run           - Run the container on HTTP  (port 4444)
+# help: docker-run-host      - Run the container on HTTP  (port 4444) with --network-host
 # help: docker-run-ssl       - Run the container on HTTPS (port 4444, self-signed)
 # help: docker-run-ssl-host  - Run the container on HTTPS with --network-host (port 4444, self-signed)
 # help: docker-stop          - Stop & remove the container
 # help: docker-test          - Quick curl smoke-test against the container
 # help: docker-logs          - Follow container logs (⌃C to quit)
 
-.PHONY: docker-dev docker docker-prod docker-build docker-run docker-run-ssl \
+.PHONY: docker-dev docker docker-prod docker-build docker-run docker-run-host docker-run-ssl \
         docker-run-ssl-host docker-stop docker-test docker-logs docker-stats \
         docker-top docker-shell
 
@@ -1547,6 +1578,9 @@ docker-build:
 docker-run:
 	@$(MAKE) container-run CONTAINER_RUNTIME=docker
 
+docker-run-host:
+	@$(MAKE) container-run-host CONTAINER_RUNTIME=docker
+
 docker-run-ssl:
 	@$(MAKE) container-run-ssl CONTAINER_RUNTIME=docker
 

Makefile

@@ -16,7 +16,7 @@ cssselect2>=0.8.0
 defusedxml>=0.7.1
 EditorConfig>=0.17.1
 flatten-json>=0.1.14
-fonttools>=4.58.5
+fonttools>=4.59.0
 funcparserlib>=1.0.1
 ghp-import>=2.1.0
 gitdb>=4.0.12

docs/requirements.txt

@@ -2667,7 +2667,7 @@ async def admin_add_resource(request: Request, db: Session = Depends(get_db), us
         >>>
         >>> async def test_admin_add_resource():
         ...     response = await admin_add_resource(mock_request, mock_db, mock_user)
-        ...     return isinstance(response, RedirectResponse) and response.status_code == 303
+        ...     return isinstance(response, JSONResponse) and response.status_code == 200 and response.body.decode() == '{"message":"Add resource registered successfully!","success":true}'
         >>>
         >>> import asyncio; asyncio.run(test_admin_add_resource())
         True
@@ -2685,9 +2685,10 @@ async def admin_add_resource(request: Request, db: Session = Depends(get_db), us
             content=form["content"],
         )
         await resource_service.register_resource(db, resource)
-
-        root_path = request.scope.get("root_path", "")
-        return RedirectResponse(f"{root_path}/admin#resources", status_code=303)
+        return JSONResponse(
+            content={"message": "Add resource registered successfully!", "success": True},
+            status_code=200,
+        )
     except Exception as ex:
         if isinstance(ex, ValidationError):
             logger.error(f"ValidationError in admin_add_resource: {ErrorFormatter.format_validation_error(ex)}")
@@ -2696,6 +2697,7 @@ async def admin_add_resource(request: Request, db: Session = Depends(get_db), us
             error_message = ErrorFormatter.format_database_error(ex)
             logger.error(f"IntegrityError in admin_add_resource: {error_message}")
             return JSONResponse(status_code=409, content=error_message)
+
         logger.error(f"Error in admin_add_resource: {ex}")
         return JSONResponse(content={"message": str(ex), "success": False}, status_code=500)
 

mcpgateway/admin.py

@@ -31,6 +31,7 @@
 import json
 import logging
 from typing import Any, AsyncIterator, Dict, List, Optional, Union
+from urllib.parse import urlparse, urlunparse
 
 # Third-Party
 from fastapi import (
@@ -54,6 +55,7 @@
 from sqlalchemy.exc import IntegrityError
 from sqlalchemy.orm import Session
 from starlette.middleware.base import BaseHTTPMiddleware
+from uvicorn.middleware.proxy_headers import ProxyHeadersMiddleware
 
 # First-Party
 from mcpgateway import __version__
@@ -476,6 +478,9 @@ async def __call__(self, scope, receive, send):
 # Add streamable HTTP middleware for /mcp routes
 app.add_middleware(MCPPathRewriteMiddleware)
 
+# Trust all proxies (or lock down with a list of host patterns)
+app.add_middleware(ProxyHeadersMiddleware, trusted_hosts="*")
+
 
 # Set up Jinja2 templates and store in app state for later use
 templates = Jinja2Templates(directory=str(settings.templates_dir))
@@ -597,6 +602,42 @@ async def invalidate_resource_cache(uri: Optional[str] = None) -> None:
         resource_cache.clear()
 
 
+def get_protocol_from_request(request: Request) -> str:
+    """
+    Return "https" or "http" based on:
+     1) X-Forwarded-Proto (if set by a proxy)
+     2) request.url.scheme  (e.g. when Gunicorn/Uvicorn is terminating TLS)
+
+    Args:
+        request (Request): The FastAPI request object.
+
+    Returns:
+        str: The protocol used for the request, either "http" or "https".
+    """
+    forwarded = request.headers.get("x-forwarded-proto")
+    if forwarded:
+        # may be a comma-separated list; take the first
+        return forwarded.split(",")[0].strip()
+    return request.url.scheme
+
+
+def update_url_protocol(request: Request) -> str:
+    """
+    Update the base URL protocol based on the request's scheme or forwarded headers.
+
+    Args:
+        request (Request): The FastAPI request object.
+
+    Returns:
+        str: The base URL with the correct protocol.
+    """
+    parsed = urlparse(str(request.base_url))
+    proto = get_protocol_from_request(request)
+    new_parsed = parsed._replace(scheme=proto)
+    # urlunparse keeps netloc and path intact
+    return urlunparse(new_parsed).rstrip("/")
+
+
 # Protocol APIs #
 @protocol_router.post("/initialize")
 async def initialize(request: Request, user: str = Depends(require_auth)) -> InitializeResult:
@@ -919,8 +960,9 @@ async def sse_endpoint(request: Request, server_id: str, user: str = Depends(req
     """
     try:
         logger.debug(f"User {user} is establishing SSE connection for server {server_id}")
-        base_url = str(request.base_url).rstrip("/")
+        base_url = update_url_protocol(request)
         server_sse_url = f"{base_url}/servers/{server_id}"
+
         transport = SSETransport(base_url=server_sse_url)
         await transport.connect()
         await session_registry.add_session(transport.session_id, transport)
@@ -2055,7 +2097,8 @@ async def utility_sse_endpoint(request: Request, user: str = Depends(require_aut
     """
     try:
         logger.debug("User %s requested SSE connection", user)
-        base_url = str(request.base_url).rstrip("/")
+        base_url = update_url_protocol(request)
+
         transport = SSETransport(base_url=base_url)
         await transport.connect()
         await session_registry.add_session(transport.session_id, transport)

mcpgateway/main.py

@@ -4183,48 +4183,70 @@ async function handleGatewayFormSubmit(e) {
     }
 }
 
-function handleResourceFormSubmit(e) {
+async function handleResourceFormSubmit(e) {
     e.preventDefault();
     const form = e.target;
     const formData = new FormData(form);
+    const status = safeGetElement("status-resources");
+    const loading = safeGetElement("add-gateway-loading");
+    try {
+        // Validate inputs
+        const name = formData.get("name");
+        const uri = formData.get("uri");
+        const nameValidation = validateInputName(name, "resource");
+        const uriValidation = validateInputName(uri, "resource URI");
 
-    // Validate inputs
-    const name = formData.get("name");
-    const uri = formData.get("uri");
+        if (!nameValidation.valid) {
+            showErrorMessage(nameValidation.error);
+            return;
+        }
 
-    const nameValidation = validateInputName(name, "resource");
-    const uriValidation = validateInputName(uri, "resource URI");
+        if (!uriValidation.valid) {
+            showErrorMessage(uriValidation.error);
+            return;
+        }
 
-    if (!nameValidation.valid) {
-        showErrorMessage(nameValidation.error);
-        return;
-    }
+        if (loading) {
+            loading.style.display = "block";
+        }
+        if (status) {
+            status.textContent = "";
+            status.classList.remove("error-status");
+        }
+        
+        const isInactiveCheckedBool = isInactiveChecked("resources");
+        formData.append("is_inactive_checked", isInactiveCheckedBool);
 
-    if (!uriValidation.valid) {
-        showErrorMessage(uriValidation.error);
-        return;
-    }
+        const response = await fetchWithTimeout(
+                `${window.ROOT_PATH}/admin/resources`,
+                {
+                    method: "POST",
+                    body: formData,
+                },
+            );
 
-    fetchWithTimeout(`${window.ROOT_PATH}/admin/resources`, {
-        method: "POST",
-        body: formData,
-    })
-        .then((response) => {
-            if (!response.ok) {
-                const status = safeGetElement("status-resources");
-                if (status) {
-                    status.textContent = "Connection failed!";
-                    status.classList.add("error-status");
-                }
-                throw new Error("Network response was not ok");
-            } else {
-                location.reload();
+        const result = await response.json();
+        if (!result.success) {
+            throw new Error(result.message || "An error occurred");
+        } else {
+            const redirectUrl = isInactiveCheckedBool
+                ? `${window.ROOT_PATH}/admin?include_inactive=true#resources`
+                : `${window.ROOT_PATH}/admin#resources`;
+            window.location.href = redirectUrl;
             }
-        })
-        .catch((error) => {
+        } catch (error) {
             console.error("Error:", error);
-            showErrorMessage("Failed to create resource");
-        });
+            if (status) {
+                status.textContent = error.message || "An error occurred!";
+                status.classList.add("error-status");
+            }
+            showErrorMessage(error.message);
+        } finally {
+            // location.reload();
+            if (loading) {
+                loading.style.display = "none";
+            }
+        }		
 }
 
 async function handleServerFormSubmit(e) {