Merge pull request #18 from cloudflare/auth-improvements

automatically login on server start

Author: geelen

README.md

@@ -18,13 +18,9 @@ This lets you use Claude Desktop, or any MCP Client, to use natural language to
 
 ## Setup
 
-1. Make sure you are logged in to Cloudflare via Wrangler:
-   ```bash
-   npx wrangler login
-   ```
-   This authentication is required for the MCP server to access your Cloudflare resources when testing locally.
+1. Run `npx @cloudflare/mcp-server-cloudflare init`
 
-2. Run `npx @cloudflare/mcp-server-cloudflare init`
+   > **Note:** The MCP server will automatically run `npx wrangler login` if you're not already authenticated with Cloudflare. You'll be prompted to complete the authentication process in your browser if needed.
 
 <div align="left">
     <img src="https://github.com/user-attachments/assets/163bed75-ec0c-478a-94b2-179969a90923" alt="Example console output" width="300"/>
@@ -178,7 +174,7 @@ Then, in a second terminal:
 node dist/index.js init
 ```
 
-This will link Claude Desktop against your locally-installed version for you to test.
+This will link Claude Desktop against your locally-installed version for you to test. If you're not already authenticated with Wrangler, the server will automatically prompt you to complete the authentication process in your browser.
 
 ## Testing
 

src/index.ts

@@ -2,7 +2,7 @@
 import { init } from './init'
 import { config, log } from './utils/helpers'
 import { main } from './main'
-import { getAuthTokens, isAccessTokenExpired, LocalState, refreshToken } from './utils/wrangler'
+import { getAuthTokens, isAccessTokenExpired, LocalState, refreshToken, ensureWranglerAuthentication } from './utils/wrangler'
 
 // Handle process events
 process.on('uncaughtException', (error) => {
@@ -32,15 +32,13 @@ if (cmd === 'init') {
   config.accountId = accountId
 
   if (!config.accountId || !config.apiToken) {
-    getAuthTokens()
-
-    if (isAccessTokenExpired()) {
-      if (await refreshToken()) {
-        console.log('Successfully refreshed access token')
-      } else {
-        console.log('Failed to refresh access token')
-      }
+    // Ensure the user is authenticated with Wrangler
+    const isAuthenticated = await ensureWranglerAuthentication()
+    if (!isAuthenticated) {
+      throw new Error('Failed to authenticate with Wrangler. Please run `npx wrangler login` manually and try again.')
     }
+    
+    // Set the API token from the authenticated state
     config.apiToken = LocalState.accessToken?.value
   }
 

src/init.ts

@@ -3,12 +3,10 @@ import { exec } from 'child_process'
 import { promisify } from 'util'
 import {
   AccountInfo,
+  ensureWranglerAuthentication,
   fetchInternal,
   FetchResult,
-  getAuthTokens,
-  isAccessTokenExpired,
   isDirectory,
-  refreshToken,
 } from './utils/wrangler'
 import chalk from 'chalk'
 import os from 'node:os'
@@ -37,29 +35,12 @@ export async function init(accountTag: string | undefined) {
   startSection(`Checking for existing Wrangler auth info`, `Step 1 of 3`)
   updateStatus(chalk.gray(`If anything goes wrong, try running 'npx wrangler@latest login' manually and retrying.`))
 
-  try {
-    getAuthTokens()
-  } catch (e: any) {
-    updateStatus(`${chalk.underline.red('Warning:')} ${chalk.gray(e.message)}`, false)
-    updateStatus(`Running '${chalk.yellow('npx wrangler login')}' and retrying...`, false)
-
-    const { stderr, stdout } = await execAsync('npx wrangler@latest login')
-    if (stderr) updateStatus(chalk.gray(stderr))
-
-    getAuthTokens()
+  const authenticated = await ensureWranglerAuthentication()
+  if (!authenticated) {
+    throw new Error('Failed to authenticate with Wrangler. Please try running npx wrangler@latest login manually and then retry.')
   }
 
   updateStatus(`Wrangler auth info loaded!`)
-
-  if (isAccessTokenExpired()) {
-    updateStatus(`Access token expired, refreshing...`, false)
-    if (await refreshToken()) {
-      updateStatus('Successfully refreshed access token')
-    } else {
-      throw new Error('Failed to refresh access token')
-    }
-  }
-
   endSection('Done')
   startSection(`Fetching account info`, `Step 2 of 3`)
 

src/utils/wrangler.ts

@@ -11,6 +11,8 @@ import TOML from '@iarna/toml'
 import assert from 'node:assert'
 import { mcpCloudflareVersion } from './helpers'
 import { fetch, Headers, Response, RequestInit, HeadersInit } from 'undici'
+import { exec } from 'child_process'
+import { promisify } from 'util'
 
 export function isDirectory(configPath: string) {
   try {
@@ -449,3 +451,48 @@ export interface FetchResult<ResponseType = unknown> {
 }
 
 export type AccountInfo = { name: string; id: string }
+
+const execAsync = promisify(exec)
+
+/**
+ * Checks if the user is authenticated with Wrangler and runs the login command if needed.
+ * @returns A promise that resolves to true if the user is authenticated, false otherwise
+ */
+export async function ensureWranglerAuthentication(): Promise<boolean> {
+  try {
+    // Try to get auth tokens
+    getAuthTokens()
+    
+    // If tokens are expired, try to refresh them
+    if (isAccessTokenExpired()) {
+      console.log('Wrangler access token expired, attempting to refresh...')
+      if (await refreshToken()) {
+        console.log('Successfully refreshed Wrangler access token')
+        return true
+      } else {
+        console.log('Failed to refresh Wrangler access token, running wrangler login...')
+      }
+    } else {
+      // Tokens exist and are not expired
+      return true
+    }
+  } catch (e) {
+    // If we can't get auth tokens, we need to run wrangler login
+    console.log('No Wrangler authentication found, running wrangler login...')
+  }
+
+  try {
+    // Run wrangler login
+    console.log('Running npx wrangler login. Please follow the prompts in your browser...')
+    const { stderr, stdout } = await execAsync('npx wrangler@latest login')
+    if (stderr) console.error(stderr)
+    if (stdout) console.log(stdout)
+    
+    // Try to get auth tokens again
+    getAuthTokens()
+    return true
+  } catch (error) {
+    console.error('Failed to run wrangler login:', error)
+    return false
+  }
+}