diff --git a/apps/sandbox-container/package.json b/apps/sandbox-container/package.json index 6a79ca05..37f3a33d 100644 --- a/apps/sandbox-container/package.json +++ b/apps/sandbox-container/package.json @@ -9,9 +9,11 @@ "dev": "concurrently \"tsx container/index.ts\" \"wrangler dev --var \"ENVIRONMENT:dev\"\"", "build": "docker build .", "start": "wrangler dev", - "start:container": "tsx container/index.ts" + "start:container": "tsx container/index.ts", + "postinstall": "mkdir -p workdir" }, "dependencies": { + "@cloudflare/workers-oauth-provider": "0.0.2", "@cloudflare/workers-types": "^4.20250320.0", "@hono/node-server": "^1.13.8", "@hono/zod-validator": "^0.4.3", @@ -26,7 +28,8 @@ "partyserver": "^0.0.65", "tsx": "^4.19.3", "workers-mcp": "0.1.0-3", - "zod": "^3.24.2" + "zod": "^3.24.2", + "@repo/mcp-common": "workspace:*" }, "devDependencies": { "concurrently": "^9.1.2", diff --git a/apps/sandbox-container/server/index.ts b/apps/sandbox-container/server/index.ts index 94f9c7db..cc842cac 100644 --- a/apps/sandbox-container/server/index.ts +++ b/apps/sandbox-container/server/index.ts @@ -1,9 +1,11 @@ -import { Hono } from 'hono' -import { Octokit } from 'octokit' -import OAuthProvider, { - AuthRequest, - OAuthHelpers, -} from 'workers-mcp/vendor/workers-oauth-provider/oauth-provider.js' +import OAuthProvider from '@cloudflare/workers-oauth-provider' + +import { + AccountSchema, + CloudflareAuthHandler, + handleTokenExchangeCallback, + UserSchema, +} from '@repo/mcp-common/src/cloudflare-oauth-handler' import { ContainerManager } from './containerManager' import { ContainerMcpAgent } from './containerMcp' @@ -16,9 +18,24 @@ export type Env = { ENVIRONMENT: 'dev' | 'prod' } -// TODO: add user specific props -export type Props = {} - -const app = new Hono<{ Bindings: Env }>() +// Context from the auth process, encrypted & stored in the auth token +// and provided to the DurableMCP as this.props +export type Props = { + accessToken: string + user: UserSchema['result'] + accounts: AccountSchema['result'] +} -export default ContainerMcpAgent.mount('/sse', { binding: 'CONTAINER_MCP_AGENT' }) +export default new OAuthProvider({ + apiRoute: '/workers/sandbox/sse', + // @ts-ignore + apiHandler: ContainerMcpAgent.mount('/workers/sandbox/sse', { binding: 'CONTAINER_MCP_AGENT' }), + // @ts-ignore + defaultHandler: CloudflareAuthHandler, + authorizeEndpoint: '/oauth/authorize', + tokenEndpoint: '/token', + tokenExchangeCallback: handleTokenExchangeCallback, + // Cloudflare access token TTL + accessTokenTTL: 3600, + clientRegistrationEndpoint: '/register', +}) diff --git a/apps/sandbox-container/wrangler.jsonc b/apps/sandbox-container/wrangler.jsonc index 3cd61a3f..4571d316 100644 --- a/apps/sandbox-container/wrangler.jsonc +++ b/apps/sandbox-container/wrangler.jsonc @@ -32,5 +32,14 @@ ], "observability": { "enabled": true + }, + "kv_namespaces": [ + { + "binding": "OAUTH_KV", + "id": "DEV_KV" + } + ], + "dev": { + "port": 8976 } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ef4e2a46..77ef0039 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -51,6 +51,9 @@ importers: apps/sandbox-container: dependencies: + '@cloudflare/workers-oauth-provider': + specifier: 0.0.2 + version: 0.0.2 '@cloudflare/workers-types': specifier: ^4.20250320.0 version: 4.20250410.0 @@ -63,6 +66,9 @@ importers: '@modelcontextprotocol/sdk': specifier: ^1.7.0 version: 1.8.0 + '@repo/mcp-common': + specifier: workspace:* + version: link:../../packages/mcp-common '@types/node': specifier: ^22.13.10 version: 22.14.0