Fix MCP multi user server

Co-authored-by: Vinicius Negrisolo <vinicius.negrisolo@hashrocket.com>
Co-authored-by: Gabriel Reis <gabriel.reis@hashrocket.com>

Author: 3 people

lib/tilex/mcp/new_post.ex

@@ -9,12 +9,14 @@ defmodule Tilex.MCP.NewPost do
 
   import Ecto.Query, only: [from: 2]
 
-  alias Ecto.Changeset
   alias Anubis.Server.Response
+  alias Ecto.Changeset
   alias Tilex.Blog.Channel
   alias Tilex.Blog.Developer
+  alias Tilex.Blog.Developer
   alias Tilex.Blog.Post
   alias Tilex.Repo
+  alias Tilex.Repo
   alias TilexWeb.Endpoint
   alias TilexWeb.Router.Helpers, as: Routes
 
@@ -57,7 +59,16 @@ defmodule Tilex.MCP.NewPost do
   end
 
   defp get_current_user(frame) do
-    case Map.get(frame.assigns, :current_user) do
+    headers = Enum.into(frame.transport.req_headers, %{})
+    signed_token = headers["x-api-key"]
+
+    with "" <> _ <- signed_token,
+         {:ok, mcp_api_key} <- Developer.verify_mcp_api_key(TilexWeb.Endpoint, signed_token) do
+      Repo.one(from d in Developer, where: d.mcp_api_key == ^mcp_api_key)
+    else
+      _ -> nil
+    end
+    |> case do
       nil -> {:error, "User is not authenticated to create TILs"}
       %Developer{} = user -> {:ok, user}
     end

lib/tilex/mcp/server.ex

@@ -1,29 +1,6 @@
 defmodule Tilex.MCP.Server do
   use Anubis.Server, name: "TIL", version: "1.0.0", capabilities: [:resources, :tools]
 
-  import Ecto.Query, only: [from: 2]
-
-  alias Tilex.Repo
-  alias Tilex.Blog.Developer
-
   component(Tilex.MCP.ListChannels)
   component(Tilex.MCP.NewPost)
-
-  @impl true
-  def init(_arg, frame) do
-    headers = Enum.into(frame.transport.req_headers, %{})
-    user = get_current_user(headers["x-api-key"])
-    assigns = Map.put(frame.assigns || %{}, :current_user, user)
-    frame = Map.put(frame, :assigns, assigns)
-    {:ok, frame}
-  end
-
-  defp get_current_user(signed_token) do
-    with "" <> _ <- signed_token,
-         {:ok, mcp_api_key} <- Developer.verify_mcp_api_key(TilexWeb.Endpoint, signed_token) do
-      Repo.one(from d in Developer, where: d.mcp_api_key == ^mcp_api_key)
-    else
-      _ -> nil
-    end
-  end
 end

test/tilex/mcp/new_post_test.exs

@@ -2,14 +2,28 @@ defmodule Tilex.MCP.NewPostTest do
   use Tilex.DataCase, async: false
 
   alias Anubis.Server.Response
+  alias Tilex.Blog.Developer
   alias Tilex.Blog.Post
   alias Tilex.Factory
   alias Tilex.MCP.NewPost
   alias Tilex.Repo
 
   describe "execute/2" do
-    test "creates post successfully with valid data and authenticated user" do
-      developer = Factory.insert!(:developer)
+    setup do
+      %{
+        mcp_api_key: mcp_api_key,
+        signed_token: signed_token
+      } = Developer.generate_mcp_api_key(TilexWeb.Endpoint)
+
+      developer = Factory.insert!(:developer, mcp_api_key: mcp_api_key)
+
+      [developer: developer, signed_token: signed_token]
+    end
+
+    test "creates post successfully with valid data and authenticated user", %{
+      developer: developer,
+      signed_token: signed_token
+    } do
       channel = Factory.insert!(:channel, name: "elixir")
 
       title = "My First TIL"
@@ -23,7 +37,7 @@ defmodule Tilex.MCP.NewPostTest do
         body: body
       }
 
-      frame = %{assigns: %{current_user: developer}}
+      frame = %{transport: %{req_headers: %{"x-api-key" => signed_token}}}
 
       assert {:reply, response, returned_frame} = NewPost.execute(input, frame)
 
@@ -64,7 +78,7 @@ defmodule Tilex.MCP.NewPostTest do
         body: body
       }
 
-      frame = %{assigns: %{}}
+      frame = %{transport: %{req_headers: %{}}}
 
       assert {:reply, response, returned_frame} = NewPost.execute(input, frame)
 
@@ -82,9 +96,7 @@ defmodule Tilex.MCP.NewPostTest do
              } = response
     end
 
-    test "raises error when channel does not exist" do
-      developer = Factory.insert!(:developer)
-
+    test "raises error when channel does not exist", %{signed_token: signed_token} do
       title = "My First TIL"
       body = "Today I learned something amazing about Elixir."
 
@@ -94,7 +106,7 @@ defmodule Tilex.MCP.NewPostTest do
         body: body
       }
 
-      frame = %{assigns: %{current_user: developer}}
+      frame = %{transport: %{req_headers: %{"x-api-key" => signed_token}}}
 
       assert {:reply, response, returned_frame} = NewPost.execute(input, frame)
 
@@ -112,8 +124,7 @@ defmodule Tilex.MCP.NewPostTest do
              } = response
     end
 
-    test "returns validation error" do
-      developer = Factory.insert!(:developer)
+    test "returns validation error", %{signed_token: signed_token} do
       channel = Factory.insert!(:channel, name: "elixir")
 
       title = String.duplicate("a", 51)
@@ -125,7 +136,7 @@ defmodule Tilex.MCP.NewPostTest do
         body: body
       }
 
-      frame = %{assigns: %{current_user: developer}}
+      frame = %{transport: %{req_headers: %{"x-api-key" => signed_token}}}
 
       assert {:reply, response, returned_frame} = NewPost.execute(input, frame)