Add scope challenge & pat filtering based on token scopes

omgitsads · omgitsads · commit 7f6e0e870167 · 2026-01-30T15:10:12.000+01:00
diff --git a/cmd/github-mcp-server/main.go b/cmd/github-mcp-server/main.go
@@ -109,6 +109,7 @@ var (
 				ContentWindowSize:    viper.GetInt("content-window-size"),
 				LockdownMode:         viper.GetBool("lockdown-mode"),
 				RepoAccessCacheTTL:   &ttl,
+				ScopeChallenge:       viper.GetBool("scope-challenge"),
 			}
 
 			return ghhttp.RunHTTPServer(httpConfig)
@@ -141,6 +142,7 @@ func init() {
 	httpCmd.PersistentFlags().Int("port", 8082, "HTTP server port")
 	httpCmd.PersistentFlags().String("base-url", "", "Base URL where this server is publicly accessible (for OAuth resource metadata)")
 	httpCmd.PersistentFlags().String("base-path", "", "Externally visible base path for the HTTP server (for OAuth resource metadata)")
+	httpCmd.PersistentFlags().Bool("scope-challenge", false, "Enable OAuth scope challenge responses and tool filtering based on token scopes")
 
 	// Bind flag to viper
 	_ = viper.BindPFlag("toolsets", rootCmd.PersistentFlags().Lookup("toolsets"))
@@ -161,6 +163,7 @@ func init() {
 	_ = viper.BindPFlag("port", httpCmd.PersistentFlags().Lookup("port"))
 	_ = viper.BindPFlag("base-url", httpCmd.PersistentFlags().Lookup("base-url"))
 	_ = viper.BindPFlag("base-path", httpCmd.PersistentFlags().Lookup("base-path"))
+	_ = viper.BindPFlag("scope-challenge", httpCmd.PersistentFlags().Lookup("scope-challenge"))
 
 	// Add subcommands
 	rootCmd.AddCommand(stdioCmd)
diff --git a/internal/ghmcp/server.go b/internal/ghmcp/server.go
@@ -366,13 +366,8 @@ func fetchTokenScopesForHost(ctx context.Context, token, host string) ([]string,
 		return nil, fmt.Errorf("failed to parse API host: %w", err)
 	}
 
-	baseRestURL, err := apiHost.BaseRESTURL(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get base REST URL: %w", err)
-	}
-
 	fetcher := scopes.NewFetcher(scopes.FetcherOptions{
-		APIHost: baseRestURL.String(),
+		APIHost: apiHost,
 	})
 
 	return fetcher.FetchTokenScopes(ctx, token)
diff --git a/pkg/context/token.go b/pkg/context/token.go
@@ -14,17 +14,26 @@ var tokenCtxKey tokenCtx = "tokenctx"
 type TokenInfo struct {
 	Token     string
 	TokenType utils.TokenType
+	Scopes    []string
 }
 
 // WithTokenInfo adds TokenInfo to the context
-func WithTokenInfo(ctx context.Context, token string, tokenType utils.TokenType) context.Context {
-	return context.WithValue(ctx, tokenCtxKey, TokenInfo{Token: token, TokenType: tokenType})
+func WithTokenInfo(ctx context.Context, tokenInfo *TokenInfo) context.Context {
+	return context.WithValue(ctx, tokenCtxKey, tokenInfo)
+}
+
+func SetTokenScopes(ctx context.Context, scopes []string) context.Context {
+	if tokenInfo, ok := GetTokenInfo(ctx); ok {
+		tokenInfo.Scopes = scopes
+		return WithTokenInfo(ctx, tokenInfo)
+	}
+	return ctx
 }
 
 // GetTokenInfo retrieves the authentication token from the context
-func GetTokenInfo(ctx context.Context) (TokenInfo, bool) {
-	if tokenInfo, ok := ctx.Value(tokenCtxKey).(TokenInfo); ok {
+func GetTokenInfo(ctx context.Context) (*TokenInfo, bool) {
+	if tokenInfo, ok := ctx.Value(tokenCtxKey).(*TokenInfo); ok {
 		return tokenInfo, true
 	}
-	return TokenInfo{}, false
+	return nil, false
 }
diff --git a/pkg/http/handler.go b/pkg/http/handler.go
@@ -11,7 +11,9 @@ import (
 	"github.com/github/github-mcp-server/pkg/http/middleware"
 	"github.com/github/github-mcp-server/pkg/http/oauth"
 	"github.com/github/github-mcp-server/pkg/inventory"
+	"github.com/github/github-mcp-server/pkg/scopes"
 	"github.com/github/github-mcp-server/pkg/translations"
+	"github.com/github/github-mcp-server/pkg/utils"
 	"github.com/go-chi/chi/v5"
 	"github.com/modelcontextprotocol/go-sdk/mcp"
 )
@@ -24,20 +26,29 @@ type Handler struct {
 	config                 *ServerConfig
 	deps                   github.ToolDependencies
 	logger                 *slog.Logger
+	apiHosts               utils.APIHostResolver
 	t                      translations.TranslationHelperFunc
 	githubMcpServerFactory GitHubMCPServerFactoryFunc
 	inventoryFactoryFunc   InventoryFactoryFunc
 	oauthCfg               *oauth.Config
+	scopeFetcher           scopes.FetcherInterface
 }
 
 type HandlerOptions struct {
 	GitHubMcpServerFactory GitHubMCPServerFactoryFunc
 	InventoryFactory       InventoryFactoryFunc
 	OAuthConfig            *oauth.Config
+	ScopeFetcher           scopes.FetcherInterface
 }
 
 type HandlerOption func(*HandlerOptions)
 
+func WithScopeFetcher(f scopes.FetcherInterface) HandlerOption {
+	return func(o *HandlerOptions) {
+		o.ScopeFetcher = f
+	}
+}
+
 func WithGitHubMCPServerFactory(f GitHubMCPServerFactoryFunc) HandlerOption {
 	return func(o *HandlerOptions) {
 		o.GitHubMcpServerFactory = f
@@ -62,6 +73,7 @@ func NewHTTPMcpHandler(
 	deps github.ToolDependencies,
 	t translations.TranslationHelperFunc,
 	logger *slog.Logger,
+	apiHost utils.APIHostResolver,
 	options ...HandlerOption) *Handler {
 	opts := &HandlerOptions{}
 	for _, o := range options {
@@ -75,29 +87,39 @@ func NewHTTPMcpHandler(
 
 	inventoryFactory := opts.InventoryFactory
 	if inventoryFactory == nil {
-		inventoryFactory = DefaultInventoryFactory(cfg, t, nil)
+		inventoryFactory = DefaultInventoryFactory(cfg, t, nil, opts.ScopeFetcher)
+	}
+
+	scopeFetcher := opts.ScopeFetcher
+	if scopeFetcher == nil {
+		scopeFetcher = scopes.NewFetcher(scopes.FetcherOptions{
+			APIHost: apiHost,
+		})
 	}
 
 	return &Handler{
 		ctx:                    ctx,
 		config:                 cfg,
 		deps:                   deps,
 		logger:                 logger,
+		apiHosts:               apiHost,
 		t:                      t,
 		githubMcpServerFactory: githubMcpServerFactory,
 		inventoryFactoryFunc:   inventoryFactory,
 		oauthCfg:               opts.OAuthConfig,
+		scopeFetcher:           scopeFetcher,
 	}
 }
 
 func (h *Handler) RegisterMiddleware(r chi.Router) {
 	r.Use(
 		middleware.ExtractUserToken(h.oauthCfg),
 		middleware.WithRequestConfig,
-		middleware.WithScopeChallenge(h.oauthCfg),
 	)
 
-	r.Use(middleware.WithScopeChallenge(h.oauthCfg))
+	if h.config.ScopeChallenge {
+		r.Use(middleware.WithScopeChallenge(h.oauthCfg, h.scopeFetcher))
+	}
 }
 
 // RegisterRoutes registers the routes for the MCP server
@@ -159,7 +181,7 @@ func DefaultGitHubMCPServerFactory(r *http.Request, deps github.ToolDependencies
 	return github.NewMCPServer(r.Context(), cfg, deps, inventory)
 }
 
-func DefaultInventoryFactory(_ *ServerConfig, t translations.TranslationHelperFunc, staticChecker inventory.FeatureFlagChecker) InventoryFactoryFunc {
+func DefaultInventoryFactory(cfg *ServerConfig, t translations.TranslationHelperFunc, staticChecker inventory.FeatureFlagChecker, scopeFetcher scopes.FetcherInterface) InventoryFactoryFunc {
 	return func(r *http.Request) (*inventory.Inventory, error) {
 		b := github.NewInventory(t).WithDeprecatedAliases(github.DeprecatedToolAliases)
 
@@ -170,6 +192,11 @@ func DefaultInventoryFactory(_ *ServerConfig, t translations.TranslationHelperFu
 		}
 
 		b = InventoryFiltersForRequest(r, b)
+
+		if cfg.ScopeChallenge {
+			b = b.WithFilter(ScopeChallengeFilter(r, scopeFetcher))
+		}
+
 		b.WithServerInstructions()
 
 		return b.Build()
@@ -198,3 +225,26 @@ func InventoryFiltersForRequest(r *http.Request, builder *inventory.Builder) *in
 
 	return builder
 }
+
+func ScopeChallengeFilter(r *http.Request, fetcher scopes.FetcherInterface) inventory.ToolFilter {
+	ctx := r.Context()
+
+	tokenInfo, ok := ghcontext.GetTokenInfo(ctx)
+	if !ok || tokenInfo == nil {
+		return nil
+	}
+
+	// Fetch token scopes for scope-based tool filtering (PAT tokens only)
+	// Only classic PATs (ghp_ prefix) return OAuth scopes via X-OAuth-Scopes header.
+	// Fine-grained PATs and other token types don't support this, so we skip filtering.
+	if tokenInfo.TokenType == utils.TokenTypePersonalAccessToken {
+		scopesList, err := fetcher.FetchTokenScopes(ctx, tokenInfo.Token)
+		if err != nil {
+			return nil
+		}
+
+		return github.CreateToolScopeFilter(scopesList)
+	}
+
+	return nil
+}
diff --git a/pkg/http/handler_test.go b/pkg/http/handler_test.go
@@ -12,7 +12,9 @@ import (
 	"github.com/github/github-mcp-server/pkg/github"
 	"github.com/github/github-mcp-server/pkg/http/headers"
 	"github.com/github/github-mcp-server/pkg/inventory"
+	"github.com/github/github-mcp-server/pkg/scopes"
 	"github.com/github/github-mcp-server/pkg/translations"
+	"github.com/github/github-mcp-server/pkg/utils"
 	"github.com/go-chi/chi/v5"
 	"github.com/modelcontextprotocol/go-sdk/mcp"
 	"github.com/stretchr/testify/assert"
@@ -32,6 +34,20 @@ func mockTool(name, toolsetID string, readOnly bool) inventory.ServerTool {
 	}
 }
 
+type allScopesFetcher struct{}
+
+func (f allScopesFetcher) FetchTokenScopes(_ context.Context, _ string) ([]string, error) {
+	return []string{
+		string(scopes.Repo),
+		string(scopes.WriteOrg),
+		string(scopes.User),
+		string(scopes.Gist),
+		string(scopes.Notifications),
+	}, nil
+}
+
+var _ scopes.FetcherInterface = allScopesFetcher{}
+
 func TestInventoryFiltersForRequest(t *testing.T) {
 	tools := []inventory.ServerTool{
 		mockTool("get_file_contents", "repos", true),
@@ -230,6 +246,8 @@ func TestHTTPHandlerRoutes(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			var capturedInventory *inventory.Inventory
 
+			apiHost := utils.NewDefaultAPIHostResolver()
+
 			// Create inventory factory that captures the built inventory
 			inventoryFactory := func(r *http.Request) (*inventory.Inventory, error) {
 				builder := inventory.NewBuilder().
@@ -249,23 +267,32 @@ func TestHTTPHandlerRoutes(t *testing.T) {
 				return mcp.NewServer(&mcp.Implementation{Name: "test", Version: "0.0.1"}, nil), nil
 			}
 
+			allScopesFetcher := allScopesFetcher{}
+
 			// Create handler with our factories
 			handler := NewHTTPMcpHandler(
 				context.Background(),
 				&ServerConfig{Version: "test"},
 				nil, // deps not needed for this test
 				translations.NullTranslationHelper,
 				slog.Default(),
+				apiHost,
 				WithInventoryFactory(inventoryFactory),
 				WithGitHubMCPServerFactory(mcpServerFactory),
+				WithScopeFetcher(allScopesFetcher),
 			)
 
 			// Create router and register routes
 			r := chi.NewRouter()
+			handler.RegisterMiddleware(r)
 			handler.RegisterRoutes(r)
 
 			// Create request
 			req := httptest.NewRequest(http.MethodPost, tt.path, nil)
+
+			// Ensure we're setting Authorization header for token context
+			req.Header.Set(headers.AuthorizationHeader, "Bearer ghp_testtoken")
+
 			for k, v := range tt.headers {
 				req.Header.Set(k, v)
 			}
diff --git a/pkg/http/middleware/scope_challenge.go b/pkg/http/middleware/scope_challenge.go
@@ -57,7 +57,7 @@ func FetchScopesFromGitHubAPI(ctx context.Context, token string, apiHost utils.A
 
 // WithScopeChallenge creates a new middleware that determines if an OAuth request contains sufficient scopes to
 // complete the request and returns a scope challenge if not.
-func WithScopeChallenge(oauthCfg *oauth.Config) func(http.Handler) http.Handler {
+func WithScopeChallenge(oauthCfg *oauth.Config, scopeFetcher scopes.FetcherInterface) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
@@ -136,7 +136,11 @@ func WithScopeChallenge(oauthCfg *oauth.Config) func(http.Handler) http.Handler
 			}
 
 			// Get OAuth scopes from GitHub API
-			activeScopes, err := FetchScopesFromGitHubAPI(ctx, tokenInfo.Token, oauthCfg.ApiHosts)
+			activeScopes, err := scopeFetcher.FetchTokenScopes(ctx, tokenInfo.Token)
+			if err != nil {
+				next.ServeHTTP(w, r)
+				return
+			}
 
 			// Check if user has the required scopes
 			if toolScopeInfo.HasAcceptedScope(activeScopes...) {
diff --git a/pkg/http/middleware/token.go b/pkg/http/middleware/token.go
@@ -26,7 +26,10 @@ func ExtractUserToken(oauthCfg *oauth.Config) func(next http.Handler) http.Handl
 			}
 
 			ctx := r.Context()
-			ctx = ghcontext.WithTokenInfo(ctx, token, tokenType)
+			ctx = ghcontext.WithTokenInfo(ctx, &ghcontext.TokenInfo{
+				Token:     token,
+				TokenType: tokenType,
+			})
 			r = r.WithContext(ctx)
 
 			next.ServeHTTP(w, r)
diff --git a/pkg/http/server.go b/pkg/http/server.go
@@ -57,6 +57,10 @@ type ServerConfig struct {
 
 	// RepoAccessCacheTTL overrides the default TTL for repository access cache entries.
 	RepoAccessCacheTTL *time.Duration
+
+	// ScopeChallenge indicates if we should return OAuth scope challenges, and if we should perform
+	// tool filtering based on token scopes.
+	ScopeChallenge bool
 }
 
 func RunHTTPServer(cfg ServerConfig) error {
@@ -117,8 +121,16 @@ func RunHTTPServer(cfg ServerConfig) error {
 		ResourcePath: cfg.ResourcePath,
 	}
 
+	severOptions := []HandlerOption{}
+	if cfg.ScopeChallenge {
+		scopeFetcher := scopes.NewFetcher(scopes.FetcherOptions{
+			APIHost: apiHost,
+		})
+		severOptions = append(severOptions, WithScopeFetcher(scopeFetcher))
+	}
+
 	r := chi.NewRouter()
-	handler := NewHTTPMcpHandler(ctx, &cfg, deps, t, logger, WithOAuthConfig(oauthCfg))
+	handler := NewHTTPMcpHandler(ctx, &cfg, deps, t, logger, apiHost, append(severOptions, WithOAuthConfig(oauthCfg))...)
 	oauthHandler, err := oauth.NewAuthHandler(oauthCfg)
 	if err != nil {
 		return fmt.Errorf("failed to create OAuth handler: %w", err)
diff --git a/pkg/scopes/fetcher.go b/pkg/scopes/fetcher.go
diff --git a/pkg/scopes/fetcher_test.go b/pkg/scopes/fetcher_test.go
diff --git a/pkg/utils/api.go b/pkg/utils/api.go
