fix: add showing html response also if auth is disabled (#61)

kosmoz · web-flow · commit 39e5729bf4fb · 2025-09-15T10:57:33.000+02:00
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -13,6 +13,7 @@ import (
 	"github.com/go-chi/cors"
 	"github.com/go-logr/stdr"
 	"github.com/hyprmcp/mcp-gateway/config"
+	"github.com/hyprmcp/mcp-gateway/htmlresponse"
 	"github.com/hyprmcp/mcp-gateway/log"
 	"github.com/hyprmcp/mcp-gateway/oauth"
 	"github.com/hyprmcp/mcp-gateway/proxy"
@@ -107,6 +108,7 @@ func runServe(ctx context.Context, opts ServeOptions) error {
 func newRouter(ctx context.Context, config *config.Config) (http.Handler, error) {
 	mux := http.NewServeMux()
 
+	htmlHandler := htmlresponse.NewHandler(config, false)
 	oauthManager, err := oauth.NewManager(ctx, config)
 	if err != nil {
 		return nil, err
@@ -119,6 +121,7 @@ func newRouter(ctx context.Context, config *config.Config) (http.Handler, error)
 	for _, proxyConfig := range config.Proxy {
 		if proxyConfig.Http != nil && proxyConfig.Http.Url != nil {
 			handler := proxy.NewProxyHandler(&proxyConfig)
+			handler = htmlHandler.Handler(handler)
 
 			if proxyConfig.Authentication.Enabled {
 				handler = oauthManager.Handler(handler)
diff --git a/htmlresponse/handle.go b/htmlresponse/handle.go
@@ -17,6 +17,10 @@ var (
 	tpl *template.Template
 )
 
+const (
+	ContentTypeTextHTML = "text/html"
+)
+
 func init() {
 	if t, err := template.New("").Parse(ts); err != nil {
 		panic(err)
@@ -26,14 +30,28 @@ func init() {
 }
 
 type handler struct {
-	config *config.Config
+	config         *config.Config
+	alwaysCallNext bool
+}
+
+func NewHandler(config *config.Config, alwaysCallNext bool) *handler {
+	return &handler{config: config, alwaysCallNext: alwaysCallNext}
 }
 
-func NewHandler(config *config.Config) *handler {
-	return &handler{config: config}
+func (h *handler) Handler(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		isAcceptHTML := strings.Contains(r.Header.Get("Accept"), ContentTypeTextHTML)
+		if h.alwaysCallNext || !isAcceptHTML {
+			next.ServeHTTP(w, r)
+		}
+
+		if isAcceptHTML {
+			h.handleHtml(w, r)
+		}
+	})
 }
 
-func (h *handler) Handle(w http.ResponseWriter, r *http.Request) error {
+func (h *handler) handleHtml(w http.ResponseWriter, r *http.Request) {
 	var data struct {
 		Name string
 		Url  string
@@ -49,5 +67,11 @@ func (h *handler) Handle(w http.ResponseWriter, r *http.Request) error {
 		data.Name = ps[nameIdx]
 	}
 
-	return tpl.Execute(w, data)
+	w.Header().Set("Content-Type", ContentTypeTextHTML)
+
+	if !h.alwaysCallNext {
+		w.WriteHeader(http.StatusNotAcceptable)
+	}
+
+	_ = tpl.Execute(w, data)
 }
diff --git a/oauth/oauth.go b/oauth/oauth.go
@@ -85,35 +85,27 @@ func (mgr *Manager) Register(mux *http.ServeMux) error {
 }
 
 func (mgr *Manager) Handler(next http.Handler) http.Handler {
-	htmlHandler := htmlresponse.NewHandler(mgr.config)
+	htmlHandler := htmlresponse.NewHandler(mgr.config, true)
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		rawToken :=
 			strings.TrimSpace(strings.TrimPrefix(strings.TrimSpace(r.Header.Get("Authorization")), "Bearer"))
-
-		shouldCallNext := true
-
-		token, err := jwt.ParseString(rawToken, jwt.WithKeySet(mgr.jwkSet))
-		if err != nil {
-			metadataURL, _ := url.Parse(mgr.config.Host.String())
-			metadataURL.Path = ProtectedResourcePath
-			metadataURL = metadataURL.JoinPath(r.URL.Path)
-			w.Header().Set(
-				"WWW-Authenticate",
-				fmt.Sprintf(`Bearer resource_metadata="%s"`, metadataURL.String()),
-			)
-			w.WriteHeader(http.StatusUnauthorized)
-			shouldCallNext = false
-		}
-
-		if strings.Contains(r.Header.Get("Accept"), "text/html") {
-			if err := htmlHandler.Handle(w, r); err != nil {
-				log.Get(r.Context()).Error(err, "failed to handle html response")
-			}
-			shouldCallNext = false
-		}
-
-		if shouldCallNext {
+		if token, err := jwt.ParseString(rawToken, jwt.WithKeySet(mgr.jwkSet)); err != nil {
+			htmlHandler.Handler(mgr.unauthorizedHandler()).ServeHTTP(w, r)
+		} else {
 			next.ServeHTTP(w, r.WithContext(TokenContext(r.Context(), token, rawToken)))
 		}
 	})
 }
+
+func (mgr *Manager) unauthorizedHandler() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		metadataURL, _ := url.Parse(mgr.config.Host.String())
+		metadataURL.Path = ProtectedResourcePath
+		metadataURL = metadataURL.JoinPath(r.URL.Path)
+		w.Header().Set(
+			"WWW-Authenticate",
+			fmt.Sprintf(`Bearer resource_metadata="%s"`, metadataURL.String()),
+		)
+		w.WriteHeader(http.StatusUnauthorized)
+	}
+}
