mcp: client registration: store to databroker

2025-04-28 18:06:34 +02:00 · 2025-04-23 15:47:52 -04:00 · 2025-04-23 15:47:52 -04:00 · 459168222d
commit 459168222d
parent 578b3bf8b3
2 changed files with 140 additions and 3 deletions
--- a/internal/mcp/handler_register_client.go
+++ b/internal/mcp/handler_register_client.go
@ -1,11 +1,82 @@
 package mcp

 import (
+	"io"
 	"net/http"
+
+	"github.com/bufbuild/protovalidate-go"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+
+	"github.com/pomerium/pomerium/internal/log"
+	rfc7591v1 "github.com/pomerium/pomerium/internal/rfc7591"
 )

+const maxClientRegistrationPayload = 1024 * 1024 // 1MB
+
 // RegisterClient handles the /register endpoint.
 // It is used to register a new client with the MCP server.
-func (srv *Handler) RegisterClient(w http.ResponseWriter, _ *http.Request) {
-	w.WriteHeader(http.StatusNotImplemented)
+func (srv *Handler) RegisterClient(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	if r.Method != http.MethodPost {
+		http.Error(w, "invalid method", http.StatusMethodNotAllowed)
+		return
+	}
+
+	src := io.LimitReader(r.Body, maxClientRegistrationPayload)
+	defer r.Body.Close()
+
+	data, err := io.ReadAll(src)
+	if err != nil {
+		log.Ctx(ctx).Error().Err(err).Msg("failed to read request body")
+		http.Error(w, "failed to read request body", http.StatusBadRequest)
+		return
+	}
+
+	v := new(rfc7591v1.ClientRegistrationRequest)
+	err = protojson.Unmarshal(data, v)
+	if err != nil {
+		log.Ctx(ctx).Error().Err(err).Msg("failed to unmarshal request body")
+		http.Error(w, "failed to unmarshal request body", http.StatusBadRequest)
+		return
+	}
+
+	err = protovalidate.Validate(v)
+	if err != nil {
+		log.Ctx(ctx).Error().Err(err).Msg("failed to validate request body")
+		clientRegistrationError(w, err, rfc7591v1.ErrorCode_ERROR_CODE_INVALID_CLIENT_METADATA)
+		return
+	}
+
+	resp, err := srv.storage.RegisterClient(ctx, v)
+	if err != nil {
+		log.Ctx(ctx).Error().Err(err).Msg("failed to register client")
+		http.Error(w, "failed to register client", http.StatusInternalServerError)
+	}
+
+	data, err = protojson.MarshalOptions{
+		UseProtoNames: true,
+	}.Marshal(resp)
+	if err != nil {
+		log.Ctx(ctx).Error().Err(err).Msg("failed to marshal response")
+		http.Error(w, "failed to marshal response", http.StatusInternalServerError)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	_, err = w.Write(data)
+	if err != nil {
+		log.Ctx(ctx).Error().Err(err).Msg("failed to write response")
+		return
+	}
+}
+
+func clientRegistrationError(w http.ResponseWriter, err error, code rfc7591v1.ErrorCode) {
+	v := &rfc7591v1.ClientRegistrationErrorResponse{
+		Error:            code,
+		ErrorDescription: proto.String(err.Error()),
+	}
+	data, _ := protojson.Marshal(v)
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusBadRequest)
+	_, _ = w.Write(data)
 }
--- a/internal/mcp/storage.go
+++ b/internal/mcp/storage.go
@ -1,6 +1,16 @@
 package mcp

-import "github.com/pomerium/pomerium/pkg/grpc/databroker"
+import (
+	"context"
+	"fmt"
+
+	"github.com/google/uuid"
+	"google.golang.org/protobuf/proto"
+
+	rfc7591v1 "github.com/pomerium/pomerium/internal/rfc7591"
+	"github.com/pomerium/pomerium/pkg/grpc/databroker"
+	"github.com/pomerium/pomerium/pkg/protoutil"
+)

 type Storage struct {
 	client databroker.DataBrokerServiceClient
@ -14,3 +24,59 @@ func NewStorage(
 		client: client,
 	}
 }
+
+func (storage *Storage) RegisterClient(
+	ctx context.Context,
+	req *rfc7591v1.ClientRegistrationRequest,
+) (*rfc7591v1.ClientInformationResponse, error) {
+	data := protoutil.NewAny(req)
+	id := uuid.NewString()
+	rec, err := storage.client.Put(ctx, &databroker.PutRequest{
+		Records: []*databroker.Record{{
+			Id:   id,
+			Data: data,
+			Type: data.TypeUrl,
+		}},
+	})
+	if err != nil {
+		return nil, err
+	}
+	if len(rec.Records) == 0 {
+		return nil, fmt.Errorf("no records returned")
+	}
+
+	now := rec.Records[0].GetModifiedAt().Seconds
+	return getClientInformation(id, now, req), nil
+}
+
+func getClientInformation(
+	id string,
+	issuedAt int64,
+	req *rfc7591v1.ClientRegistrationRequest,
+) *rfc7591v1.ClientInformationResponse {
+	return &rfc7591v1.ClientInformationResponse{
+		ClientId:                id,
+		ClientIdIssuedAt:        proto.Int64(issuedAt),
+		RedirectUris:            req.RedirectUris,
+		TokenEndpointAuthMethod: req.TokenEndpointAuthMethod,
+		GrantTypes:              req.GrantTypes,
+		ResponseTypes:           req.ResponseTypes,
+		ClientName:              req.ClientName,
+		ClientNameLocalized:     req.ClientNameLocalized,
+		ClientUri:               req.ClientUri,
+		ClientUriLocalized:      req.ClientUriLocalized,
+		LogoUri:                 req.LogoUri,
+		LogoUriLocalized:        req.LogoUriLocalized,
+		Scope:                   req.Scope,
+		Contacts:                req.Contacts,
+		TosUri:                  req.TosUri,
+		TosUriLocalized:         req.TosUriLocalized,
+		PolicyUri:               req.PolicyUri,
+		PolicyUriLocalized:      req.PolicyUriLocalized,
+		JwksUri:                 req.JwksUri,
+		Jwks:                    req.Jwks,
+		SoftwareId:              req.SoftwareId,
+		SoftwareVersion:         req.SoftwareVersion,
+		SoftwareStatement:       req.SoftwareStatement,
+	}
+}