mikkel/telegram-bot-mcp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13 commits 1 branch 0 tags 130 KiB
Commit graph

8 commits

Author SHA1 Message Date
Mikkel Georgsen
5d08e15b0f security: replace open OAuth with Forgejo-backed authentication 
Uses FastMCP OAuthProxy to proxy OAuth to Forgejo (git.georgsen.dk).
Only users who can authenticate with Forgejo get MCP access.
DCR is still used for client registration, but authorization
requires Forgejo login.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 11:42:31 +00:00
Mikkel Georgsen
50c3b116f7 security: restrict /api/ingest to internal IPs only 
Checks X-Forwarded-For/X-Real-IP from NPM proxy to get real client IP.
Only allows localhost, LAN (10.5.0.x), and NetBird (100.79.x) prefixes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 11:35:53 +00:00
Mikkel Georgsen
1dff4630fe fix: use FastMCP's InMemoryOAuthProvider instead of custom implementation 
Replaced hand-rolled OAuth with FastMCP's battle-tested
InMemoryOAuthProvider. Handles DCR, PKCE, token exchange,
refresh tokens, and revocation out of the box.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 11:32:01 +00:00
Mikkel Georgsen
1296310adb fix: implement authorize() to auto-approve and redirect with code 
Parent's authorize() is abstract and returned None, causing /None redirect.
Override creates auth code and redirects to callback immediately.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 11:29:13 +00:00
Mikkel Georgsen
5086716387 feat: implement concrete OAuth provider with in-memory storage 
OAuthProvider is abstract — subclassed as HomelabOAuth with full
implementation of register_client, get_client, create/exchange
authorization codes, token issuance, PKCE verification, and
refresh token rotation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 11:22:20 +00:00
Mikkel Georgsen
a71595b9d8 feat: replace custom OAuth with FastMCP built-in OAuthProvider 
FastMCP's OAuthProvider handles the full OAuth flow including DCR
(Dynamic Client Registration), authorization code + PKCE, token
issuance, and refresh tokens. No more custom auth code.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 11:18:16 +00:00
Mikkel Georgsen
494bb510d3 feat: add ingest API + health endpoint, fix bot-to-bot logging 
Telegram bots can't see messages from other bots in groups. Added:
- POST /api/ingest - local services log messages into bridge DB
- GET /api/health - status check endpoint
- Fixed post_init not running (manual init lifecycle)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 08:39:44 +00:00
Mikkel Georgsen
1cb16e6e8f feat: MCP bridge - Telegram group logger + FastMCP HTTP server 
Single-process Python app that:
- Runs a Telegram bot in a group chat, logging all messages/files to libsql
- Exposes send_message, pull_updates, queue_status MCP tools over HTTP
- Downloads and stores file attachments with Telegram file_id + local path
- Accessible via NetBird mesh at mgmt.mg:8321 (no auth needed)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-29 23:56:05 +00:00