feat: add cookie-based authentication support for GitLab instances 🍪 #100
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
- Add GITLAB_AUTH_COOKIE_PATH environment variable support
- Handle #HttpOnly_ prefix in cookie files properly
- Enable redirect following when cookies are present
- Maintain compatibility with existing token-based auth
- Add GITLAB_AUTH_COOKIE_PATH environment variable support - Handle #HttpOnly_ prefix in cookie files properly - Enable redirect following when cookies are present - Maintain compatibility with existing token-based auth
mattweg
pushed a commit
to mattweg/gitlab-mcp
that referenced
this pull request
Jun 12, 2025
- Update package name to @mattweg/gitlab-mcp - Bump version to 1.0.63-fork.1 - Add attribution to original author zereight - Add deprecation notice referencing upstream PR zereight#100 - Add repository and homepage URLs for fork
zereight
requested changes
Jun 12, 2025
- removed the duplicate GITLAB_AUTH_COOKIE_PATH from README.md
zereight
reviewed
Jun 13, 2025
index.ts
Outdated
Comment on lines
331
to
335
| // Only add redirect following if we have a cookie | ||
| if (authCookie) { | ||
| DEFAULT_FETCH_CONFIG.redirect = 'follow'; | ||
| } | ||
|
|
There was a problem hiding this comment.
It's neat code. However, I am concerned that it seems to be becoming a code that harms the immutability of constants.
I think we need to refactor it for clean code quality as a whole.
If you have a better direction, please suggest it. If not, we will distribute it after the end of the work.
Thank you
There was a problem hiding this comment.
Great feedback. I'll re-approach it with immutability in mind.
There was a problem hiding this comment.
@mattweg thanks so much for your enthusiastic improvement.
There was a problem hiding this comment.
I was thinking about how to solve this immutably.
Option 1
// Create fetch config based on authentication method
const createFetchConfig = (authCookie) => {
return {
...DEFAULT_FETCH_CONFIG,
// Only add redirect following if we have a cookie
...(authCookie ? { redirect: 'follow' } : {})
};
};
// Then use this function when creating the fetch configuration
const fetchConfig = createFetchConfig(authCookie);Option 2
const DEFAULT_FETCH_CONFIG = {
headers: {},
redirect: 'follow' // Always follow redirects
};I don't have a strong preference. The follow setting won't really hurt anything, but it's not needed for anything other than this type of auth.
…support - Move cookie header setting outside if/else block to ensure it applies to both old (Private-Token) and new (Bearer) GitLab authentication - Fixes issue where cookies were only set for Bearer token auth - Maintains backward compatibility with existing authentication methods - Enables cookie-based authentication for all GitLab instance types Resolves authentication failures when using GITLAB_AUTH_COOKIE_PATH with GitLab instances that require cookie-based authentication.
- Add fallback parsing for macOS cookie format - Handle cookie files with different structure than standard Netscape format - Maintain compatibility with existing Linux cookie parsing - Extract cookie name and value from space-separated format Resolves authentication failures when using GITLAB_AUTH_COOKIE_PATH on macOS systems.
677833a to
8f4b42d
Compare
- Replace static cookie string with fetch-cookie + tough-cookie - Add proper Netscape cookie format parsing with domain context - Enable automatic cookie handling during OAuth2 redirects - Fixes authentication issues on macOS with enterprise SSO
|
Sorry. The fully functional solution is too complex to be included for this edge case. |
mattweg
pushed a commit
to mattweg/gitlab-mcp
that referenced
this pull request
Jun 16, 2025
…ookies instead of count This PR fixes the cookie authentication issue by checking for specific session cookies (_gitlab_session or remember_user_token) instead of just counting the number of cookies. This ensures proper authentication with GitLab instances that use cookie-based auth. Closes zereight#100
mattweg
pushed a commit
to mattweg/gitlab-mcp
that referenced
this pull request
Jun 16, 2025
…ookies instead of count This PR fixes the cookie authentication issue by checking for specific session cookies (_gitlab_session or remember_user_token) instead of just counting the number of cookies. This ensures proper authentication with GitLab instances that use cookie-based auth. Closes zereight#100
mattweg
pushed a commit
to mattweg/gitlab-mcp
that referenced
this pull request
Jun 16, 2025
- Move session establishment to the beginning of each request handler - Only attempt cookie authentication if GITLAB_AUTH_COOKIE_PATH is set - Use dynamic base URL from GITLAB_API_URL instead of hardcoded URL - Remove redundant session establishment calls Closes zereight#100
zereight
pushed a commit
that referenced
this pull request
Jun 16, 2025
…101) * feat: add cookie-based authentication support for GitLab instances 🍪 - Add GITLAB_AUTH_COOKIE_PATH environment variable support - Handle #HttpOnly_ prefix in cookie files properly - Enable redirect following when cookies are present - Maintain compatibility with existing token-based auth * chore: prepare fork for npm publishing as @mattweg/gitlab-mcp - Update package name to @mattweg/gitlab-mcp - Bump version to 1.0.63-fork.1 - Add attribution to original author zereight - Add deprecation notice referencing upstream PR #100 - Add repository and homepage URLs for fork * fix: remove duplicate documentation line - removed the duplicate GITLAB_AUTH_COOKIE_PATH from README.md * fix: move cookie header outside conditional block for universal auth support - Move cookie header setting outside if/else block to ensure it applies to both old (Private-Token) and new (Bearer) GitLab authentication - Fixes issue where cookies were only set for Bearer token auth - Maintains backward compatibility with existing authentication methods - Enables cookie-based authentication for all GitLab instance types Resolves authentication failures when using GITLAB_AUTH_COOKIE_PATH with GitLab instances that require cookie-based authentication. * 1.0.63 * fix: add support for macOS cookie format in auth cookie parsing 🍪 - Add fallback parsing for macOS cookie format - Handle cookie files with different structure than standard Netscape format - Maintain compatibility with existing Linux cookie parsing - Extract cookie name and value from space-separated format Resolves authentication failures when using GITLAB_AUTH_COOKIE_PATH on macOS systems. * 1.0.64 * chore: update version to 1.0.63-fork.3 * fix: implement proper cookie jar authentication for macOS - Replace static cookie string with fetch-cookie + tough-cookie - Add proper Netscape cookie format parsing with domain context - Enable automatic cookie handling during OAuth2 redirects - Fixes authentication issues on macOS with enterprise SSO * chore: update version to 1.0.63-fork.4 * feat: add cookie-based authentication support for enterprise GitLab instances Add support for Netscape cookie file authentication to enable access to enterprise GitLab instances that use SSO/OAuth2 redirects. - Add GITLAB_AUTH_COOKIE_PATH environment variable - Implement cookie jar with proper domain handling for redirects - Use conditional fetch assignment: cookie-enabled when path configured - Maintains backward compatibility: no cookies = original behavior - Zero changes to existing fetch() calls throughout codebase Enables authentication flows like: curl -L -b ~/.midway/cookie Useful for enterprise environments with federated authentication. * chore: update to fork version 1.0.63-fork.5 with cookie auth support * feat: add cookie-based authentication support for enterprise GitLab instances Add support for Netscape cookie file authentication to enable access to enterprise GitLab instances that use SSO/OAuth2 redirects. - Add GITLAB_AUTH_COOKIE_PATH environment variable - Implement cookie jar with proper domain handling for redirects - Use conditional fetch assignment: cookie-enabled when path configured - Maintains backward compatibility: no cookies = original behavior - Zero changes to existing fetch() calls throughout codebase Enables authentication flows like: curl -L -b ~/.midway/cookie Useful for enterprise environments with federated authentication. * feat: implement robust cookie-based authentication with hybrid parsing - Add support for Netscape cookie file format with #HttpOnly_ prefix handling - Implement hybrid approach using tough-cookie's parse() for robust cookie parsing - Add automatic session establishment for enterprise GitLab authentication - Support cookie file path via GITLAB_AUTH_COOKIE_PATH environment variable - Integrate with fetch-cookie for automatic redirect handling and session persistence - Ensure compatibility with Midway enterprise authentication flow This enables seamless authentication with enterprise GitLab instances that require cookie-based authentication while maintaining clean, maintainable code using widely-supported packages (tough-cookie + fetch-cookie). * chore: bump version to 1.0.63-fork.6 with ultra-clean cookie auth * fix: correct package name to @mattweg/gitlab-mcp for proper npx dependency resolution - Fix package name mismatch that prevented npx from installing dependencies - Bump version to 1.0.63-fork.7 - This resolves cookie authentication issues by ensuring fetch-cookie and tough-cookie are properly installed * Improve cookie authentication with robust session establishment * feat: add cookie-based authentication support This feature adds support for cookie-based authentication with GitLab instances by: - Adding a new GITLAB_AUTH_COOKIE_PATH environment variable to specify the path to a Netscape-format cookie file - Implementing a cookie jar parser that handles standard Netscape cookie format - Adding session establishment logic that checks for GitLab session cookies - Ensuring all API requests use the authenticated session This allows the MCP server to authenticate with GitLab instances that use cookie-based authentication, which is particularly useful for instances that require SSO or other authentication methods that don't support personal access tokens. --------- Co-authored-by: Moon (mattweg's AI assistant) <moon+ai-assistant@mattweg.dev> Co-authored-by: Matt Weg <mattweg@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.