fix(mcp): stop idle OAuth callback server (#32245)
Some checks failed
nix-eval / nix-eval (push) Has been cancelled
test / unit (linux) (push) Has been cancelled
test / unit (windows) (push) Has been cancelled
deploy / deploy (push) Has been cancelled
generate / generate (push) Has been cancelled
nix-hashes / compute-hash (blacksmith-4vcpu-ubuntu-2404, x86_64-linux) (push) Has been cancelled
nix-hashes / compute-hash (blacksmith-4vcpu-ubuntu-2404-arm, aarch64-linux) (push) Has been cancelled
publish / version (push) Has been cancelled
nix-hashes / compute-hash (macos-15-intel, x86_64-darwin) (push) Has been cancelled
nix-hashes / compute-hash (macos-latest, aarch64-darwin) (push) Has been cancelled
test / e2e (linux) (push) Has been cancelled
test / e2e (windows) (push) Has been cancelled
typecheck / typecheck (push) Has been cancelled
publish / build-cli (push) Has been cancelled
publish / sign-cli-windows (push) Has been cancelled
publish / build-electron (map[bun_install_flags:--os=darwin --cpu=arm64 host:macos-26 platform_flag:--mac --arm64 target:aarch64-apple-darwin]) (push) Has been cancelled
publish / build-electron (map[bun_install_flags:--os=darwin --cpu=x64 host:macos-26-intel platform_flag:--mac --x64 target:x86_64-apple-darwin]) (push) Has been cancelled
publish / build-electron (map[host:blacksmith-4vcpu-ubuntu-2404 platform_flag:--linux target:x86_64-unknown-linux-gnu]) (push) Has been cancelled
publish / build-electron (map[host:blacksmith-4vcpu-ubuntu-2404-arm platform_flag:--linux --arm64 target:aarch64-unknown-linux-gnu]) (push) Has been cancelled
publish / build-electron (map[host:blacksmith-4vcpu-windows-2025 platform_flag:--win target:x86_64-pc-windows-msvc]) (push) Has been cancelled
publish / build-electron (map[host:windows-2025 platform_flag:--win --arm64 target:aarch64-pc-windows-msvc]) (push) Has been cancelled
publish / publish (push) Has been cancelled
nix-hashes / update-hashes (push) Has been cancelled

This commit is contained in:
Aiden Cline 2026-06-14 21:36:21 -05:00 committed by GitHub
parent 98d66e9a8b
commit 5d0f86606a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 23 additions and 0 deletions

View file

@ -71,6 +71,13 @@ function cleanupStateIndex(oauthState: string) {
}
}
function stopIfIdle() {
if (pendingAuths.size > 0 || !server) return
server.close()
server = undefined
}
function handleRequest(req: import("http").IncomingMessage, res: import("http").ServerResponse) {
const url = new URL(req.url || "/", `http://localhost:${currentPort}`)
@ -104,6 +111,7 @@ function handleRequest(req: import("http").IncomingMessage, res: import("http").
}
res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" })
res.end(HTML_ERROR(errorMsg))
stopIfIdle()
return
}
@ -130,6 +138,7 @@ function handleRequest(req: import("http").IncomingMessage, res: import("http").
res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" })
res.end(HTML_SUCCESS)
stopIfIdle()
}
export async function ensureRunning(redirectUri?: string): Promise<void> {
@ -168,6 +177,7 @@ export function waitForCallback(oauthState: string, mcpName?: string): Promise<s
pendingAuths.delete(oauthState)
if (mcpName) mcpNameToState.delete(mcpName)
reject(new Error("OAuth callback timeout - authorization took too long"))
stopIfIdle()
}
}, CALLBACK_TIMEOUT_MS)
@ -185,6 +195,7 @@ export function cancelPending(mcpName: string): void {
pendingAuths.delete(key)
mcpNameToState.delete(mcpName)
pending.reject(new Error("Authorization cancelled"))
stopIfIdle()
}
}

View file

@ -32,6 +32,18 @@ describe("McpOAuthCallback.ensureRunning", () => {
expect(McpOAuthCallback.isRunning()).toBe(true)
})
test("stops after the callback completes", async () => {
const redirectUri = "http://127.0.0.1:18003/custom/callback"
await McpOAuthCallback.ensureRunning(redirectUri)
const callback = McpOAuthCallback.waitForCallback("success")
const response = await fetch(`${redirectUri}?code=code&state=success`)
expect(response.status).toBe(200)
expect(await callback).toBe("code")
expect(McpOAuthCallback.isRunning()).toBe(false)
})
test("escapes provider error markup in callback HTML", async () => {
const redirectUri = "http://127.0.0.1:18001/custom/callback"
await McpOAuthCallback.ensureRunning(redirectUri)