feat: add higress api mcp server (#2923)

Co-authored-by: 澄潭 <zty98751@alibaba-inc.com> Co-authored-by: Se7en <chengzw258@163.com>
2026-06-08 20:27:31 +08:00 · 2025-10-31 15:46:14 +08:00
parent d745bc0d0b
commit 1602b6f94a
24 changed files with 3298 additions and 74 deletions
--- a/plugins/golang-filter/mcp-session/common/auth.go
+++ b/plugins/golang-filter/mcp-session/common/auth.go
@@ -0,0 +1,53 @@
+package common
+
+import (
+	"context"
+)
+
+// contextKey is the type for context keys to avoid collisions
+type authContextKey string
+
+const (
+	// authHeaderKey stores the Authorization header value (for API authentication)
+	authHeaderKey authContextKey = "auth_header"
+	// istiodTokenKey stores the Istiod token value (for Istio debug API authentication)
+	istiodTokenKey authContextKey = "istiod_token"
+)
+
+// WithAuthHeader adds the Authorization header to context
+// This is typically used for authenticating with Higress Console API
+func WithAuthHeader(ctx context.Context, authHeader string) context.Context {
+	if authHeader == "" {
+		return ctx
+	}
+	return context.WithValue(ctx, authHeaderKey, authHeader)
+}
+
+// GetAuthHeader retrieves the Authorization header from context
+// Returns the header value and true if found, empty string and false otherwise
+func GetAuthHeader(ctx context.Context) (string, bool) {
+	if ctx == nil {
+		return "", false
+	}
+	authHeader, ok := ctx.Value(authHeaderKey).(string)
+	return authHeader, ok
+}
+
+// WithIstiodToken adds the Istiod authentication token to context
+// This is typically used for authenticating with Istiod debug endpoints
+func WithIstiodToken(ctx context.Context, token string) context.Context {
+	if token == "" {
+		return ctx
+	}
+	return context.WithValue(ctx, istiodTokenKey, token)
+}
+
+// GetIstiodToken retrieves the Istiod token from context
+// Returns the token value and true if found, empty string and false otherwise
+func GetIstiodToken(ctx context.Context) (string, bool) {
+	if ctx == nil {
+		return "", false
+	}
+	token, ok := ctx.Value(istiodTokenKey).(string)
+	return token, ok
+}
--- a/plugins/golang-filter/mcp-session/common/sse.go
+++ b/plugins/golang-filter/mcp-session/common/sse.go
@@ -201,6 +201,18 @@ func (s *SSEServer) HandleMessage(w http.ResponseWriter, r *http.Request, body j
 		SessionID: sessionID,
 	})

+	// Extract Authorization header from HTTP request and add to context
+	// This is used for Higress Console API authentication
+	if authHeader := r.Header.Get("Authorization"); authHeader != "" {
+		ctx = WithAuthHeader(ctx, authHeader)
+	}
+
+	// Extract X-Istiod-Token header from HTTP request and add to context
+	// This is used for Istiod debug API authentication
+	if istiodToken := r.Header.Get("X-Istiod-Token"); istiodToken != "" {
+		ctx = WithIstiodToken(ctx, istiodToken)
+	}
+
 	//TODO： check session id
 	// _, ok := s.sessions.Load(sessionID)
 	// if !ok {