A Golang HTTP gateway with OAuth authentication and Casbin authorization middleware, built with Beego web framework and a React frontend.
- HTTP Middleware System: Stackable middleware architecture
- OAuth Authentication: JWT-based authentication middleware following MCP recommendations
- Casbin Authorization: Role-based access control (RBAC) for fine-grained permission management
- Modern Frontend: React + Tailwind CSS + shadcn/ui for a beautiful user interface
- Dual Serving: Backend serves both APIs and frontend static files on port 9000
- CI/CD: Automated testing and semantic versioning with GitHub Actions
βββββββββββββββββββ
β Client β
ββββββββββ¬βββββββββ
β
βΌ
βββββββββββββββββββββββββββββββ
β MCP Gateway (Port 9000) β
β βββββββββββββββββββββββββ β
β β OAuth Middleware β β
β β (JWT Authentication) β β
β ββββββββββββ¬βββββββββββββ β
β βΌ β
β βββββββββββββββββββββββββ β
β β Casbin Middleware β β
β β (Authorization) β β
β ββββββββββββ¬βββββββββββββ β
β βΌ β
β βββββββββββββββββββββββββ β
β β API Controllers β β
β β + Static Files β β
β βββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββ
- Go 1.21.0 or later
- Node.js 20 or later
- npm or yarn
- Clone the repository:
git clone https://github.com/casbin/mcp-gateway.git
cd mcp-gateway- Install Go dependencies:
go mod download- Build the backend:
go build -o mcp-gateway .- Run the backend:
./mcp-gatewayThe backend will start on port 9000.
- Navigate to the web directory:
cd web- Install dependencies:
npm install- For development mode (runs on port 8001):
npm run dev- For production build:
npm run buildThe built files will be in web/dist and automatically served by the backend on port 9000.
Two demo accounts are available for testing:
- Admin:
alice/password123(has admin role with full access) - User:
bob/password456(has user role with limited access)
GET /health- Health check endpointPOST /login- Login endpoint
GET /api/users- List all users (admin only)GET /api/users/:id- Get specific user (admin only)POST /api/users- Create new user (admin only)GET /api/profile- Get current user profilePUT /api/profile- Update current user profile
All protected endpoints require a JWT token in the Authorization header:
Authorization: Bearer <token>Example login request:
curl -X POST http://localhost:9000/login \
-H "Content-Type: application/json" \
-d '{"username":"alice","password":"password123"}'Example authenticated request:
curl http://localhost:9000/api/users \
-H "Authorization: Bearer <your-token>"Edit conf/app.conf to configure OAuth settings:
[dev]
oauth.secret = your-secret-key-dev
[prod]
oauth.secret = ${OAUTH_SECRET||your-secret-key}Edit conf/policy.csv to modify access control rules:
p, admin, /api/*, GET
p, admin, /api/*, POST
p, user, /api/profile, GET
g, alice, admin
g, bob, user
The format is: p, role, resource, action for permissions and g, user, role for role assignments.
go test ./... -vgo test -v -race -coverprofile=coverage.txt -covermode=atomic ./...cd web
npm run devThis will start the development server on port 8001 with hot module replacement.
- Build the backend:
go build -ldflags="-s -w" -o mcp-gateway .- Build the frontend:
cd web
npm run build
cd ..- Run the application:
./mcp-gatewayThe application will serve both backend APIs and frontend static files on port 9000.
You can containerize the application:
FROM golang:1.21-alpine AS backend-builder
WORKDIR /app
COPY go.* ./
RUN go mod download
COPY . .
RUN go build -ldflags="-s -w" -o mcp-gateway .
FROM node:20-alpine AS frontend-builder
WORKDIR /app
COPY web/package*.json ./
RUN npm ci
COPY web/ ./
RUN npm run build
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=backend-builder /app/mcp-gateway .
COPY --from=frontend-builder /app/dist ./web/dist
COPY conf ./conf
EXPOSE 9000
CMD ["./mcp-gateway"]Apache-2.0 License
Contributions are welcome! Please feel free to submit a Pull Request.