chore: update protect method in McpAuthServer

Author: 3nethz

packages/mcp-express/README.md

@@ -32,61 +32,72 @@ pnpm add @asgardeo/mcp-express
 - Built-in CORS support
 - Seamless integration with Asgardeo
 
+## Usage
+
 ### Basic Setup
 
 ```typescript
 import express from 'express';
-import {McpAuth, protectedRoute} from '@asgardeo/mcp-express';
+import {McpAuthServer} from '@asgardeo/mcp-express';
 
 const app = express();
 
-// Initialize MCP authentication middleware with baseUrl
-app.use(
-  McpAuth({
-    baseUrl: process.env.BASE_URL as string,
-  }),
-);
+// Initialize McpAuthServer with baseUrl
+const mcpAuthServer = new McpAuthServer({
+  baseUrl: process.env.BASE_URL as string,
+});
+
+app.use(express.json());
+app.use(mcpAuthServer.router());
 
 // Protect your MCP endpoint
 app.post(
   '/mcp',
-  protectedRoute({
-    baseUrl: process.env.BASE_URL as string,
-  }),
-  async (req, res) => {
+  mcpAuthServer.protect(async (req, res) => {
     // Your MCP handling logic here
-  },
+  }),
 );
 ```
 
 ### API Reference
 
-#### McpAuth(options)
+#### McpAuthServer(options)
 
-Initializes the MCP authentication server middleware with the given configuration.
+Creates a new instance of the MCP authentication server with the given configuration.
 
 ```typescript
-import {McpAuth} from '@asgardeo/mcp-express';
+import {McpAuthServer} from '@asgardeo/mcp-express';
 
-app.use(McpAuth({baseUrl: 'https://auth.example.com'}));
+const mcpAuthServer = new McpAuthServer({baseUrl: 'https://auth.example.com'});
 ```
 
-#### protectedRoute
+#### mcpAuthServer.router()
 
-Middleware to protect routes that require authentication.
+Returns an Express router that sets up the necessary endpoints for MCP authentication.
 
 ```typescript
-import {protectedRoute} from '@asgardeo/mcp-express';
+app.use(mcpAuthServer.router());
+```
+
+#### mcpAuthServer.protect(handler)
+
+Returns middleware that protects routes requiring authentication, passing control to the provided handler function when authentication succeeds.
 
-app.use('/api/protected', protectedRoute, protectedRoutes);
+```typescript
+app.post(
+  '/api/protected',
+  mcpAuthServer.protect(async (req, res) => {
+    // Your protected route logic here
+  })
+);
 ```
 
 ### Configuration
 
-The middleware can be configured with the following option:
+The server can be configured with the following option:
 
 ```typescript
-interface McpAuthOptions {
+interface McpAuthServerOptions {
   /** Base URL of the authorization server */
   baseUrl: string;
 }
@@ -98,7 +109,7 @@ Here's a complete example of setting up an Express server with MCP authenticatio
 
 ```typescript
 import {randomUUID} from 'node:crypto';
-import {McpAuth, protectedRoute} from '@asgardeo/mcp-express';
+import {McpAuthServer} from '@asgardeo/mcp-express';
 import {McpServer} from '@modelcontextprotocol/sdk/server/mcp';
 import {StreamableHTTPServerTransport} from '@modelcontextprotocol/sdk/server/streamableHttp';
 import {isInitializeRequest} from '@modelcontextprotocol/sdk/types';
@@ -109,12 +120,14 @@ import {z} from 'zod';
 config();
 
 const app: Express = express();
+
+// Initialize McpAuthServer
+const mcpAuthServer = new McpAuthServer({
+  baseUrl: process.env.BASE_URL as string,
+});
+
 app.use(express.json());
-app.use(
-  McpAuth({
-    baseUrl: process.env.BASE_URL as string,
-  }),
-);
+app.use(mcpAuthServer.router());
 
 // Session management
 interface TransportMap {
@@ -132,10 +145,7 @@ const isSessionExpired = (lastAccessTime: number): boolean => Date.now() - lastA
 // MCP endpoint with authentication
 app.post(
   '/mcp',
-  protectedRoute({
-    baseUrl: process.env.BASE_URL as string,
-  }),
-  async (req: Request, res: Response): Promise<void> => {
+  mcpAuthServer.protect(async (req: Request, res: Response): Promise<void> => {
     try {
       const sessionId: string | undefined = req.headers['mcp-session-id'] as string | undefined;
       let transport: StreamableHTTPServerTransport;
@@ -204,7 +214,7 @@ app.post(
     } catch (error) {
       // Error handling
     }
-  },
+  }),
 );
 
 const PORT: string | number = process.env.PORT || 3000;
@@ -241,4 +251,4 @@ pnpm lint
 
 ## License
 
-Apache-2.0 - see the [LICENSE](LICENSE) file for details.
+Apache-2.0 - see the [LICENSE](LICENSE) file for details.

packages/mcp-express/src/McpAuthServer.ts

@@ -1,10 +1,29 @@
-import express, {Router, RequestHandler} from 'express';
+/**
+ * Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 import {McpAuthOptions} from '@asgardeo/mcp-node';
+import express, {Router, RequestHandler} from 'express';
 import protectedRoute from './middlewares/protected-route';
 import AuthRouter from './routes/auth';
 
 export class McpAuthServer {
   private options: McpAuthOptions;
+
   private routerInstance: Router;
 
   constructor(options: McpAuthOptions) {
@@ -20,7 +39,7 @@ export class McpAuthServer {
   }
 
   public protect(handler: RequestHandler): Router {
-    const protectedRouter = express.Router();
+    const protectedRouter: Router = express.Router();
     protectedRouter.use(protectedRoute(this.options), handler);
     return protectedRouter;
   }