Skip to content

bugfix: consistent local addressing#2

Open
exdysa wants to merge 3 commits into
VoidNullable:masterfrom
exdysa:main
Open

bugfix: consistent local addressing#2
exdysa wants to merge 3 commits into
VoidNullable:masterfrom
exdysa:main

Conversation

@exdysa

@exdysa exdysa commented Jun 23, 2026

Copy link
Copy Markdown

Changes made in

src/oauth.rs:

  1. Added derive_issuer_from_request() (lines 181-215) - runtime-aware issuer extraction with fallback chain:
  • X-Forwarded-Proto + X-Forwarded-Host (for reverse proxies)
  • Host header (direct connections)
  • Fallback to configured issuer
  1. Updated protected_resource_metadata() (lines 217-223) - now accepts HeaderMap and uses runtime-derived issuer

  2. Updated authorization_server_metadata() (lines 226-242) - now accepts HeaderMap and uses runtime-derived issuer

How it fixes the issue

Connection Headers Derived Issuer
http://127.0.0.1:3456 Host: 127.0.0.1:3456 http://127.0.0.1:3456
https://magi.tail...ts.net X-Forwarded-Proto: https https://magi.tail...ts.net
http://203.0.113.7:3456 Host: 203.0.113.7:3456 http://203.0.113.7:3456

This resolves the OAuth "Protected resource mismatch" error by always advertising the URL the client actually connected to.

src/main.rs:

  1. Consistent URLs
  • 606-609 : Changed server startup log to show user-friendly localhost URL:
// Before:
info!(addr = %addr, "lific server started (REST + MCP + OAuth at /mcp)");

// After:
info!(addr = %bind_addr, "lific server started (REST + MCP + OAuth at /mcp)");
info!(url = "http://localhost:3456", "connection hint (or use public_url from config)");

Current URL Sources After Change

Source URL Status
Server startup log http://localhost:3456 (hint) Consistent
README.md http://localhost:3456/mcp Consistent
Web console (api.ts:805) window.location.origin + "/mcp" Consistent (dynamic origin)
OAuth derivation Dynamic from headers Preserved flexibility
  • Server log now shows http://localhost:3456 as the connection hint
  • OAuth header-based derivation remains unchanged
  • Web UI URL generation unchanged
  • README.md was already showing localhost:3456 - no change needed
  • src/config.rs default was already 0.0.0.0 (bind address, not issuer)
  1. Conditional compilation
  • Made WebAssets struct conditional on #[cfg(feature = "frontend")]
  • Made serve_frontend() function conditional
  • Added fallback that returns 404 when frontend feature is disabled

Cargo.toml:

  • Added [features] section with frontend feature flag
  • Made rust-embed and mime_guess optional dependencies
  • Enabled only when --features frontend is passed

Usage:

Command Behavior
cargo build Builds without frontend (default for dev)
cargo build --features frontend Includes embedded frontend (requires web/dist/)
cargo build --profile release-dist --features frontend Production build with frontend

Build the frontend assets:

cd web && bun run build

This populates web/dist/ and enables the frontend feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant