feat: Support for /sse and OAuth flow (#36)

- [x] Refactor the app to start in both `stdio` and `sse` mode
- [x] Using express for `sse` - we can switch to Fastify or something
else in future
- [x] Added `morgan` for API access logs
- [x] Added `winston` for App logs
- [x] Implement the OAuth flow as a middle
- [x] Using `keyv` and Neon for store tokens and auth codes
- [x] Implement the `refresh_token` flow
- [x] ~Testing on Vercel~ Deploy on Fly
- [x] Security review for OAuth flow - PKCE code exchange, client-secret
verification

cc: @davidgomes

---------

Co-authored-by: David Gomes <[email protected]>

Author: Shridhad

.dockerignore

@@ -0,0 +1,9 @@
+# flyctl launch added from .gitignore
+**/node_modules
+**/*.log
+**/.env
+**/dist
+**/build
+# VS Code history extension
+**/.history 
+fly.toml

.env.example

@@ -5,4 +5,20 @@ BRAINTRUST_API_KEY=
 NEON_API_KEY=
 
 ## Anthropic api key to run the evals
-ANTHROPIC_API_KEY=
+ANTHROPIC_API_KEY=
+
+## Neon API
+NEON_API_HOST=https://api.neon.tech/api/v2
+
+## OAuth upstream oauth host
+UPSTREAM_OAUTH_HOST='https://oauth2.neon.tech';
+
+## OAuth client id
+CLIENT_ID=
+
+## OAuth client secret
+CLIENT_SECRET=
+
+## Redirect URI for OIDC callback
+REDIRECT_URI=http://localhost:3001/callback
+

.github/workflows/fly-deploy.yml

@@ -0,0 +1,19 @@
+# See https://fly.io/docs/app-guides/continuous-deployment-with-github-actions/
+
+name: Fly Deploy
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    name: Deploy app
+    runs-on: ubuntu-latest
+    concurrency: deploy-group # optional: ensure only one action runs at a time
+    steps:
+      - uses: actions/checkout@v4
+      - uses: superfly/flyctl-actions/setup-flyctl@master
+      - run: flyctl deploy --remote-only
+        env:
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}

.github/workflows/fly-preview.yml

@@ -0,0 +1,21 @@
+name: Deploy Preview App
+on:
+  # Run this workflow on every PR event. Existing review apps will be updated when the PR is updated.
+  pull_request:
+    types: [opened, reopened, synchronize, closed, labeled]
+
+jobs:
+  preview:
+    if: contains(github.event.pull_request.labels.*.name, 'deploy-preview')
+    name: Deploy Preview
+    runs-on: ubuntu-latest
+    concurrency: deploy-group # optional: ensure only one action runs at a time
+    steps:
+      - uses: actions/checkout@v4
+      - uses: superfly/flyctl-actions/setup-flyctl@master
+      - run: flyctl secrets set --app preview-mcp-server-neon CLIENT_ID=${{secrets.CLIENT_ID}} CLIENT_SECRET=${{secrets.CLIENT_SECRET}} OAUTH_DATABASE_URL=${{secrets.PREVIEW_OAUTH_DATABASE_URL}} SERVER_HOST=${{vars.PREVIEW_SERVER_HOST}} NEON_API_HOST=${{vars.NEON_API_HOST_STAGING}} UPSTREAM_OAUTH_HOST=${{vars.OAUTH_HOST_STAGING}}
+        env:
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+      - run: flyctl deploy --remote-only --config ./fly.preview.toml
+        env:
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## UNRELEASED
+
+- Feature: Support for remote MCP with OAuth flow.
+
 ## [0.3.7] - 2025-04-23
 
 - Fixes Neon Auth instructions to install latest version of the SDK

Dockerfile.fly

@@ -0,0 +1,50 @@
+
+# Use the imbios/bun-node image as the base image with Node and Bun
+# Keep bun and node version in sync with package.json
+ARG NODE_VERSION=22.0.0
+ARG BUN_VERSION=1.1.38
+FROM imbios/bun-node:1.1.38-22-slim AS base
+
+LABEL fly_launch_runtime="Node.js"
+
+# Set the working directory in the container
+WORKDIR /app
+
+# Set production environment
+ENV NODE_ENV="production"
+
+# Throw-away build stage to reduce size of final image
+From base As builder
+
+# Install packages needed to build node modules
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y build-essential node-gyp pkg-config python-is-python3
+
+# Copy package.json and package-lock.json
+COPY package.json package-lock.json ./
+
+# Copy the entire project to the working directory
+COPY . .
+
+# Install the dependencies and devDependencies
+RUN npm ci --include=dev
+
+# Build the project
+RUN npm run build
+
+# Remove development dependencies
+RUN npm prune --omit=dev
+
+# Final stage for app image
+FROM base
+
+# Copy built application
+COPY --from=builder /app /app
+
+
+# Define environment variables
+ENV NODE_ENV=production
+
+EXPOSE 3001
+# Specify the command to run the MCP server
+CMD ["node", "dist/index.js", "start:sse"]

bun.lock

@@ -0,0 +1,22 @@
+#
+# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
+#
+
+app = 'preview-mcp-server-neon'
+primary_region = 'fra'
+
+[build]
+  dockerfile = 'Dockerfile.fly'
+
+[http_service]
+  internal_port = 3001
+  force_https = true
+  auto_stop_machines = 'stop'
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ['app']
+
+[[vm]]
+  memory = '1gb'
+  cpu_kind = 'shared'
+  cpus = 1

fly.preview.toml

@@ -0,0 +1,22 @@
+#
+# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
+#
+
+app = 'mcp-server-neon'
+primary_region = 'ams'
+
+[build]
+  dockerfile = 'Dockerfile.fly'
+
+[http_service]
+  internal_port = 3001
+  force_https = true
+  auto_stop_machines = 'stop'
+  auto_start_machines = true
+  min_machines_running = 1
+  processes = ['app']
+
+[[vm]]
+  memory = '2gb'
+  cpu_kind = 'performance'
+  cpus = 1