fix: sse new ctx (#323)

<!--
Thank you for your pull request. Please review below requirements.
Bug fixes and new features should include tests and possibly benchmarks.
Contributors guide:
https://github.com/eggjs/egg/blob/master/CONTRIBUTING.md

感谢您贡献代码。请确认下列 checklist 的完成情况。
Bug 修复和新功能必须包含测试，必要时请附上性能测试。
Contributors guide:
https://github.com/eggjs/egg/blob/master/CONTRIBUTING.md
-->

##### Checklist
<!-- Remove items that do not apply. For completed items, change [ ] to
[x]. -->

- [ ] `npm test` passes
- [ ] tests and/or benchmarks are included
- [ ] documentation is changed or added
- [ ] commit message follows commit guidelines

##### Affected core subsystem(s)
<!-- Provide affected core subsystem(s). -->


##### Description of change
<!-- Provide a description of the change below this comment. -->

<!--
- any feature?
- close https://github.com/eggjs/egg/ISSUE_URL
-->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Introduced a plugin system for controller hooks, allowing user
information to be injected into request contexts based on authorization
headers.
  - Added a new tool, "echoUser", which greets the authenticated user.
- **Bug Fixes**
- Improved request header handling for Server-Sent Events to ensure all
original headers are included.
- **Tests**
- Enhanced tests to cover authentication scenarios and verify the new
"echoUser" tool functionality.
- **Chores**
  - Added configuration and setup for the new hook plugin.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: akitaSummer

plugin/controller/lib/impl/mcp/MCPControllerRegister.ts

@@ -397,11 +397,17 @@ export class MCPControllerRegister implements ControllerRegister {
       req.method = 'POST';
       req.url = self.mcpConfig.sseInitPath;
       req.headers = {
+        ...ctx.req.headers,
         accept: 'application/json, text/event-stream',
         'content-type': 'application/json',
       };
       const newCtx = self.app.createContext(req, res) as unknown as Context;
       await ctx.app.ctxStorage.run(newCtx, async () => {
+        if (MCPControllerRegister.hooks.length > 0) {
+          for (const hook of MCPControllerRegister.hooks) {
+            await hook.preHandle?.(newCtx);
+          }
+        }
         await mw(newCtx, async () => {
           messageFunc!(...args);
           if (isJSONRPCRequest(args[0])) {

plugin/controller/test/fixtures/apps/mcp-app/app/controller/McpController.ts

@@ -46,6 +46,9 @@ export class McpController {
   @Inject()
   commonService: CommonService;
 
+  @Inject()
+  user: any;
+
   @MCPPrompt()
   async foo(@PromptArgsSchema(PromptType) args: PromptArgs<typeof PromptType>): Promise<MCPPromptResponse> {
     this.logger.info('hello world');
@@ -75,6 +78,18 @@ export class McpController {
     };
   }
 
+  @MCPTool()
+  async echoUser(): Promise<MCPToolResponse> {
+    return {
+      content: [
+        {
+          type: 'text',
+          text: `hello ${this.user}`,
+        },
+      ],
+    };
+  }
+
 
   @MCPResource({
     template: [

plugin/controller/test/fixtures/apps/mcp-app/config/plugin.js

@@ -1,4 +1,6 @@
 'use strict';
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const path = require('path');
 
 exports.tracer = {
   package: 'egg-tracer',
@@ -24,3 +26,9 @@ exports.mcpProxy = {
   package: '@eggjs/mcp-proxy',
   enable: true,
 };
+
+
+exports.hookPlugin = {
+  path: path.join(__dirname, '../hook-plugin'),
+  enable: true,
+};

plugin/controller/test/fixtures/apps/mcp-app/hook-plugin/app.ts

@@ -0,0 +1,15 @@
+import type { Application } from 'egg';
+import { MCPControllerRegister } from '@eggjs/tegg-controller-plugin/lib/impl/mcp/MCPControllerRegister';
+import { GetAlipayTeggHook } from './lib/MCPControllerHook';
+
+export default class ControllerAppBootHook {
+  #app: Application;
+
+  constructor(app: Application) {
+    this.#app = app;
+  }
+
+  configWillLoad() {
+    MCPControllerRegister.addHook(GetAlipayTeggHook(this.#app));
+  }
+}

plugin/controller/test/fixtures/apps/mcp-app/hook-plugin/lib/MCPControllerHook.ts

@@ -0,0 +1,38 @@
+import type { Application, Context } from 'egg';
+import { MCPControllerHook } from '@eggjs/tegg-controller-plugin/lib/impl/mcp/MCPControllerRegister';
+
+export const GetAlipayTeggHook = (app: Application) => {
+  const setUser = (ctx: Context) => {
+    ctx.set({
+      'content-type': 'text/event-stream',
+      'cache-control': 'no-cache',
+      'transfer-encoding': 'chunked',
+    });
+    try {
+      const auth = ctx.get('authorization');
+      const atitString = Buffer.from(
+        auth.substring('Bearer '.length),
+        'base64',
+      ).toString('utf8');
+      ctx.user = atitString;
+    } catch (e) {
+      app.logger.warn('get user failed: ', e);
+    }
+  };
+  const AlipayTeggControllerHook: MCPControllerHook = {
+    async preHandle(ctx) {
+      setUser(ctx);
+    },
+    async preHandleInitHandle(ctx) {
+      setUser(ctx);
+    },
+    async preSSEInitHandle(ctx) {
+      setUser(ctx);
+    },
+    async preProxy(ctx) {
+      setUser(ctx);
+    },
+  };
+
+  return AlipayTeggControllerHook;
+};

plugin/controller/test/fixtures/apps/mcp-app/hook-plugin/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "@eggjs/hook-plugin",
+  "eggPlugin": {
+    "name": "hookPlugin"
+  }
+}

plugin/controller/test/mcp/mcp.test.ts

@@ -90,7 +90,29 @@ describe('plugin/controller/test/mcp/mcp.test.ts', () => {
       });
       const baseUrl = await app.httpRequest()
         .get('/mcp/init').url;
-      const sseTransport = new SSEClientTransport(new URL(baseUrl));
+      const sseTransport = new SSEClientTransport(
+        new URL(baseUrl),
+        {
+          authProvider: {
+            get redirectUrl() { return 'http://localhost/callback'; },
+            get clientMetadata() { return { redirect_uris: [ 'http://localhost/callback' ] }; },
+            clientInformation: () => ({ client_id: 'test-client-id', client_secret: 'test-client-secret' }),
+            tokens: () => {
+              return {
+                access_token: Buffer.from('akita').toString('base64'),
+                token_type: 'Bearer',
+              };
+            },
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            saveTokens: () => {},
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            redirectToAuthorization: () => {},
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            saveCodeVerifier: () => {},
+            codeVerifier: () => '',
+          },
+        },
+      );
       const sseNotifications: { level: string, data: string }[] = [];
       sseClient.setNotificationHandler(LoggingMessageNotificationSchema, notification => {
         sseNotifications.push({ level: notification.params.level, data: notification.params.data as string });
@@ -107,6 +129,10 @@ describe('plugin/controller/test/mcp/mcp.test.ts', () => {
           description: undefined,
           name: 'bar',
         },
+        {
+          description: undefined,
+          name: 'echoUser',
+        },
       ]);
 
       const toolRes = await sseClient.callTool({
@@ -118,6 +144,14 @@ describe('plugin/controller/test/mcp/mcp.test.ts', () => {
       assert.deepEqual(toolRes, {
         content: [{ type: 'text', text: 'npm package: aaa not found' }],
       });
+
+      const userRes = await sseClient.callTool({
+        name: 'echoUser',
+        arguments: {},
+      });
+      assert.deepEqual(userRes, {
+        content: [{ type: 'text', text: 'hello akita' }],
+      });
       // notification
       const notificationResp = await startNotificationTool(sseClient);
       await new Promise(resolve => setTimeout(resolve, 5000));
@@ -181,7 +215,30 @@ describe('plugin/controller/test/mcp/mcp.test.ts', () => {
       });
       const baseUrl = await app.httpRequest()
         .post('/mcp/stream').url;
-      const streamableTransport = new StreamableHTTPClientTransport(new URL(baseUrl), { requestInit: { headers: { 'custom-session-id': 'custom-session-id' } } });
+      const streamableTransport = new StreamableHTTPClientTransport(
+        new URL(baseUrl),
+        {
+          authProvider: {
+            get redirectUrl() { return 'http://localhost/callback'; },
+            get clientMetadata() { return { redirect_uris: [ 'http://localhost/callback' ] }; },
+            clientInformation: () => ({ client_id: 'test-client-id', client_secret: 'test-client-secret' }),
+            tokens: () => {
+              return {
+                access_token: Buffer.from('akita').toString('base64'),
+                token_type: 'Bearer',
+              };
+            },
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            saveTokens: () => {},
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            redirectToAuthorization: () => {},
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            saveCodeVerifier: () => {},
+            codeVerifier: () => '',
+          },
+          requestInit: { headers: { 'custom-session-id': 'custom-session-id' } },
+        },
+      );
       const streamableNotifications: { level: string, data: string }[] = [];
       streamableClient.setNotificationHandler(LoggingMessageNotificationSchema, notification => {
         streamableNotifications.push({ level: notification.params.level, data: notification.params.data as string });
@@ -199,6 +256,10 @@ describe('plugin/controller/test/mcp/mcp.test.ts', () => {
           description: undefined,
           name: 'bar',
         },
+        {
+          description: undefined,
+          name: 'echoUser',
+        },
       ]);
 
       const toolRes = await streamableClient.callTool({
@@ -210,6 +271,14 @@ describe('plugin/controller/test/mcp/mcp.test.ts', () => {
       assert.deepEqual(toolRes, {
         content: [{ type: 'text', text: 'npm package: aaa not found' }],
       });
+
+      const userRes = await streamableClient.callTool({
+        name: 'echoUser',
+        arguments: {},
+      });
+      assert.deepEqual(userRes, {
+        content: [{ type: 'text', text: 'hello akita' }],
+      });
       // notification
       const notificationResp = await startNotificationTool(streamableClient);
       await new Promise(resolve => setTimeout(resolve, 5000));
@@ -279,7 +348,29 @@ describe('plugin/controller/test/mcp/mcp.test.ts', () => {
       });
       const baseUrl = await app.httpRequest()
         .post('/mcp/stateless/stream').url;
-      const streamableTransport = new StreamableHTTPClientTransport(new URL(baseUrl));
+      const streamableTransport = new StreamableHTTPClientTransport(
+        new URL(baseUrl),
+        {
+          authProvider: {
+            get redirectUrl() { return 'http://localhost/callback'; },
+            get clientMetadata() { return { redirect_uris: [ 'http://localhost/callback' ] }; },
+            clientInformation: () => ({ client_id: 'test-client-id', client_secret: 'test-client-secret' }),
+            tokens: () => {
+              return {
+                access_token: Buffer.from('akita').toString('base64'),
+                token_type: 'Bearer',
+              };
+            },
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            saveTokens: () => {},
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            redirectToAuthorization: () => {},
+            // eslint-disable-next-line @typescript-eslint/no-empty-function
+            saveCodeVerifier: () => {},
+            codeVerifier: () => '',
+          },
+        },
+      );
       const streamableNotifications: { level: string, data: string }[] = [];
       streamableClient.setNotificationHandler(LoggingMessageNotificationSchema, notification => {
         streamableNotifications.push({ level: notification.params.level, data: notification.params.data as string });
@@ -296,6 +387,10 @@ describe('plugin/controller/test/mcp/mcp.test.ts', () => {
           description: undefined,
           name: 'bar',
         },
+        {
+          description: undefined,
+          name: 'echoUser',
+        },
       ]);
 
       const toolRes = await streamableClient.callTool({
@@ -307,6 +402,14 @@ describe('plugin/controller/test/mcp/mcp.test.ts', () => {
       assert.deepEqual(toolRes, {
         content: [{ type: 'text', text: 'npm package: aaa not found' }],
       });
+
+      const userRes = await streamableClient.callTool({
+        name: 'echoUser',
+        arguments: {},
+      });
+      assert.deepEqual(userRes, {
+        content: [{ type: 'text', text: 'hello akita' }],
+      });
       // notification
       const notificationResp = await startNotificationTool(streamableClient);
       await new Promise(resolve => setTimeout(resolve, 5000));