Kite MCP Server

kite-mcp
equity

AUTH_README.md•5.17 kB

# Authentication System - Quick Reference ## 🚀 Quick Start ### 1. Setup (Choose One) **Automated (Recommended):** ```bash cd equity/scripts ./setup-long-sessions.sh ``` **Manual:** ```bash # Generate secret openssl rand -base64 32 # Add to env.local as NEXTAUTH_SECRET # Run migration mysql -u db -p oneapp < scripts/migrate-nextauth-sessions.sql # Start app npm run dev ``` ### 2. Test ```bash # Visit http://localhost:3000/login # Login and check DevTools → Cookies # next-auth.session-token should expire in ~30 days ``` ## 📚 Documentation Files | File | Purpose | |------|---------| | `SETUP_INSTRUCTIONS.md` | **Start here** - Quick setup guide | | `LONG_SESSION_AUTH_SETUP.md` | Comprehensive documentation | | `AUTHENTICATION_UPGRADE.md` | Migration overview & changes | | `DEPLOYMENT_CHECKLIST.md` | Step-by-step deployment | | `AUTH_README.md` | This file - quick reference | ## ✨ What's New - ✅ **30-day sessions** (was 24 hours) - ✅ **Database-backed** for OAuth - ✅ **Auto-refresh** every 24h - ✅ **Secure cookies** (httpOnly, sameSite) - ✅ **Automatic cleanup** of expired sessions ## 🔐 Key Configuration **Session Duration:** 30 days **Auto-Refresh:** Every 24 hours **Strategy:** Hybrid (JWT + Database) **Cookie:** httpOnly, secure (prod), sameSite=lax ## 🗄️ Database Tables ```sql -- Active sessions (OAuth) sessions (id, user_id, session_token, expires, ...) -- Email verification verification_tokens (identifier, token, expires) ``` ## 🔧 Quick Commands ```bash # Check active sessions mysql -u db -p oneapp -e "SELECT COUNT(*) FROM sessions WHERE expires > NOW()" # View session details mysql -u db -p oneapp -e "SELECT u.email, s.expires FROM sessions s JOIN users u ON s.user_id = u.id WHERE s.expires > NOW()" # Clean expired sessions (manual) mysql -u db -p oneapp -e "DELETE FROM sessions WHERE expires <= NOW()" # Generate secret openssl rand -base64 32 # Start dev server cd equity && npm run dev ``` ## 🐛 Troubleshooting | Issue | Solution | |-------|----------| | Can't login | Check NEXTAUTH_SECRET is set | | Session expires quickly | Verify maxAge = 30 days everywhere | | Database error | Run migration script | | OAuth not working | Check provider credentials | | Cleanup not running | Enable event_scheduler | ## 📁 Modified Files **Created:** - `lib/nextauth-adapter.ts` - `scripts/migrate-nextauth-sessions.sql` - `scripts/setup-long-sessions.sh` - Documentation files (this and others) **Modified:** - `app/api/auth/[...nextauth]/route.ts` - `env.local` (or `../env.local`) ## 🔑 Required Environment Variables ```bash # Essential NEXTAUTH_SECRET=<min-32-chars> # NEVER commit this! NEXTAUTH_URL=http://localhost:3000 DATABASE_HOST=localhost DATABASE_USER=db DATABASE_PASSWORD=db DATABASE_NAME=oneapp # Optional GOOGLE_CLIENT_ID=<your-id> GOOGLE_CLIENT_SECRET=<your-secret> ``` ## ✅ Testing Checklist - [ ] Login with credentials - [ ] Login with Google (if configured) - [ ] Check cookie expiry (30 days) - [ ] Close/reopen browser (still logged in) - [ ] Test logout - [ ] Verify database has sessions - [ ] Check cleanup event exists ## 📊 Monitoring Queries ```sql -- Active sessions SELECT COUNT(*) FROM sessions WHERE expires > NOW(); -- Sessions by user SELECT u.email, COUNT(*) as sessions FROM sessions s JOIN users u ON s.user_id = u.id WHERE s.expires > NOW() GROUP BY u.email; -- Sessions created today SELECT COUNT(*) FROM sessions WHERE DATE(created_at) = CURDATE(); -- Average session age SELECT AVG(TIMESTAMPDIFF(DAY, created_at, NOW())) FROM sessions WHERE expires > NOW(); ``` ## 🚨 Important Notes ⚠️ **All users will be logged out** after deployment (need to re-login once) ⚠️ **Never change NEXTAUTH_SECRET** (invalidates all sessions) ⚠️ **Secure NEXTAUTH_SECRET** (min 32 chars, random, keep secret) ✅ **All data is safe** (no data loss during migration) ✅ **Fully backward compatible** (existing features work) ## 🎯 Session Flow ``` Credentials Login: User → Email/Password → JWT Token → 30d Cookie → Auto-refresh OAuth Login: User → Google → Database Session → 30d Cookie → Auto-refresh ``` ## 🔒 Security Features - httpOnly cookies (no JS access) - CSRF protection (sameSite) - HTTPS only in production - Session validation on every request - Automatic expiry - Daily cleanup ## 📞 Support **Stuck?** Check the documentation: 1. `SETUP_INSTRUCTIONS.md` - Setup help 2. `LONG_SESSION_AUTH_SETUP.md` - Detailed guide 3. `AUTHENTICATION_UPGRADE.md` - What changed 4. [NextAuth Docs](https://next-auth.js.org/) ## 🎉 Success Indicators - Users stay logged in for days - No frequent "please login" messages - Sessions auto-refresh seamlessly - Database stays clean (auto-cleanup) - No authentication errors --- **Version:** 1.0 **Status:** Production Ready ✅ **Tested:** Yes ✅ **Session Duration:** 30 days **Auto-Refresh:** 24 hours **Next Steps:** 1. Read `SETUP_INSTRUCTIONS.md` 2. Run setup script or migration 3. Test locally 4. Follow `DEPLOYMENT_CHECKLIST.md` for production --- Need help? Start with `SETUP_INSTRUCTIONS.md` 📖

Loading blob content...

Latest Blog Posts

How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP
What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/chandantherefore/kite-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

AUTH_README.md•5.17 kB