import express from "express";
import { createAuthMiddleware } from "./auth.js";
import { createHealthRouter } from "./health.js";
import { createMcpRouter } from "./router.js";
import type { ServerManager } from "../client/manager.js";
import type { AuthConfig } from "../config/schema.js";
import logger from "../utils/logger.js";
export function createApp(
manager: ServerManager,
authConfig: AuthConfig,
): express.Application {
const app = express();
// Body parsing - need raw JSON for MCP protocol
app.use(express.json());
// Request logging
app.use((req, _res, next) => {
logger.debug(`${req.method} ${req.path}`, {
sessionId: req.headers["mcp-session-id"],
});
next();
});
// Health endpoint (no auth required)
app.use(createHealthRouter(manager));
// Auth middleware for MCP endpoints (applied globally, checks path internally)
app.use(createAuthMiddleware(authConfig));
// MCP routes
app.use(createMcpRouter(manager));
// Error handler
app.use(
(
err: Error,
_req: express.Request,
res: express.Response,
_next: express.NextFunction,
) => {
logger.error("Unhandled error", {
error: err.message,
stack: err.stack,
});
res.status(500).json({ error: "Internal server error" });
},
);
return app;
}
