Skip to content

Commit eba26b0

Browse files
zhjch05zhjch05
authored
Merge pull request #154 from metatool-ai/2.4.14
2.4.14 Multiple improvements and fixes
2 parents d2e0c9c + 692486c commit eba26b0

File tree

76 files changed

+7257
-165
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

76 files changed

+7257
-165
lines changed

README.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -260,6 +260,7 @@ For more details and alternative approaches, see [issue #76](https://github.com/
260260
- 🔑 **API key authentication** for external access via `Authorization: Bearer <api-key>` header
261261
- 🪪 **MCP OAuth**: Exposed endpoints have options to use standard OAuth in MCP Spec 2025-06-18, easy to connect.
262262
- 🏢 **Multi-tenancy**: Designed for organizations to deploy on their own machines. Supports both private and public access scopes. Users can create MCPs, namespaces, endpoints, and API keys for themselves or for everyone. Public API keys cannot access private MetaMCPs.
263+
- ⚙️ **Separate Registration Controls**: Administrators can independently control UI registration and SSO/OAuth registration through the settings page, allowing for flexible enterprise deployment scenarios.
263264

264265
## 🔗 OpenID Connect (OIDC) Provider Support
265266

@@ -304,6 +305,34 @@ Once configured, users will see a **"Sign in with OIDC"** button on the login pa
304305

305306
For more detailed configuration examples and troubleshooting, see **[CONTRIBUTING.md](CONTRIBUTING.md#openid-connect-oidc-provider-setup)**.
306307

308+
## ⚙️ Registration Controls
309+
310+
MetaMCP provides **separate controls** for different registration methods, allowing administrators to fine-tune user access policies for enterprise deployments.
311+
312+
### 🎛️ **Available Controls**
313+
314+
- **UI Registration**: Controls whether users can create accounts via the registration form
315+
- **SSO Registration**: Controls whether users can create accounts via SSO/OAuth providers (OIDC, etc.)
316+
317+
### 🏢 **Enterprise Use Cases**
318+
319+
This separation enables common enterprise scenarios:
320+
321+
- **Block UI registration, allow SSO**: Prevent manual signups while allowing corporate SSO users
322+
- **Block SSO registration, allow UI**: Allow manual signups while restricting SSO access
323+
- **Block both**: Completely disable new user registration
324+
- **Allow both**: Default behavior for open deployments
325+
326+
### 🛠️ **Configuration**
327+
328+
Access the **Settings** page in the MetaMCP admin interface to configure these controls:
329+
330+
1. Navigate to **Settings****Authentication Settings**
331+
2. Toggle **"Disable UI Registration"** to control form-based signups
332+
3. Toggle **"Disable SSO Registration"** to control OAuth/OIDC signups
333+
334+
Both controls work independently, giving you full flexibility over your registration policy.
335+
307336
## 🌐 Custom Deployment and SSE conf for Nginx
308337

309338
If you want to deploy it to a online service or a VPS, a instance of at least 2GB-4GB of memory is required. And the larger size, the better performance.

README_cn.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -238,6 +238,7 @@ pnpm dev
238238
- 🔑 **API key 认证**,外部访问时通过 `Authorization: Bearer <api-key>` 头部
239239
- 🪪 **MCP OAuth**:暴露的端点可选择使用 MCP Spec 2025-06-18 标准 OAuth,便于连接。
240240
- 🏢 **多租户**:为组织部署在自己的机器上而设计。支持私有和公共访问范围。用户可以为自己或为所有人创建 MCP、命名空间、端点和 API key。公共 API key 无法访问私有 MetaMCP。
241+
- ⚙️ **独立注册控制**:管理员可以通过设置页面独立控制界面注册和 SSO/OAuth 注册,为企业部署场景提供灵活的配置选项。
241242

242243
## 🔗 OpenID Connect (OIDC) 提供商支持
243244

@@ -282,6 +283,34 @@ MetaMCP 已通过主流 OIDC 提供商测试:
282283

283284
更详细的配置示例和故障排除,请参见 **[CONTRIBUTING.md](CONTRIBUTING.md#openid-connect-oidc-provider-setup)**
284285

286+
## ⚙️ 注册控制
287+
288+
MetaMCP 提供**独立控制**不同注册方法的功能,允许管理员为企业部署微调用户访问策略。
289+
290+
### 🎛️ **可用控制**
291+
292+
- **界面注册**:控制用户是否可以通过注册表单创建账户
293+
- **SSO 注册**:控制用户是否可以通过 SSO/OAuth 提供商(OIDC 等)创建账户
294+
295+
### 🏢 **企业使用场景**
296+
297+
这种分离支持常见的企业场景:
298+
299+
- **阻止界面注册,允许 SSO**:防止手动注册,同时允许企业 SSO 用户
300+
- **阻止 SSO 注册,允许界面**:允许手动注册,同时限制 SSO 访问
301+
- **阻止两者**:完全禁用新用户注册
302+
- **允许两者**:开放部署的默认行为
303+
304+
### 🛠️ **配置**
305+
306+
访问 MetaMCP 管理界面的**设置**页面来配置这些控制:
307+
308+
1. 导航到**设置****身份验证设置**
309+
2. 切换**"禁用界面注册"**来控制基于表单的注册
310+
3. 切换**"禁用 SSO 注册"**来控制 OAuth/OIDC 注册
311+
312+
两个控制独立工作,为您提供注册策略的完全灵活性。
313+
285314
## 🌐 自定义部署和 Nginx 的 SSE 配置
286315

287316
如果你想将其部署到在线服务或 VPS,需要至少 2GB-4GB 内存的实例。内存越大,性能越好。

apps/backend/drizzle/0006_volatile_inhumans.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
CREATE TYPE "public"."mcp_server_error_status" AS ENUM('NONE', 'ERROR');--> statement-breakpoint
2+
ALTER TABLE "namespace_server_mappings" ADD COLUMN "error_status" "mcp_server_error_status" DEFAULT 'NONE' NOT NULL;--> statement-breakpoint
3+
CREATE INDEX "namespace_server_mappings_error_status_idx" ON "namespace_server_mappings" USING btree ("error_status");

apps/backend/drizzle/0007_elite_madame_masque.sql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
ALTER TABLE "mcp_servers" ADD COLUMN "error_status" "mcp_server_error_status" DEFAULT 'NONE' NOT NULL;--> statement-breakpoint
2+
CREATE INDEX "mcp_servers_error_status_idx" ON "mcp_servers" USING btree ("error_status");

apps/backend/drizzle/0008_shallow_puppet_master.sql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
DROP INDEX "namespace_server_mappings_error_status_idx";--> statement-breakpoint
2+
ALTER TABLE "namespace_server_mappings" DROP COLUMN "error_status";

0 commit comments

Comments
 (0)