From e04afaa6ffe1324d23638574303690affdbdfd30 Mon Sep 17 00:00:00 2001
From: hanishkvc <hanishkvc@gmail.com>
Date: Tue, 9 Dec 2025 21:01:25 +0530
Subject: [PATCH] SimpleSallap:SimpleMCP: Require auth line only for https

Also send 401 error response when appropriate
---
 tools/server/public_simplechat/local.tools/config.py    | 6 +++++-
 tools/server/public_simplechat/local.tools/simplemcp.py | 5 +++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/tools/server/public_simplechat/local.tools/config.py b/tools/server/public_simplechat/local.tools/config.py
index 370ebb9f52..ae0f124afd 100644
--- a/tools/server/public_simplechat/local.tools/config.py
+++ b/tools/server/public_simplechat/local.tools/config.py
@@ -43,7 +43,11 @@ class Sec(DictyDataclassMixin):
     certFile: str = ""
     keyFile: str = ""
     bearerAuth: str = ""
-    bAuthAlways: bool = True
+    bAuthAlways: bool = False
+    """
+    if true, expects authorization line irrespective of http / https
+    if false, authorization line needed only for https
+    """
 
 
 @dataclass
diff --git a/tools/server/public_simplechat/local.tools/simplemcp.py b/tools/server/public_simplechat/local.tools/simplemcp.py
index 1df6dab828..2e34f941b2 100644
--- a/tools/server/public_simplechat/local.tools/simplemcp.py
+++ b/tools/server/public_simplechat/local.tools/simplemcp.py
@@ -80,14 +80,14 @@ class ProxyHandler(http.server.BaseHTTPRequestHandler):
         bearer_transform()
         authline = self.headers['Authorization']
         if authline == None:
-            return mTC.TCOutResponse(False, 400, "WARN:No auth line")
+            return mTC.TCOutResponse(False, 401, "WARN:No auth line")
         authlineA = authline.strip().split(' ')
         if len(authlineA) != 2:
             return mTC.TCOutResponse(False, 400, "WARN:Invalid auth line")
         if authlineA[0] != 'Bearer':
             return mTC.TCOutResponse(False, 400, "WARN:Invalid auth type")
         if authlineA[1] != gMe.op.bearerTransformed:
-            return mTC.TCOutResponse(False, 400, "WARN:Invalid auth")
+            return mTC.TCOutResponse(False, 401, "WARN:Invalid auth")
         return mTC.TCOutResponse(True, 200, "Auth Ok")
 
     def send_mcp(self, statusCode: int, statusMessage: str, body: Any):
@@ -130,6 +130,7 @@ class ProxyHandler(http.server.BaseHTTPRequestHandler):
 
     def mcp_run(self, body: bytes):
         oRPC = json.loads(body)
+        print(f"DBUG:PH:MCP:Method:{oRPC['method']}")
         if oRPC["method"] == "tools/call":
             self.mcp_toolscall(oRPC)
         elif oRPC["method"] == "tools/list":