chore: raise an error instead of starting the server and print a warning log

raisiqueira · raisiqueira · commit 46bc0f3fba40 · 2026-01-09T14:58:41.000-03:00
Signed-off-by: Rai Siqueira &lt;rai93siqueira@gmail.com&gt;
diff --git a/README.md b/README.md
@@ -139,6 +139,7 @@ django-ai-boost --settings myproject.settings --transport sse --auth-token "your
 - **Transport Support**:
   - ✅ **SSE Transport**: Full authentication support (HTTP-based)
   - ❌ **Stdio Transport**: No authentication (local-only, trusted environments)
+- **Error on Mismatch**: If you provide `--auth-token` with `--transport stdio`, the server will exit with an error to prevent false security assumptions
 
 #### Production Deployment
 
@@ -206,7 +207,9 @@ curl -H "Authorization: Bearer your-secret-token" http://127.0.0.1:8000/sse
 - Set `DJANGO_MCP_AUTH_TOKEN` environment variable or use `--auth-token`
 
 **"Authentication token provided but transport is 'stdio'"**
-- Authentication only works with `--transport sse`. Use SSE transport for authenticated access.
+- **This is now an error** that stops the server from starting
+- Authentication only works with `--transport sse`
+- Either use `--transport sse` with your token, or remove the `--auth-token` argument for stdio
 
 **"Running in production mode with stdio transport"**
 - This is OK for local/trusted environments, but stdio has no authentication capability
diff --git a/src/django_ai_boost/server_fastmcp.py b/src/django_ai_boost/server_fastmcp.py
@@ -104,15 +104,16 @@ def validate_and_create_auth(token: str | None, is_production: bool, transport:
             )
         return None
 
-    # Token with stdio - warn but allow
+    # Token with non-SSE transport - error
     if transport != "sse":
-        logger.warning(
-            "Authentication token provided but transport is '%s'. "
-            "Authentication only works with SSE transport (--transport sse). "
-            "Token will be ignored.",
-            transport,
+        raise ValueError(
+            f"Authentication token provided but transport is '{transport}'.\n"
+            "Bearer tokens only work with SSE transport.\n"
+            "\n"
+            "Choose one:\n"
+            "  1. Use SSE with authentication: --transport sse --auth-token <token>\n"
+            f"  2. Use {transport} without authentication: --transport {transport} (remove --auth-token)\n"
         )
-        return None
 
     # Valid: token + SSE
     logger.info("Authentication enabled with bearer token for SSE transport")
@@ -822,8 +823,8 @@ def run_server(
     Args:
         settings_module: Django settings module path
         transport: Transport type (stdio or sse)
-        host: Host to bind to for SSE transport
-        port: Port to bind to for SSE transport
+        host: Host to bind to for SSE transport (default: 127.0.0.1)
+        port: Port to bind to for SSE transport (default: 8000)
         auth_token: Bearer token for authentication (optional)
     """
     # Initialize Django before starting the server
diff --git a/test_auth_logic.py b/test_auth_logic.py
@@ -89,10 +89,28 @@ def test_validation_logic():
     print(f"   Prod+SSE+token: {type(result).__name__ if result else None}")
     assert result is not None, "Should create auth provider"
 
-    # Prod mode, token, stdio - Warning but OK
-    result = validate_and_create_auth("token", True, "stdio")
-    print(f"   Prod+stdio+token: {result} (should warn)")
-    assert result is None, "Should return None (auth doesn't work with stdio)"
+    # Dev mode, token, SSE - OK (creates provider)
+    result = validate_and_create_auth("token", False, "sse")
+    print(f"   Dev+SSE+token: {type(result).__name__ if result else None}")
+    assert result is not None, "Should create auth provider in dev mode too"
+
+    # Prod mode, token, stdio - ERROR
+    try:
+        result = validate_and_create_auth("token", True, "stdio")
+        print(f"   Prod+stdio+token: Should have raised error!")
+        assert False, "Should have raised ValueError"
+    except ValueError as e:
+        print(f"   Prod+stdio+token: Raised ValueError ✓")
+        assert "Bearer tokens only work with SSE transport" in str(e), "Error message should mention SSE requirement"
+
+    # Dev mode, token, stdio - ERROR (same as prod)
+    try:
+        result = validate_and_create_auth("token", False, "stdio")
+        print(f"   Dev+stdio+token: Should have raised error!")
+        assert False, "Should have raised ValueError"
+    except ValueError as e:
+        print(f"   Dev+stdio+token: Raised ValueError ✓")
+        assert "Bearer tokens only work with SSE transport" in str(e), "Error message should mention SSE requirement"
 
     # Prod mode, no token, SSE - ERROR
     try:
