examples: bind auth-middleware server to localhost by default (#784)

The auth-middleware example currently defaults to `-http :8080`, which
binds to all interfaces (LAN-exposed) by default.

This changes the default to `localhost:8080` and adds a short comment
noting `-http 0.0.0.0:8080` if you intentionally want to expose it.

Rationale: this example serves token-generation endpoints and
authenticated MCP routes; binding loopback by default avoids accidental
exposure while keeping the opt-in remote behavior.

---------

Co-authored-by: Theodor N. Engøy <theodornengoy@Mac.home>
Co-authored-by: Theodor N. Engøy <theodornengoy@eduroam-193-157-246-146.wlan.uio.no>

Author: 3 people

examples/server/auth-middleware/main.go

@@ -26,7 +26,9 @@ import (
 // This example demonstrates how to integrate auth.RequireBearerToken middleware
 // with an MCP server to provide authenticated access to MCP tools and resources.
 
-var httpAddr = flag.String("http", ":8080", "HTTP address to listen on")
+// Default to loopback to avoid exposing powerful demo endpoints to the local network.
+// Set -http 0.0.0.0:8080 to intentionally expose it.
+var httpAddr = flag.String("http", "localhost:8080", "HTTP address to listen on")
 
 // JWTClaims represents the claims in our JWT tokens.
 // In a real application, you would include additional claims like issuer, audience, etc.

scripts/server-conformance.sh

@@ -70,8 +70,8 @@ fi
 go build -o "$WORKDIR/conformance-server" ./conformance/everything-server
 
 # Start the server in the background
-echo "Starting conformance server on port $PORT..."
-"$WORKDIR/conformance-server" -http=":$PORT" &
+echo "Starting conformance server on localhost:$PORT..."
+"$WORKDIR/conformance-server" -http="localhost:$PORT" &
 SERVER_PID=$!
 
 echo "Server pid is $SERVER_PID"