belgie-mcp 0.3.1__py3-none-any.whl → 0.4.0__py3-none-any.whl

belgie_mcp/__init__.py

@@ -1,11 +1,13 @@
 from belgie_mcp.metadata import create_protected_resource_metadata_router
 from belgie_mcp.plugin import McpPlugin
+from belgie_mcp.user import get_user_from_access_token
 from belgie_mcp.verifier import BelgieOAuthTokenVerifier, mcp_auth, mcp_token_verifier
 
 __all__ = [
     "BelgieOAuthTokenVerifier",
     "McpPlugin",
     "create_protected_resource_metadata_router",
+    "get_user_from_access_token",
     "mcp_auth",
     "mcp_token_verifier",
 ]

belgie_mcp/user.py

@@ -0,0 +1,112 @@
+from __future__ import annotations
+
+import base64
+import binascii
+import json
+from dataclasses import dataclass
+from typing import TYPE_CHECKING, Any, ClassVar, Final
+from uuid import UUID
+
+from mcp.server.auth.middleware.auth_context import get_access_token
+
+if TYPE_CHECKING:
+    from belgie_core.core.belgie import Belgie
+    from belgie_proto import DBConnection, UserProtocol
+    from mcp.server.auth.provider import AccessToken
+
+
+@dataclass(frozen=True, slots=True, kw_only=True)
+class UserLookup:
+    claim: str = "sub"
+    MIN_PARTS: ClassVar[Final[int]] = 2
+
+    async def get_user_from_access_token(self, belgie: Belgie) -> UserProtocol | None:
+        if belgie.db is None:
+            msg = "Belgie.db must be configured before calling get_user_from_access_token"
+            raise RuntimeError(msg)
+
+        access_token = get_access_token()
+        if access_token is None:
+            return None
+
+        token_value = self._extract_token_value(access_token)
+        if token_value is None:
+            return None
+
+        payload = self._decode_jwt_payload(token_value)
+        if payload is None:
+            return None
+
+        claim_value = payload.get(self.claim)
+        if not isinstance(claim_value, str):
+            return None
+
+        try:
+            user_id = UUID(claim_value)
+        except ValueError:
+            return None
+
+        return await self._load_user_from_belgie(belgie, user_id)
+
+    @staticmethod
+    def _extract_token_value(access_token: AccessToken) -> str | None:
+        token_value = getattr(access_token, "token", None)
+        if isinstance(token_value, str) and token_value:
+            return token_value
+        return None
+
+    @classmethod
+    def _decode_jwt_payload(cls, token: str) -> dict[str, Any] | None:
+        parts = token.split(".")
+        if len(parts) < cls.MIN_PARTS:
+            return None
+
+        payload_segment = parts[1]
+        payload_bytes = cls._base64url_decode(payload_segment)
+        if payload_bytes is None:
+            return None
+
+        try:
+            payload = json.loads(payload_bytes.decode("utf-8"))
+        except (json.JSONDecodeError, UnicodeDecodeError):
+            return None
+
+        if not isinstance(payload, dict):
+            return None
+
+        return payload
+
+    @staticmethod
+    def _base64url_decode(value: str) -> bytes | None:
+        if not value:
+            return None
+
+        padding = "=" * (-len(value) % 4)
+        try:
+            return base64.urlsafe_b64decode(f"{value}{padding}")
+        except (ValueError, binascii.Error):
+            return None
+
+    async def _load_user_from_belgie(self, belgie: Belgie, user_id: UUID) -> UserProtocol | None:
+        dependency = belgie.db.dependency
+        db_or_generator = dependency()
+
+        if self._is_async_generator(db_or_generator):
+            async for db in db_or_generator:
+                return await self._load_user_from_db(belgie, db, user_id)
+            return None
+
+        return await self._load_user_from_db(belgie, db_or_generator, user_id)
+
+    @staticmethod
+    def _is_async_generator(value: object) -> bool:
+        return hasattr(value, "__aiter__")
+
+    @staticmethod
+    async def _load_user_from_db(belgie: Belgie, db: DBConnection, user_id: UUID) -> UserProtocol | None:
+        client = belgie(db)
+        return await client.adapter.get_user_by_id(client.db, user_id)
+
+
+async def get_user_from_access_token(belgie: Belgie) -> UserProtocol | None:
+    return await UserLookup().get_user_from_access_token(belgie)

{belgie_mcp-0.3.1.dist-info → belgie_mcp-0.4.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: belgie-mcp
-Version: 0.3.1
+Version: 0.4.0
 Summary: Add your description here
 Author: Matt LeMay
 Author-email: Matt LeMay <mplemay@users.noreply.github.com>

belgie_mcp-0.4.0.dist-info/RECORD

@@ -0,0 +1,9 @@
+belgie_mcp/__init__.py,sha256=7kREKGNDhhvwJs8Sm3d0FziJUTV6jciN_w3uUNGVHCE,445
+belgie_mcp/metadata.py,sha256=OWnxWCrKDzPcTL5M4JWU0NcnK6KHxGR5F10pjNECkQ4,1651
+belgie_mcp/plugin.py,sha256=RqUQq9yfWEfw_J8qJXZjaVCWrNjVD-Y39Ls1PnJHSAA,2607
+belgie_mcp/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+belgie_mcp/user.py,sha256=b9Ba22HIapffexEa1xo4zQkNDO8O5iKlbIddzOWM7I4,3529
+belgie_mcp/verifier.py,sha256=CWuBZjp6dNvZ-qm2cjn_cqNzC26Acv3x7e_6jHazIO8,4686
+belgie_mcp-0.4.0.dist-info/WHEEL,sha256=iHtWm8nRfs0VRdCYVXocAWFW8ppjHL-uTJkAdZJKOBM,80
+belgie_mcp-0.4.0.dist-info/METADATA,sha256=QgOR5cZUiDLT3_pe6H1ghvkvZ3N9cNvi3f5FbnOMek0,322
+belgie_mcp-0.4.0.dist-info/RECORD,,

belgie_mcp-0.3.1.dist-info/RECORD

@@ -1,8 +0,0 @@
-belgie_mcp/__init__.py,sha256=Ci70TriZn02SP8Ak0YEJ37qDQX7Uy_1M6sUlqcziXIY,356
-belgie_mcp/metadata.py,sha256=OWnxWCrKDzPcTL5M4JWU0NcnK6KHxGR5F10pjNECkQ4,1651
-belgie_mcp/plugin.py,sha256=RqUQq9yfWEfw_J8qJXZjaVCWrNjVD-Y39Ls1PnJHSAA,2607
-belgie_mcp/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-belgie_mcp/verifier.py,sha256=CWuBZjp6dNvZ-qm2cjn_cqNzC26Acv3x7e_6jHazIO8,4686
-belgie_mcp-0.3.1.dist-info/WHEEL,sha256=iHtWm8nRfs0VRdCYVXocAWFW8ppjHL-uTJkAdZJKOBM,80
-belgie_mcp-0.3.1.dist-info/METADATA,sha256=ROO2vpgh0HOgv-6CCmebed-MuV6jzSkwMcXguS2U0J0,322
-belgie_mcp-0.3.1.dist-info/RECORD,,