mcp-code-indexer 3.5.5__py3-none-any.whl → 3.6.0__py3-none-any.whl

mcp_code_indexer/main.py

@@ -116,6 +116,41 @@ def parse_arguments() -> argparse.Namespace:
         help="Create local database in specified folder and migrate project data from global DB",
     )
 
+    # HTTP transport options
+    parser.add_argument(
+        "--http",
+        action="store_true",
+        help="Enable HTTP transport instead of stdio (requires 'http' extras)",
+    )
+    
+    parser.add_argument(
+        "--host",
+        type=str,
+        default="127.0.0.1",
+        help="Host to bind HTTP server to (default: 127.0.0.1)",
+    )
+    
+    parser.add_argument(
+        "--port",
+        type=int,
+        default=7557,
+        help="Port to bind HTTP server to (default: 7557)",
+    )
+    
+    parser.add_argument(
+        "--auth-token",
+        type=str,
+        help="Bearer token for HTTP authentication (optional)",
+    )
+    
+    parser.add_argument(
+        "--cors-origins",
+        type=str,
+        nargs="*",
+        default=["*"],
+        help="Allowed CORS origins for HTTP transport (default: allow all)",
+    )
+
     return parser.parse_args()
 
 
@@ -961,10 +996,40 @@ async def main() -> None:
     try:
         # Import and run the MCP server
         from .server.mcp_server import MCPCodeIndexServer
+        
+        # Create transport based on arguments
+        transport = None
+        if args.http:
+            from .transport.http_transport import HTTPTransport
+            transport = HTTPTransport(
+                server_instance=None,  # Will be set after server creation
+                host=args.host,
+                port=args.port,
+                auth_token=args.auth_token,
+                cors_origins=args.cors_origins,
+            )
+            logger.info(
+                "HTTP transport configured",
+                extra={
+                    "structured_data": {
+                        "host": args.host,
+                        "port": args.port,
+                        "auth_enabled": transport.auth_token is not None,
+                        "cors_origins": args.cors_origins,
+                    }
+                },
+            )
 
         server = MCPCodeIndexServer(
-            token_limit=args.token_limit, db_path=db_path, cache_dir=cache_dir
+            token_limit=args.token_limit,
+            db_path=db_path,
+            cache_dir=cache_dir,
+            transport=transport,
         )
+        
+        # Set server instance in transport after server creation
+        if transport:
+            transport.server = server
 
         await server.run()
 

mcp_code_indexer/middleware/__init__.py

@@ -1,7 +1,12 @@
 """
-Middleware components for the MCP Code Indexer.
+Middleware components for MCP Code Indexer.
+
+This module provides middleware for HTTP transport features like
+logging, authentication, and security.
 """
 
-from .error_middleware import ToolMiddleware, AsyncTaskManager, create_tool_middleware
+from .logging import HTTPLoggingMiddleware
+from .auth import HTTPAuthMiddleware
+from .security import HTTPSecurityMiddleware
 
-__all__ = ["ToolMiddleware", "AsyncTaskManager", "create_tool_middleware"]
+__all__ = ["HTTPLoggingMiddleware", "HTTPAuthMiddleware", "HTTPSecurityMiddleware"]

mcp_code_indexer/middleware/auth.py

@@ -0,0 +1,228 @@
+"""
+HTTP authentication middleware for MCP Code Indexer.
+
+Provides Bearer token authentication for HTTP transport.
+"""
+
+import logging
+from typing import Optional
+
+try:
+    from fastapi import HTTPException, Request
+    from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+    from starlette.middleware.base import BaseHTTPMiddleware
+except ImportError as e:
+    raise ImportError(
+        "HTTP middleware dependencies not installed. "
+        "This should not happen as they are now required dependencies. "
+        "Please reinstall mcp-code-indexer."
+    ) from e
+
+logger = logging.getLogger(__name__)
+
+
+class HTTPAuthMiddleware(BaseHTTPMiddleware):
+    """
+    HTTP authentication middleware using Bearer tokens.
+    
+    Validates Bearer tokens for protected endpoints while allowing
+    public endpoints to pass through.
+    """
+    
+    def __init__(
+        self,
+        app,
+        auth_token: Optional[str] = None,
+        public_paths: Optional[list] = None,
+    ):
+        """
+        Initialize HTTP authentication middleware.
+        
+        Args:
+            app: FastAPI application instance
+            auth_token: Expected Bearer token for authentication
+            public_paths: List of paths that don't require authentication
+        """
+        super().__init__(app)
+        self.auth_token = auth_token
+        self.public_paths = public_paths or ["/health", "/docs", "/openapi.json"]
+        self.logger = logger.getChild("http_auth")
+        
+        # Only enable auth if token is provided
+        self.auth_enabled = auth_token is not None
+        
+        if self.auth_enabled:
+            self.logger.info("HTTP authentication enabled")
+        else:
+            self.logger.info("HTTP authentication disabled")
+    
+    async def dispatch(self, request: Request, call_next):
+        """
+        Process HTTP request and validate authentication.
+        
+        Args:
+            request: FastAPI request object
+            call_next: Next middleware in chain
+            
+        Returns:
+            HTTP response
+            
+        Raises:
+            HTTPException: If authentication fails
+        """
+        # Skip authentication for public paths
+        if not self.auth_enabled or request.url.path in self.public_paths:
+            return await call_next(request)
+        
+        # Extract Authorization header
+        auth_header = request.headers.get("authorization")
+        
+        if not auth_header:
+            self.logger.warning(
+                f"Missing authorization header for {request.url.path}",
+                extra={
+                    "structured_data": {
+                        "path": request.url.path,
+                        "client_ip": self._get_client_ip(request),
+                        "user_agent": request.headers.get("user-agent", ""),
+                    }
+                },
+            )
+            raise HTTPException(
+                status_code=401,
+                detail="Authorization header required",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+        
+        # Validate Bearer token format
+        if not auth_header.startswith("Bearer "):
+            self.logger.warning(
+                f"Invalid authorization format for {request.url.path}",
+                extra={
+                    "structured_data": {
+                        "path": request.url.path,
+                        "auth_format": auth_header.split(" ")[0] if " " in auth_header else auth_header,
+                        "client_ip": self._get_client_ip(request),
+                    }
+                },
+            )
+            raise HTTPException(
+                status_code=401,
+                detail="Invalid authorization format. Use: Bearer <token>",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+        
+        # Extract and validate token
+        token = auth_header[7:]  # Remove "Bearer " prefix
+        
+        if token != self.auth_token:
+            self.logger.warning(
+                f"Invalid token for {request.url.path}",
+                extra={
+                    "structured_data": {
+                        "path": request.url.path,
+                        "token_prefix": token[:8] + "..." if len(token) > 8 else token,
+                        "client_ip": self._get_client_ip(request),
+                    }
+                },
+            )
+            raise HTTPException(
+                status_code=401,
+                detail="Invalid authentication token",
+                headers={"WWW-Authenticate": "Bearer"},
+            )
+        
+        # Token is valid, proceed with request
+        self.logger.debug(
+            f"Authentication successful for {request.url.path}",
+            extra={
+                "structured_data": {
+                    "path": request.url.path,
+                    "client_ip": self._get_client_ip(request),
+                }
+            },
+        )
+        
+        return await call_next(request)
+    
+    def _get_client_ip(self, request: Request) -> str:
+        """Extract client IP address from request."""
+        # Check for forwarded headers
+        forwarded_for = request.headers.get("x-forwarded-for")
+        if forwarded_for:
+            return forwarded_for.split(",")[0].strip()
+            
+        real_ip = request.headers.get("x-real-ip")
+        if real_ip:
+            return real_ip
+            
+        # Fall back to direct client IP
+        if hasattr(request.client, "host"):
+            return request.client.host
+            
+        return "unknown"
+
+
+class TokenValidator:
+    """
+    Utility class for token validation logic.
+    
+    Provides methods for validating different token formats
+    and managing token-based authentication.
+    """
+    
+    @staticmethod
+    def validate_bearer_token(token: str, expected_token: str) -> bool:
+        """
+        Validate Bearer token against expected value.
+        
+        Args:
+            token: Token to validate
+            expected_token: Expected token value
+            
+        Returns:
+            True if token is valid, False otherwise
+        """
+        if not token or not expected_token:
+            return False
+            
+        # Simple string comparison for now
+        # In production, consider using constant-time comparison
+        return token == expected_token
+    
+    @staticmethod
+    def generate_token(length: int = 32) -> str:
+        """
+        Generate a random token for authentication.
+        
+        Args:
+            length: Length of token to generate
+            
+        Returns:
+            Random token string
+        """
+        import secrets
+        import string
+        
+        alphabet = string.ascii_letters + string.digits
+        return ''.join(secrets.choice(alphabet) for _ in range(length))
+    
+    @staticmethod
+    def mask_token(token: str, visible_chars: int = 8) -> str:
+        """
+        Mask token for logging purposes.
+        
+        Args:
+            token: Token to mask
+            visible_chars: Number of characters to show
+            
+        Returns:
+            Masked token string
+        """
+        if not token:
+            return ""
+            
+        if len(token) <= visible_chars:
+            return "*" * len(token)
+            
+        return token[:visible_chars] + "..." + "*" * (len(token) - visible_chars)

mcp_code_indexer/middleware/logging.py

@@ -0,0 +1,274 @@
+"""
+HTTP logging middleware for MCP Code Indexer.
+
+Provides request/response logging and monitoring for HTTP transport.
+"""
+
+import json
+import logging
+import time
+from typing import Any, Dict, Optional
+
+try:
+    from fastapi import Request, Response
+    from fastapi.responses import StreamingResponse
+    from starlette.middleware.base import BaseHTTPMiddleware
+except ImportError as e:
+    raise ImportError(
+        "HTTP middleware dependencies not installed. "
+        "This should not happen as they are now required dependencies. "
+        "Please reinstall mcp-code-indexer."
+    ) from e
+
+logger = logging.getLogger(__name__)
+
+
+class HTTPLoggingMiddleware(BaseHTTPMiddleware):
+    """
+    HTTP request/response logging middleware.
+    
+    Logs HTTP requests and responses with performance metrics
+    and structured data for monitoring.
+    """
+    
+    def __init__(self, app: Any, log_level: str = "INFO"):
+        """
+        Initialize HTTP logging middleware.
+        
+        Args:
+            app: FastAPI application instance
+            log_level: Logging level for HTTP requests
+        """
+        super().__init__(app)
+        self.log_level = getattr(logging, log_level.upper())
+        self.logger = logger.getChild("http_access")
+        self.logger.setLevel(self.log_level)
+        
+    async def dispatch(self, request: Request, call_next) -> Response:
+        """
+        Process HTTP request and log access information.
+        
+        Args:
+            request: FastAPI request object
+            call_next: Next middleware in chain
+            
+        Returns:
+            HTTP response
+        """
+        start_time = time.time()
+        request_id = self._generate_request_id(request)
+        
+        # Extract client information
+        client_ip = self._get_client_ip(request)
+        user_agent = request.headers.get("user-agent", "")
+        
+        # Log incoming request
+        self.logger.info(
+            f"HTTP {request.method} {request.url.path}",
+            extra={
+                "structured_data": {
+                    "event_type": "http_request",
+                    "request_id": request_id,
+                    "method": request.method,
+                    "path": request.url.path,
+                    "query_params": dict(request.query_params),
+                    "client_ip": client_ip,
+                    "user_agent": user_agent,
+                    "content_length": request.headers.get("content-length"),
+                    "content_type": request.headers.get("content-type"),
+                }
+            },
+        )
+        
+        # Add request ID to request state for use in handlers
+        request.state.request_id = request_id
+        
+        try:
+            # Process request
+            response = await call_next(request)
+            
+            # Calculate processing time
+            process_time = time.time() - start_time
+            
+            # Log response
+            self._log_response(
+                request_id=request_id,
+                method=request.method,
+                path=request.url.path,
+                status_code=response.status_code,
+                process_time=process_time,
+                response=response,
+            )
+            
+            # Add performance headers
+            response.headers["X-Process-Time"] = str(process_time)
+            response.headers["X-Request-ID"] = request_id
+            
+            return response
+            
+        except Exception as e:
+            # Log error
+            process_time = time.time() - start_time
+            
+            self.logger.error(
+                f"HTTP {request.method} {request.url.path} - ERROR",
+                extra={
+                    "structured_data": {
+                        "event_type": "http_error",
+                        "request_id": request_id,
+                        "method": request.method,
+                        "path": request.url.path,
+                        "error_type": type(e).__name__,
+                        "error_message": str(e),
+                        "process_time": process_time,
+                    }
+                },
+            )
+            
+            raise
+    
+    def _generate_request_id(self, request: Request) -> str:
+        """Generate unique request ID."""
+        import uuid
+        return str(uuid.uuid4())[:8]
+    
+    def _get_client_ip(self, request: Request) -> str:
+        """Extract client IP address from request."""
+        # Check for forwarded headers
+        forwarded_for = request.headers.get("x-forwarded-for")
+        if forwarded_for:
+            return forwarded_for.split(",")[0].strip()
+            
+        real_ip = request.headers.get("x-real-ip")
+        if real_ip:
+            return real_ip
+            
+        # Fall back to direct client IP
+        if hasattr(request.client, "host"):
+            return request.client.host
+            
+        return "unknown"
+    
+    def _log_response(
+        self,
+        request_id: str,
+        method: str,
+        path: str,
+        status_code: int,
+        process_time: float,
+        response: Response,
+    ) -> None:
+        """Log HTTP response information."""
+        # Determine log level based on status code
+        if status_code >= 500:
+            log_level = logging.ERROR
+        elif status_code >= 400:
+            log_level = logging.WARNING
+        else:
+            log_level = self.log_level
+        
+        # Extract response information
+        content_length = response.headers.get("content-length")
+        content_type = response.headers.get("content-type")
+        
+        # Check if this is a streaming response
+        is_streaming = isinstance(response, StreamingResponse)
+        
+        self.logger.log(
+            log_level,
+            f"HTTP {method} {path} - {status_code}",
+            extra={
+                "structured_data": {
+                    "event_type": "http_response",
+                    "request_id": request_id,
+                    "method": method,
+                    "path": path,
+                    "status_code": status_code,
+                    "process_time": process_time,
+                    "content_length": content_length,
+                    "content_type": content_type,
+                    "is_streaming": is_streaming,
+                    "performance_category": self._categorize_performance(process_time),
+                }
+            },
+        )
+    
+    def _categorize_performance(self, process_time: float) -> str:
+        """Categorize request performance."""
+        if process_time < 0.1:
+            return "fast"
+        elif process_time < 1.0:
+            return "normal"
+        elif process_time < 5.0:
+            return "slow"
+        else:
+            return "very_slow"
+
+
+class HTTPMetricsCollector:
+    """
+    Collect HTTP metrics for monitoring.
+    
+    Tracks request counts, response times, and error rates.
+    """
+    
+    def __init__(self):
+        """Initialize metrics collector."""
+        self.request_count = 0
+        self.error_count = 0
+        self.total_response_time = 0.0
+        self.response_times = []
+        self.max_response_times = 1000  # Keep last 1000 response times
+        
+    def record_request(
+        self,
+        method: str,
+        path: str,
+        status_code: int,
+        response_time: float,
+    ) -> None:
+        """Record HTTP request metrics."""
+        self.request_count += 1
+        self.total_response_time += response_time
+        
+        # Track error rates
+        if status_code >= 400:
+            self.error_count += 1
+            
+        # Track response times
+        self.response_times.append(response_time)
+        if len(self.response_times) > self.max_response_times:
+            self.response_times.pop(0)
+    
+    def get_metrics(self) -> Dict[str, Any]:
+        """Get current metrics summary."""
+        if not self.request_count:
+            return {
+                "request_count": 0,
+                "error_count": 0,
+                "error_rate": 0.0,
+                "avg_response_time": 0.0,
+                "p95_response_time": 0.0,
+                "p99_response_time": 0.0,
+            }
+        
+        # Calculate percentiles
+        sorted_times = sorted(self.response_times)
+        p95_index = int(0.95 * len(sorted_times))
+        p99_index = int(0.99 * len(sorted_times))
+        
+        return {
+            "request_count": self.request_count,
+            "error_count": self.error_count,
+            "error_rate": self.error_count / self.request_count,
+            "avg_response_time": self.total_response_time / self.request_count,
+            "p95_response_time": sorted_times[p95_index] if sorted_times else 0.0,
+            "p99_response_time": sorted_times[p99_index] if sorted_times else 0.0,
+        }
+    
+    def reset_metrics(self) -> None:
+        """Reset all metrics."""
+        self.request_count = 0
+        self.error_count = 0
+        self.total_response_time = 0.0
+        self.response_times.clear()