mcp-proxy-adapter 2.0.1__py3-none-any.whl → 6.9.50__py3-none-any.whl

mcp_proxy_adapter/api/middleware/factory.py

@@ -0,0 +1,147 @@
+"""
+Middleware Factory for creating and managing middleware components.
+
+This module provides a factory for creating middleware components with proper
+configuration and dependency management.
+"""
+
+import logging
+from typing import Dict, Any, List, Optional, Type
+
+from fastapi import FastAPI
+
+from mcp_proxy_adapter.core.logging import get_global_logger
+from mcp_proxy_adapter.core.security_factory import SecurityFactory
+from .base import BaseMiddleware
+from .unified_security import UnifiedSecurityMiddleware
+from .error_handling import ErrorHandlingMiddleware
+from .logging import LoggingMiddleware
+from .user_info_middleware import UserInfoMiddleware
+
+
+class MiddlewareFactory:
+    """
+    Factory for creating and managing middleware components.
+
+    Provides methods to create middleware components with proper configuration
+    and dependency management.
+    """
+
+    def __init__(self, app: FastAPI, config: Dict[str, Any]):
+        """
+        Initialize middleware factory.
+
+        Args:
+            app: FastAPI application
+            config: Application configuration
+        """
+        self.app = app
+        self.config = config
+        self.middleware_stack: List[BaseMiddleware] = []
+
+        get_global_logger().info("Middleware factory initialized")
+
+    def create_security_middleware(self) -> Optional[UnifiedSecurityMiddleware]:
+        """
+        Create unified security middleware.
+
+        Returns:
+            UnifiedSecurityMiddleware instance or None if creation failed
+        """
+        try:
+            security_config = self.config.get("security", {})
+
+            if not security_config.get("enabled", True):
+                get_global_logger().info("Security middleware disabled by configuration")
+                return None
+
+            middleware = UnifiedSecurityMiddleware(self.app, self.config)
+            self.middleware_stack.append(middleware)
+
+            get_global_logger().info("Unified security middleware created successfully")
+            return middleware
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to create unified security middleware: {e}")
+            return None
+
+    def create_error_handling_middleware(self) -> Optional[ErrorHandlingMiddleware]:
+        """
+        Create error handling middleware.
+
+        Returns:
+            ErrorHandlingMiddleware instance or None if creation failed
+        """
+        try:
+            # Import here to avoid circular imports
+            from .error_handling import ErrorHandlingMiddleware
+
+            middleware = ErrorHandlingMiddleware(self.app)
+            self.middleware_stack.append(middleware)
+
+            get_global_logger().info("Error handling middleware created successfully")
+            return middleware
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to create error handling middleware: {e}")
+            return None
+
+    def create_logging_middleware(self) -> Optional[LoggingMiddleware]:
+        """
+        Create logging middleware.
+
+        Returns:
+            LoggingMiddleware instance or None if creation failed
+        """
+        try:
+            # Import here to avoid circular imports
+            from .logging import LoggingMiddleware
+
+            middleware = LoggingMiddleware(self.app, self.config)
+            self.middleware_stack.append(middleware)
+
+            get_global_logger().info("Logging middleware created successfully")
+            return middleware
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to create logging middleware: {e}")
+            return None
+
+    def create_user_info_middleware(self) -> Optional[UserInfoMiddleware]:
+        """
+        Create user info middleware.
+
+        Returns:
+            UserInfoMiddleware instance or None if creation failed
+        """
+        try:
+            middleware = UserInfoMiddleware(self.app, self.config)
+            self.middleware_stack.append(middleware)
+
+            get_global_logger().info("User info middleware created successfully")
+            return middleware
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to create user info middleware: {e}")
+            return None
+
+
+    def get_middleware_by_type(
+        self, middleware_type: Type[BaseMiddleware]
+    ) -> Optional[BaseMiddleware]:
+        """
+        Get middleware instance by type.
+
+        Args:
+            middleware_type: Type of middleware to find
+
+        Returns:
+            Middleware instance or None if not found
+        """
+        for middleware in self.middleware_stack:
+            if isinstance(middleware, middleware_type):
+                return middleware
+        return None
+
+
+

mcp_proxy_adapter/api/middleware/logging.py

@@ -0,0 +1,31 @@
+"""
+Middleware for request logging.
+"""
+
+import time
+import json
+import uuid
+from typing import Callable, Awaitable, Dict, Any
+
+from fastapi import Request, Response
+
+from mcp_proxy_adapter.core.logging import get_global_logger, RequestLogger
+from .base import BaseMiddleware
+
+
+class LoggingMiddleware(BaseMiddleware):
+    """
+    Middleware for logging requests and responses.
+    """
+
+    def __init__(self, app, config: Dict[str, Any] = None):
+        """
+        Initialize logging middleware.
+
+        Args:
+            app: FastAPI application
+            config: Application configuration (optional)
+        """
+        super().__init__(app)
+        self.config = config or {}
+

mcp_proxy_adapter/api/middleware/performance.py

@@ -0,0 +1,51 @@
+"""
+Middleware for performance monitoring.
+"""
+
+import time
+import statistics
+from typing import Dict, List, Callable, Awaitable
+
+from fastapi import Request, Response
+
+from mcp_proxy_adapter.core.logging import get_global_logger
+from .base import BaseMiddleware
+
+
+class PerformanceMiddleware(BaseMiddleware):
+    """
+    Middleware for measuring performance.
+    """
+
+    def __init__(self, app):
+        """
+        Initializes performance middleware.
+
+        Args:
+            app: FastAPI application.
+        """
+        super().__init__(app)
+        self.request_times: Dict[str, List[float]] = {}
+        self.log_interval = 100  # Log statistics every 100 requests
+        self.request_count = 0
+
+
+    def _log_stats(self) -> None:
+        """
+        Logs performance statistics.
+        """
+        get_global_logger().info("Performance statistics:")
+
+        for path, times in self.request_times.items():
+            if len(times) > 1:
+                avg_time = statistics.mean(times)
+                min_time = min(times)
+                max_time = max(times)
+                # Calculate 95th percentile
+                p95_time = sorted(times)[int(len(times) * 0.95)]
+
+                get_global_logger().info(
+                    f"Path: {path}, Requests: {len(times)}, "
+                    f"Avg: {avg_time:.3f}s, Min: {min_time:.3f}s, "
+                    f"Max: {max_time:.3f}s, p95: {p95_time:.3f}s"
+                )

mcp_proxy_adapter/api/middleware/protocol_middleware.py

@@ -0,0 +1,140 @@
+"""
+Protocol middleware module.
+
+This module provides middleware for validating protocol access based on configuration.
+"""
+
+from typing import Callable, Dict, Any, Optional
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import JSONResponse
+
+from mcp_proxy_adapter.core.protocol_manager import ProtocolManager
+from mcp_proxy_adapter.core.logging import get_global_logger
+
+
+class ProtocolMiddleware(BaseHTTPMiddleware):
+    """
+    Middleware for protocol validation.
+
+    This middleware checks if the incoming request protocol is allowed
+    based on the protocol configuration.
+    """
+
+    def __init__(self, app, app_config: Optional[Dict[str, Any]] = None):
+        """
+        Initialize protocol middleware.
+
+        Args:
+            app: FastAPI application
+            app_config: Application configuration dictionary (optional)
+        """
+        super().__init__(app)
+        # Normalize config to dictionary
+        normalized_config: Optional[Dict[str, Any]]
+        if app_config is None:
+            normalized_config = None
+        elif hasattr(app_config, "get_all"):
+            try:
+                normalized_config = app_config.get_all()
+            except Exception as e:
+                get_global_logger().debug(
+                    f"ProtocolMiddleware - Error calling get_all(): {e}, type: {type(app_config)}"
+                )
+                normalized_config = None
+        elif hasattr(app_config, "keys"):
+            normalized_config = app_config  # Already dict-like
+        else:
+            get_global_logger().debug(
+                f"ProtocolMiddleware - app_config is not dict-like, type: {type(app_config)}, value: {repr(app_config)}"
+            )
+            normalized_config = None
+
+        get_global_logger().debug(
+            f"ProtocolMiddleware - normalized_config type: {type(normalized_config)}"
+        )
+        if normalized_config:
+            get_global_logger().debug(
+                f"ProtocolMiddleware - protocols in config: {'protocols' in normalized_config}"
+            )
+            if "protocols" in normalized_config:
+                get_global_logger().debug(
+                    f"ProtocolMiddleware - protocols type: {type(normalized_config['protocols'])}"
+                )
+
+        self.app_config = normalized_config
+        # Get protocol manager with current configuration
+        self.protocol_manager = ProtocolManager(normalized_config)
+
+
+
+    def _get_request_protocol(self, request: Request) -> str:
+        """
+        Extract protocol from request.
+
+        Args:
+            request: FastAPI request object
+
+        Returns:
+            Protocol name (http, https, mtls)
+        """
+        try:
+            # Check if request is secure (HTTPS)
+            if request.url.scheme:
+                scheme = request.url.scheme.lower()
+
+                # If HTTPS, check if client certificate is provided (MTLS)
+                if scheme == "https":
+                    # Check for client certificate in ASGI scope
+                    try:
+                        # Method 1: Check transport info in ASGI scope
+                        if hasattr(request, "scope") and request.scope:
+                            transport = request.scope.get("transport")
+                            if transport and hasattr(transport, "get_extra_info"):
+                                try:
+                                    ssl_object = transport.get_extra_info("ssl_object")
+                                    if ssl_object:
+                                        try:
+                                            cert = ssl_object.getpeercert()
+                                            if cert:
+                                                get_global_logger().debug(f"mTLS client certificate detected: {cert.get('subject', 'unknown')}")
+                                                return "mtls"
+                                        except Exception:
+                                            pass
+                                except Exception:
+                                    pass
+                    except Exception:
+                        pass
+
+                    # Check for client certificate in headers (proxy forwarded)
+                    try:
+                        mtls_headers = [
+                            request.headers.get("ssl-client-cert"),
+                            request.headers.get("x-client-cert"),
+                            request.headers.get("x-ssl-cert"),
+                            request.headers.get("x-forwarded-client-cert")
+                        ]
+                        if any(mtls_headers):
+                            get_global_logger().debug("mTLS client certificate detected in headers")
+                            return "mtls"
+                    except Exception:
+                        pass
+
+                    return "https"
+
+                return scheme
+
+            # Fallback to checking headers
+            x_forwarded_proto = request.headers.get("x-forwarded-proto")
+            if x_forwarded_proto:
+                return x_forwarded_proto.lower()
+
+            # Default to HTTP
+            return "http"
+            
+        except Exception as e:
+            get_global_logger().error(f"Error extracting protocol from request: {e}", exc_info=True)
+            # Fallback to HTTP if there's any error
+            return "http"
+
+

mcp_proxy_adapter/api/middleware/transport_middleware.py

@@ -0,0 +1,87 @@
+"""
+Transport Middleware Module
+
+This module provides middleware for transport validation in the MCP Proxy Adapter.
+"""
+
+from typing import Callable
+from fastapi import Request, Response
+from fastapi.responses import JSONResponse
+from starlette.middleware.base import BaseHTTPMiddleware
+
+from mcp_proxy_adapter.core.transport_manager import transport_manager
+from mcp_proxy_adapter.core.logging import get_global_logger
+
+
+class TransportMiddleware(BaseHTTPMiddleware):
+    """Middleware for transport validation."""
+
+    def __init__(self, app, transport_manager_instance=None):
+        """
+        Initialize transport middleware.
+
+        Args:
+            app: FastAPI application
+            transport_manager_instance: Transport manager instance (optional)
+        """
+        super().__init__(app)
+        self.transport_manager = transport_manager_instance or transport_manager
+
+
+    def _get_request_transport_type(self, request: Request) -> str:
+        """
+        Determine transport type from request.
+
+        Args:
+            request: Incoming request
+
+        Returns:
+            Transport type string
+        """
+        if request.url.scheme == "https":
+            # Check for client certificate for MTLS
+            if self._has_client_certificate(request):
+                return "mtls"
+            return "https"
+        return "http"
+
+    def _has_client_certificate(self, request: Request) -> bool:
+        """
+        Check if request has client certificate.
+
+        Args:
+            request: Incoming request
+
+        Returns:
+            True if client certificate is present, False otherwise
+        """
+        # Check for client certificate in request headers or SSL context
+        # This is a simplified check - in production, you might need more sophisticated detection
+        client_cert_header = request.headers.get("ssl-client-cert")
+        if client_cert_header:
+            return True
+
+        # Check if request has SSL client certificate context
+        if hasattr(request, "client") and request.client:
+            # In a real implementation, you would check the SSL context
+            # For now, we'll assume HTTPS with client cert is MTLS
+            return self.transport_manager.is_mtls()
+
+        return False
+
+    def _is_transport_allowed(self, transport_type: str) -> bool:
+        """
+        Check if transport type is allowed.
+
+        Args:
+            transport_type: Transport type to check
+
+        Returns:
+            True if transport is allowed, False otherwise
+        """
+        configured_type = self.transport_manager.get_transport_type()
+        if not configured_type:
+            get_global_logger().error("Transport not configured")
+            return False
+
+        return transport_type == configured_type.value

mcp_proxy_adapter/api/middleware/unified_security.py

@@ -0,0 +1,223 @@
+"""
+Unified Security Middleware - Direct Framework Integration
+
+This middleware now directly uses mcp_security_framework components
+instead of custom implementations.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import time
+import logging
+from typing import Dict, Any, Callable, Awaitable
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware
+
+# Direct import from framework
+try:
+    from mcp_security_framework.middleware import (
+        FastAPISecurityMiddleware,
+    )
+
+    SECURITY_FRAMEWORK_AVAILABLE = True
+except ImportError as e:
+    # NO FALLBACK! mcp_security_framework is REQUIRED
+    raise RuntimeError(
+        f"CRITICAL: mcp_security_framework is required but not available: {e}. "
+        "Install it with: pip install mcp_security_framework>=1.2.8"
+    ) from e
+
+from mcp_proxy_adapter.core.logging import get_global_logger
+# from mcp_proxy_adapter.core.security_integration import create_security_integration
+
+
+class SecurityValidationError(Exception):
+    """Security validation error."""
+
+    def __init__(self, message: str, error_code: int):
+        self.message = message
+        self.error_code = error_code
+        super().__init__(self.message)
+
+
+class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
+    """
+    Unified security middleware using mcp_security_framework.
+
+    This middleware now directly uses the security framework's FastAPI middleware
+    and components instead of custom implementations.
+    """
+
+    def __init__(self, app, config: Dict[str, Any]):
+        """
+        Initialize unified security middleware.
+
+        Args:
+            app: FastAPI application
+            config: mcp_proxy_adapter configuration dictionary
+        """
+        super().__init__(app)
+        self.config = config
+
+        # Create security integration
+        try:
+            security_config = config.get("security", {})
+            
+            # Check if security is enabled - use mcp_security_framework if needed
+            security_enabled = security_config.get("enabled", False)
+            
+            if security_enabled:
+                # self.security_integration = create_security_integration(security_config)
+                self.security_integration = None
+                # Use framework's FastAPI middleware
+                # self.framework_middleware = (
+                #     self.security_integration.security_manager.create_fastapi_middleware()
+                # )
+                self.framework_middleware = None
+                get_global_logger().info("Security disabled - no middleware")
+                # IMPORTANT: Don't replace self.app! This breaks the middleware chain.
+                # Instead, store the framework middleware for use in dispatch method.
+                get_global_logger().info("Framework middleware will be used in dispatch method")
+            else:
+                get_global_logger().info("Security disabled, skipping mcp_security_framework integration")
+                self.security_integration = None
+                self.framework_middleware = None
+        except Exception as e:
+            get_global_logger().error(f"Security framework integration failed: {e}")
+            # Instead of raising error, log warning and continue without security
+            get_global_logger().warning(
+                "Continuing without security framework - some security features will be disabled"
+            )
+            self.security_integration = None
+            self.framework_middleware = None
+            # Keep original app in place when framework middleware is unavailable
+            # BaseHTTPMiddleware initialized it via super().__init__(app)
+
+        get_global_logger().info("Unified security middleware initialized")
+
+    async def dispatch(
+        self, request: Request, call_next: Callable[[Request], Awaitable[Response]]
+    ) -> Response:
+        """
+        Process request using framework middleware.
+
+        Args:
+            request: Request object
+            call_next: Next handler
+
+        Returns:
+            Response object
+        """
+        try:
+            # Simple built-in API key enforcement if configured
+            security_cfg = (
+                self.config.get("security", {}) if isinstance(self.config, dict) else {}
+            )
+            # Use new simplified structure
+            public_paths = set(["/health", "/docs", "/openapi.json"])
+            # JSON-RPC endpoint must not be public when API key is required
+            public_paths.discard("/api/jsonrpc")
+            path = request.url.path
+            methods = set(["api_key"])  # Use token-based authentication
+            api_keys: Dict[str, str] = security_cfg.get("tokens", {}) or {}
+
+            # Enforce only for non-public paths when api_key method configured
+            if (
+                security_cfg.get("enabled", False)
+                and ("api_key" in methods)
+                and (path not in public_paths)
+            ):
+                # Accept either X-API-Key or Authorization: Bearer
+                token = request.headers.get("X-API-Key")
+                if not token:
+                    authz = request.headers.get("Authorization", "")
+                    if authz.startswith("Bearer "):
+                        token = authz[7:]
+                if not token or (api_keys and token not in api_keys.values()):
+                    from fastapi.responses import JSONResponse
+
+                    return JSONResponse(
+                        status_code=401,
+                        content={
+                            "error": {
+                                "code": 401,
+                                "message": "Unauthorized: invalid or missing API key",
+                                "type": "authentication_error",
+                            }
+                        },
+                    )
+
+            # Continue with framework middleware or regular flow
+            if self.framework_middleware:
+                # If framework middleware exists, we need to call it manually
+                # This is a workaround since we can't chain ASGI apps in BaseHTTPMiddleware
+                get_global_logger().debug(
+                    "Framework middleware exists, continuing with regular call_next"
+                )
+                return await call_next(request)
+            else:
+                # No framework middleware, continue normally
+                return await call_next(request)
+
+        except SecurityValidationError as e:
+            # Handle security validation errors
+            return await self._handle_security_error(request, e)
+        except Exception as e:
+            # Handle other errors
+            get_global_logger().error(f"Unexpected error in unified security middleware: {e}")
+            return await self._handle_general_error(request, e)
+
+    async def _handle_security_error(
+        self, request: Request, error: SecurityValidationError
+    ) -> Response:
+        """
+        Handle security validation errors.
+
+        Args:
+            request: Request object
+            error: Security validation error
+
+        Returns:
+            Error response
+        """
+        from fastapi.responses import JSONResponse
+
+        error_response = {
+            "error": {
+                "code": error.error_code,
+                "message": error.message,
+                "type": "security_validation_error",
+            }
+        }
+
+        get_global_logger().warning(f"Security validation failed: {error.message}")
+
+        return JSONResponse(status_code=error.error_code, content=error_response)
+
+    async def _handle_general_error(
+        self, request: Request, error: Exception
+    ) -> Response:
+        """
+        Handle general errors.
+
+        Args:
+            request: Request object
+            error: General error
+
+        Returns:
+            Error response
+        """
+        from fastapi.responses import JSONResponse
+
+        error_response = {
+            "error": {
+                "code": 500,
+                "message": "Internal server error",
+                "type": "general_error",
+            }
+        }
+
+        get_global_logger().error(f"General error in security middleware: {error}")
+
+        return JSONResponse(status_code=500, content=error_response)