mcp-proxy-adapter 2.0.1__py3-none-any.whl → 6.9.50__py3-none-any.whl

mcp_proxy_adapter/core/logging.py

@@ -0,0 +1,250 @@
+"""
+Module for configuring logging in the microservice.
+"""
+
+import logging
+import os
+import sys
+import uuid
+from logging.handlers import RotatingFileHandler
+from typing import Optional
+
+
+class CustomFormatter(logging.Formatter):
+    """
+    Custom formatter for logs with colored output in console.
+    """
+
+    grey = "\x1b[38;20m"
+    yellow = "\x1b[33;20m"
+    red = "\x1b[31;20m"
+    bold_red = "\x1b[31;1m"
+    reset = "\x1b[0m"
+    format_str = "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+
+    FORMATS = {
+        logging.DEBUG: grey + format_str + reset,
+        logging.INFO: grey + format_str + reset,
+        logging.WARNING: yellow + format_str + reset,
+        logging.ERROR: red + format_str + reset,
+        logging.CRITICAL: bold_red + format_str + reset,
+    }
+
+    def format(self, record):
+        log_fmt = self.FORMATS.get(record.levelno)
+        formatter = logging.Formatter(log_fmt)
+        return formatter.format(record)
+
+
+class RequestContextFilter(logging.Filter):
+    """
+    Filter for adding request context to logs.
+    """
+
+    def __init__(self, request_id: Optional[str] = None):
+        super().__init__()
+        self.request_id = request_id
+
+
+class RequestLogger:
+    """
+    Logger class for logging requests with context.
+    """
+
+    def __init__(self, logger_name: str, request_id: Optional[str] = None):
+        """
+        Initialize request get_global_logger().
+
+        Args:
+            logger_name: Logger name.
+            request_id: Request identifier.
+        """
+        self.logger = logging.getLogger(logger_name)
+        self.request_id = request_id or str(uuid.uuid4())
+        self.filter = RequestContextFilter(self.request_id)
+        get_global_logger().addFilter(self.filter)
+
+    def debug(self, msg: str, *args, **kwargs):
+        """Log message with DEBUG level."""
+        get_global_logger().debug(f"[{self.request_id}] {msg}", *args, **kwargs)
+
+    def info(self, msg: str, *args, **kwargs):
+        """Log message with INFO level."""
+        get_global_logger().info(f"[{self.request_id}] {msg}", *args, **kwargs)
+
+    def warning(self, msg: str, *args, **kwargs):
+        """Log message with WARNING level."""
+        get_global_logger().warning(f"[{self.request_id}] {msg}", *args, **kwargs)
+
+    def error(self, msg: str, *args, **kwargs):
+        """Log message with ERROR level."""
+        get_global_logger().error(f"[{self.request_id}] {msg}", *args, **kwargs)
+
+    def exception(self, msg: str, *args, **kwargs):
+        """Log exception with traceback."""
+        get_global_logger().exception(f"[{self.request_id}] {msg}", *args, **kwargs)
+
+    def critical(self, msg: str, *args, **kwargs):
+        """Log message with CRITICAL level."""
+        get_global_logger().critical(f"[{self.request_id}] {msg}", *args, **kwargs)
+
+
+def setup_logging(
+    level: Optional[str] = None,
+    log_file: Optional[str] = None,
+    max_bytes: Optional[int] = None,
+    backup_count: Optional[int] = None,
+    rotation_type: Optional[str] = None,
+    rotation_when: Optional[str] = None,
+    rotation_interval: Optional[int] = None,
+) -> logging.Logger:
+    """
+    Configure logging for the microservice.
+
+    Args:
+        level: Logging level. By default, taken from configuration.
+        log_file: Path to log file. By default, taken from configuration.
+        max_bytes: Maximum log file size in bytes. By default, taken from configuration.
+        backup_count: Number of rotation files. By default, taken from configuration.
+        rotation_type: Type of log rotation ('size' or 'time'). By default, taken from configuration.
+        rotation_when: Time unit for rotation (D, H, M, S). By default, taken from configuration.
+        rotation_interval: Interval for rotation. By default, taken from configuration.
+
+    Returns:
+        Configured get_global_logger().
+    """
+    # Use provided parameters or defaults
+    level = level or "INFO"
+    log_file = log_file
+    rotation_type = rotation_type or "size"
+    log_dir = "./logs"
+    log_file_name = "mcp_proxy_adapter.log"
+    error_log_file = "mcp_proxy_adapter_error.log"
+    access_log_file = "mcp_proxy_adapter_access.log"
+
+    # Get rotation settings
+    max_file_size_str = "10MB"
+    backup_count = backup_count or 5
+
+    # Parse max file size (e.g., "10MB" -> 10 * 1024 * 1024)
+    max_bytes = max_bytes or _parse_file_size(max_file_size_str)
+
+    # Get format settings
+    log_format = "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+    date_format = "%Y-%m-%d %H:%M:%S"
+
+    # Get output settings
+    console_output = True
+    file_output = True
+
+    # Convert string logging level to constant
+    numeric_level = getattr(logging, level.upper(), None)
+    if not isinstance(numeric_level, int):
+        numeric_level = logging.INFO
+
+    # Create root logger
+    logger = logging.getLogger("mcp_proxy_adapter")
+    logger.setLevel(numeric_level)
+    logger.handlers = []  # Clear handlers in case of repeated call
+
+    # Create formatter
+    formatter = logging.Formatter(log_format, date_format)
+
+    # Create console handler if enabled
+    if console_output:
+        console_handler = logging.StreamHandler(sys.stdout)
+        console_handler.setLevel(numeric_level)
+        console_handler.setFormatter(CustomFormatter())
+        logger.addHandler(console_handler)
+
+    # Create file handlers if file output is enabled
+    if file_output and log_dir:
+        # Create directory for log files if it doesn't exist
+        if not os.path.exists(log_dir):
+            os.makedirs(log_dir, exist_ok=True)
+
+        # Main log file
+        if log_file_name:
+            main_log_path = os.path.join(log_dir, log_file_name)
+            main_handler = RotatingFileHandler(
+                main_log_path,
+                maxBytes=max_bytes,
+                backupCount=backup_count,
+                encoding="utf-8",
+            )
+            main_handler.setLevel(numeric_level)
+            main_handler.setFormatter(formatter)
+            logger.addHandler(main_handler)
+
+        # Error log file
+        if error_log_file:
+            error_log_path = os.path.join(log_dir, error_log_file)
+            error_handler = RotatingFileHandler(
+                error_log_path,
+                maxBytes=max_bytes,
+                backupCount=backup_count,
+                encoding="utf-8",
+            )
+            error_handler.setLevel(logging.ERROR)
+            error_handler.setFormatter(formatter)
+            logger.addHandler(error_handler)
+
+        # Access log file (for HTTP requests)
+        if access_log_file:
+            access_log_path = os.path.join(log_dir, access_log_file)
+            access_handler = RotatingFileHandler(
+                access_log_path,
+                maxBytes=max_bytes,
+                backupCount=backup_count,
+                encoding="utf-8",
+            )
+            access_handler.setLevel(logging.INFO)
+            access_handler.setFormatter(formatter)
+            logger.addHandler(access_handler)
+
+    # Configure loggers for external libraries
+    log_levels = {}
+    for logger_name, logger_level in log_levels.items():
+        lib_logger = logging.getLogger(logger_name)
+        lib_logger.setLevel(getattr(logging, logger_level.upper(), logging.INFO))
+
+    return logger
+
+
+def _parse_file_size(size_str) -> int:
+    """
+    Parse file size string to bytes.
+
+    Args:
+        size_str: Size string (e.g., "10MB", "1GB", "100KB") or int
+
+    Returns:
+        Size in bytes
+    """
+    # If it's already an int, return it
+    if isinstance(size_str, int):
+        return size_str
+
+    # Convert to string and parse
+    size_str = str(size_str).upper()
+    if size_str.endswith("KB"):
+        return int(size_str[:-2]) * 1024
+    elif size_str.endswith("MB"):
+        return int(size_str[:-2]) * 1024 * 1024
+    elif size_str.endswith("GB"):
+        return int(size_str[:-2]) * 1024 * 1024 * 1024
+    else:
+        # Assume bytes if no unit specified
+        return int(size_str)
+
+
+# Global get_global_logger() for use throughout the application
+# Initialize lazily to avoid import-time errors
+logger = None
+
+def get_global_logger():
+    """Get the global logger, initializing it if necessary."""
+    global logger
+    if logger is None:
+        logger = setup_logging()
+    return logger

mcp_proxy_adapter/core/mtls_asgi.py

@@ -0,0 +1,140 @@
+"""
+Custom ASGI application for mTLS support.
+
+This module provides a custom ASGI application that properly handles
+client certificates in mTLS connections.
+"""
+
+import ssl
+import logging
+from typing import Dict, Any, Optional
+from starlette.types import ASGIApp, Receive, Send, Scope
+
+logger = logging.getLogger(__name__)
+
+
+class MTLSASGIApp:
+    """
+    Custom ASGI application that properly handles mTLS client certificates.
+
+    This wrapper ensures that client certificates are properly extracted
+    and made available to the FastAPI application.
+    """
+
+    def __init__(self, app: ASGIApp, ssl_config: Dict[str, Any]):
+        """
+        Initialize MTLS ASGI application.
+
+        Args:
+            app: The underlying ASGI application (FastAPI)
+            ssl_config: SSL configuration for mTLS
+        """
+        self.app = app
+        self.ssl_config = ssl_config
+        self.verify_client = ssl_config.get("verify_client", False)
+        self.client_cert_required = ssl_config.get("client_cert_required", False)
+
+        get_global_logger().info(
+            f"MTLS ASGI app initialized: verify_client={self.verify_client}, "
+            f"client_cert_required={self.client_cert_required}"
+        )
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
+        """
+        Handle ASGI request with mTLS support.
+
+        Args:
+            scope: ASGI scope
+            receive: ASGI receive callable
+            send: ASGI send callable
+        """
+        try:
+            # Extract client certificate from SSL context
+            if scope["type"] == "http" and "ssl" in scope:
+                client_cert = self._extract_client_certificate(scope)
+                if client_cert:
+                    # Store certificate in scope for middleware access
+                    scope["client_certificate"] = client_cert
+                    get_global_logger().debug(
+                        f"Client certificate extracted: {client_cert.get('subject', {})}"
+                    )
+                elif self.client_cert_required:
+                    get_global_logger().warning("Client certificate required but not provided")
+                    # Return 401 Unauthorized
+                    await self._send_unauthorized_response(send)
+                    return
+
+            # Call the underlying application
+            await self.app(scope, receive, send)
+
+        except Exception as e:
+            get_global_logger().error(f"Error in MTLS ASGI app: {e}")
+            await self._send_error_response(send, str(e))
+
+    def _extract_client_certificate(self, scope: Scope) -> Optional[Dict[str, Any]]:
+        """
+        Extract client certificate from SSL context.
+
+        Args:
+            scope: ASGI scope
+
+        Returns:
+            Client certificate data or None
+        """
+        try:
+            ssl_context = scope.get("ssl")
+            if not ssl_context:
+                return None
+
+            # Get peer certificate
+            cert = ssl_context.getpeercert()
+            if cert:
+                return cert
+
+            return None
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to extract client certificate: {e}")
+            return None
+
+    async def _send_unauthorized_response(self, send: Send) -> None:
+        """
+        Send 401 Unauthorized response.
+
+        Args:
+            send: ASGI send callable
+        """
+        response = {
+            "type": "http.response.start",
+            "status": 401,
+            "headers": [
+                (b"content-type", b"application/json"),
+                (b"content-length", b"163"),
+            ],
+        }
+        await send(response)
+
+        body = b'{"jsonrpc": "2.0", "error": {"code": -32001, "message": "Unauthorized: Client certificate required"}, "id": null}'
+        await send({"type": "http.response.body", "body": body})
+
+    async def _send_error_response(self, send: Send, error_message: str) -> None:
+        """
+        Send error response.
+
+        Args:
+            send: ASGI send callable
+            error_message: Error message
+        """
+        response = {
+            "type": "http.response.start",
+            "status": 500,
+            "headers": [
+                (b"content-type", b"application/json"),
+            ],
+        }
+        await send(response)
+
+        body = f'{{"jsonrpc": "2.0", "error": {{"code": -32603, "message": "Internal error: {error_message}"}}, "id": null}}'.encode()
+        await send({"type": "http.response.body", "body": body})
+
+

mcp_proxy_adapter/core/mtls_asgi_app.py

@@ -0,0 +1,187 @@
+"""
+MTLS ASGI Application Wrapper
+
+This module provides an ASGI application wrapper that extracts client certificates
+from the SSL context and makes them available to FastAPI middleware.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+Version: 1.0.0
+"""
+
+import logging
+import ssl
+from typing import Dict, Any, Optional
+from cryptography import x509
+
+logger = logging.getLogger(__name__)
+
+
+class MTLSASGIApp:
+    """
+    ASGI application wrapper for mTLS support.
+
+    Extracts client certificates from SSL context and stores them in ASGI scope
+    for access by FastAPI middleware.
+    """
+
+    def __init__(self, app, ssl_config: Dict[str, Any]):
+        """
+        Initialize MTLS ASGI app.
+
+        Args:
+            app: The underlying ASGI application
+            ssl_config: SSL configuration dictionary
+        """
+        self.app = app
+        self.ssl_config = ssl_config
+        self.client_cert_required = ssl_config.get("client_cert_required", True)
+
+        get_global_logger().info(
+            f"MTLS ASGI app initialized: client_cert_required={self.client_cert_required}"
+        )
+
+    async def __call__(self, scope: Dict[str, Any], receive, send):
+        """
+        Handle ASGI request with mTLS support.
+
+        Args:
+            scope: ASGI scope dictionary
+            receive: ASGI receive callable
+            send: ASGI send callable
+        """
+        try:
+            # Extract client certificate from SSL context
+            if scope["type"] == "http" and "ssl" in scope:
+                client_cert = self._extract_client_certificate(scope)
+                if client_cert:
+                    # Store certificate in scope for middleware access
+                    scope["client_certificate"] = client_cert
+                    get_global_logger().debug(
+                        f"Client certificate extracted: {client_cert.get('subject', {})}"
+                    )
+                elif self.client_cert_required:
+                    get_global_logger().warning("Client certificate required but not provided")
+                    # Return 401 Unauthorized
+                    await self._send_unauthorized_response(send)
+                    return
+
+            # Call the underlying application
+            await self.app(scope, receive, send)
+
+        except Exception as e:
+            get_global_logger().error(f"Error in MTLS ASGI app: {e}")
+            await self._send_error_response(send, str(e))
+
+    def _extract_client_certificate(
+        self, scope: Dict[str, Any]
+    ) -> Optional[Dict[str, Any]]:
+        """
+        Extract client certificate from SSL context.
+
+        Args:
+            scope: ASGI scope dictionary
+
+        Returns:
+            Certificate dictionary or None if not found
+        """
+        try:
+            ssl_context = scope.get("ssl")
+            if not ssl_context:
+                get_global_logger().debug("No SSL context found in scope")
+                return None
+
+            # Try to get peer certificate
+            if hasattr(ssl_context, "getpeercert"):
+                cert_data = ssl_context.getpeercert(binary_form=True)
+                if cert_data:
+                    # Parse certificate
+                    cert = x509.load_der_x509_certificate(cert_data)
+                    return self._cert_to_dict(cert)
+                else:
+                    get_global_logger().debug("No certificate data in SSL context")
+                    return None
+            else:
+                get_global_logger().debug("SSL context has no getpeercert method")
+                return None
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to extract client certificate: {e}")
+            return None
+
+    def _cert_to_dict(self, cert: x509.Certificate) -> Dict[str, Any]:
+        """
+        Convert x509 certificate to dictionary.
+
+        Args:
+            cert: x509 certificate object
+
+        Returns:
+            Certificate dictionary
+        """
+        try:
+            # Extract subject
+            subject = {}
+            for name in cert.subject:
+                subject[name.oid._name] = name.value
+
+            # Extract issuer
+            issuer = {}
+            for name in cert.issuer:
+                issuer[name.oid._name] = name.value
+
+            return {
+                "subject": subject,
+                "issuer": issuer,
+                "serial_number": str(cert.serial_number),
+                "not_valid_before": cert.not_valid_before.isoformat(),
+                "not_valid_after": cert.not_valid_after.isoformat(),
+                "version": cert.version.value,
+                "signature_algorithm_oid": cert.signature_algorithm_oid._name,
+                "public_key": {
+                    "key_size": (
+                        cert.public_key().key_size
+                        if hasattr(cert.public_key(), "key_size")
+                        else None
+                    ),
+                    "public_numbers": (
+                        str(cert.public_key().public_numbers())
+                        if hasattr(cert.public_key(), "public_numbers")
+                        else None
+                    ),
+                },
+            }
+        except Exception as e:
+            get_global_logger().error(f"Failed to convert certificate to dict: {e}")
+            return {"error": str(e)}
+
+    async def _send_unauthorized_response(self, send):
+        """Send 401 Unauthorized response."""
+        await send(
+            {
+                "type": "http.response.start",
+                "status": 401,
+                "headers": [
+                    (b"content-type", b"application/json"),
+                    (b"content-length", b"0"),
+                ],
+            }
+        )
+        await send({"type": "http.response.body", "body": b""})
+
+    async def _send_error_response(self, send, error_message: str):
+        """Send error response."""
+        body = f'{{"error": "{error_message}"}}'.encode("utf-8")
+        await send(
+            {
+                "type": "http.response.start",
+                "status": 500,
+                "headers": [
+                    (b"content-type", b"application/json"),
+                    (b"content-length", str(len(body)).encode()),
+                ],
+            }
+        )
+        await send({"type": "http.response.body", "body": body})
+
+