mcp-proxy-adapter 4.1.1__py3-none-any.whl → 6.0.1__py3-none-any.whl

mcp_proxy_adapter/__main__.py

@@ -0,0 +1,32 @@
+"""Main entry point for MCP Proxy Adapter CLI.
+
+This module provides a command-line interface for running
+MCP Proxy Adapter applications.
+"""
+
+import sys
+from pathlib import Path
+
+# Add the current directory to Python path for imports
+current_dir = Path(__file__).parent
+sys.path.insert(0, str(current_dir))
+
+from mcp_proxy_adapter.api.app import create_app
+
+
+def main():
+    """Main CLI entry point."""
+    print("MCP Proxy Adapter v6.2.21")
+    print("========================")
+    print()
+    print("Usage:")
+    print("  python -m mcp_proxy_adapter")
+    print("  # or")
+    print("  mcp-proxy-adapter")
+    print()
+    print("For more information, see:")
+    print("  https://github.com/maverikod/mcp-proxy-adapter#readme")
+
+
+if __name__ == "__main__":
+    main()

mcp_proxy_adapter/api/app.py

@@ -3,8 +3,11 @@ Module for FastAPI application setup.
 """
 
 import json
+import ssl
+from pathlib import Path
 from typing import Any, Dict, List, Optional, Union
 from contextlib import asynccontextmanager
+import asyncio
 
 from fastapi import FastAPI, Body, Depends, HTTPException, Request
 from fastapi.responses import JSONResponse, Response
@@ -17,39 +20,164 @@ from mcp_proxy_adapter.api.tools import get_tool_description, execute_tool
 from mcp_proxy_adapter.config import config
 from mcp_proxy_adapter.core.errors import MicroserviceError, NotFoundError
 from mcp_proxy_adapter.core.logging import logger, RequestLogger
+from mcp_proxy_adapter.core.ssl_utils import SSLUtils
 from mcp_proxy_adapter.commands.command_registry import registry
 from mcp_proxy_adapter.custom_openapi import custom_openapi_with_fallback
 
 
-@asynccontextmanager
-async def lifespan(app: FastAPI):
+def create_lifespan(config_path: Optional[str] = None):
     """
-    Lifespan manager for the FastAPI application. Handles startup and shutdown events.
+    Create lifespan manager for the FastAPI application.
+    
+    Args:
+        config_path: Path to configuration file (optional)
+    
+    Returns:
+        Lifespan context manager
     """
-    # Startup events
-    from mcp_proxy_adapter.commands.command_registry import registry
-    from mcp_proxy_adapter.commands.help_command import HelpCommand
-    from mcp_proxy_adapter.commands.health_command import HealthCommand
+    @asynccontextmanager
+    async def lifespan(app: FastAPI):
+        """
+        Lifespan manager for the FastAPI application. Handles startup and shutdown events.
+        """
+        # Startup events
+        from mcp_proxy_adapter.commands.command_registry import registry
+        from mcp_proxy_adapter.core.proxy_registration import (
+            register_with_proxy,
+            unregister_from_proxy,
+            initialize_proxy_registration,
+        )
+        
+        # Initialize proxy registration manager WITH CURRENT CONFIG before reload_system
+        # so that registration inside reload_system can work
+        try:
+            initialize_proxy_registration(config.get_all())
+        except Exception as e:
+            logger.error(f"Failed to initialize proxy registration: {e}")
+
+        # Initialize system using unified logic
+        # This will load config, register custom commands, and discover auto-commands
+        # Only reload config if not already loaded from the same path
+        if config_path:
+            init_result = await registry.reload_system(config_path=config_path)
+        else:
+            init_result = await registry.reload_system()
+        
+        logger.info(f"Application started with {init_result['total_commands']} commands registered")
+        logger.info(f"System initialization result: {init_result}")
+        
+        # Initialize proxy registration manager with current config
+        try:
+            initialize_proxy_registration(config.get_all())
+        except Exception as e:
+            logger.error(f"Failed to initialize proxy registration: {e}")
+
+        # Register with proxy if enabled (run slightly delayed to ensure server is accepting connections)
+        server_config = config.get("server", {})
+        server_host = server_config.get("host", "0.0.0.0")
+        server_port = server_config.get("port", 8000)
+        
+        # Determine server URL based on SSL configuration
+        # Try security framework SSL config first
+        security_config = config.get("security", {})
+        ssl_config = security_config.get("ssl", {})
+        
+        # Fallback to legacy SSL config
+        if not ssl_config.get("enabled", False):
+            ssl_config = config.get("ssl", {})
+        
+        if ssl_config.get("enabled", False):
+            protocol = "https"
+        else:
+            protocol = "http"
+        
+        # Use localhost for external access if host is 0.0.0.0
+        if server_host == "0.0.0.0":
+            server_host = "localhost"
+        
+        server_url = f"{protocol}://{server_host}:{server_port}"
+        
+        # Attempt proxy registration in background with small delay
+        async def _delayed_register():
+            try:
+                await asyncio.sleep(0.5)
+                success = await register_with_proxy(server_url)
+                if success:
+                    logger.info("✅ Proxy registration completed successfully")
+                else:
+                    logger.info("ℹ️ Proxy registration is disabled or failed")
+            except Exception as e:
+                logger.error(f"Proxy registration failed: {e}")
+
+        asyncio.create_task(_delayed_register())
+        
+        yield  # Application is running
+        
+        # Shutdown events
+        logger.info("Application shutting down")
+        
+        # Unregister from proxy if enabled
+        unregistration_success = await unregister_from_proxy()
+        if unregistration_success:
+            logger.info("✅ Proxy unregistration completed successfully")
+        else:
+            logger.warning("⚠️ Proxy unregistration failed or was disabled")
     
-    # Register built-in commands if they don't exist (user can override them)
-    if not registry.command_exists("help"):
-        registry.register(HelpCommand)
+    return lifespan
+
+
+def create_ssl_context(app_config: Optional[Dict[str, Any]] = None) -> Optional[ssl.SSLContext]:
+    """
+    Create SSL context based on configuration.
     
-    if not registry.command_exists("health"):
-        registry.register(HealthCommand)
+    Args:
+        app_config: Application configuration dictionary (optional)
     
-    # Discover and register additional commands automatically
-    registry.discover_commands()
+    Returns:
+        SSL context if SSL is enabled and properly configured, None otherwise
+    """
+    current_config = app_config if app_config is not None else config.get_all()
     
-    logger.info(f"Application started with {len(registry.get_all_commands())} commands registered")
+    # Try security framework SSL config first
+    security_config = current_config.get("security", {})
+    ssl_config = security_config.get("ssl", {})
     
-    yield  # Application is running
+    # Fallback to legacy SSL config
+    if not ssl_config.get("enabled", False):
+        ssl_config = current_config.get("ssl", {})
     
-    # Shutdown events
-    logger.info("Application shutting down")
+    if not ssl_config.get("enabled", False):
+        logger.info("SSL is disabled in configuration")
+        return None
+    
+    cert_file = ssl_config.get("cert_file")
+    key_file = ssl_config.get("key_file")
+    
+    if not cert_file or not key_file:
+        logger.warning("SSL enabled but certificate or key file not specified")
+        return None
+    
+    try:
+        # Create SSL context using SSLUtils
+        ssl_context = SSLUtils.create_ssl_context(
+            cert_file=cert_file,
+            key_file=key_file,
+            ca_cert=ssl_config.get("ca_cert"),
+            verify_client=ssl_config.get("verify_client", False),
+            cipher_suites=ssl_config.get("cipher_suites", []),
+            min_tls_version=ssl_config.get("min_tls_version", "1.2"),
+            max_tls_version=ssl_config.get("max_tls_version", "1.3")
+        )
+        
+        logger.info(f"SSL context created successfully for mode: {ssl_config.get('mode', 'https_only')}")
+        return ssl_context
+        
+    except Exception as e:
+        logger.error(f"Failed to create SSL context: {e}")
+        return None
 
 
-def create_app(title: Optional[str] = None, description: Optional[str] = None, version: Optional[str] = None) -> FastAPI:
+def create_app(title: Optional[str] = None, description: Optional[str] = None, version: Optional[str] = None, app_config: Optional[Dict[str, Any]] = None, config_path: Optional[str] = None) -> FastAPI:
     """
     Creates and configures FastAPI application.
 
@@ -57,10 +185,146 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
         title: Application title (default: "MCP Proxy Adapter")
         description: Application description (default: "JSON-RPC API for interacting with MCP Proxy")
         version: Application version (default: "1.0.0")
+        app_config: Application configuration dictionary (optional)
+        config_path: Path to configuration file (optional)
 
     Returns:
         Configured FastAPI application.
+        
+    Raises:
+        SystemExit: If authentication is enabled but required files are missing (security issue)
     """
+    # Use provided configuration or fallback to global config
+    if app_config is not None:
+        if hasattr(app_config, 'get_all'):
+            current_config = app_config.get_all()
+        elif hasattr(app_config, 'keys'):
+            current_config = app_config
+        else:
+            current_config = config.get_all()
+    else:
+        current_config = config.get_all()
+    
+    # Debug: Check what config is passed to create_app
+    if app_config:
+        if hasattr(app_config, 'keys'):
+            print(f"🔍 Debug: create_app received app_config keys: {list(app_config.keys())}")
+            if "security" in app_config:
+                ssl_config = app_config["security"].get("ssl", {})
+                print(f"🔍 Debug: create_app SSL config: enabled={ssl_config.get('enabled', False)}")
+                print(f"🔍 Debug: create_app SSL config: cert_file={ssl_config.get('cert_file')}")
+                print(f"🔍 Debug: create_app SSL config: key_file={ssl_config.get('key_file')}")
+        else:
+            print(f"🔍 Debug: create_app received app_config type: {type(app_config)}")
+    else:
+        print("🔍 Debug: create_app received no app_config, using global config")
+    
+    # Security check: Validate all authentication configurations before startup
+    security_errors = []
+    
+    print(f"🔍 Debug: current_config keys: {list(current_config.keys())}")
+    if "security" in current_config:
+        print(f"🔍 Debug: security config: {current_config['security']}")
+    if "roles" in current_config:
+        print(f"🔍 Debug: roles config: {current_config['roles']}")
+    
+    # Check security framework configuration only if enabled
+    security_config = current_config.get("security", {})
+    if security_config.get("enabled", False):
+        # Validate security framework configuration
+        from mcp_proxy_adapter.core.unified_config_adapter import UnifiedConfigAdapter
+        adapter = UnifiedConfigAdapter()
+        validation_result = adapter.validate_configuration(current_config)
+        
+        if not validation_result.is_valid:
+            security_errors.extend(validation_result.errors)
+        
+        # Check SSL configuration within security framework
+        ssl_config = security_config.get("ssl", {})
+        if ssl_config.get("enabled", False):
+            cert_file = ssl_config.get("cert_file")
+            key_file = ssl_config.get("key_file")
+            
+            print(f"🔍 Debug: api/app.py security.ssl: cert_file={cert_file}, key_file={key_file}")
+            print(f"🔍 Debug: api/app.py security.ssl: cert_file exists={Path(cert_file).exists() if cert_file else 'None'}")
+            print(f"🔍 Debug: api/app.py security.ssl: key_file exists={Path(key_file).exists() if key_file else 'None'}")
+            
+            if cert_file and not Path(cert_file).exists():
+                security_errors.append(f"SSL is enabled but certificate file not found: {cert_file}")
+            
+            if key_file and not Path(key_file).exists():
+                security_errors.append(f"SSL is enabled but private key file not found: {key_file}")
+            
+            # Check mTLS configuration
+            ca_cert_file = ssl_config.get("ca_cert_file")
+            if ca_cert_file and not Path(ca_cert_file).exists():
+                security_errors.append(f"mTLS is enabled but CA certificate file not found: {ca_cert_file}")
+    
+    # Legacy configuration checks for backward compatibility
+    roles_config = current_config.get("roles", {})
+    print(f"🔍 Debug: roles_config = {roles_config}")
+    if roles_config.get("enabled", False):
+        roles_config_path = roles_config.get("config_file", "schemas/roles_schema.json")
+        print(f"🔍 Debug: Checking roles file: {roles_config_path}")
+        if not Path(roles_config_path).exists():
+            security_errors.append(f"Roles are enabled but schema file not found: {roles_config_path}")
+    
+    # Check new security framework permissions configuration
+    security_config = current_config.get("security", {})
+    permissions_config = security_config.get("permissions", {})
+    if permissions_config.get("enabled", False):
+        roles_file = permissions_config.get("roles_file")
+        if roles_file and not Path(roles_file).exists():
+            security_errors.append(f"Permissions are enabled but roles file not found: {roles_file}")
+    
+    legacy_ssl_config = current_config.get("ssl", {})
+    if legacy_ssl_config.get("enabled", False):
+        # Check SSL certificate files
+        cert_file = legacy_ssl_config.get("cert_file")
+        key_file = legacy_ssl_config.get("key_file")
+        
+        print(f"🔍 Debug: api/app.py legacy.ssl: cert_file={cert_file}, key_file={key_file}")
+        print(f"🔍 Debug: api/app.py legacy.ssl: cert_file exists={Path(cert_file).exists() if cert_file else 'None'}")
+        print(f"🔍 Debug: api/app.py legacy.ssl: key_file exists={Path(key_file).exists() if key_file else 'None'}")
+        
+        if cert_file and not Path(cert_file).exists():
+            security_errors.append(f"Legacy SSL is enabled but certificate file not found: {cert_file}")
+        
+        if key_file and not Path(key_file).exists():
+            security_errors.append(f"Legacy SSL is enabled but private key file not found: {key_file}")
+        
+        # Check mTLS configuration
+        if legacy_ssl_config.get("mode") == "mtls":
+            ca_cert = legacy_ssl_config.get("ca_cert")
+            if ca_cert and not Path(ca_cert).exists():
+                security_errors.append(f"Legacy mTLS is enabled but CA certificate file not found: {ca_cert}")
+    
+    # Check token authentication configuration
+    token_auth_config = legacy_ssl_config.get("token_auth", {})
+    if token_auth_config.get("enabled", False):
+        tokens_file = token_auth_config.get("tokens_file", "tokens.json")
+        if not Path(tokens_file).exists():
+            security_errors.append(f"Token authentication is enabled but tokens file not found: {tokens_file}")
+    
+    # Check general authentication
+    if current_config.get("auth_enabled", False):
+        # If auth is enabled, check if any authentication method is properly configured
+        ssl_enabled = legacy_ssl_config.get("enabled", False)
+        roles_enabled = roles_config.get("enabled", False)
+        token_auth_enabled = token_auth_config.get("enabled", False)
+        
+        if not (ssl_enabled or roles_enabled or token_auth_enabled):
+            security_errors.append("Authentication is enabled but no authentication method is properly configured")
+    
+    # If there are security errors, block startup
+    if security_errors:
+        logger.critical("CRITICAL SECURITY ERROR: Authentication configuration issues detected:")
+        for error in security_errors:
+            logger.critical(f"  - {error}")
+        logger.critical("Server startup blocked for security reasons.")
+        logger.critical("Please fix authentication configuration or disable authentication features.")
+        raise SystemExit(1)
+    
     # Use provided parameters or defaults
     app_title = title or "MCP Proxy Adapter"
     app_description = description or "JSON-RPC API for interacting with MCP Proxy"
@@ -73,7 +337,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
         version=app_version,
         docs_url="/docs",
         redoc_url="/redoc",
-        lifespan=lifespan,
+        lifespan=create_lifespan(config_path),
     )
     
     # Configure CORS
@@ -86,7 +350,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
     )
     
     # Setup middleware using the new middleware package
-    setup_middleware(app)
+    setup_middleware(app, current_config)
     
     # Use custom OpenAPI schema
     app.openapi = lambda: custom_openapi_with_fallback(app)
@@ -132,7 +396,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
             return await handle_batch_json_rpc(request_data, request)
         else:
             # Process single request
-            return await handle_json_rpc(request_data, request_id)
+            return await handle_json_rpc(request_data, request_id, request)
 
     # Command execution endpoint (/cmd)
     @app.post("/cmd")
@@ -168,7 +432,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
             # Determine request format (CommandRequest or JSON-RPC)
             if "jsonrpc" in command_data and "method" in command_data:
                 # JSON-RPC format
-                return await handle_json_rpc(command_data, request_id)
+                return await handle_json_rpc(command_data, request_id, request)
             
             # CommandRequest format
             if "command" not in command_data:
@@ -186,7 +450,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
             command_name = command_data["command"]
             params = command_data.get("params", {})
             
-            req_logger.info(f"Executing command via /cmd: {command_name}, params: {params}")
+            req_logger.debug(f"Executing command via /cmd: {command_name}, params: {params}")
             
             # Check if command exists
             if not registry.command_exists(command_name):
@@ -203,7 +467,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
             
             # Execute command
             try:
-                result = await execute_command(command_name, params, request_id)
+                result = await execute_command(command_name, params, request_id, request)
                 return {"result": result}
             except MicroserviceError as e:
                 # Handle command execution errors
@@ -270,7 +534,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
         request_id = getattr(request.state, "request_id", None)
         
         try:
-            result = await execute_command(command_name, params, request_id)
+            result = await execute_command(command_name, params, request_id, request)
             return result
         except MicroserviceError as e:
             # Convert to proper HTTP status code
@@ -441,10 +705,3 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
             )
     
     return app
-
-
-
-
-
-# Create global application instance
-app = create_app()

mcp_proxy_adapter/api/handlers.py

@@ -17,7 +17,7 @@ from mcp_proxy_adapter.core.errors import (
 from mcp_proxy_adapter.core.logging import logger, RequestLogger, get_logger
 
 
-async def execute_command(command_name: str, params: Dict[str, Any], request_id: Optional[str] = None) -> Dict[str, Any]:
+async def execute_command(command_name: str, params: Dict[str, Any], request_id: Optional[str] = None, request: Optional[Request] = None) -> Dict[str, Any]:
     """
     Executes a command with the specified name and parameters.
 
@@ -39,17 +39,43 @@ async def execute_command(command_name: str, params: Dict[str, Any], request_id:
     try:
         log.info(f"Executing command: {command_name}")
         
+        # Execute before command hooks
+        try:
+            from mcp_proxy_adapter.commands.hooks import hooks
+            hooks.execute_before_command_hooks(command_name, params)
+            log.debug(f"Executed before command hooks for: {command_name}")
+        except Exception as e:
+            log.warning(f"Failed to execute before command hooks: {e}")
+        
         # Get command class from registry and execute with parameters
         start_time = time.time()
         
         # Use Command.run that handles instances with dependencies properly
-        command_class = registry.get_command_with_priority(command_name)
-        result = await command_class.run(**params)
+        command_class = registry.get_command(command_name)
+        
+        # Create context with user info from request state
+        context = {}
+        if request and hasattr(request.state, 'user_id'):
+            context['user'] = {
+                'id': getattr(request.state, 'user_id', None),
+                'role': getattr(request.state, 'user_role', 'guest'),
+                'roles': getattr(request.state, 'user_roles', ['guest']),
+                'permissions': getattr(request.state, 'user_permissions', ['read'])
+            }
+        
+        result = await command_class.run(**params, context=context)
         
         execution_time = time.time() - start_time
         
         log.info(f"Command '{command_name}' executed in {execution_time:.3f} sec")
         
+        # Execute after command hooks
+        try:
+            hooks.execute_after_command_hooks(command_name, params, result)
+            log.debug(f"Executed after command hooks for: {command_name}")
+        except Exception as e:
+            log.warning(f"Failed to execute after command hooks: {e}")
+        
         # Return result
         return result.to_dict()
     except NotFoundError as e:
@@ -82,13 +108,13 @@ async def handle_batch_json_rpc(batch_requests: List[Dict[str, Any]], request: O
     
     for request_data in batch_requests:
         # Process each request in the batch
-        response = await handle_json_rpc(request_data, request_id)
+        response = await handle_json_rpc(request_data, request_id, request)
         responses.append(response)
     
     return responses
 
 
-async def handle_json_rpc(request_data: Dict[str, Any], request_id: Optional[str] = None) -> Dict[str, Any]:
+async def handle_json_rpc(request_data: Dict[str, Any], request_id: Optional[str] = None, request: Optional[Request] = None) -> Dict[str, Any]:
     """
     Handles JSON-RPC request.
 
@@ -124,7 +150,7 @@ async def handle_json_rpc(request_data: Dict[str, Any], request_id: Optional[str
     
     try:
         # Execute command
-        result = await execute_command(method, params, request_id)
+        result = await execute_command(method, params, request_id, request)
         
         # Form successful response
         return {

mcp_proxy_adapter/api/middleware/__init__.py

@@ -3,47 +3,53 @@ Middleware package for API.
 This package contains middleware components for request processing.
 """
 
+from typing import Dict, Any, Optional
 from fastapi import FastAPI
 
 from mcp_proxy_adapter.core.logging import logger
+from mcp_proxy_adapter.config import config
 from .base import BaseMiddleware
-from .logging import LoggingMiddleware
-from .error_handling import ErrorHandlingMiddleware
-from .auth import AuthMiddleware
-from .rate_limit import RateLimitMiddleware
-from .performance import PerformanceMiddleware
+from .factory import MiddlewareFactory
+from .protocol_middleware import setup_protocol_middleware
 
-def setup_middleware(app: FastAPI) -> None:
+def setup_middleware(app: FastAPI, app_config: Optional[Dict[str, Any]] = None) -> None:
     """
-    Sets up middleware for application.
+    Sets up middleware for application using the new middleware factory.
 
     Args:
         app: FastAPI application instance.
+        app_config: Application configuration dictionary (optional)
     """
-    # Add error handling middleware first (last to execute)
-    app.add_middleware(ErrorHandlingMiddleware)
+    # Use provided configuration or fallback to global config
+    current_config = app_config if app_config is not None else config.get_all()
     
-    # Add logging middleware
-    app.add_middleware(LoggingMiddleware)
-    
-    # Add rate limiting middleware if configured
-    from mcp_proxy_adapter.config import config
-    if config.get("rate_limit_enabled", False):
-        app.add_middleware(
-            RateLimitMiddleware,
-            rate_limit=config.get("rate_limit", 100),
-            time_window=config.get("rate_limit_window", 60)
-        )
-    
-    # Добавляем authentication middleware с явным указанием auth_enabled
-    auth_enabled = config.get("auth_enabled", False)
-    app.add_middleware(
-        AuthMiddleware,
-        api_keys=config.get("api_keys", {}),
-        auth_enabled=auth_enabled
-    )
-
-    # Add performance middleware
-    app.add_middleware(PerformanceMiddleware)
+    # Add protocol middleware FIRST (before other middleware)
+    setup_protocol_middleware(app, current_config)
+
+    # Create middleware factory
+    factory = MiddlewareFactory(app, current_config)
+
+    # Validate middleware configuration
+    if not factory.validate_middleware_config():
+        logger.error("Middleware configuration validation failed")
+        raise SystemExit(1)
+
+    logger.info("Using unified security middleware")
+    middleware_list = factory.create_all_middleware()
+
+    # Add middleware to application AFTER protocol middleware
+    for middleware in middleware_list:
+        # For ASGI middleware, we need to wrap the application
+        if hasattr(middleware, 'dispatch'):
+            # This is a proper ASGI middleware
+            app.middleware("http")(middleware.dispatch)
+        else:
+            logger.warning(f"Middleware {middleware.__class__.__name__} doesn't have dispatch method")
     
-    logger.info(f"Middleware setup completed. Auth enabled: {auth_enabled}") 
+    # Log middleware information
+    middleware_info = factory.get_middleware_info()
+    logger.info(f"Middleware setup completed:")
+    logger.info(f"  - Total middleware: {middleware_info['total_middleware']}")
+    logger.info(f"  - Types: {', '.join(middleware_info['middleware_types'])}")
+    logger.info(f"  - Security enabled: {middleware_info['security_enabled']}")
+