mcp-proxy-adapter 4.1.1__py3-none-any.whl → 6.0.1__py3-none-any.whl

mcp_proxy_adapter/api/middleware/command_permission_middleware.py

@@ -0,0 +1,148 @@
+"""
+Command Permission Middleware
+
+This middleware checks permissions for specific commands based on user roles.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import json
+import logging
+from typing import Dict, Any, Optional, Callable, Awaitable
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware
+
+from mcp_proxy_adapter.core.logging import logger
+
+
+class CommandPermissionMiddleware(BaseHTTPMiddleware):
+    """
+    Middleware for checking command permissions.
+    
+    This middleware checks if the authenticated user has the required
+    permissions to execute specific commands.
+    """
+    
+    def __init__(self, app, config: Dict[str, Any]):
+        """
+        Initialize command permission middleware.
+        
+        Args:
+            app: FastAPI application
+            config: Configuration dictionary
+        """
+        super().__init__(app)
+        self.config = config
+        
+        # Define command permissions
+        self.command_permissions = {
+            "echo": ["read"],
+            "health": ["read"],
+            "role_test": ["read"],
+            "config": ["read"],
+            "help": ["read"],
+            # Add more commands as needed
+        }
+        
+        logger.info("Command permission middleware initialized")
+    
+    async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
+        """
+        Process request and check command permissions.
+        
+        Args:
+            request: Request object
+            call_next: Next handler
+            
+        Returns:
+            Response object
+        """
+        # Only check permissions for /cmd endpoint
+        if request.url.path != "/cmd":
+            return await call_next(request)
+        
+        try:
+            # Get request body
+            body = await request.body()
+            if not body:
+                return await call_next(request)
+            
+            # Parse JSON-RPC request
+            try:
+                data = json.loads(body)
+            except json.JSONDecodeError:
+                return await call_next(request)
+            
+            # Extract method (command name)
+            method = data.get("method")
+            if not method:
+                return await call_next(request)
+            
+            # Check if method requires permissions
+            if method not in self.command_permissions:
+                return await call_next(request)
+            
+            required_permissions = self.command_permissions[method]
+            
+            # Get user info from request state
+            user_info = getattr(request.state, "user", None)
+            if not user_info:
+                logger.warning(f"No user info found for command {method}")
+                return await call_next(request)
+            
+            user_roles = user_info.get("roles", [])
+            user_permissions = user_info.get("permissions", [])
+            
+            logger.debug(f"Checking permissions for {method}: user_roles={user_roles}, required={required_permissions}")
+            
+            # Check if user has required permissions
+            has_permission = self._check_permissions(user_roles, user_permissions, required_permissions)
+            
+            if not has_permission:
+                logger.warning(f"Permission denied for {method}: user_roles={user_roles}, required={required_permissions}")
+                
+                # Return permission denied response
+                error_response = {
+                    "error": {
+                        "code": 403,
+                        "message": f"Permission denied: {method} requires {required_permissions}",
+                        "type": "permission_denied"
+                    }
+                }
+                
+                return Response(
+                    content=json.dumps(error_response),
+                    status_code=403,
+                    media_type="application/json"
+                )
+            
+            logger.debug(f"Permission granted for {method}")
+            return await call_next(request)
+            
+        except Exception as e:
+            logger.error(f"Error in command permission middleware: {e}")
+            return await call_next(request)
+    
+    def _check_permissions(self, user_roles: list, user_permissions: list, required_permissions: list) -> bool:
+        """
+        Check if user has required permissions.
+        
+        Args:
+            user_roles: User roles
+            user_permissions: User permissions
+            required_permissions: Required permissions
+            
+        Returns:
+            True if user has required permissions
+        """
+        # Admin has all permissions
+        if "admin" in user_roles or "*" in user_permissions:
+            return True
+        
+        # Check if user has all required permissions
+        for required in required_permissions:
+            if required not in user_permissions:
+                return False
+        
+        return True

mcp_proxy_adapter/api/middleware/error_handling.py

@@ -17,6 +17,15 @@ class ErrorHandlingMiddleware(BaseMiddleware):
     Middleware for handling and formatting errors.
     """
     
+    def __init__(self, app):
+        """
+        Initialize error handling middleware.
+        
+        Args:
+            app: FastAPI application
+        """
+        super().__init__(app)
+    
     async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
         """
         Processes request and catches errors.

mcp_proxy_adapter/api/middleware/factory.py

@@ -0,0 +1,243 @@
+"""
+Middleware Factory for creating and managing middleware components.
+
+This module provides a factory for creating middleware components with proper
+configuration and dependency management.
+"""
+
+import logging
+from typing import Dict, Any, List, Optional, Type
+
+from fastapi import FastAPI
+
+from mcp_proxy_adapter.core.logging import logger
+from mcp_proxy_adapter.core.security_factory import SecurityFactory
+from .base import BaseMiddleware
+from .unified_security import UnifiedSecurityMiddleware
+from .error_handling import ErrorHandlingMiddleware
+from .logging import LoggingMiddleware
+from .user_info_middleware import UserInfoMiddleware
+
+
+class MiddlewareFactory:
+    """
+    Factory for creating and managing middleware components.
+    
+    Provides methods to create middleware components with proper configuration
+    and dependency management.
+    """
+    
+    def __init__(self, app: FastAPI, config: Dict[str, Any]):
+        """
+        Initialize middleware factory.
+        
+        Args:
+            app: FastAPI application
+            config: Application configuration
+        """
+        self.app = app
+        self.config = config
+        self.middleware_stack: List[BaseMiddleware] = []
+        
+        logger.info("Middleware factory initialized")
+    
+    def create_security_middleware(self) -> Optional[UnifiedSecurityMiddleware]:
+        """
+        Create unified security middleware.
+        
+        Returns:
+            UnifiedSecurityMiddleware instance or None if creation failed
+        """
+        try:
+            security_config = self.config.get("security", {})
+            
+            if not security_config.get("enabled", True):
+                logger.info("Security middleware disabled by configuration")
+                return None
+            
+            middleware = UnifiedSecurityMiddleware(self.app, self.config)
+            self.middleware_stack.append(middleware)
+            
+            logger.info("Unified security middleware created successfully")
+            return middleware
+            
+        except Exception as e:
+            logger.error(f"Failed to create unified security middleware: {e}")
+            return None
+    
+    def create_error_handling_middleware(self) -> Optional[ErrorHandlingMiddleware]:
+        """
+        Create error handling middleware.
+        
+        Returns:
+            ErrorHandlingMiddleware instance or None if creation failed
+        """
+        try:
+            # Import here to avoid circular imports
+            from .error_handling import ErrorHandlingMiddleware
+            
+            middleware = ErrorHandlingMiddleware(self.app)
+            self.middleware_stack.append(middleware)
+            
+            logger.info("Error handling middleware created successfully")
+            return middleware
+            
+        except Exception as e:
+            logger.error(f"Failed to create error handling middleware: {e}")
+            return None
+    
+    def create_logging_middleware(self) -> Optional[LoggingMiddleware]:
+        """
+        Create logging middleware.
+        
+        Returns:
+            LoggingMiddleware instance or None if creation failed
+        """
+        try:
+            # Import here to avoid circular imports
+            from .logging import LoggingMiddleware
+            
+            middleware = LoggingMiddleware(self.app, self.config)
+            self.middleware_stack.append(middleware)
+            
+            logger.info("Logging middleware created successfully")
+            return middleware
+            
+        except Exception as e:
+            logger.error(f"Failed to create logging middleware: {e}")
+            return None
+    
+    def create_user_info_middleware(self) -> Optional[UserInfoMiddleware]:
+        """
+        Create user info middleware.
+        
+        Returns:
+            UserInfoMiddleware instance or None if creation failed
+        """
+        try:
+            middleware = UserInfoMiddleware(self.app, self.config)
+            self.middleware_stack.append(middleware)
+            
+            logger.info("User info middleware created successfully")
+            return middleware
+            
+        except Exception as e:
+            logger.error(f"Failed to create user info middleware: {e}")
+            return None
+    
+
+    
+    def create_all_middleware(self) -> List[BaseMiddleware]:
+        """
+        Create all required middleware components.
+        
+        Returns:
+            List of created middleware instances
+        """
+        middleware_list = []
+        
+        # Create security middleware (unified)
+        security_middleware = self.create_security_middleware()
+        if security_middleware:
+            middleware_list.append(security_middleware)
+        
+        # Create error handling middleware
+        error_middleware = self.create_error_handling_middleware()
+        if error_middleware:
+            middleware_list.append(error_middleware)
+        
+        # Create logging middleware
+        logging_middleware = self.create_logging_middleware()
+        if logging_middleware:
+            middleware_list.append(logging_middleware)
+        
+        # Create user info middleware
+        user_info_middleware = self.create_user_info_middleware()
+        if user_info_middleware:
+            middleware_list.append(user_info_middleware)
+        
+        logger.info(f"Created {len(middleware_list)} middleware components")
+        return middleware_list
+    
+
+    
+    def get_middleware_by_type(self, middleware_type: Type[BaseMiddleware]) -> Optional[BaseMiddleware]:
+        """
+        Get middleware instance by type.
+        
+        Args:
+            middleware_type: Type of middleware to find
+            
+        Returns:
+            Middleware instance or None if not found
+        """
+        for middleware in self.middleware_stack:
+            if isinstance(middleware, middleware_type):
+                return middleware
+        return None
+    
+    def get_security_middleware(self) -> Optional[UnifiedSecurityMiddleware]:
+        """
+        Get unified security middleware instance.
+        
+        Returns:
+            UnifiedSecurityMiddleware instance or None if not found
+        """
+        return self.get_middleware_by_type(UnifiedSecurityMiddleware)
+    
+    def validate_middleware_config(self) -> bool:
+        """
+        Validate middleware configuration.
+        
+        Returns:
+            True if configuration is valid, False otherwise
+        """
+        try:
+            security_config = self.config.get("security", {})
+            
+            # Validate security configuration
+            if not SecurityFactory.validate_config(self.config):
+                logger.error("Security configuration validation failed")
+                return False
+            
+            # Validate middleware-specific configurations
+            if security_config.get("enabled", True):
+                # Check required fields for security middleware
+                auth_config = security_config.get("auth", {})
+                if not isinstance(auth_config, dict):
+                    logger.error("Auth configuration must be a dictionary")
+                    return False
+                
+                ssl_config = security_config.get("ssl", {})
+                if not isinstance(ssl_config, dict):
+                    logger.error("SSL configuration must be a dictionary")
+                    return False
+            
+            logger.info("Middleware configuration validation passed")
+            return True
+            
+        except Exception as e:
+            logger.error(f"Middleware configuration validation failed: {e}")
+            return False
+    
+    def get_middleware_info(self) -> Dict[str, Any]:
+        """
+        Get information about created middleware.
+        
+        Returns:
+            Dictionary with middleware information
+        """
+        info = {
+            "total_middleware": len(self.middleware_stack),
+            "middleware_types": [],
+            "security_enabled": False
+        }
+        
+        for middleware in self.middleware_stack:
+            middleware_type = type(middleware).__name__
+            info["middleware_types"].append(middleware_type)
+            
+            if isinstance(middleware, UnifiedSecurityMiddleware):
+                info["security_enabled"] = True
+        
+        return info

mcp_proxy_adapter/api/middleware/logging.py

@@ -5,7 +5,7 @@ Middleware for request logging.
 import time
 import json
 import uuid
-from typing import Callable, Awaitable
+from typing import Callable, Awaitable, Dict, Any
 
 from fastapi import Request, Response
 
@@ -17,6 +17,17 @@ class LoggingMiddleware(BaseMiddleware):
     Middleware for logging requests and responses.
     """
     
+    def __init__(self, app, config: Dict[str, Any] = None):
+        """
+        Initialize logging middleware.
+        
+        Args:
+            app: FastAPI application
+            config: Application configuration (optional)
+        """
+        super().__init__(app)
+        self.config = config or {}
+    
     async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
         """
         Processes request and logs information about it.
@@ -43,7 +54,13 @@ class LoggingMiddleware(BaseMiddleware):
         url = str(request.url)
         client_host = request.client.host if request.client else "unknown"
         
-        req_logger.info(f"Request started: {method} {url} | Client: {client_host}")
+        # Check if this is an OpenAPI schema request (should be logged at DEBUG level)
+        is_openapi_request = "/openapi.json" in url
+        
+        if is_openapi_request:
+            req_logger.debug(f"Request started: {method} {url} | Client: {client_host}")
+        else:
+            req_logger.info(f"Request started: {method} {url} | Client: {client_host}")
         
         # Log request body if not GET or HEAD
         if method not in ["GET", "HEAD"]:
@@ -79,8 +96,12 @@ class LoggingMiddleware(BaseMiddleware):
             process_time = time.time() - start_time
             status_code = response.status_code
             
-            req_logger.info(f"Request completed: {method} {url} | Status: {status_code} | "
-                            f"Time: {process_time:.3f}s")
+            if is_openapi_request:
+                req_logger.debug(f"Request completed: {method} {url} | Status: {status_code} | "
+                                f"Time: {process_time:.3f}s")
+            else:
+                req_logger.info(f"Request completed: {method} {url} | Status: {status_code} | "
+                                f"Time: {process_time:.3f}s")
             
             # Add request ID to response headers
             response.headers["X-Request-ID"] = request_id
@@ -90,7 +111,12 @@ class LoggingMiddleware(BaseMiddleware):
         except Exception as e:
             # Log error
             process_time = time.time() - start_time
-            req_logger.error(f"Request failed: {method} {url} | Error: {str(e)} | "
-                            f"Time: {process_time:.3f}s")
+            
+            if is_openapi_request:
+                req_logger.debug(f"Request failed: {method} {url} | Error: {str(e)} | "
+                                f"Time: {process_time:.3f}s")
+            else:
+                req_logger.error(f"Request failed: {method} {url} | Error: {str(e)} | "
+                                f"Time: {process_time:.3f}s")
             
             raise 

mcp_proxy_adapter/api/middleware/protocol_middleware.py

@@ -0,0 +1,201 @@
+"""
+Protocol middleware module.
+
+This module provides middleware for validating protocol access based on configuration.
+"""
+
+from typing import Callable, Dict, Any, Optional
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import JSONResponse
+
+from mcp_proxy_adapter.core.protocol_manager import get_protocol_manager
+from mcp_proxy_adapter.core.logging import logger
+
+
+class ProtocolMiddleware(BaseHTTPMiddleware):
+    """
+    Middleware for protocol validation.
+    
+    This middleware checks if the incoming request protocol is allowed
+    based on the protocol configuration.
+    """
+    
+    def __init__(self, app, app_config: Optional[Dict[str, Any]] = None):
+        """
+        Initialize protocol middleware.
+
+        Args:
+            app: FastAPI application
+            app_config: Application configuration dictionary (optional)
+        """
+        super().__init__(app)
+        # Normalize config to dictionary
+        normalized_config: Optional[Dict[str, Any]]
+        if app_config is None:
+            normalized_config = None
+        elif hasattr(app_config, 'get_all'):
+            try:
+                normalized_config = app_config.get_all()
+            except Exception as e:
+                logger.debug(f"ProtocolMiddleware - Error calling get_all(): {e}, type: {type(app_config)}")
+                normalized_config = None
+        elif hasattr(app_config, 'keys'):
+            normalized_config = app_config  # Already dict-like
+        else:
+            logger.debug(f"ProtocolMiddleware - app_config is not dict-like, type: {type(app_config)}, value: {repr(app_config)}")
+            normalized_config = None
+
+        logger.debug(f"ProtocolMiddleware - normalized_config type: {type(normalized_config)}")
+        if normalized_config:
+            logger.debug(f"ProtocolMiddleware - protocols in config: {'protocols' in normalized_config}")
+            if 'protocols' in normalized_config:
+                logger.debug(f"ProtocolMiddleware - protocols type: {type(normalized_config['protocols'])}")
+
+        self.app_config = normalized_config
+        # Get protocol manager with current configuration
+        self.protocol_manager = get_protocol_manager(normalized_config)
+    
+    def update_config(self, new_config: Dict[str, Any]):
+        """
+        Update configuration and reload protocol manager.
+        
+        Args:
+            new_config: New configuration dictionary
+        """
+        # Normalize new config
+        if hasattr(new_config, 'get_all'):
+            try:
+                self.app_config = new_config.get_all()
+            except Exception:
+                self.app_config = None
+        elif hasattr(new_config, 'keys'):
+            self.app_config = new_config
+        else:
+            self.app_config = None
+        self.protocol_manager = get_protocol_manager(self.app_config)
+        logger.info("Protocol middleware configuration updated")
+    
+    async def dispatch(self, request: Request, call_next: Callable) -> Response:
+        """
+        Process request through protocol middleware.
+
+        Args:
+            request: Incoming request
+            call_next: Next middleware/endpoint function
+
+        Returns:
+            Response object
+        """
+        logger.debug(f"ProtocolMiddleware.dispatch called for {request.method} {request.url.path}")
+        try:
+            # Get protocol from request
+            protocol = self._get_request_protocol(request)
+            
+            # Check if protocol is allowed
+            if not self.protocol_manager.is_protocol_allowed(protocol):
+                logger.warning(f"Protocol '{protocol}' not allowed for request to {request.url.path}")
+                return JSONResponse(
+                    status_code=403,
+                    content={
+                        "error": "Protocol not allowed",
+                        "message": f"Protocol '{protocol}' is not allowed. Allowed protocols: {self.protocol_manager.get_allowed_protocols()}",
+                        "allowed_protocols": self.protocol_manager.get_allowed_protocols()
+                    }
+                )
+            
+            # Continue processing
+            response = await call_next(request)
+            return response
+            
+        except Exception as e:
+            logger.error(f"Protocol middleware error: {e}")
+            return JSONResponse(
+                status_code=500,
+                content={
+                    "error": "Protocol validation error",
+                    "message": str(e)
+                }
+            )
+    
+    def _get_request_protocol(self, request: Request) -> str:
+        """
+        Extract protocol from request.
+        
+        Args:
+            request: FastAPI request object
+            
+        Returns:
+            Protocol name (http, https, mtls)
+        """
+        # Check if request is secure (HTTPS)
+        if request.url.scheme:
+            scheme = request.url.scheme.lower()
+            
+            # If HTTPS, check if client certificate is provided (MTLS)
+            if scheme == "https":
+                # Check for client certificate in headers or SSL context
+                if hasattr(request, 'scope') and 'ssl' in request.scope:
+                    ssl_context = request.scope.get('ssl')
+                    if ssl_context and hasattr(ssl_context, 'getpeercert'):
+                        try:
+                            cert = ssl_context.getpeercert()
+                            if cert:
+                                return "mtls"
+                        except:
+                            pass
+                
+                # Check for client certificate in headers
+                if request.headers.get("ssl-client-cert") or request.headers.get("x-client-cert"):
+                    return "mtls"
+                
+                return "https"
+            
+            return scheme
+        
+        # Fallback to checking headers
+        if request.headers.get("x-forwarded-proto"):
+            return request.headers.get("x-forwarded-proto").lower()
+        
+        # Default to HTTP
+        return "http"
+
+
+def setup_protocol_middleware(app, app_config: Optional[Dict[str, Any]] = None):
+    """
+    Setup protocol middleware for FastAPI application.
+
+    Args:
+        app: FastAPI application
+        app_config: Application configuration dictionary (optional)
+    """
+    logger.debug(f"setup_protocol_middleware - app_config type: {type(app_config)}")
+
+    # Check if protocol management is enabled
+    if app_config is None:
+        from mcp_proxy_adapter.config import config
+        app_config = config.get_all()
+        logger.debug(f"setup_protocol_middleware - loaded from global config, type: {type(app_config)}")
+
+    logger.debug(f"setup_protocol_middleware - final app_config type: {type(app_config)}")
+
+    if hasattr(app_config, 'get'):
+        logger.debug(f"setup_protocol_middleware - app_config keys: {list(app_config.keys()) if hasattr(app_config, 'keys') else 'no keys'}")
+        protocols_config = app_config.get("protocols", {})
+        logger.debug(f"setup_protocol_middleware - protocols_config type: {type(protocols_config)}")
+        enabled = protocols_config.get("enabled", True) if hasattr(protocols_config, 'get') else True
+    else:
+        logger.debug(f"setup_protocol_middleware - app_config is not dict-like: {repr(app_config)}")
+        enabled = True
+
+    logger.debug(f"setup_protocol_middleware - protocol management enabled: {enabled}")
+
+    if enabled:
+        # Create protocol middleware with current configuration
+        logger.debug(f"setup_protocol_middleware - creating ProtocolMiddleware with config type: {type(app_config)}")
+        middleware = ProtocolMiddleware(app, app_config)
+        logger.debug(f"setup_protocol_middleware - adding middleware to app")
+        app.add_middleware(ProtocolMiddleware, app_config=app_config)
+        logger.info("Protocol middleware added to application")
+    else:
+        logger.info("Protocol management is disabled, skipping protocol middleware")