mcp-proxy-adapter 4.1.1__py3-none-any.whl → 6.1.0__py3-none-any.whl

mcp_proxy_adapter/api/middleware/transport_middleware.py

@@ -0,0 +1,122 @@
+"""
+Transport Middleware Module
+
+This module provides middleware for transport validation in the MCP Proxy Adapter.
+"""
+
+from typing import Callable
+from fastapi import Request, Response
+from fastapi.responses import JSONResponse
+from starlette.middleware.base import BaseHTTPMiddleware
+
+from mcp_proxy_adapter.core.transport_manager import transport_manager
+from mcp_proxy_adapter.core.logging import logger
+
+
+class TransportMiddleware(BaseHTTPMiddleware):
+    """Middleware for transport validation."""
+    
+    def __init__(self, app, transport_manager_instance=None):
+        """
+        Initialize transport middleware.
+        
+        Args:
+            app: FastAPI application
+            transport_manager_instance: Transport manager instance (optional)
+        """
+        super().__init__(app)
+        self.transport_manager = transport_manager_instance or transport_manager
+    
+    async def dispatch(self, request: Request, call_next: Callable) -> Response:
+        """
+        Process request through transport middleware.
+        
+        Args:
+            request: Incoming request
+            call_next: Next middleware/endpoint
+            
+        Returns:
+            Response from next middleware/endpoint or error response
+        """
+        # Determine transport type from request
+        transport_type = self._get_request_transport_type(request)
+        
+        # Check if request matches configured transport
+        if not self._is_transport_allowed(transport_type):
+            configured_type = self.transport_manager.get_transport_type()
+            configured_type_str = configured_type.value if configured_type else "not configured"
+            logger.warning(f"Transport not allowed: {transport_type} for {request.url}")
+            return JSONResponse(
+                status_code=403,
+                content={
+                    "error": "Transport not allowed",
+                    "message": f"Transport '{transport_type}' is not allowed. Configured transport: {configured_type_str}",
+                    "configured_transport": configured_type_str,
+                    "request_url": str(request.url)
+                }
+            )
+        
+        # Add transport info to request state
+        request.state.transport_type = transport_type
+        request.state.transport_allowed = True
+        
+        response = await call_next(request)
+        return response
+    
+    def _get_request_transport_type(self, request: Request) -> str:
+        """
+        Determine transport type from request.
+        
+        Args:
+            request: Incoming request
+            
+        Returns:
+            Transport type string
+        """
+        if request.url.scheme == "https":
+            # Check for client certificate for MTLS
+            if self._has_client_certificate(request):
+                return "mtls"
+            return "https"
+        return "http"
+    
+    def _has_client_certificate(self, request: Request) -> bool:
+        """
+        Check if request has client certificate.
+        
+        Args:
+            request: Incoming request
+            
+        Returns:
+            True if client certificate is present, False otherwise
+        """
+        # Check for client certificate in request headers or SSL context
+        # This is a simplified check - in production, you might need more sophisticated detection
+        client_cert_header = request.headers.get("ssl-client-cert")
+        if client_cert_header:
+            return True
+        
+        # Check if request has SSL client certificate context
+        if hasattr(request, "client") and request.client:
+            # In a real implementation, you would check the SSL context
+            # For now, we'll assume HTTPS with client cert is MTLS
+            return self.transport_manager.is_mtls()
+        
+        return False
+    
+    def _is_transport_allowed(self, transport_type: str) -> bool:
+        """
+        Check if transport type is allowed.
+        
+        Args:
+            transport_type: Transport type to check
+            
+        Returns:
+            True if transport is allowed, False otherwise
+        """
+        configured_type = self.transport_manager.get_transport_type()
+        if not configured_type:
+            logger.error("Transport not configured")
+            return False
+        
+        return transport_type == configured_type.value 

mcp_proxy_adapter/api/middleware/unified_security.py

@@ -0,0 +1,152 @@
+"""
+Unified Security Middleware - Direct Framework Integration
+
+This middleware now directly uses mcp_security_framework components
+instead of custom implementations.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import time
+import logging
+from typing import Dict, Any, Optional, Callable, Awaitable
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware
+
+# Direct import from framework
+try:
+    from mcp_security_framework.middleware.fastapi_middleware import FastAPISecurityMiddleware
+    from mcp_security_framework import SecurityManager
+    from mcp_security_framework.schemas.config import SecurityConfig
+    SECURITY_FRAMEWORK_AVAILABLE = True
+except ImportError:
+    SECURITY_FRAMEWORK_AVAILABLE = False
+    FastAPISecurityMiddleware = None
+    SecurityManager = None
+    SecurityConfig = None
+
+from mcp_proxy_adapter.core.logging import logger
+from mcp_proxy_adapter.core.security_integration import create_security_integration
+
+
+class SecurityValidationError(Exception):
+    """Security validation error."""
+    
+    def __init__(self, message: str, error_code: int):
+        self.message = message
+        self.error_code = error_code
+        super().__init__(self.message)
+
+
+class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
+    """
+    Unified security middleware using mcp_security_framework.
+    
+    This middleware now directly uses the security framework's FastAPI middleware
+    and components instead of custom implementations.
+    """
+    
+    def __init__(self, app, config: Dict[str, Any]):
+        """
+        Initialize unified security middleware.
+        
+        Args:
+            app: FastAPI application
+            config: mcp_proxy_adapter configuration dictionary
+        """
+        super().__init__(app)
+        self.config = config
+        
+        # Create security integration
+        try:
+            self.security_integration = create_security_integration(config)
+            # Use framework's FastAPI middleware
+            self.framework_middleware = self.security_integration.create_fastapi_middleware(app)
+            logger.info("Using mcp_security_framework FastAPI middleware")
+        except Exception as e:
+            logger.error(f"Security framework integration failed: {e}")
+            raise RuntimeError("Security framework integration failed - framework must be available for production use") from e
+        
+        logger.info("Unified security middleware initialized with mcp_security_framework")
+    
+    async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
+        """
+        Process request using framework middleware.
+        
+        Args:
+            request: Request object
+            call_next: Next handler
+            
+        Returns:
+            Response object
+        """
+        try:
+            # Use framework middleware only
+            return await self.framework_middleware.dispatch(request, call_next)
+            
+        except SecurityValidationError as e:
+            # Handle security validation errors
+            return await self._handle_security_error(request, e)
+        except Exception as e:
+            # Handle other errors
+            logger.error(f"Unexpected error in unified security middleware: {e}")
+            return await self._handle_general_error(request, e)
+    
+
+    
+    async def _handle_security_error(self, request: Request, error: SecurityValidationError) -> Response:
+        """
+        Handle security validation errors.
+        
+        Args:
+            request: Request object
+            error: Security validation error
+            
+        Returns:
+            Error response
+        """
+        from fastapi.responses import JSONResponse
+        
+        error_response = {
+            "error": {
+                "code": error.error_code,
+                "message": error.message,
+                "type": "security_validation_error"
+            }
+        }
+        
+        logger.warning(f"Security validation failed: {error.message}")
+        
+        return JSONResponse(
+            status_code=error.error_code,
+            content=error_response
+        )
+    
+    async def _handle_general_error(self, request: Request, error: Exception) -> Response:
+        """
+        Handle general errors.
+        
+        Args:
+            request: Request object
+            error: General error
+            
+        Returns:
+            Error response
+        """
+        from fastapi.responses import JSONResponse
+        
+        error_response = {
+                "error": {
+                "code": 500,
+                    "message": "Internal server error",
+                "type": "general_error"
+            }
+        }
+        
+        logger.error(f"General error in security middleware: {error}")
+        
+        return JSONResponse(
+            status_code=500,
+            content=error_response
+        )

mcp_proxy_adapter/api/middleware/user_info_middleware.py

@@ -0,0 +1,83 @@
+"""
+User Info Middleware
+
+This middleware extracts user information from authentication headers
+and sets it in request.state for use by commands.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import logging
+from typing import Dict, Any, Optional, Callable, Awaitable
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware
+
+from mcp_proxy_adapter.core.logging import logger
+
+
+class UserInfoMiddleware(BaseHTTPMiddleware):
+    """
+    Middleware for setting user information in request.state.
+    
+    This middleware extracts user information from authentication headers
+    and sets it in request.state for use by commands.
+    """
+    
+    def __init__(self, app, config: Dict[str, Any]):
+        """
+        Initialize user info middleware.
+        
+        Args:
+            app: FastAPI application
+            config: Configuration dictionary
+        """
+        super().__init__(app)
+        self.config = config
+        
+        # Get API keys configuration
+        security_config = config.get("security", {})
+        auth_config = security_config.get("auth", {})
+        self.api_keys = auth_config.get("api_keys", {})
+        
+        logger.info("User info middleware initialized")
+    
+    async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
+        """
+        Process request and set user info in request.state.
+        
+        Args:
+            request: Request object
+            call_next: Next handler
+            
+        Returns:
+            Response object
+        """
+        # Extract API key from headers
+        api_key = request.headers.get("X-API-Key")
+        
+        if api_key and api_key in self.api_keys:
+            # Get user info from API key configuration
+            user_config = self.api_keys[api_key]
+            
+            # Set user info in request.state
+            request.state.user = {
+                "id": api_key,
+                "role": user_config.get("roles", ["guest"])[0] if user_config.get("roles") else "guest",
+                "roles": user_config.get("roles", ["guest"]),
+                "permissions": user_config.get("permissions", ["read"])
+            }
+            
+            logger.debug(f"Set user info for {api_key}: {request.state.user}")
+        else:
+            # Set default guest user info
+            request.state.user = {
+                "id": None,
+                "role": "guest",
+                "roles": ["guest"],
+                "permissions": ["read"]
+            }
+            
+            logger.debug("Set default guest user info")
+        
+        return await call_next(request)

mcp_proxy_adapter/commands/__init__.py

@@ -6,9 +6,15 @@ from mcp_proxy_adapter.commands.base import Command
 from mcp_proxy_adapter.commands.command_registry import registry, CommandRegistry
 from mcp_proxy_adapter.commands.dependency_container import container, DependencyContainer
 from mcp_proxy_adapter.commands.result import CommandResult, SuccessResult, ErrorResult
-
-# Automatically discover and register commands
-registry.discover_commands()
+from mcp_proxy_adapter.commands.auth_validation_command import AuthValidationCommand
+from mcp_proxy_adapter.commands.ssl_setup_command import SSLSetupCommand
+from mcp_proxy_adapter.commands.certificate_management_command import CertificateManagementCommand
+from mcp_proxy_adapter.commands.key_management_command import KeyManagementCommand
+from mcp_proxy_adapter.commands.cert_monitor_command import CertMonitorCommand
+from mcp_proxy_adapter.commands.transport_management_command import TransportManagementCommand
+from mcp_proxy_adapter.commands.role_test_command import RoleTestCommand
+from mcp_proxy_adapter.commands.echo_command import EchoCommand
+from mcp_proxy_adapter.commands.proxy_registration_command import ProxyRegistrationCommand
 
 __all__ = [
     "Command",
@@ -18,5 +24,14 @@ __all__ = [
     "registry",
     "CommandRegistry",
     "container",
-    "DependencyContainer"
+    "DependencyContainer",
+    "AuthValidationCommand",
+    "SSLSetupCommand",
+    "CertificateManagementCommand",
+    "KeyManagementCommand",
+    "CertMonitorCommand",
+    "TransportManagementCommand",
+    "RoleTestCommand",
+    "EchoCommand",
+    "ProxyRegistrationCommand"
 ]