PyPI - mcp-proxy-adapter - Versions diffs - 6.0.0__py3-none-any.whl → 6.1.0__py3-none-any.whl - Mend

mcp-proxy-adapter 6.0.0py3-none-any.whl → 6.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

mcp_proxy_adapter/api/app.py CHANGED Viewed

@@ -4,6 +4,7 @@ Module for FastAPI application setup.
 import json
 import ssl
+from pathlib import Path
 from typing import Any, Dict, List, Optional, Union
 from contextlib import asynccontextmanager
@@ -23,68 +24,102 @@ from mcp_proxy_adapter.commands.command_registry import registry
 from mcp_proxy_adapter.custom_openapi import custom_openapi_with_fallback
-@asynccontextmanager
-async def lifespan(app: FastAPI):
+def create_lifespan(config_path: Optional[str] = None):
     """
-    Lifespan manager for the FastAPI application. Handles startup and shutdown events.
-    """
-    # Startup events
-    from mcp_proxy_adapter.commands.command_registry import registry
-    from mcp_proxy_adapter.core.proxy_registration import register_with_proxy, unregister_from_proxy
-    # Initialize system using unified logic
-    # This will load config, register custom commands, and discover auto-commands
-    init_result = await registry.reload_system()
-    logger.info(f"Application started with {init_result['total_commands']} commands registered")
-    logger.info(f"System initialization result: {init_result}")
-    # Register with proxy if enabled
-    server_config = config.get("server", {})
-    server_host = server_config.get("host", "0.0.0.0")
-    server_port = server_config.get("port", 8000)
-    # Determine server URL based on SSL configuration
-    ssl_config = config.get("ssl", {})
-    if ssl_config.get("enabled", False):
-        protocol = "https"
-    else:
-        protocol = "http"
-    # Use localhost for external access if host is 0.0.0.0
-    if server_host == "0.0.0.0":
-        server_host = "localhost"
+    Create lifespan manager for the FastAPI application.
-    server_url = f"{protocol}://{server_host}:{server_port}"
-    # Attempt proxy registration
-    registration_success = await register_with_proxy(server_url)
-    if registration_success:
-        logger.info("✅ Proxy registration completed successfully")
-    else:
-                    logger.info("ℹ️ Proxy registration is disabled or failed")
-    yield  # Application is running
+    Args:
+        config_path: Path to configuration file (optional)
-    # Shutdown events
-    logger.info("Application shutting down")
+    Returns:
+        Lifespan context manager
+    """
+    @asynccontextmanager
+    async def lifespan(app: FastAPI):
+        """
+        Lifespan manager for the FastAPI application. Handles startup and shutdown events.
+        """
+        # Startup events
+        from mcp_proxy_adapter.commands.command_registry import registry
+        from mcp_proxy_adapter.core.proxy_registration import register_with_proxy, unregister_from_proxy
+        # Initialize system using unified logic
+        # This will load config, register custom commands, and discover auto-commands
+        # Only reload config if not already loaded from the same path
+        if config_path:
+            init_result = await registry.reload_system(config_path=config_path)
+        else:
+            init_result = await registry.reload_system()
+        logger.info(f"Application started with {init_result['total_commands']} commands registered")
+        logger.info(f"System initialization result: {init_result}")
+        # Register with proxy if enabled
+        server_config = config.get("server", {})
+        server_host = server_config.get("host", "0.0.0.0")
+        server_port = server_config.get("port", 8000)
+        # Determine server URL based on SSL configuration
+        # Try security framework SSL config first
+        security_config = config.get("security", {})
+        ssl_config = security_config.get("ssl", {})
+        # Fallback to legacy SSL config
+        if not ssl_config.get("enabled", False):
+            ssl_config = config.get("ssl", {})
+        if ssl_config.get("enabled", False):
+            protocol = "https"
+        else:
+            protocol = "http"
+        # Use localhost for external access if host is 0.0.0.0
+        if server_host == "0.0.0.0":
+            server_host = "localhost"
+        server_url = f"{protocol}://{server_host}:{server_port}"
+        # Attempt proxy registration
+        registration_success = await register_with_proxy(server_url)
+        if registration_success:
+            logger.info("✅ Proxy registration completed successfully")
+        else:
+            logger.info("ℹ️ Proxy registration is disabled or failed")
+        yield  # Application is running
+        # Shutdown events
+        logger.info("Application shutting down")
+        # Unregister from proxy if enabled
+        unregistration_success = await unregister_from_proxy()
+        if unregistration_success:
+            logger.info("✅ Proxy unregistration completed successfully")
+        else:
+            logger.warning("⚠️ Proxy unregistration failed or was disabled")
-    # Unregister from proxy if enabled
-    unregistration_success = await unregister_from_proxy()
-    if unregistration_success:
-        logger.info("✅ Proxy unregistration completed successfully")
-    else:
-        logger.warning("⚠️ Proxy unregistration failed or was disabled")
+    return lifespan
-def create_ssl_context() -> Optional[ssl.SSLContext]:
+def create_ssl_context(app_config: Optional[Dict[str, Any]] = None) -> Optional[ssl.SSLContext]:
     """
     Create SSL context based on configuration.
+    Args:
+        app_config: Application configuration dictionary (optional)
     Returns:
         SSL context if SSL is enabled and properly configured, None otherwise
     """
-    ssl_config = config.get("ssl", {})
+    current_config = app_config if app_config is not None else config.get_all()
+    # Try security framework SSL config first
+    security_config = current_config.get("security", {})
+    ssl_config = security_config.get("ssl", {})
+    # Fallback to legacy SSL config
+    if not ssl_config.get("enabled", False):
+        ssl_config = current_config.get("ssl", {})
     if not ssl_config.get("enabled", False):
         logger.info("SSL is disabled in configuration")
@@ -117,7 +152,7 @@ def create_ssl_context() -> Optional[ssl.SSLContext]:
         return None
-def create_app(title: Optional[str] = None, description: Optional[str] = None, version: Optional[str] = None) -> FastAPI:
+def create_app(title: Optional[str] = None, description: Optional[str] = None, version: Optional[str] = None, app_config: Optional[Dict[str, Any]] = None, config_path: Optional[str] = None) -> FastAPI:
     """
     Creates and configures FastAPI application.
@@ -125,6 +160,8 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
         title: Application title (default: "MCP Proxy Adapter")
         description: Application description (default: "JSON-RPC API for interacting with MCP Proxy")
         version: Application version (default: "1.0.0")
+        app_config: Application configuration dictionary (optional)
+        config_path: Path to configuration file (optional)
     Returns:
         Configured FastAPI application.
@@ -132,47 +169,111 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
     Raises:
         SystemExit: If authentication is enabled but required files are missing (security issue)
     """
+    # Use provided configuration or fallback to global config
+    current_config = app_config if app_config is not None else config.get_all()
+    # Debug: Check what config is passed to create_app
+    if app_config:
+        print(f"🔍 Debug: create_app received app_config keys: {list(app_config.keys())}")
+        if "security" in app_config:
+            ssl_config = app_config["security"].get("ssl", {})
+            print(f"🔍 Debug: create_app SSL config: enabled={ssl_config.get('enabled', False)}")
+            print(f"🔍 Debug: create_app SSL config: cert_file={ssl_config.get('cert_file')}")
+            print(f"🔍 Debug: create_app SSL config: key_file={ssl_config.get('key_file')}")
+    else:
+        print("🔍 Debug: create_app received no app_config, using global config")
     # Security check: Validate all authentication configurations before startup
     security_errors = []
-    # Check roles configuration
-    roles_config = config.get("roles", {})
+    print(f"🔍 Debug: current_config keys: {list(current_config.keys())}")
+    if "security" in current_config:
+        print(f"🔍 Debug: security config: {current_config['security']}")
+    if "roles" in current_config:
+        print(f"🔍 Debug: roles config: {current_config['roles']}")
+    # Check security framework configuration only if enabled
+    security_config = current_config.get("security", {})
+    if security_config.get("enabled", False):
+        # Validate security framework configuration
+        from mcp_proxy_adapter.core.unified_config_adapter import UnifiedConfigAdapter
+        adapter = UnifiedConfigAdapter()
+        validation_result = adapter.validate_configuration(current_config)
+        if not validation_result.is_valid:
+            security_errors.extend(validation_result.errors)
+        # Check SSL configuration within security framework
+        ssl_config = security_config.get("ssl", {})
+        if ssl_config.get("enabled", False):
+            cert_file = ssl_config.get("cert_file")
+            key_file = ssl_config.get("key_file")
+            print(f"🔍 Debug: api/app.py security.ssl: cert_file={cert_file}, key_file={key_file}")
+            print(f"🔍 Debug: api/app.py security.ssl: cert_file exists={Path(cert_file).exists() if cert_file else 'None'}")
+            print(f"🔍 Debug: api/app.py security.ssl: key_file exists={Path(key_file).exists() if key_file else 'None'}")
+            if cert_file and not Path(cert_file).exists():
+                security_errors.append(f"SSL is enabled but certificate file not found: {cert_file}")
+            if key_file and not Path(key_file).exists():
+                security_errors.append(f"SSL is enabled but private key file not found: {key_file}")
+            # Check mTLS configuration
+            ca_cert_file = ssl_config.get("ca_cert_file")
+            if ca_cert_file and not Path(ca_cert_file).exists():
+                security_errors.append(f"mTLS is enabled but CA certificate file not found: {ca_cert_file}")
+    # Legacy configuration checks for backward compatibility
+    roles_config = current_config.get("roles", {})
+    print(f"🔍 Debug: roles_config = {roles_config}")
     if roles_config.get("enabled", False):
         roles_config_path = roles_config.get("config_file", "schemas/roles_schema.json")
-        from pathlib import Path
+        print(f"🔍 Debug: Checking roles file: {roles_config_path}")
         if not Path(roles_config_path).exists():
             security_errors.append(f"Roles are enabled but schema file not found: {roles_config_path}")
-    # Check SSL configuration
-    ssl_config = config.get("ssl", {})
-    if ssl_config.get("enabled", False):
+    # Check new security framework permissions configuration
+    security_config = current_config.get("security", {})
+    permissions_config = security_config.get("permissions", {})
+    if permissions_config.get("enabled", False):
+        roles_file = permissions_config.get("roles_file")
+        if roles_file and not Path(roles_file).exists():
+            security_errors.append(f"Permissions are enabled but roles file not found: {roles_file}")
+    legacy_ssl_config = current_config.get("ssl", {})
+    if legacy_ssl_config.get("enabled", False):
         # Check SSL certificate files
-        cert_file = ssl_config.get("cert_file")
-        key_file = ssl_config.get("key_file")
+        cert_file = legacy_ssl_config.get("cert_file")
+        key_file = legacy_ssl_config.get("key_file")
+        print(f"🔍 Debug: api/app.py legacy.ssl: cert_file={cert_file}, key_file={key_file}")
+        print(f"🔍 Debug: api/app.py legacy.ssl: cert_file exists={Path(cert_file).exists() if cert_file else 'None'}")
+        print(f"🔍 Debug: api/app.py legacy.ssl: key_file exists={Path(key_file).exists() if key_file else 'None'}")
         if cert_file and not Path(cert_file).exists():
-            security_errors.append(f"SSL is enabled but certificate file not found: {cert_file}")
+            security_errors.append(f"Legacy SSL is enabled but certificate file not found: {cert_file}")
         if key_file and not Path(key_file).exists():
-            security_errors.append(f"SSL is enabled but private key file not found: {key_file}")
+            security_errors.append(f"Legacy SSL is enabled but private key file not found: {key_file}")
         # Check mTLS configuration
-        if ssl_config.get("mode") == "mtls":
-            ca_cert = ssl_config.get("ca_cert")
+        if legacy_ssl_config.get("mode") == "mtls":
+            ca_cert = legacy_ssl_config.get("ca_cert")
             if ca_cert and not Path(ca_cert).exists():
-                security_errors.append(f"mTLS is enabled but CA certificate file not found: {ca_cert}")
+                security_errors.append(f"Legacy mTLS is enabled but CA certificate file not found: {ca_cert}")
     # Check token authentication configuration
-    token_auth_config = ssl_config.get("token_auth", {})
+    token_auth_config = legacy_ssl_config.get("token_auth", {})
     if token_auth_config.get("enabled", False):
         tokens_file = token_auth_config.get("tokens_file", "tokens.json")
         if not Path(tokens_file).exists():
             security_errors.append(f"Token authentication is enabled but tokens file not found: {tokens_file}")
     # Check general authentication
-    if config.get("auth_enabled", False):
+    if current_config.get("auth_enabled", False):
         # If auth is enabled, check if any authentication method is properly configured
-        ssl_enabled = ssl_config.get("enabled", False)
+        ssl_enabled = legacy_ssl_config.get("enabled", False)
         roles_enabled = roles_config.get("enabled", False)
         token_auth_enabled = token_auth_config.get("enabled", False)
@@ -200,7 +301,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
         version=app_version,
         docs_url="/docs",
         redoc_url="/redoc",
-        lifespan=lifespan,
+        lifespan=create_lifespan(config_path),
     )
     # Configure CORS
@@ -213,7 +314,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
     )
     # Setup middleware using the new middleware package
-    setup_middleware(app)
+    setup_middleware(app, current_config)
     # Use custom OpenAPI schema
     app.openapi = lambda: custom_openapi_with_fallback(app)
@@ -259,7 +360,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
             return await handle_batch_json_rpc(request_data, request)
         else:
             # Process single request
-            return await handle_json_rpc(request_data, request_id)
+            return await handle_json_rpc(request_data, request_id, request)
     # Command execution endpoint (/cmd)
     @app.post("/cmd")
@@ -295,7 +396,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
             # Determine request format (CommandRequest or JSON-RPC)
             if "jsonrpc" in command_data and "method" in command_data:
                 # JSON-RPC format
-                return await handle_json_rpc(command_data, request_id)
+                return await handle_json_rpc(command_data, request_id, request)
             # CommandRequest format
             if "command" not in command_data:
@@ -330,7 +431,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
             # Execute command
             try:
-                result = await execute_command(command_name, params, request_id)
+                result = await execute_command(command_name, params, request_id, request)
                 return {"result": result}
             except MicroserviceError as e:
                 # Handle command execution errors
@@ -397,7 +498,7 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
         request_id = getattr(request.state, "request_id", None)
         try:
-            result = await execute_command(command_name, params, request_id)
+            result = await execute_command(command_name, params, request_id, request)
             return result
         except MicroserviceError as e:
             # Convert to proper HTTP status code
@@ -568,10 +669,3 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
             )
     return app
-# Create global application instance
-app = create_app()

mcp_proxy_adapter/api/handlers.py CHANGED Viewed

@@ -17,7 +17,7 @@ from mcp_proxy_adapter.core.errors import (
 from mcp_proxy_adapter.core.logging import logger, RequestLogger, get_logger
-async def execute_command(command_name: str, params: Dict[str, Any], request_id: Optional[str] = None) -> Dict[str, Any]:
+async def execute_command(command_name: str, params: Dict[str, Any], request_id: Optional[str] = None, request: Optional[Request] = None) -> Dict[str, Any]:
     """
     Executes a command with the specified name and parameters.
@@ -52,7 +52,18 @@ async def execute_command(command_name: str, params: Dict[str, Any], request_id:
         # Use Command.run that handles instances with dependencies properly
         command_class = registry.get_command(command_name)
-        result = await command_class.run(**params)
+        # Create context with user info from request state
+        context = {}
+        if request and hasattr(request.state, 'user_id'):
+            context['user'] = {
+                'id': getattr(request.state, 'user_id', None),
+                'role': getattr(request.state, 'user_role', 'guest'),
+                'roles': getattr(request.state, 'user_roles', ['guest']),
+                'permissions': getattr(request.state, 'user_permissions', ['read'])
+            }
+        result = await command_class.run(**params, context=context)
         execution_time = time.time() - start_time
@@ -97,13 +108,13 @@ async def handle_batch_json_rpc(batch_requests: List[Dict[str, Any]], request: O
     for request_data in batch_requests:
         # Process each request in the batch
-        response = await handle_json_rpc(request_data, request_id)
+        response = await handle_json_rpc(request_data, request_id, request)
         responses.append(response)
     return responses
-async def handle_json_rpc(request_data: Dict[str, Any], request_id: Optional[str] = None) -> Dict[str, Any]:
+async def handle_json_rpc(request_data: Dict[str, Any], request_id: Optional[str] = None, request: Optional[Request] = None) -> Dict[str, Any]:
     """
     Handles JSON-RPC request.
@@ -139,7 +150,7 @@ async def handle_json_rpc(request_data: Dict[str, Any], request_id: Optional[str
     try:
         # Execute command
-        result = await execute_command(method, params, request_id)
+        result = await execute_command(method, params, request_id, request)
         # Form successful response
         return {

mcp_proxy_adapter/api/middleware/__init__.py CHANGED Viewed

@@ -3,6 +3,7 @@ Middleware package for API.
 This package contains middleware components for request processing.
 """
+from typing import Dict, Any, Optional
 from fastapi import FastAPI
 from mcp_proxy_adapter.core.logging import logger
@@ -11,15 +12,19 @@ from .base import BaseMiddleware
 from .factory import MiddlewareFactory
 from .protocol_middleware import setup_protocol_middleware
-def setup_middleware(app: FastAPI) -> None:
+def setup_middleware(app: FastAPI, app_config: Optional[Dict[str, Any]] = None) -> None:
     """
     Sets up middleware for application using the new middleware factory.
     Args:
         app: FastAPI application instance.
+        app_config: Application configuration dictionary (optional)
     """
+    # Use provided configuration or fallback to global config
+    current_config = app_config if app_config is not None else config.get_all()
     # Create middleware factory
-    factory = MiddlewareFactory(app, config.get_all())
+    factory = MiddlewareFactory(app, current_config)
     # Validate middleware configuration
     if not factory.validate_middleware_config():

mcp_proxy_adapter/api/middleware/command_permission_middleware.py ADDED Viewed

@@ -0,0 +1,148 @@
+"""
+Command Permission Middleware
+This middleware checks permissions for specific commands based on user roles.
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+import json
+import logging
+from typing import Dict, Any, Optional, Callable, Awaitable
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware
+from mcp_proxy_adapter.core.logging import logger
+class CommandPermissionMiddleware(BaseHTTPMiddleware):
+    """
+    Middleware for checking command permissions.
+    This middleware checks if the authenticated user has the required
+    permissions to execute specific commands.
+    """
+    def __init__(self, app, config: Dict[str, Any]):
+        """
+        Initialize command permission middleware.
+        Args:
+            app: FastAPI application
+            config: Configuration dictionary
+        """
+        super().__init__(app)
+        self.config = config
+        # Define command permissions
+        self.command_permissions = {
+            "echo": ["read"],
+            "health": ["read"],
+            "role_test": ["read"],
+            "config": ["read"],
+            "help": ["read"],
+            # Add more commands as needed
+        }
+        logger.info("Command permission middleware initialized")
+    async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
+        """
+        Process request and check command permissions.
+        Args:
+            request: Request object
+            call_next: Next handler
+        Returns:
+            Response object
+        """
+        # Only check permissions for /cmd endpoint
+        if request.url.path != "/cmd":
+            return await call_next(request)
+        try:
+            # Get request body
+            body = await request.body()
+            if not body:
+                return await call_next(request)
+            # Parse JSON-RPC request
+            try:
+                data = json.loads(body)
+            except json.JSONDecodeError:
+                return await call_next(request)
+            # Extract method (command name)
+            method = data.get("method")
+            if not method:
+                return await call_next(request)
+            # Check if method requires permissions
+            if method not in self.command_permissions:
+                return await call_next(request)
+            required_permissions = self.command_permissions[method]
+            # Get user info from request state
+            user_info = getattr(request.state, "user", None)
+            if not user_info:
+                logger.warning(f"No user info found for command {method}")
+                return await call_next(request)
+            user_roles = user_info.get("roles", [])
+            user_permissions = user_info.get("permissions", [])
+            logger.debug(f"Checking permissions for {method}: user_roles={user_roles}, required={required_permissions}")
+            # Check if user has required permissions
+            has_permission = self._check_permissions(user_roles, user_permissions, required_permissions)
+            if not has_permission:
+                logger.warning(f"Permission denied for {method}: user_roles={user_roles}, required={required_permissions}")
+                # Return permission denied response
+                error_response = {
+                    "error": {
+                        "code": 403,
+                        "message": f"Permission denied: {method} requires {required_permissions}",
+                        "type": "permission_denied"
+                    }
+                }
+                return Response(
+                    content=json.dumps(error_response),
+                    status_code=403,
+                    media_type="application/json"
+                )
+            logger.debug(f"Permission granted for {method}")
+            return await call_next(request)
+        except Exception as e:
+            logger.error(f"Error in command permission middleware: {e}")
+            return await call_next(request)
+    def _check_permissions(self, user_roles: list, user_permissions: list, required_permissions: list) -> bool:
+        """
+        Check if user has required permissions.
+        Args:
+            user_roles: User roles
+            user_permissions: User permissions
+            required_permissions: Required permissions
+        Returns:
+            True if user has required permissions
+        """
+        # Admin has all permissions
+        if "admin" in user_roles or "*" in user_permissions:
+            return True
+        # Check if user has all required permissions
+        for required in required_permissions:
+            if required not in user_permissions:
+                return False
+        return True

mcp-proxy-adapter 6.0.0__py3-none-any.whl → 6.1.0__py3-none-any.whl

mcp-proxy-adapter 6.0.0py3-none-any.whl → 6.1.0py3-none-any.whl