PyPI - mcp-proxy-adapter - Versions diffs - 6.0.0__py3-none-any.whl → 6.1.0__py3-none-any.whl - Mend

mcp-proxy-adapter 6.0.0py3-none-any.whl → 6.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

mcp_proxy_adapter/core/security_integration.py ADDED Viewed

@@ -0,0 +1,277 @@
+"""
+Direct Security Framework Integration
+This module provides direct integration with mcp_security_framework,
+replacing all project security methods with framework calls.
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+import logging
+from typing import Dict, Any, Optional, List
+from pathlib import Path
+# Direct imports from framework
+try:
+    from mcp_security_framework import (
+        SecurityManager, AuthManager, CertificateManager,
+        PermissionManager, RateLimiter
+    )
+    from mcp_security_framework.schemas.config import (
+        SecurityConfig, AuthConfig, SSLConfig, PermissionConfig,
+        RateLimitConfig, CertificateConfig, LoggingConfig
+    )
+    from mcp_security_framework.schemas.models import (
+        AuthResult, ValidationResult, CertificateInfo, CertificatePair
+    )
+    from mcp_security_framework.middleware.fastapi_middleware import FastAPISecurityMiddleware
+    SECURITY_FRAMEWORK_AVAILABLE = True
+except ImportError:
+    SECURITY_FRAMEWORK_AVAILABLE = False
+    SecurityManager = None
+    SecurityConfig = None
+    AuthManager = None
+    CertificateManager = None
+    PermissionManager = None
+    RateLimiter = None
+    FastAPISecurityMiddleware = None
+from mcp_proxy_adapter.core.logging import logger
+class SecurityIntegration:
+    """
+    Direct integration with mcp_security_framework.
+    This class replaces all project security methods with direct calls
+    to the security framework components.
+    """
+    def __init__(self, config: Dict[str, Any]):
+        """
+        Initialize security integration.
+        Args:
+            config: Configuration dictionary
+        """
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            raise ImportError("mcp_security_framework is not available")
+        self.config = config
+        self.security_config = self._create_security_config()
+        # Initialize framework components
+        self.security_manager = SecurityManager(self.security_config)
+        self.permission_manager = PermissionManager(self.security_config.permissions)
+        self.auth_manager = AuthManager(self.security_config.auth, self.permission_manager)
+        self.certificate_manager = CertificateManager(self.security_config.certificates)
+        self.rate_limiter = RateLimiter(self.security_config.rate_limit)
+        logger.info("Security integration initialized with mcp_security_framework")
+    def _create_security_config(self) -> SecurityConfig:
+        """Create SecurityConfig from project configuration."""
+        security_section = self.config.get("security", {})
+        # Create SSL config
+        ssl_config = SSLConfig(
+            enabled=security_section.get("ssl", {}).get("enabled", False),
+            cert_file=security_section.get("ssl", {}).get("cert_file"),
+            key_file=security_section.get("ssl", {}).get("key_file"),
+            ca_cert_file=security_section.get("ssl", {}).get("ca_cert_file"),
+            client_cert_file=security_section.get("ssl", {}).get("client_cert_file"),
+            client_key_file=security_section.get("ssl", {}).get("client_key_file"),
+            verify_mode=security_section.get("ssl", {}).get("verify_mode", "CERT_REQUIRED"),
+            min_tls_version=security_section.get("ssl", {}).get("min_tls_version", "TLSv1.2"),
+            check_hostname=security_section.get("ssl", {}).get("check_hostname", True),
+            check_expiry=security_section.get("ssl", {}).get("check_expiry", True),
+            expiry_warning_days=security_section.get("ssl", {}).get("expiry_warning_days", 30)
+        )
+        # Create auth config
+        auth_config = AuthConfig(
+            enabled=security_section.get("auth", {}).get("enabled", True),
+            methods=security_section.get("auth", {}).get("methods", ["api_key"]),
+            api_keys=security_section.get("auth", {}).get("api_keys", {}),
+            user_roles=security_section.get("auth", {}).get("user_roles", {}),
+            jwt_secret=security_section.get("auth", {}).get("jwt_secret"),
+            jwt_algorithm=security_section.get("auth", {}).get("jwt_algorithm", "HS256"),
+            jwt_expiry_hours=security_section.get("auth", {}).get("jwt_expiry_hours", 24),
+            certificate_auth=security_section.get("auth", {}).get("certificate_auth", False),
+            public_paths=security_section.get("auth", {}).get("public_paths", [])
+        )
+        # Create permission config
+        permission_config = PermissionConfig(
+            enabled=security_section.get("permissions", {}).get("enabled", True),
+            roles_file=security_section.get("permissions", {}).get("roles_file"),
+            default_role=security_section.get("permissions", {}).get("default_role", "guest"),
+            admin_role=security_section.get("permissions", {}).get("admin_role", "admin"),
+            role_hierarchy=security_section.get("permissions", {}).get("role_hierarchy", {}),
+            permission_cache_enabled=security_section.get("permissions", {}).get("permission_cache_enabled", True),
+            permission_cache_ttl=security_section.get("permissions", {}).get("permission_cache_ttl", 300),
+            wildcard_permissions=security_section.get("permissions", {}).get("wildcard_permissions", False),
+            strict_mode=security_section.get("permissions", {}).get("strict_mode", True),
+            roles=security_section.get("permissions", {}).get("roles")
+        )
+        # Create rate limit config
+        rate_limit_config = RateLimitConfig(
+            enabled=security_section.get("rate_limit", {}).get("enabled", True),
+            default_requests_per_minute=security_section.get("rate_limit", {}).get("default_requests_per_minute", 60),
+            default_requests_per_hour=security_section.get("rate_limit", {}).get("default_requests_per_hour", 1000),
+            burst_limit=security_section.get("rate_limit", {}).get("burst_limit", 2),
+            window_size_seconds=security_section.get("rate_limit", {}).get("window_size_seconds", 60),
+            storage_backend=security_section.get("rate_limit", {}).get("storage_backend", "memory"),
+            exempt_paths=security_section.get("rate_limit", {}).get("exempt_paths", []),
+            exempt_roles=security_section.get("rate_limit", {}).get("exempt_roles", [])
+        )
+        # Create certificate config
+        certificate_config = CertificateConfig(
+            enabled=security_section.get("certificates", {}).get("enabled", False),
+            ca_cert_path=security_section.get("certificates", {}).get("ca_cert_path"),
+            ca_key_path=security_section.get("certificates", {}).get("ca_key_path"),
+            cert_storage_path=security_section.get("certificates", {}).get("cert_storage_path", "./certs"),
+            key_storage_path=security_section.get("certificates", {}).get("key_storage_path", "./keys"),
+            default_validity_days=security_section.get("certificates", {}).get("default_validity_days", 365),
+            key_size=security_section.get("certificates", {}).get("key_size", 2048),
+            hash_algorithm=security_section.get("certificates", {}).get("hash_algorithm", "sha256")
+        )
+        # Create logging config
+        logging_config = LoggingConfig(
+            enabled=security_section.get("logging", {}).get("enabled", True),
+            level=security_section.get("logging", {}).get("level", "INFO"),
+            format=security_section.get("logging", {}).get("format"),
+            console_output=security_section.get("logging", {}).get("console_output", True),
+            file_path=security_section.get("logging", {}).get("file_path")
+        )
+        # Create main security config
+        return SecurityConfig(
+            ssl=ssl_config,
+            auth=auth_config,
+            permissions=permission_config,
+            rate_limit=rate_limit_config,
+            certificates=certificate_config,
+            logging=logging_config,
+            debug=security_section.get("debug", False),
+            environment=security_section.get("environment", "dev"),
+            version=security_section.get("version", "1.0.0")
+        )
+    # Authentication methods - direct calls to AuthManager
+    async def authenticate_api_key(self, api_key: str) -> AuthResult:
+        """Authenticate using API key."""
+        return await self.auth_manager.authenticate_api_key(api_key)
+    async def authenticate_jwt(self, token: str) -> AuthResult:
+        """Authenticate using JWT token."""
+        return await self.auth_manager.authenticate_jwt(token)
+    async def authenticate_certificate(self, cert_data: bytes) -> AuthResult:
+        """Authenticate using certificate."""
+        return await self.auth_manager.authenticate_certificate(cert_data)
+    async def validate_request(self, request_data: Dict[str, Any]) -> ValidationResult:
+        """Validate request using security manager."""
+        return await self.security_manager.validate_request(request_data)
+    # Certificate methods - direct calls to CertificateManager
+    async def create_ca_certificate(self, common_name: str, **kwargs) -> CertificatePair:
+        """Create CA certificate."""
+        return await self.certificate_manager.create_ca_certificate(common_name, **kwargs)
+    async def create_client_certificate(self, common_name: str, **kwargs) -> CertificatePair:
+        """Create client certificate."""
+        return await self.certificate_manager.create_client_certificate(common_name, **kwargs)
+    async def create_server_certificate(self, common_name: str, **kwargs) -> CertificatePair:
+        """Create server certificate."""
+        return await self.certificate_manager.create_server_certificate(common_name, **kwargs)
+    async def validate_certificate(self, cert_path: str) -> bool:
+        """Validate certificate."""
+        return await self.certificate_manager.validate_certificate(cert_path)
+    async def extract_roles_from_certificate(self, cert_path: str) -> List[str]:
+        """Extract roles from certificate."""
+        return await self.certificate_manager.extract_roles_from_certificate(cert_path)
+    async def revoke_certificate(self, cert_path: str) -> bool:
+        """Revoke certificate."""
+        return await self.certificate_manager.revoke_certificate(cert_path)
+    # Permission methods - direct calls to PermissionManager
+    async def check_permission(self, user_id: str, permission: str) -> bool:
+        """Check user permission."""
+        return await self.permission_manager.check_permission(user_id, permission)
+    async def get_user_roles(self, user_id: str) -> List[str]:
+        """Get user roles."""
+        return await self.permission_manager.get_user_roles(user_id)
+    async def add_user_role(self, user_id: str, role: str) -> bool:
+        """Add role to user."""
+        return await self.permission_manager.add_user_role(user_id, role)
+    async def remove_user_role(self, user_id: str, role: str) -> bool:
+        """Remove role from user."""
+        return await self.permission_manager.remove_user_role(user_id, role)
+    # Rate limiting methods - direct calls to RateLimiter
+    async def check_rate_limit(self, identifier: str, limit_type: str = "per_minute") -> bool:
+        """Check rate limit."""
+        return await self.rate_limiter.check_rate_limit(identifier, limit_type)
+    async def increment_rate_limit(self, identifier: str) -> None:
+        """Increment rate limit counter."""
+        await self.rate_limiter.increment_rate_limit(identifier)
+    async def get_rate_limit_info(self, identifier: str) -> Dict[str, Any]:
+        """Get rate limit information."""
+        return await self.rate_limiter.get_rate_limit_info(identifier)
+    # Middleware creation - direct use of framework middleware
+    def create_fastapi_middleware(self, app) -> FastAPISecurityMiddleware:
+        """Create FastAPI security middleware."""
+        return FastAPISecurityMiddleware(app, self.security_config)
+    # Utility methods
+    def is_security_enabled(self) -> bool:
+        """Check if security is enabled."""
+        return self.security_config.auth.enabled or self.security_config.ssl.enabled
+    def get_public_paths(self) -> List[str]:
+        """Get public paths that bypass authentication."""
+        return self.security_config.auth.public_paths
+    def get_security_config(self) -> SecurityConfig:
+        """Get security configuration."""
+        return self.security_config
+# Factory function for easy integration
+def create_security_integration(config: Dict[str, Any]) -> SecurityIntegration:
+    """
+    Create security integration instance.
+    Args:
+        config: Configuration dictionary
+    Returns:
+        SecurityIntegration instance
+    Raises:
+        RuntimeError: If security integration cannot be created
+    """
+    try:
+        return SecurityIntegration(config)
+    except ImportError as e:
+        logger.error(f"mcp_security_framework not available: {e}")
+        raise RuntimeError("Security framework is required but not available") from e
+    except Exception as e:
+        logger.error(f"Failed to create security integration: {e}")
+        raise RuntimeError(f"Security integration failed: {e}") from e

mcp_proxy_adapter/core/server_adapter.py ADDED Viewed

@@ -0,0 +1,345 @@
+"""
+Server Configuration Adapter
+This module provides adapters for converting configuration between different
+server engines and handling SSL configuration mapping.
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+import logging
+from typing import Dict, Any, Optional
+from pathlib import Path
+from .server_engine import ServerEngineFactory, ServerEngine
+logger = logging.getLogger(__name__)
+class ServerConfigAdapter:
+    """
+    Adapter for converting server configurations between different engines.
+    This class handles the mapping of configuration parameters between
+    different server engines and provides unified configuration management.
+    """
+    @staticmethod
+    def convert_ssl_config_for_engine(
+        ssl_config: Dict[str, Any],
+        target_engine: str
+    ) -> Dict[str, Any]:
+        """
+        Convert SSL configuration for a specific server engine.
+        Args:
+            ssl_config: Source SSL configuration
+            target_engine: Target engine name (uvicorn, hypercorn, etc.)
+        Returns:
+            Converted SSL configuration for the target engine
+        """
+        engine = ServerEngineFactory.get_engine(target_engine)
+        if not engine:
+            logger.error(f"Unknown server engine: {target_engine}")
+            return {}
+        if target_engine == "uvicorn":
+            return ServerConfigAdapter._convert_to_uvicorn_ssl(ssl_config)
+        elif target_engine == "hypercorn":
+            return ServerConfigAdapter._convert_to_hypercorn_ssl(ssl_config)
+        else:
+            logger.warning(f"No SSL conversion available for engine: {target_engine}")
+            return {}
+    @staticmethod
+    def _convert_to_uvicorn_ssl(ssl_config: Dict[str, Any]) -> Dict[str, Any]:
+        """Convert SSL configuration to uvicorn format."""
+        uvicorn_ssl = {}
+        # Map SSL parameters
+        if ssl_config.get("cert_file"):
+            uvicorn_ssl["ssl_certfile"] = ssl_config["cert_file"]
+        if ssl_config.get("key_file"):
+            uvicorn_ssl["ssl_keyfile"] = ssl_config["key_file"]
+        if ssl_config.get("ca_cert"):
+            uvicorn_ssl["ssl_ca_certs"] = ssl_config["ca_cert"]
+        # Map verification mode
+        if ssl_config.get("verify_client", False):
+            import ssl
+            uvicorn_ssl["ssl_cert_reqs"] = ssl.CERT_REQUIRED
+        logger.debug(f"Converted SSL config to uvicorn: {uvicorn_ssl}")
+        return uvicorn_ssl
+    @staticmethod
+    def _convert_to_hypercorn_ssl(ssl_config: Dict[str, Any]) -> Dict[str, Any]:
+        """Convert SSL configuration to hypercorn format."""
+        hypercorn_ssl = {}
+        # Map SSL parameters
+        if ssl_config.get("cert_file"):
+            hypercorn_ssl["certfile"] = ssl_config["cert_file"]
+        if ssl_config.get("key_file"):
+            hypercorn_ssl["keyfile"] = ssl_config["key_file"]
+        if ssl_config.get("ca_cert"):
+            hypercorn_ssl["ca_certs"] = ssl_config["ca_cert"]
+        # Map verification mode
+        if ssl_config.get("verify_client", False):
+            hypercorn_ssl["verify_mode"] = "CERT_REQUIRED"
+        logger.debug(f"Converted SSL config to hypercorn: {hypercorn_ssl}")
+        return hypercorn_ssl
+    @staticmethod
+    def get_optimal_engine_for_config(config: Dict[str, Any]) -> Optional[str]:
+        """
+        Determine the optimal server engine for a given configuration.
+        Args:
+            config: Server configuration
+        Returns:
+            Name of the optimal engine or None if no suitable engine found
+        """
+        # Check if mTLS is required
+        ssl_config = config.get("ssl", {})
+        if not ssl_config:
+            # Try to get SSL config from security section
+            ssl_config = config.get("security", {}).get("ssl", {})
+        # Prefer hypercorn for all SSL/TLS scenarios due to better mTLS support
+        if ssl_config.get("enabled", False):
+            engine = ServerEngineFactory.get_engine("hypercorn")
+            if engine:
+                logger.info("Selected hypercorn for SSL/TLS support (better mTLS capabilities)")
+                return engine.get_name()
+            else:
+                logger.warning("SSL enabled but hypercorn not available")
+        # For mTLS client verification, hypercorn is required
+        if ssl_config.get("verify_client", False) or ssl_config.get("client_cert_required", False):
+            engine = ServerEngineFactory.get_engine_with_feature("mtls_client_certs")
+            if engine:
+                logger.info(f"Selected {engine.get_name()} for mTLS support")
+                return engine.get_name()
+            else:
+                logger.warning("mTLS required but no suitable engine available")
+                return None
+        # Default to hypercorn for better async support, fallback to uvicorn
+        engine = ServerEngineFactory.get_engine("hypercorn")
+        if engine:
+            logger.info("Selected hypercorn as default engine (better async support)")
+            return engine.get_name()
+        engine = ServerEngineFactory.get_engine("uvicorn")
+        if engine:
+            logger.info("Selected uvicorn as fallback engine")
+            return "uvicorn"
+        return None
+    @staticmethod
+    def validate_engine_compatibility(
+        config: Dict[str, Any],
+        engine_name: str
+    ) -> bool:
+        """
+        Validate if a configuration is compatible with a specific engine.
+        Args:
+            config: Server configuration
+            engine_name: Name of the server engine
+        Returns:
+            True if compatible, False otherwise
+        """
+        engine = ServerEngineFactory.get_engine(engine_name)
+        if not engine:
+            logger.error(f"Unknown engine: {engine_name}")
+            return False
+        # Check SSL requirements
+        ssl_config = config.get("ssl", {})
+        if not ssl_config:
+            # Try to get SSL config from security section
+            ssl_config = config.get("security", {}).get("ssl", {})
+        if ssl_config.get("verify_client", False):
+            if not engine.get_supported_features().get("mtls_client_certs", False):
+                logger.error(f"Engine {engine_name} doesn't support mTLS client certificates")
+                return False
+        # Validate engine-specific configuration
+        return engine.validate_config(config)
+    @staticmethod
+    def get_engine_capabilities(engine_name: str) -> Dict[str, Any]:
+        """
+        Get capabilities of a specific server engine.
+        Args:
+            engine_name: Name of the server engine
+        Returns:
+            Dictionary of engine capabilities
+        """
+        engine = ServerEngineFactory.get_engine(engine_name)
+        if not engine:
+            return {}
+        return {
+            "name": engine.get_name(),
+            "features": engine.get_supported_features(),
+            "config_schema": engine.get_config_schema()
+        }
+class UnifiedServerRunner:
+    """
+    Unified server runner that abstracts the choice of server engine.
+    This class provides a unified interface for running servers regardless
+    of the underlying engine, automatically selecting the best engine
+    for the given configuration.
+    """
+    def __init__(self, default_engine: str = "uvicorn"):
+        """
+        Initialize the unified server runner.
+        Args:
+            default_engine: Default engine to use if no specific requirements
+        """
+        self.default_engine = default_engine
+        self.available_engines = ServerEngineFactory.get_available_engines()
+        logger.info(f"Available engines: {list(self.available_engines.keys())}")
+        logger.info(f"Default engine: {default_engine}")
+    def run_server(
+        self,
+        app: Any,
+        config: Dict[str, Any],
+        engine_name: Optional[str] = None
+    ) -> None:
+        """
+        Run server with the specified or optimal engine.
+        Args:
+            app: ASGI application
+            config: Server configuration
+            engine_name: Specific engine to use (optional)
+        """
+        # Determine which engine to use
+        if engine_name:
+            selected_engine = engine_name
+            logger.info(f"Using specified engine: {selected_engine}")
+        else:
+            selected_engine = ServerConfigAdapter.get_optimal_engine_for_config(config)
+            if not selected_engine:
+                selected_engine = self.default_engine
+                logger.info(f"Using default engine: {selected_engine}")
+        # Validate compatibility
+        if not ServerConfigAdapter.validate_engine_compatibility(config, selected_engine):
+            raise ValueError(f"Configuration not compatible with engine: {selected_engine}")
+        # Get engine instance
+        engine = ServerEngineFactory.get_engine(selected_engine)
+        if not engine:
+            raise ValueError(f"Engine not available: {selected_engine}")
+        # Convert configuration if needed
+        converted_config = self._prepare_config_for_engine(config, selected_engine)
+        # Run server
+        logger.info(f"Starting server with {selected_engine} engine")
+        engine.run_server(app, converted_config)
+    def _prepare_config_for_engine(
+        self,
+        config: Dict[str, Any],
+        engine_name: str
+    ) -> Dict[str, Any]:
+        logger.info(f"🔍 Debug: _prepare_config_for_engine called with config keys: {list(config.keys())}")
+        logger.info(f"🔍 Debug: SSL config in input: {config.get('ssl', 'NOT_FOUND')}")
+        """
+        Prepare configuration for a specific engine.
+        Args:
+            config: Original configuration
+            engine_name: Target engine name
+        Returns:
+            Engine-specific configuration
+        """
+        # Start with basic config
+        engine_config = {
+            "host": config.get("host", "127.0.0.1"),
+            "port": config.get("port", 8000),
+            "log_level": config.get("log_level", "info"),
+            "reload": config.get("reload", False)
+        }
+        # Add SSL configuration if present
+        # First check for direct SSL parameters (from app_factory.py)
+        if "certfile" in config or "keyfile" in config or "ca_certs" in config or "verify_mode" in config:
+            logger.info(f"🔍 DEBUG: Direct SSL parameters found in config")
+            if "certfile" in config:
+                engine_config["certfile"] = config["certfile"]
+            if "keyfile" in config:
+                engine_config["keyfile"] = config["keyfile"]
+            if "ca_certs" in config:
+                engine_config["ca_certs"] = config["ca_certs"]
+            if "verify_mode" in config:
+                engine_config["verify_mode"] = config["verify_mode"]
+        else:
+            # Try to get SSL config from ssl section
+            ssl_config = config.get("ssl", {})
+            if not ssl_config:
+                # Try to get SSL config from security section
+                ssl_config = config.get("security", {}).get("ssl", {})
+            if ssl_config:
+                converted_ssl = ServerConfigAdapter.convert_ssl_config_for_engine(
+                    ssl_config, engine_name
+                )
+                engine_config.update(converted_ssl)
+        # Add engine-specific configuration
+        if "workers" in config:
+            engine_config["workers"] = config["workers"]
+        return engine_config
+    def get_engine_info(self, engine_name: str) -> Dict[str, Any]:
+        """
+        Get information about a specific engine.
+        Args:
+            engine_name: Name of the engine
+        Returns:
+            Engine information dictionary
+        """
+        return ServerConfigAdapter.get_engine_capabilities(engine_name)
+    def list_available_engines(self) -> Dict[str, Dict[str, Any]]:
+        """
+        List all available engines with their capabilities.
+        Returns:
+            Dictionary mapping engine names to their capabilities
+        """
+        engines_info = {}
+        for name, engine in self.available_engines.items():
+            engines_info[name] = {
+                "features": engine.get_supported_features(),
+                "config_schema": engine.get_config_schema()
+            }
+        return engines_info

mcp-proxy-adapter 6.0.0__py3-none-any.whl → 6.1.0__py3-none-any.whl

mcp-proxy-adapter 6.0.0py3-none-any.whl → 6.1.0py3-none-any.whl