mcp-proxy-adapter 6.0.0__py3-none-any.whl → 6.1.1__py3-none-any.whl

mcp_proxy_adapter/api/middleware/security.py

@@ -1,376 +0,0 @@
-"""
-Unified Security Middleware for mcp_security_framework integration.
-
-This module provides a single middleware that replaces AuthMiddleware, RateLimitMiddleware,
-MTLSMiddleware, and RolesMiddleware with a unified security solution.
-"""
-
-import json
-import logging
-from typing import Callable, Awaitable, Dict, Any, Optional
-
-from fastapi import Request, Response
-from starlette.responses import JSONResponse
-
-from mcp_proxy_adapter.core.security_factory import SecurityFactory
-from mcp_proxy_adapter.core.logging import logger
-from .base import BaseMiddleware
-
-
-class SecurityMiddleware(BaseMiddleware):
-    """
-    Unified security middleware based on mcp_security_framework.
-    
-    Replaces AuthMiddleware, RateLimitMiddleware, MTLSMiddleware, and RolesMiddleware
-    with a single, comprehensive security solution.
-    """
-    
-    def __init__(self, app, config: Dict[str, Any]):
-        """
-        Initialize unified security middleware.
-        
-        Args:
-            app: FastAPI application
-            config: mcp_proxy_adapter configuration dictionary
-        """
-        super().__init__(app)
-        self.config = config
-        self.security_config = config.get("security", {})
-        
-        # Create security adapter
-        self.security_adapter = SecurityFactory.create_security_adapter(config)
-        
-        # Public paths that don't require security validation
-        self.public_paths = [
-            "/docs", 
-            "/redoc", 
-            "/openapi.json", 
-            "/health",
-            "/favicon.ico"
-        ]
-        
-        # Add custom public paths from config
-        custom_public_paths = self.security_config.get("public_paths", [])
-        self.public_paths.extend(custom_public_paths)
-        
-        logger.info(f"Security middleware initialized with {len(self.public_paths)} public paths")
-    
-    async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
-        """
-        Process request and handle security validation.
-        
-        Args:
-            request: Request object
-            call_next: Next handler
-            
-        Returns:
-            Response object
-        """
-        try:
-            # Process request before calling the main handler
-            await self.before_request(request)
-            
-            # Call the next middleware or main handler
-            return await call_next(request)
-            
-        except SecurityValidationError as e:
-            # Handle security validation errors
-            return await self.handle_error(request, e)
-        except Exception as e:
-            # Handle other errors
-            logger.error(f"Unexpected error in security middleware: {e}")
-            return await self.handle_error(request, e)
-    
-    async def before_request(self, request: Request) -> None:
-        """
-        Process request before calling the main handler.
-        
-        Args:
-            request: FastAPI request object
-        """
-        # Check if security is enabled
-        if not self.security_config.get("enabled", True):
-            logger.debug("Security middleware disabled, skipping validation")
-            return
-        
-        # Check if path is public
-        path = request.url.path
-        if self._is_public_path(path):
-            logger.debug(f"Public path accessed: {path}")
-            return
-        
-        try:
-            # Prepare request data for validation
-            request_data = await self._prepare_request_data_async(request)
-            
-            # Validate request through security framework
-            logger.debug(f"Validating request data: {request_data}")
-            validation_result = self.security_adapter.validate_request(request_data)
-            logger.debug(f"Validation result: {validation_result}")
-            
-            if not validation_result.get("is_valid", False):
-                error_message = validation_result.get("error_message", "Security validation failed")
-                error_code = validation_result.get("error_code", -32000)
-                raise SecurityValidationError(error_message, error_code)
-            
-            # Store validation results in request state
-            request.state.security_result = validation_result
-            request.state.user_roles = validation_result.get("roles", [])
-            request.state.user_id = validation_result.get("user_id")
-            request.state.security_validated = True
-            
-            logger.debug(f"Security validation successful for {request.state.user_id} "
-                        f"with roles: {request.state.user_roles}")
-            
-        except SecurityValidationError as e:
-            # Re-raise security validation errors
-            raise
-        except Exception as e:
-            logger.error(f"Unexpected error in security validation: {e}")
-            raise SecurityValidationError(f"Internal security error: {str(e)}", -32603)
-    
-    async def _prepare_request_data_async(self, request: Request) -> Dict[str, Any]:
-        """
-        Prepare request data for security validation (async version).
-        
-        Args:
-            request: FastAPI request object
-            
-        Returns:
-            Dictionary with request data for validation
-        """
-        # Extract basic request information
-        request_data = {
-            "method": request.method,
-            "path": request.url.path,
-            "headers": dict(request.headers),
-            "query_params": dict(request.query_params),
-            "client_ip": self._get_client_ip(request),
-            "body": {}
-        }
-        
-        # Extract request body for POST/PUT/PATCH requests
-        if request.method in ["POST", "PUT", "PATCH"]:
-            try:
-                body = await request.body()
-                if body:
-                    try:
-                        request_data["body"] = json.loads(body.decode("utf-8"))
-                    except json.JSONDecodeError:
-                        # If not JSON, store as string
-                        request_data["body"] = body.decode("utf-8", errors="ignore")
-            except Exception as e:
-                logger.warning(f"Failed to extract request body: {e}")
-        
-        return request_data
-    
-    def _prepare_request_data(self, request: Request) -> Dict[str, Any]:
-        """
-        Prepare request data for security validation (sync version).
-        
-        Args:
-            request: FastAPI request object
-            
-        Returns:
-            Dictionary with request data for validation
-        """
-        # Extract basic request information
-        request_data = {
-            "method": request.method,
-            "path": request.url.path,
-            "headers": dict(request.headers),
-            "query_params": dict(request.query_params),
-            "client_ip": self._get_client_ip(request),
-            "body": {}
-        }
-        
-        return request_data
-    
-    def _get_client_ip(self, request: Request) -> str:
-        """
-        Get client IP address from request.
-        
-        Args:
-            request: FastAPI request object
-            
-        Returns:
-            Client IP address string
-        """
-        # Check for forwarded headers first
-        forwarded_for = request.headers.get("X-Forwarded-For")
-        if forwarded_for:
-            return forwarded_for.split(",")[0].strip()
-        
-        # Check for real IP header
-        real_ip = request.headers.get("X-Real-IP")
-        if real_ip:
-            return real_ip
-        
-        # Fallback to client host
-        if request.client:
-            return request.client.host
-        
-        return "unknown"
-    
-    def _is_public_path(self, path: str) -> bool:
-        """
-        Check if the path is public (doesn't require security validation).
-        
-        Args:
-            path: Request path
-            
-        Returns:
-            True if path is public, False otherwise
-        """
-        return any(path.startswith(public_path) for public_path in self.public_paths)
-    
-    async def handle_error(self, request: Request, exception: Exception) -> Response:
-        """
-        Handle security validation errors.
-        
-        Args:
-            request: FastAPI request object
-            exception: Exception that occurred
-            
-        Returns:
-            Error response
-        """
-        if isinstance(exception, SecurityValidationError):
-            status_code = self._get_status_code_for_error(exception.error_code)
-            error_code = exception.error_code
-            error_message = exception.message
-        else:
-            status_code = 500
-            error_code = -32603
-            error_message = "Internal server error"
-        
-        logger.warning(f"Security validation failed: {error_message} | "
-                      f"Path: {request.url.path} | Code: {error_code}")
-        
-        return JSONResponse(
-            status_code=status_code,
-            content={
-                "jsonrpc": "2.0",
-                "error": {
-                    "code": error_code,
-                    "message": error_message,
-                    "data": {
-                        "validation_type": "security",
-                        "path": request.url.path,
-                        "method": request.method,
-                        "client_ip": self._get_client_ip(request)
-                    }
-                },
-                "id": None
-            }
-        )
-    
-    def _get_status_code_for_error(self, error_code: int) -> int:
-        """
-        Map security error codes to HTTP status codes.
-        
-        Args:
-            error_code: Security error code
-            
-        Returns:
-            HTTP status code
-        """
-        error_code_mapping = {
-            -32000: 401,  # Authentication failed
-            -32001: 401,  # Authentication disabled
-            -32002: 500,  # Invalid configuration
-            -32003: 401,  # Certificate validation failed
-            -32004: 401,  # Token validation failed
-            -32005: 401,  # MTLS validation failed
-            -32006: 401,  # SSL validation failed
-            -32007: 403,  # Role validation failed
-            -32008: 401,  # Certificate expired
-            -32009: 401,  # Certificate not found
-            -32010: 401,  # Token expired
-            -32011: 401,  # Token not found
-            -32603: 500,  # Internal error
-        }
-        
-        return error_code_mapping.get(error_code, 500)
-    
-    def get_user_roles(self, request: Request) -> list:
-        """
-        Get user roles from request state.
-        
-        Args:
-            request: FastAPI request object
-            
-        Returns:
-            List of user roles
-        """
-        return getattr(request.state, 'user_roles', [])
-    
-    def get_user_id(self, request: Request) -> Optional[str]:
-        """
-        Get user ID from request state.
-        
-        Args:
-            request: FastAPI request object
-            
-        Returns:
-            User ID or None
-        """
-        return getattr(request.state, 'user_id', None)
-    
-    def is_security_validated(self, request: Request) -> bool:
-        """
-        Check if security validation passed for the request.
-        
-        Args:
-            request: FastAPI request object
-            
-        Returns:
-            True if security validation passed
-        """
-        return getattr(request.state, 'security_validated', False)
-    
-    def has_role(self, request: Request, required_role: str) -> bool:
-        """
-        Check if user has required role.
-        
-        Args:
-            request: FastAPI request object
-            required_role: Required role to check
-            
-        Returns:
-            True if user has required role
-        """
-        user_roles = self.get_user_roles(request)
-        return required_role in user_roles or "*" in user_roles
-    
-    def has_any_role(self, request: Request, required_roles: list) -> bool:
-        """
-        Check if user has any of the required roles.
-        
-        Args:
-            request: FastAPI request object
-            required_roles: List of required roles
-            
-        Returns:
-            True if user has any of the required roles
-        """
-        user_roles = self.get_user_roles(request)
-        return any(role in user_roles for role in required_roles) or "*" in user_roles
-
-
-class SecurityValidationError(Exception):
-    """
-    Exception raised when security validation fails.
-    """
-    
-    def __init__(self, message: str, error_code: int):
-        """
-        Initialize security validation error.
-        
-        Args:
-            message: Error message
-            error_code: JSON-RPC error code
-        """
-        super().__init__(message)
-        self.message = message
-        self.error_code = error_code

mcp_proxy_adapter/api/middleware/token_auth_middleware.py

@@ -1,261 +0,0 @@
-"""
-Token Authentication Middleware
-
-This module provides middleware for token-based authentication using JWT and API tokens.
-Supports extraction of tokens from headers and validation using AuthValidator.
-
-Author: MCP Proxy Adapter Team
-Version: 1.0.0
-"""
-
-import json
-import logging
-from typing import Dict, Any, Optional, List
-from pathlib import Path
-
-from fastapi import Request, HTTPException
-from starlette.middleware.base import BaseHTTPMiddleware
-from starlette.responses import JSONResponse
-
-from ...core.auth_validator import AuthValidator, AuthValidationResult
-from ...core.logging import logger
-
-
-class TokenAuthMiddleware(BaseHTTPMiddleware):
-    """
-    Token authentication middleware.
-    
-    Validates JWT and API tokens from request headers.
-    Integrates with AuthValidator for token validation.
-    """
-    
-    def __init__(self, app, token_config: Dict[str, Any]):
-        """
-        Initialize token authentication middleware.
-        
-        Args:
-            app: FastAPI application
-            token_config: Token configuration dictionary
-        """
-        super().__init__(app)
-        self.token_config = token_config
-        self.auth_validator = AuthValidator()
-        self.logger = logging.getLogger(__name__)
-        
-        # Load configuration
-        self.enabled = token_config.get("enabled", False)
-        self.header_name = token_config.get("header_name", "Authorization")
-        self.token_prefix = token_config.get("token_prefix", "Bearer")
-        self.tokens_file = token_config.get("tokens_file", "tokens.json")
-        self.token_expiry = token_config.get("token_expiry", 3600)
-        self.jwt_secret = token_config.get("jwt_secret", "")
-        self.jwt_algorithm = token_config.get("jwt_algorithm", "HS256")
-        
-        # Load tokens if file exists
-        self.tokens = self._load_tokens()
-        
-        self.logger.info(f"TokenAuthMiddleware initialized. Enabled: {self.enabled}")
-    
-    async def dispatch(self, request: Request, call_next):
-        """
-        Process request through token authentication middleware.
-        
-        Args:
-            request: FastAPI request object
-            call_next: Next middleware or endpoint
-            
-        Returns:
-            Response from next middleware or endpoint
-        """
-        if not self.enabled:
-            return await call_next(request)
-        
-        try:
-            # Extract token from header
-            auth_header = request.headers.get(self.header_name)
-            if not auth_header:
-                return self._create_auth_error("Authorization header required", 401)
-            
-            # Validate token
-            is_valid = self._validate_token(auth_header)
-            if not is_valid:
-                return self._create_auth_error("Invalid or expired token", 401)
-            
-            # Continue to next middleware/endpoint
-            return await call_next(request)
-            
-        except Exception as e:
-            self.logger.error(f"Token authentication error: {e}")
-            return self._create_auth_error("Token authentication failed", 500)
-    
-    def _validate_token(self, auth_header: str) -> bool:
-        """
-        Validate token from authorization header.
-        
-        Args:
-            auth_header: Authorization header value
-            
-        Returns:
-            True if token is valid, False otherwise
-        """
-        try:
-            # Extract token from header
-            if not auth_header.startswith(f"{self.token_prefix} "):
-                return False
-            
-            token = auth_header[len(f"{self.token_prefix} "):].strip()
-            if not token:
-                return False
-            
-            # Determine token type and validate
-            if self._is_jwt_token(token):
-                return self._validate_jwt_token(token)
-            else:
-                return self._validate_api_token(token)
-                
-        except Exception as e:
-            self.logger.error(f"Token validation error: {e}")
-            return False
-    
-    def _is_jwt_token(self, token: str) -> bool:
-        """
-        Check if token is JWT format.
-        
-        Args:
-            token: Token string
-            
-        Returns:
-            True if token appears to be JWT, False otherwise
-        """
-        # Basic JWT format check (header.payload.signature)
-        parts = token.split('.')
-        return len(parts) == 3
-    
-    def _validate_jwt_token(self, token: str) -> bool:
-        """
-        Validate JWT token.
-        
-        Args:
-            token: JWT token string
-            
-        Returns:
-            True if JWT token is valid, False otherwise
-        """
-        try:
-            # Use AuthValidator for JWT validation
-            result = self.auth_validator.validate_token(token, "jwt")
-            return result.is_valid
-            
-        except Exception as e:
-            self.logger.error(f"JWT validation error: {e}")
-            return False
-    
-    def _validate_api_token(self, token: str) -> bool:
-        """
-        Validate API token.
-        
-        Args:
-            token: API token string
-            
-        Returns:
-            True if API token is valid, False otherwise
-        """
-        try:
-            # Check if token exists in loaded tokens
-            if token in self.tokens:
-                token_data = self.tokens[token]
-                
-                # Check if token is active
-                if not token_data.get("active", True):
-                    return False
-                
-                # Check if token has expired
-                if "expires_at" in token_data:
-                    import time
-                    if time.time() > token_data["expires_at"]:
-                        return False
-                
-                return True
-            
-            # Use AuthValidator for API token validation
-            result = self.auth_validator.validate_token(token, "api")
-            return result.is_valid
-            
-        except Exception as e:
-            self.logger.error(f"API token validation error: {e}")
-            return False
-    
-    def _load_tokens(self) -> Dict[str, Any]:
-        """
-        Load tokens from configuration file.
-        
-        Returns:
-            Dictionary of tokens and their metadata
-        """
-        try:
-            if not self.tokens_file or not Path(self.tokens_file).exists():
-                return {}
-            
-            with open(self.tokens_file, 'r', encoding='utf-8') as f:
-                tokens_data = json.load(f)
-            
-            self.logger.info(f"Loaded {len(tokens_data)} tokens from {self.tokens_file}")
-            return tokens_data
-            
-        except Exception as e:
-            self.logger.error(f"Failed to load tokens from {self.tokens_file}: {e}")
-            return {}
-    
-    def _create_auth_error(self, message: str, status_code: int) -> JSONResponse:
-        """
-        Create authentication error response.
-        
-        Args:
-            message: Error message
-            status_code: HTTP status code
-            
-        Returns:
-            JSONResponse with error details
-        """
-        error_data = {
-            "error": {
-                "code": -32004,  # Token validation failed
-                "message": message,
-                "type": "token_authentication_error"
-            }
-        }
-        
-        return JSONResponse(
-            status_code=status_code,
-            content=error_data
-        )
-    
-    def get_roles_from_token(self, auth_header: str) -> List[str]:
-        """
-        Extract roles from token.
-        
-        Args:
-            auth_header: Authorization header value
-            
-        Returns:
-            List of roles extracted from token
-        """
-        try:
-            if not auth_header.startswith(f"{self.token_prefix} "):
-                return []
-            
-            token = auth_header[len(f"{self.token_prefix} "):].strip()
-            if not token:
-                return []
-            
-            # Use AuthValidator to extract roles
-            if self._is_jwt_token(token):
-                result = self.auth_validator.validate_token(token, "jwt")
-            else:
-                result = self.auth_validator.validate_token(token, "api")
-            
-            return result.roles if result.is_valid else []
-            
-        except Exception as e:
-            self.logger.error(f"Failed to extract roles from token: {e}")
-            return [] 

mcp_proxy_adapter/examples/__init__.py

@@ -1,7 +0,0 @@
-"""
-MCP Proxy Adapter Examples
-
-This package contains examples and templates for using the MCP Proxy Adapter framework.
-"""
-
-__version__ = "1.0.0" 

mcp_proxy_adapter/examples/basic_server/README.md

@@ -1,60 +0,0 @@
-# Basic Server Example
-
-A minimal example of MCP Proxy Adapter server without additional commands.
-
-## Features
-
-This example demonstrates:
-- Basic server setup
-- Built-in commands only (help, health)
-- Default configuration
-- No custom commands
-
-## Available Commands
-
-- `help` - Get information about available commands
-- `health` - Get server health status
-
-## Usage
-
-### Run the server
-
-```bash
-python server.py
-```
-
-### Test the server
-
-```bash
-# Get help
-curl -X POST http://localhost:8000/cmd \
-  -H "Content-Type: application/json" \
-  -d '{"command": "help"}'
-
-# Get health status
-curl -X POST http://localhost:8000/cmd \
-  -H "Content-Type: application/json" \
-  -d '{"command": "health"}'
-```
-
-## API Endpoints
-
-- `POST /cmd` - Execute commands
-- `GET /health` - Health check
-- `GET /commands` - List available commands
-- `GET /docs` - API documentation
-
-## Configuration
-
-The server uses default configuration. You can customize it by:
-
-1. Creating a `config.json` file
-2. Setting environment variables
-3. Passing configuration to `create_app()`
-
-## Notes
-
-- This is the simplest possible setup
-- No custom commands are registered
-- Uses framework defaults
-- Good starting point for understanding the framework