mcp-proxy-adapter 6.2.21__py3-none-any.whl → 6.2.23__py3-none-any.whl

mcp_proxy_adapter/api/app.py

@@ -350,6 +350,9 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
     )
     
     # Setup middleware using the new middleware package
+    print(f"DEBUG create_app: calling setup_middleware with config type: {type(current_config)}")
+    if hasattr(current_config, 'keys'):
+        print(f"DEBUG create_app: current_config keys: {list(current_config.keys())}")
     setup_middleware(app, current_config)
     
     # Use custom OpenAPI schema

mcp_proxy_adapter/api/middleware/__init__.py

@@ -23,18 +23,21 @@ def setup_middleware(app: FastAPI, app_config: Optional[Dict[str, Any]] = None)
     # Use provided configuration or fallback to global config
     current_config = app_config if app_config is not None else config.get_all()
     
+    # Add protocol middleware FIRST (before other middleware)
+    setup_protocol_middleware(app, current_config)
+
     # Create middleware factory
     factory = MiddlewareFactory(app, current_config)
-    
+
     # Validate middleware configuration
     if not factory.validate_middleware_config():
         logger.error("Middleware configuration validation failed")
         raise SystemExit(1)
-    
+
     logger.info("Using unified security middleware")
     middleware_list = factory.create_all_middleware()
-    
-    # Add middleware to application
+
+    # Add middleware to application AFTER protocol middleware
     for middleware in middleware_list:
         # For ASGI middleware, we need to wrap the application
         if hasattr(middleware, 'dispatch'):
@@ -43,9 +46,6 @@ def setup_middleware(app: FastAPI, app_config: Optional[Dict[str, Any]] = None)
         else:
             logger.warning(f"Middleware {middleware.__class__.__name__} doesn't have dispatch method")
     
-    # Add protocol middleware with current configuration
-    setup_protocol_middleware(app, current_config)
-    
     # Log middleware information
     middleware_info = factory.get_middleware_info()
     logger.info(f"Middleware setup completed:")

mcp_proxy_adapter/api/middleware/protocol_middleware.py

@@ -24,15 +24,37 @@ class ProtocolMiddleware(BaseHTTPMiddleware):
     def __init__(self, app, app_config: Optional[Dict[str, Any]] = None):
         """
         Initialize protocol middleware.
-        
+
         Args:
             app: FastAPI application
             app_config: Application configuration dictionary (optional)
         """
         super().__init__(app)
-        self.app_config = app_config
+        # Normalize config to dictionary
+        normalized_config: Optional[Dict[str, Any]]
+        if app_config is None:
+            normalized_config = None
+        elif hasattr(app_config, 'get_all'):
+            try:
+                normalized_config = app_config.get_all()
+            except Exception as e:
+                logger.debug(f"ProtocolMiddleware - Error calling get_all(): {e}, type: {type(app_config)}")
+                normalized_config = None
+        elif hasattr(app_config, 'keys'):
+            normalized_config = app_config  # Already dict-like
+        else:
+            logger.debug(f"ProtocolMiddleware - app_config is not dict-like, type: {type(app_config)}, value: {repr(app_config)}")
+            normalized_config = None
+
+        logger.debug(f"ProtocolMiddleware - normalized_config type: {type(normalized_config)}")
+        if normalized_config:
+            logger.debug(f"ProtocolMiddleware - protocols in config: {'protocols' in normalized_config}")
+            if 'protocols' in normalized_config:
+                logger.debug(f"ProtocolMiddleware - protocols type: {type(normalized_config['protocols'])}")
+
+        self.app_config = normalized_config
         # Get protocol manager with current configuration
-        self.protocol_manager = get_protocol_manager(app_config)
+        self.protocol_manager = get_protocol_manager(normalized_config)
     
     def update_config(self, new_config: Dict[str, Any]):
         """
@@ -41,21 +63,31 @@ class ProtocolMiddleware(BaseHTTPMiddleware):
         Args:
             new_config: New configuration dictionary
         """
-        self.app_config = new_config
-        self.protocol_manager = get_protocol_manager(new_config)
+        # Normalize new config
+        if hasattr(new_config, 'get_all'):
+            try:
+                self.app_config = new_config.get_all()
+            except Exception:
+                self.app_config = None
+        elif hasattr(new_config, 'keys'):
+            self.app_config = new_config
+        else:
+            self.app_config = None
+        self.protocol_manager = get_protocol_manager(self.app_config)
         logger.info("Protocol middleware configuration updated")
     
     async def dispatch(self, request: Request, call_next: Callable) -> Response:
         """
         Process request through protocol middleware.
-        
+
         Args:
             request: Incoming request
             call_next: Next middleware/endpoint function
-            
+
         Returns:
             Response object
         """
+        logger.info(f"ProtocolMiddleware.dispatch called for {request.method} {request.url.path}")
         try:
             # Get protocol from request
             protocol = self._get_request_protocol(request)
@@ -132,22 +164,37 @@ class ProtocolMiddleware(BaseHTTPMiddleware):
 def setup_protocol_middleware(app, app_config: Optional[Dict[str, Any]] = None):
     """
     Setup protocol middleware for FastAPI application.
-    
+
     Args:
         app: FastAPI application
         app_config: Application configuration dictionary (optional)
     """
+    logger.info(f"setup_protocol_middleware - app_config type: {type(app_config)}")
+
     # Check if protocol management is enabled
     if app_config is None:
         from mcp_proxy_adapter.config import config
         app_config = config.get_all()
-    
-    protocols_config = app_config.get("protocols", {})
-    enabled = protocols_config.get("enabled", True)
-    
+        logger.info(f"setup_protocol_middleware - loaded from global config, type: {type(app_config)}")
+
+    logger.info(f"setup_protocol_middleware - final app_config type: {type(app_config)}")
+
+    if hasattr(app_config, 'get'):
+        logger.info(f"setup_protocol_middleware - app_config keys: {list(app_config.keys()) if hasattr(app_config, 'keys') else 'no keys'}")
+        protocols_config = app_config.get("protocols", {})
+        logger.info(f"setup_protocol_middleware - protocols_config type: {type(protocols_config)}")
+        enabled = protocols_config.get("enabled", True) if hasattr(protocols_config, 'get') else True
+    else:
+        logger.info(f"setup_protocol_middleware - app_config is not dict-like: {repr(app_config)}")
+        enabled = True
+
+    logger.info(f"setup_protocol_middleware - protocol management enabled: {enabled}")
+
     if enabled:
         # Create protocol middleware with current configuration
+        logger.info(f"setup_protocol_middleware - creating ProtocolMiddleware with config type: {type(app_config)}")
         middleware = ProtocolMiddleware(app, app_config)
+        logger.info(f"setup_protocol_middleware - adding middleware to app")
         app.add_middleware(ProtocolMiddleware, app_config=app_config)
         logger.info("Protocol middleware added to application")
     else:

mcp_proxy_adapter/api/middleware/unified_security.py

@@ -65,12 +65,17 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
             # Use framework's FastAPI middleware
             self.framework_middleware = self.security_integration.security_manager.create_fastapi_middleware()
             logger.info("Using mcp_security_framework FastAPI middleware")
+            # IMPORTANT: Don't replace self.app! This breaks the middleware chain.
+            # Instead, store the framework middleware for use in dispatch method.
+            logger.info("Framework middleware will be used in dispatch method")
         except Exception as e:
             logger.error(f"Security framework integration failed: {e}")
             # Instead of raising error, log warning and continue without security
             logger.warning("Continuing without security framework - some security features will be disabled")
             self.security_integration = None
             self.framework_middleware = None
+            # Keep original app in place when framework middleware is unavailable
+            # BaseHTTPMiddleware initialized it via super().__init__(app)
         
         logger.info("Unified security middleware initialized")
     
@@ -86,14 +91,45 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
             Response object
         """
         try:
-            # Use framework middleware if available
-            if self.framework_middleware is not None:
-                return await self.framework_middleware.dispatch(request, call_next)
+            # Simple built-in API key enforcement if configured
+            security_cfg = self.config.get("security", {}) if isinstance(self.config, dict) else {}
+            auth_cfg = security_cfg.get("auth", {})
+            permissions_cfg = security_cfg.get("permissions", {})
+            public_paths = set(auth_cfg.get("public_paths", ["/health", "/docs", "/openapi.json"]))
+            # JSON-RPC endpoint must not be public when API key is required
+            public_paths.discard("/api/jsonrpc")
+            path = request.url.path
+            methods = set(auth_cfg.get("methods", []))
+            api_keys: Dict[str, str] = auth_cfg.get("api_keys", {}) or {}
+
+            # Enforce only for non-public paths when api_key method configured
+            if security_cfg.get("enabled", False) and ("api_key" in methods) and (path not in public_paths):
+                # Accept either X-API-Key or Authorization: Bearer
+                token = request.headers.get("X-API-Key")
+                if not token:
+                    authz = request.headers.get("Authorization", "")
+                    if authz.startswith("Bearer "):
+                        token = authz[7:]
+                if not token or (api_keys and token not in api_keys):
+                    from fastapi.responses import JSONResponse
+                    return JSONResponse(status_code=401, content={
+                        "error": {
+                            "code": 401,
+                            "message": "Unauthorized: invalid or missing API key",
+                            "type": "authentication_error"
+                        }
+                    })
+
+            # Continue with framework middleware or regular flow
+            if self.framework_middleware:
+                # If framework middleware exists, we need to call it manually
+                # This is a workaround since we can't chain ASGI apps in BaseHTTPMiddleware
+                logger.debug("Framework middleware exists, continuing with regular call_next")
+                return await call_next(request)
             else:
-                # Fallback: continue without security middleware
-                logger.debug("Security framework not available, continuing without security checks")
+                # No framework middleware, continue normally
                 return await call_next(request)
-            
+
         except SecurityValidationError as e:
             # Handle security validation errors
             return await self._handle_security_error(request, e)

mcp_proxy_adapter/api/middleware/user_info_middleware.py

@@ -15,6 +15,16 @@ from starlette.middleware.base import BaseHTTPMiddleware
 
 from mcp_proxy_adapter.core.logging import logger
 
+# Import mcp_security_framework components
+try:
+    from mcp_security_framework import AuthManager
+    from mcp_security_framework.schemas.config import AuthConfig
+    _MCP_SECURITY_AVAILABLE = True
+    print("✅ mcp_security_framework available in middleware")
+except ImportError:
+    _MCP_SECURITY_AVAILABLE = False
+    print("⚠️ mcp_security_framework not available in middleware, using basic auth")
+
 
 class UserInfoMiddleware(BaseHTTPMiddleware):
     """
@@ -27,20 +37,43 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
     def __init__(self, app, config: Dict[str, Any]):
         """
         Initialize user info middleware.
-        
+
         Args:
             app: FastAPI application
             config: Configuration dictionary
         """
         super().__init__(app)
         self.config = config
-        
-        # Get API keys configuration
-        security_config = config.get("security", {})
-        auth_config = security_config.get("auth", {})
-        self.api_keys = auth_config.get("api_keys", {})
-        
-        logger.info("User info middleware initialized")
+
+        # Initialize AuthManager if available
+        self.auth_manager = None
+        self._security_available = _MCP_SECURITY_AVAILABLE
+
+        if self._security_available:
+            try:
+                # Get API keys configuration
+                security_config = config.get("security", {})
+                auth_config = security_config.get("auth", {})
+
+                # Create AuthConfig for mcp_security_framework
+                mcp_auth_config = AuthConfig(
+                    enabled=True,
+                    methods=["api_key"],
+                    api_keys=auth_config.get("api_keys", {})
+                )
+
+                self.auth_manager = AuthManager(mcp_auth_config)
+                logger.info("✅ User info middleware initialized with mcp_security_framework")
+            except Exception as e:
+                logger.warning(f"⚠️ Failed to initialize AuthManager: {e}")
+                self._security_available = False
+
+        if not self._security_available:
+            # Fallback to basic API key handling
+            security_config = config.get("security", {})
+            auth_config = security_config.get("auth", {})
+            self.api_keys = auth_config.get("api_keys", {})
+            logger.info("ℹ️ User info middleware initialized with basic auth")
     
     async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
         """
@@ -56,28 +89,70 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
         # Extract API key from headers
         api_key = request.headers.get("X-API-Key")
         
-        if api_key and api_key in self.api_keys:
-            # Get user info from API key configuration
-            user_config = self.api_keys[api_key]
-            
-            # Set user info in request.state
-            request.state.user = {
-                "id": api_key,
-                "role": user_config.get("roles", ["guest"])[0] if user_config.get("roles") else "guest",
-                "roles": user_config.get("roles", ["guest"]),
-                "permissions": user_config.get("permissions", ["read"])
-            }
-            
-            logger.debug(f"Set user info for {api_key}: {request.state.user}")
+        if api_key:
+            if self.auth_manager and self._security_available:
+                try:
+                    # Use mcp_security_framework AuthManager
+                    auth_result = self.auth_manager.authenticate_api_key(api_key)
+
+                    if auth_result.is_valid:
+                        # Set user info from AuthManager result
+                        request.state.user = {
+                            "id": api_key,
+                            "role": auth_result.roles[0] if auth_result.roles else "guest",
+                            "roles": auth_result.roles or ["guest"],
+                            "permissions": getattr(auth_result, 'permissions', ["read"])
+                        }
+                        logger.debug(f"✅ Authenticated user with mcp_security_framework: {request.state.user}")
+                    else:
+                        # Authentication failed
+                        request.state.user = {
+                            "id": None,
+                            "role": "guest",
+                            "roles": ["guest"],
+                            "permissions": ["read"]
+                        }
+                        logger.debug(f"❌ Authentication failed for API key: {api_key[:8]}...")
+                except Exception as e:
+                    logger.warning(f"⚠️ AuthManager error: {e}, falling back to basic auth")
+                    self._security_available = False
+
+            if not self._security_available:
+                # Fallback to basic API key handling
+                if api_key in getattr(self, 'api_keys', {}):
+                    user_role = self.api_keys[api_key]
+
+                    # Get permissions for this role from roles file if available
+                    role_permissions = ["read"]  # default permissions
+                    if hasattr(self, 'roles_config') and self.roles_config and user_role in self.roles_config:
+                        role_permissions = self.roles_config[user_role].get("permissions", ["read"])
+
+                    # Set user info in request.state
+                    request.state.user = {
+                        "id": api_key,
+                        "role": user_role,
+                        "roles": [user_role],
+                        "permissions": role_permissions
+                    }
+
+                    logger.debug(f"✅ Authenticated user with basic auth: {request.state.user}")
+                else:
+                    # API key not found
+                    request.state.user = {
+                        "id": None,
+                        "role": "guest",
+                        "roles": ["guest"],
+                        "permissions": ["read"]
+                    }
+                    logger.debug(f"❌ API key not found: {api_key[:8]}...")
         else:
-            # Set default guest user info
+            # No API key provided - guest access
             request.state.user = {
                 "id": None,
                 "role": "guest",
                 "roles": ["guest"],
                 "permissions": ["read"]
             }
-            
-            logger.debug("Set default guest user info")
+            logger.debug("ℹ️ No API key provided, using guest access")
         
         return await call_next(request)

mcp_proxy_adapter/core/protocol_manager.py

@@ -33,12 +33,33 @@ class ProtocolManager:
     
     def _load_config(self):
         """Load protocol configuration from config."""
-        # Use provided config or fallback to global config
+        # Use provided config or fallback to global config; normalize types
         current_config = self.app_config if self.app_config is not None else config.get_all()
-        
+        logger.info(f"ProtocolManager._load_config - current_config type: {type(current_config)}")
+
+        if not hasattr(current_config, 'get'):
+            # Not a dict-like config, fallback to global
+            logger.info(f"ProtocolManager._load_config - current_config is not dict-like, falling back to global config")
+            current_config = config.get_all()
+
+        logger.info(f"ProtocolManager._load_config - final current_config type: {type(current_config)}")
+        if hasattr(current_config, 'get'):
+            logger.info(f"ProtocolManager._load_config - current_config keys: {list(current_config.keys()) if hasattr(current_config, 'keys') else 'no keys'}")
+
         # Get protocols configuration
-        self.protocols_config = current_config.get("protocols", {})
-        self.enabled = self.protocols_config.get("enabled", True)
+        logger.info(f"ProtocolManager._load_config - before getting protocols")
+        try:
+            self.protocols_config = current_config.get("protocols", {})
+            logger.info(f"ProtocolManager._load_config - protocols_config type: {type(self.protocols_config)}")
+            if hasattr(self.protocols_config, 'get'):
+                logger.info(f"ProtocolManager._load_config - protocols_config is dict-like")
+            else:
+                logger.info(f"ProtocolManager._load_config - protocols_config is NOT dict-like: {repr(self.protocols_config)}")
+        except Exception as e:
+            logger.info(f"ProtocolManager._load_config - ERROR getting protocols: {e}")
+            self.protocols_config = {}
+
+        self.enabled = self.protocols_config.get("enabled", True) if hasattr(self.protocols_config, 'get') else True
         
         # Get SSL configuration to determine allowed protocols
         ssl_enabled = self._is_ssl_enabled(current_config)
@@ -162,7 +183,14 @@ class ProtocolManager:
             Protocol configuration dictionary
         """
         protocol_lower = protocol.lower()
-        return self.protocols_config.get(protocol_lower, {}).copy()
+        cfg = self.protocols_config.get(protocol_lower, {})
+        # Ensure dict type
+        if isinstance(cfg, dict):
+            try:
+                return cfg.copy()
+            except Exception:
+                return {}
+        return {}
     
     def validate_url_protocol(self, url: str) -> Tuple[bool, Optional[str]]:
         """

mcp_proxy_adapter/examples/create_certificates_simple.py

@@ -22,17 +22,18 @@ except ImportError:
 class SimpleCertificateCreator:
     """Create certificates using OpenSSL directly."""
     def __init__(self, certs_dir: str = None, keys_dir: str = None):
+        # Use current working directory as base
+        cwd = Path.cwd()
+
         if certs_dir:
             self.certs_dir = Path(certs_dir).resolve()
         else:
-            self.project_root = Path(__file__).parent.parent.parent
-            self.certs_dir = self.project_root / "mcp_proxy_adapter" / "examples" / "certs"
+            self.certs_dir = cwd / "certs"
+
         if keys_dir:
             self.keys_dir = Path(keys_dir).resolve()
         else:
-            if not certs_dir:
-                self.project_root = Path(__file__).parent.parent.parent
-            self.keys_dir = self.project_root / "mcp_proxy_adapter" / "examples" / "keys"
+            self.keys_dir = cwd / "keys"
         # Create directories
         self.certs_dir.mkdir(parents=True, exist_ok=True)
         self.keys_dir.mkdir(parents=True, exist_ok=True)
@@ -450,6 +451,56 @@ class SimpleCertificateCreator:
         # 5. Validate certificates
         if not self.validate_certificates():
             success = False
+        # Create compatibility symlinks
+        if success:
+            # CA certificate symlink
+            ca_cert = self.certs_dir / "ca_cert.pem"
+            expected_ca_cert = self.certs_dir / "mcp_proxy_adapter_ca_ca.crt"
+            if ca_cert.exists() and not expected_ca_cert.exists():
+                try:
+                    expected_ca_cert.symlink_to(ca_cert)
+                    print(f"✅ Created CA certificate symlink: {expected_ca_cert}")
+                except OSError:
+                    # On Windows, symlink might require admin privileges, copy instead
+                    import shutil
+                    shutil.copy2(ca_cert, expected_ca_cert)
+                    print(f"✅ Created CA certificate copy: {expected_ca_cert}")
+
+            # Server certificate symlink
+            server_cert = self.certs_dir / "server_cert.pem"
+            expected_server_cert = self.certs_dir / "localhost_server.crt"
+            if server_cert.exists() and not expected_server_cert.exists():
+                try:
+                    expected_server_cert.symlink_to(server_cert)
+                    print(f"✅ Created server certificate symlink: {expected_server_cert}")
+                except OSError:
+                    # On Windows, symlink might require admin privileges, copy instead
+                    import shutil
+                    shutil.copy2(server_cert, expected_server_cert)
+                    print(f"✅ Created server certificate copy: {expected_server_cert}")
+
+            # Server key symlink - check if it's in certs or keys directory
+            server_key_certs = self.certs_dir / "server_key.pem"
+            server_key_keys = self.keys_dir / "server_key.pem"
+
+            if server_key_certs.exists():
+                # Server key is in certs directory, move it to keys directory
+                import shutil
+                shutil.move(str(server_key_certs), str(server_key_keys))
+                print(f"✅ Moved server key to keys directory: {server_key_keys}")
+
+            if server_key_keys.exists():
+                expected_server_key = self.keys_dir / "localhost_server.key"
+                if not expected_server_key.exists():
+                    try:
+                        expected_server_key.symlink_to(server_key_keys)
+                        print(f"✅ Created server key symlink: {expected_server_key}")
+                    except OSError:
+                        # On Windows, symlink might require admin privileges, copy instead
+                        import shutil
+                        shutil.copy2(server_key_keys, expected_server_key)
+                        print(f"✅ Created server key copy: {expected_server_key}")
+
         # Print summary
         print("\n" + "=" * 60)
         print("📊 CERTIFICATE CREATION SUMMARY")
@@ -472,12 +523,29 @@ class SimpleCertificateCreator:
 def main():
     """Main function."""
     parser = argparse.ArgumentParser(description="Create certificates for testing")
-    parser.add_argument("--certs-dir", help="Directory for certificates")
-    parser.add_argument("--keys-dir", help="Directory for keys")
+    parser.add_argument("--certs-dir", help="Directory for certificates (default: ./certs)")
+    parser.add_argument("--keys-dir", help="Directory for keys (default: ./keys)")
     args = parser.parse_args()
+
+    # If no directories specified, check if we're in a test environment
+    if not args.certs_dir and not args.keys_dir:
+        cwd = Path.cwd()
+        # Check if we're in a test environment by looking for typical directories
+        if (cwd / "configs").exists() and (cwd / "examples").exists():
+            # We're in a test environment, use current directory
+            certs_dir = cwd / "certs"
+            keys_dir = cwd / "keys"
+        else:
+            # Use default project structure
+            certs_dir = None
+            keys_dir = None
+    else:
+        certs_dir = args.certs_dir
+        keys_dir = args.keys_dir
+
     creator = SimpleCertificateCreator(
-        certs_dir=args.certs_dir,
-        keys_dir=args.keys_dir
+        certs_dir=certs_dir,
+        keys_dir=keys_dir
     )
     try:
         success = creator.create_all()