mcp-proxy-adapter 6.3.3__py3-none-any.whl → 6.3.5__py3-none-any.whl

mcp_proxy_adapter/api/middleware/unified_security.py

@@ -16,9 +16,12 @@ from starlette.middleware.base import BaseHTTPMiddleware
 
 # Direct import from framework
 try:
-    from mcp_security_framework.middleware.fastapi_middleware import FastAPISecurityMiddleware
+    from mcp_security_framework.middleware.fastapi_middleware import (
+        FastAPISecurityMiddleware,
+    )
     from mcp_security_framework import SecurityManager
     from mcp_security_framework.schemas.config import SecurityConfig
+
     SECURITY_FRAMEWORK_AVAILABLE = True
 except ImportError:
     SECURITY_FRAMEWORK_AVAILABLE = False
@@ -32,7 +35,7 @@ from mcp_proxy_adapter.core.security_integration import create_security_integrat
 
 class SecurityValidationError(Exception):
     """Security validation error."""
-    
+
     def __init__(self, message: str, error_code: int):
         self.message = message
         self.error_code = error_code
@@ -42,28 +45,30 @@ class SecurityValidationError(Exception):
 class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
     """
     Unified security middleware using mcp_security_framework.
-    
+
     This middleware now directly uses the security framework's FastAPI middleware
     and components instead of custom implementations.
     """
-    
+
     def __init__(self, app, config: Dict[str, Any]):
         """
         Initialize unified security middleware.
-        
+
         Args:
             app: FastAPI application
             config: mcp_proxy_adapter configuration dictionary
         """
         super().__init__(app)
         self.config = config
-        
+
         # Create security integration
         try:
             security_config = config.get("security", {})
             self.security_integration = create_security_integration(security_config)
             # Use framework's FastAPI middleware
-            self.framework_middleware = self.security_integration.security_manager.create_fastapi_middleware()
+            self.framework_middleware = (
+                self.security_integration.security_manager.create_fastapi_middleware()
+            )
             logger.info("Using mcp_security_framework FastAPI middleware")
             # IMPORTANT: Don't replace self.app! This breaks the middleware chain.
             # Instead, store the framework middleware for use in dispatch method.
@@ -71,31 +76,39 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
         except Exception as e:
             logger.error(f"Security framework integration failed: {e}")
             # Instead of raising error, log warning and continue without security
-            logger.warning("Continuing without security framework - some security features will be disabled")
+            logger.warning(
+                "Continuing without security framework - some security features will be disabled"
+            )
             self.security_integration = None
             self.framework_middleware = None
             # Keep original app in place when framework middleware is unavailable
             # BaseHTTPMiddleware initialized it via super().__init__(app)
-        
+
         logger.info("Unified security middleware initialized")
-    
-    async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
+
+    async def dispatch(
+        self, request: Request, call_next: Callable[[Request], Awaitable[Response]]
+    ) -> Response:
         """
         Process request using framework middleware.
-        
+
         Args:
             request: Request object
             call_next: Next handler
-            
+
         Returns:
             Response object
         """
         try:
             # Simple built-in API key enforcement if configured
-            security_cfg = self.config.get("security", {}) if isinstance(self.config, dict) else {}
+            security_cfg = (
+                self.config.get("security", {}) if isinstance(self.config, dict) else {}
+            )
             auth_cfg = security_cfg.get("auth", {})
             permissions_cfg = security_cfg.get("permissions", {})
-            public_paths = set(auth_cfg.get("public_paths", ["/health", "/docs", "/openapi.json"]))
+            public_paths = set(
+                auth_cfg.get("public_paths", ["/health", "/docs", "/openapi.json"])
+            )
             # JSON-RPC endpoint must not be public when API key is required
             public_paths.discard("/api/jsonrpc")
             path = request.url.path
@@ -103,7 +116,11 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
             api_keys: Dict[str, str] = auth_cfg.get("api_keys", {}) or {}
 
             # Enforce only for non-public paths when api_key method configured
-            if security_cfg.get("enabled", False) and ("api_key" in methods) and (path not in public_paths):
+            if (
+                security_cfg.get("enabled", False)
+                and ("api_key" in methods)
+                and (path not in public_paths)
+            ):
                 # Accept either X-API-Key or Authorization: Bearer
                 token = request.headers.get("X-API-Key")
                 if not token:
@@ -112,19 +129,25 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
                         token = authz[7:]
                 if not token or (api_keys and token not in api_keys):
                     from fastapi.responses import JSONResponse
-                    return JSONResponse(status_code=401, content={
-                        "error": {
-                            "code": 401,
-                            "message": "Unauthorized: invalid or missing API key",
-                            "type": "authentication_error"
-                        }
-                    })
+
+                    return JSONResponse(
+                        status_code=401,
+                        content={
+                            "error": {
+                                "code": 401,
+                                "message": "Unauthorized: invalid or missing API key",
+                                "type": "authentication_error",
+                            }
+                        },
+                    )
 
             # Continue with framework middleware or regular flow
             if self.framework_middleware:
                 # If framework middleware exists, we need to call it manually
                 # This is a workaround since we can't chain ASGI apps in BaseHTTPMiddleware
-                logger.debug("Framework middleware exists, continuing with regular call_next")
+                logger.debug(
+                    "Framework middleware exists, continuing with regular call_next"
+                )
                 return await call_next(request)
             else:
                 # No framework middleware, continue normally
@@ -137,61 +160,57 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
             # Handle other errors
             logger.error(f"Unexpected error in unified security middleware: {e}")
             return await self._handle_general_error(request, e)
-    
 
-    
-    async def _handle_security_error(self, request: Request, error: SecurityValidationError) -> Response:
+    async def _handle_security_error(
+        self, request: Request, error: SecurityValidationError
+    ) -> Response:
         """
         Handle security validation errors.
-        
+
         Args:
             request: Request object
             error: Security validation error
-            
+
         Returns:
             Error response
         """
         from fastapi.responses import JSONResponse
-        
+
         error_response = {
             "error": {
                 "code": error.error_code,
                 "message": error.message,
-                "type": "security_validation_error"
+                "type": "security_validation_error",
             }
         }
-        
+
         logger.warning(f"Security validation failed: {error.message}")
-        
-        return JSONResponse(
-            status_code=error.error_code,
-            content=error_response
-        )
-    
-    async def _handle_general_error(self, request: Request, error: Exception) -> Response:
+
+        return JSONResponse(status_code=error.error_code, content=error_response)
+
+    async def _handle_general_error(
+        self, request: Request, error: Exception
+    ) -> Response:
         """
         Handle general errors.
-        
+
         Args:
             request: Request object
             error: General error
-            
+
         Returns:
             Error response
         """
         from fastapi.responses import JSONResponse
-        
+
         error_response = {
-                "error": {
+            "error": {
                 "code": 500,
-                    "message": "Internal server error",
-                "type": "general_error"
+                "message": "Internal server error",
+                "type": "general_error",
             }
         }
-        
+
         logger.error(f"General error in security middleware: {error}")
-        
-        return JSONResponse(
-            status_code=500,
-            content=error_response
-        )
+
+        return JSONResponse(status_code=500, content=error_response)

mcp_proxy_adapter/api/middleware/user_info_middleware.py

@@ -17,15 +17,13 @@ from mcp_proxy_adapter.core.logging import logger
 # Import mcp_security_framework components
 try:
     from mcp_security_framework import AuthManager, PermissionManager
-    from mcp_security_framework.schemas.config import (
-        AuthConfig, PermissionConfig
-    )
+    from mcp_security_framework.schemas.config import AuthConfig, PermissionConfig
+
     _MCP_SECURITY_AVAILABLE = True
     print("✅ mcp_security_framework available in middleware")
 except ImportError:
     _MCP_SECURITY_AVAILABLE = False
-    print("⚠️ mcp_security_framework not available in middleware, "
-          "using basic auth")
+    print("⚠️ mcp_security_framework not available in middleware, " "using basic auth")
 
 
 class UserInfoMiddleware(BaseHTTPMiddleware):
@@ -35,6 +33,7 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
     This middleware extracts user information from authentication headers
     and sets it in request.state for use by commands.
     """
+
     def __init__(self, app, config: Dict[str, Any]):
         """
         Initialize user info middleware.
@@ -59,12 +58,12 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
 
                 # Check if permissions are enabled
                 permissions_enabled = permissions_config.get("enabled", False)
-                
+
                 # Create AuthConfig for mcp_security_framework
                 mcp_auth_config = AuthConfig(
                     enabled=True,
                     methods=["api_key"],
-                    api_keys=auth_config.get("api_keys", {})
+                    api_keys=auth_config.get("api_keys", {}),
                 )
 
                 # Initialize PermissionManager only if permissions are enabled
@@ -85,7 +84,7 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
                             "wildcard_permissions", False
                         ),
                         strict_mode=permissions_config.get("strict_mode", True),
-                        roles=permissions_config.get("roles", {})
+                        roles=permissions_config.get("roles", {}),
                     )
 
                     # Initialize PermissionManager first
@@ -101,7 +100,7 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
                         permission_cache_ttl=300,
                         wildcard_permissions=False,
                         strict_mode=False,
-                        roles={}
+                        roles={},
                     )
                     self.permission_manager = PermissionManager(mcp_permission_config)
 
@@ -109,8 +108,9 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
                 self.auth_manager = AuthManager(
                     mcp_auth_config, self.permission_manager
                 )
-                logger.info("✅ User info middleware initialized with "
-                            "mcp_security_framework")
+                logger.info(
+                    "✅ User info middleware initialized with " "mcp_security_framework"
+                )
             except Exception as e:
                 logger.warning(f"⚠️ Failed to initialize AuthManager: {e}")
                 self._security_available = False
@@ -123,8 +123,7 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
             logger.info("ℹ️ User info middleware initialized with basic auth")
 
     async def dispatch(
-        self, request: Request,
-        call_next: Callable[[Request], Awaitable[Response]]
+        self, request: Request, call_next: Callable[[Request], Awaitable[Response]]
     ) -> Response:
         """
         Process request and set user info in request.state.
@@ -148,41 +147,49 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
                         # Set user info from AuthManager result
                         request.state.user = {
                             "id": api_key,
-                            "role": (auth_result.roles[0]
-                                     if auth_result.roles else "guest"),
+                            "role": (
+                                auth_result.roles[0] if auth_result.roles else "guest"
+                            ),
                             "roles": auth_result.roles or ["guest"],
                             "permissions": getattr(
-                                auth_result, 'permissions', ["read"]
-                            )
+                                auth_result, "permissions", ["read"]
+                            ),
                         }
-                        logger.debug(f"✅ Authenticated user with "
-                                     f"mcp_security_framework: "
-                                     f"{request.state.user}")
+                        logger.debug(
+                            f"✅ Authenticated user with "
+                            f"mcp_security_framework: "
+                            f"{request.state.user}"
+                        )
                     else:
                         # Authentication failed
                         request.state.user = {
                             "id": None,
                             "role": "guest",
                             "roles": ["guest"],
-                            "permissions": ["read"]
+                            "permissions": ["read"],
                         }
-                        logger.debug(f"❌ Authentication failed for API key: "
-                                     f"{api_key[:8]}...")
+                        logger.debug(
+                            f"❌ Authentication failed for API key: "
+                            f"{api_key[:8]}..."
+                        )
                 except Exception as e:
-                    logger.warning(f"⚠️ AuthManager error: {e}, "
-                                   f"falling back to basic auth")
+                    logger.warning(
+                        f"⚠️ AuthManager error: {e}, " f"falling back to basic auth"
+                    )
                     self._security_available = False
 
             if not self._security_available:
                 # Fallback to basic API key handling
-                if api_key in getattr(self, 'api_keys', {}):
+                if api_key in getattr(self, "api_keys", {}):
                     user_role = self.api_keys[api_key]
 
                     # Get permissions for this role from roles file if available
                     role_permissions = ["read"]  # default permissions
-                    if (hasattr(self, 'roles_config') and
-                            self.roles_config and
-                            user_role in self.roles_config):
+                    if (
+                        hasattr(self, "roles_config")
+                        and self.roles_config
+                        and user_role in self.roles_config
+                    ):
                         role_permissions = self.roles_config[user_role].get(
                             "permissions", ["read"]
                         )
@@ -192,18 +199,20 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
                         "id": api_key,
                         "role": user_role,
                         "roles": [user_role],
-                        "permissions": role_permissions
+                        "permissions": role_permissions,
                     }
 
-                    logger.debug(f"✅ Authenticated user with basic auth: "
-                                 f"{request.state.user}")
+                    logger.debug(
+                        f"✅ Authenticated user with basic auth: "
+                        f"{request.state.user}"
+                    )
                 else:
                     # API key not found
                     request.state.user = {
                         "id": None,
                         "role": "guest",
                         "roles": ["guest"],
-                        "permissions": ["read"]
+                        "permissions": ["read"],
                     }
                     logger.debug(f"❌ API key not found: {api_key[:8]}...")
         else:
@@ -212,7 +221,7 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
                 "id": None,
                 "role": "guest",
                 "roles": ["guest"],
-                "permissions": ["read"]
+                "permissions": ["read"],
             }
             logger.debug("ℹ️ No API key provided, using guest access")