mcp-proxy-adapter 6.7.0__py3-none-any.whl → 6.7.1__py3-none-any.whl

mcp_proxy_adapter/core/mtls_proxy.py

@@ -0,0 +1,181 @@
+"""
+mTLS Proxy for MCP Proxy Adapter
+
+This module provides mTLS proxy functionality that accepts mTLS connections
+and proxies them to the internal hypercorn server.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import asyncio
+import ssl
+import logging
+from typing import Optional, Dict, Any
+from pathlib import Path
+
+logger = logging.getLogger(__name__)
+
+
+class MTLSProxy:
+    """
+    mTLS Proxy that accepts mTLS connections and proxies them to internal server.
+    """
+    
+    def __init__(self, 
+                 external_host: str,
+                 external_port: int,
+                 internal_host: str = "127.0.0.1",
+                 internal_port: int = 9000,
+                 cert_file: Optional[str] = None,
+                 key_file: Optional[str] = None,
+                 ca_cert: Optional[str] = None):
+        """
+        Initialize mTLS Proxy.
+        
+        Args:
+            external_host: External host to bind to
+            external_port: External port to bind to
+            internal_host: Internal server host
+            internal_port: Internal server port
+            cert_file: Server certificate file
+            key_file: Server private key file
+            ca_cert: CA certificate file for client verification
+        """
+        self.external_host = external_host
+        self.external_port = external_port
+        self.internal_host = internal_host
+        self.internal_port = internal_port
+        self.cert_file = cert_file
+        self.key_file = key_file
+        self.ca_cert = ca_cert
+        self.server = None
+        
+    async def start(self):
+        """Start the mTLS proxy server."""
+        try:
+            # Create SSL context
+            ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            ssl_context.load_cert_chain(self.cert_file, self.key_file)
+            
+            if self.ca_cert:
+                ssl_context.load_verify_locations(self.ca_cert)
+                ssl_context.verify_mode = ssl.CERT_REQUIRED
+            else:
+                ssl_context.verify_mode = ssl.CERT_NONE
+                
+            # Start server
+            self.server = await asyncio.start_server(
+                self._handle_client,
+                self.external_host,
+                self.external_port,
+                ssl=ssl_context
+            )
+            
+            logger.info(f"🔐 mTLS Proxy started on {self.external_host}:{self.external_port}")
+            logger.info(f"🌐 Proxying to {self.internal_host}:{self.internal_port}")
+            
+        except Exception as e:
+            logger.error(f"❌ Failed to start mTLS proxy: {e}")
+            raise
+            
+    async def stop(self):
+        """Stop the mTLS proxy server."""
+        if self.server:
+            self.server.close()
+            await self.server.wait_closed()
+            logger.info("🔐 mTLS Proxy stopped")
+            
+    async def _handle_client(self, reader, writer):
+        """Handle client connection."""
+        try:
+            # Get client address
+            client_addr = writer.get_extra_info('peername')
+            logger.info(f"🔐 mTLS connection from {client_addr}")
+            
+            # Connect to internal server
+            internal_reader, internal_writer = await asyncio.open_connection(
+                self.internal_host, self.internal_port
+            )
+            
+            # Create bidirectional proxy
+            await asyncio.gather(
+                self._proxy_data(reader, internal_writer, "client->server"),
+                self._proxy_data(internal_reader, writer, "server->client")
+            )
+            
+        except Exception as e:
+            logger.error(f"❌ Error handling client connection: {e}")
+        finally:
+            try:
+                writer.close()
+                await writer.wait_closed()
+            except:
+                pass
+                
+    async def _proxy_data(self, reader, writer, direction):
+        """Proxy data between reader and writer."""
+        try:
+            while True:
+                data = await reader.read(4096)
+                if not data:
+                    break
+                writer.write(data)
+                await writer.drain()
+        except Exception as e:
+            logger.debug(f"Proxy connection closed ({direction}): {e}")
+        finally:
+            try:
+                writer.close()
+                await writer.wait_closed()
+            except:
+                pass
+
+
+async def start_mtls_proxy(config: Dict[str, Any]) -> Optional[MTLSProxy]:
+    """
+    Start mTLS proxy based on configuration.
+    
+    Args:
+        config: Application configuration
+        
+    Returns:
+        MTLSProxy instance if started, None otherwise
+    """
+    # Check if mTLS is enabled
+    protocol = config.get("server", {}).get("protocol", "http")
+    verify_client = config.get("transport", {}).get("verify_client", False)
+    
+    # Only start mTLS proxy if mTLS is explicitly enabled
+    if protocol != "mtls" and not verify_client:
+        logger.info("🌐 Regular mode: no mTLS proxy needed")
+        return None
+        
+    # Get configuration
+    server_config = config.get("server", {})
+    transport_config = config.get("transport", {})
+    
+    external_host = server_config.get("host", "0.0.0.0")
+    external_port = server_config.get("port", 8000)
+    internal_port = external_port + 1000  # Internal port
+    
+    cert_file = transport_config.get("cert_file")
+    key_file = transport_config.get("key_file")
+    ca_cert = transport_config.get("ca_cert")
+    
+    if not cert_file or not key_file:
+        logger.warning("⚠️  mTLS enabled but certificates not configured")
+        return None
+        
+    # Create and start proxy
+    proxy = MTLSProxy(
+        external_host=external_host,
+        external_port=external_port,
+        internal_port=internal_port,
+        cert_file=cert_file,
+        key_file=key_file,
+        ca_cert=ca_cert
+    )
+    
+    await proxy.start()
+    return proxy

mcp_proxy_adapter/main.py

@@ -89,8 +89,23 @@ def main():
     verify_client = config.get("transport.verify_client", False)
     chk_hostname = config.get("transport.chk_hostname", False)
     
-    # SSL enabled if protocol is HTTPS or mTLS (verify_client=True)
-    ssl_enabled = protocol in ["https", "mtls"] or verify_client
+    # Check if mTLS is required
+    is_mtls_mode = protocol == "mtls" or verify_client
+    
+    if is_mtls_mode:
+        # mTLS mode: hypercorn on localhost, mTLS proxy on external port
+        hypercorn_host = "127.0.0.1"  # localhost only
+        hypercorn_port = port + 1000   # internal port
+        mtls_proxy_port = port         # external port
+        ssl_enabled = True
+        print(f"🔐 mTLS Mode: hypercorn on {hypercorn_host}:{hypercorn_port}, mTLS proxy on {host}:{mtls_proxy_port}")
+    else:
+        # Regular mode: hypercorn on external port (no proxy needed)
+        hypercorn_host = host
+        hypercorn_port = port
+        mtls_proxy_port = None
+        ssl_enabled = protocol == "https"
+        print(f"🌐 Regular Mode: hypercorn on {hypercorn_host}:{hypercorn_port}")
     
     # SSL configuration based on protocol
     ssl_cert_file = None
@@ -118,7 +133,11 @@ def main():
     print("🔍 Source: configuration")
 
     print("🚀 Starting MCP Proxy Adapter")
-    print(f"🌐 Server: {host}:{port}")
+    if mtls_proxy_port:
+        print(f"🔐 mTLS Proxy: {host}:{mtls_proxy_port}")
+        print(f"🌐 Internal Server: {hypercorn_host}:{hypercorn_port}")
+    else:
+        print(f"🌐 Server: {hypercorn_host}:{hypercorn_port}")
     print(f"🔒 Protocol: {protocol}")
     if ssl_enabled:
         print("🔐 SSL: Enabled")
@@ -131,7 +150,7 @@ def main():
 
     # Configure hypercorn using framework
     config_hypercorn = hypercorn.config.Config()
-    config_hypercorn.bind = [f"{host}:{port}"]
+    config_hypercorn.bind = [f"{hypercorn_host}:{hypercorn_port}"]
 
     if ssl_enabled and ssl_cert_file and ssl_key_file:
         # Use framework to convert SSL configuration
@@ -201,7 +220,33 @@ def main():
 
     # Run the server
     try:
-        asyncio.run(hypercorn.asyncio.serve(app, config_hypercorn))
+        if is_mtls_mode:
+            # mTLS mode: start hypercorn and mTLS proxy
+            print("🔐 Starting mTLS mode with proxy...")
+            
+            async def run_mtls_mode():
+                # Start hypercorn server on localhost
+                hypercorn_task = asyncio.create_task(
+                    hypercorn.asyncio.serve(app, config_hypercorn)
+                )
+                
+                # Start mTLS proxy on external port
+                from mcp_proxy_adapter.core.mtls_proxy import start_mtls_proxy
+                proxy = await start_mtls_proxy(config.get_all())
+                
+                if proxy:
+                    print("✅ mTLS proxy started successfully")
+                else:
+                    print("⚠️  mTLS proxy not started, running hypercorn only")
+                
+                # Wait for hypercorn
+                await hypercorn_task
+                
+            asyncio.run(run_mtls_mode())
+        else:
+            # Regular mode: start hypercorn only (no proxy needed)
+            print("🌐 Starting regular mode...")
+            asyncio.run(hypercorn.asyncio.serve(app, config_hypercorn))
     except KeyboardInterrupt:
         print("\n🛑 Server stopped by user (Ctrl+C)")
         if is_shutdown_requested():

mcp_proxy_adapter/version.py

@@ -2,4 +2,4 @@
 Version information for MCP Proxy Adapter.
 """
 
-__version__ = "6.7.0"
+__version__ = "6.7.1"

{mcp_proxy_adapter-6.7.0.dist-info → mcp_proxy_adapter-6.7.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcp-proxy-adapter
-Version: 6.7.0
+Version: 6.7.1
 Summary: Powerful JSON-RPC microservices framework with built-in security, authentication, and proxy registration
 Home-page: https://github.com/maverikod/mcp-proxy-adapter
 Author: Vasiliy Zdanovskiy

{mcp_proxy_adapter-6.7.0.dist-info → mcp_proxy_adapter-6.7.1.dist-info}/RECORD

@@ -2,9 +2,9 @@ mcp_proxy_adapter/__init__.py,sha256=iH0EBBsRj_cfZJpAIsgN_8tTdfefhnl6uUKHjLHhWDQ
 mcp_proxy_adapter/__main__.py,sha256=sq3tANRuTd18euamt0Bmn1sJeAyzXENZ5VvsMwbrDFA,579
 mcp_proxy_adapter/config.py,sha256=QpoPaUKcWJ-eu6HYphhIZmkc2M-p1JgpLFAgolf_l5s,20161
 mcp_proxy_adapter/custom_openapi.py,sha256=XRviX-C-ZkSKdBhORhDTdeN_1FWyEfXZADiASft3t9I,28149
-mcp_proxy_adapter/main.py,sha256=lafb36V8otAh6PNXRudAXiUiEOj--Kn-IWjKh6pjujI,7262
+mcp_proxy_adapter/main.py,sha256=ILdGeikcZls2y9Uro0bQLi53FPSuJv_yZBio-3WD2zM,9233
 mcp_proxy_adapter/openapi.py,sha256=2UZOI09ZDRJuBYBjKbMyb2U4uASszoCMD5o_4ktRpvg,13480
-mcp_proxy_adapter/version.py,sha256=WYWxAMbc-M1fskDBD0wnKbYT9ZwhtTm6JJjeznQdI30,74
+mcp_proxy_adapter/version.py,sha256=f7P2CcobyBU9CJovfKbOnqeKTQDfipyBZBpKBXU94nM,74
 mcp_proxy_adapter/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 mcp_proxy_adapter/api/app.py,sha256=GGhA5X7HQPLJFxeaWHu5YUwi2ldPvPvJD2YcaL9Nbo0,37874
 mcp_proxy_adapter/api/handlers.py,sha256=X-hcMNVeTAu4yVkKJEChEsj2bFptUS6sLNN-Wysjkow,10011
@@ -69,6 +69,7 @@ mcp_proxy_adapter/core/errors.py,sha256=UNEfdmK0zPGJrWH1zUMRjHIJMcoVDcBO4w8xxKHB
 mcp_proxy_adapter/core/logging.py,sha256=gNI6vfPQC7jrUtVu6NeDsmU72JPlrRRBhtJipL1eVrI,9560
 mcp_proxy_adapter/core/mtls_asgi.py,sha256=tvk0P9024s18dcCHY9AaQIecT4ojOTv21EuQWXwooU0,5200
 mcp_proxy_adapter/core/mtls_asgi_app.py,sha256=DT_fTUH1RkvBa3ThbyCyNb-XUHyCb4DqaKA1gcZC6z4,6538
+mcp_proxy_adapter/core/mtls_proxy.py,sha256=5APlWs0ImiHGEC65W_7F-PbVO3NZ2BVSj9r14AcUtTE,6011
 mcp_proxy_adapter/core/mtls_server.py,sha256=_hj6QWuExKX2LRohYvjPGFC2qTutS7ObegpEc09QijM,10117
 mcp_proxy_adapter/core/protocol_manager.py,sha256=iaXWsfm1XSfemz5QQBesMluc4cwf-LtuZVi9bm1uj28,14680
 mcp_proxy_adapter/core/proxy_client.py,sha256=CB6KBhV3vH2GU5nZ27VZ_xlNbYTAU_tnYFrkuK5He58,6094
@@ -133,8 +134,8 @@ mcp_proxy_adapter/schemas/base_schema.json,sha256=v9G9cGMd4dRhCZsOQ_FMqOi5VFyVbI
 mcp_proxy_adapter/schemas/openapi_schema.json,sha256=C3yLkwmDsvnLW9B5gnKKdBGl4zxkeU-rEmjTrNVsQU0,8405
 mcp_proxy_adapter/schemas/roles.json,sha256=pgf_ZyqKyXbfGUxvobpiLiSJz9zzxrMuoVWEkEpz3N8,764
 mcp_proxy_adapter/schemas/roles_schema.json,sha256=deHgI7L6GwfBXacOlNtDgDJelDThppClC3Ti4Eh8rJY,5659
-mcp_proxy_adapter-6.7.0.dist-info/METADATA,sha256=Upk66n9c4K4EzBE7wRqh9V-dv_juyUZkUmYIJO6SJ-4,8510
-mcp_proxy_adapter-6.7.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mcp_proxy_adapter-6.7.0.dist-info/entry_points.txt,sha256=Bf-O5Aq80n22Ayu9fI9BgidzWqwzIVaqextAddTuHZw,563
-mcp_proxy_adapter-6.7.0.dist-info/top_level.txt,sha256=JZT7vPLBYrtroX-ij68JBhJYbjDdghcV-DFySRy-Nnw,18
-mcp_proxy_adapter-6.7.0.dist-info/RECORD,,
+mcp_proxy_adapter-6.7.1.dist-info/METADATA,sha256=82G1E37shptreMST_9zGo9VaqSyFShYmAiOUSvI9x2o,8510
+mcp_proxy_adapter-6.7.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mcp_proxy_adapter-6.7.1.dist-info/entry_points.txt,sha256=Bf-O5Aq80n22Ayu9fI9BgidzWqwzIVaqextAddTuHZw,563
+mcp_proxy_adapter-6.7.1.dist-info/top_level.txt,sha256=JZT7vPLBYrtroX-ij68JBhJYbjDdghcV-DFySRy-Nnw,18
+mcp_proxy_adapter-6.7.1.dist-info/RECORD,,