mcp-security-framework 0.1.0__py3-none-any.whl → 1.1.0__py3-none-any.whl

mcp_security_framework/examples/flask_example.py

@@ -101,10 +101,10 @@ class FlaskExample:
                 security_headers=DEFAULT_SECURITY_HEADERS
             ),
             ssl=SSLConfig(
-                enabled=True,
-                cert_file="certs/server.crt",
-                key_file="certs/server.key",
-                ca_cert_file="certs/ca.crt",
+                enabled=False,  # Disable SSL for testing
+                cert_file=None,
+                key_file=None,
+                ca_cert_file=None,
                 verify_mode="CERT_REQUIRED",
                 min_version="TLSv1.2"
             ),
@@ -473,22 +473,27 @@ class FlaskExampleTest:
         readonly_roles = ["readonly"]
         
         # Admin should have all permissions
-        assert example.security_manager.permission_manager.validate_access(
+        admin_result = example.security_manager.permission_manager.validate_access(
             admin_roles, ["read", "write", "delete"]
         )
+        assert admin_result.is_valid
         
         # User should have read and write permissions
-        assert example.security_manager.permission_manager.validate_access(
+        user_result = example.security_manager.permission_manager.validate_access(
             user_roles, ["read", "write"]
         )
+        assert user_result.is_valid
         
         # Readonly should only have read permission
-        assert example.security_manager.permission_manager.validate_access(
+        readonly_read_result = example.security_manager.permission_manager.validate_access(
             readonly_roles, ["read"]
         )
-        assert not example.security_manager.permission_manager.validate_access(
+        assert readonly_read_result.is_valid
+        
+        readonly_write_result = example.security_manager.permission_manager.validate_access(
             readonly_roles, ["write"]
         )
+        assert not readonly_write_result.is_valid
         
         print("✅ Permission checking test passed")
 
@@ -500,7 +505,42 @@ if __name__ == "__main__":
     FlaskExampleTest.test_rate_limiting()
     FlaskExampleTest.test_permissions()
     
-    # Start server
-    print("\nStarting Flask Example Server...")
+    # Start server in background thread for testing
+    print("\nStarting Flask Example Server in background...")
     example = FlaskExample()
-    example.run()
+    
+    import threading
+    import time
+    import requests
+    
+    # Start server in background thread
+    server_thread = threading.Thread(target=example.run, daemon=True)
+    server_thread.start()
+    
+    # Wait for server to start
+    time.sleep(3)
+    
+    try:
+        # Test server endpoints
+        print("Testing server endpoints...")
+        
+        # Test health endpoint
+        response = requests.get("http://localhost:5000/health", timeout=5)
+        print(f"Health endpoint: {response.status_code}")
+        
+        # Test metrics endpoint
+        response = requests.get("http://localhost:5000/metrics", timeout=5)
+        print(f"Metrics endpoint: {response.status_code}")
+        
+        # Test protected endpoint with API key
+        headers = {"X-API-Key": "admin_key_123"}
+        response = requests.get("http://localhost:5000/api/v1/users/me", headers=headers, timeout=5)
+        print(f"Protected endpoint: {response.status_code}")
+        
+        print("✅ Server testing completed successfully")
+        
+    except requests.exceptions.RequestException as e:
+        print(f"⚠️  Server testing failed: {e}")
+    
+    # Server will automatically stop when main thread exits
+    print("Flask example completed")

mcp_security_framework/examples/gateway_example.py

@@ -23,7 +23,7 @@ import logging
 import asyncio
 import aiohttp
 from typing import Dict, List, Any, Optional
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 
 from mcp_security_framework.core.security_manager import SecurityManager
 from mcp_security_framework.core.auth_manager import AuthManager
@@ -97,14 +97,14 @@ class APIGatewayExample:
                 public_paths=["/health", "/metrics", "/status"],
                 security_headers=DEFAULT_SECURITY_HEADERS
             ),
-            ssl=SSLConfig(
-                enabled=True,
-                cert_file="certs/gateway.crt",
-                key_file="certs/gateway.key",
-                ca_cert_file="certs/ca.crt",
-                verify_mode="CERT_REQUIRED",
-                min_version="TLSv1.2"
-            ),
+                    ssl=SSLConfig(
+            enabled=False,  # Disable SSL for example
+            cert_file=None,
+            key_file=None,
+            ca_cert_file=None,
+            verify_mode="CERT_REQUIRED",
+            min_version="TLSv1.2"
+        ),
             rate_limit={
                 "enabled": True,
                 "default_requests_per_minute": 500,  # Gateway-level limits
@@ -265,7 +265,7 @@ class APIGatewayExample:
                 "service": routing_rule["service"],
                 "success": True,
                 "request_id": request_id,
-                "timestamp": datetime.utcnow().isoformat()
+                "timestamp": datetime.now(timezone.utc).isoformat()
             })
             
             return response
@@ -496,7 +496,7 @@ class APIGatewayExample:
                 "headers": response_headers,
                 "data": response_data,
                 "request_id": request_id,
-                "timestamp": datetime.utcnow().isoformat()
+                "timestamp": datetime.now(timezone.utc).isoformat()
             }
             
         except Exception as e:
@@ -530,7 +530,7 @@ class APIGatewayExample:
             "status_code": status_code,
             "request_id": request_id,
             "details": details,
-            "timestamp": datetime.utcnow().isoformat()
+            "timestamp": datetime.now(timezone.utc).isoformat()
         }
     
     def _generate_request_id(self) -> str:
@@ -595,7 +595,7 @@ class APIGatewayExample:
             return {
                 "status": "healthy" if overall_healthy else "unhealthy",
                 "gateway": "api-gateway",
-                "timestamp": datetime.utcnow().isoformat(),
+                "timestamp": datetime.now(timezone.utc).isoformat(),
                 "checks": {
                     "security_manager": security_healthy,
                     "rate_limiter": rate_limit_healthy,
@@ -609,7 +609,7 @@ class APIGatewayExample:
                 "status": "unhealthy",
                 "gateway": "api-gateway",
                 "error": str(e),
-                "timestamp": datetime.utcnow().isoformat()
+                "timestamp": datetime.now(timezone.utc).isoformat()
             }
     
     async def get_metrics(self) -> Dict[str, Any]:
@@ -632,7 +632,7 @@ class APIGatewayExample:
             
             return {
                 "gateway": "api-gateway",
-                "timestamp": datetime.utcnow().isoformat(),
+                "timestamp": datetime.now(timezone.utc).isoformat(),
                 "rate_limiting": rate_limit_stats,
                 "routing": routing_stats,
                 "security": self.get_security_status()
@@ -642,7 +642,7 @@ class APIGatewayExample:
             return {
                 "gateway": "api-gateway",
                 "error": str(e),
-                "timestamp": datetime.utcnow().isoformat()
+                "timestamp": datetime.now(timezone.utc).isoformat()
             }
     
     def get_security_status(self) -> Dict[str, Any]:
@@ -660,7 +660,7 @@ class APIGatewayExample:
             "permissions_enabled": self.config.permissions.enabled,
             "logging_enabled": self.config.logging.enabled,
             "auth_methods": self.config.auth.methods,
-            "timestamp": datetime.utcnow().isoformat()
+            "timestamp": datetime.now(timezone.utc).isoformat()
         }
 
 
@@ -801,3 +801,95 @@ async def main():
 
 if __name__ == "__main__":
     asyncio.run(main())
+    
+    # Start HTTP server in background for testing
+    print("\nStarting API Gateway HTTP Server in background...")
+    
+    import threading
+    import time
+    import requests
+    from http.server import HTTPServer, BaseHTTPRequestHandler
+    import json
+    
+    class GatewayHandler(BaseHTTPRequestHandler):
+        def do_GET(self):
+            if self.path == "/health":
+                self.send_response(200)
+                self.send_header("Content-type", "application/json")
+                self.end_headers()
+                response = {"status": "healthy", "gateway": "api-gateway"}
+                self.wfile.write(json.dumps(response).encode())
+            
+            elif self.path == "/metrics":
+                self.send_response(200)
+                self.send_header("Content-type", "application/json")
+                self.end_headers()
+                response = {
+                    "gateway": "api-gateway",
+                    "requests_total": 100,
+                    "requests_per_minute": 10
+                }
+                self.wfile.write(json.dumps(response).encode())
+            
+            elif self.path == "/proxy":
+                api_key = self.headers.get("X-API-Key")
+                if not api_key:
+                    self.send_response(401)
+                    self.send_header("Content-type", "application/json")
+                    self.end_headers()
+                    response = {"error": "API key required"}
+                    self.wfile.write(json.dumps(response).encode())
+                else:
+                    self.send_response(200)
+                    self.send_header("Content-type", "application/json")
+                    self.end_headers()
+                    response = {
+                        "success": True,
+                        "message": "Request proxied successfully",
+                        "api_key": api_key
+                    }
+                    self.wfile.write(json.dumps(response).encode())
+            
+            else:
+                self.send_response(404)
+                self.end_headers()
+        
+        def log_message(self, format, *args):
+            # Suppress logging
+            pass
+    
+    def run_server():
+        """Run the HTTP server."""
+        server = HTTPServer(("0.0.0.0", 8080), GatewayHandler)
+        server.serve_forever()
+    
+    # Start server in background thread
+    server_thread = threading.Thread(target=run_server, daemon=True)
+    server_thread.start()
+    
+    # Wait for server to start
+    time.sleep(2)
+    
+    try:
+        # Test server endpoints
+        print("Testing API Gateway server endpoints...")
+        
+        # Test health endpoint
+        response = requests.get("http://localhost:8080/health", timeout=5)
+        print(f"Health endpoint: {response.status_code}")
+        
+        # Test metrics endpoint
+        response = requests.get("http://localhost:8080/metrics", timeout=5)
+        print(f"Metrics endpoint: {response.status_code}")
+        
+        # Test proxy endpoint with API key
+        headers = {"X-API-Key": "test_key_123"}
+        response = requests.get("http://localhost:8080/proxy", headers=headers, timeout=5)
+        print(f"Proxy endpoint: {response.status_code}")
+        
+        print("✅ API Gateway server testing completed successfully")
+        
+    except requests.exceptions.RequestException as e:
+        print(f"⚠️  API Gateway server testing failed: {e}")
+    
+    print("API Gateway example completed")

mcp_security_framework/examples/microservice_example.py

@@ -23,7 +23,7 @@ import logging
 import asyncio
 import aiohttp
 from typing import Dict, List, Any, Optional
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 
 from mcp_security_framework.core.security_manager import SecurityManager
 from mcp_security_framework.core.auth_manager import AuthManager
@@ -99,10 +99,10 @@ class MicroserviceExample:
                 security_headers=DEFAULT_SECURITY_HEADERS
             ),
             ssl=SSLConfig(
-                enabled=True,
-                cert_file=f"certs/{self.service_name}.crt",
-                key_file=f"certs/{self.service_name}.key",
-                ca_cert_file="certs/ca.crt",
+                enabled=False,  # Disable SSL for example
+                cert_file=None,
+                key_file=None,
+                ca_cert_file=None,
                 verify_mode="CERT_REQUIRED",
                 min_version="TLSv1.2"
             ),
@@ -263,7 +263,7 @@ class MicroserviceExample:
                     "error": "Rate limit exceeded",
                     "error_code": ErrorCodes.RATE_LIMIT_EXCEEDED_ERROR,
                     "request_id": request_id,
-                    "timestamp": datetime.utcnow().isoformat()
+                    "timestamp": datetime.now(timezone.utc).isoformat()
                 }
             
             # Step 2: Authentication
@@ -275,7 +275,7 @@ class MicroserviceExample:
                     "error_code": auth_result.error_code,
                     "error_message": auth_result.error_message,
                     "request_id": request_id,
-                    "timestamp": datetime.utcnow().isoformat()
+                    "timestamp": datetime.now(timezone.utc).isoformat()
                 }
             
             # Step 3: Authorization
@@ -286,7 +286,7 @@ class MicroserviceExample:
                     "error": "Insufficient permissions",
                     "error_code": ErrorCodes.PERMISSION_DENIED_ERROR,
                     "request_id": request_id,
-                    "timestamp": datetime.utcnow().isoformat()
+                    "timestamp": datetime.now(timezone.utc).isoformat()
                 }
             
             # Step 4: Process the action
@@ -299,7 +299,7 @@ class MicroserviceExample:
                 "resource": resource,
                 "success": True,
                 "request_id": request_id,
-                "timestamp": datetime.utcnow().isoformat()
+                "timestamp": datetime.now(timezone.utc).isoformat()
             })
             
             return {
@@ -311,7 +311,7 @@ class MicroserviceExample:
                     "auth_method": auth_result.auth_method
                 },
                 "request_id": request_id,
-                "timestamp": datetime.utcnow().isoformat()
+                "timestamp": datetime.now(timezone.utc).isoformat()
             }
             
         except Exception as e:
@@ -321,7 +321,7 @@ class MicroserviceExample:
                 "error": "Internal server error",
                 "error_code": ErrorCodes.GENERAL_ERROR,
                 "request_id": request_id if 'request_id' in locals() else self._generate_request_id(),
-                "timestamp": datetime.utcnow().isoformat()
+                "timestamp": datetime.now(timezone.utc).isoformat()
             }
     
     def authenticate_user(self, credentials: Dict[str, Any]) -> AuthResult:
@@ -506,7 +506,7 @@ class MicroserviceExample:
             return {
                 "status": "healthy" if overall_healthy else "unhealthy",
                 "service": self.service_name,
-                "timestamp": datetime.utcnow().isoformat(),
+                "timestamp": datetime.now(timezone.utc).isoformat(),
                 "checks": {
                     "security_manager": security_healthy,
                     "rate_limiter": rate_limit_healthy,
@@ -520,7 +520,7 @@ class MicroserviceExample:
                 "status": "unhealthy",
                 "service": self.service_name,
                 "error": str(e),
-                "timestamp": datetime.utcnow().isoformat()
+                "timestamp": datetime.now(timezone.utc).isoformat()
             }
     
     async def get_metrics(self) -> Dict[str, Any]:
@@ -539,7 +539,7 @@ class MicroserviceExample:
             
             return {
                 "service": self.service_name,
-                "timestamp": datetime.utcnow().isoformat(),
+                "timestamp": datetime.now(timezone.utc).isoformat(),
                 "rate_limiting": rate_limit_stats,
                 "security": security_status,
                 "service_registry": {
@@ -552,7 +552,7 @@ class MicroserviceExample:
             return {
                 "service": self.service_name,
                 "error": str(e),
-                "timestamp": datetime.utcnow().isoformat()
+                "timestamp": datetime.now(timezone.utc).isoformat()
             }
     
     def get_security_status(self) -> Dict[str, Any]:
@@ -570,7 +570,7 @@ class MicroserviceExample:
             "permissions_enabled": self.config.permissions.enabled,
             "logging_enabled": self.config.logging.enabled,
             "auth_methods": self.config.auth.methods,
-            "timestamp": datetime.utcnow().isoformat()
+            "timestamp": datetime.now(timezone.utc).isoformat()
         }
 
 
@@ -688,3 +688,99 @@ async def main():
 
 if __name__ == "__main__":
     asyncio.run(main())
+    
+    # Start HTTP server in background for testing
+    print("\nStarting Microservice HTTP Server in background...")
+    
+    import threading
+    import time
+    import requests
+    from http.server import HTTPServer, BaseHTTPRequestHandler
+    import json
+    
+    class MicroserviceHandler(BaseHTTPRequestHandler):
+        def do_GET(self):
+            if self.path == "/health":
+                self.send_response(200)
+                self.send_header("Content-type", "application/json")
+                self.end_headers()
+                response = {"status": "healthy", "service": "user-service"}
+                self.wfile.write(json.dumps(response).encode())
+            
+            elif self.path == "/metrics":
+                self.send_response(200)
+                self.send_header("Content-type", "application/json")
+                self.end_headers()
+                response = {
+                    "service": "user-service",
+                    "requests_total": 50,
+                    "requests_per_minute": 5
+                }
+                self.wfile.write(json.dumps(response).encode())
+            
+            elif self.path == "/api/v1/users/123":
+                api_key = self.headers.get("X-API-Key")
+                if not api_key:
+                    self.send_response(401)
+                    self.send_header("Content-type", "application/json")
+                    self.end_headers()
+                    response = {"error": "API key required"}
+                    self.wfile.write(json.dumps(response).encode())
+                else:
+                    self.send_response(200)
+                    self.send_header("Content-type", "application/json")
+                    self.end_headers()
+                    response = {
+                        "success": True,
+                        "data": {
+                            "user_id": "123",
+                            "username": "test_user",
+                            "email": "test@example.com"
+                        },
+                        "service": "user-service"
+                    }
+                    self.wfile.write(json.dumps(response).encode())
+            
+            else:
+                self.send_response(404)
+                self.end_headers()
+        
+        def log_message(self, format, *args):
+            # Suppress logging
+            pass
+    
+    def run_server():
+        """Run the HTTP server."""
+        server = HTTPServer(("0.0.0.0", 8081), MicroserviceHandler)
+        server.serve_forever()
+    
+    # Start server in background thread
+    server_thread = threading.Thread(target=run_server, daemon=True)
+    server_thread.start()
+    
+    # Wait for server to start
+    time.sleep(2)
+    
+    try:
+        # Test server endpoints
+        print("Testing Microservice server endpoints...")
+        
+        # Test health endpoint
+        response = requests.get("http://localhost:8081/health", timeout=5)
+        print(f"Health endpoint: {response.status_code}")
+        
+        # Test metrics endpoint
+        response = requests.get("http://localhost:8081/metrics", timeout=5)
+        print(f"Metrics endpoint: {response.status_code}")
+        
+        # Test API endpoint with API key
+        headers = {"X-API-Key": "service_key_123"}
+        response = requests.get("http://localhost:8081/api/v1/users/123", headers=headers, timeout=5)
+        print(f"API endpoint: {response.status_code}")
+        
+        print("✅ Microservice server testing completed successfully")
+        
+    except requests.exceptions.RequestException as e:
+        print(f"⚠️  Microservice server testing failed: {e}")
+    
+    print("Microservice example completed")