Class: VectorMCP::Security::Middleware

Inherits:

Object

• Object
• VectorMCP::Security::Middleware

Defined in:

lib/vector_mcp/security/middleware.rb

Overview

Security middleware for request authentication and authorization Integrates with transport layers to provide security controls

Instance Attribute Summary

• #auth_manager ⇒ Object readonly

  Returns the value of attribute auth_manager.

• #authorization ⇒ Object readonly

  Returns the value of attribute authorization.

Instance Method Summary

• #authenticate_request(request, strategy: nil) ⇒ SessionContext

  Authenticate a request and return session context.

• #authorize_action(session_context, action, resource) ⇒ Boolean

  Check if a session is authorized for an action on a resource.

• #initialize(auth_manager, authorization) ⇒ Middleware constructor

  Initialize middleware with auth components.

• #normalize_request(transport_request) ⇒ Hash

  Create a request object from different transport formats.

• #process_request(request, action: :access, resource: nil) ⇒ Hash

  Process a request through the complete security pipeline.

• #security_enabled? ⇒ Boolean

  Check if security is enabled.

• #security_status ⇒ Hash

  Get security status for debugging/monitoring.

Constructor Details

#initialize(auth_manager, authorization) ⇒ Middleware

Initialize middleware with auth components

Parameters:

• auth_manager (AuthManager) —

  the authentication manager

• authorization (Authorization) —

  the authorization manager

# File 'lib/vector_mcp/security/middleware.rb', line 13

def initialize(auth_manager, authorization)
  @auth_manager = auth_manager
  @authorization = authorization
end

Instance Attribute Details

#auth_manager ⇒ Object (readonly)

Returns the value of attribute auth_manager.

# File 'lib/vector_mcp/security/middleware.rb', line 8

def auth_manager
  @auth_manager
end

#authorization ⇒ Object (readonly)

Returns the value of attribute authorization.

# File 'lib/vector_mcp/security/middleware.rb', line 8

def authorization
  @authorization
end

Instance Method Details

#authenticate_request(request, strategy: nil) ⇒ SessionContext

Authenticate a request and return session context

Parameters:

• request (Hash) —

  the request object

• strategy (Symbol) (defaults to: nil) —

  optional authentication strategy override

Returns:

• (SessionContext) —

  the session context for the request

# File 'lib/vector_mcp/security/middleware.rb', line 22

def authenticate_request(request, strategy: nil)
  auth_result = @auth_manager.authenticate(request, strategy: strategy)
  SessionContext.from_auth_result(auth_result)
end

#authorize_action(session_context, action, resource) ⇒ Boolean

Check if a session is authorized for an action on a resource

Parameters:

• session_context (SessionContext) —

  the session context

• action (Symbol) —

  the action being attempted

• resource (Object) —

  the resource being accessed

Returns:

• (Boolean) —

  true if authorized

# File 'lib/vector_mcp/security/middleware.rb', line 32

def authorize_action(session_context, action, resource)
  # Always allow if authorization is disabled
  return true unless @authorization.required?

  # Check authorization policy
  @authorization.authorize(session_context.user, action, resource)
end

#normalize_request(transport_request) ⇒ Hash

Create a request object from different transport formats

Parameters:

• transport_request (Object) —

  the transport-specific request

Returns:

• (Hash) —

  normalized request object

# File 'lib/vector_mcp/security/middleware.rb', line 79

def normalize_request(transport_request)
  case transport_request
  when Hash
    # Check if it's a Rack environment (has REQUEST_METHOD key)
    if transport_request.key?("REQUEST_METHOD")
      extract_from_rack_env(transport_request)
    else
      # Already normalized
      transport_request
    end
  else
    # Extract from transport-specific request (e.g., custom objects)
    extract_request_data(transport_request)
  end
end

#process_request(request, action: :access, resource: nil) ⇒ Hash

Process a request through the complete security pipeline

Parameters:

• request (Hash) —

  the request object

• action (Symbol) (defaults to: :access) —

  the action being attempted

• resource (Object) (defaults to: nil) —

  the resource being accessed

Returns:

• (Hash) —

  result with session_context and authorization status

# File 'lib/vector_mcp/security/middleware.rb', line 45

def process_request(request, action: :access, resource: nil)
  # Step 1: Authenticate the request
  session_context = authenticate_request(request)

  # Step 2: Check if authentication is required but failed
  if @auth_manager.required? && !session_context.authenticated?
    return {
      success: false,
      error: "Authentication required",
      error_code: "AUTHENTICATION_REQUIRED",
      session_context: session_context
    }
  end

  # Step 3: Check authorization if resource is provided
  if resource && !authorize_action(session_context, action, resource)
    return {
      success: false,
      error: "Access denied",
      error_code: "AUTHORIZATION_FAILED",
      session_context: session_context
    }
  end

  # Step 4: Success
  {
    success: true,
    session_context: session_context
  }
end

#security_enabled? ⇒ Boolean

Check if security is enabled

Returns:

• (Boolean) —

  true if any security features are enabled

# File 'lib/vector_mcp/security/middleware.rb', line 97

def security_enabled?
  @auth_manager.required? || @authorization.required?
end

#security_status ⇒ Hash

Get security status for debugging/monitoring

Returns:

• (Hash) —

  current security configuration status

# File 'lib/vector_mcp/security/middleware.rb', line 103

def security_status
  {
    authentication: {
      enabled: @auth_manager.required?,
      strategies: @auth_manager.available_strategies,
      default_strategy: @auth_manager.default_strategy
    },
    authorization: {
      enabled: @authorization.required?,
      policy_types: @authorization.policy_types
    }
  }
end