Class: VectorMCP::Security::SessionContext

Inherits:
Object
  • Object
show all
Defined in:
lib/vector_mcp/security/session_context.rb

Overview

Represents the security context for a user session Contains authentication and authorization information

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(user: nil, authenticated: false, auth_strategy: nil, authenticated_at: nil) ⇒ SessionContext

Initialize session context

Parameters:

  • user (Object) (defaults to: nil)

    the authenticated user object

  • authenticated (Boolean) (defaults to: false)

    whether the user is authenticated

  • auth_strategy (String) (defaults to: nil)

    the authentication strategy used

  • authenticated_at (Time) (defaults to: nil)

    when authentication occurred



15
16
17
18
19
20
21
 
# File 'lib/vector_mcp/security/session_context.rb', line 15

def initialize(user: nil, authenticated: false, auth_strategy: nil, authenticated_at: nil)
  @user = user
  @authenticated = authenticated
  @auth_strategy = auth_strategy
  @authenticated_at = authenticated_at || Time.now
  @permissions = Set.new
end

Instance Attribute Details

#auth_strategyObject (readonly)

Returns the value of attribute auth_strategy.



8
9
10
 
# File 'lib/vector_mcp/security/session_context.rb', line 8

def auth_strategy
  @auth_strategy
end

#authenticatedObject (readonly)

Returns the value of attribute authenticated.



8
9
10
 
# File 'lib/vector_mcp/security/session_context.rb', line 8

def authenticated
  @authenticated
end

#authenticated_atObject (readonly)

Returns the value of attribute authenticated_at.



8
9
10
 
# File 'lib/vector_mcp/security/session_context.rb', line 8

def authenticated_at
  @authenticated_at
end

#permissionsObject (readonly)

Returns the value of attribute permissions.



8
9
10
 
# File 'lib/vector_mcp/security/session_context.rb', line 8

def permissions
  @permissions
end

#userObject (readonly)

Returns the value of attribute user.



8
9
10
 
# File 'lib/vector_mcp/security/session_context.rb', line 8

def user
  @user
end

Class Method Details

.anonymousSessionContext

Create an anonymous (unauthenticated) session context

Returns:



112
113
114
 
# File 'lib/vector_mcp/security/session_context.rb', line 112

def self.anonymous
  new(authenticated: false)
end

.from_auth_result(auth_result) ⇒ SessionContext

Create an authenticated session context from auth result

Parameters:

  • auth_result (Hash)

    the authentication result

Returns:



119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
 
# File 'lib/vector_mcp/security/session_context.rb', line 119

def self.from_auth_result(auth_result)
  return anonymous unless auth_result&.dig(:authenticated)

  user_data = auth_result[:user]

  # Handle special marker for authenticated nil user
  if user_data == :authenticated_nil_user
    new(
      user: nil,
      authenticated: true,
      auth_strategy: "custom",
      authenticated_at: Time.now
    )
  else
    # Extract strategy and authenticated_at only if user_data is a Hash
    strategy = user_data.is_a?(Hash) ? user_data[:strategy] : nil
    auth_time = user_data.is_a?(Hash) ? user_data[:authenticated_at] : nil

    new(
      user: user_data,
      authenticated: true,
      auth_strategy: strategy,
      authenticated_at: auth_time
    )
  end
end

Instance Method Details

#add_permission(permission) ⇒ Object

Add a permission to the session

Parameters:

  • permission (String, Symbol)

    the permission to add



46
47
48
 
# File 'lib/vector_mcp/security/session_context.rb', line 46

def add_permission(permission)
  @permissions << permission.to_s
end

#add_permissions(permissions) ⇒ Object

Add multiple permissions to the session

Parameters:

  • permissions (Array<String, Symbol>)

    the permissions to add



52
53
54
 
# File 'lib/vector_mcp/security/session_context.rb', line 52

def add_permissions(permissions)
  permissions.each { |perm| add_permission(perm) }
end

#auth_methodString

Get authentication method used

Returns:

  • (String)

    the authentication strategy



85
86
87
 
# File 'lib/vector_mcp/security/session_context.rb', line 85

def auth_method
  @auth_strategy || "none"
end

#auth_recent?(max_age: 3600) ⇒ Boolean

Check if authentication is recent (within specified seconds)

Parameters:

  • max_age (Integer) (defaults to: 3600)

    maximum age in seconds (default: 3600 = 1 hour)

Returns:

  • (Boolean)

    true if authentication is recent



92
93
94
95
96
 
# File 'lib/vector_mcp/security/session_context.rb', line 92

def auth_recent?(max_age: 3600)
  return false unless authenticated?

  (Time.now - @authenticated_at) <= max_age
end

#authenticated?Boolean

Check if the session is authenticated

Returns:

  • (Boolean)

    true if authenticated



25
26
27
 
# File 'lib/vector_mcp/security/session_context.rb', line 25

def authenticated?
  @authenticated
end

#can?(permission) ⇒ Boolean

Check if the user has a specific permission

Parameters:

  • permission (String, Symbol)

    the permission to check

Returns:

  • (Boolean)

    true if user has the permission



32
33
34
 
# File 'lib/vector_mcp/security/session_context.rb', line 32

def can?(permission)
  @permissions.include?(permission.to_s)
end

#can_access?(action, resource) ⇒ Boolean

Check if the user can perform an action on a resource

Parameters:

  • action (String, Symbol)

    the action (e.g., 'read', 'write', 'execute')

  • resource (String, Symbol)

    the resource (e.g., 'tools', 'resources')

Returns:

  • (Boolean)

    true if user can perform the action



40
41
42
 
# File 'lib/vector_mcp/security/session_context.rb', line 40

def can_access?(action, resource)
  can?("#{action}:#{resource}") || can?("#{action}:*") || can?("*:#{resource}") || can?("*:*")
end

#clear_permissionsObject

Clear all permissions



63
64
65
 
# File 'lib/vector_mcp/security/session_context.rb', line 63

def clear_permissions
  @permissions.clear
end

#remove_permission(permission) ⇒ Object

Remove a permission from the session

Parameters:

  • permission (String, Symbol)

    the permission to remove



58
59
60
 
# File 'lib/vector_mcp/security/session_context.rb', line 58

def remove_permission(permission)
  @permissions.delete(permission.to_s)
end

#to_hHash

Convert to hash for serialization

Returns:

  • (Hash)

    session context as hash



100
101
102
103
104
105
106
107
108
 
# File 'lib/vector_mcp/security/session_context.rb', line 100

def to_h
  {
    authenticated: @authenticated,
    user_identifier: user_identifier,
    auth_strategy: @auth_strategy,
    authenticated_at: @authenticated_at&.iso8601,
    permissions: @permissions.to_a
  }
end

#user_identifierString

Get user identifier for logging/auditing

Returns:

  • (String)

    a string identifying the user



69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/vector_mcp/security/session_context.rb', line 69

def user_identifier
  return "anonymous" unless authenticated?
  return "anonymous" if @user.nil?

  case @user
  when Hash
    @user[:user_id] || @user[:sub] || @user[:email] || @user[:api_key] || "authenticated_user"
  when String
    @user
  else
    @user.respond_to?(:id) ? @user.id.to_s : "authenticated_user"
  end
end