)`iGddlZddlZddlmZddlmZddlmZmZm Z ddl m Z ddl m Z mZmZddlmZmZGdd e ZGd d eZGd d ZdS)N)Any) AnyHttpUrl)AuthCredentialsAuthenticationBackend SimpleUser)HTTPConnection)ReceiveScopeSend) AccessToken TokenVerifierc(eZdZdZdeffd ZxZS)AuthenticatedUserzUser with authentication info. auth_infoczt|j||_|j|_dSN)super__init__ client_id access_tokenscopes)selfr __class__s z/home/jaya/work/projects/VOICE-AGENT/VIET/agent-env/lib/python3.11/site-packages/mcp/server/auth/middleware/bearer_auth.pyrzAuthenticatedUser.__init__s4 ,---%& )__name__ __module__ __qualname____doc__r r __classcell__)rs@rrr sJ(('+''''''''''rrc*eZdZdZdefdZdefdZdS)BearerAuthBackendzT Authentication backend that validates Bearer tokens using a TokenVerifier. token_verifierc||_dSr)r#)rr#s rrzBearerAuthBackend.__init__s,rconncKtfdjDd}|r'|dsdS|dd}|j|d{V}|sdS|jr+|jttjkrdSt|j t|fS)Nc3|K|]6}|dkj|V7dS) authorizationN)lowerheadersget).0keyr%s r z1BearerAuthBackend.authenticate.. sE ] ]sciikk_>\>\T\  c " ">\>\>\>\ ] ]rzbearer ) nextr*r) startswithr# verify_token expires_atinttimerrr)rr% auth_headertokenrs ` r authenticatezBearerAuthBackend.authenticates ] ] ] ]dl ] ] ]    +"3"3"5"5"@"@"K"K 4ABB-::5AAAAAAAA  4   I$83ty{{;K;K$K$K4y/002CI2N2NNNrN)rrrrr rrr8rrr"r"s[-}----O~OOOOOOrr"c peZdZdZ ddedeededzfdZde de d e d dfd Z d e d e d eded df dZdS)RequireAuthMiddlewarez Middleware that requires a valid Bearer token in the Authorization header. This will validate the token with the auth provider and store the resulting auth info in the request state. Napprequired_scopesresource_metadata_urlc0||_||_||_dS)a  Initialize the middleware. Args: app: ASGI application required_scopes: List of scopes that the token must have resource_metadata_url: Optional protected resource metadata URL for WWW-Authenticate header N)r<r=r>)rr<r=r>s rrzRequireAuthMiddleware.__init__<s!.%:"""rscopereceivesendreturncxK|d}t|ts!||dddd{VdS|d}|jD]2}| ||jvr%||ddd |d{VdS3||||d{VdS) Nuseri invalid_tokenzAuthentication required) status_codeerror descriptionauthiinsufficient_scopezRequired scope: )r+ isinstancer_send_auth_errorr=rr<)rr@rArB auth_userauth_credentialsrequired_scopes r__call__zRequireAuthMiddleware.__call__Ns<IIf%% )%677 ''#_Jc(        F 99V,,"2  N'>AQAX+X+X++c1ESvftSvSv, ,Y hhugt,,,,,,,,,,,rrGrHrIc Kd|dd|dg}|jr|d|jddd|}||d}tj|}|d|d d t t|fd |fgd d {V|d|dd {Vd S)zCSend an authentication error response with WWW-Authenticate header.zerror=""zerror_description="zresource_metadata="zBearer z, )rHerror_descriptionzhttp.response.start)s content-typesapplication/jsonscontent-lengthswww-authenticate)typestatusr*Nzhttp.response.body)rUbody)r>appendjoinjsondumpsencodestrlen) rrBrGrHrIwww_auth_partswww_authenticaterW body_bytess rrMz&RequireAuthMiddleware._send_auth_errorbsk-E,,,.RK.R.R.RS  % W  ! !"U8R"U"U"U V V V@TYY~%>%>@@[AAZ%%,,.. d-%:&C OO(<(<(C(C(E(EF(*:*A*A*C*CD     d,"             rr)rrrrrlistr]rrr r r rQr4rMr9rrr;r;4s48 ;; ;c; *D0 ;;;;$-E-G-4-D----( 4 c # \_ dh      rr;)rZr5typingrpydanticrstarlette.authenticationrrrstarlette.requestsrstarlette.typesr r r mcp.server.auth.providerr r rr"r;r9rrris: WWWWWWWWWW------0000000000????????''''' '''OOOOO-OOO