{h3ddlZddlZddlmZddlmZddlmZmZm Z ddl m Z ddl m Z mZmZddlmZmZGdd e ZGd d eZGd d Zy)N)Any) AnyHttpUrl)AuthCredentialsAuthenticationBackend SimpleUser)HTTPConnection)ReceiveScopeSend) AccessToken TokenVerifierc(eZdZdZdeffd ZxZS)AuthenticatedUserzUser with authentication info. auth_infocht||j||_|j|_yN)super__init__ client_id access_tokenscopes)selfr __class__s g/var/www/html/hubwallet-dev/venv/lib/python3.12/site-packages/mcp/server/auth/middleware/bearer_auth.pyrzAuthenticatedUser.__init__s+ ,,-%&& )__name__ __module__ __qualname____doc__r r __classcell__)rs@rrr s('+''rrc(eZdZdZdefdZdefdZy)BearerAuthBackendzT Authentication backend that validates Bearer tokens using a TokenVerifier. token_verifierc||_yr)r#)rr#s rrzBearerAuthBackend.__init__s ,rconncKtfdjDd}|r|jjdsy|dd}|jj |d{}|sy|j r+|j ttjkryt|jt|fS7^w)Nc3|K|]3}|jdk(sjj|5yw) authorizationN)lowerheadersget).0keyr%s r z1BearerAuthBackend.authenticate.. s- ]sciik_>\T\\  c " ]s< <zbearer ) nextr*r) startswithr# verify_token expires_atinttimerrr)rr% auth_headertokenrs ` r authenticatezBearerAuthBackend.authenticates ]dll ]  +"3"3"5"@"@"KAB--::5AA    I$8$83tyy{;K$Ky//02CI2NNNBsA%C (C)AC N)rrrrr rrr8rrr"r"s!-}-O~Orr"c heZdZdZ ddedeededzfdZde de d e d dfd Z d e d e d eded df dZy)RequireAuthMiddlewarez Middleware that requires a valid Bearer token in the Authorization header. This will validate the token with the auth provider and store the resulting auth info in the request state. Napprequired_scopesresource_metadata_urlc.||_||_||_y)a  Initialize the middleware. Args: app: ASGI application required_scopes: List of scopes that the token must have resource_metadata_url: Optional protected resource metadata URL for WWW-Authenticate header N)r<r=r>)rr<r=r>s rrzRequireAuthMiddleware.__init__<s.%:"rscopereceivesendreturnctK|jd}t|ts|j|dddd{y|jd}|jD]4}|||j vs|j|ddd |d{y|j |||d{y7u7%7 w) Nuseri invalid_tokenzAuthentication required) status_codeerror descriptionauthiinsufficient_scopezRequired scope: )r+ isinstancer_send_auth_errorr=rr<)rr@rArB auth_userauth_credentialsrequired_scopes r__call__zRequireAuthMiddleware.__call__NsIIf% )%67''#_Jc(    99V,"22 N'>AQAXAX+X++c1EUefteuSv,  hhugt,,,  -s9:B8B25B83B8B4B8,B6-B84B86B8rGrHrIc Kd|dd|dg}|jr|jd|jdddj|}||d}tj|j }|d|d d t t|j fd |j fgd d {|d|dd {y 77w)zCSend an authentication error response with WWW-Authenticate header.zerror=""zerror_description="zresource_metadata="zBearer z, )rHerror_descriptionzhttp.response.start)s content-typesapplication/jsonscontent-lengthswww-authenticate)typestatusr*Nzhttp.response.body)rUbody)r>appendjoinjsondumpsencodestrlen) rrBrGrHrIwww_auth_partswww_authenticaterW body_bytess rrMz&RequireAuthMiddleware._send_auth_errorbs$E7!,0CK=PQ.RS  % %  ! !$78R8R7SST"U V$TYY~%>$?@[AZZ%,,. -%:&C O(<(C(C(EF(*:*A*A*CD   ,"      s$B8C:C;C CCCr)rrrrrlistr]rrr r r rQr4rMr9rrr;r;4s48 ; ;c; *D0 ;$-E-G-4-D-( 4 c # \_ dh rr;)rZr5typingrpydanticrstarlette.authenticationrrrstarlette.requestsrstarlette.typesr r r mcp.server.auth.providerr r rr"r;r9rrrisJ WW-00?' 'O-O