43 lines
1.9 KiB
Python
43 lines
1.9 KiB
Python
"""
|
||
简单的 ASGI 中间件:为 SSE 入口添加 x-api-key 鉴权。
|
||
当前 fastmcp 版本不支持 authenticate 参数时,可通过该中间件实现最小可用的 Header 鉴权。
|
||
"""
|
||
|
||
from typing import Callable, Awaitable
|
||
import os
|
||
|
||
|
||
class ApiKeyAuthMiddleware:
|
||
def __init__(self, app, header_name: str = "x-api-key", expected_key: str | None = None, sse_path: str = "/sse"):
|
||
self.app = app
|
||
self.header_name = header_name.lower()
|
||
self.expected_key = expected_key or os.environ.get("MCP_API_KEY", "123")
|
||
self.sse_path = sse_path
|
||
|
||
async def __call__(self, scope, receive, send):
|
||
# 仅对 HTTP scope 且 SSE 路径做校验,其余直接放行
|
||
if scope.get("type") == "http":
|
||
path = scope.get("path", "")
|
||
if path.startswith(self.sse_path):
|
||
# 提取 header(bytes)
|
||
headers = {k.decode("latin1").lower(): v.decode("latin1") for k, v in scope.get("headers", [])}
|
||
api_key = headers.get(self.header_name)
|
||
if api_key != self.expected_key:
|
||
body = b"Unauthorized: missing or invalid x-api-key"
|
||
await send({
|
||
"type": "http.response.start",
|
||
"status": 401,
|
||
"headers": [(b"content-type", b"text/plain; charset=utf-8")],
|
||
})
|
||
await send({
|
||
"type": "http.response.body",
|
||
"body": body,
|
||
"more_body": False,
|
||
})
|
||
return
|
||
return await self.app(scope, receive, send)
|
||
|
||
|
||
def with_api_key_auth(app, header_name: str = "x-api-key", expected_key: str | None = None, sse_path: str = "/sse"):
|
||
return ApiKeyAuthMiddleware(app, header_name=header_name, expected_key=expected_key, sse_path=sse_path)
|