hyper-mcp-remote 0.1.0

A stdio to streamable-http MCP proxy with OAuth support
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348

//! Cross-platform persistent credential storage for OAuth tokens.
//!
//! Implements [`rmcp::transport::auth::CredentialStore`] by writing into the
//! OS-native secret store via the [`keyring`] crate, and silently falling
//! back to a 0600 JSON file when no keyring backend is available (e.g.
//! headless Linux without a Secret Service implementation, or CI).
//!
//! The on-disk encoding is the JSON representation of rmcp's
//! [`StoredCredentials`], which is the same type the in-memory store uses,
//! so the round-trip is lossless.

use std::path::PathBuf;

use anyhow::{Context, Result};
use async_trait::async_trait;
use rmcp::transport::auth::{AuthError, CredentialStore, StoredCredentials};

use crate::session::CredentialKey;

/// Service identifier used in the OS keyring. Keep this stable across
/// releases; bumping it will orphan all previously stored tokens.
const KEYRING_SERVICE: &str = "io.github.hyper-mcp-rs.hyper-mcp-remote";

/// Credential store backed by the OS keyring, with an automatic file
/// fallback when the keyring backend is unavailable.
pub struct SecureCredentialStore {
    /// The keyring account name. Derived from a [`CredentialKey`] so it is
    /// stable across launches as long as the user keeps pointing at the
    /// same `(server_url, resource)`. Request-time header churn does not
    /// invalidate this entry.
    account: String,
    /// Path used for the file-based fallback. Keyed off the same
    /// `CredentialKey` so the fallback persists across launches too.
    fallback_path: PathBuf,
}

impl SecureCredentialStore {
    /// Build a credential store keyed by `key`. The store transparently
    /// falls back to file storage if the keyring is unavailable on this
    /// platform/session.
    pub fn new(key: &CredentialKey) -> Result<Self> {
        let dirs = directories::ProjectDirs::from("io.github", "hyper-mcp-rs", "hyper-mcp-remote")
            .context("failed to resolve user config directory")?;

        Self::with_data_dir(key, dirs.data_local_dir())
    }

    /// Same as [`Self::new`] but with the data directory injected, primarily
    /// for tests that need to point the file-fallback at a `tempdir`.
    pub fn with_data_dir(key: &CredentialKey, data_dir: &std::path::Path) -> Result<Self> {
        let dir = data_dir.join("credentials");
        std::fs::create_dir_all(&dir).with_context(|| {
            format!("failed to create credentials directory: {}", dir.display())
        })?;

        Ok(Self {
            account: key.to_string(),
            fallback_path: dir.join(format!("{key}.json")),
        })
    }

    /// Wipe any cached credentials for this session from both keyring and
    /// disk. Used by `--reset-auth` and explicit logout flows.
    pub fn clear_sync(&self) -> Result<()> {
        // Best-effort delete from keyring.
        if let Ok(entry) = keyring::Entry::new(KEYRING_SERVICE, &self.account) {
            let _ = entry.delete_credential();
        }
        if self.fallback_path.exists() {
            std::fs::remove_file(&self.fallback_path).with_context(|| {
                format!(
                    "failed to remove credentials file: {}",
                    self.fallback_path.display()
                )
            })?;
        }
        Ok(())
    }

    /// Read raw JSON from keyring, falling back to file. Returns `Ok(None)`
    /// when neither location has an entry for this session.
    fn read_raw(&self) -> Result<Option<String>, AuthError> {
        match keyring::Entry::new(KEYRING_SERVICE, &self.account) {
            Ok(entry) => match entry.get_password() {
                Ok(s) => return Ok(Some(s)),
                Err(keyring::Error::NoEntry) => {}
                Err(e) => {
                    tracing::debug!(error = %e, "keyring read failed; falling back to file");
                }
            },
            Err(e) => {
                tracing::debug!(error = %e, "keyring unavailable; falling back to file");
            }
        }

        match std::fs::read_to_string(&self.fallback_path) {
            Ok(s) => Ok(Some(s)),
            Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(None),
            Err(e) => Err(AuthError::InternalError(format!(
                "failed to read credentials file: {e}"
            ))),
        }
    }

    /// Persist `data` to the keyring; on failure, fall back to a 0600 file.
    fn write_raw(&self, data: &str) -> Result<(), AuthError> {
        match keyring::Entry::new(KEYRING_SERVICE, &self.account) {
            Ok(entry) => match entry.set_password(data) {
                Ok(()) => {
                    // Belt-and-suspenders: remove any stale file copy so we
                    // don't have two sources of truth.
                    let _ = std::fs::remove_file(&self.fallback_path);
                    return Ok(());
                }
                Err(e) => {
                    tracing::warn!(error = %e, "keyring write failed; falling back to file");
                }
            },
            Err(e) => {
                tracing::warn!(error = %e, "keyring unavailable; using file fallback");
            }
        }

        write_secret_file(&self.fallback_path, data)
            .map_err(|e| AuthError::InternalError(format!("file fallback write failed: {e}")))
    }
}

#[async_trait]
impl CredentialStore for SecureCredentialStore {
    async fn load(&self) -> Result<Option<StoredCredentials>, AuthError> {
        let raw = match self.read_raw()? {
            Some(s) => s,
            None => return Ok(None),
        };
        let creds: StoredCredentials = serde_json::from_str(&raw).map_err(|e| {
            AuthError::InternalError(format!("failed to deserialize stored credentials: {e}"))
        })?;
        Ok(Some(creds))
    }

    async fn save(&self, credentials: StoredCredentials) -> Result<(), AuthError> {
        let raw = serde_json::to_string(&credentials).map_err(|e| {
            AuthError::InternalError(format!("failed to serialize credentials: {e}"))
        })?;
        self.write_raw(&raw)
    }

    async fn clear(&self) -> Result<(), AuthError> {
        self.clear_sync()
            .map_err(|e| AuthError::InternalError(format!("clear failed: {e}")))
    }
}

/// Write `data` to `path` atomically with 0600 permissions on Unix.
fn write_secret_file(path: &std::path::Path, data: &str) -> Result<()> {
    let tmp = path.with_extension("tmp");

    #[cfg(unix)]
    {
        use std::io::Write;
        use std::os::unix::fs::OpenOptionsExt;
        let mut f = std::fs::OpenOptions::new()
            .write(true)
            .create(true)
            .truncate(true)
            .mode(0o600)
            .open(&tmp)
            .with_context(|| format!("opening {}", tmp.display()))?;
        f.write_all(data.as_bytes())
            .with_context(|| format!("writing {}", tmp.display()))?;
        f.sync_all().ok();
    }

    #[cfg(not(unix))]
    {
        std::fs::write(&tmp, data).with_context(|| format!("writing {}", tmp.display()))?;
    }

    std::fs::rename(&tmp, path)
        .with_context(|| format!("renaming {} -> {}", tmp.display(), path.display()))?;
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;
    use rmcp::transport::auth::{CredentialStore, StoredCredentials};

    fn make_store(dir: &std::path::Path, salt: &str) -> SecureCredentialStore {
        // Distinct keys per test so that even if a keyring is present
        // (e.g. on a developer's macOS box), each test gets its own entry.
        let key = CredentialKey::new(&format!("https://example.com/{salt}"), None);
        SecureCredentialStore::with_data_dir(&key, dir).expect("with_data_dir")
    }

    /// Build a `StoredCredentials` via JSON to avoid pulling in the `oauth2`
    /// crate just to construct an `OAuthTokenResponse` in tests. The shape
    /// here mirrors what rmcp itself serializes.
    fn sample_credentials() -> StoredCredentials {
        let json = serde_json::json!({
            "client_id": "client-abc",
            "token_response": {
                "access_token": "access-token-xyz",
                "token_type": "bearer",
                "expires_in": 3600,
                "refresh_token": "refresh-token-zzz",
                "scope": "read write",
            },
            "granted_scopes": ["read", "write"],
            "token_received_at": 1_700_000_000u64,
        });
        serde_json::from_value(json).expect("sample credentials must deserialize")
    }

    /// Force the fallback path by deleting the keyring entry. Used to keep
    /// tests deterministic on machines where a real keyring is available.
    fn clear_keyring(store: &SecureCredentialStore) {
        if let Ok(entry) = keyring::Entry::new(KEYRING_SERVICE, &store.account) {
            let _ = entry.delete_credential();
        }
    }

    #[tokio::test]
    async fn load_returns_none_when_nothing_stored() {
        let dir = tempfile::tempdir().expect("tempdir");
        let store = make_store(dir.path(), "none-stored");
        clear_keyring(&store);
        let out = store.load().await.expect("load");
        assert!(out.is_none(), "empty store should yield None, got {out:?}");
    }

    #[tokio::test]
    async fn save_then_load_round_trips() {
        let dir = tempfile::tempdir().expect("tempdir");
        let store = make_store(dir.path(), "round-trip");
        clear_keyring(&store);

        let creds = sample_credentials();
        store.save(creds.clone()).await.expect("save");

        let loaded = store
            .load()
            .await
            .expect("load")
            .expect("creds should be present after save");
        assert_eq!(loaded.client_id, creds.client_id);
        assert_eq!(loaded.granted_scopes, creds.granted_scopes);
        assert_eq!(loaded.token_received_at, creds.token_received_at);
        assert!(
            loaded.token_response.is_some(),
            "token_response must round-trip"
        );
    }

    #[tokio::test]
    async fn clear_removes_persisted_credentials() {
        let dir = tempfile::tempdir().expect("tempdir");
        let store = make_store(dir.path(), "clear");
        clear_keyring(&store);

        store.save(sample_credentials()).await.expect("save");
        assert!(store.load().await.expect("load").is_some());

        store.clear().await.expect("clear");
        assert!(
            store.load().await.expect("load after clear").is_none(),
            "clear() must remove stored credentials"
        );
    }

    #[tokio::test]
    async fn load_returns_internal_error_on_corrupt_file() {
        let dir = tempfile::tempdir().expect("tempdir");
        let store = make_store(dir.path(), "corrupt");
        clear_keyring(&store);

        // Write garbage directly to the file fallback path.
        std::fs::create_dir_all(store.fallback_path.parent().expect("parent")).expect("mkdir");
        std::fs::write(&store.fallback_path, "not-json").expect("write");

        // load() goes through read_raw which prefers the keyring; with an
        // empty keyring it should fall through to the corrupt file. Some
        // keyrings on dev machines may shadow this; tolerate either outcome
        // but require the function not to panic.
        let outcome = store.load().await;
        match outcome {
            Ok(Some(_)) | Ok(None) => {
                // keyring shadowed the file; nothing to assert.
            }
            Err(e) => {
                let msg = format!("{e}");
                assert!(
                    msg.contains("deserialize"),
                    "corrupt-file error must mention deserialization, got: {msg}"
                );
            }
        }
    }

    #[test]
    fn write_secret_file_creates_file_atomically() {
        let dir = tempfile::tempdir().expect("tempdir");
        let path = dir.path().join("secret.json");
        write_secret_file(&path, "hello").expect("write_secret_file");
        let content = std::fs::read_to_string(&path).expect("read back");
        assert_eq!(content, "hello");

        // Tmp companion file must be gone after rename.
        let tmp = path.with_extension("tmp");
        assert!(!tmp.exists(), "tmp file should have been renamed");
    }

    #[cfg(unix)]
    #[test]
    fn write_secret_file_is_mode_0600_on_unix() {
        use std::os::unix::fs::PermissionsExt;
        let dir = tempfile::tempdir().expect("tempdir");
        let path = dir.path().join("secret.json");
        write_secret_file(&path, "hello").expect("write_secret_file");
        let mode = std::fs::metadata(&path)
            .expect("metadata")
            .permissions()
            .mode()
            & 0o777;
        assert_eq!(mode, 0o600, "file fallback must be 0600 on unix");
    }

    #[test]
    fn new_uses_platform_data_dir() {
        // Just check that `new` doesn't crash and produces a non-empty
        // account string. Avoids touching shared user state by going
        // through `with_data_dir` for any real work.
        let key = CredentialKey::new("https://example.com/x", None);
        let store = SecureCredentialStore::new(&key).expect("new");
        assert_eq!(store.account, key.to_string());
    }

    #[test]
    fn clear_sync_is_idempotent_on_empty_store() {
        let dir = tempfile::tempdir().expect("tempdir");
        let store = make_store(dir.path(), "idempotent");
        clear_keyring(&store);
        // No credentials saved; clear_sync must not error.
        store.clear_sync().expect("clear_sync on empty store");
        store.clear_sync().expect("clear_sync twice in a row");
    }
}