rmcp_openapi/config/
authorization.rs

1use rmcp_actix_web::transport::AuthorizationHeader;
2use std::str::FromStr;
3
4/// Authorization handling for MCP server operations
5///
6/// This enum combines the authorization mode with the actual header value,
7/// ensuring type safety and a cleaner API.
8#[derive(Debug, Clone, Default)]
9pub enum Authorization {
10    /// No authorization header will be forwarded (MCP-compliant)
11    #[default]
12    None,
13
14    /// Forward authorization with debug logging (requires feature flag)
15    #[cfg(feature = "authorization-token-passthrough")]
16    PassthroughWarn(Option<AuthorizationHeader>),
17
18    /// Forward authorization silently (requires feature flag)
19    #[cfg(feature = "authorization-token-passthrough")]
20    PassthroughSilent(Option<AuthorizationHeader>),
21}
22
23/// Simple mode enum for conversion (matches CLI AuthorizationMode)
24#[derive(Debug, Clone, Copy, Default)]
25pub enum AuthorizationMode {
26    #[default]
27    Compliant,
28    #[cfg(feature = "authorization-token-passthrough")]
29    PassthroughWarn,
30    #[cfg(feature = "authorization-token-passthrough")]
31    PassthroughSilent,
32}
33
34impl FromStr for AuthorizationMode {
35    type Err = String;
36
37    fn from_str(s: &str) -> Result<Self, Self::Err> {
38        match s {
39            "compliant" => Ok(AuthorizationMode::Compliant),
40            #[cfg(feature = "authorization-token-passthrough")]
41            "passthrough-warn" => Ok(AuthorizationMode::PassthroughWarn),
42            #[cfg(feature = "authorization-token-passthrough")]
43            "passthrough-silent" => Ok(AuthorizationMode::PassthroughSilent),
44            _ => {
45                #[cfg(feature = "authorization-token-passthrough")]
46                let valid = "compliant, passthrough-warn, passthrough-silent";
47                #[cfg(not(feature = "authorization-token-passthrough"))]
48                let valid = "compliant";
49                Err(format!(
50                    "Invalid authorization mode: '{}'. Valid values: {}",
51                    s, valid
52                ))
53            }
54        }
55    }
56}
57
58impl Authorization {
59    /// Create Authorization from a mode and optional header
60    pub fn from_mode(
61        mode: AuthorizationMode,
62        #[cfg_attr(
63            not(feature = "authorization-token-passthrough"),
64            allow(unused_variables)
65        )]
66        header: Option<AuthorizationHeader>,
67    ) -> Self {
68        match mode {
69            AuthorizationMode::Compliant => Authorization::None,
70            #[cfg(feature = "authorization-token-passthrough")]
71            AuthorizationMode::PassthroughWarn => Authorization::PassthroughWarn(header),
72            #[cfg(feature = "authorization-token-passthrough")]
73            AuthorizationMode::PassthroughSilent => Authorization::PassthroughSilent(header),
74        }
75    }
76}