UNPKG

@fastmcp-oauth/sql-delegation

Version:

SQL delegation module for FastMCP OAuth framework - PostgreSQL and SQL Server support

323 lines (250 loc) 8.66 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
# @fastmcp-oauth/sql-delegation SQL delegation module for the MCP OAuth framework - provides PostgreSQL and SQL Server delegation capabilities. ## Overview This package is a **reference implementation** demonstrating how to build delegation modules for the MCP OAuth framework. It provides secure database operations on behalf of authenticated users using: - **PostgreSQL**: `SET ROLE` delegation - **SQL Server**: `EXECUTE AS USER` delegation ## Installation ```bash npm install @fastmcp-oauth/sql-delegation ``` This package is an **optional** dependency of `fastmcp-oauth`. The core framework works without SQL support. ## Features ### Security - ✅ Parameterized queries only (prevents SQL injection) - ✅ Dangerous operation blocking (DROP, CREATE, ALTER, etc.) - ✅ SQL identifier validation - ✅ Automatic context/role reversion on error - ✅ TLS encryption support - ✅ Role-based command authorization (with token exchange) ### Token Exchange Integration When integrated with the framework's TokenExchangeService, SQL delegation can: 1. Exchange requestor JWT for delegation token (TE-JWT) 2. Extract `legacy_name` claim for database user impersonation 3. Extract `roles` claim for command-level authorization (sql-read, sql-write, sql-admin) ## Usage ### PostgreSQL Delegation ```typescript import { PostgreSQLDelegationModule } from '@fastmcp-oauth/sql-delegation'; import { DelegationRegistry } from 'fastmcp-oauth/delegation'; const pgModule = new PostgreSQLDelegationModule(); await pgModule.initialize({ host: 'localhost', port: 5432, database: 'mydb', user: 'service_account', password: 'secret', options: { ssl: true } }); // Register with framework const registry = new DelegationRegistry(); registry.register(pgModule); // Delegate query const result = await registry.delegate( 'postgresql', session, 'query', { sql: 'SELECT * FROM users WHERE id = $1', params: [123] } ); ``` ### SQL Server Delegation ```typescript import { SQLDelegationModule } from '@fastmcp-oauth/sql-delegation'; import { DelegationRegistry } from 'fastmcp-oauth/delegation'; const sqlModule = new SQLDelegationModule(); await sqlModule.initialize({ server: 'sql01.company.com', database: 'legacy_app', options: { trustedConnection: true, encrypt: true } }); // Register with framework const registry = new DelegationRegistry(); registry.register(sqlModule); // Delegate query const result = await registry.delegate( 'sql', session, 'query', { sql: 'SELECT * FROM Orders WHERE CustomerId = @customerId', params: { customerId: 456 } } ); ``` ### Token Exchange Configuration To enable token exchange for SQL delegation: ```typescript import { TokenExchangeService } from 'fastmcp-oauth/delegation'; // Create TokenExchangeService const tokenExchangeService = new TokenExchangeService(auditService); // Configure SQL module with token exchange pgModule.setTokenExchangeService(tokenExchangeService, { tokenEndpoint: 'https://auth.company.com/token', clientId: 'mcp-server', clientSecret: 'SECRET', audience: 'postgresql-delegation', scope: 'openid profile sql:read sql:write' // Request specific OAuth scopes }); ``` **OAuth Scope Support (RFC 8693):** - Request fine-grained database permissions during token exchange - Example scopes: `sql:read` (SELECT only), `sql:write` (INSERT/UPDATE/DELETE), `sql:admin` (DDL operations) - IDP controls which scopes are granted based on user roles - Enables least-privilege access patterns per database **TE-JWT Requirements:** The delegation token (TE-JWT) returned by the IDP must contain: - `legacy_name` - Database username for impersonation - `roles` - Array of roles for command authorization (optional) - `sql-read`: SELECT only - `sql-write`: SELECT, INSERT, UPDATE, DELETE - `sql-admin`: All commands except dangerous operations - `admin`: All commands including DROP, TRUNCATE ## API ### PostgreSQLDelegationModule #### Actions - **`query`** - Execute SQL query with parameterized params ```typescript { sql: 'SELECT * FROM users WHERE id = $1', params: [123] } ``` - **`schema`** - List tables in schema ```typescript { schemaName: 'public' } ``` - **`table-details`** - Get table column information ```typescript { tableName: 'users', schemaName: 'public' } ``` ### SQLDelegationModule (SQL Server) #### Actions - **`query`** - Execute SQL query with named parameters ```typescript { sql: 'SELECT * FROM Orders WHERE Id = @id', params: { id: 123 } } ``` - **`schema`** - List tables in database ```typescript { } ``` - **`table-details`** - Get table column information ```typescript { tableName: 'Orders' } ``` ## Security ### Blocked Operations The following SQL operations are **always blocked** for non-admin users: - `DROP` - Requires `admin` role - `TRUNCATE` - Requires `admin` role - `CREATE` - Requires `sql-admin` or `admin` role - `ALTER` - Requires `sql-admin` or `admin` role - `GRANT` - Requires `sql-admin` or `admin` role - `REVOKE` - Requires `sql-admin` or `admin` role ### Command Authorization When token exchange is enabled, commands are authorized based on TE-JWT roles: | Command | Required Role | |---------|--------------| | SELECT, EXPLAIN | sql-read | | INSERT, UPDATE, DELETE | sql-write | | CREATE, ALTER, GRANT | sql-admin | | DROP, TRUNCATE | admin | ## Multi-Database Support The framework supports multiple PostgreSQL or SQL Server instances with separate tool names and IDP configurations: ```typescript // postgresql1 module const pgModule1 = new PostgreSQLDelegationModule('postgresql1'); await pgModule1.initialize({ host: 'primary.company.com', database: 'app_db', user: 'service_account', password: 'secret' }); pgModule1.setTokenExchangeService(tokenExchangeService, { idpName: 'primary-db-idp', tokenEndpoint: 'https://auth.company.com/token', clientId: 'primary-db-client', clientSecret: 'SECRET1', audience: 'primary-db', scope: 'openid profile sql:read sql:write sql:admin' }); // postgresql2 module (analytics, read-only) const pgModule2 = new PostgreSQLDelegationModule('postgresql2'); await pgModule2.initialize({ host: 'analytics.company.com', database: 'analytics_db', user: 'analytics_account', password: 'secret' }); pgModule2.setTokenExchangeService(tokenExchangeService, { idpName: 'analytics-db-idp', tokenEndpoint: 'https://analytics-auth.company.com/token', clientId: 'analytics-client', clientSecret: 'SECRET2', audience: 'analytics-db', scope: 'openid profile analytics:read' // Read-only }); // Register both modules registry.register(pgModule1); registry.register(pgModule2); // Use SQL tools factory to create tools with prefixes import { createSQLToolsForModule } from 'fastmcp-oauth/mcp/tools'; const sql1Tools = createSQLToolsForModule({ toolPrefix: 'sql1', moduleName: 'postgresql1', descriptionSuffix: ' (Primary DB)' }); const sql2Tools = createSQLToolsForModule({ toolPrefix: 'sql2', moduleName: 'postgresql2', descriptionSuffix: ' (Analytics DB - Read Only)' }); // Tools are named: sql1-delegate, sql1-schema, sql2-delegate, sql2-schema ``` **Key Benefits:** - **Separate IDPs** - Each database can use different identity provider - **Scoped Permissions** - Primary DB has full access, analytics is read-only - **Tool Prefixes** - Clear tool naming: `sql1-delegate`, `sql2-delegate` - **Independent Configuration** - Each database has separate credentials and token exchange settings ## Configuration ### PostgreSQL ```typescript { host: string; // PostgreSQL hostname port?: number; // Port (default: 5432) database: string; // Database name user: string; // Service account user password: string; // Service account password options?: { ssl?: boolean | { ... }; // SSL/TLS config }; pool?: { max?: number; // Max connections (default: 10) min?: number; // Min connections (default: 0) idleTimeoutMillis?: number; connectionTimeoutMillis?: number; }; } ``` ### SQL Server ```typescript { server: string; // SQL Server hostname database: string; // Database name options?: { trustedConnection?: boolean; // Use Windows auth encrypt?: boolean; // TLS encryption (recommended) trustServerCertificate?: boolean; }; } ``` ## License MIT ## See Also - [MCP OAuth Framework](https://github.com/yourorg/mcp-oauth) - [Framework Extension Guide](../../Docs/EXTENDING.md) - [Token Exchange Documentation](../../Docs/Framework-update.md#phase-1-token-exchange)