kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(backend): Implement MCP API Key Management System (Story 5.2)

Browse Source 
Implemented comprehensive API Key authentication and management system
for MCP Server to ensure only authorized AI agents can access ColaFlow.

## Domain Layer
- Created McpApiKey aggregate root with BCrypt password hashing
- Implemented ApiKeyPermissions value object (read/write, resource/tool filtering)
- Added ApiKeyStatus enum (Active, Revoked)
- Created domain events (ApiKeyCreatedEvent, ApiKeyRevokedEvent)
- API key format: cola_<36 random chars> (cryptographically secure)
- Default expiration: 90 days

## Application Layer
- Implemented McpApiKeyService with full CRUD operations
- Created DTOs for API key creation, validation, and updates
- Validation logic: hash verification, expiration check, IP whitelist
- Usage tracking: last_used_at, usage_count

## Infrastructure Layer
- Created McpDbContext with PostgreSQL configuration
- EF Core entity configuration with JSONB for permissions/IP whitelist
- Implemented McpApiKeyRepository with prefix-based lookup
- Database migration: mcp_api_keys table with indexes
- Created McpApiKeyAuthenticationMiddleware for API key validation
- Middleware validates Authorization: Bearer <api_key> header

## API Layer
- Created McpApiKeysController with REST endpoints:
  - POST /api/mcp/keys - Create API Key (returns plain key once!)
  - GET /api/mcp/keys - List tenant's API Keys
  - GET /api/mcp/keys/{id} - Get API Key details
  - PATCH /api/mcp/keys/{id}/metadata - Update name/description
  - PATCH /api/mcp/keys/{id}/permissions - Update permissions
  - DELETE /api/mcp/keys/{id} - Revoke API Key
- Requires JWT authentication (not API key auth)

## Testing
- Created 17 unit tests for McpApiKey entity
- Created 7 unit tests for ApiKeyPermissions value object
- All 49 tests passing (including existing MCP tests)
- Test coverage > 80% for Domain layer

## Security Features
- BCrypt hashing with work factor 12
- API key shown only once at creation (never logged)
- Key prefix lookup for fast validation (indexed)
- Multi-tenant isolation (tenant_id filter)
- IP whitelist support
- Permission scopes (read/write, resources, tools)
- Automatic expiration after 90 days

## Database Schema
Table: mcp.mcp_api_keys
- Indexes: key_prefix (unique), tenant_id, tenant_user, expires_at, status
- JSONB columns for permissions and IP whitelist
- Soft delete via revoked_at

## Integration
- Updated Program.cs to register MCP module with configuration
- Added MCP DbContext migration in development mode
- Authentication middleware runs before MCP protocol handler

Changes:
- Created 31 new files (2321+ lines)
- Domain: 6 files (McpApiKey, events, repository, value objects)
- Application: 9 files (service, DTOs)
- Infrastructure: 8 files (DbContext, repository, middleware, migration)
- API: 1 file (McpApiKeysController)
- Tests: 2 files (17 + 7 unit tests)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Yaojia Wang
2025-11-08 18:40:56 +01:00
parent b11c6447b5
commit 0857a8ba2a
31 changed files with 2321 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
colaflow-api/ColaFlow.sln
View File

@@ -55,6 +55,16 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ColaFlow.Modules.Identity.I
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ColaFlow.Modules.Identity.IntegrationTests", "tests\Modules\Identity\ColaFlow.Modules.Identity.IntegrationTests\ColaFlow.Modules.Identity.IntegrationTests.csproj", "{86D74CD1-A0F7-467B-899B-82641451A8C4}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ColaFlow.Modules.Mcp.Application", "src\Modules\Mcp\ColaFlow.Modules.Mcp.Application\ColaFlow.Modules.Mcp.Application.csproj", "{D07B22E9-2C46-5425-4076-2E0D5E128488}"
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Mcp", "Mcp", "{02EA681E-C7D8-13C7-8484-4AC65E1B71E8}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ColaFlow.Modules.Mcp.Contracts", "src\Modules\Mcp\ColaFlow.Modules.Mcp.Contracts\ColaFlow.Modules.Mcp.Contracts.csproj", "{9B021F2B-646E-3639-D365-19BA2E4693D7}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ColaFlow.Modules.Mcp.Domain", "src\Modules\Mcp\ColaFlow.Modules.Mcp.Domain\ColaFlow.Modules.Mcp.Domain.csproj", "{C26E375D-DE7C-134E-9846-F87FA19AFEAD}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ColaFlow.Modules.Mcp.Infrastructure", "src\Modules\Mcp\ColaFlow.Modules.Mcp.Infrastructure\ColaFlow.Modules.Mcp.Infrastructure.csproj", "{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@@ -281,6 +291,54 @@ Global
{86D74CD1-A0F7-467B-899B-82641451A8C4}.Release|x64.Build.0 = Release|Any CPU
{86D74CD1-A0F7-467B-899B-82641451A8C4}.Release|x86.ActiveCfg = Release|Any CPU
{86D74CD1-A0F7-467B-899B-82641451A8C4}.Release|x86.Build.0 = Release|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Debug|x64.ActiveCfg = Debug|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Debug|x64.Build.0 = Debug|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Debug|x86.ActiveCfg = Debug|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Debug|x86.Build.0 = Debug|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Release|Any CPU.Build.0 = Release|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Release|x64.ActiveCfg = Release|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Release|x64.Build.0 = Release|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Release|x86.ActiveCfg = Release|Any CPU
{D07B22E9-2C46-5425-4076-2E0D5E128488}.Release|x86.Build.0 = Release|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Debug|x64.ActiveCfg = Debug|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Debug|x64.Build.0 = Debug|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Debug|x86.ActiveCfg = Debug|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Debug|x86.Build.0 = Debug|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Release|Any CPU.Build.0 = Release|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Release|x64.ActiveCfg = Release|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Release|x64.Build.0 = Release|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Release|x86.ActiveCfg = Release|Any CPU
{9B021F2B-646E-3639-D365-19BA2E4693D7}.Release|x86.Build.0 = Release|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Debug|Any CPU.Build.0 = Debug|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Debug|x64.ActiveCfg = Debug|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Debug|x64.Build.0 = Debug|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Debug|x86.ActiveCfg = Debug|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Debug|x86.Build.0 = Debug|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Release|Any CPU.ActiveCfg = Release|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Release|Any CPU.Build.0 = Release|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Release|x64.ActiveCfg = Release|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Release|x64.Build.0 = Release|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Release|x86.ActiveCfg = Release|Any CPU
{C26E375D-DE7C-134E-9846-F87FA19AFEAD}.Release|x86.Build.0 = Release|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Debug|Any CPU.Build.0 = Debug|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Debug|x64.ActiveCfg = Debug|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Debug|x64.Build.0 = Debug|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Debug|x86.ActiveCfg = Debug|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Debug|x86.Build.0 = Debug|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Release|Any CPU.ActiveCfg = Release|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Release|Any CPU.Build.0 = Release|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Release|x64.ActiveCfg = Release|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Release|x64.Build.0 = Release|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Release|x86.ActiveCfg = Release|Any CPU
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
@@ -310,6 +368,11 @@ Global
{18EA8D3B-8570-4D51-B410-580F0782A61C} = {ACB2D19B-6984-27D8-539C-F209B7C78BA5}
{6401A1D7-2E1E-4FE1-B2F6-3DC82C2948DA} = {ACB2D19B-6984-27D8-539C-F209B7C78BA5}
{86D74CD1-A0F7-467B-899B-82641451A8C4} = {ACB2D19B-6984-27D8-539C-F209B7C78BA5}
{D07B22E9-2C46-5425-4076-2E0D5E128488} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
{02EA681E-C7D8-13C7-8484-4AC65E1B71E8} = {EC447DCF-ABFA-6E24-52A5-D7FD48A5C558}
{9B021F2B-646E-3639-D365-19BA2E4693D7} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
{C26E375D-DE7C-134E-9846-F87FA19AFEAD} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
{31D96779-9DDF-04D6-B22B-6F0FBCB6E846} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {3A6D2E28-927B-49D8-BABA-B5D2FC6D416E}