Class: VectorMCP::Security::SessionContext

Inherits:

Object

• Object
• VectorMCP::Security::SessionContext

Defined in:

lib/vector_mcp/security/session_context.rb

Overview

Represents the security context for a user session Contains authentication and authorization information

Instance Attribute Summary

• #auth_strategy ⇒ Object readonly

  Returns the value of attribute auth_strategy.

• #authenticated ⇒ Object readonly

  Returns the value of attribute authenticated.

• #authenticated_at ⇒ Object readonly

  Returns the value of attribute authenticated_at.

• #permissions ⇒ Object readonly

  Returns the value of attribute permissions.

• #user ⇒ Object readonly

  Returns the value of attribute user.

Class Method Summary

• .anonymous ⇒ SessionContext

  Create an anonymous (unauthenticated) session context.

• .from_auth_result(auth_result) ⇒ SessionContext

  Create an authenticated session context from an AuthResult.

Instance Method Summary

• #add_permission(permission) ⇒ Object

  Add a permission to the session.

• #add_permissions(permissions) ⇒ Object

  Add multiple permissions to the session.

• #auth_method ⇒ String

  Get authentication method used.

• #auth_recent?(max_age: 3600) ⇒ Boolean

  Check if authentication is recent (within specified seconds).

• #authenticated? ⇒ Boolean

  Check if the session is authenticated.

• #can?(permission) ⇒ Boolean

  Check if the user has a specific permission.

• #can_access?(action, resource) ⇒ Boolean

  Check if the user can perform an action on a resource.

• #clear_permissions ⇒ Object

  Clear all permissions.

• #initialize(user: nil, authenticated: false, auth_strategy: nil, authenticated_at: nil) ⇒ SessionContext constructor

  Initialize session context.

• #remove_permission(permission) ⇒ Object

  Remove a permission from the session.

• #to_h ⇒ Hash

  Convert to hash for serialization.

• #user_identifier ⇒ String

  Get user identifier for logging/auditing.

Constructor Details

#initialize(user: nil, authenticated: false, auth_strategy: nil, authenticated_at: nil) ⇒ SessionContext

Initialize session context

Parameters:

• user (Object) (defaults to: nil) —

  the authenticated user object

• authenticated (Boolean) (defaults to: false) —

  whether the user is authenticated

• auth_strategy (String) (defaults to: nil) —

  the authentication strategy used

• authenticated_at (Time) (defaults to: nil) —

  when authentication occurred

# File 'lib/vector_mcp/security/session_context.rb', line 15

def initialize(user: nil, authenticated: false, auth_strategy: nil, authenticated_at: nil)
  @user = user
  @authenticated = authenticated
  @auth_strategy = auth_strategy
  @authenticated_at = authenticated_at || Time.now
  @permissions = Set.new
end

Instance Attribute Details

#auth_strategy ⇒ Object (readonly)

Returns the value of attribute auth_strategy.

# File 'lib/vector_mcp/security/session_context.rb', line 8

def auth_strategy
  @auth_strategy
end

#authenticated ⇒ Object (readonly)

Returns the value of attribute authenticated.

# File 'lib/vector_mcp/security/session_context.rb', line 8

def authenticated
  @authenticated
end

#authenticated_at ⇒ Object (readonly)

Returns the value of attribute authenticated_at.

# File 'lib/vector_mcp/security/session_context.rb', line 8

def authenticated_at
  @authenticated_at
end

#permissions ⇒ Object (readonly)

Returns the value of attribute permissions.

# File 'lib/vector_mcp/security/session_context.rb', line 8

def permissions
  @permissions
end

#user ⇒ Object (readonly)

Returns the value of attribute user.

# File 'lib/vector_mcp/security/session_context.rb', line 8

def user
  @user
end

Class Method Details

.anonymous ⇒ SessionContext

Create an anonymous (unauthenticated) session context

Returns:

• (SessionContext) —

  an unauthenticated session

# File 'lib/vector_mcp/security/session_context.rb', line 112

def self.anonymous
  new(authenticated: false)
end

.from_auth_result(auth_result) ⇒ SessionContext

Create an authenticated session context from an AuthResult

Parameters:

• auth_result (VectorMCP::Security::AuthResult) —

  the authentication outcome

Returns:

• (SessionContext) —

  an authenticated or anonymous session

# File 'lib/vector_mcp/security/session_context.rb', line 119

def self.from_auth_result(auth_result)
  return anonymous unless auth_result&.authenticated?

  new(
    user: auth_result.user,
    authenticated: true,
    auth_strategy: auth_result.strategy,
    authenticated_at: auth_result.authenticated_at
  )
end

Instance Method Details

#add_permission(permission) ⇒ Object

Add a permission to the session

Parameters:

• permission (String, Symbol) —

  the permission to add

# File 'lib/vector_mcp/security/session_context.rb', line 46

def add_permission(permission)
  @permissions << permission.to_s
end

#add_permissions(permissions) ⇒ Object

Add multiple permissions to the session

Parameters:

• permissions (Array<String, Symbol>) —

  the permissions to add

# File 'lib/vector_mcp/security/session_context.rb', line 52

def add_permissions(permissions)
  permissions.each { |perm| add_permission(perm) }
end

#auth_method ⇒ String

Get authentication method used

Returns:

• (String) —

  the authentication strategy

# File 'lib/vector_mcp/security/session_context.rb', line 85

def auth_method
  @auth_strategy || "none"
end

#auth_recent?(max_age: 3600) ⇒ Boolean

Check if authentication is recent (within specified seconds)

Parameters:

• max_age (Integer) (defaults to: 3600) —

  maximum age in seconds (default: 3600 = 1 hour)

Returns:

• (Boolean) —

  true if authentication is recent

# File 'lib/vector_mcp/security/session_context.rb', line 92

def auth_recent?(max_age: 3600)
  return false unless authenticated?

  (Time.now - @authenticated_at) <= max_age
end

#authenticated? ⇒ Boolean

Check if the session is authenticated

Returns:

• (Boolean) —

  true if authenticated

# File 'lib/vector_mcp/security/session_context.rb', line 25

def authenticated?
  @authenticated
end

#can?(permission) ⇒ Boolean

Check if the user has a specific permission

Parameters:

• permission (String, Symbol) —

  the permission to check

Returns:

• (Boolean) —

  true if user has the permission

# File 'lib/vector_mcp/security/session_context.rb', line 32

def can?(permission)
  @permissions.include?(permission.to_s)
end

#can_access?(action, resource) ⇒ Boolean

Check if the user can perform an action on a resource

Parameters:

• action (String, Symbol) —

  the action (e.g., ‘read’, ‘write’, ‘execute’)

• resource (String, Symbol) —

  the resource (e.g., ‘tools’, ‘resources’)

Returns:

• (Boolean) —

  true if user can perform the action

# File 'lib/vector_mcp/security/session_context.rb', line 40

def can_access?(action, resource)
  can?("#{action}:#{resource}") || can?("#{action}:*") || can?("*:#{resource}") || can?("*:*")
end

#clear_permissions ⇒ Object

Clear all permissions

# File 'lib/vector_mcp/security/session_context.rb', line 63

def clear_permissions
  @permissions.clear
end

#remove_permission(permission) ⇒ Object

Remove a permission from the session

Parameters:

• permission (String, Symbol) —

  the permission to remove

# File 'lib/vector_mcp/security/session_context.rb', line 58

def remove_permission(permission)
  @permissions.delete(permission.to_s)
end

#to_h ⇒ Hash

Convert to hash for serialization

Returns:

• (Hash) —

  session context as hash

# File 'lib/vector_mcp/security/session_context.rb', line 100

def to_h
  {
    authenticated: @authenticated,
    user_identifier: user_identifier,
    auth_strategy: @auth_strategy,
    authenticated_at: @authenticated_at&.iso8601,
    permissions: @permissions.to_a
  }
end

#user_identifier ⇒ String

Get user identifier for logging/auditing

Returns:

• (String) —

  a string identifying the user

# File 'lib/vector_mcp/security/session_context.rb', line 69

def user_identifier
  return "anonymous" unless authenticated?
  return "anonymous" if @user.nil?

  case @user
  when Hash
    @user[:user_id] || @user[:sub] || @user[:email] || @user[:api_key] || "authenticated_user"
  when String
    @user
  else
    @user.respond_to?(:id) ? @user.id.to_s : "authenticated_user"
  end
end