mcp-gateway
by Cronos402
Overview
Acts as an x402 monetization wrapper and proxy for existing Micro-Credential Protocol (MCP) servers, enabling payment-gated access and management capabilities.
Installation
tsx src/index.tsEnvironment Variables
- UPSTASH_REDIS_REST_URL
- UPSTASH_REDIS_REST_TOKEN
- MCP2_PUBLIC_URL
- PORT
- VERCEL
- DEBUG
Security Notes
The server has a potential Server-Side Request Forgery (SSRF) vulnerability. The `resolveTargetUrl` function, used by the `/mcp` proxy endpoint, can derive the upstream target URL from the `x-cronos402-target-url` header or `target-url` query parameter if no server ID is provided or found. This allows an attacker to direct the gateway to an arbitrary URL, potentially probing internal networks or accessing sensitive internal services. Additionally, the `/register` endpoint, if not properly secured, could allow an untrusted user to register a server with an internal `mcpOrigin` URL, leading to a persistent SSRF vector. There is no explicit validation or allowlisting of target URLs in the code. Therefore, it is not recommended for deployment in environments where untrusted users can access these endpoints without additional security measures.
Similar Servers
solana-mcp-server
A Solana MCP (Multi-Chain Protocol) server that acts as a proxy for Solana RPC requests, offering enhanced capabilities like caching, metrics, and local sBPF program testing and management.
solx402-mcp-server
The SOLx402 MCP Server enables AI assistants to interact with the x402 payment protocol on Solana, providing tools for service discovery, consumption, USDC payments, and access to Solana development resources.
mcp-x402
Generates X402 payment headers and looks up associated wallet addresses for internet-native payments using the Model Context Protocol.
x402-mcp-server
Enables native x402 payments for AI agents via a Spring Boot server, exposing payment operations as MCP tools.