deploy-website
by TencentCloudADP-DevRel
Overview
A simple API service to deploy, list, and delete HTML websites, including a specialized endpoint for deploying 3D model viewers from COS GLB links.
Installation
npm startEnvironment Variables
- PORT
- WEBSITE_DIR
- API_KEY
- NODE_ENV
- CORS_ORIGIN
Security Notes
The default server (using `src/index.ts` via `npm start`) has severe security vulnerabilities, as detailed in the `SECURITY_REVIEW.md`. Critical issues include: 1. **Path Traversal**: Allows deletion of arbitrary system files. 2. **XSS Risk**: Uploaded HTML is served directly, enabling malicious script execution. 3. **No Authentication**: Anyone can upload, delete, and list files. 4. **Inconsistent File Size Limits**: Multer is not configured with limits, making it vulnerable to large file uploads. 5. **Filename Conflicts**: New files can overwrite existing ones. 6. **Error Leakage**: Detailed error messages are exposed, which can aid attackers. 7. **Temporary File Cleanup**: Lacks robust temporary file handling. While a more secure version (`src/index-secure.ts`) exists that addresses many of these, it is not the default execution path and also omits the `/api/deploy-3d-website` endpoint.
Similar Servers
langgraph-dev-navigator
Provides a RAG and Knowledge Graph powered backend for grounding AI coding assistants in the LangGraph ecosystem, improving code generation accuracy and reducing hallucinations.
generator-app-remote-mcp-server-generic
Provides backend services for a generic multi-cloud application generator, enabling remote application scaffolding and management across various cloud providers.
puppeteer-mcp-server
Automating browser interactions and web scraping via an MCP server.
crawl4ai-mcp-server
A lightweight server providing web scraping and crawling tools, designed for integration with AI frameworks like OpenAI Agents SDK, Cursor, and Claude Code.