mcp-streamable-http-server
by nunaszek
Overview
A development template for creating StreamableHttp services, emphasizing flexible authentication, dynamic service registration, customizable middleware, and YAML configuration.
Installation
uv run serverEnvironment Variables
- HOST
- PORT
- SERVER_NAME
- JSON_RESPONSE
- LOG_LEVEL
- APP_VERSION
- DATABASE_URL
Security Notes
The `AuthorizeMiddleware` has a critical vulnerability: its `_verify_token` method contains a 'TODO: Implement token verification logic' and currently always returns `True`. This means any arbitrary string provided as a token in the 'Authorization' header or 'key' query parameter will be accepted as a valid API key, effectively bypassing actual authentication. If this middleware is active and a token string is present, it allows unauthenticated access to the system. Furthermore, the `SessionService.create_session` will record any such provided string as a new `ApiKey` in the database if it doesn't already exist.
Similar Servers
mcp-framework
This repository provides a framework for integrating and managing OAuth authentication within a server application, potentially involving HTTP streaming.
arcade-mcp
This project provides a comprehensive framework and a collection of pre-built toolkits for developing and deploying AI-powered Micro-Credentialing Protocol (MCP) servers, enabling agents to securely and efficiently interact with various external services.
frontmcp
FrontMCP is a TypeScript-first framework for building Model Context Protocol (MCP) servers, enabling AI models to interact with external systems through typed tools, resources, and prompts, including dynamic UI rendering and robust authentication.
mcp-server-starter-ts
A minimal TypeScript starter template for building Model Context Protocol (MCP) servers, enabling AI applications to connect with data sources and tools through a standardized interface.