zgaetano/mcp-servers
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
MCP Server implementations and gateway infrastructure
283 commits 1 branch 0 tags 617 KiB
Python 54.4%
TypeScript 38%
HTML 2.5%
JavaScript 2.5%
Shell 1.7%
Other 0.9%
Find a file
zgaetano a4fa9e75a2 feat(gateway): password login page with session cookie for /admin and /dashboard 
Replaces Bearer-token-only auth on GUI routes with a proper browser
login flow. Visiting /admin or /dashboard now redirects to /gui-login
if no valid session exists. Submitting the OAUTH_PASSWORD sets a
secure httpOnly session cookie (8h TTL). /gui-logout clears it.

- /dashboard/status also accepts session cookie (for the dashboard JS
  to call back without needing a separate token)
- API routes (/users/*, /keys/*) still require Bearer token as before
- /gui-login, /gui-logout added as new public routes
2026-03-31 23:44:24 -04:00
dashboard Add dashboard/Dashboard.jsx 2026-03-31 15:33:28 -04:00
erpnext-mcp Add erpnext-mcp/src/tools/stock.ts 2026-03-31 15:33:33 -04:00
forgejo-mcp fix(forgejo-mcp): convert sync httpx.Client to async AsyncClient 2026-03-31 23:17:52 -04:00
gateway-proxy feat(gateway): password login page with session cookie for /admin and /dashboard 2026-03-31 23:44:24 -04:00
homeassistant-mcp Add homeassistant-mcp/requirements.txt 2026-03-31 15:33:42 -04:00
linkedin-mcp Add linkedin-mcp/SETUP.md 2026-03-31 15:33:44 -04:00
memory-bank-mcp Add Memory Bank, Puppeteer, Sequential Thinking, and Docker MCP servers 2026-03-31 23:02:47 -04:00
puppeteer-mcp Add Memory Bank, Puppeteer, Sequential Thinking, and Docker MCP servers 2026-03-31 23:02:47 -04:00
scripts Add scripts/wave-token-refresh.sh 2026-03-31 15:33:44 -04:00
sequential-thinking-mcp Add Memory Bank, Puppeteer, Sequential Thinking, and Docker MCP servers 2026-03-31 23:02:47 -04:00
ssh-mcp Replace docker-mcp with ssh-mcp 2026-03-31 23:25:10 -04:00
truenas-mcp Add truenas-mcp/truenas_mcp.py 2026-03-31 15:33:45 -04:00
wave-mcp Add wave-mcp/src/tools/products.ts 2026-03-31 15:33:51 -04:00
.env Add SSH MCP credentials to .env 2026-03-31 23:37:00 -04:00
.gitignore Add .gitignore 2026-03-31 15:33:21 -04:00
API_CREDENTIALS_SETUP.md Add API_CREDENTIALS_SETUP.md 2026-03-31 15:33:21 -04:00
ARCHITECTURE.md Add ARCHITECTURE.md 2026-03-31 15:33:22 -04:00
DASHBOARD_SETUP.md Add DASHBOARD_SETUP.md 2026-03-31 15:33:22 -04:00
DEPLOYMENT_CHECKLIST.md Add DEPLOYMENT_CHECKLIST.md 2026-03-31 15:33:22 -04:00
docker-compose.yml Replace docker-mcp with ssh-mcp 2026-03-31 23:25:10 -04:00
FORGEJO_IMPLEMENTATION_SUMMARY.md Add FORGEJO_IMPLEMENTATION_SUMMARY.md 2026-03-31 15:33:23 -04:00
FORGEJO_SETUP.md Add FORGEJO_SETUP.md 2026-03-31 15:33:23 -04:00
LINKEDIN_QUICK_START.md Add LINKEDIN_QUICK_START.md 2026-03-31 15:33:23 -04:00
LINKEDIN_TOKEN_GENERATION.md Add LINKEDIN_TOKEN_GENERATION.md 2026-03-31 15:33:23 -04:00
MCP_STACK_UPDATE.md Add MCP_STACK_UPDATE.md 2026-03-31 15:33:24 -04:00
openai_adapter.py Add openai_adapter.py 2026-03-31 15:33:24 -04:00
OPENAI_INTEGRATION.md Add OPENAI_INTEGRATION.md 2026-03-31 15:33:24 -04:00
OPENUI_OAUTH_FIX.md Add OPENUI_OAUTH_FIX.md 2026-03-31 15:33:24 -04:00
OPENUI_OAUTH_QUICK_FIX.txt Add OPENUI_OAUTH_QUICK_FIX.txt 2026-03-31 15:33:25 -04:00
OPENUI_SCHEMA_FIX.md Add OPENUI_SCHEMA_FIX.md 2026-03-31 15:33:25 -04:00
QUICK_OPENUI_FIX.txt Add QUICK_OPENUI_FIX.txt 2026-03-31 15:33:25 -04:00
README.md Add README.md 2026-03-31 15:33:26 -04:00
README_OPENAI.md Add README_OPENAI.md 2026-03-31 15:33:26 -04:00
RFP_SCRAPER_SETUP.md Add RFP_SCRAPER_SETUP.md 2026-03-31 15:33:27 -04:00
SETUP_OPEN_UI.md Add SETUP_OPEN_UI.md 2026-03-31 15:33:27 -04:00
USER_MANAGEMENT_SETUP.md Add USER_MANAGEMENT_SETUP.md 2026-03-31 15:33:27 -04:00

README.md

MCP Gateway Stack

Aggregates multiple MCP backend servers behind a single Streamable HTTP endpoint with OAuth 2.1 authentication, exposed via Tailscale Funnel.

Architecture

claude.ai / Claude Mobile / Claude Code
        │
        │  OAuth 2.1 (PKCE + DCR)
        ▼
┌─────────────────────────────┐
│  MCP Gateway Proxy (:4444)  │  ← mcp.wilddragon.net via Tailscale Funnel
│  OAuth Provider + Aggregator│
└────┬──────────┬─────────┬───┘
     │          │         │
     ▼          ▼         ▼
  ERPNext    TrueNAS    Home
  MCP        MCP        Assistant
  (:32802)   (:8100)    MCP (:8200)

OAuth 2.1 Flow

When claude.ai connects to https://mcp.wilddragon.net/mcp:

  1. Gateway returns 401 with WWW-Authenticate header pointing to resource metadata
  2. Claude discovers /.well-known/oauth-protected-resource → finds authorization server
  3. Claude discovers /.well-known/oauth-authorization-server → finds all OAuth endpoints
  4. Claude calls /oauth/register (Dynamic Client Registration) to get a client_id
  5. Claude opens /oauth/authorize in browser → you see a consent page → enter your password
  6. Gateway issues an authorization code, redirects to Claude's callback
  7. Claude exchanges the code at /oauth/token (with PKCE verification) → gets access + refresh tokens
  8. Claude sends MCP requests to /mcp with Authorization: Bearer <token>
  9. Tokens auto-refresh via the refresh token grant

Setup

  1. Copy .env.example to .env and fill in your values
  2. Set a strong OAUTH_PASSWORD — this is what you type in the consent page
  3. Set OAUTH_ISSUER_URL to your public gateway URL (e.g., https://mcp.wilddragon.net)
  4. Build and start: docker compose up -d --build
  5. In claude.ai → Settings → Connectors → Add → paste https://mcp.wilddragon.net/mcp
  6. Complete the OAuth flow when prompted (enter your gateway password)

Environment Variables

Variable Required Default Description
OAUTH_ISSUER_URL Yes https://mcp.wilddragon.net Public URL of the gateway
OAUTH_PASSWORD Yes Password for the consent page
OAUTH_ACCESS_TOKEN_TTL No 3600 Access token lifetime (seconds)
OAUTH_REFRESH_TOKEN_TTL No 2592000 Refresh token lifetime (seconds)
ERPNEXT_URL Yes ERPNext instance URL
ERPNEXT_API_KEY Yes ERPNext API key
ERPNEXT_API_SECRET Yes ERPNext API secret
TRUENAS_URL Yes TrueNAS API URL
TRUENAS_API_KEY Yes TrueNAS API key
HASS_URL Yes Home Assistant URL
HASS_TOKEN Yes Home Assistant long-lived token

Endpoints

Endpoint Auth Purpose
GET /health None Health check
GET /status Bearer Detailed backend status
GET /.well-known/oauth-protected-resource None RFC 9728 resource metadata
GET /.well-known/oauth-authorization-server None RFC 8414 server metadata
POST /oauth/register None RFC 7591 dynamic client registration
GET /oauth/authorize None Authorization page (consent form)
POST /oauth/token None Token exchange / refresh
POST /mcp Bearer MCP JSON-RPC endpoint

Testing

# Health check
curl https://mcp.wilddragon.net/health

# Check OAuth metadata
curl https://mcp.wilddragon.net/.well-known/oauth-authorization-server

# Check resource metadata
curl https://mcp.wilddragon.net/.well-known/oauth-protected-resource

# Verify 401 on unauthenticated MCP request
curl -X POST https://mcp.wilddragon.net/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"initialize","params":{},"id":1}'

Adding New Backends

Add a new MCP_BACKEND_<NAME> env var to the gateway service in docker-compose.yml and rebuild. Tools will be auto-discovered and prefixed with the backend name.