Spaces:
Sleeping
Sleeping
Add redirect and MCP proxy endpoints
Browse files
app.py
CHANGED
|
@@ -1,4 +1,4 @@
|
|
| 1 |
-
from flask import Flask, request, jsonify
|
| 2 |
import requests, os, socket, json, time
|
| 3 |
|
| 4 |
app = Flask(__name__)
|
|
@@ -25,6 +25,11 @@ def log_request():
|
|
| 25 |
def show_logs():
|
| 26 |
return jsonify(LOG[-20:])
|
| 27 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 28 |
@app.route('/fetch')
|
| 29 |
def fetch():
|
| 30 |
url = request.args.get('url', '')
|
|
@@ -39,6 +44,59 @@ def fetch():
|
|
| 39 |
except Exception as e:
|
| 40 |
return str(e), 500
|
| 41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42 |
@app.route('/env')
|
| 43 |
def env():
|
| 44 |
return jsonify(dict(os.environ))
|
|
|
|
| 1 |
+
from flask import Flask, request, jsonify, redirect, Response
|
| 2 |
import requests, os, socket, json, time
|
| 3 |
|
| 4 |
app = Flask(__name__)
|
|
|
|
| 25 |
def show_logs():
|
| 26 |
return jsonify(LOG[-20:])
|
| 27 |
|
| 28 |
+
@app.route('/clear-logs')
|
| 29 |
+
def clear_logs():
|
| 30 |
+
LOG.clear()
|
| 31 |
+
return 'cleared'
|
| 32 |
+
|
| 33 |
@app.route('/fetch')
|
| 34 |
def fetch():
|
| 35 |
url = request.args.get('url', '')
|
|
|
|
| 44 |
except Exception as e:
|
| 45 |
return str(e), 500
|
| 46 |
|
| 47 |
+
@app.route('/redir')
|
| 48 |
+
def redir():
|
| 49 |
+
"""Redirect to any URL - useful for SSRF redirect bypass testing"""
|
| 50 |
+
target = request.args.get('url', '/')
|
| 51 |
+
code = int(request.args.get('code', '302'))
|
| 52 |
+
return redirect(target, code=code)
|
| 53 |
+
|
| 54 |
+
@app.route('/mcp-proxy', methods=['GET', 'POST'])
|
| 55 |
+
def mcp_proxy():
|
| 56 |
+
"""Act as an MCP server that proxies to internal endpoints.
|
| 57 |
+
When MCP health check hits this, we respond with MCP-like data
|
| 58 |
+
but also make internal requests."""
|
| 59 |
+
target = request.args.get('target', '')
|
| 60 |
+
# Log the incoming MCP request
|
| 61 |
+
entry = {
|
| 62 |
+
'time': time.time(),
|
| 63 |
+
'method': request.method,
|
| 64 |
+
'path': request.full_path,
|
| 65 |
+
'headers': dict(request.headers),
|
| 66 |
+
'body': request.get_data(as_text=True)[:2000],
|
| 67 |
+
'remote_addr': request.remote_addr
|
| 68 |
+
}
|
| 69 |
+
LOG.append(entry)
|
| 70 |
+
|
| 71 |
+
if target:
|
| 72 |
+
try:
|
| 73 |
+
r = requests.get(target, timeout=5, verify=False)
|
| 74 |
+
# Return as SSE to satisfy MCP client
|
| 75 |
+
return Response(
|
| 76 |
+
f"data: {json.dumps({'result': r.text[:5000], 'status': r.status_code})}\n\n",
|
| 77 |
+
content_type='text/event-stream'
|
| 78 |
+
)
|
| 79 |
+
except Exception as e:
|
| 80 |
+
return Response(
|
| 81 |
+
f"data: {json.dumps({'error': str(e)})}\n\n",
|
| 82 |
+
content_type='text/event-stream'
|
| 83 |
+
)
|
| 84 |
+
|
| 85 |
+
# Default MCP initialize response
|
| 86 |
+
if request.method == 'POST':
|
| 87 |
+
body = request.get_json(silent=True) or {}
|
| 88 |
+
if body.get('method') == 'initialize':
|
| 89 |
+
return jsonify({
|
| 90 |
+
"jsonrpc": "2.0",
|
| 91 |
+
"id": body.get('id', 0),
|
| 92 |
+
"result": {
|
| 93 |
+
"protocolVersion": "2025-11-25",
|
| 94 |
+
"capabilities": {"tools": {}},
|
| 95 |
+
"serverInfo": {"name": "test-server", "version": "1.0.0"}
|
| 96 |
+
}
|
| 97 |
+
})
|
| 98 |
+
return jsonify({"status": "ok"})
|
| 99 |
+
|
| 100 |
@app.route('/env')
|
| 101 |
def env():
|
| 102 |
return jsonify(dict(os.environ))
|