url-safety-validator-mcp 1.2.20 → 1.2.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/package.json +1 -1
- package/src/server.js +7 -1
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to URL Safety Validator MCP are documented here.
|
|
4
4
|
|
|
5
|
+
## [1.2.21] — 2026-06-17
|
|
6
|
+
- fix: Stripe webhook now validates payment_link ID — ignores events not belonging to this server
|
|
7
|
+
|
|
5
8
|
## [1.2.20] — 2026-06-17
|
|
6
9
|
- feat: SmitheryBot detection on check_url — returns mock SAFE verdict without consuming Google Safe Browsing credits
|
|
7
10
|
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "url-safety-validator-mcp",
|
|
3
3
|
"mcpName": "io.github.OjasKord/url-safety-validator-mcp",
|
|
4
|
-
"version": "1.2.
|
|
4
|
+
"version": "1.2.21",
|
|
5
5
|
"description": "URL safety checker for AI agents. Detects phishing, malware, typosquatting before your agent visits any link. BLOCK/ALLOW verdict in one call.",
|
|
6
6
|
"main": "src/server.js",
|
|
7
7
|
"scripts": {
|
package/src/server.js
CHANGED
|
@@ -5,9 +5,10 @@ const fs = require('fs');
|
|
|
5
5
|
const crypto = require('crypto');
|
|
6
6
|
const { Readable } = require('stream');
|
|
7
7
|
|
|
8
|
-
const VERSION = '1.2.
|
|
8
|
+
const VERSION = '1.2.21';
|
|
9
9
|
const PRO_UPGRADE_URL = 'https://buy.stripe.com/5kQeVc9Ah4n3c8c0h2ebu0t';
|
|
10
10
|
const ENTERPRISE_UPGRADE_URL = 'https://buy.stripe.com/4gMdR88wddXDfko0h2ebu0u';
|
|
11
|
+
const ALLOWED_PAYMENT_LINK_IDS = ['plink_1TQzIHD6WvRe6sn3820kFk07', 'plink_1TQzJdD6WvRe6sn3GN8mQkj9'];
|
|
11
12
|
const PORT = process.env.PORT || 3000;
|
|
12
13
|
const STATS_KEY = process.env.STATS_KEY || 'ojas2026';
|
|
13
14
|
const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY || '';
|
|
@@ -695,6 +696,11 @@ const server = http.createServer(async (req, res) => {
|
|
|
695
696
|
const event = JSON.parse(rawBody);
|
|
696
697
|
if (event.type === 'checkout.session.completed') {
|
|
697
698
|
const session = event.data.object;
|
|
699
|
+
const paymentLinkId = session.payment_link;
|
|
700
|
+
if (paymentLinkId && !ALLOWED_PAYMENT_LINK_IDS.includes(paymentLinkId)) {
|
|
701
|
+
console.log('[url-safety] Webhook received but payment link ' + paymentLinkId + ' not for this server — ignoring.');
|
|
702
|
+
res.writeHead(200, cors); res.end(JSON.stringify({ received: true, ignored: true })); return;
|
|
703
|
+
}
|
|
698
704
|
const key = 'usv_' + crypto.randomBytes(16).toString('hex');
|
|
699
705
|
const email = session.customer_details?.email || session.customer_email || 'unknown';
|
|
700
706
|
const record = { email, created_at: nowISO(), plan: 'pro' };
|