R2 Uploader
БесплатноНе проверенEnables uploading PR screenshots to Cloudflare R2 via presigned URLs, allowing Claude to attach images to PR descriptions without binary data passing through MC
Описание
Enables uploading PR screenshots to Cloudflare R2 via presigned URLs, allowing Claude to attach images to PR descriptions without binary data passing through MCP.
README
[!WARNING] Deprecated. I no longer use or maintain this. Now I use dtinth/s3-uploader-mcp which supports any S3-compatible object storage service in addition to R2. I originally built this MCP server with Cloudflare Workers because (1) Cloudflare Workers has a built-in integration with R2; and (2) Cloudflare Access has Managed OAuth where it handles the OAuth 2 + DCR dance, making it easy to secure MCP servers without having to handle the MCP Authorization Flow by ourselves (just validate the Cf-Access-Jwt-Assertion header that Cloudflare Access injects into our MCP server). However, (1) The built-in integration with R2 doesn’t support generating presigned URLs, for that we need to generate Access Key and Secret Access Keys, negating the benefits of having a built-in integration; and (2) Cloudflare Access has a session duration cap of 1 month, meaning I must re-authentiate with the MCP server monthly. The resulting service is now hard to deploy and inconvenient to use, unlike the plug-and-play experience I envisioned, hence the pivot.
r2-uploader-mcp
MCP server for uploading PR screenshots to Cloudflare R2, secured by Cloudflare Access.
Claude Code calls get_upload_url, gets a presigned PUT URL, uploads the file
with curl, then embeds the public URL in the PR description. No binary data
goes through MCP — clean and fast.
Architecture
Claude (chat/code)
└── MCP tool call: get_upload_url("before.png")
└── Worker generates R2 presigned PUT URL + public URL
└── Claude Code: curl -X PUT -T before.png "<put_url>"
└── R2 stores file, public URL embeds in PR markdown
Auth flow:
Claude → Cloudflare Access OAuth dance → JWT injected as Cf-Access-Jwt-Assertion
Worker verifies JWT (issuer, audience, expiry) → serves MCP
Upload URLs are presigned using the R2 S3 API
(via aws4fetch) with an R2 API token —
the Worker doesn't use an r2_buckets binding.
Deploy
Everything below is post-deploy dashboard configuration — no code edits or redeploys needed.
1. Create the R2 bucket
wrangler r2 bucket create r2-uploads
Enable public access in the Cloudflare dashboard: R2 → r2-uploads → Settings → Public Access → Enable
Copy the public bucket URL (looks like pub-abc123.r2.dev).
2. Create an R2 API token
- Go to R2 → Overview → Manage API tokens (or R2 → r2-uploads → Settings → API tokens)
- Create API token
- Permissions: Object Read & Write, scoped to the
r2-uploadsbucket - Copy the Access Key ID, Secret Access Key, and your Account ID (shown in the token details / R2 overview sidebar)
3. Create a Cloudflare Access self-hosted app
- Go to Cloudflare One → Access controls → Applications
- Add an application → Self-hosted and private
- Under Destinations → Public hostnames, enter your deployed Worker's subdomain and domain (e.g.
r2-uploader-mcp.<YOUR_SUBDOMAIN>.workers.dev) - Name:
R2 Uploader MCP - Add a policy: allow your email address (or email domain)
- Configure your IdP (Google, GitHub, OTP, etc.)
- On the Additional settings tab, turn on Managed OAuth — this lets non-browser MCP clients (like Claude Code) authenticate via a standard OAuth 2.0 flow instead of a browser redirect
- To connect from claude.ai (web), add
https://claude.ai/api/mcp/auth_callbackas an allowed redirect URI in the Managed OAuth settings - Save — copy the AUD tag from the app's Basic Information (under Additional settings)
4. Set the Worker's secrets
In the Cloudflare dashboard: Workers & Pages → r2-uploader-mcp → Settings → Variables and Secrets, add each of these as a Secret (not a plaintext Variable):
| Secret | Value |
|---|---|
TEAM_DOMAIN |
https://yourteam.cloudflareaccess.com |
POLICY_AUD |
the AUD tag from step 3 |
R2_PUBLIC_DOMAIN |
the public bucket domain from step 1 (e.g. pub-abc123def456.r2.dev) |
R2_ACCOUNT_ID |
your Cloudflare account ID from step 2 |
R2_BUCKET_NAME |
r2-uploads |
R2_ACCESS_KEY_ID |
Access Key ID from step 2 |
R2_SECRET_ACCESS_KEY |
Secret Access Key from step 2 |
ALLOWED_EXTS (optional) |
comma-separated extensions, e.g. .png,.jpg,.webm,.zip,.html. Defaults to .png,.jpg,.jpeg,.gif,.webp |
UPLOAD_PREFIX (optional) |
key prefix for uploaded objects, e.g. screenshots/. Defaults to uploads/ |
These take effect immediately — no redeploy required. Using Secrets (rather
than the vars block in wrangler.jsonc) means they won't be reset by
the automatic redeploys from the Workers Builds pipeline the deploy button
sets up.
The dashboard's "Edit variables" view has a bulk-paste mode — fill in the placeholders below and paste the whole block in:
TEAM_DOMAIN=https://yourteam.cloudflareaccess.com
POLICY_AUD=<AUD tag from Access app>
R2_PUBLIC_DOMAIN=pub-abc123def456.r2.dev
R2_ACCOUNT_ID=<your Cloudflare account ID>
R2_BUCKET_NAME=r2-uploads
R2_ACCESS_KEY_ID=<R2 API token access key id>
R2_SECRET_ACCESS_KEY=<R2 API token secret access key>
ALLOWED_EXTS=.png,.jpg,.jpeg,.gif,.webp
UPLOAD_PREFIX=uploads/
ALLOWED_EXTS and UPLOAD_PREFIX are optional — drop those two lines to use
the defaults shown above. Make sure each one is added as a Secret, not a
plaintext Variable.
5. Connect to Claude
In Claude settings → MCP → Add server:
https://r2-uploader-mcp.<YOUR_SUBDOMAIN>.workers.dev/mcp
Claude will initiate the Access OAuth flow the first time you connect.
Usage
In Claude Code
Tell Claude Code to include a screenshot in the PR:
Take a screenshot of the rendered UI, upload it, and include it in the PR description.
Claude Code will:
- Call
get_upload_url("screenshot.png") - Run the returned
curlcommand to upload - Embed
in the PR body using the returned public URL
Tools
| Tool | Description |
|---|---|
get_upload_url(filename) |
Returns presigned PUT URL + public URL + ready-to-run curl command |
Notes
- Presigned URLs expire in 5 minutes — Claude Code should upload immediately after receiving them
- File types allowed:
.png,.jpg,.jpeg,.gif,.webpby default — configurable via theALLOWED_EXTSvariable - Keys are namespaced as
uploads/<date>/<uuid><ext>by default — configurable via theUPLOAD_PREFIXvariable - The R2 public bucket URL is permanent — uploaded files don't expire
- Public URLs are unguessable (random UUID per file) but not access-controlled — anyone with the link can view the file
- Access logs every connection attempt in the Cloudflare One dashboard
- The Worker logs each request (method, path, authenticated email or rejection reason) and each
get_upload_urlcall to the console — view live withwrangler tailor in Workers & Pages → r2-uploader-mcp → Logs
Установка R2 Uploader
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/dtinth/r2-uploader-mcpFAQ
R2 Uploader MCP бесплатный?
Да, R2 Uploader MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для R2 Uploader?
Нет, R2 Uploader работает без API-ключей и переменных окружения.
R2 Uploader — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить R2 Uploader в Claude Desktop, Claude Code или Cursor?
Открой R2 Uploader на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare R2 Uploader with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
