Labsco
brianmoney logo

Gdrive Cloudflare worker

โ˜… 5

from brianmoney

Remote MCP server for Google Drive and Sheets running on Cloudflare Workers with full OAuth 2.0 support.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedAccount requiredAdvanced setup

mcp-gdrive-cf

Remote MCP server for Google Drive and Sheets running on Cloudflare Workers with full OAuth 2.0 support.

Production Ready โœ… | 11 Tools | OAuth 2.0 | PKCE | Global Edge Network

Adapted from isaacphi/mcp-gdrive to run as a remote HTTP/SSE MCP server on Cloudflare's edge network with complete OAuth 2.0 authorization server capabilities.


โœจ Features

Drive Operations

  • ๐Ÿ” Search - Basic and advanced search with filters (MIME type, owner, dates, shared drives)
  • ๐Ÿ“„ Read - Read any file with 22+ export formats (PDF, DOCX, XLSX, Markdown, etc.)
  • ๐Ÿ“ Create Folders - Organize files with nested folder structures
  • โฌ†๏ธ Upload - Upload files up to 5MB
  • ๐Ÿ—‘๏ธ Delete - Move files to trash
  • ๐Ÿ“ฆ Move - Reorganize files between folders
  • ๐Ÿ” Share - Add permissions (reader, writer, commenter, owner)

Sheets Operations

  • ๐Ÿ“Š Read - Batch read multiple ranges
  • โœ๏ธ Update - Update individual cells
  • โž• Append - Add rows to spreadsheets

Infrastructure

  • โ˜๏ธ Global Edge Network - Runs on Cloudflare Workers worldwide
  • ๐Ÿ” OAuth 2.0 Server - Full authorization server with PKCE support
  • ๐Ÿ”‘ Dynamic Client Registration - Automatic client onboarding
  • ๐Ÿ”„ Auto Token Refresh - Seamless Google token renewal
  • ๐Ÿ“ก SSE Transport - Real-time Server-Sent Events
  • ๐Ÿ›ก๏ธ Secure - HTTPS only, encrypted token storage

๐ŸŽฏ What Makes This Different

Unlike the original STDIO-based `mcp-gdrive`, this implementation:

  1. Runs remotely on Cloudflare Workers (no local process)
  2. Full OAuth 2.0 authorization server (not just OAuth client)
  3. Multi-client support via dynamic client registration
  4. PKCE security for public clients
  5. 22+ export formats for Drive files
  6. Write operations (create, delete, move, share, upload)
  7. Production tested with real workloads

๐Ÿ” OAuth 2.0 Flow

This server implements a complete OAuth 2.0 authorization server per the MCP specification.

Using MCP Inspector

The easiest way to test the OAuth flow:

```bash npx @modelcontextprotocol/inspector https://your-worker.workers.dev/sse ```

  1. Discovery - Inspector auto-discovers OAuth endpoints
  2. Registration - Click "Guided Setup" โ†’ registers client automatically
  3. Authorization - Redirects to Google โ†’ authenticates โ†’ redirects back
  4. Token Exchange - Automatically exchanges code for access token
  5. Use Tools - All 11 tools now available!

Security Features

  • โœ… PKCE (RFC 7636) - Proof Key for Code Exchange
  • โœ… State Parameter - CSRF protection
  • โœ… HTTPS Only - Enforced by Cloudflare Workers
  • โœ… Secure Token Storage - Encrypted in Workers KV
  • โœ… Token Expiration - Access tokens expire in 1 hour
  • โœ… Client Secret Hashing - SHA-256 hashed storage
  • โœ… Authorization Code Single-Use - Codes deleted after exchange

๐Ÿ› ๏ธ Available Tools

Drive Tools

  • `gdrive_search` - Basic search across all files
  • `gdrive_search_advanced` - Advanced search with filters
  • `gdrive_read_file` - Read files with 22+ export formats
  • `gdrive_create_folder` - Create folders
  • `gdrive_upload_file` - Upload files (up to 5MB)
  • `gdrive_delete_file` - Move files to trash
  • `gdrive_move_file` - Move files between folders
  • `gdrive_add_permission` - Share files/folders

Sheets Tools

  • `gsheets_read` - Read multiple ranges
  • `gsheets_update_cell` - Update single cells
  • `gsheets_append_row` - Append rows

๐Ÿงช Testing

Local Development

```bash npm start

Server available at http://localhost:8788

```

Test with MCP Inspector

```bash npx @modelcontextprotocol/inspector http://localhost:8788/sse ```

Check CloudFlare Logs

```bash wrangler tail --format pretty ```


๐Ÿ“Š Performance & Limits

ResourceLimitNotes
Request Timeout30 secondsCloudFlare Workers limit
File Upload5 MBSimple upload API limit
File Export10 MBGoogle Drive export limit
Token Storage30 daysAutomatic cleanup
Authorization Code10 minutesSingle-use
Access Token1 hourAuto-refreshed

๐Ÿ”’ Security Best Practices

  1. Never commit secrets - Use `wrangler secret put`
  2. Rotate client secrets - Periodically regenerate OAuth credentials
  3. Monitor access - Use CloudFlare Analytics to track usage
  4. Limit OAuth scopes - Only request necessary Google permissions
  5. Use PKCE - Always use PKCE for public clients
  6. Validate redirect URIs - Whitelist exact URIs in Google Console
  7. Enable 2FA - Protect your CloudFlare and Google accounts

๐Ÿ“„ License

MIT License


๐Ÿ™ Acknowledgments


Made with โ˜๏ธ by Brian Money