From da4058483a58c192af9ebbae1065adb1fa5442c6 Mon Sep 17 00:00:00 2001 From: Garfield Date: Tue, 19 May 2026 05:39:48 -0400 Subject: [PATCH] fix(auth): switch to K8s Redis, add claude.ai/chatgpt CORS origins MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - REDIS_URL → K8s ClusterIP with auth (fixes silent hang on host Redis) - Socket timeouts (connectTimeout 3s, socketTimeout 5s) on Redis client - Add claude.ai, chatgpt.com, chat.openai.com to CORS allowlist - Update hermes-mcp image SHA (includes above changes) - Add squaremcp-broker-demo.mp4 to site Dockerfile; bump site image SHA Co-Authored-By: Claude Sonnet 4.6 --- hermes-k8s.yaml | 4 ++-- product/site/Dockerfile | 1 + product/site/squaremcp-k8s-ingress.yaml | 2 +- src/index.ts | 3 +++ src/redis.ts | 6 +++++- 5 files changed, 12 insertions(+), 4 deletions(-) diff --git a/hermes-k8s.yaml b/hermes-k8s.yaml index cd4d99b..1197e46 100644 --- a/hermes-k8s.yaml +++ b/hermes-k8s.yaml @@ -22,7 +22,7 @@ spec: fsGroup: 1000 containers: - name: hermes-mcp - image: localhost:32000/hermes-mcp@sha256:b566707150fb4dd3f566b5c258d6f4d0ed8bf5c4405321268dfc647afa0ddda2 + image: localhost:32000/hermes-mcp@sha256:b3716e0d7a86ba3b34047b75cd8af91078aaf9a1dcd64760bd238f358fb79e3f imagePullPolicy: Always securityContext: allowPrivilegeEscalation: false @@ -116,7 +116,7 @@ spec: - name: MYSQL_PASSWORD value: "fetcherpay" - name: REDIS_URL - value: "redis://127.0.0.1:6379" + value: "redis://:redis_secure_2024@10.152.183.80:6379" - name: CREDENTIAL_ENCRYPTION_KEY value: "4ef9c48e9f4e5dfa843d4bfcc3a8f69c5ad5738326c8b0e878076853ae4b8416" - name: JWT_SECRET diff --git a/product/site/Dockerfile b/product/site/Dockerfile index e8a37e8..5625b77 100644 --- a/product/site/Dockerfile +++ b/product/site/Dockerfile @@ -7,6 +7,7 @@ COPY product/site/script.js /usr/share/nginx/html/script.js COPY product/site/squaremcp-logo.svg /usr/share/nginx/html/squaremcp-logo.svg COPY product/site/squaremcp-hero-loop.mp4 /usr/share/nginx/html/squaremcp-hero-loop.mp4 COPY product/site/squaremcp-tiktok-launch.mp4 /usr/share/nginx/html/squaremcp-tiktok-launch.mp4 +COPY product/site/squaremcp-broker-demo.mp4 /usr/share/nginx/html/squaremcp-broker-demo.mp4 COPY product/site/tiktok /usr/share/nginx/html/tiktok COPY product/site/tiktokkFNJHjzDuzvGIlXnK4MaGw3MSluybOih.txt /usr/share/nginx/html/tiktokkFNJHjzDuzvGIlXnK4MaGw3MSluybOih.txt COPY product/site/privacy.html /usr/share/nginx/html/privacy.html diff --git a/product/site/squaremcp-k8s-ingress.yaml b/product/site/squaremcp-k8s-ingress.yaml index 1bdbddf..bd5904a 100644 --- a/product/site/squaremcp-k8s-ingress.yaml +++ b/product/site/squaremcp-k8s-ingress.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: squaremcp-site - image: localhost:32000/squaremcp-site@sha256:395e736f1899ce0f2402e34caa95359e2eb54b5424318cf8139982e66b35a974 + image: localhost:32000/squaremcp-site@sha256:1330b918347b873b8dc18dc309349bc47c300463c7b6d5e43d4270bb17366269 imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/src/index.ts b/src/index.ts index 00ad12e..29d12b3 100644 --- a/src/index.ts +++ b/src/index.ts @@ -89,6 +89,9 @@ const SQUAREMCP_ALLOWED_ORIGINS = new Set([ 'https://www.squaremcp.com', 'https://app.squaremcp.com', 'https://tiktok.squaremcp.com', + 'https://claude.ai', + 'https://chatgpt.com', + 'https://chat.openai.com', ]); type PilotRequestBody = { diff --git a/src/redis.ts b/src/redis.ts index 71e8bed..41a4df7 100644 --- a/src/redis.ts +++ b/src/redis.ts @@ -1,6 +1,10 @@ import { createClient } from 'redis'; -const redis = createClient({ url: process.env.REDIS_URL }); +const redis = createClient({ + url: process.env.REDIS_URL, + socket: { connectTimeout: 3000, socketTimeout: 5000 }, +}); +redis.on('error', (err) => console.error('[redis] error:', err.message)); redis.connect().catch((err) => console.error('[redis] connect error:', err)); export default redis;