refactor: Update server configuration to allow specific CORS origins

config/config.go

@@ -42,11 +42,12 @@ type JwtConfig struct {
 }
 
 type ServerConfig struct {
-	Port         int           `mapstructure:"port" yaml:"port"`
-	RatePeriod   time.Duration `mapstructure:"rate_period" yaml:"rate_period"`
-	RateLimit    int           `mapstructure:"rate_limit" yaml:"rate_limit"`
-	ReadTimeout  time.Duration `mapstructure:"read_timeout" yaml:"read_timeout"`
-	WriteTimeout time.Duration `mapstructure:"write_timeout" yaml:"write_timeout"`
+	Port             int           `mapstructure:"port" yaml:"port"`
+	RatePeriod       time.Duration `mapstructure:"rate_period" yaml:"rate_period"`
+	RateLimit        int           `mapstructure:"rate_limit" yaml:"rate_limit"`
+	ReadTimeout      time.Duration `mapstructure:"read_timeout" yaml:"read_timeout"`
+	WriteTimeout     time.Duration `mapstructure:"write_timeout" yaml:"write_timeout"`
+	CorsAllowOrigins []string      `mapstructure:"cors_allow_origins" yaml:"cors_allow_origins"`
 }
 
 type SchedulerConfig struct {
@@ -79,7 +80,7 @@ type EmailConfig struct {
 func NewConfig() *Config {
 	return &Config{
 		Telegram: TelegramConfig{
-			Token: "",
+			Token: "REMOVED",
 		},
 		Database: DatabaseConfig{
 			Type:      "sqlite",

config/local.yaml

@@ -15,6 +15,8 @@ server:
   write_timeout: 1s
   rate_period: 60s
   rate_limit: 200
+  cors_allow_origins:
+    - "http://localhost:5173"
 
 scheduler_jobs:
   due_job: 30m

main.go

@@ -109,7 +109,8 @@ func newServer(lc fx.Lifecycle, cfg *config.Config, db *gorm.DB, notifier *notif
 		WriteTimeout: cfg.Server.WriteTimeout,
 	}
 	config := cors.DefaultConfig()
-	config.AllowAllOrigins = true
+	config.AllowAllOrigins = !cfg.IsDoneTickDotCom
+	config.AllowOrigins = cfg.Server.CorsAllowOrigins
 	config.AllowCredentials = true
 	config.AddAllowHeaders("Authorization", "secretkey")
 	r.Use(cors.New(config))