From 49d877486c7c5c31edbc25fca687a0130888f1c4 Mon Sep 17 00:00:00 2001
From: Mo Tarbin <mhed.t91@gmail.com>
Date: Sun, 30 Jun 2024 22:58:33 -0400
Subject: [PATCH] refactor: Update server configuration to allow specific CORS
 origins

---
 config/config.go  | 13 +++++++------
 config/local.yaml |  2 ++
 main.go           |  3 ++-
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/config/config.go b/config/config.go
index b1f73a1..f89527c 100644
--- a/config/config.go
+++ b/config/config.go
@@ -42,11 +42,12 @@ type JwtConfig struct {
 }
 
 type ServerConfig struct {
-	Port         int           `mapstructure:"port" yaml:"port"`
-	RatePeriod   time.Duration `mapstructure:"rate_period" yaml:"rate_period"`
-	RateLimit    int           `mapstructure:"rate_limit" yaml:"rate_limit"`
-	ReadTimeout  time.Duration `mapstructure:"read_timeout" yaml:"read_timeout"`
-	WriteTimeout time.Duration `mapstructure:"write_timeout" yaml:"write_timeout"`
+	Port             int           `mapstructure:"port" yaml:"port"`
+	RatePeriod       time.Duration `mapstructure:"rate_period" yaml:"rate_period"`
+	RateLimit        int           `mapstructure:"rate_limit" yaml:"rate_limit"`
+	ReadTimeout      time.Duration `mapstructure:"read_timeout" yaml:"read_timeout"`
+	WriteTimeout     time.Duration `mapstructure:"write_timeout" yaml:"write_timeout"`
+	CorsAllowOrigins []string      `mapstructure:"cors_allow_origins" yaml:"cors_allow_origins"`
 }
 
 type SchedulerConfig struct {
@@ -79,7 +80,7 @@ type EmailConfig struct {
 func NewConfig() *Config {
 	return &Config{
 		Telegram: TelegramConfig{
-			Token: "",
+			Token: "REMOVED",
 		},
 		Database: DatabaseConfig{
 			Type:      "sqlite",
diff --git a/config/local.yaml b/config/local.yaml
index 945a122..751d742 100644
--- a/config/local.yaml
+++ b/config/local.yaml
@@ -15,6 +15,8 @@ server:
   write_timeout: 1s
   rate_period: 60s
   rate_limit: 200
+  cors_allow_origins:
+    - "http://localhost:5173"
 
 scheduler_jobs:
   due_job: 30m
diff --git a/main.go b/main.go
index 3ee2bbf..41ef02f 100644
--- a/main.go
+++ b/main.go
@@ -109,7 +109,8 @@ func newServer(lc fx.Lifecycle, cfg *config.Config, db *gorm.DB, notifier *notif
 		WriteTimeout: cfg.Server.WriteTimeout,
 	}
 	config := cors.DefaultConfig()
-	config.AllowAllOrigins = true
+	config.AllowAllOrigins = !cfg.IsDoneTickDotCom
+	config.AllowOrigins = cfg.Server.CorsAllowOrigins
 	config.AllowCredentials = true
 	config.AddAllowHeaders("Authorization", "secretkey")
 	r.Use(cors.New(config))