refactor: Update server configuration to allow specific CORS origins

config/config.go

@@ -47,6 +47,7 @@ type ServerConfig struct {
 	RateLimit        int           `mapstructure:"rate_limit" yaml:"rate_limit"`
 	ReadTimeout      time.Duration `mapstructure:"read_timeout" yaml:"read_timeout"`
 	WriteTimeout     time.Duration `mapstructure:"write_timeout" yaml:"write_timeout"`
+	CorsAllowOrigins []string      `mapstructure:"cors_allow_origins" yaml:"cors_allow_origins"`
 }
 
 type SchedulerConfig struct {
@@ -79,7 +80,7 @@ type EmailConfig struct {
 func NewConfig() *Config {
 	return &Config{
 		Telegram: TelegramConfig{
-			Token: "",
+			Token: "REMOVED",
 		},
 		Database: DatabaseConfig{
 			Type:      "sqlite",

config/local.yaml

@@ -15,6 +15,8 @@ server:
   write_timeout: 1s
   rate_period: 60s
   rate_limit: 200
+  cors_allow_origins:
+    - "http://localhost:5173"
 
 scheduler_jobs:
   due_job: 30m

main.go

@@ -109,7 +109,8 @@ func newServer(lc fx.Lifecycle, cfg *config.Config, db *gorm.DB, notifier *notif
 		WriteTimeout: cfg.Server.WriteTimeout,
 	}
 	config := cors.DefaultConfig()
-	config.AllowAllOrigins = true
+	config.AllowAllOrigins = !cfg.IsDoneTickDotCom
+	config.AllowOrigins = cfg.Server.CorsAllowOrigins
 	config.AllowCredentials = true
 	config.AddAllowHeaders("Authorization", "secretkey")
 	r.Use(cors.New(config))