Add secure headers and cors middlewares

2025-11-06 07:54:22 +00:00 · 2024-11-10 20:43:24 +01:00
parent 77d9abb691
commit e275b45c86
4 changed files with 45 additions and 0 deletions
--- a/backend/internal/config/config.go
+++ b/backend/internal/config/config.go
@@ -5,6 +5,7 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
+	"strings"
 	"time"

 	"novamd/internal/crypto"
@@ -15,12 +16,15 @@ type Config struct {
 	WorkDir           string
 	StaticPath        string
 	Port              string
+	AppURL            string
+	CORSOrigins       []string
 	AdminEmail        string
 	AdminPassword     string
 	EncryptionKey     string
 	JWTSigningKey     string
 	RateLimitRequests int
 	RateLimitWindow   time.Duration
+	IsDevelopment     bool
 }

 func DefaultConfig() *Config {
@@ -31,6 +35,7 @@ func DefaultConfig() *Config {
 		Port:              "8080",
 		RateLimitRequests: int(10),
 		RateLimitWindow:   time.Minute,
+		IsDevelopment:     false,
 	}
 }

@@ -51,6 +56,10 @@ func (c *Config) Validate() error {
 func Load() (*Config, error) {
 	config := DefaultConfig()

+	if env := os.Getenv("NOVAMD_ENV"); env != "" {
+		config.IsDevelopment = env == "development"
+	}
+
 	if dbPath := os.Getenv("NOVAMD_DB_PATH"); dbPath != "" {
 		config.DBPath = dbPath
 	}
@@ -73,6 +82,14 @@ func Load() (*Config, error) {
 		config.Port = port
 	}

+	if appURL := os.Getenv("NOVAMD_APP_URL"); appURL != "" {
+		config.AppURL = appURL
+	}
+
+	if corsOrigins := os.Getenv("NOVAMD_CORS_ORIGINS"); corsOrigins != "" {
+		config.CORSOrigins = strings.Split(corsOrigins, ",")
+	}
+
 	config.AdminEmail = os.Getenv("NOVAMD_ADMIN_EMAIL")
 	config.AdminPassword = os.Getenv("NOVAMD_ADMIN_PASSWORD")
 	config.EncryptionKey = os.Getenv("NOVAMD_ENCRYPTION_KEY")