package middleware import ( "net/http" "strings" "github.com/gin-gonic/gin" ) var allowedOrigins = []string{ "https://withyou.littlelan.cn", "https://admin.littlelan.cn", "https://browser.littlelan.cn", "http://localhost:3000", "http://localhost:5173", "http://127.0.0.1:3000", "http://127.0.0.1:5173", } func isAllowedOrigin(origin string) bool { for _, o := range allowedOrigins { if o == origin { return true } } if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") { return true } if strings.HasPrefix(origin, "https://") && strings.HasSuffix(origin, ".littlelan.cn") { return true } return false } func CORS() gin.HandlerFunc { return func(c *gin.Context) { origin := c.GetHeader("Origin") if isAllowedOrigin(origin) { c.Header("Access-Control-Allow-Origin", origin) c.Header("Access-Control-Allow-Credentials", "true") } c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS") c.Header("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, Connection, Upgrade, Sec-WebSocket-Key, Sec-WebSocket-Version, Sec-WebSocket-Protocol, Sec-WebSocket-Extensions") c.Header("Access-Control-Expose-Headers", "Content-Length, Connection, Upgrade") if c.Request.Method == "OPTIONS" { c.AbortWithStatus(http.StatusNoContent) return } c.Next() } }