Files
backend/internal/middleware/cors.go
lafay 15e7c99353
Some checks failed
Build Backend / build (push) Failing after 46s
Build Backend / build-docker (push) Has been skipped
chore(config): update allowed origins from bbs to withyou domain
Update WebSocket and CORS allowed origins to reflect the project rename from "Carrot BBS" to "WithYou", changing bbs.littlelan.cn to withyou.littlelan.cn.
2026-04-22 16:40:11 +08:00

59 lines
1.4 KiB
Go

package middleware
import (
"net/http"
"strings"
"github.com/gin-gonic/gin"
)
var allowedOrigins = []string{
"https://withyou.littlelan.cn",
"https://admin.littlelan.cn",
"https://browser.littlelan.cn",
"http://localhost:3000",
"http://localhost:5173",
"http://127.0.0.1:3000",
"http://127.0.0.1:5173",
}
func isAllowedOrigin(origin string) bool {
for _, o := range allowedOrigins {
if o == origin {
return true
}
}
if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") {
return true
}
if strings.HasPrefix(origin, "https://") && strings.HasSuffix(origin, ".littlelan.cn") {
return true
}
return false
}
func CORS() gin.HandlerFunc {
return func(c *gin.Context) {
origin := c.GetHeader("Origin")
if isAllowedOrigin(origin) {
c.Header("Access-Control-Allow-Origin", origin)
c.Header("Access-Control-Allow-Credentials", "true")
}
c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
c.Header("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization, Connection, Upgrade, Sec-WebSocket-Key, Sec-WebSocket-Version, Sec-WebSocket-Protocol, Sec-WebSocket-Extensions")
c.Header("Access-Control-Expose-Headers", "Content-Length, Connection, Upgrade")
if c.Request.Method == "OPTIONS" {
c.AbortWithStatus(http.StatusNoContent)
return
}
c.Next()
}
}