Add CORS origin

Author: sausagenoods

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.21.1-alpine3.18 as build
+FROM --platform=$BUILDPLATFORM golang:1.22-alpine as build
 WORKDIR /src
 ARG TARGETOS TARGETARCH
 RUN --mount=target=. --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build -o /out/backend -ldflags "-s -w"
@@ -9,4 +9,4 @@ FROM scratch
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 WORKDIR /app
 COPY --from=build /out .
-ENTRYPOINT ["./backend", "-bind=:5001", "-callback-addr=http://backend:5001", "-moneropay=http://moneropay:5000", "-postgres=postgresql://postgres:sup3rs3cure@postgresql:5432/metronero?sslmode=disable", "-token-secret=xufeg6uoth4oM7CohK2D", "-callback-url=http://backend:5001/callback"]
+ENTRYPOINT ["./backend", "-bind=:5001", "-callback-addr=http://backend:5001", "-moneropay=http://moneropay:5000", "-postgres=postgresql://postgres:sup3rs3cure@postgresql:5432/metronero?sslmode=disable", "-callback-url=http://backend:5001/callback", "-cors-origin=http://*"]

go.mod

@@ -8,6 +8,7 @@ toolchain go1.22.6
 
 require (
 	github.com/go-chi/chi/v5 v5.1.0
+	github.com/go-chi/cors v1.2.1
 	github.com/go-chi/jwtauth/v5 v5.3.1
 	github.com/golang-migrate/migrate/v4 v4.18.1
 	github.com/google/uuid v1.6.0

go.sum

@@ -31,6 +31,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
 github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
+github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-chi/jwtauth/v5 v5.3.1 h1:1ePWrjVctvp1tyBq5b/2ER8Th/+RbYc7x4qNsc5rh5A=
 github.com/go-chi/jwtauth/v5 v5.3.1/go.mod h1:6Fl2RRmWXs3tJYE1IQGX81FsPoGqDwq9c15j52R5q80=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=

internal/utils/config/config.go

@@ -21,6 +21,7 @@ var (
 	MoneroPay              string
 	TemplateDir            string
 	TemplateMaxSize        int
+	CorsOrigin             string
 	DefaultPaymentTemplate *template.Template
 )
 
@@ -36,6 +37,7 @@ func Load() {
 	var logFormat string
 	flag.StringVar(&logFormat, "log-format", "pretty", "Log format (pretty or json)")
 	flag.StringVar(&TemplateDir, "template-dir", "./data/merchant_templates", "Directory to save merchant templates.")
+	flag.StringVar(&CorsOrigin, "cors-origin", "http://*", "Allowed CORS origin")
 	flag.IntVar(&TemplateMaxSize, "template-max-size", 20, "Maximum template upload size in MiB")
 	flag.Parse()
 

internal/utils/server/router.go

@@ -4,8 +4,10 @@ import (
 	"gitea.com/go-chi/session"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
+	"github.com/go-chi/cors"
 
 	"gitlab.com/metronero/backend/internal/app/controllers"
+	"gitlab.com/metronero/backend/internal/utils/config"
 )
 
 func registerRoutes() *chi.Mux {
@@ -20,6 +22,12 @@ func registerRoutes() *chi.Mux {
 		CookieName: "MNSession",
 	}))
 
+	r.Use(cors.Handler(cors.Options{
+		AllowedOrigins:   []string{config.CorsOrigin},
+		AllowedMethods:   []string{"POST", "GET", "PUT", "DELETE"},
+		AllowCredentials: true,
+	}))
+
 	r.Post("/login", controllers.PostLogin)
 
 	r.Group(func(r chi.Router) {