package middlewares import ( "gauth-central/internal/services" "net/http" "github.com/gin-gonic/gin" ) // DynamicCorsMiddleware - Database'den okunan CORS ayarlarıyla çalışan middleware func DynamicCorsMiddleware(settingsService *services.SettingsService) gin.HandlerFunc { return func(c *gin.Context) { origin := c.Request.Header.Get("Origin") // If no origin header, skip CORS if origin == "" { c.Next() return } // Check if origin is allowed allowed, err := settingsService.IsOriginAllowed(origin) if err != nil { // On error, log and deny c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{ "error": "Failed to verify CORS policy", }) return } if !allowed { c.AbortWithStatusJSON(http.StatusForbidden, gin.H{ "error": "Origin not allowed by CORS policy", }) return } // Set CORS headers c.Writer.Header().Set("Access-Control-Allow-Origin", origin) c.Writer.Header().Set("Access-Control-Allow-Credentials", "true") c.Writer.Header().Set("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization") c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS") c.Writer.Header().Set("Access-Control-Max-Age", "86400") // 24 hours // Handle preflight requests if c.Request.Method == "OPTIONS" { c.AbortWithStatus(http.StatusNoContent) return } c.Next() } }