Files
atahango/belgeler/SERVER_STARTUP_CORS_DISPLAY.md
Beyhan Oğur bbbf76b184 first commit
2026-04-26 21:35:24 +03:00

263 lines
7.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Server Startup CORS Display
## 🎯 Özellik
Server başlarken **CORS Whitelist** ve **Blacklist** otomatik olarak console'da gösterilir.
---
## 📺 Örnek Output
### Whitelist ve Blacklist Varsa:
```
___ __ __ ___ ___ ___ _ __ ___ _ _ ___
| _ )| | / \| \ | _ ) / \| |/ / | __|| \| || \
| _ \| |_| () | |) || _ \| - | ' < | _| | . || |) |
|___/|____\__/|___/ |___/|_| |_|_|\_\ |___||_|\_||___/
Go Backend | v1.0.0 | Running
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CORS Configuration (Database-Driven)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ WHITELIST (Allowed Origins):
● 1. https://nextgo.beyhano.net.tr
└─ Production Next.js frontend
● 2. http://localhost:3000
└─ Local development
○ 3. https://staging.beyhano.net.tr
└─ Staging environment (inactive)
🚫 BLACKLIST (Blocked Origins):
● 1. https://spam-site.com
└─ Reason: Spam attempts detected
● 2. https://malicious-domain.com
└─ Reason: Security threat
Legend: ● Active | ○ Inactive
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[GIN-debug] [WARNING] Running in "debug" mode...
[GIN-debug] GET /v1/auth/login --> ...
Server running on port 8080
```
### Whitelist Boşsa (İlk Kurulum):
```
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CORS Configuration (Database-Driven)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ WHITELIST (Allowed Origins):
⚠️ No origins whitelisted! Add origins via API.
🚫 BLACKLIST (Blocked Origins):
✅ No origins blacklisted.
Legend: ● Active | ○ Inactive
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
```
### Database Error:
```
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CORS Configuration (Database-Driven)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
❌ Failed to load whitelist: database connection error
❌ Failed to load blacklist: database connection error
Legend: ● Active | ○ Inactive
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
```
---
## 🎨 Renk Kodları
| Sembol | Anlamı | Renk |
|--------|--------|------|
| `●` | Active (Aktif) | Yeşil |
| `○` | Inactive (Pasif) | Kırmızı/Sarı |
| `✅` | Success | Yeşil |
| `❌` | Error | Kırmızı |
| `⚠️` | Warning | Sarı |
| `🚫` | Blocked | Kırmızı |
---
## 📋 Bilgiler
### Whitelist Display:
```
● 1. https://example.com
└─ Description here
```
- **Numara:** Sıra numarası
- **Origin:** CORS izinli domain
- **Description:** Opsiyonel açıklama
- **Status:**
- `●` (Yeşil) = Active (is_active = true)
- `○` (Kırmızı) = Inactive (is_active = false)
### Blacklist Display:
```
● 1. https://spam.com
└─ Reason: Spam attempts
```
- **Numara:** Sıra numarası
- **Origin:** CORS yasaklı domain
- **Reason:** Neden yasaklandığı
- **Status:**
- `●` (Kırmızı) = Active (is_active = true)
- `○` (Sarı) = Inactive (is_active = false)
---
## 🔧 Kod
`main.go`:
```go
func displayCorsConfiguration(settingsService *services.SettingsService) {
fmt.Println("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━")
fmt.Println(" CORS Configuration (Database-Driven)")
fmt.Println("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━")
// Get Whitelist from database
whitelists, err := settingsService.GetAllCorsWhitelist()
// Display each whitelist entry
for i, w := range whitelists {
status := "●" // Active
if !w.IsActive {
status = "○" // Inactive
}
fmt.Printf(" %s %d. %s\n", status, i+1, w.Origin)
if w.Description != "" {
fmt.Printf(" └─ %s\n", w.Description)
}
}
// Same for blacklist...
}
```
---
## 🚀 Kullanım
### 1. Server'ı Başlat
```bash
./main
```
### 2. CORS Listelerini Gör
Server başlarken otomatik olarak gösterilir!
### 3. Origin Ekle/Sil
```bash
# Whitelist'e ekle
curl -X POST http://localhost:8080/v1/settings/cors/whitelist \
-H "Authorization: Bearer $TOKEN" \
-d '{"origin":"https://newdomain.com","description":"New app"}'
# Server'ı restart et
./main
# Yeni origin liste
de görünür!
```
---
## 💡 Avantajlar
**Görünürlük**
- Hangi origin'lerin izinli olduğunu hemen görürsünüz
- Blacklist'te hangi domain'ler var anında belli
**Debug**
- CORS 403 hatalarını anında anlarsınız
- Eksik origin'leri hemen tespit edebilirsiniz
**Audit**
- Server startup loglarında CORS config kayıtlı kalır
- Production'da hangi origin'lerin kullanıldığı belli
**Security**
- Blacklist'teki tehdit origin'leri görebilirsiniz
- Beklenmeyen origin'leri tespit edebilirsiniz
---
## 🎯 Production'da
### Beklenen Output:
```
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CORS Configuration (Database-Driven)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ WHITELIST (Allowed Origins):
● 1. https://nextgo.beyhano.net.tr
└─ Production Next.js frontend
● 2. https://app.beyhano.net.tr
└─ Production React app
🚫 BLACKLIST (Blocked Origins):
✅ No origins blacklisted.
Legend: ● Active | ○ Inactive
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
```
### İlk Deploy (Whitelist Boş):
```
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CORS Configuration (Database-Driven)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ WHITELIST (Allowed Origins):
⚠️ No origins whitelisted! Add origins via API.
🚫 BLACKLIST (Blocked Origins):
✅ No origins blacklisted.
Legend: ● Active | ○ Inactive
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
```
**Hemen origin ekleyin:**
```bash
./fix-cors-403.sh
```
---
## 📝 Notlar
-**Database-driven:** Her server restart'ta database'den okunur
-**Real-time:** Origin ekleme/silme sonrası restart gerekir
-**Color-coded:** Aktif/Pasif origin'ler farklı renkte
-**Descriptive:** Her origin için açıklama gösterilir
-**Error handling:** Database bağlantı hataları gösterilir
---
## ✅ Sonuç
**Server startup'ta CORS configuration artık görünür!**
- Whitelist ve blacklist otomatik gösterilir
- Renk kodları ile kolay okunur
- Production'da hangi origin'lerin aktif olduğu belli
- Debug ve troubleshooting kolaylaşır
**Tüm değişiklikler `main.go` dosyasında!**