Merge remote-tracking branch 'origin/master'

2026-02-13 23:23:55 +03:00
parent f7211d5cf7
commit 78f183c9ee
3 changed files with 22 additions and 87 deletions
--- a/svc/db/postgres.go
+++ b/svc/db/postgres.go
@@ -18,7 +18,7 @@ func ConnectPostgres() (*sql.DB, error) {
 	connStr := os.Getenv("POSTGRES_CONN")
 	if connStr == "" {
 		// fallback → sabit tanımlı bağlantı
-		connStr = "host=127.0.0.1 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable"
+		connStr = "host= 46.224.33.150 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable"
 		//connStr = "host=172.16.0.3 port=5432 user=postgres password=tayitkan dbname=baggib2b sslmode=disable"
 	}

--- a/svc/main.go
+++ b/svc/main.go
@@ -27,15 +27,33 @@ import (
 ===========================================================
 */
 func enableCORS(h http.Handler) http.Handler {
+
+	frontendURL := os.Getenv("APP_FRONTEND_URL")
+
+	// Default fallback (dev için)
+	if frontendURL == "" {
+		frontendURL = "http://localhost:9000"
+	}
+
+	log.Println("🌍 CORS Allowed Origin:", frontendURL)
+
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

-		w.Header().Set("Access-Control-Allow-Origin", "http://localhost:9000")
-		w.Header().Set("Access-Control-Allow-Credentials", "true")
+		origin := r.Header.Get("Origin")
+
+		// Sadece izin verilen origin'e cevap ver
+		if origin == frontendURL {
+			w.Header().Set("Access-Control-Allow-Origin", origin)
+			w.Header().Set("Vary", "Origin")
+			w.Header().Set("Access-Control-Allow-Credentials", "true")
+		}
+
 		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
 		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")

+		// Preflight
 		if r.Method == http.MethodOptions {
-			w.WriteHeader(http.StatusOK)
+			w.WriteHeader(http.StatusNoContent)
 			return
 		}