security: configurable CORS origins, limit sentinel response body

- Add CORS_ALLOWED_ORIGINS config (comma-separated origins, default allow-all)
- CORS middleware now validates Origin header against allowlist
- Add io.LimitReader to sentinel.go (was unbounded, now 256KB)
- Include previous: agent chat auth middleware + frontend token header
This commit is contained in:
shinchan-zhai
2026-03-23 09:53:49 +08:00
parent 7b602e70e6
commit f26a69d222
7 changed files with 88 additions and 7 deletions

View File

@@ -133,7 +133,7 @@ func searchStock(keyword string) ([]SearchResult, error) {
}
defer resp.Body.Close()
reader := transform.NewReader(resp.Body, simplifiedchinese.GBK.NewDecoder())
reader := transform.NewReader(io.LimitReader(resp.Body, 256*1024), simplifiedchinese.GBK.NewDecoder())
body, err := io.ReadAll(reader)
if err != nil {
return nil, err