admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: restrict CORS origins, require payment env vars, replace raw SQL with Prisma findMany

Browse Source 
- AI service: replace allow_origins=["*"] with env-configured AI_CORS_ORIGINS
- Payment services (VNPay, MoMo, ZaloPay): use requireEnv() instead of empty string defaults for credentials
- Search indexer: replace raw SQL template literals with Prisma findMany + parameterized PostGIS queries

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-08 06:11:59 +07:00
parent 271ad76e6f
commit 811417d77d
6 changed files with 136 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libs/ai-services/app/config.py
View File

@@ -6,8 +6,17 @@ class Settings(BaseSettings):
debug: bool = False
model_path: str = "/app/models"
log_level: str = "info"
cors_origins: str = ""
api_key: str = ""
rate_limit: str = "60/minute"
model_config = {"env_prefix": "AI_"}
@property
def cors_origin_list(self) -> list[str]:
if not self.cors_origins:
return []
return [o.strip() for o in self.cors_origins.split(",") if o.strip()]
settings = Settings()