Add access control configuration

config.example.yml

@@ -7,3 +7,7 @@ cache:
   java_status_duration: 1m
   bedrock_status_duration: 1m
   icon_duration: 24h
+access_control:
+  enable: true
+  allowed_origins:
+    - '*'

src/config.go

@@ -22,6 +22,7 @@ var (
 			BedrockStatusDuration: time.Minute,
 			IconDuration:          time.Minute * 15,
 		},
+		AccessControl: ConfigAccessControl{},
 	}
 )
 
@@ -32,6 +33,7 @@ type Config struct {
 	Port          uint16              `yaml:"port"`
 	Redis         *string             `yaml:"redis"`
 	Cache         ConfigCache         `yaml:"cache"`
+	AccessControl ConfigAccessControl `yaml:"access_control"`
 }
 
 // ConfigCache represents the caching durations of various responses.
@@ -42,6 +44,12 @@ type ConfigCache struct {
 	IconDuration          time.Duration `yaml:"icon_duration"`
 }
 
+// ConfigAccessControl is the configuration for the CORS headers
+type ConfigAccessControl struct {
+	Enable         bool     `yaml:"enable"`
+	AllowedOrigins []string `yaml:"allowed_origins"`
+}
+
 // ReadFile reads the configuration from the given file and overrides values using environment variables.
 func (c *Config) ReadFile(file string) error {
 	data, err := os.ReadFile(file)

src/routes.go

@@ -6,6 +6,7 @@ import (
 	"main/src/assets"
 	"net/http"
 	"strconv"
+	"strings"
 
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cors"
@@ -25,11 +26,13 @@ func init() {
 		Data: assets.Favicon,
 	}))
 
+	if config.AccessControl.Enable {
 		app.Use(cors.New(cors.Config{
-		AllowOrigins:  "*",
+			AllowOrigins:  strings.Join(config.AccessControl.AllowedOrigins, ","),
 			AllowMethods:  "HEAD,OPTIONS,GET,POST",
 			ExposeHeaders: "X-Cache-Hit,X-Cache-Time-Remaining",
 		}))
+	}
 
 	if config.Environment == "development" {
 		app.Use(logger.New(logger.Config{