- graph, dotenv read

- graph, cors and secure header
- web, urql client basic setup

graph/server/main.go

@@ -1,33 +1,42 @@
 package main
 
 import (
+	"fmt"
 	"net/http"
-	"os"
 
 	"gitserver.in/patialtech/mux"
+	"gitserver.in/patialtech/mux/middleware"
+	"gitserver.in/patialtech/rano/config"
 	"gitserver.in/patialtech/rano/graph"
 	"gitserver.in/patialtech/rano/pkg/logger"
 )
 
 func main() {
 	r := mux.NewRouter()
+	// CORS
+	r.Use(middleware.CORS(middleware.CORSOption{
+		AllowedHeaders: []string{"Content-Type"},
+		MaxAge:         60,
+	}))
+	// Secure Headers
+	r.Use(middleware.Helmet(middleware.HelmetOption{
+		ContentSecurityPolicy: middleware.CSP{
+			ScriptSrc: []string{"self", "https://cdn.jsdelivr.net", "unsafe-inline"},
+		},
+	}))
+
 	// graphiql
-	r.Get("/graphiql", graph.GraphiQL("/query"))
+	r.GET("/graphiql", graph.GraphiQL("/query"))
 	// graph query
-	r.Post("/query", graph.Query)
+	r.POST("/query", graph.Query)
 
 	// catch all
-	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
+	r.GET("/", func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte("hello there"))
 	})
 
-	port := os.Getenv("GRAPH_PORT")
-	if port == "" {
-		port = "4001"
-	}
-
 	r.Serve(func(srv *http.Server) error {
-		srv.Addr = ":" + port
+		srv.Addr = fmt.Sprintf(":%d", config.Read().GraphPort)
 		logger.Info("graph server listening on %s", srv.Addr)
 		return srv.ListenAndServe()
 	})