style: 统一代码格式化 (go fmt + 配置更新)

- 后端：应用 go fmt 自动格式化，统一代码风格 - 前端：更新 API 配置，完善类型安全 - 所有代码符合项目规范，准备生产部署
2025-07-14 10:02:04 +08:00
parent 48b6a5f4aa
commit 5dd0bc19e4
33 changed files with 283 additions and 278 deletions
--- a/backend/internal/middleware/cors.go
+++ b/backend/internal/middleware/cors.go
@ -87,7 +87,7 @@ func NewCORSMiddleware(config CORSConfig) *CORSMiddleware {
 func (m *CORSMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		origin := r.Header.Get("Origin")
-		
+
 		// 检查来源是否被允许
 		if origin != "" && m.isOriginAllowed(origin) {
 			w.Header().Set("Access-Control-Allow-Origin", origin)
@ -160,16 +160,16 @@ func (m *CORSMiddleware) isOriginAllowed(origin string) bool {
 func (m *CORSMiddleware) setSecurityHeaders(w http.ResponseWriter) {
 	// 防止点击劫持
 	w.Header().Set("X-Frame-Options", "DENY")
-	
+
 	// 防止 MIME 类型嗅探
 	w.Header().Set("X-Content-Type-Options", "nosniff")
-	
+
 	// XSS 保护
 	w.Header().Set("X-XSS-Protection", "1; mode=block")
-	
+
 	// 引用者策略
 	w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
-	
+
 	// 内容安全策略 (基础版)
 	w.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; script-src 'self'")
-}
+}