Add .env.example and implement CORS configuration

Author: mhajder

.env.example

@@ -0,0 +1,17 @@
+# Environment variables for devil-api
+# API Key for authentication
+DEVIL_API_KEY=your-api-key-here
+
+# Logging level (DEBUG, INFO, WARNING, ERROR)
+LOG_LEVEL=INFO
+
+# Authentication settings
+AUTH_FAIL_THRESHOLD=5
+AUTH_BLOCK_SECONDS=300
+
+# CORS configuration - comma-separated list of allowed origins
+# Examples:
+# CORS_ORIGINS=http://localhost:3000,http://localhost:8080
+# CORS_ORIGINS=https://yourdomain.com,https://app.yourdomain.com
+# Leave empty to disable CORS
+CORS_ORIGINS=

README.md

@@ -80,6 +80,7 @@ export DEVIL_API_KEY="your-secret"
 export LOG_LEVEL="INFO"
 export AUTH_FAIL_THRESHOLD="5"
 export AUTH_BLOCK_SECONDS="300"
+export CORS_ORIGINS=http://localhost:3000,https://yourapp.com
 ```
 
 ## Usage
@@ -126,13 +127,15 @@ Notes:
 - LOG_LEVEL (optional): e.g., INFO, DEBUG
 - AUTH_FAIL_THRESHOLD (optional, default 5): number of failed attempts before blocking
 - AUTH_BLOCK_SECONDS (optional, default 300): block duration in seconds
+- CORS_ORIGINS (optional): comma-separated list of allowed origins for CORS. Leave empty to disable CORS
 
 Create a local .env file to load automatically:
 ```
 DEVIL_API_KEY=your-secret
 LOG_LEVEL=INFO
 AUTH_FAIL_THRESHOLD=5
 AUTH_BLOCK_SECONDS=300
+CORS_ORIGINS=http://localhost:3000,https://yourapp.com
 ```
 
 ## Contributing

app/main.py

@@ -5,9 +5,11 @@
 from importlib.metadata import PackageNotFoundError
 from importlib.metadata import version
 
+from dotenv import load_dotenv
 from fastapi import Depends
 from fastapi import FastAPI
 from fastapi import Request
+from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse
 
 from app.api.endpoints import dns
@@ -27,6 +29,9 @@
 from app.services.socket_client import DevilSocketError
 from app.services.socket_client import DevilSocketProtocolError
 
+# Load environment variables from .env file
+load_dotenv()
+
 log_level = os.getenv("LOG_LEVEL", "INFO").upper()
 logging.basicConfig(level=getattr(logging, log_level, logging.INFO))
 
@@ -38,6 +43,21 @@
 
 app = FastAPI(title="devil API", version=__version__)
 
+# CORS configuration
+cors_origins_str = os.getenv("CORS_ORIGINS", "")
+cors_origins = [
+    origin.strip() for origin in cors_origins_str.split(",") if origin.strip()
+]
+
+if cors_origins:
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=cors_origins,
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )
+
 
 # Include routers
 protected_dependency = [Depends(verify_api_key)]