feat(api): add model delete, pagination, and cors config

internal/config/config.go

@@ -11,6 +11,7 @@ import (
 
 type Config struct {
 	Server        ServerConfig
+	CORS          CORSConfig
 	Postgres      PostgresConfig
 	Redis         RedisConfig
 	Log           LogConfig
@@ -24,6 +25,10 @@ type ServerConfig struct {
 	Port string
 }
 
+type CORSConfig struct {
+	AllowOrigins []string
+}
+
 type AuthConfig struct {
 	JWTSecret string
 }
@@ -70,6 +75,7 @@ func Load() (*Config, error) {
 	v := viper.New()
 
 	v.SetDefault("server.port", "8080")
+	v.SetDefault("cors.allow_origins", "*")
 	v.SetDefault("postgres.dsn", "host=localhost user=postgres password=postgres dbname=ezapi port=5432 sslmode=disable")
 	v.SetDefault("redis.addr", "localhost:6379")
 	v.SetDefault("redis.password", "")
@@ -96,6 +102,7 @@ func Load() (*Config, error) {
 	v.AutomaticEnv()
 
 	_ = v.BindEnv("server.port", "EZ_API_PORT")
+	_ = v.BindEnv("cors.allow_origins", "EZ_CORS_ALLOW_ORIGINS")
 	_ = v.BindEnv("postgres.dsn", "EZ_PG_DSN")
 	_ = v.BindEnv("redis.addr", "EZ_REDIS_ADDR")
 	_ = v.BindEnv("redis.password", "EZ_REDIS_PASSWORD")
@@ -137,6 +144,9 @@ func Load() (*Config, error) {
 		Server: ServerConfig{
 			Port: v.GetString("server.port"),
 		},
+		CORS: CORSConfig{
+			AllowOrigins: splitCommaList(v.GetString("cors.allow_origins")),
+		},
 		Postgres: PostgresConfig{
 			DSN: v.GetString("postgres.dsn"),
 		},
@@ -176,3 +186,16 @@ func Load() (*Config, error) {
 
 	return cfg, nil
 }
+
+func splitCommaList(raw string) []string {
+	parts := strings.Split(raw, ",")
+	out := make([]string, 0, len(parts))
+	for _, part := range parts {
+		part = strings.TrimSpace(part)
+		if part == "" {
+			continue
+		}
+		out = append(out, part)
+	}
+	return out
+}