From 8940ab6ce9803c444ea42687216b621d94af4291 Mon Sep 17 00:00:00 2001
From: Anton <vakabunga@proton.me>
Date: Wed, 4 Mar 2026 13:45:37 +0300
Subject: [PATCH] feat: add security plugin

Made-with: Cursor
---
 src/plugins/security.ts | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 src/plugins/security.ts

diff --git a/src/plugins/security.ts b/src/plugins/security.ts
new file mode 100644
index 0000000..06187a4
--- /dev/null
+++ b/src/plugins/security.ts
@@ -0,0 +1,21 @@
+import { FastifyInstance, FastifyPluginAsync } from 'fastify';
+import helmet from '@fastify/helmet';
+import cors from '@fastify/cors';
+import fp from 'fastify-plugin';
+import { getCorsOrigins } from '../config/env.js';
+
+const securityPlugin: FastifyPluginAsync = async (app: FastifyInstance) => {
+  await app.register(helmet, {
+    contentSecurityPolicy: false,
+    crossOriginEmbedderPolicy: false,
+  });
+
+  await app.register(cors, {
+    origin: getCorsOrigins(),
+    credentials: true,
+    methods: ['GET', 'POST', 'PATCH', 'DELETE', 'PUT', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization'],
+  });
+};
+
+export default fp(securityPlugin, { name: 'security' });