From 0dfa74b76fb4997ac038b69ee35eabd6c56415f6 Mon Sep 17 00:00:00 2001
From: Patrick Alvin Alcala <patrick_alv@yahoo.com>
Date: Fri, 27 Feb 2026 19:34:03 +0800
Subject: [PATCH] Updated backend

---
 backend/main.go | 51 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 48 insertions(+), 3 deletions(-)

diff --git a/backend/main.go b/backend/main.go
index 236efea..ce29a3a 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -30,9 +30,10 @@ func getCORSConfig(env string) cors.Config {
 	switch env {
 	case "dev":
 		return cors.Config{
-			AllowOrigins:     []string{"http://localhost:5173"},
-			AllowMethods:     []string{"GET", "POST", "OPTIONS", "DELETE"},
-			AllowHeaders:     []string{"Origin", "OCBO-Token", "Content-Length", "Content-Type", "X-Server"},
+			AllowOrigins: []string{"http://localhost:5173"},
+			AllowMethods: []string{"GET", "POST", "OPTIONS", "DELETE"},
+			// AllowHeaders:     []string{"Origin", "OCBO-Token", "Content-Length", "Content-Type", "X-Server", "Authorization"},
+			AllowHeaders:     []string{"*"},
 			ExposeHeaders:    []string{"Content-Length"},
 			AllowCredentials: true,
 		}
@@ -2492,5 +2493,49 @@ func connect() {
 		}
 	})
 
+	router.DELETE("/api/delete-esigntransactions", func(c *gin.Context) {
+		type DeleteOPLocal struct {
+			Data string `json:"data"`
+		}
+		var deleteOpLocal DeleteOPLocal
+		if err := c.ShouldBindJSON(&deleteOpLocal); err != nil {
+			c.String(http.StatusBadRequest, "Invalid request body")
+			return
+		}
+
+		c.Writer.Header().Set("X-XSS-Protection", "1; mode=block")
+		c.Writer.Header().Set("X-Content-Type-Options", "nosniff")
+		c.Writer.Header().Set("X-DNS-Prefetch-Control", "off")
+		c.Writer.Header().Set("X-Frame-Options", "DENY")
+		c.Writer.Header().Set("X-Download-Options", "noopen")
+		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+		c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self';")
+		c.Writer.Header().Set("X-Server", "OCBO Server")
+
+		dbpost, err := dbpop.Prepare("DELETE FROM esign_transactions WHERE referenceNo = ?")
+		if err != nil {
+			c.AbortWithError(http.StatusInternalServerError, err)
+			c.String(http.StatusInternalServerError, "Internal Server Error")
+			return
+		}
+		defer dbpost.Close()
+
+		exec, err := dbpost.Exec(deleteOpLocal.Data)
+		if err != nil {
+			panic(err.Error())
+		}
+
+		affect, err := exec.RowsAffected()
+		if err != nil {
+			panic(err.Error())
+		}
+
+		if affect > 0 {
+			c.String(http.StatusOK, "Success on Deleting eSign Transactions")
+		} else {
+			c.String(http.StatusInternalServerError, "Failed on Deleting eSign Transactions")
+		}
+	})
+
 	router.Run(":4320")
 }