Extract backend runtime configuration

backend/config/cors.js

@@ -0,0 +1,13 @@
+const cors = require('cors');
+
+const createCorsMiddleware = ({ allowedOrigins, isProduction }) => cors({
+  origin: (origin, callback) => {
+    if (!origin || !isProduction || allowedOrigins.includes(origin)) {
+      return callback(null, true);
+    }
+    return callback(new Error('Origem não permitida pelo CORS.'));
+  },
+  credentials: true
+});
+
+module.exports = { createCorsMiddleware };

backend/config/runtime.js

@@ -0,0 +1,50 @@
+const { stripEnvQuotes } = require('../utils/security');
+
+const isProduction = process.env.NODE_ENV === 'production';
+const port = process.env.PORT || 3001;
+const jwtSecret = process.env.JWT_SECRET || (isProduction ? null : 'fasto_dev_secret_change_me');
+
+if (!jwtSecret) {
+  throw new Error('JWT_SECRET is required in production.');
+}
+
+const allowedOrigins = (process.env.CORS_ORIGIN || '')
+  .split(',')
+  .map(origin => origin.trim())
+  .filter(Boolean);
+
+const smtp = {
+  host: process.env.SMTP_HOST || 'mail.blyzer.com.br',
+  port: parseInt(process.env.SMTP_PORT, 10) || 587,
+  user: stripEnvQuotes(process.env.SMTP_USER || 'nao-responda@blyzer.com.br'),
+  pass: stripEnvQuotes(process.env.SMTP_PASS || ''),
+  debug: process.env.SMTP_DEBUG === 'true',
+};
+
+const getBaseUrl = (req) => {
+  if (process.env.APP_URL) return process.env.APP_URL;
+
+  const host = req ? (req.get('host') || 'localhost:3001') : 'localhost:3001';
+  const protocol = (req && (req.protocol === 'https' || req.get('x-forwarded-proto') === 'https')) ? 'https' : 'http';
+
+  if (isProduction && !host.includes('localhost')) {
+    return `https://${host}`;
+  }
+  return `${protocol}://${host}`;
+};
+
+const getStartupBaseUrl = () => {
+  if (process.env.APP_URL) return process.env.APP_URL;
+  if (isProduction) return 'https://fasto.blyzer.com.br';
+  return 'http://localhost:3001';
+};
+
+module.exports = {
+  allowedOrigins,
+  getBaseUrl,
+  getStartupBaseUrl,
+  isProduction,
+  jwtSecret,
+  port,
+  smtp,
+};