Refactor WebConfig and SecurityConfig to enhance routing with /api prefix, disable CSRF and anonymous access; update OpenAPI paths accordingly. Add HomeController for default route handling.

2025-07-31 21:32:55 +02:00 · 2025-07-31 21:32:55 +02:00 · 8a839ac922
parent 3f76a98409
commit 8a839ac922
3 changed files with 44 additions and 29 deletions
--- a/backend/src/main/java/com/alttd/altitudeweb/config/SecurityConfig.java
+++ b/backend/src/main/java/com/alttd/altitudeweb/config/SecurityConfig.java
@ -14,6 +14,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtEncoder;
@ -38,26 +39,29 @@ public class SecurityConfig {
        return http
                .authorizeHttpRequests(
                        auth -> auth
-                                .requestMatchers("/form/**").hasAuthority(PermissionClaimDto.USER.getValue())
-                                .requestMatchers("/head_mod/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
-                                .requestMatchers("/particles/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
-                                .requestMatchers("/files/save/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
+                                .requestMatchers("/api/form/**").hasAuthority(PermissionClaimDto.USER.getValue())
+                                .requestMatchers("/api/head_mod/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
+                                .requestMatchers("/api/particles/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
+                                .requestMatchers("/api/files/save/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
                                .anyRequest().permitAll()
-                                      )
+                )
+                .csrf(AbstractHttpConfigurer::disable)
+                .anonymous(AbstractHttpConfigurer::disable)
                .oauth2ResourceServer(
                        oauth2 -> oauth2
                                .jwt(Customizer.withDefaults())
                                .authenticationEntryPoint(securityAuthFailureHandler)
                                .accessDeniedHandler(securityAuthFailureHandler)
-                                     )
+                )
                .exceptionHandling(
                        ex -> ex
                                .authenticationEntryPoint(securityAuthFailureHandler)
                                .accessDeniedHandler(securityAuthFailureHandler)
-                                  )
+                )
                .sessionManagement(
                        session -> session
-                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
                .build();
    }

--- a/backend/src/main/java/com/alttd/altitudeweb/config/WebConfig.java
+++ b/backend/src/main/java/com/alttd/altitudeweb/config/WebConfig.java
@ -3,6 +3,8 @@ package com.alttd.altitudeweb.config;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.resource.PathResourceResolver;
@ -15,7 +17,7 @@ public class WebConfig implements WebMvcConfigurer {
    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/**")
-                .addResourceLocations("classpath:/static/")
+                .addResourceLocations("classpath:/static/browser")
                .resourceChain(true)
                .addResolver(new PathResourceResolver() {
                    @Override
@ -26,8 +28,17 @@ public class WebConfig implements WebMvcConfigurer {
                            return requestedResource;
                        }

-                        return new ClassPathResource("/static/index.html");
+                        return new ClassPathResource("/static/browser/index.html");
                    }
                });
    }
+
+    @Controller
+    public static class HomeController {
+        @GetMapping("/")
+        public String index() {
+            return "forward:/index.html";
+        }
+    }
+
 }
--- a/open_api/src/main/resources/api.yml
+++ b/open_api/src/main/resources/api.yml
@ -23,41 +23,41 @@ tags:
  - name: particles
    description: All actions related to particles
 paths:
-  /team/{team}:
+  /api/team/{team}:
    $ref: './schemas/team/team.yml#/getTeam'
-  /history/{userType}/search/{type}:
+  /api/history/{userType}/search/{type}:
    $ref: './schemas/bans/bans.yml#/getUserNames'
-  /history/{userType}/name/{type}/{user}/{page}:
+  /api/history/{userType}/name/{type}/{user}/{page}:
    $ref: './schemas/bans/bans.yml#/getHistoryForUsers'
-  /history/{userType}/name/{type}/{page}:
+  /api/history/{userType}/name/{type}/{page}:
    $ref: './schemas/bans/bans.yml#/getHistoryForAll'
-  /history/{userType}/uuid/{type}/{uuid}/{page}:
+  /api/history/{userType}/uuid/{type}/{uuid}/{page}:
    $ref: './schemas/bans/bans.yml#/getHistoryForUuid'
-  /history/{userType}/search-results/uuid/{type}/{uuid}:
+  /api/history/{userType}/search-results/uuid/{type}/{uuid}:
    $ref: './schemas/bans/bans.yml#/getTotalResultsForUuidSearch'
-  /history/{userType}/search-results/user/{type}/{user}:
+  /api/history/{userType}/search-results/user/{type}/{user}:
    $ref: './schemas/bans/bans.yml#/getTotalResultsForUserSearch'
-  /history/single/{type}/{id}:
+  /api/history/single/{type}/{id}:
    $ref: './schemas/bans/bans.yml#/getHistoryById'
-  /history/all/{uuid}:
+  /api/history/all/{uuid}:
    $ref: './schemas/bans/bans.yml#/getAllHistoryForUUID'
-  /history/total:
+  /api/history/total:
    $ref: './schemas/bans/bans.yml#/getTotalPunishments'
-  /appeal/update-mail:
+  /api/appeal/update-mail:
    $ref: './schemas/forms/appeal/appeal.yml#/UpdateMail'
-  /appeal/minecraft-appeal:
+  /api/appeal/minecraft-appeal:
    $ref: './schemas/forms/appeal/appeal.yml#/MinecraftAppeal'
-  /appeal/discord-appeal:
+  /api/appeal/discord-appeal:
    $ref: './schemas/forms/appeal/appeal.yml#/DiscordAppeal'
-  /login/requestNewUserLogin/{uuid}:
+  /api/login/requestNewUserLogin/{uuid}:
    $ref: './schemas/login/login.yml#/RequestNewUserLogin'
-  /login/userLogin/{code}:
+  /api/login/userLogin/{code}:
    $ref: './schemas/login/login.yml#/UserLogin'
-  /files/save/{filename}:
+  /api/files/save/{filename}:
    $ref: './schemas/particles/particles.yml#/SaveFile'
-  /files/save/{uuid}/{filename}:
+  /api/files/save/{uuid}/{filename}:
    $ref: './schemas/particles/particles.yml#/SaveFileForUser'
-  /files/download/{filename}/{secret}:
+  /api/files/download/{filename}/{secret}:
    $ref: './schemas/particles/particles.yml#/DownloadFile'
-  /files/download/{uuid}/{filename}:
+  /api/files/download/{uuid}/{filename}:
    $ref: './schemas/particles/particles.yml#/DownloadFileForUser'