Refactor WebConfig and SecurityConfig to enhance routing with /api prefix, disable CSRF and anonymous access; update OpenAPI paths accordingly. Add HomeController for default route handling.

backend/src/main/java/com/alttd/altitudeweb/config/SecurityConfig.java

@@ -14,6 +14,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtEncoder;
@@ -38,26 +39,29 @@ public class SecurityConfig {
         return http
                 .authorizeHttpRequests(
                         auth -> auth
-                                .requestMatchers("/form/**").hasAuthority(PermissionClaimDto.USER.getValue())
+                                .requestMatchers("/api/form/**").hasAuthority(PermissionClaimDto.USER.getValue())
-                                .requestMatchers("/head_mod/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
+                                .requestMatchers("/api/head_mod/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
-                                .requestMatchers("/particles/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
+                                .requestMatchers("/api/particles/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
-                                .requestMatchers("/files/save/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
+                                .requestMatchers("/api/files/save/**").hasAuthority(PermissionClaimDto.HEAD_MOD.getValue())
                                 .anyRequest().permitAll()
-                                      )
+                )
+                .csrf(AbstractHttpConfigurer::disable)
+                .anonymous(AbstractHttpConfigurer::disable)
                 .oauth2ResourceServer(
                         oauth2 -> oauth2
                                 .jwt(Customizer.withDefaults())
                                 .authenticationEntryPoint(securityAuthFailureHandler)
                                 .accessDeniedHandler(securityAuthFailureHandler)
-                                     )
+                )
                 .exceptionHandling(
                         ex -> ex
                                 .authenticationEntryPoint(securityAuthFailureHandler)
                                 .accessDeniedHandler(securityAuthFailureHandler)
-                                  )
+                )
                 .sessionManagement(
                         session -> session
-                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
                 .build();
     }
 

backend/src/main/java/com/alttd/altitudeweb/config/WebConfig.java

@@ -3,6 +3,8 @@ package com.alttd.altitudeweb.config;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.resource.PathResourceResolver;
@@ -15,7 +17,7 @@ public class WebConfig implements WebMvcConfigurer {
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/**")
-                .addResourceLocations("classpath:/static/")
+                .addResourceLocations("classpath:/static/browser")
                 .resourceChain(true)
                 .addResolver(new PathResourceResolver() {
                     @Override
@@ -26,8 +28,17 @@ public class WebConfig implements WebMvcConfigurer {
                             return requestedResource;
                         }
 
-                        return new ClassPathResource("/static/index.html");
+                        return new ClassPathResource("/static/browser/index.html");
                     }
                 });
     }
+
+    @Controller
+    public static class HomeController {
+        @GetMapping("/")
+        public String index() {
+            return "forward:/index.html";
+        }
+    }
+
 }

open_api/src/main/resources/api.yml

@@ -23,41 +23,41 @@ tags:
   - name: particles
     description: All actions related to particles
 paths:
-  /team/{team}:
+  /api/team/{team}:
     $ref: './schemas/team/team.yml#/getTeam'
-  /history/{userType}/search/{type}:
+  /api/history/{userType}/search/{type}:
     $ref: './schemas/bans/bans.yml#/getUserNames'
-  /history/{userType}/name/{type}/{user}/{page}:
+  /api/history/{userType}/name/{type}/{user}/{page}:
     $ref: './schemas/bans/bans.yml#/getHistoryForUsers'
-  /history/{userType}/name/{type}/{page}:
+  /api/history/{userType}/name/{type}/{page}:
     $ref: './schemas/bans/bans.yml#/getHistoryForAll'
-  /history/{userType}/uuid/{type}/{uuid}/{page}:
+  /api/history/{userType}/uuid/{type}/{uuid}/{page}:
     $ref: './schemas/bans/bans.yml#/getHistoryForUuid'
-  /history/{userType}/search-results/uuid/{type}/{uuid}:
+  /api/history/{userType}/search-results/uuid/{type}/{uuid}:
     $ref: './schemas/bans/bans.yml#/getTotalResultsForUuidSearch'
-  /history/{userType}/search-results/user/{type}/{user}:
+  /api/history/{userType}/search-results/user/{type}/{user}:
     $ref: './schemas/bans/bans.yml#/getTotalResultsForUserSearch'
-  /history/single/{type}/{id}:
+  /api/history/single/{type}/{id}:
     $ref: './schemas/bans/bans.yml#/getHistoryById'
-  /history/all/{uuid}:
+  /api/history/all/{uuid}:
     $ref: './schemas/bans/bans.yml#/getAllHistoryForUUID'
-  /history/total:
+  /api/history/total:
     $ref: './schemas/bans/bans.yml#/getTotalPunishments'
-  /appeal/update-mail:
+  /api/appeal/update-mail:
     $ref: './schemas/forms/appeal/appeal.yml#/UpdateMail'
-  /appeal/minecraft-appeal:
+  /api/appeal/minecraft-appeal:
     $ref: './schemas/forms/appeal/appeal.yml#/MinecraftAppeal'
-  /appeal/discord-appeal:
+  /api/appeal/discord-appeal:
     $ref: './schemas/forms/appeal/appeal.yml#/DiscordAppeal'
-  /login/requestNewUserLogin/{uuid}:
+  /api/login/requestNewUserLogin/{uuid}:
     $ref: './schemas/login/login.yml#/RequestNewUserLogin'
-  /login/userLogin/{code}:
+  /api/login/userLogin/{code}:
     $ref: './schemas/login/login.yml#/UserLogin'
-  /files/save/{filename}:
+  /api/files/save/{filename}:
     $ref: './schemas/particles/particles.yml#/SaveFile'
-  /files/save/{uuid}/{filename}:
+  /api/files/save/{uuid}/{filename}:
     $ref: './schemas/particles/particles.yml#/SaveFileForUser'
-  /files/download/{filename}/{secret}:
+  /api/files/download/{filename}/{secret}:
     $ref: './schemas/particles/particles.yml#/DownloadFile'
-  /files/download/{uuid}/{filename}:
+  /api/files/download/{uuid}/{filename}:
     $ref: './schemas/particles/particles.yml#/DownloadFileForUser'