Adjust health response and auth chain ordering

2026-01-26 21:25:17 +05:30
parent 05b8fd409c
commit 398ad93232
2 changed files with 17 additions and 4 deletions
--- a/src/main/kotlin/com/android/trisolarisserver/controller/Health.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/Health.kt
@@ -7,11 +7,11 @@ import org.springframework.web.bind.annotation.RestController
 class Health {
    @GetMapping("/health")
    fun health(): Map<String, String> {
-        return mapOf("status" to "ok Testing Health..")
+        return mapOf("status" to "ok", "build" to "2026-01-26-authfix")
    }

    @GetMapping("/")
    fun root(): Map<String, String> {
-        return mapOf("status" to "Hello World!")
+        return mapOf("status" to "ok", "build" to "2026-01-26-authfix")
    }
 }
--- a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
@@ -2,6 +2,7 @@ package com.android.trisolarisserver.security

 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.core.annotation.Order
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.http.SessionCreationPolicy
@@ -14,12 +15,24 @@ class SecurityConfig(
    private val firebaseAuthFilter: FirebaseAuthFilter
 ) {
    @Bean
-    fun filterChain(http: HttpSecurity): SecurityFilterChain {
+    @Order(0)
+    fun authChain(http: HttpSecurity): SecurityFilterChain {
+        http
+            .securityMatcher("/auth/**", "/", "/health")
+            .csrf { it.disable() }
+            .authorizeHttpRequests { it.anyRequest().permitAll() }
+            .httpBasic { it.disable() }
+            .formLogin { it.disable() }
+        return http.build()
+    }
+
+    @Bean
+    @Order(1)
+    fun apiChain(http: HttpSecurity): SecurityFilterChain {
        http
            .csrf { it.disable() }
            .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
            .authorizeHttpRequests {
-                it.requestMatchers("/", "/health", "/auth/**").permitAll()
                it.anyRequest().authenticated()
            }
            .httpBasic { it.disable() }