From af3a150df38f2c51307d2c4a171e932c8d72be9a Mon Sep 17 00:00:00 2001 From: Sheikah45 Date: Sat, 13 Jun 2026 21:18:05 -0400 Subject: [PATCH] Expose actuator to anonymous for health and readiness checks --- .../java/com/faforever/api/config/FafApiProperties.java | 6 +----- .../faforever/api/config/security/MethodSecurityConfig.java | 6 ++++++ src/main/java/com/faforever/api/security/ElideUser.java | 2 +- src/main/resources/config/application-local.yml | 5 +++-- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/faforever/api/config/FafApiProperties.java b/src/main/java/com/faforever/api/config/FafApiProperties.java index 319aa80bc..22ad0ab44 100644 --- a/src/main/java/com/faforever/api/config/FafApiProperties.java +++ b/src/main/java/com/faforever/api/config/FafApiProperties.java @@ -16,6 +16,7 @@ public class FafApiProperties { * The API version. */ private String version; + private boolean allowAnonymous; private Jwt jwt = new Jwt(); private OAuth2 oAuth2 = new OAuth2(); private Async async = new Async(); @@ -258,11 +259,6 @@ public static class Smtp { private String password; } - @Data - public static class Anope { - private String databaseName; - } - @Data public static class Rating { private int defaultMean; diff --git a/src/main/java/com/faforever/api/config/security/MethodSecurityConfig.java b/src/main/java/com/faforever/api/config/security/MethodSecurityConfig.java index 00516c6fa..2aba4d8fb 100644 --- a/src/main/java/com/faforever/api/config/security/MethodSecurityConfig.java +++ b/src/main/java/com/faforever/api/config/security/MethodSecurityConfig.java @@ -1,12 +1,18 @@ package com.faforever.api.config.security; import com.faforever.api.security.method.CustomMethodSecurityExpressionHandler; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; @Configuration +@ConditionalOnProperty( + value = "faf-api.allow-anonymous", + havingValue = "false", + matchIfMissing = true +) @EnableMethodSecurity(securedEnabled = true) public class MethodSecurityConfig { @Bean diff --git a/src/main/java/com/faforever/api/security/ElideUser.java b/src/main/java/com/faforever/api/security/ElideUser.java index a758e90d2..f273e7fb7 100644 --- a/src/main/java/com/faforever/api/security/ElideUser.java +++ b/src/main/java/com/faforever/api/security/ElideUser.java @@ -24,7 +24,7 @@ public String getName() { @Override public boolean isInRole(String role) { - return fafAuthentication.hasRole(role); + return fafAuthentication != null && fafAuthentication.hasRole(role); } public Optional getFafUserId() { diff --git a/src/main/resources/config/application-local.yml b/src/main/resources/config/application-local.yml index 947c66423..7f81df781 100644 --- a/src/main/resources/config/application-local.yml +++ b/src/main/resources/config/application-local.yml @@ -1,4 +1,5 @@ faf-api: + allow-anonymous: true jwt: secretKeyPath: ${JWT_PRIVATE_KEY_PATH:test-pki-private.key} publicKeyPath: ${JWT_PUBLIC_KEY_PATH:test-pki-public.key} @@ -86,8 +87,8 @@ spring: oauth2: resourceserver: jwt: - jwk-set-uri: https://hydra.faforever.com/.well-known/jwks.json - issuer-uri: https://hydra.faforever.com/ + jwk-set-uri: http://hydra.faforever.localhost/.well-known/jwks.json + issuer-uri: http://ory-hydra:4444/ logging: level: com.faforever.api: debug