From 343e69659661d35917ea1e9e15916d8bdebc7932 Mon Sep 17 00:00:00 2001
From: Shashank Verma <shashank.verma2002@gmail.com>
Date: Thu, 28 Sep 2023 10:43:15 +0530
Subject: [PATCH] web: SecurityConfig: Whitelist paths do not require
 authHeader or session

Signed-off-by: Shashank Verma <shashank.verma2002@gmail.com>
---
 .../mnnit/moticlubs/web/security/SecurityConfig.kt    | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/main/kotlin/com/mnnit/moticlubs/web/security/SecurityConfig.kt b/src/main/kotlin/com/mnnit/moticlubs/web/security/SecurityConfig.kt
index 010c8ed..3765608 100644
--- a/src/main/kotlin/com/mnnit/moticlubs/web/security/SecurityConfig.kt
+++ b/src/main/kotlin/com/mnnit/moticlubs/web/security/SecurityConfig.kt
@@ -108,6 +108,13 @@ class SecurityConfig(
 
             val reqPath = exchange.request.path.value()
 
+            if (AUTH_WHITELIST_PATH
+                    .map { "$contextPath$it" }
+                    .any { reqPath.startsWith(it) }
+            ) {
+                return@setServerAuthenticationConverter Mono.empty()
+            }
+
             LOGGER.info("attempt path: ${exchange.request.method.name()} ${exchange.request.path.value()}")
             val authHeader = exchange.request.headers[HttpHeaders.AUTHORIZATION]
                 ?.first()
@@ -118,10 +125,6 @@ class SecurityConfig(
                 val validSession = session.isStarted && !session.isExpired
 
                 authHeader ?: return@flatMap when {
-                    AUTH_WHITELIST_PATH
-                        .map { "$contextPath$it" }
-                        .any { reqPath.startsWith(it) } -> Mono.empty()
-
                     reqPath.startsWith("$contextPath/$BASE_PATH") -> if (validSession) {
                         Mono.empty()
                     } else {