From 29c6a757511eef115e7aea37768ead775234e896 Mon Sep 17 00:00:00 2001
From: Swordsteel <swordsteel@gmail.com>
Date: Thu, 31 Jul 2025 23:04:36 +0200
Subject: [PATCH] extract paths from SecurityConfiguration to authorize

---
 .../configuration/SecurityConfiguration.kt    | 41 ++++++++-----------
 .../hlaeja/security/authorize/AdminPaths.kt   |  8 ++++
 .../hlaeja/security/authorize/PublicPaths.kt  | 14 +++++++
 3 files changed, 40 insertions(+), 23 deletions(-)
 create mode 100644 src/main/kotlin/ltd/hlaeja/security/authorize/AdminPaths.kt
 create mode 100644 src/main/kotlin/ltd/hlaeja/security/authorize/PublicPaths.kt

diff --git a/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt b/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt
index 71a6bc5..7fe0cba 100644
--- a/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt
+++ b/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt
@@ -1,5 +1,7 @@
 package ltd.hlaeja.configuration
 
+import ltd.hlaeja.security.authorize.adminPaths
+import ltd.hlaeja.security.authorize.publicPaths
 import ltd.hlaeja.security.handler.CsrfAccessDeniedHandler
 import ltd.hlaeja.security.handler.UserAccessDeniedHandler
 import org.springframework.context.annotation.Bean
@@ -16,7 +18,9 @@ import org.springframework.security.web.server.SecurityWebFilterChain
 class SecurityConfiguration {
 
     @Bean
-    fun securityWebFilterChain(serverHttpSecurity: ServerHttpSecurity): SecurityWebFilterChain = serverHttpSecurity
+    fun securityWebFilterChain(
+        serverHttpSecurity: ServerHttpSecurity,
+    ): SecurityWebFilterChain = serverHttpSecurity
         .csrf { it.accessDeniedHandler(CsrfAccessDeniedHandler()) }
         .exceptionHandling { it.accessDeniedHandler(UserAccessDeniedHandler()) }
         .authorizeExchange(::authorizeExchange)
@@ -24,32 +28,23 @@ class SecurityConfiguration {
         .logout(::logout)
         .build()
 
-    private fun logout(logout: ServerHttpSecurity.LogoutSpec) = logout.logoutUrl("/logout")
+    private fun authorizeExchange(
+        authorizeExchange: AuthorizeExchangeSpec,
+    ) = authorizeExchange
+        .publicPaths().permitAll()
+        .adminPaths().hasRole("ADMIN")
+        .anyExchange().authenticated()
+
+    private fun logout(
+        logout: ServerHttpSecurity.LogoutSpec,
+    ) = logout.logoutUrl("/logout")
         .logoutSuccessHandler { webFilter, _ ->
             webFilter.exchange.response.headers.add("Location", "/logout")
             webFilter.exchange.response.statusCode = FOUND
             webFilter.exchange.response.setComplete()
         }
 
-    private fun formLogin(login: FormLoginSpec) = login.loginPage("/login")
-
-    private fun authorizeExchange(authorizeExchange: AuthorizeExchangeSpec) = authorizeExchange
-        .publicPaths().permitAll()
-        .adminPaths().hasRole("ADMIN")
-        .anyExchange().authenticated()
-
-    private fun AuthorizeExchangeSpec.adminPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
-        "/account/**",
-        "/type/**",
-    )
-
-    private fun AuthorizeExchangeSpec.publicPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
-        "/css/**",
-        "/js/**",
-        "/img/**",
-        "/actuator/**",
-        "/login",
-        "/logout",
-        "/",
-    )
+    private fun formLogin(
+        login: FormLoginSpec,
+    ) = login.loginPage("/login")
 }
diff --git a/src/main/kotlin/ltd/hlaeja/security/authorize/AdminPaths.kt b/src/main/kotlin/ltd/hlaeja/security/authorize/AdminPaths.kt
new file mode 100644
index 0000000..fbc23b6
--- /dev/null
+++ b/src/main/kotlin/ltd/hlaeja/security/authorize/AdminPaths.kt
@@ -0,0 +1,8 @@
+package ltd.hlaeja.security.authorize
+
+import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
+
+fun AuthorizeExchangeSpec.adminPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
+    "/account/**",
+    "/type/**",
+)
diff --git a/src/main/kotlin/ltd/hlaeja/security/authorize/PublicPaths.kt b/src/main/kotlin/ltd/hlaeja/security/authorize/PublicPaths.kt
new file mode 100644
index 0000000..137d119
--- /dev/null
+++ b/src/main/kotlin/ltd/hlaeja/security/authorize/PublicPaths.kt
@@ -0,0 +1,14 @@
+package ltd.hlaeja.security.authorize
+
+import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
+
+fun AuthorizeExchangeSpec.publicPaths(): AuthorizeExchangeSpec.Access = pathMatchers(
+    "/favicon.ico",
+    "/actuator/**",
+    "/css/**",
+    "/img/**",
+    "/js/**",
+    "/logout",
+    "/login",
+    "/",
+)