Allow github webhook

[Sheikah45]

Summary by CodeRabbit

• Bug Fixes
  • Expanded public access to include the GitHub webhook endpoint, helping external webhook requests reach the app without authentication issues.
  • Improved security configuration handling by simplifying the authorization setup.

[coderabbitai]

📝 Walkthrough

Walkthrough

WebSecurityConfig no longer declares a checked exception on securityFilterChain, and the security rules now allow unauthenticated access to /gitHub/webhook in addition to /users/linkToSteam/**.

Changes

Security filter chain update

Layer / File(s)	Summary
Signature and public endpoints src/main/java/com/faforever/api/config/security/WebSecurityConfig.java	securityFilterChain drops throws Exception, and the permit-all matcher list adds /gitHub/webhook alongside /users/linkToSteam/**.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A bunny hopped through security’s gate,
With webhook paths now open—great! 🐇
No extra throws, just cleaner springs,
And public access for tiny things.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title matches the main change: adding public access for the GitHub webhook endpoint.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bugfix/allow-giithub-webhook

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/main/java/com/faforever/api/config/security/WebSecurityConfig.java`:
- Line 27: The SecurityFilterChain factory method currently calls
HttpSecurity.build() without declaring a checked exception, so verify the Spring
Security 7 contract first; if build() still throws Exception, update
securityFilterChain to propagate or handle it so the method compiles cleanly.
Use the securityFilterChain method and the http.build() call as the places to
adjust, keeping the signature aligned with the actual
SecurityBuilder/HttpSecurity API in Spring Boot 4.0.6 / Spring Security 7.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8b1c771d-61c4-4dbe-8403-125d45d88be9

📥 Commits

Reviewing files that changed from the base of the PR and between 9e436a8 and 9669761.

📒 Files selected for processing (1)

• src/main/java/com/faforever/api/config/security/WebSecurityConfig.java

[Brutus5000]

How did it even work before!?

[Sheikah45]

Before we didn't have the any request().authenticated() matcher so I think it just defaulter open.