From dc4159b308ec1a331c88e949e2b3b3388d05ac24 Mon Sep 17 00:00:00 2001
From: Tim <135014430+nagisa77@users.noreply.github.com>
Date: Wed, 30 Jul 2025 20:32:36 +0800
Subject: [PATCH 1/2] fix: allow public access to sitemap

---
 src/main/java/com/openisle/config/SecurityConfig.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/openisle/config/SecurityConfig.java b/src/main/java/com/openisle/config/SecurityConfig.java
index e93419ca2..13369ad61 100644
--- a/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/src/main/java/com/openisle/config/SecurityConfig.java
@@ -111,6 +111,7 @@ public class SecurityConfig {
                     .requestMatchers(HttpMethod.GET, "/api/push/public-key").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/reaction-types").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/activities/**").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/sitemap.xml").permitAll()
                     .requestMatchers(HttpMethod.POST, "/api/categories/**").hasAuthority("ADMIN")
                     .requestMatchers(HttpMethod.POST, "/api/tags/**").authenticated()
                     .requestMatchers(HttpMethod.DELETE, "/api/categories/**").hasAuthority("ADMIN")
@@ -141,7 +142,8 @@ public class SecurityConfig {
                          uri.startsWith("/api/categories") || uri.startsWith("/api/tags") ||
                         uri.startsWith("/api/search") || uri.startsWith("/api/users") ||
                          uri.startsWith("/api/reaction-types") || uri.startsWith("/api/config") ||
-                         uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key"));
+                         uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key") ||
+                         uri.startsWith("/sitemap.xml"));
 
                 if (authHeader != null && authHeader.startsWith("Bearer ")) {
                     String token = authHeader.substring(7);

From cb5411c0916659f33b8be4802514ab453ed238b0 Mon Sep 17 00:00:00 2001
From: Tim <nagisa12164@163.com>
Date: Wed, 30 Jul 2025 20:44:30 +0800
Subject: [PATCH 2/2] feat: make a sitemap api

---
 src/main/java/com/openisle/config/SecurityConfig.java        | 4 ++--
 src/main/java/com/openisle/controller/SitemapController.java | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/openisle/config/SecurityConfig.java b/src/main/java/com/openisle/config/SecurityConfig.java
index 13369ad61..1341ecab7 100644
--- a/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/src/main/java/com/openisle/config/SecurityConfig.java
@@ -111,7 +111,7 @@ public class SecurityConfig {
                     .requestMatchers(HttpMethod.GET, "/api/push/public-key").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/reaction-types").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/activities/**").permitAll()
-                    .requestMatchers(HttpMethod.GET, "/sitemap.xml").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/sitemap.xml").permitAll()
                     .requestMatchers(HttpMethod.POST, "/api/categories/**").hasAuthority("ADMIN")
                     .requestMatchers(HttpMethod.POST, "/api/tags/**").authenticated()
                     .requestMatchers(HttpMethod.DELETE, "/api/categories/**").hasAuthority("ADMIN")
@@ -143,7 +143,7 @@ public class SecurityConfig {
                         uri.startsWith("/api/search") || uri.startsWith("/api/users") ||
                          uri.startsWith("/api/reaction-types") || uri.startsWith("/api/config") ||
                          uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key") ||
-                         uri.startsWith("/sitemap.xml"));
+                         uri.startsWith("/api/sitemap.xml"));
 
                 if (authHeader != null && authHeader.startsWith("Bearer ")) {
                     String token = authHeader.substring(7);
diff --git a/src/main/java/com/openisle/controller/SitemapController.java b/src/main/java/com/openisle/controller/SitemapController.java
index 32c316e3e..969458882 100644
--- a/src/main/java/com/openisle/controller/SitemapController.java
+++ b/src/main/java/com/openisle/controller/SitemapController.java
@@ -8,6 +8,7 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
@@ -17,6 +18,7 @@ import java.util.List;
  */
 @RestController
 @RequiredArgsConstructor
+@RequestMapping("/api")
 public class SitemapController {
     private final PostRepository postRepository;