From 4b7651b6f07613217991de532de78db8dd811538 Mon Sep 17 00:00:00 2001
From: Tim <135014430+nagisa77@users.noreply.github.com>
Date: Tue, 1 Jul 2025 21:42:50 +0800
Subject: [PATCH] Allow public search endpoints

---
 src/main/java/com/openisle/config/SecurityConfig.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/openisle/config/SecurityConfig.java b/src/main/java/com/openisle/config/SecurityConfig.java
index 33b0c1dee..d91b553c8 100644
--- a/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/src/main/java/com/openisle/config/SecurityConfig.java
@@ -69,6 +69,7 @@ public class SecurityConfig {
                     .requestMatchers(HttpMethod.GET, "/api/posts/**").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/comments/**").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/categories/**").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/search/**").permitAll()
                     .requestMatchers(HttpMethod.POST, "/api/categories/**").hasAuthority("ADMIN")
                     .requestMatchers(HttpMethod.DELETE, "/api/categories/**").hasAuthority("ADMIN")
                     .requestMatchers("/api/admin/**").hasAuthority("ADMIN")
@@ -87,7 +88,8 @@ public class SecurityConfig {
                 String uri = request.getRequestURI();
 
                 boolean publicGet = "GET".equalsIgnoreCase(request.getMethod()) &&
-                        (uri.startsWith("/api/posts") || uri.startsWith("/api/comments") || uri.startsWith("/api/categories"));
+                        (uri.startsWith("/api/posts") || uri.startsWith("/api/comments") ||
+                         uri.startsWith("/api/categories") || uri.startsWith("/api/search"));
 
                 if (authHeader != null && authHeader.startsWith("Bearer ")) {
                     String token = authHeader.substring(7);