From f2f855bc708c63da8776df8121bb423062947d5a Mon Sep 17 00:00:00 2001
From: Vincent Guillet <vincent.guillet@outlook.com>
Date: Tue, 14 Oct 2025 14:50:26 +0200
Subject: [PATCH] secure /api/brands/** endpoint and update CORS configuration

---
 .../main/java/fr/gameovergne/api/config/SecurityConfig.java    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java b/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
index ef90cd8..ba2be6d 100644
--- a/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
+++ b/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
@@ -40,6 +40,7 @@ public class SecurityConfig {
                 .authorizeHttpRequests(authz -> authz
                         .requestMatchers("/api/auth/**").permitAll()
                         .requestMatchers("/api/users/**").authenticated()
+                        .requestMatchers("/api/brands/**").authenticated()
                         .anyRequest().permitAll()
                 )
 
@@ -58,7 +59,7 @@ public class SecurityConfig {
             @Override
             public void addCorsMappings(CorsRegistry registry) {
                 registry.addMapping("/**")
-                        .allowedOrigins("http://localhost:4200", "http://127.0.0.1:4200") // Ton front
+                        .allowedOrigins("http://localhost:4200", "http://127.0.0.1:4200")
                         .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
                         .allowedHeaders("*")
                         .allowCredentials(true);