Bug fixing and debugs (#5704)

Co-authored-by: ConnorYoh <40631091+ConnorYoh@users.noreply.github.com>
2026-03-04 02:20:19 +01:00 · 2026-02-11 18:43:29 +00:00
parent 5df466266a
commit f9d2f36ab7
20 changed files with 385 additions and 54 deletions
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/configuration/ee/DynamicLicenseService.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/configuration/ee/DynamicLicenseService.java
@@ -0,0 +1,51 @@
+package stirling.software.proprietary.security.configuration.ee;
+
+import org.springframework.stereotype.Service;
+
+import lombok.RequiredArgsConstructor;
+
+import stirling.software.common.service.LicenseServiceInterface;
+import stirling.software.proprietary.security.configuration.ee.KeygenLicenseVerifier.License;
+
+/**
+ * Service that provides dynamic license checking instead of cached beans. This ensures that when
+ * admins update the license key, the changes are immediately reflected in the UI and config
+ * endpoints without requiring a restart.
+ *
+ * <p>Note: Some components (EnterpriseEndpointAspect, PremiumEndpointAspect, filters) still inject
+ * cached beans at startup for performance. These will require a restart to reflect license changes.
+ * This is acceptable because: 1. Most deployments add licenses during initial setup 2. License
+ * changes in production typically warrant a restart anyway 3. UI reflects changes immediately
+ * (banner disappears, license status updates)
+ */
+@Service
+@RequiredArgsConstructor
+public class DynamicLicenseService implements LicenseServiceInterface {
+
+    private final LicenseKeyChecker licenseKeyChecker;
+
+    /**
+     * Get the current license type dynamically (not cached).
+     *
+     * @return Current license: NORMAL, SERVER, or ENTERPRISE
+     */
+    public License getCurrentLicense() {
+        return licenseKeyChecker.getPremiumLicenseEnabledResult();
+    }
+
+    @Override
+    public boolean isRunningProOrHigher() {
+        License license = getCurrentLicense();
+        return license == License.SERVER || license == License.ENTERPRISE;
+    }
+
+    @Override
+    public boolean isRunningEE() {
+        return getCurrentLicense() == License.ENTERPRISE;
+    }
+
+    @Override
+    public String getLicenseTypeName() {
+        return getCurrentLicense().name();
+    }
+}
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java
@@ -69,27 +69,28 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
        if (!apiKeyExists(request, response)) {
            String jwtToken = jwtService.extractToken(request);

-            if (jwtToken == null) {
-                // Allow auth endpoints to pass through without JWT
-                if (!isPublicAuthEndpoint(requestURI, contextPath)) {
-                    // For API requests, return 401 JSON
-                    String acceptHeader = request.getHeader("Accept");
-                    if (requestURI.startsWith(contextPath + "/api/")
-                            || (acceptHeader != null
-                                    && acceptHeader.contains("application/json"))) {
-                        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-                        response.setContentType("application/json");
-                        response.getWriter().write("{\"error\":\"Authentication required\"}");
-                        return;
-                    }
+            // Check if this is a public endpoint BEFORE validating JWT
+            // This allows public endpoints to work even with expired tokens in the request
+            if (isPublicAuthEndpoint(requestURI, contextPath)) {
+                // For public auth endpoints, skip JWT validation and continue
+                filterChain.doFilter(request, response);
+                return;
+            }

-                    // For HTML requests (SPA routes), let React Router handle it (serve
-                    // index.html)
-                    filterChain.doFilter(request, response);
+            if (jwtToken == null) {
+                // No JWT token and not a public endpoint
+                // For API requests, return 401 JSON
+                String acceptHeader = request.getHeader("Accept");
+                if (requestURI.startsWith(contextPath + "/api/")
+                        || (acceptHeader != null && acceptHeader.contains("application/json"))) {
+                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    response.setContentType("application/json");
+                    response.getWriter().write("{\"error\":\"Authentication required\"}");
                    return;
                }

-                // For public auth endpoints without JWT, continue to the endpoint
+                // For HTML requests (SPA routes), let React Router handle it (serve
+                // index.html)
                filterChain.doFilter(request, response);
                return;
            }