From 8e82f18b866fb71bba9fc1f4e9d7348262b35b24 Mon Sep 17 00:00:00 2001
From: Ben Allenden <benallenden@protonmail.com>
Date: Tue, 23 Sep 2025 20:50:07 +0100
Subject: [PATCH 1/4] Add spring-boot-starter-actuator dependency

---
 api/build.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/build.gradle b/api/build.gradle
index 5e518122..0ad9924d 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -25,6 +25,7 @@ repositories {
 
 dependencies {
 	implementation 'com.clerk:backend-api:3.1.0'
+	implementation 'org.springframework.boot:spring-boot-starter-actuator'
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
 	implementation 'org.springframework.boot:spring-boot-starter-security'

From 7189acc3a54128f1b9b469eb053e8e504098cd92 Mon Sep 17 00:00:00 2001
From: Ben Allenden <benallenden@protonmail.com>
Date: Tue, 23 Sep 2025 20:50:56 +0100
Subject: [PATCH 2/4] Add SecurityConfig permitAll endpoints /public,
 /actuator/health

---
 .../main/java/com/example/echo_api/config/SecurityConfig.java  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/src/main/java/com/example/echo_api/config/SecurityConfig.java b/api/src/main/java/com/example/echo_api/config/SecurityConfig.java
index 90faf22f..978ae162 100644
--- a/api/src/main/java/com/example/echo_api/config/SecurityConfig.java
+++ b/api/src/main/java/com/example/echo_api/config/SecurityConfig.java
@@ -1,5 +1,6 @@
 package com.example.echo_api.config;
 
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -34,6 +35,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             .sessionManagement(sm -> sm
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(req -> req
+                .requestMatchers("/public/**").permitAll()
+                .requestMatchers(EndpointRequest.to("health")).permitAll()
                 .requestMatchers(HttpMethod.POST, ApiRoutes.CLERK.PERSIST_ALL).permitAll() // dev only
                 .requestMatchers(HttpMethod.DELETE, ApiRoutes.CLERK.SYNC_ALL).permitAll() // dev only
                 .requestMatchers(HttpMethod.POST, ApiRoutes.CLERK.WEBHOOK).permitAll()

From cc751bde319b804769dfb3d4d388e4faed12fd2c Mon Sep 17 00:00:00 2001
From: Ben Allenden <benallenden@protonmail.com>
Date: Wed, 24 Sep 2025 00:36:23 +0100
Subject: [PATCH 3/4] Remove permitAll() for dev-related endpoints

---
 .../main/java/com/example/echo_api/config/SecurityConfig.java | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/api/src/main/java/com/example/echo_api/config/SecurityConfig.java b/api/src/main/java/com/example/echo_api/config/SecurityConfig.java
index 978ae162..53df906b 100644
--- a/api/src/main/java/com/example/echo_api/config/SecurityConfig.java
+++ b/api/src/main/java/com/example/echo_api/config/SecurityConfig.java
@@ -37,8 +37,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             .authorizeHttpRequests(req -> req
                 .requestMatchers("/public/**").permitAll()
                 .requestMatchers(EndpointRequest.to("health")).permitAll()
-                .requestMatchers(HttpMethod.POST, ApiRoutes.CLERK.PERSIST_ALL).permitAll() // dev only
-                .requestMatchers(HttpMethod.DELETE, ApiRoutes.CLERK.SYNC_ALL).permitAll() // dev only
                 .requestMatchers(HttpMethod.POST, ApiRoutes.CLERK.WEBHOOK).permitAll()
                 .anyRequest().authenticated())
             .oauth2ResourceServer(oauth -> oauth
@@ -50,4 +48,4 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         return http.build();
     }
 
-}
\ No newline at end of file
+}

From f38e39d847b91455ea9f6484f604f796d67ce45a Mon Sep 17 00:00:00 2001
From: Ben Allenden <benallenden@protonmail.com>
Date: Wed, 24 Sep 2025 00:36:38 +0100
Subject: [PATCH 4/4] Add fallback port to application-prod config

---
 api/src/main/resources/application-prod.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/resources/application-prod.yml b/api/src/main/resources/application-prod.yml
index 9a4e6956..36e35d78 100644
--- a/api/src/main/resources/application-prod.yml
+++ b/api/src/main/resources/application-prod.yml
@@ -1,5 +1,5 @@
 server:
-    port: ${PORT}
+    port: ${PORT:8080}
 
 spring:
     security: