Add OAuth2 security configuration to Swagger UI and clean up unused redirects

- Configure OpenAPI with OAuth2 authorization code flow and required scopes
- Add security scheme and requirements for API documentation
- Remove unused swagger redirect methods from HomeController
- Comment out swagger endpoint permissions in SecurityConfig

src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java

@@ -1,6 +1,8 @@
 package com.hithomelabs.CFTunnels.Config;
 
+import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.security.*;
 import io.swagger.v3.oas.models.servers.Server;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -16,13 +18,37 @@ public class OpenApiConfig {
     @Value("${api.baseUrl}")
     private String baseUrl;
 
+    @Value("${springdoc.swagger-ui.oauth.authorization-url}")
+    private String authorizationUri;
+
+    @Value("${springdoc.swagger-ui.oauth.token-url}")
+    private String tokenUri;
+
     @Bean
-    public OpenAPI openAPI(){
+    public OpenAPI openAPI() {
         Server httpsServer = new Server().url(baseUrl);
         OpenAPI openApi = new OpenAPI();
         ArrayList<Server> servers = new ArrayList<>();
         servers.add(httpsServer);
         openApi.setServers(servers);
+        openApi.addSecurityItem(new SecurityRequirement().addList("oidcAuth"))
+                .components(new Components()
+                        .addSecuritySchemes("oidcAuth",
+                                new SecurityScheme()
+                                        .type(SecurityScheme.Type.OAUTH2)
+                                        .flows(new OAuthFlows()
+                                                .authorizationCode(new OAuthFlow()
+                                                        .authorizationUrl(authorizationUri)
+                                                        .tokenUrl(tokenUri)
+                                                        .scopes(new Scopes()
+                                                                .addString("openid", "OpenID scope")
+                                                                .addString("profile", "OpenID profile")
+                                                                .addString("email", "OpenID email"))
+                                                )
+                                        )
+                        )
+                )
+                .addSecurityItem(new SecurityRequirement().addList("oidcAuth"));
         return openApi;
     }
 }

src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java

@@ -28,6 +28,7 @@ public class SecuirtyConfig {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
                 .authorizeHttpRequests(auth -> auth
+                        //.requestMatchers( "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html" ).permitAll()
                         .anyRequest().authenticated()
                 ).csrf(csrf -> csrf.disable())
                 .with(new OAuth2LoginConfigurer<>(),

src/main/java/com/hithomelabs/CFTunnels/Controllers/HomeController.java

@@ -11,22 +11,6 @@ public class HomeController implements ErrorController {
 
     private static final String ERROR_PATH = "/error";
 
-    /**
+    
-     * Redirects the root (including any query params like ?continue=…)
-     * straight into Swagger UI.
-     */
-    @GetMapping("/")
-    public String rootRedirect() {
-        return "redirect:/swagger-ui/index.html";
-    }
-
-    /**
-     * Catches any errors (404s, unhandled paths) and punts them
-     * into the same Swagger UI page.
-     */
-    @RequestMapping(ERROR_PATH)
-    public String onError() {
-        return "redirect:/swagger-ui/index.html";
-    }
 
 }