From 489ad44b9f53c92df9f0f7b0da935489041acfc1 Mon Sep 17 00:00:00 2001
From: Michael Panzlaff <michael.panzlaff@fau.de>
Date: Thu, 15 Jan 2026 15:58:14 +0100
Subject: [PATCH] Make apiAllowedIPs optional

If our test and production instance just use *, one might as well make
that the default value. This should ease configuration for minimal
setups.
---
 internal/auth/auth.go     | 4 ++--
 internal/config/schema.go | 7 +++----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 41691d00..cd89369c 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -616,9 +616,9 @@ func securedCheck(user *schema.User, r *http.Request) error {
 	}
 	// If SplitHostPort fails, IPAddress is already just a host (no port)
 
-	// If nothing declared in config: deny all request to this api endpoint
+	// If nothing declared in config: Continue
 	if len(config.Keys.APIAllowedIPs) == 0 {
-		return fmt.Errorf("missing configuration key ApiAllowedIPs")
+		return nil
 	}
 	// If wildcard declared in config: Continue
 	if config.Keys.APIAllowedIPs[0] == "*" {
diff --git a/internal/config/schema.go b/internal/config/schema.go
index 2d068140..39c7a63c 100644
--- a/internal/config/schema.go
+++ b/internal/config/schema.go
@@ -6,7 +6,7 @@
 package config
 
 var configSchema = `
-	{
+{
   "type": "object",
   "properties": {
     "addr": {
@@ -135,6 +135,5 @@ var configSchema = `
       },
       "required": ["subjectJobEvent", "subjectNodeState"]
     }
-	},
-  "required": ["apiAllowedIPs"]
-	}`
+  }
+}`