From c823e5de0edbca5a45094f6e6cf994da11ef8599 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sindre=20Dahl=20L=C3=B8ken?= <sindre.loken@nav.no>
Date: Fri, 9 Aug 2024 12:08:50 +0200
Subject: [PATCH] =?UTF-8?q?public=20paths=20p=C3=A5=20kodeverk?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/src/proxy/api-proxy.ts | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/server/src/proxy/api-proxy.ts b/server/src/proxy/api-proxy.ts
index fb9b9ecd9..f8f40145e 100644
--- a/server/src/proxy/api-proxy.ts
+++ b/server/src/proxy/api-proxy.ts
@@ -5,6 +5,12 @@ import { createProxyMiddleware } from 'http-proxy-middleware';
 import { ParsedQs } from 'qs';
 import { requestOboToken } from '../auth';
 
+const publicPaths = [
+    '/tiltaksgjennomforing/api/kodeverk',
+    '/tiltaksgjennomforing/api/kodeverk/statuser',
+    '/tiltaksgjennomforing/api/kodeverk/tiltakstyper',
+];
+
 const tokenxSetup = (app: Express): void => {
     console.log('api-proxy setup for tokenx');
     setup(app, process.env.API_AUDIENCE!);
@@ -22,10 +28,7 @@ const setup = (app: Express, audience: string) => {
 
     app.use('/tiltaksgjennomforing/api', (req, res, next) => {
         console.log('apiProxy /tiltaksgjennomforing/api');
-        if (req.path === '/tiltaksgjennomforing/api/kodeverk') {
-            next();
-        }
-        if (!req.headers['authorization']) {
+        if (!req.headers['authorization'] && !publicPaths.includes(req.path)) {
             res.status(401).send();
         } else {
             next();