Add a server setting for disabling the API key.

Useful for development if you want to disable API key authentication for
debugging the server without having to pull the generated key out of the
log every time.

game/server/app.py

@@ -1,4 +1,5 @@
 from fastapi import Depends, FastAPI
+from fastapi.middleware.cors import CORSMiddleware
 
 from . import (
     controlpoints,
@@ -10,8 +11,13 @@ from . import (
     waypoints,
 )
 from .security import ApiKeyManager
+from .settings import ServerSettings
 
-app = FastAPI(dependencies=[Depends(ApiKeyManager.verify)])
+dependencies = []
+if ServerSettings.get().require_api_key:
+    dependencies.append(Depends(ApiKeyManager.verify))
+
+app = FastAPI(dependencies=dependencies)
 app.include_router(controlpoints.router)
 app.include_router(debuggeometries.router)
 app.include_router(eventstream.router)
@@ -19,3 +25,12 @@ app.include_router(flights.router)
 app.include_router(mapzones.router)
 app.include_router(navmesh.router)
 app.include_router(waypoints.router)
+
+
+if ServerSettings.get().cors_allow_debug_server:
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=["http://localhost:3000"],
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )

game/server/settings.py

@@ -22,6 +22,12 @@ class ServerSettings(BaseSettings):
     # If you for some reason change the port, you'll need to also update map.js.
     server_port: int = 5000
 
+    # Disable to allow requests to be made to the backend without an API key.
+    require_api_key: bool = True
+
+    # Enable to allow cross-origin requests from http://localhost:3000.
+    cors_allow_debug_server: bool = False
+
     @classmethod
     @lru_cache
     def get(cls) -> ServerSettings: