Add a server setting for disabling the API key.

Useful for development if you want to disable API key authentication for
debugging the server without having to pull the generated key out of the
log every time.

game/server/app.py

@@ -1,4 +1,5 @@
 from fastapi import Depends, FastAPI
+from fastapi.middleware.cors import CORSMiddleware
 
 from . import (
     controlpoints,
@@ -10,8 +11,13 @@ from . import (
     waypoints,
 )
 from .security import ApiKeyManager
+from .settings import ServerSettings
 
-app = FastAPI(dependencies=[Depends(ApiKeyManager.verify)])
+dependencies = []
+if ServerSettings.get().require_api_key:
+    dependencies.append(Depends(ApiKeyManager.verify))
+
+app = FastAPI(dependencies=dependencies)
 app.include_router(controlpoints.router)
 app.include_router(debuggeometries.router)
 app.include_router(eventstream.router)
@@ -19,3 +25,12 @@ app.include_router(flights.router)
 app.include_router(mapzones.router)
 app.include_router(navmesh.router)
 app.include_router(waypoints.router)
+
+
+if ServerSettings.get().cors_allow_debug_server:
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=["http://localhost:3000"],
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )