Refactoring

src/main/resources/application.properties

@@ -52,7 +52,7 @@ quarkus.http.auth.proactive=false
 # Sécurité HTTP - Permissions par chemin
 # ====================================================================
 # Endpoints publics (sans authentification requise)
-quarkus.http.auth.permission.public.paths=/afterwork/users/register,/afterwork/users/authenticate,/afterwork/users/forgot-password,/afterwork/users/reset-password,/afterwork/q/*,/afterwork/openapi,/afterwork/webhooks/*,/q/*
+quarkus.http.auth.permission.public.paths=/afterwork/users/register,/afterwork/users/authenticate,/afterwork/users/forgot-password,/afterwork/users/reset-password,/afterwork/q/*,/afterwork/openapi,/afterwork/webhooks/*,/afterwork/media/files/*,/q/*
 quarkus.http.auth.permission.public.policy=permit
 
 # Endpoints admin (SUPER_ADMIN ou ADMIN requis)