add auth security scheme to api endpoints

Author: devksingh4

src/api/components/index.ts

@@ -32,6 +32,7 @@ export function withRoles<T extends FastifyZodOpenApiSchema>(
   schema: T,
 ): T & RoleSchema {
   return {
+    security: [{ bearerAuth: [] }],
     "x-required-roles": roles,
     description: `Requires one of the following roles: ${roles.join(", ")}.${schema.description ? "\n\n" + schema.description : ""}`,
     ...schema,

src/api/index.ts

@@ -165,6 +165,17 @@ async function init(prettyPrint: boolean = false) {
         },
       ],
       openapi: "3.0.3" satisfies ZodOpenApiVersion, // If this is not specified, it will default to 3.1.0
+      components: {
+        securitySchemes: {
+          bearerAuth: {
+            type: "http",
+            scheme: "bearer",
+            bearerFormat: "JWT",
+            description:
+              "Authorization: Bearer {token}\n\nThis API uses JWT tokens issued by Entra ID (Azure AD) with the Core API audience. Tokens must be included in the Authorization header as a Bearer token for all protected endpoints.",
+          },
+        },
+      },
     },
     transform: fastifyZodOpenApiTransform,
     transformObject: fastifyZodOpenApiTransformObject,