diff --git a/out/openapi.json b/out/openapi.json index 2b39a4fb33..efb1bda4f6 100644 --- a/out/openapi.json +++ b/out/openapi.json @@ -237,7 +237,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] } }, "/actors/{actor_id}": { @@ -277,7 +282,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] } }, "/datacenters": { @@ -297,7 +307,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] } }, "/namespaces": { @@ -352,7 +367,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] }, "post": { "tags": [ @@ -380,7 +400,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] } }, "/runner-configs": { @@ -443,7 +468,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] } }, "/runner-configs/{runner_name}": { @@ -491,7 +521,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] }, "delete": { "tags": [ @@ -527,7 +562,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] } }, "/runners": { @@ -598,7 +638,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] } }, "/runners/names": { @@ -647,7 +692,12 @@ } } } - } + }, + "security": [ + { + "bearer_auth": [] + } + ] } } }, @@ -1302,6 +1352,17 @@ }, "additionalProperties": false } + }, + "securitySchemes": { + "bearer_auth": { + "type": "http", + "scheme": "bearer" + } + } + }, + "security": [ + { + "bearer_auth": [] } - } + ] } \ No newline at end of file diff --git a/packages/core/api-public/src/actors/delete.rs b/packages/core/api-public/src/actors/delete.rs index 922a14caf0..3bba8d2c09 100644 --- a/packages/core/api-public/src/actors/delete.rs +++ b/packages/core/api-public/src/actors/delete.rs @@ -45,6 +45,7 @@ pub struct DeleteResponse {} responses( (status = 200, body = DeleteResponse), ), + security(("bearer_auth" = [])), )] pub async fn delete( Extension(ctx): Extension, diff --git a/packages/core/api-public/src/actors/list_names.rs b/packages/core/api-public/src/actors/list_names.rs index 15342d9e82..440acbdb87 100644 --- a/packages/core/api-public/src/actors/list_names.rs +++ b/packages/core/api-public/src/actors/list_names.rs @@ -24,6 +24,7 @@ use crate::ctx::ApiCtx; responses( (status = 200, body = ListNamesResponse), ), + security(("bearer_auth" = [])), )] pub async fn list_names( Extension(ctx): Extension, diff --git a/packages/core/api-public/src/datacenters.rs b/packages/core/api-public/src/datacenters.rs index d8a1f9544b..5c70c78cec 100644 --- a/packages/core/api-public/src/datacenters.rs +++ b/packages/core/api-public/src/datacenters.rs @@ -16,6 +16,7 @@ use crate::ctx::ApiCtx; responses( (status = 200, body = ListResponse), ), + security(("bearer_auth" = [])), )] pub async fn list(Extension(ctx): Extension) -> Response { match list_inner(ctx).await { diff --git a/packages/core/api-public/src/namespaces.rs b/packages/core/api-public/src/namespaces.rs index 367621e4e2..7ade087ca7 100644 --- a/packages/core/api-public/src/namespaces.rs +++ b/packages/core/api-public/src/namespaces.rs @@ -19,6 +19,7 @@ use crate::ctx::ApiCtx; responses( (status = 200, body = ListResponse), ), + security(("bearer_auth" = [])), )] pub async fn list( Extension(ctx): Extension, @@ -59,6 +60,7 @@ async fn list_inner(ctx: ApiCtx, headers: HeaderMap, query: ListQuery) -> Result responses( (status = 200, body = CreateResponse), ), + security(("bearer_auth" = [])), )] pub async fn create( Extension(ctx): Extension, diff --git a/packages/core/api-public/src/router.rs b/packages/core/api-public/src/router.rs index a59de53cb7..fb009de915 100644 --- a/packages/core/api-public/src/router.rs +++ b/packages/core/api-public/src/router.rs @@ -10,22 +10,28 @@ use utoipa::OpenApi; use crate::{actors, ctx, datacenters, namespaces, runner_configs, runners, ui}; #[derive(OpenApi)] -#[openapi(paths( - actors::list::list, - actors::create::create, - actors::delete::delete, - actors::list_names::list_names, - actors::get_or_create::get_or_create, - runners::list, - runners::list_names, - namespaces::list, - namespaces::create, - runner_configs::list, - runner_configs::upsert, - runner_configs::delete, - datacenters::list, -))] -#[openapi(components(schemas(namespace::keys::RunnerConfigVariant)))] +#[openapi( + paths( + actors::list::list, + actors::create::create, + actors::delete::delete, + actors::list_names::list_names, + actors::get_or_create::get_or_create, + runners::list, + runners::list_names, + namespaces::list, + namespaces::create, + runner_configs::list, + runner_configs::upsert, + runner_configs::delete, + datacenters::list, + ), + components( + schemas(namespace::keys::RunnerConfigVariant) + ), + security( ("bearer_auth" = []) ), + modifiers(&SecurityAddon), +)] pub struct ApiDoc; pub async fn router( @@ -118,3 +124,19 @@ async fn auth_middleware( Ok(res) } + +struct SecurityAddon; + +impl utoipa::Modify for SecurityAddon { + fn modify(&self, openapi: &mut utoipa::openapi::OpenApi) { + openapi.components.as_mut().unwrap().add_security_scheme( + "bearer_auth", + utoipa::openapi::security::SecurityScheme::Http( + utoipa::openapi::security::HttpBuilder::new() + .scheme(utoipa::openapi::security::HttpAuthScheme::Bearer) + // .bearer_format("Rivet") + .build(), + ), + ); + } +} diff --git a/packages/core/api-public/src/runner_configs.rs b/packages/core/api-public/src/runner_configs.rs index d83da137f4..6aaaff06c6 100644 --- a/packages/core/api-public/src/runner_configs.rs +++ b/packages/core/api-public/src/runner_configs.rs @@ -21,6 +21,7 @@ use crate::ctx::ApiCtx; responses( (status = 200, body = ListResponse), ), + security(("bearer_auth" = [])), )] pub async fn list( Extension(ctx): Extension, @@ -71,6 +72,7 @@ async fn list_inner( responses( (status = 200, body = UpsertResponse), ), + security(("bearer_auth" = [])), )] pub async fn upsert( Extension(ctx): Extension, @@ -122,6 +124,7 @@ async fn upsert_inner( responses( (status = 200, body = DeleteResponse), ), + security(("bearer_auth" = [])), )] pub async fn delete( Extension(ctx): Extension, diff --git a/packages/core/api-public/src/runners.rs b/packages/core/api-public/src/runners.rs index c5ef3b744a..a5b544f55a 100644 --- a/packages/core/api-public/src/runners.rs +++ b/packages/core/api-public/src/runners.rs @@ -20,6 +20,7 @@ use crate::ctx::ApiCtx; responses( (status = 200, body = ListResponse), ), + security(("bearer_auth" = [])), )] pub async fn list( Extension(ctx): Extension, @@ -85,14 +86,15 @@ pub struct ListNamesResponse { /// - GET /runners/names (fanout) /// - [api-peer] namespace::ops::resolve_for_name_global #[utoipa::path( - get, - operation_id = "runners_list_names", - path = "/runners/names", - params(ListNamesQuery), - responses( - (status = 200, body = ListNamesResponse), - ), - )] + get, + operation_id = "runners_list_names", + path = "/runners/names", + params(ListNamesQuery), + responses( + (status = 200, body = ListNamesResponse), + ), + security(("bearer_auth" = [])), +)] pub async fn list_names( Extension(ctx): Extension, headers: HeaderMap,