fix(api): fix openapi security

Author: MasterPtato

out/openapi.json

@@ -45,6 +45,7 @@ pub struct DeleteResponse {}
     responses(
         (status = 200, body = DeleteResponse),
     ),
+	security(("bearer_auth" = [])),
 )]
 pub async fn delete(
 	Extension(ctx): Extension<ApiCtx>,

packages/core/api-public/src/actors/delete.rs

@@ -24,6 +24,7 @@ use crate::ctx::ApiCtx;
     responses(
         (status = 200, body = ListNamesResponse),
     ),
+	security(("bearer_auth" = [])),
 )]
 pub async fn list_names(
 	Extension(ctx): Extension<ApiCtx>,

packages/core/api-public/src/actors/list_names.rs

@@ -16,6 +16,7 @@ use crate::ctx::ApiCtx;
     responses(
         (status = 200, body = ListResponse),
     ),
+	security(("bearer_auth" = [])),
 )]
 pub async fn list(Extension(ctx): Extension<ApiCtx>) -> Response {
 	match list_inner(ctx).await {

packages/core/api-public/src/datacenters.rs

@@ -19,6 +19,7 @@ use crate::ctx::ApiCtx;
     responses(
         (status = 200, body = ListResponse),
     ),
+	security(("bearer_auth" = [])),
 )]
 pub async fn list(
 	Extension(ctx): Extension<ApiCtx>,
@@ -59,6 +60,7 @@ async fn list_inner(ctx: ApiCtx, headers: HeaderMap, query: ListQuery) -> Result
     responses(
         (status = 200, body = CreateResponse),
     ),
+	security(("bearer_auth" = [])),
 )]
 pub async fn create(
 	Extension(ctx): Extension<ApiCtx>,

packages/core/api-public/src/namespaces.rs

@@ -10,22 +10,28 @@ use utoipa::OpenApi;
 use crate::{actors, ctx, datacenters, namespaces, runner_configs, runners, ui};
 
 #[derive(OpenApi)]
-#[openapi(paths(
-	actors::list::list,
-	actors::create::create,
-	actors::delete::delete,
-	actors::list_names::list_names,
-	actors::get_or_create::get_or_create,
-	runners::list,
-	runners::list_names,
-	namespaces::list,
-	namespaces::create,
-	runner_configs::list,
-	runner_configs::upsert,
-	runner_configs::delete,
-	datacenters::list,
-))]
-#[openapi(components(schemas(namespace::keys::RunnerConfigVariant)))]
+#[openapi(
+	paths(
+		actors::list::list,
+		actors::create::create,
+		actors::delete::delete,
+		actors::list_names::list_names,
+		actors::get_or_create::get_or_create,
+		runners::list,
+		runners::list_names,
+		namespaces::list,
+		namespaces::create,
+		runner_configs::list,
+		runner_configs::upsert,
+		runner_configs::delete,
+		datacenters::list,
+	),
+	components(
+		schemas(namespace::keys::RunnerConfigVariant)
+	),
+	security( ("bearer_auth" = []) ),
+    modifiers(&SecurityAddon),
+)]
 pub struct ApiDoc;
 
 pub async fn router(
@@ -118,3 +124,19 @@ async fn auth_middleware(
 
 	Ok(res)
 }
+
+struct SecurityAddon;
+
+impl utoipa::Modify for SecurityAddon {
+	fn modify(&self, openapi: &mut utoipa::openapi::OpenApi) {
+		openapi.components.as_mut().unwrap().add_security_scheme(
+			"bearer_auth",
+			utoipa::openapi::security::SecurityScheme::Http(
+				utoipa::openapi::security::HttpBuilder::new()
+					.scheme(utoipa::openapi::security::HttpAuthScheme::Bearer)
+					// .bearer_format("Rivet")
+					.build(),
+			),
+		);
+	}
+}

packages/core/api-public/src/router.rs

@@ -21,6 +21,7 @@ use crate::ctx::ApiCtx;
 	responses(
 		(status = 200, body = ListResponse),
 	),
+	security(("bearer_auth" = [])),
 )]
 pub async fn list(
 	Extension(ctx): Extension<ApiCtx>,
@@ -71,6 +72,7 @@ async fn list_inner(
 	responses(
 		(status = 200, body = UpsertResponse),
 	),
+	security(("bearer_auth" = [])),
 )]
 pub async fn upsert(
 	Extension(ctx): Extension<ApiCtx>,
@@ -122,6 +124,7 @@ async fn upsert_inner(
 	responses(
 		(status = 200, body = DeleteResponse),
 	),
+	security(("bearer_auth" = [])),
 )]
 pub async fn delete(
 	Extension(ctx): Extension<ApiCtx>,

packages/core/api-public/src/runner_configs.rs

@@ -20,6 +20,7 @@ use crate::ctx::ApiCtx;
     responses(
         (status = 200, body = ListResponse),
     ),
+	security(("bearer_auth" = [])),
 )]
 pub async fn list(
 	Extension(ctx): Extension<ApiCtx>,
@@ -85,14 +86,15 @@ pub struct ListNamesResponse {
 /// - GET /runners/names (fanout)
 /// - [api-peer] namespace::ops::resolve_for_name_global
 #[utoipa::path(
-		get,
-		operation_id = "runners_list_names",
-		path = "/runners/names",
-		params(ListNamesQuery),
-		responses(
-			(status = 200, body = ListNamesResponse),
-		),
-	)]
+	get,
+	operation_id = "runners_list_names",
+	path = "/runners/names",
+	params(ListNamesQuery),
+	responses(
+		(status = 200, body = ListNamesResponse),
+	),
+	security(("bearer_auth" = [])),
+)]
 pub async fn list_names(
 	Extension(ctx): Extension<ApiCtx>,
 	headers: HeaderMap,