init commit

2025-06-05 09:17:47 -04:00
commit db8ec76921
53 changed files with 12126 additions and 0 deletions
--- a/templates/openapi/security.yaml
+++ b/templates/openapi/security.yaml
@@ -0,0 +1,101 @@
+AWS4-HMAC-SHA256:
+  type: apiKey
+  description: |
+    AWS Signature Version 4 authentication for S3 API endpoints.
+    
+    ## Authentication Process
+    1. Create a canonical request
+    2. Create a string to sign
+    3. Calculate the signature using HMAC-SHA256
+    4. Add the authorization header or query parameters
+    
+    ## Authorization Header Format
+    ```
+    Authorization: AWS4-HMAC-SHA256 Credential=<AccessKey>/<Date>/<Region>/s3/aws4_request,SignedHeaders=<SignedHeaders>,Signature=<Signature>
+    ```
+    
+    ## Query String Format (for presigned URLs)
+    ```
+    ?X-Amz-Algorithm=AWS4-HMAC-SHA256
+    &X-Amz-Credential=<AccessKey>/<Date>/<Region>/s3/aws4_request
+    &X-Amz-Date=<Timestamp>
+    &X-Amz-Expires=<ExpirationTime>
+    &X-Amz-SignedHeaders=<SignedHeaders>
+    &X-Amz-Signature=<Signature>
+    ```
+    
+    ## Required Headers
+    - `Authorization`: The calculated authorization value
+    - `x-amz-date`: Timestamp in ISO 8601 format (YYYYMMDDTHHMMSSZ)
+    - `x-amz-content-sha256`: SHA256 hash of the request payload
+    
+    ## Example
+    ```
+    Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20230115/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-date,Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024
+    x-amz-date: 20230115T103000Z
+    x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+    ```
+  name: Authorization
+  in: header
+
+ApiKey:
+  type: apiKey
+  description: |
+    API key authentication for management console endpoints.
+    
+    ## Usage
+    Include your API key in the `X-API-Key` header for all management API requests.
+    
+    ## Example
+    ```
+    X-API-Key: your-api-key-here
+    ```
+    
+    ## Obtaining an API Key
+    API keys can be generated through the management console or by contacting your administrator.
+    
+    ## Permissions
+    API keys have full access to the management API and should be kept secure.
+  name: X-API-Key
+  in: header
+
+BearerAuth:
+  type: http
+  scheme: bearer
+  bearerFormat: JWT
+  description: |
+    JWT Bearer token authentication (optional alternative for management API).
+    
+    ## Usage
+    Include the JWT token in the Authorization header:
+    ```
+    Authorization: Bearer <jwt-token>
+    ```
+    
+    ## Token Structure
+    The JWT token contains claims about the user's permissions and expires after a set period.
+    
+    ## Example
+    ```
+    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
+    ```
+
+BasicAuth:
+  type: http
+  scheme: basic
+  description: |
+    HTTP Basic authentication (for simple setups).
+    
+    ## Usage
+    Encode username:password in Base64 and include in Authorization header:
+    ```
+    Authorization: Basic <base64-encoded-credentials>
+    ```
+    
+    ## Example
+    ```
+    Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
+    ```
+    
+    ## Note
+    Basic auth should only be used over HTTPS in production environments.