Basic auth via config file

[ulrikandersen]

Description

This PR adds support for specifying basic auth authentication credentials via the .framna-docs.yml configuration file located in the project repositories.

Username and password are stored in an encrypted format and are only decoded at the time of loading the specification from the remote source. Encryption is performed using an RSA public/private key pair.

In order to allow the user to easily encrypt secrets using the public key a new page is added: /encrypt. Here the user can input his secrets which is then encrypted and can be copied into the configuration file. The secret is NOT stored on the server as part of this flow.

The configuration for a remote specification with basic auth looks like the following:

name: Example
image: icon.png
remoteVersions:
  - name: Production
    specifications:
    - name: FooBar Service
      url: https://foobar.example.com/api/swagger/v1/swagger.yaml
      auth:
        type: basic
        encryptedUsername: iOYpcgoScpY+CsueQB5bk/J34GmNZbUBzeh4Em46TbUCzdX0Iwp3XbODS6WuR+sh7j5p5wI...
        encryptedPassword: lChXZ+Qf6OoakRBKAho1cYhrQQ7vlx46K/8I3eL1VZDweun4vTXdpjL5x1bGDD170tyZagT...

Motivation and Context

Remote specifications are often protected from the public Internet. Some uses IP whitelisting (which Framna Docs already supports), while others use some sort of authentication. This PR introduces basic auth as the first option. We might introduce more types in the future.

Screenshots (if appropriate):

Loading a remote spec via the new /api/remotes/[remoteConfig] endpoint.

Page for encrypting secrets using the public key.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

[github-actions]

⚠️ It looks like .env.example has changed. Remember to update the Setting Environment Variables article accordingly.

[simonbs]

🚀🚀🚀🚀🚀

Copilot reviewed 5 out of 18 changed files in this pull request and generated no suggestions.

Files not reviewed (13)

• .env.example: Language not supported
• src/app/api/proxy/route.ts: Evaluated as low risk
• src/features/projects/domain/RemoteSpecAuth.ts: Evaluated as low risk
• test/projects/RemoteConfigEncoder.test.ts: Evaluated as low risk
• src/app/api/remotes/[encodedRemoteConfig]/route.ts: Evaluated as low risk
• test/encrypt/EncryptionService.test.ts: Evaluated as low risk
• src/features/projects/domain/IProjectConfig.ts: Evaluated as low risk
• src/composition.ts: Evaluated as low risk
• src/features/projects/data/GitHubProjectDataSource.ts: Evaluated as low risk
• test/projects/GitHubProjectDataSource.test.ts: Evaluated as low risk
• src/features/encrypt/view/encryptAction.ts: Evaluated as low risk
• src/features/encrypt/EncryptionService.ts: Evaluated as low risk
• src/features/projects/domain/RemoteConfigEncoder.ts: Evaluated as low risk

Comments skipped due to low confidence (1)

src/features/projects/domain/RemoteConfig.ts:5

• [nitpick] The error message for the URL validation could be more specific. Consider providing a custom error message.

url: z.string().url(),