From c115f41dacb2fee0b64c2c0a3442ec14d10e8675 Mon Sep 17 00:00:00 2001
From: boris <boris+gitea@ntbx.io>
Date: Mon, 26 Jan 2026 13:31:08 +0000
Subject: [PATCH] Switched to Redoc

---
 app/keywarden/api/main.py               |  7 +++++-
 app/templates/ninja/swagger.html        | 32 +++++++++++++++++++++++++
 nginx/configs/options-http-headers.conf |  2 +-
 3 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 app/templates/ninja/swagger.html

diff --git a/app/keywarden/api/main.py b/app/keywarden/api/main.py
index ea7cc99..cf97bb1 100644
--- a/app/keywarden/api/main.py
+++ b/app/keywarden/api/main.py
@@ -1,7 +1,7 @@
 import inspect
 from typing import List, Optional
 
-from ninja import NinjaAPI, Router, Schema
+from ninja import NinjaAPI, Router, Schema, Redoc
 from ninja.security import django_auth
 
 from .security import JWTAuth
@@ -15,6 +15,7 @@ from .routers.access import build_router as build_access_router
 from .routers.telemetry import build_router as build_telemetry_router
 from .routers.agent import build_router as build_agent_router
 
+from django.contrib.admin.views.decorators import staff_member_required
 
 def register_routers(target_api: NinjaAPI) -> None:
     target_api.add_router("/system", build_system_router(), tags=["system"])
@@ -39,6 +40,8 @@ api = build_api(
     version="1.0.0",
     description="Authenticated API for internal app use and external clients.",
     auth=[django_auth, JWTAuth()],
+    docs=Redoc(),
+    docs_decorator=staff_member_required,
 )
 register_routers(api)
 
@@ -48,5 +51,7 @@ api_v1 = build_api(
     description="Authenticated API for internal app use and external clients.",
     auth=[django_auth, JWTAuth()],
     urls_namespace="api-v1",
+    docs=Redoc(),
+    docs_decorator=staff_member_required,
 )
 register_routers(api_v1)
diff --git a/app/templates/ninja/swagger.html b/app/templates/ninja/swagger.html
new file mode 100644
index 0000000..a4655bc
--- /dev/null
+++ b/app/templates/ninja/swagger.html
@@ -0,0 +1,32 @@
+{% load static %}
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>{{ title|default:"Keywarden API" }}</title>
+    <link rel="stylesheet" href="{% static 'ninja/swagger-ui.css' %}">
+    <style>
+      .swagger-ui .opblock-summary {
+        flex-direction: row;
+        flex-wrap: nowrap;
+      }
+      .swagger-ui .opblock-summary-path {
+        max-width: none;
+        white-space: nowrap;
+        word-break: normal;
+        overflow-wrap: normal;
+        writing-mode: horizontal-tb;
+      }
+      .swagger-ui .opblock-summary-path a {
+        white-space: nowrap;
+      }
+    </style>
+  </head>
+  <body data-api-csrf="{{ add_csrf|yesno:'true,false' }}" data-csrf-token="{{ csrf_token }}">
+    <div id="swagger-ui"></div>
+    <script id="swagger-settings" type="application/json">{{ swagger_settings|safe }}</script>
+    <script src="{% static 'ninja/swagger-ui-bundle.js' %}"></script>
+    <script src="{% static 'ninja/swagger-ui-init.js' %}"></script>
+  </body>
+</html>
diff --git a/nginx/configs/options-http-headers.conf b/nginx/configs/options-http-headers.conf
index 9264753..a53dd1a 100644
--- a/nginx/configs/options-http-headers.conf
+++ b/nginx/configs/options-http-headers.conf
@@ -1,4 +1,4 @@
-add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-eval'; style-src * 'unsafe-inline'";
+add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'";
 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-Content-Type-Options nosniff;
 add_header Referrer-Policy "strict-origin";