docs

pedro-cf · pedro-cf · commit 86bb5ef0a7ce · 2024-04-26T15:02:43.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+- Added option to include Basic Auth.
+
 ## [v2.3.0]
 
 ### Changed 
diff --git a/README.md b/README.md
@@ -272,3 +272,83 @@ curl -X "POST" "http://localhost:9200/_aliases" \
 ```
 
 The modified Items with lowercase identifiers will now be visible to users accessing `my-collection` in the STAC API.
+
+
+## Basic Auth
+
+#### Environment Variable Configuration
+
+Basic authentication is an optional feature. You can enable it by setting the environment variable `BASIC_AUTH` as a JSON string.
+
+Example:
+```
+BASIC_AUTH={"users":[{"username":"user","password":"pass","permissions":"*"}]}
+```
+
+### User Permissions Configuration
+
+In order to set endpoints with specific access permissions, you can configure the `users` key with a list of user objects. Each user object should contain the username, password, and their respective permissions.
+
+Example: This example illustrates the configuration for two users: an **admin** user with full permissions (*) and a **reader** user with limited permissions to specific read-only endpoints.
+```json
+{
+    "users": [
+        {
+            "username": "admin",
+            "password": "admin",
+            "permissions": "*"
+        },
+        {
+            "username": "reader",
+            "password": "reader",
+            "permissions": [
+                {"path": "/", "method": ["GET"]},
+                {"path": "/conformance", "method": ["GET"]},
+                {"path": "/collections/{collection_id}/items/{item_id}", "method": ["GET"]},
+                {"path": "/search", "method": ["GET", "POST"]},
+                {"path": "/collections", "method": ["GET"]},
+                {"path": "/collections/{collection_id}", "method": ["GET"]},
+                {"path": "/collections/{collection_id}/items", "method": ["GET"]},
+                {"path": "/queryables", "method": ["GET"]},
+                {"path": "/queryables/collections/{collection_id}/queryables", "method": ["GET"]},
+                {"path": "/_mgmt/ping", "method": ["GET"]}
+            ]
+        }
+    ]
+}
+```
+
+
+### Public Endpoints Configuration
+
+In order to set endpoints with public access, you can configure the public_endpoints key with a list of endpoint objects. Each endpoint object should specify the path and method of the endpoint.
+
+Example: This example demonstrates the configuration for public endpoints, allowing access without authentication to read-only endpoints.
+```json
+{
+    "public_endpoints": [
+        {"path": "/", "method": "GET"},
+        {"path": "/conformance", "method": "GET"},
+        {"path": "/collections/{collection_id}/items/{item_id}", "method": "GET"},
+        {"path": "/search", "method": "GET"},
+        {"path": "/search", "method": "POST"},
+        {"path": "/collections", "method": "GET"},
+        {"path": "/collections/{collection_id}", "method": "GET"},
+        {"path": "/collections/{collection_id}/items", "method": "GET"},
+        {"path": "/queryables", "method": "GET"},
+        {"path": "/queryables/collections/{collection_id}/queryables", "method": "GET"},
+        {"path": "/_mgmt/ping", "method": "GET"}
+    ],
+    "users": [
+        {
+            "username": "admin",
+            "password": "admin",
+            "permissions": "*"
+        }
+    ]
+}
+```
+
+### Basic Authentication Configurations
+
+See `docker-compose.basic_auth_protected.yml` and `docker-compose.basic_auth_public.yml` for basic authentication configurations.
