[DOC] nits and fixes (#2107)

- Fix broken links
- Fix broken styles
- Move auth out of usage-guide and into a new Auth page 
- Fix code styling
- Lessen code "overflow" with new lines

Author: jeffchuber

.vscode/settings.json

@@ -132,4 +132,4 @@
     "unordered_set": "cpp",
     "algorithm": "cpp"
   },
-}
+}

docs/docs.trychroma.com/components/CodeBlock.tsx

@@ -8,6 +8,7 @@ import Prism from 'prismjs';
 require(`prismjs/components/prism-python.min.js`);
 require(`prismjs/components/prism-bash.min.js`);
 require(`prismjs/components/prism-javascript.min.js`);
+require(`prismjs/components/prism-yaml.js`);
 require(`prismjs/components/prism-json.min.js`);
 
 Prism.languages.python = {
@@ -52,6 +53,18 @@ export function CodeBlock({children, 'data-language': language, filename, codeta
   }
 
   const [highlightedCode, setHighlightedCode] = React.useState('');
+  const [codeWithoutSyntax, setCodeWithoutSyntax] = React.useState('');
+  var code$Regex = /^(.*?)#\s*\[\!code\s*\$\]\s*(.*)$/;
+
+  // children without code$Regex
+  // iterate over the children and remove the code$Regex
+  let newChildren = children.split('\n').map((line) => {
+    let match = line.match(code$Regex);
+    if (match) {
+      return match[1].trim()
+    }
+    return line
+  }).join('\n')
 
   React.useEffect(() => {
     async function highlight() {
@@ -66,8 +79,8 @@ export function CodeBlock({children, 'data-language': language, filename, codeta
 
         var wrappedLines = lines.map(function(line) {
           // Regex to match the marker with flexible whitespace
-          var regex = /^(.*?)#\s*\[\!code\s*\$\]\s*(.*)$/;
-          var match = line.match(regex);
+
+          var match = line.match(code$Regex);
           if (match) {
             // If it does, remove the marker and wrap the line with div.line and add the class
             // `match[1]` contains the line without the marker
@@ -76,6 +89,7 @@ export function CodeBlock({children, 'data-language': language, filename, codeta
             // Otherwise, just wrap the line with div.line
             return '<div class="line">' + line + '</div>';
           }
+
         }).join('');
 
         // Replace the highlightedCode with the wrapped lines
@@ -121,7 +135,7 @@ export function CodeBlock({children, 'data-language': language, filename, codeta
     <div className="rounded-md code reset text-sm" aria-live="polite"
       style={{borderRadius: '0.5rem', position: 'relative', marginBottom: marginBottom}}
     >
-      <CopyToClipboardButton className={`absolute ${copyIconColor} border-0 right-3 p-0.5`} textToCopy={children} customStyle={{top: copyButtonTop}}/>
+      <CopyToClipboardButton className={`absolute ${copyIconColor} border-0 right-3 p-0.5`} textToCopy={newChildren} customStyle={{top: copyButtonTop}}/>
       <CustomHeader language={language} filename={filename} codetab={codetab}/>
       <pre className='py-4 px-6 overflow-x-scroll'>
         <code className={`language-${language}`} dangerouslySetInnerHTML={{ __html: highlightedCode }}>

docs/docs.trychroma.com/pages/about.md

@@ -8,11 +8,11 @@ title: "👽 About"
 We are hiring software engineers and applied research scientists.
 {% /note %}
 
-[➡️ View open roles on Notion](https://www.notion.so/trychroma/careers-chroma-9d017c3007c7478ebd85bad854101497?pvs=4)
+[➡️ View open roles](https://careers.trychroma.com/)
 
 Chroma as a project is coordinated by a small team of full-time employees who work at a company also called Chroma.
 
-We work in the sunny neighborhood of Potrero Hill in San Francisco.
+We work in the sunny Mission District in San Francisco.
 
 Chroma is co-founded by [Jeff Huber](https://twitter.com/jeffreyhuber) (left) and [Anton Troynikov](https://twitter.com/atroyn) (right).
 

docs/docs.trychroma.com/pages/deployment/_sidenav.js

@@ -24,7 +24,7 @@ export const items = [
         { href: '/deployment/migration', children: '✈️ Migration' },
         // { href: '/deployment/security', children: 'Security' },
         // { href: '/deployment/encryption', children: 'Encryption' },
-        // { href: '/deployment/auth', children: 'Auth' },
+        { href: '/deployment/auth', children: '🔒 Auth' },
         // { href: '/deployment/performance', children: 'Performance' },
       ]
     },

docs/docs.trychroma.com/pages/deployment/auth.md

@@ -1,3 +1,186 @@
 ---
-title: Auth
+title: 🔒 Auth
 ---
+
+
+You can configure Chroma to use authentication when in server/client mode only.
+
+Supported authentication methods:
+
+{% special_table %}
+{% /special_table %}
+
+| Authentication Method | Basic Auth (Pre-emptive)                                                                                                  | Static API Token                                                                              |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- |
+| Description           | [RFC 7617](https://www.rfc-editor.org/rfc/rfc7617) Basic Auth with `user:password` base64-encoded `Authorization` header. | Static auth token in `Authorization: Bearer <token>` or in `X-Chroma-Token: <token>` headers. |
+| Status                | `Alpha`                                                                                                                   | `Alpha`                                                                                       |
+| Server-Side Support   | ✅ `Alpha`                                                                                                                | ✅ `Alpha`                                                                                    |
+| Client/Python         | ✅ `Alpha`                                                                                                                | ✅ `Alpha`                                                                                    |
+| Client/JS             | ✅ `Alpha`                                                                                                                | ✅ `Alpha`                                                                                    |
+
+### Basic Authentication
+
+#### Server Setup
+
+##### Generate Server-Side Credentials
+
+{% note type="note" title="Security Practices" %}
+A good security practice is to store the password securely. In the example below we use [bcrypt](https://en.wikipedia.org/wiki/Bcrypt) (currently the only supported hash in Chroma server side auth) to hash the plaintext password.
+{% /note %}
+
+To generate the password hash, run the following command:
+
+```bash
+docker run --rm --entrypoint htpasswd httpd:2 -Bbn admin admin > server.htpasswd
+```
+
+This creates the bcrypt password hash for the password `admin` and puts it into `server.htpasswd` alongside the user `admin`. It will look like `admin:<password hash>`.
+
+##### Running the Server
+
+Set the following environment variables:
+
+```bash
+export CHROMA_SERVER_AUTHN_CREDENTIALS_FILE="server.htpasswd"
+export CHROMA_SERVER_AUTHN_PROVIDER="chromadb.auth.basic_authn.BasicAuthenticationServerProvider"
+```
+
+And run the server as normal:
+
+```bash
+chroma run --path /db_path
+```
+
+{% tabs group="code-lang" hideTabs=true %}
+{% tab label="Python" %}
+
+#### Client Setup
+
+```python
+import chromadb
+from chromadb.config import Settings
+
+client = chromadb.HttpClient(
+  settings=Settings(chroma_client_auth_provider="chromadb.auth.basic_authn.BasicAuthClientProvider",chroma_client_auth_credentials="admin:admin"))
+client.heartbeat()  # this should work with or without authentication - it is a public endpoint
+
+client.get_version()  # this should work with or without authentication - it is a public endpoint
+
+client.list_collections()  # this is a protected endpoint and requires authentication
+```
+
+{% /tab %}
+{% tab label="Javascript" %}
+
+#### Client Setup
+
+```js
+import { ChromaClient } from "chromadb";
+
+const client = new ChromaClient({
+  auth: { provider: "basic", credentials: "admin:admin" },
+});
+```
+
+
+{% /tab %}
+
+{% /tabs %}
+
+### Static API Token Authentication
+
+{% note type="note" title="Tokens" %}
+Tokens must be alphanumeric ASCII strings. Tokens are case-sensitive.
+{% /note %}
+
+#### Server Setup
+
+{% note type="note" title="Security Note" %}
+Current implementation of static API token auth supports only ENV based tokens.
+{% /note %}
+
+##### Running the Server
+
+Set the following environment variables to use `Authorization: Bearer test-token` to be your authentication header. All environment variables can also be set as [Settings](https://docs.trychroma.com/deployment#step-5-configure-the-chroma-library).
+
+```bash
+export CHROMA_SERVER_AUTHN_CREDENTIALS="test-token"
+export CHROMA_SERVER_AUTHN_PROVIDER="chromadb.auth.token_authn.TokenAuthenticationServerProvider"
+```
+
+To configure multiple tokens and use them for role-based access control (RBAC), use a file like [this](https://github.com/chroma-core/chroma/blob/main/examples/basic_functionality/authz/authz.yaml) and the following configuration settings:
+
+```bash
+export CHROMA_SERVER_AUTHN_CREDENTIALS_FILE=<path_to_authz.yaml>
+export CHROMA_SERVER_AUTHZ_CONFIG_FILE=<path_to_authz.yaml>  # Note: these are the same!
+export CHROMA_SERVER_AUTHN_PROVIDER="chromadb.auth.token_authn.TokenAuthenticationServerProvider"
+export CHROMA_SERVER_AUTHZ_PROVIDER="chromadb.auth.simple_rbac_authz.SimpleRBACAuthorizationProvider"
+```
+
+To use `X-Chroma-Token: test-token` type of authentication header you can set the `CHROMA_AUTH_TOKEN_TRANSPORT_HEADER` environment variable or configuration setting.
+
+```bash
+export CHROMA_SERVER_AUTHN_CREDENTIALS="test-token"
+export CHROMA_SERVER_AUTHN_PROVIDER="chromadb.auth.token_authn.TokenAuthenticationServerProvider"
+export CHROMA_AUTH_TOKEN_TRANSPORT_HEADER="X_CHROMA_TOKEN"
+
+{% tabs group="code-lang" hideTabs=true %}
+{% tab label="Python" %}
+
+#### Client Setup
+
+```python
+import chromadb
+from chromadb.config import Settings
+
+client = chromadb.HttpClient(
+    settings=Settings(chroma_client_auth_provider="chromadb.auth.token_authn.TokenAuthClientProvider",
+                      chroma_client_auth_credentials="test-token"))
+client.heartbeat()  # this should work with or without authentication - it is a public endpoint
+
+client.get_version()  # this should work with or without authentication - it is a public endpoint
+
+client.list_collections()  # this is a protected endpoint and requires authentication
+```
+
+{% /tab %}
+{% tab label="Javascript" %}
+
+#### Client Setup
+
+Using the default `Authorization: Bearer <token>` header:
+
+```js
+import { ChromaClient } from "chromadb";
+
+const client = new ChromaClient({
+  auth: { provider: "token", credentials: "test-token" },
+});
+//or explicitly specifying the auth header type
+const client = new ChromaClient({
+  auth: {
+    provider: "token",
+    credentials: "test-token",
+    tokenHeaderType: "AUTHORIZATION",
+  },
+});
+```
+
+Using custom Chroma auth token `X-Chroma-Token: <token>` header:
+
+```js
+import { ChromaClient } from "chromadb";
+
+const client = new ChromaClient({
+  auth: {
+    provider: "token",
+    credentials: "test-token",
+    tokenHeaderType: "X_CHROMA_TOKEN",
+  },
+});
+```
+
+
+{% /tab %}
+
+{% /tabs %}

docs/docs.trychroma.com/pages/deployment/aws.md

@@ -1,5 +1,5 @@
 ---
-title: "☁️ Deployment"
+title: "☁️ AWS Deployment"
 ---
 
 {% note type="caution" title="Alpha" %}

docs/docs.trychroma.com/pages/deployment/index.md

@@ -29,4 +29,5 @@ Running a server in production requires a few additional steps to ensure the ser
 |--------------|
 | [👀 Observability](/deployment/observability) |
 | [✈️ Migration](/deployment/migration) |
+| [🔒 Auth](/deployment/auth) |
 | 🚧 *More Coming Soon* |