I did not find how to turn off swagger for controllers/methods. It could be a good feature. If there is any way to turn off swagger, I will be grateful for explaining ho to do that.
PR has been merged. This feature will be available in the next release (v2.1.0)
Hi, I didn't find a way to hide the controller in the nestjs/swagger documentation can somebody nudge me in right direction.
Hi, I didn't find a way to hide the controller in the nestjs/swagger documentation can somebody nudge me in right direction.
No issues, got it ! : P
For people with the same question, you can apply the @ApiExcludeEndpoint() to a controller method to exclude it from the Swagger documentation.
It's mentioned in the documentation under decorators.
https://docs.nestjs.com/recipes/swagger#decorators
It's not explained, nor is there an example, so it's easy to look over.
@ ApiExcludeEndpoint() decorator only hides the endpoint from Swagger - not from an outer access.
is there a way to also hide the endpoint(by condition) from an external source?
thanks.
@ ApiExcludeEndpoint() decorator only hides the endpoint from Swagger - not from an outer access.
is there a way to also hide the endpoint(by condition) from an external source?
thanks.
The swagger annotations are only for generating an API spec. There's no real way to "hide" an endpoint through your server. Technically if you didn't make a swagger API spec, all the endpoints would be unlisted, but still accessible from the outside world.
To solve your problem, you need to figure out a way to programmatically differentiate between requests from external and internal sources (ex, using the AuthGuard, where you assume that all authenticated requests are internal, and all external requests, you return a 404). You could also somehow firewall off those endpoints to IP ranges that are not part of your internal network.
@ ApiExcludeEndpoint() decorator only hides the endpoint from Swagger - not from an outer access.
is there a way to also hide the endpoint(by condition) from an external source?
thanks.The swagger annotations are only for generating an API spec. There's no real way to "hide" an endpoint through your server. Technically if you didn't make a swagger API spec, all the endpoints would be unlisted, but still accessible from the outside world.
To solve your problem, you need to figure out a way to programmatically differentiate between requests from external and internal sources (ex, using the AuthGuard, where you assume that all authenticated requests are internal, and all external requests, you return a 404). You could also somehow firewall off those endpoints to IP ranges that are not part of your internal network.
At the end I solved it using process env variables, that gave me the ability to differentiate between the environments.
The main point was to keep those endpoints hidden in production.
I've asked here because I thought that there is some way to achieve it via Nest's utilities.
Thanks anyway for the reply :-)
How about hiding an entire controller from swagger documentation? Is that at all possible, without implementing (even if by .super()ring) method-by-method inside the controller?
For people with the same question, you can apply the
@ApiExcludeEndpoint()to a controller method to exclude it from the Swagger documentation.It's mentioned in the documentation under decorators.
https://docs.nestjs.com/recipes/swagger#decorators
It's not explained, nor is there an example, so it's easy to look over.
So instead of hiding methods. Is there a way to hide the whole controller?
@kamilmysliwiec sorry for tagging, any suggestions please?
I'm using nx project where a module is shared between multiple apps. Thus I really this feature or any work around would be highly appreciate
So instead of hiding methods. Is there a way to hide the whole controller?
please any solution to this yet @kamilmysliwiec ?
Most helpful comment
How about hiding an entire controller from swagger documentation? Is that at all possible, without implementing (even if by .super()ring) method-by-method inside the controller?