Swagger: Feature Request: Turn off swagger for methods/controllers

Created on 24 May 2018  路  11Comments  路  Source: nestjs/swagger

I did not find how to turn off swagger for controllers/methods. It could be a good feature. If there is any way to turn off swagger, I will be grateful for explaining ho to do that.

feature request

Most helpful comment

How about hiding an entire controller from swagger documentation? Is that at all possible, without implementing (even if by .super()ring) method-by-method inside the controller?

For people with the same question, you can apply the @ApiExcludeEndpoint() to a controller method to exclude it from the Swagger documentation.

It's mentioned in the documentation under decorators.

https://docs.nestjs.com/recipes/swagger#decorators

It's not explained, nor is there an example, so it's easy to look over.

All 11 comments

PR has been merged. This feature will be available in the next release (v2.1.0)

Hi, I didn't find a way to hide the controller in the nestjs/swagger documentation can somebody nudge me in right direction.

Hi, I didn't find a way to hide the controller in the nestjs/swagger documentation can somebody nudge me in right direction.

No issues, got it ! : P

For people with the same question, you can apply the @ApiExcludeEndpoint() to a controller method to exclude it from the Swagger documentation.

It's mentioned in the documentation under decorators.

https://docs.nestjs.com/recipes/swagger#decorators

It's not explained, nor is there an example, so it's easy to look over.

@ ApiExcludeEndpoint() decorator only hides the endpoint from Swagger - not from an outer access.

is there a way to also hide the endpoint(by condition) from an external source?

thanks.

@ ApiExcludeEndpoint() decorator only hides the endpoint from Swagger - not from an outer access.

is there a way to also hide the endpoint(by condition) from an external source?

thanks.

The swagger annotations are only for generating an API spec. There's no real way to "hide" an endpoint through your server. Technically if you didn't make a swagger API spec, all the endpoints would be unlisted, but still accessible from the outside world.

To solve your problem, you need to figure out a way to programmatically differentiate between requests from external and internal sources (ex, using the AuthGuard, where you assume that all authenticated requests are internal, and all external requests, you return a 404). You could also somehow firewall off those endpoints to IP ranges that are not part of your internal network.

@ ApiExcludeEndpoint() decorator only hides the endpoint from Swagger - not from an outer access.
is there a way to also hide the endpoint(by condition) from an external source?
thanks.

The swagger annotations are only for generating an API spec. There's no real way to "hide" an endpoint through your server. Technically if you didn't make a swagger API spec, all the endpoints would be unlisted, but still accessible from the outside world.

To solve your problem, you need to figure out a way to programmatically differentiate between requests from external and internal sources (ex, using the AuthGuard, where you assume that all authenticated requests are internal, and all external requests, you return a 404). You could also somehow firewall off those endpoints to IP ranges that are not part of your internal network.

At the end I solved it using process env variables, that gave me the ability to differentiate between the environments.

The main point was to keep those endpoints hidden in production.

I've asked here because I thought that there is some way to achieve it via Nest's utilities.

Thanks anyway for the reply :-)

How about hiding an entire controller from swagger documentation? Is that at all possible, without implementing (even if by .super()ring) method-by-method inside the controller?

For people with the same question, you can apply the @ApiExcludeEndpoint() to a controller method to exclude it from the Swagger documentation.

It's mentioned in the documentation under decorators.

https://docs.nestjs.com/recipes/swagger#decorators

It's not explained, nor is there an example, so it's easy to look over.

So instead of hiding methods. Is there a way to hide the whole controller?

@kamilmysliwiec sorry for tagging, any suggestions please?
I'm using nx project where a module is shared between multiple apps. Thus I really this feature or any work around would be highly appreciate

So instead of hiding methods. Is there a way to hide the whole controller?

please any solution to this yet @kamilmysliwiec ?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

otroboe picture otroboe  路  3Comments

kalaivanan-muthusamy picture kalaivanan-muthusamy  路  4Comments

ph55 picture ph55  路  3Comments

vh13294 picture vh13294  路  4Comments

alisherks picture alisherks  路  4Comments