[ ] Regression
[ ] Bug report
[x] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.
I want to add authentication for accessing the swagger url (that only authenticated user can access swagger url to see the endpoint). Do we have a way to auth protect the swagger access url? I tried several ways like using guard, using middleware, but all not working. Do we have this feature? if so, do we have an example how to do it?
app.use(apiPath, basicAuth({
challenge: true,
users: { [apiUser]: apiPass },
}))
SwaggerModule.setup(apiPath, app, document)
// where basicAuth is
import * as basicAuth from 'express-basic-auth'
Is the fastest and most straightforward way.
To be confirmed but I had similar issue for making middleware X (like postraphile which is being exposed as middleware), that any Nest feature (like Guards, Middlewares) cannot "touch" those endpoints in any way (thus, making guards/middlewares not effective)
app.use(apiPath, basicAuth({ challenge: true, users: { [apiUser]: apiPass }, })) SwaggerModule.setup(apiPath, app, document) // where basicAuth is import * as basicAuth from 'express-basic-auth'Is the fastest and most straightforward way.
To be confirmed but I had similar issue for making middleware X (like postraphile which is being exposed as middleware), that any Nest feature (like Guards, Middlewares) cannot "touch" those endpoints in any way (thus, making guards/middlewares not effective)
Hi, It didnt work for me, only works if I remove apiPath. But in that cas enot only swagger api is protected
you must specify "/apiPath". Ex: '/docs'
Hey,
does this mean that basicAuth will show up a login popup for that particular route?
I wanted to protect my swagger docs url and I added the below code. but it is not popping up any login screen/popup
site-globals.controller.ts
import { ValidationPipe } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { DocumentBuilder, SwaggerModule } from '@nestjs/swagger';
import * as compression from 'compression';
import * as basicAuth from 'express-basic-auth';
export class SiteGlobalsController {
constructor(
private readonly configService: ConfigService,
private readonly app: any,
) {}
/**
* List of pipes to be applied globally
*/
setPipes() {
this.app.useGlobalPipes(
new ValidationPipe({
disableErrorMessages:
this.configService.get<string>('ENV', 'prod') === 'prod'
? true
: false,
whitelist: true,
}),
);
}
/**
* Sets API prefix at global level(all APIs)
* Example: /api/v1/
* 'v1' - API version to be set in .env
*/
setGlobalPrefix() {
this.app.setGlobalPrefix(
`api/${this.configService.get<string>('API_VERSION')}`,
);
}
/**
* Enables Swagger API documentation
* Docs: https://docs.nestjs.com/recipes/swagger & https://swagger.io/docs/
*/
enableSwagger() {
const options = new DocumentBuilder()
.setTitle('API example')
.setDescription('The API description')
.setVersion('1.0')
.build();
const docsPath = `api/${this.configService.get<string>(
'API_VERSION',
)}/docs`;
this.app.use(
docsPath,
basicAuth({
challenge: true,
users: { admin: 'admin' },
}),
);
const document = SwaggerModule.createDocument(this.app, options);
SwaggerModule.setup(docsPath, this.app, document);
}
/**
* Enables compression for site
*/
enableCompression() {
this.app.use(compression());
}
/**
* Enables CORS
*/
enableCORS() {
// CORS doc: https://github.com/expressjs/cors#configuration-options
this.app.enableCors();
}
}
main.ts
import { NestFactory } from '@nestjs/core';
import { ConfigService } from '@nestjs/config';
import * as dotenv from 'dotenv';
import { AppModule } from './app.module';
import { SiteGlobalsController } from './_globals/site-globals.controller';
dotenv.config();
async function bootstrap() {
const app = await NestFactory.create(AppModule);
const global = new SiteGlobalsController(new ConfigService(), app);
// Enable compression
global.enableCompression();
// Enable CORS
// global.enableCORS()
// Set Pipes globally
global.setPipes();
// Set API prefix
global.setGlobalPrefix();
// Enable Swagger API Documetation
global.enableSwagger();
await app.listen(process.env.PORT);
}
bootstrap();
How this could be applicable with a project with Fastify and not Express?
hi! for the record, and if helps somebody, i managed to auth protect swagger docs w/ fastify. you can check it out:
https://gist.github.com/iamyellow/7051e1bcd5792f22169883223141dc28
just take into account i'm using some env vars for hiding the secret "password", cookies lib as dependency for secure cookies and as a transport for the jwt token, which just has a dummy value. obviously you can change that and even add some ACL or users in your db.
Is there any plan to make it easier to setup login page for Swagger docs?
Any news yet on how to use guards like passport to protect swagger docs?
Did anybody solve it for express adapter? stuck as well
Most helpful comment
Is the fastest and most straightforward way.
To be confirmed but I had similar issue for making middleware X (like postraphile which is being exposed as middleware), that any Nest feature (like Guards, Middlewares) cannot "touch" those endpoints in any way (thus, making guards/middlewares not effective)