Issue
I'm currently using Swagger in my NestJS project, and I have the explorer enabled:
in main.js
const options = new DocumentBuilder()
.setTitle('My App')
.setSchemes('https')
.setDescription('My App API documentation')
.setVersion('1.0')
.build()
const document = SwaggerModule.createDocument(app, options)
SwaggerModule.setup('docs', app, document, {
customSiteTitle: 'My App documentation',
})
With this, the explorer is accessible in /docs
which is what I expected. But I was wondering if it's possible to add any Authentication layer to the explorer, so only certain requests are accepted.
I want to make this explorer accessible in production, but only for authenticated users.
Thanks in advance :)
Solution
Securing access to your Swagger with HTTP Basic Auth using NestJS with Express
First run npm i express-basic-auth
then add the following to your main.{ts,js}
:
// add import
import * as basicAuth from 'express-basic-auth';
// ...
// Sometime after NestFactory add this to add HTTP Basic Auth
app.use(
['/docs', '/docs-json'],
basicAuth({
challenge: true,
users: {
yourUserName: 'p4ssw0rd',
},
}),
);
// Your code
const options = new DocumentBuilder()
.setTitle('My App')
.setSchemes('https')
.setDescription('My App API documentation')
.setVersion('1.0')
.build()
const document = SwaggerModule.createDocument(app, options)
SwaggerModule.setup('docs', app, document, {
customSiteTitle: 'My App documentation',
})
// ...
With this in place you will be prompted on any of the /docs
route with a HTTP Basic Auth prompt. We have to name /docs-json
explicitly too, to protect the generated JSON OpenAPI file.
You should not put the credentials in your code/repository but rather in your .env
and access via the ConfigService.
I have seen this solution first here.
Answered By - KiwiKilian
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.