swagger.json not secured #71
Comments
|
As a workaround, you can use this solution: // main.ts
import { NestExpressApplication, ExpressAdapter } from '@nestjs/platform-express';
import { Express, NextFunction, Request, Response } from 'express';
import createApplication from 'express';
/**
* Fix: swagger.json is not secured
* @param expressApp
*/
function setupSwaggerProtection(expressApp: Express) {
const protection = (req: Request, res: Response, next: NextFunction) => {
const authHeader = req.headers.authorization;
if (authHeader) {
const credentials = authHeader.split(' ')[1];
const [username, password] = Buffer.from(credentials, 'base64')
.toString()
.split(':');
if (
// replace with your auth params
username === 'USER' &&
password === 'PASSWORD'
) {
return next();
}
}
res.setHeader('WWW-Authenticate', 'Basic realm="Restricted Area"');
res.status(401).send('Authentication required');
};
// Replace openapi with your actual Redoc path
expressApp.use('/openapi/swagger.json', protection);
}
async function bootstrap() {
const expressApp = createApplication();
setupSwaggerProtection(expressApp);
const app = await NestFactory.create<NestExpressApplication>(
AppModule,
new ExpressAdapter(expressApp),
{
bufferLogs: true,
},
);
// ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When I'm protect my documentation with
this works for main page, but doesn't protect access to swagger.json!!!
See related
#19 (comment)
The text was updated successfully, but these errors were encountered: