[英]Disable Swagger on Node/Express API
I'm using Swagger to document my Node/Express API on my dev environment.我正在使用 Swagger 在我的开发环境中记录我的节点/Express API。 It's working perfectly but now I need to disable it when going to production, in order to not let the API definition publicly reachable.
它运行良好,但现在我需要在生产时禁用它,以免公开访问 API 定义。
Is there a way to do it, using some npm script for example?有没有办法做到这一点,例如使用一些 npm 脚本?
Thanks谢谢
Keeping in line with convention, you wanna set NODE_ENV environment variable (environment variables are values set on OS, with no dependence to your app) to make things depend on the environment you're currently on.按照惯例,您想设置 NODE_ENV 环境变量(环境变量是在操作系统上设置的值,不依赖于您的应用程序)以使事情取决于您当前所在的环境。 This'll heavily depend on where do you host your production app.
这在很大程度上取决于您在何处托管生产应用程序。
node app.js
or npm run start
(Or maybe you're using docker and your script ends with one of these commands.) In any case, before the execution of the "run application" command, make sure environment is set to production via export NODE_ENV=production
command.node app.js
或npm run start
运行您的应用程序(或者您可能正在使用 docker 并且您的脚本以这些命令之一结束。 ) 无论如何,在执行“运行应用程序”命令之前,请确保通过export NODE_ENV=production
命令export NODE_ENV=production
环境设置为生产。 You can check whether it worked via echo $NODE_ENV
command.echo $NODE_ENV
命令检查它是否有效。 Anyhow, once you're sure that NODE_ENV is production when the app is running in production, and with these assumptions:无论如何,一旦您确定 NODE_ENV 在应用程序在生产环境中运行时是生产环境,并且具有以下假设:
With these assumptions, make it so that this is the first "app.use" type, middleware definition in your code:有了这些假设,使它成为代码中第一个“app.use”类型的中间件定义:
if(process.env.NODE_ENV === "production"){
app.use('/docs', (req, res, next) => {
res.status(404).send("Not Found");
});
}
If any of the assumptions I've made does not pertain to your case, adjust them accordingly.如果我所做的任何假设与您的情况不相关,请相应地调整它们。 And you're done.
你已经完成了。
If using swagger-express-mw
and swagger-tools
for swagger-UI如果对swagger-UI使用
swagger-express-mw
和swagger-tools
This is how i do the same inside my app.js这就是我在 app.js 中做同样的事情
if (process.env.NODE_ENV === 'development') {
SwaggerExpress.create(config, function (err, swaggerExpress) {
if (err) { throw err; }
app.use(SwaggerUi(swaggerExpress.runner.swagger));
// install middleware
swaggerExpress.register(app);
app.listen(PORT);
});
} else {
app.listen(PORT, () => console.log(`Server started @ Port - ${PORT}`));
}
Instead of or in addition to disabling the Swagger UI, you might also choose to access protect it.除了禁用 Swagger UI 之外,您还可以选择对其进行访问保护。 Here's how we did both using HTTP Basic Auth.
以下是我们如何使用 HTTP Basic Auth 完成这两项操作。 In your
main.ts
or equivalent, here with a Node.js application using NEST:在您的
main.ts
或等效文件中,这里有一个使用 NEST 的 Node.js 应用程序:
const customNestApplication = (app: INestApplication) => {
// [...]
const swaggerEnabled = configService.get('swagger.enabled', { infer: true });
if (
swaggerEnabled &&
configService.get('swagger.auth.user', { infer: true }) &&
configService.get('swagger.auth.password', { infer: true })
) {
app.use(
`${configService.get('swagger.path', { infer: true })}`,
basicAuth({
challenge: true,
users: {
[configService.get('swagger.auth.user', { infer: true })]:
configService.get('swagger.auth.password', { infer: true }),
},
}),
);
}
// Set up Swagger as usual, etc.
// [...]
return app.listen(port);
};
See also another answer specifically about Swagger auth, for more details.有关更多详细信息,另请参阅另一个专门关于 Swagger 身份验证的答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.