DEV Community

Discussion on: How to secure your OpenAPI Specification and Swagger UI in a NestJS application

Collapse
 
mahnuh profile image
Manuel Heidrich

Thanks @kiwikilian!

I updated my post with your proposal. Honestly, I did not know about the -json part, it is cool though!

I also was wondering why using ConfigurationService instead of directly accessing the env variables would be a better idea?

Collapse
 
kiwikilian profile image
Kilian

Cool! You can use the JSON format of your OpenAPI with other generator tools for example to generate types and fetch functions for your frontend application.

The ConfigurationService would simply be the most NestJS way of doing it. It’s awesome to validate your envs so you don’t forget about configuring something. But it’s not necessary, just a further read: docs.nestjs.com/techniques/configu...

Thread Thread
 
kiwikilian profile image
Kilian

@mahnuh another update, there is also /docs-yaml, so best is to secure with regex /docs* or name all three paths explicitly.