next-rest-framework icon indicating copy to clipboard operation
next-rest-framework copied to clipboard

Published 20 hours ago verified publisher icon blomqma

Protecting doc route with auth

Open markedwards opened this issue 9 months ago • 3 comments

Looking for options to put API documentation behind auth. Is this just a matter of wrapping the GET returned by docsRoute? There's also the matter of protecting the openapi.json.

markedwards avatar May 10 '24 17:05 markedwards

An alternative here, for my use case, is simply to not serve any documentation at all, and to output openapi.json somewhere other than /public. This is an internal API which should not be publicly documented.

markedwards avatar May 10 '24 19:05 markedwards

I would go with the Next.js middleware and add redirection logic there for serving both docs route and the openapi.json file from the public folder only for authenticated users and redirect non-authenticated users to whatever auth provider you are using.

blomqma avatar May 12 '24 08:05 blomqma

Thanks, that was the plan I concocted. Have you given consideration to exposing options to configure next-rest-framework without generating a docs route? Maybe this could be done via a config file in the project root or some such.

Use cases could include:

  • only generating the openapi.json spec, without docs
  • exposing the docs using <RedocStandalone /> in a page route
  • custom handling of the generated spec, instead of saving it to /public

markedwards avatar May 12 '24 09:05 markedwards

Not planning to advance this unless there's significant demand from multiple users, closing for now but any contributions are welcome if you can make a good general solution for this.

blomqma avatar Aug 27 '24 20:08 blomqma