Protecting doc route with auth

blomqma / next-rest-framework

Type-safe, self-documenting APIs for Next.js

https://next-rest-framework.vercel.app

Other

134 stars 17 forks source link

Protecting doc route with auth #169

Open markedwards opened 3 months ago

markedwards commented 3 months ago

Looking for options to put API documentation behind auth. Is this just a matter of wrapping the GET returned by docsRoute? There's also the matter of protecting the openapi.json.

markedwards commented 3 months ago

An alternative here, for my use case, is simply to not serve any documentation at all, and to output openapi.json somewhere other than /public. This is an internal API which should not be publicly documented.

blomqma commented 3 months ago

I would go with the Next.js middleware and add redirection logic there for serving both docs route and the openapi.json file from the public folder only for authenticated users and redirect non-authenticated users to whatever auth provider you are using.

markedwards commented 3 months ago

Thanks, that was the plan I concocted. Have you given consideration to exposing options to configure next-rest-framework without generating a docs route? Maybe this could be done via a config file in the project root or some such.

Use cases could include:

only generating the openapi.json spec, without docs
exposing the docs using <RedocStandalone /> in a page route
custom handling of the generated spec, instead of saving it to /public