Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

expose new build-in swagger api UI #1944

Closed
2 of 3 tasks
6543 opened this issue Jul 7, 2023 · 4 comments
Closed
2 of 3 tasks

expose new build-in swagger api UI #1944

6543 opened this issue Jul 7, 2023 · 4 comments
Labels
enhancement improve existing features good first issue Likely to be an easy fix server ui frontend related
Milestone
2.0.0

Comments

@6543
Copy link
Member

6543 commented Jul 7, 2023
edited
Loading

e.g. https://ci.woodpecker-ci.org/swagger/index.html
@6543 6543 added server ui frontend related enhancement improve existing features good first issue Likely to be an easy fix labels Jul 7, 2023
@6543 6543 mentioned this issue Jul 7, 2023
Closed
5 tasks
@lonix1
Copy link
Contributor

lonix1 commented Jul 7, 2023

Also

  • a setting to disable swagger ui (e.g. in production)
  • custom path to hide ui from prying eyes (e.g. woodpecker.example.com/foo/bar/swagger)

@6543
Copy link
Member Author

6543 commented Jul 7, 2023

hide it would not make a difference as api is public documented anyway - we are a opensource project and follow good security practices 😆 (not security by obscurity) ... anyway disable it is a valid suggestion

@lonix1
Copy link
Contributor

lonix1 commented Jul 7, 2023
edited
Loading

Agreed.

I didn't mean "security by obscurity", because you still need to authenticate to be able to use it anyway. But many apps allow you to run it on a different path, so only company staff knows about it, which avoids bots finding it and hammering your APIs. They discover the API endpoints through swagger.

Personally, I am just going to disable it in production. It's an unnecessary risk once the server is tested and working.

@6543 6543 added this to the 1.1.0 milestone Jul 7, 2023
@6543 6543 mentioned this issue Jul 12, 2023
Merged
6543 pushed a commit that referenced this issue Jul 13, 2023
@pat-s @qwerty287
Link swagger in navbar (#1984)
004d72a 
fix point 1 from #1944 

Co-authored-by: qwerty287 <[email protected]>
@qwerty287 qwerty287 mentioned this issue Aug 2, 2023
Merged
6543 pushed a commit that referenced this issue Aug 3, 2023
@qwerty287
Allow to disable swagger (#2093)
1a7f7a9 
#1944
@qwerty287 qwerty287 mentioned this issue Aug 30, 2023
Merged
@anbraten
Copy link
Member

anbraten commented Oct 8, 2023

added apart from the redirect (which seems to be not really necessary).

@anbraten anbraten closed this as completed Oct 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement improve existing features good first issue Likely to be an easy fix server ui frontend related
Projects
None yet
Milestone
2.0.0
Development

No branches or pull requests
3 participants
@anbraten @6543 @lonix1