Is it possible to add Authentication to access to NestJS' Swagger Explorer

Question

I'm currently using Swagger in my NestJS project, and I have the explorer enabled:

in main.js

const options = new DocumentBuilder()     .setTitle('My App')     .setSchemes('https')     .setDescription('My App API documentation')     .setVersion('1.0')     .build()  const document = SwaggerModule.createDocument(app, options) SwaggerModule.setup('docs', app, document, {     customSiteTitle: 'My App documentation', }) 

With this, the explorer is accessible in /docs which is what I expected. But I was wondering if it's possible to add any Authentication layer to the explorer, so only certain requests are accepted.

I want to make this explorer accessible in production, but only for authenticated users.

Thanks in advance :)

Answer 1

Securing access to your Swagger with HTTP Basic Auth using NestJS with Express

First run npm i express-basic-auth then add the following to your main.{ts,js}:

// add import import * as basicAuth from 'express-basic-auth';  // ...  // Sometime after NestFactory add this to add HTTP Basic Auth app.use(     ['/docs', '/docs-json'],     basicAuth({         challenge: true,         users: {             yourUserName: 'p4ssw0rd',         },     }), );   // Your code const options = new DocumentBuilder()     .setTitle('My App')     .setSchemes('https')     .setDescription('My App API documentation')     .setVersion('1.0')     .build()  const document = SwaggerModule.createDocument(app, options) SwaggerModule.setup('docs', app, document, {     customSiteTitle: 'My App documentation', })  // ... 

With this in place you will be prompted on any of the /docs route with a HTTP Basic Auth prompt. We have to name /docs-json explicitly too, to protect the generated JSON OpenAPI file.

You should not put the credentials in your code/repository but rather in your .env and access via the ConfigService.

I have seen this solution first here.