Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(open-api): production mode #2570

Merged
merged 10 commits into from
Aug 22, 2024
Merged

feat(open-api): production mode #2570

merged 10 commits into from
Aug 22, 2024

Conversation

pi0
Copy link
Member

@pi0 pi0 commented Jun 28, 2024
edited
Loading

This PR adds support to enable the open API route in the production build output.

Resolves #2418 (experimentally!)

New configs (openAPI: {})

  • production
    • false - (default) does not expose openapi.json to the production
    • runtime - Add runtime event handlers
    • prerender - Prerender swagger JSON and UIs
  • route: Default is /_openapi.json
  • ui.scalar
    • can be false to disable scalar UI (default is on)
    • route: Default is /_scalar
  • ui.swagger
    • can be false to disable swagger UI (default is on)
    • route: Default is /_swagger

Note

New routes removed /_nitro prefix to be simpler.

Security

Production rotues are explicit opt-in to make sure users deliberately want to expose available routes in the production and make necessary protection if needed.

production: 'runtime'

Ideally before moving the OpenAPI feature to stable, we will have guard route rules to allow a hookable method to protect routes.

In the meantime, in this mode a server middleware can be used to protect

production: 'prerender'

Prerender mode is most efficient because the JSON output is literally a constant response but the case is, the deployment presets that natively have a CDN (netlify, cloudflare, vercel, etc) never hit nitro server and in this mode, protection should be considered on CDN level somehow.

@pi0 pi0 self-assigned this Jun 28, 2024
@pi0 pi0 changed the title feat(open-api): optional production json route feat(open-api): production mode Jun 28, 2024
@pi0 pi0 requested a review from atinux June 28, 2024 12:55
@pi0 pi0 marked this pull request as ready for review June 28, 2024 13:01
@atinux atinux mentioned this pull request Jul 10, 2024
Merged
atinux
atinux approved these changes Jul 25, 2024
View reviewed changes
Copy link
Collaborator

@atinux atinux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Beautiful!

@pi0 pi0 merged commit 5d19b2e into v2 Aug 22, 2024
5 checks passed
@pi0 pi0 deleted the feat/openapi-prod branch August 22, 2024 21:56
luc122c pushed a commit to luc122c/unjs-nitro that referenced this pull request Aug 24, 2024
@pi0 @luc122c
feat(open-api): production mode (nitrojs#2570)
39c5d23
@pi0 pi0 mentioned this pull request Oct 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@atinux atinux atinux approved these changes

Assignees

@pi0 pi0

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

openapi in nitro only work in local development do not work when deploy with cloudflare pages
2 participants
@pi0 @atinux