[Question] - Swagger in production

[newacc12]

I am building an API where I am going to be the only consumer. When I publish the project to production I don't want the Swagger API, the /account/login or the /account/register link to be accessible.

I thought about adding an if condition to check the environment on the application initialization around the lines

app.UseSwagger();
app.UseSwaggerUI(options =>
{
    options.SwaggerEndpoint("/swagger/v1/swagger.json", "Covid19API API");
});

That might resolve the swagger issue but not the links to /account. I also don't know if that is a good practice.

Does ABP has anything built-in to deal with this situation? If not, what would you recommend?

[maliming]

the /account/login or the /account/register

These endpoints are in the account module, if you don't need the account module you can remove it.

[newacc12]

the /account/login or the /account/register

These endpoints are in the account module, if you don't need the account module you can remove it.

I do want the endpoints (/api/account), I just don't want the html pages (/account/login) that open when you call that url.

[maliming]

I don't understand, can you explain it in detail? Thanks.

[newacc12]

Yeah, so when I run the .Host project and navigate to swagger I see all the available endpoints including: /api/account/login. Also, if I open my browser and navigate to /account/login (no /api here) I see a login page. This behaviour is fine for development.

When I publish the project to production, I don't want swagger to be available (so anyone can see all the endpoints). I also would like the page /account/login not to be accessible. However, I don't want the endpoint /api/account/login to be removed.

Let me know if you need more details.

[maliming]

Because the host project is referencing AbpAccountWebIdentityServerModule.
The angular project is also using endpoints in the account module.

You can override pages, redirects, or whatever in the account module.
https://docs.abp.io/en/abp/latest/UI/AspNetCore/Customization-User-Interface

Of course, you can also remove the account module and try to implement some functions in your own code, but this will be very complicated.

[newacc12]

If I understand you correctly, my best bet is to leave the account module in the project (so I can have the /api endpoints) but try to override the controller method for /account/login (the page) to return a 404 if it is in production environment right?

[maliming]

You can choose according to your actual situation.