[feature] Can I disable swagger module based on configuration

[gr8tushar]

Hi,
When deploying on production, I would want to disable the swagger module all together. Can I disable it based on some configuration?

Thanks,
Tushar

[allburov]

Hi! Right now you can hide it under password
https://waha.devlike.pro/docs/how-to/security/

I like the idea, we'll work in that way too!

[webair-studio]

@allburov здравствуйте, извините, что на русском, но судя по никнейму вы знаете русский )
Я установил WAHA Core, но беспокоюсь, что любой человек может отправить запрос на мой API. Ботнеты сканирующие порты серверов могут найти порт 3000 и разослать всем спам сообщение.
Мои познания в IPTABLES небольшие, я попробовал
DROP tcp -- anywhere anywhere tcp dpt:3000
Но порт всё равно открыт для всех...

Собираюсь купить Plus, как только он мне принесет финансовую пользу.

[allburov]

@webair-studio hi!
WAHA Plus provides all security options available - API key and password for swagger https://waha.devlike.pro/docs/how-to/security/
Even if you could hide the swagger - it wouldn't help your with possible security problems, API hosts on the same port, http://localhost:3000/api
With WAHA Core I can suggest you to run the WAHA container inside local network and don't expose the port or figure out how to protect it with a network firewall.

[allburov]

Hi!
In 2023.12.1 release you'll be able to completely disable (hide) swagger documentation from the project (available in WAHA Plus only)
https://waha.devlike.pro/docs/how-to/security/#disable-swagger

---

Disable Swagger

You also can hide swagger completely by setting WHATSAPP_SWAGGER_ENABLED=false environment variable.

👉 Disabling Swagger does not protect the API, please use API security as well