feat(rest): add config option to disable API Explorer redirects

bajtos · bajtos · commit b4d9bc519535 · 2018-11-13T08:28:05.000+01:00
diff --git a/docs/site/Server.md b/docs/site/Server.md
@@ -124,6 +124,21 @@ const app = new RestApplication({
 });
 ```
 
+#### Disable redirect to API Explorer
+
+To disable redirect to the externally hosted API Explorer, set the config option
+`rest.apiExplorer.disabled` to `true`.
+
+````ts
+const app = new RestApplication({
+  rest: {
+    apiExplorer: {
+      disabled: true,
+    },
+  },
+});
+```
+
 ### Enable HTTPS
 
 Enabling HTTPS for the LoopBack REST server is just a matter of specifying the
@@ -153,7 +168,7 @@ export async function main() {
   const url = app.restServer.url;
   console.log(`Server is running at ${url}`);
 }
-```
+````
 
 ### Customize CORS
 
diff --git a/packages/rest/src/rest.server.ts b/packages/rest/src/rest.server.ts
@@ -165,16 +165,8 @@ export class RestServer extends Context implements Server, HttpServerLike {
     config.openApiSpec = config.openApiSpec || {};
     config.openApiSpec.endpointMapping =
       config.openApiSpec.endpointMapping || OPENAPI_SPEC_MAPPING;
-    config.apiExplorer = config.apiExplorer || {};
 
-    const url = config.apiExplorer.url || 'https://explorer.loopback.io';
-
-    config.apiExplorer.httpUrl =
-      config.apiExplorer.httpUrl ||
-      config.apiExplorer.url ||
-      'http://explorer.loopback.io';
-
-    config.apiExplorer.url = url;
+    config.apiExplorer = normalizeApiExplorerConfig(config.apiExplorer);
 
     this.config = config;
     this.bind(RestBindings.PORT).to(config.port);
@@ -251,7 +243,16 @@ export class RestServer extends Context implements Server, HttpServerLike {
         this._serveOpenApiSpec(req, res, mapping[p]),
       );
     }
-    this._expressApp.get(['/swagger-ui', '/explorer'], (req, res) =>
+
+    const explorerConfig = this.config.apiExplorer || {};
+    if (explorerConfig.disabled) {
+      debug('Redirect to swagger-ui was disabled by configuration.');
+      return;
+    }
+
+    const explorerPaths = ['/swagger-ui', '/explorer'];
+    debug('Setting up redirect to swagger-ui. URL paths: %j', explorerPaths);
+    this._expressApp.get(explorerPaths, (req, res) =>
       this._redirectToSwaggerUI(req, res),
     );
   }
@@ -444,11 +445,9 @@ export class RestServer extends Context implements Server, HttpServerLike {
   }
 
   private async _redirectToSwaggerUI(request: Request, response: Response) {
+    const config = this.config.apiExplorer!;
     const protocol = this._getProtocolForRequest(request);
-    const baseUrl =
-      protocol === 'http'
-        ? this.config.apiExplorer!.httpUrl
-        : this.config.apiExplorer!.url;
+    const baseUrl = protocol === 'http' ? config.httpUrl : config.url;
     const openApiUrl = `${this._getUrlForClient(request)}/openapi.json`;
     const fullUrl = `${baseUrl}?url=${openApiUrl}`;
     response.redirect(308, fullUrl);
@@ -822,13 +821,20 @@ export interface ApiExplorerOptions {
    * default to https://loopback.io/api-explorer
    */
   url?: string;
+
   /**
    * URL for the API explorer served over `http` protocol to deal with mixed
    * content security imposed by browsers as the spec is exposed over `http` by
    * default.
    * See https://github.com/strongloop/loopback-next/issues/1603
    */
   httpUrl?: string;
+
+  /**
+   * Set this flag to disable the built-in redirect to externally
+   * hosted API Explorer UI.
+   */
+  disabled?: true;
 }
 
 /**
@@ -848,3 +854,17 @@ export interface RestServerOptions {
  * @interface RestServerConfig
  */
 export type RestServerConfig = RestServerOptions & HttpServerOptions;
+
+function normalizeApiExplorerConfig(
+  input: ApiExplorerOptions | undefined,
+): ApiExplorerOptions {
+  const config = input || {};
+  const url = config.url || 'https://explorer.loopback.io';
+
+  config.httpUrl =
+    config.httpUrl || config.url || 'http://explorer.loopback.io';
+
+  config.url = url;
+
+  return config;
+}
diff --git a/packages/rest/test/integration/rest.server.integration.ts b/packages/rest/test/integration/rest.server.integration.ts
@@ -437,6 +437,18 @@ paths:
     expect(response.get('Access-Control-Allow-Credentials')).to.equal('true');
   });
 
+  it('can be configured to disable "GET /explorer"', async () => {
+    const server = await givenAServer({
+      rest: {
+        ...givenHttpServerConfig(),
+        apiExplorer: {disabled: true},
+      },
+    });
+
+    const request = createClientForHandler(server.requestHandler);
+    await request.get('/explorer').expect(404);
+  });
+
   it('honors "x-forwarded-*" headers', async () => {
     const app = new Application();
     app.component(RestComponent);
