# Securing Swagger Documentation with express-basic-auth in Nodejs - Nestjs | Code đủ thứ

3 min read
typescript nodejs nestjs swagger
Table of Contents

Swagger is a powerful tool for creating and managing API documentation. However, securing Swagger documents is crucial to ensure that sensitive information is not exposed. In this article, we will explore how to use the express-basic-auth library to protect Swagger documentation pages in JavaScript and TypeScript projects. We will focus on two cases: a regular JavaScript/TypeScript project and a NestJS project with @nestjs/swagger.

After implementation, a user/password input form will appear when accessing the document page, and the correct credentials must be entered to view the document:

Basic auth

1. Install the express-basic-auth library

First, we need to install the express-basic-auth library. For regular JavaScript/TypeScript projects, you can run the following command:

Terminal window
npm install express-basic-auth

If you are using TypeScript, add types for express-basic-auth:

Terminal window
npm install --save-dev @types/express-basic-auth

2. Secure Swagger Document Page in JavaScript/TypeScript Projects

JavaScript

app.js
const express = require("express");
const basicAuth = require("express-basic-auth");
const swaggerUi = require("swagger-ui-express");
const swaggerDocument = require("./swagger.json");


const app = express();


// Secure Swagger page with express-basic-auth
const users = { admin: "password123" };
app.use(
  "/api-docs",
  basicAuth({ users, challenge: true }),
  swaggerUi.serve,
  swaggerUi.setup(swaggerDocument)
);


// Other routes and middleware of the application
// ...


const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
  console.log(`Server is running on port ${PORT}`);
});

TypeScript

app.ts
import express from "express";
import basicAuth from "express-basic-auth";
import swaggerUi from "swagger-ui-express";
import swaggerDocument from "./swagger.json";


const app = express();


// Secure Swagger page with express-basic-auth
const users = { admin: "password123" };
app.use(
  "/api-docs",
  basicAuth({ users, challenge: true }),
  swaggerUi.serve,
  swaggerUi.setup(swaggerDocument)
);


// Other routes and middleware of the application
// ...


const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
  console.log(`Server is running on port ${PORT}`);
});

challenge: true You need to pass this parameter to express-basic-auth to display the login prompt.

Usersname is admin
password is password123

3. Secure Swagger Document Page in NestJS Project

For NestJS projects, we can use express-basic-auth in the main.ts file of the application.

main.ts
import { NestFactory } from "@nestjs/core";
import { SwaggerModule, DocumentBuilder } from "@nestjs/swagger";
import * as basicAuth from "express-basic-auth";
import { AppModule } from "./app.module";


async function bootstrap() {
  const app = await NestFactory.create(AppModule);


  // Secure Swagger page with express-basic-auth
  const users = { admin: "password123" };
  app.use("/api-docs", basicAuth({ users, challenge: true }));


  const options = new DocumentBuilder()
    .setTitle("Your API")
    .setDescription("API documentation")
    .setVersion("1.0")
    .build();
  const document = SwaggerModule.createDocument(app, options);
  SwaggerModule.setup("api-docs", app, document);


  const PORT = process.env.PORT || 3000;
  await app.listen(PORT);
}
bootstrap();

Conclusion

That’s how you can secure the Swagger document page in JavaScript and TypeScript projects using the express-basic-auth library. With this article, you can apply a similar approach in your projects to ensure that your API documentation is securely protected.

My avatar

Thanks for reading! If this was helpful:

  • Share the post/blog with a teammate or friend.
  • Subscribe to get new posts by email.
  • Send feedback or questions — I read every note and usually reply quickly.

Happy coding!

More Posts
Comments