10

I'm using NestJS 7.6.11. I have the following decorators on my controller ...

@Controller('private')
@ApiTags('MyObjects')
@ApiConsumes('application/json')
@ApiProduces('application/json')
@UseInterceptors(new JwtInterceptor())
export class MyController {

Is there any decorator I can add that would result in Swagger (OpenAPI 3) documentation being generated such that it indicates that all methods in my controller need to have an "authorization" header?

Edit: In response the answer given I added the @ApiHeader so my controller and method look like

@

Controller('myendpoint')
@ApiTags('MyObject')
@ApiConsumes('application/json')
@ApiProduces('application/json')
@ApiHeader({
  name: 'authorization',
  description: 'Auth token',
})
@UseInterceptors(new JwtInterceptor())
export class MyObjectController {

...
 @Get('/:id')
  @ApiOkResponse({
    description: 'OK',
    type: Content,
  })
  @ApiBadRequestResponse()
  @ApiInternalServerErrorResponse()
  @ApiOperation({
    summary: 'Get object by id',
    description: 'Get object by id',
    operationId: 'findObjectById',
  }) 
  findObjectById(@Req() req, @Param('id') id: string): Promise<MyObject> {

but when the swagger docs are generated, although I'm able to enter an "authorization" header value,

enter image description here

it doesn't get included with my curl when I click "Execute", which is generated as

curl -X GET "http://localhost:8060/myendpoint/abcdef" -H  "accept: application/json"
Dave
  • 15,639
  • 133
  • 442
  • 830
  • Seems like a duplicate of this: [Updated following breaking/API changes in @nestjs/swagger version 4.0.](https://stackoverflow.com/a/66655649/10313866) – Lior Kupers Dec 13 '22 at 11:32

2 Answers2

1

Add this to your endpoint header:

@ApiBearerAuth('Authorization')

Sohail Shrestha
  • 477
  • 5
  • 6
0

@ApiHeader(), @ApiBasicAuth(), @ApiBearerAuth(), @ApiOAuth2(), @ApiSecurity(), all of which are found on this page. Your specific case may vary, but one of these should do the trick.

Jay McDoniel
  • 57,339
  • 7
  • 135
  • 147
  • I tried ApiHeader since I want this applied to all methods in my controller, but Swagger isn't adding that header in when sending requests from the Swagger UI. I think it might be related to this -- https://github.com/nestjs/swagger/issues/486 . Is there another way in? – Dave Jun 13 '21 at 17:26
  • Looks like that issue was fixed in `@nestjs/swagger@4.1.1`. – Jay McDoniel Jun 13 '21 at 18:08
  • Hmm, I'm using version 4.7.12. Should I revert to an older version? – Dave Jun 13 '21 at 19:01
  • No it should still be fine to use `@ApiHeader()` on a controller. – Jay McDoniel Jun 13 '21 at 19:09
  • I do see a space for me to enter the 'authorization' header value (included screen shot), the issue seems to be when I click "Execute" the header isn't added into the curl request so the call from the Swagger API fails. – Dave Jun 13 '21 at 19:19
  • Sounds like an issue with the `swagger-ui-express` package, not with the Nest library – Jay McDoniel Jun 13 '21 at 20:08
  • 3
    In OpenAPI 3 the `Authorization` header must be defined as a **security scheme** so `@ApiHeader()` won't work - Swagger UI will [ignore](https://github.com/swagger-api/swagger-ui/issues/5643#issuecomment-538412105) header parameters named `Authorization` (as per the spec). If your auth token has the "Bearer" prefix, use `ApiBearerAuth()`. Otherwise try using `@ApiSecurity` + `DocumentBuilder().addApiKey(...)` as in the example here: https://github.com/nestjs/swagger/issues/484 – Helen Jun 15 '21 at 20:21