fastify-swagger
Advanced tools
Serve Swagger/OpenAPI documentation for Fastify, supporting dynamic generation
Serve Swagger / OpenAPI for Fastify. It can either use the schemas you declare in your routes to dynamically generate an OpenAPI/Swagger-compliant doc, or serve a static OpenAPI specification document.
Supports Fastify versions >=3.0.0. For fastify@2, please refer to branch@2.x and for fastify@1.9, please refer to branch@1.x.
npm i fastify-swagger --save
Add it to your project with register and pass it some basic options, then call the swagger api and you are done!
const fastify = require('fastify')()
fastify.register(require('fastify-swagger'), {
routePrefix: '/documentation',
swagger: {
info: {
title: 'Test swagger',
description: 'testing the fastify swagger api',
version: '0.1.0'
},
externalDocs: {
url: 'https://swagger.io',
description: 'Find more info here'
},
host: 'localhost',
schemes: ['http'],
consumes: ['application/json'],
produces: ['application/json'],
tags: [
{ name: 'user', description: 'User related end-points' },
{ name: 'code', description: 'Code related end-points' }
],
definitions: {
User: {
type: 'object',
required: ['id', 'email'],
properties: {
id: { type: 'string', format: 'uuid' },
firstName: { type: 'string' },
lastName: { type: 'string' },
email: {type: 'string', format: 'email' }
}
}
},
securityDefinitions: {
apiKey: {
type: 'apiKey',
name: 'apiKey',
in: 'header'
}
}
},
uiConfig: {
docExpansion: 'full',
deepLinking: false
},
staticCSP: true,
transformStaticCSP: (header) => header
exposeRoute: true
})
fastify.put('/some-route/:id', {
schema: {
description: 'post some data',
tags: ['user', 'code'],
summary: 'qwerty',
params: {
type: 'object',
properties: {
id: {
type: 'string',
description: 'user id'
}
}
},
body: {
type: 'object',
properties: {
hello: { type: 'string' },
obj: {
type: 'object',
properties: {
some: { type: 'string' }
}
}
}
},
response: {
201: {
description: 'Successful response',
type: 'object',
properties: {
hello: { type: 'string' }
}
}
},
security: [
{
"apiKey": []
}
]
}
}, (req, reply) => {})
fastify.ready(err => {
if (err) throw err
fastify.swagger()
})
fastify-swagger supports two registration modes dynamic and static:
dynamic mode is the default one, if you use the plugin this way - swagger specification would be gathered from your routes definitions.
{
// swagger 2.0 options
swagger: {
info: {
title: String,
description: String,
version: String
},
externalDocs: Object,
host: String,
schemes: [ String ],
consumes: [ String ],
produces: [ String ],
tags: [ Object ],
securityDefinitions: Object
},
// openapi 3.0.3 options
// openapi: {
// info: {
// title: String,
// description: String,
// version: String,
// },
// externalDocs: Object,
// servers: [ Object ],
// components: Object,
// security: [ Object ],
// tags: [ Object ]
// }
}
All the above parameters are optional. You can use all the properties of the swagger specification and openapi specification, if you find anything missing, please open an issue or a pr!
fastify-swagger will generate Swagger v2 by default. If you pass the openapi option it will generate OpenAPI instead.
Example of the fastify-swagger usage in the dynamic mode, swagger option is available here and openapi option is available here.
| option | default | description |
|---|---|---|
| exposeRoute | false | Exposes documentation route. |
| hiddenTag | X-HIDDEN | Tag to control hiding of routes. |
| hideUntagged | false | If true remove routes without tags in schema from resulting swagger file |
| stripBasePath | true | Strips base path from routes in docs. |
| swagger | {} | Swagger configuration. |
| openapi | {} | OpenAPI configuration. |
| transform | null | Transform method for schema. |
| uiConfig* | {} | Configuration options for Swagger UI |
| initOAuth | {} | Configuration options for Swagger UI initOAuth |
| staticCSP | false | Enable CSP header for static resources. |
| transformStaticCSP | undefined | Synchronous function to transform CSP header for static resources if the header has been previously set. |
uiConfigaccepts only literal (number/string/object) configuration values since they are serialized in order to pass them to the generated UI. For more details see: #5710.
If you do not supply a description for your response, a default description will be provided for you, because this is a required field per the Swagger schema.
So this:
fastify.get('/defaultDescription', {
schema: {
response: {
200: {
type: 'string'
}
}
}
}, () => {})
Generates this in the Swagger (OAS2) schema's paths:
{
"/defaultDescription": {
"get": {
"responses": {
"200": {
"description": "Default Response",
"schema": {
"type": "string"
}
}
}
}
}
}
And this in the OAS 3 schema's paths:
{
"/defaultDescription": {
"get": {
"responses": {
"200": {
"description": "Default Response",
"schema": {
"type": "string"
}
}
}
}
}
}
If you do supply just a description, it will be used both for the response as a whole and for the response body schema.
So this:
fastify.get('/description', {
schema: {
response: {
200: {
description: 'response and schema description',
type: 'string'
}
}
}
}, () => {})
Generates this in the Swagger (OAS2) schema's paths:
{
"/description": {
"get": {
"responses": {
"200": {
"description": "response and schema description",
"schema": {
"description": "response and schema description",
"type": "string"
}
}
}
}
}
}
And this in the OAS 3 schema's paths:
{
"/description": {
"get": {
"responses": {
"200": {
"description": "response and schema description",
"content": {
"application/json": {
"schema": {
"description": "response and schema description",
"type": "string"
}
}
}
}
}
}
}
}
If you want to provide a different description for the response as a whole, instead use the x-response-description field alongside description:
fastify.get('/responseDescription', {
schema: {
response: {
200: {
'x-response-description': 'response description',
description: 'schema description',
type: 'string'
}
}
}
}, () => {})
Which generates this in the Swagger (OAS2) schema's paths:
{
"/responseDescription": {
"get": {
"responses": {
"200": {
"description": "response description",
"schema": {
"description": "schema description",
"type": "string"
}
}
}
}
}
}
And this in the OAS 3 schema's paths:
{
"/responseDescription": {
"get": {
"responses": {
"200": {
"description": "response description",
"content": {
"application/json": {
"schema": {
"description": "schema description",
"type": "string"
}
}
}
}
}
}
}
}
fastify itself support the 2xx, 3xx status, however swagger itself do not support this feature. We will help you to transform the 2xx status code into 200 and we will omit 2xx status code when you already declared 200 status code.
Note: openapi will not be affected as it support the 2xx syntax.
Example:
{
response: {
'2xx': {
description: '2xx'
type: 'object'
}
}
}
// it will becomes below
{
response: {
200: {
schema: {
description: '2xx'
type: 'object'
}
}
}
}
You can decorate your own response headers by follow the below example.
{
response: {
200: {
type: 'object',
headers: {
'X-Foo': {
type: 'string'
}
}
}
}
}
Note: You need to specify type property when you decorate the response headers, otherwise the schema will be modified by fastify.
We support status code 204 and return empty body. Please specify type: 'null' for the response otherwise fastify itself will fail to compile the schema.
{
response: {
204: {
type: 'null',
description: 'No Content'
}
}
}
static mode should be configured explicitly. In this mode fastify-swagger serves given specification, you should craft it yourself.
{
mode: 'static',
specification: {
path: './examples/example-static-specification.yaml',
postProcessor: function(swaggerObject) {
return swaggerObject
},
baseDir: '/path/to/external/spec/files/location',
},
}
Example of the fastify-swagger usage in the static mode is available here.
specification.postProcessor parameter is optional. It allows you to change your swagger object on the fly (for example - based on the environment). It accepts swaggerObject - a JavaScript object which was parsed from your yaml or json file and should return a swagger object.
specification.baseDir allows specifying the directory where all spec files that are included in the main one using $ref will be located.
By default, this is the directory where the main spec file is located. Provided value should be an absolute path without trailing slash.
If you pass { exposeRoute: true } during the registration the plugin will expose the documentation with the following apis:
| url | description |
|---|---|
'/documentation/json' | the JSON object representing the API |
'/documentation/yaml' | the YAML object representing the API |
'/documentation/' | the swagger UI |
'/documentation/*' | external files which you may use in $ref |
If you would like to overwrite the /documentation url you can use the routePrefix option.
fastify.register(require('fastify-swagger'), {
swagger: {
info: {
title: 'Test swagger',
description: 'testing the fastify swagger api',
version: '0.1.0'
},
...
},
hiddenTag: 'X-HIDDEN',
exposeRoute: true,
routePrefix: '/documentations'
}
If you would like to use different schemas like, let's say Joi, you can pass a synchronous transform method in the options to convert them back to standard JSON schemas expected by this plugin to generate the documentation (dynamic mode only).
const convert = require('joi-to-json')
fastify.register(require('fastify-swagger'), {
swagger: { ... },
...
transform: schema => {
const {
params = undefined,
body = undefined,
querystring = undefined,
...others
} = schema
const transformed = { ...others }
if (params) transformed.params = convert(params)
if (body) transformed.body = convert(body)
if (querystring) transformed.querystring = convert(querystring)
return transformed
}
}
Calling fastify.swagger will return to you a JSON object representing your api, if you pass { yaml: true } to fastify.swagger, it will return you a yaml string.
Note: OA's terminology differs from Fastify's. OA uses the term "parameter" to refer to those parts of a request that in Fastify's validation documentation are called "querystring", "params", "headers".
OA provides some options beyond those provided by the JSON schema specification for specifying the shape of parameters. A prime example of this the option for specifying how to encode those parameters that should be handled as arrays of values. There is no single universally accepted method for encoding such parameters appearing as part of query strings. OA2 provides a collectionFormat option that allows specifying how an array parameter should be encoded. (We're giving an example in the OA2 specification, as this is the default specification version used by this plugin. The same principles apply to OA3.) Specifying this option is easy. You just need to add it to the other options for the field you are defining. Like in this example:
fastify.route({
method: 'GET',
url: '/',
schema: {
querystring: {
type: 'object',
required: ['fields'],
additionalProperties: false,
properties: {
fields: {
type: 'array',
items: {
type: 'string'
},
minItems: 1,
//
// Note that this is an Open API version 2 configuration option. The
// options changed in version 3.
//
// Put `collectionFormat` on the same property which you are defining
// as an array of values. (i.e. `collectionFormat` should be a sibling
// of the `type: "array"` specification.)
collectionFormat: 'multi'
}
}
}
},
handler (request, reply) {
reply.send(request.query.fields)
}
})
There is a complete runnable example here.
IMPORTANT CAVEAT These encoding options you can set in your schema have no bearing on how, for instance, a query string parser parses the query string. They change how Swagger UI presents its documentation, and how it generates curl commands when you click the Try it out button. Depending on which options you set in your schema, you may also need to change the default query string parser used by Fastify so that it produces a JavaScript object that will conform to the schema. As far as arrays are concerned, the default query string parser conforms to the collectionFormat: "multi" specification. If you were to select collectionFormat: "csv", you would have to replace the default query string parser with one that parses CSV parameter values into arrays. The same caveat applies to the other parts of a request that OA calls "parameters" (e.g. headers, path parameters) and which are not encoded as JSON in a request.
Note: not supported for OA2 and lower version of specification. Read more in OA3 documentation.
http://localhost/?filter={"foo":"baz","bar":"qux"}
IMPORTANT CAVEAT You also need to change the default query string parser used by Fastify so that it produces a JavaScript object that will conform to the schema. See example.
fastify.route({
method: 'GET',
url: '/',
schema: {
querystring: {
type: 'object',
required: ['filter'],
additionalProperties: false,
properties: {
filter: {
type: 'object',
required: ['foo'],
properties: {
foo: { type: 'string' },
bar: { type: 'string' }
},
'x-consume': 'application/json'
}
}
}
},
handler (request, reply) {
reply.send(request.query.filter)
}
})
And this in the OAS 3 schema's paths:
{
"/": {
"get": {
"parameters": [
{
"in": "query",
"name": "filter",
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"foo"
],
"properties": {
"foo": {
"type": "string"
},
"bar": {
"type": "string"
}
}
}
}
}
}
]
}
}
}
Sometimes you may need to hide a certain route from the documentation, there is 2 alternatives:
{ hide: true } to the schema object inside the route declaration.hiddenTag options property inside the route declaration. Default is X-HIDDEN.You can integration this plugin with fastify-helmet with some little work.
fastify-helmet options example:
.register(helmet, instance => {
return {
contentSecurityPolicy: {
directives: {
...helmet.contentSecurityPolicy.getDefaultDirectives(),
"form-action": ["'self'"],
"img-src": ["'self'", "data:", "validator.swagger.io"],
"script-src": ["'self'"].concat(instance.swaggerCSP.script),
"style-src": ["'self'", "https:"].concat(
instance.swaggerCSP.style
),
}
}
}
})
Global security definitions and route level security provide documentation only. It does not implement authentication nor route security for you. Once your authentication is implemented, along with your defined security, users will be able to successfully authenticate and interact with your API using the user interfaces of the documentation.
In order to start development run:
npm i
npm run prepare
So that swagger-ui static folder will be generated for you.
fastify-static serve the swagger-ui static files, then it calls /docs/json to get the swagger file and render it.
Sometimes you already have a Swagger definition and you need to build Fastify routes from that. In that case checkout fastify-swaggergen which helps you in doing just that.
This project is kindly sponsored by:
Licensed under MIT.
FAQs
`fastify-swagger@5.2.0` has been deprecated. Please use `@fastify/swagger@6.0.0` instead.
The npm package fastify-swagger receives a total of 47,162 weekly downloads. As such, fastify-swagger popularity was classified as popular.
We found that fastify-swagger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.