Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
strapi-plugin-documentation
Advanced tools
This plugin automates your API documentation creation. It basically generates a swagger file. It follows the Open API specification version 3.0.1. The documentation plugin is not release on npm yet, Here's how to install it.
The plugin comes with a settings.json
file located in ./my-project/plugins/documentation/config
folder where you can specify all your environment variables, licenses, external documentation and so one...
You can add all the entries listed in the specification.
NOTE if you need to add a custom key you can do it by prefixing your key by x-{something}
In order to create a new version you need to change the info.version
key in the settings.json
file.
This will automatically create a new version.
When you start your server with this plugin installed it will automatically create the following files in your APIs (we will see how it works for the plugins).
The combined documentation is merged into the full_documentation.json
file and it's located in ./plugins/documentation/{version}/full_documentation.json
It has the following structure
{
"openapi": "3.0.0" // do not change this version
"info": {
"version": "1.0.0" // change this line to create a new version
...
}
"x-strapi-config": {
"path": "/documentation", // Change this line to change to url of the doc
"showGeneratedFiles": true // Do not change this line at the moment...
},
"servers" {} // Your servers config (it will be automated),
"externalDocs": {},
"paths": {} // All your Api routes,
"tags": [] // Group of route
"components": {} // Default generated components and custom ones
}
Currently the plugin writes a json file for each API.
In order to customize the responses or to add information to a path you need to create a file in the associated overrides/<file-name>.json
(the name of the file matters so make sure they are similar). Then you just need to identify the path you want to modify.
You can modify the default generated tags by adding a new one at the end of the file. Same for the components.
NOTE 1
Overriding the full_documentation.json
is a bad idea since it will be regenerated each time you change a model.
NOTE 2
You can easily modify the description, summary, parameters of a path however, for a response like the 200
you will need to write the full object. Take a look at the ./plugins/users-permissions/documentation/overrides/1.0.0/users-permissions-User.json
for a complete example.
In other to reference a plugin's route into the documentation you need to add a description
key in the config
object.
For example this is the plugin email routes.json file
{
"routes": [
{
"method": "POST",
"path": "/",
"handler": "Email.send",
"config": {
"policies": [],
"description": "Send an email",
"tag": {
"plugin": "email",
"name": "Email"
}
}
},
{
"method": "GET",
"path": "/environments",
"handler": "Email.getEnvironments",
"config": {
"policies": []
}
},
{
"method": "GET",
"path": "/settings/:environment",
"handler": "Email.getSettings",
"config": {
"policies": []
}
},
{
"method": "PUT",
"path": "/settings/:environment",
"handler": "Email.updateSettings",
"config": {
"policies": []
}
}
]
}
In this file we have only one route that we want to reference in our documentation (/
). Usually, the tag object is used for the SWAGGER UI, it will group this route under the Email - Email
dropdown in the documentation. Furthermore, the algorithm will try to find the model to generate the best response possible. If the model is unknown it generates a response like the following { foo: "string" }
that you can easily override later.
There's another property to guide the algorithm to create the best response possible, the actionType
key.
When we can't know by the controller name the type of the returned response (like find
and findOne
) you can specify it with this key. There's an example in ./plugins/users-permissions/config/routes.json
.
You can use the tag
key in your route. If you provide a tag
which is a string like "tag": "Product"
the algorithm will know that the end-point retrieves data from the Product
table. Creating a tag object { "tag": { "name": "User", "plugin": "User-Permissions } }
will result in generating a response with the User
model from the plugin users-permissions.
Each entry of the object is easily customisable take look at the users-permissions ones they are a good example on how to do it.
FAQs
Create an OpenAPI Document and visualize your API with SWAGGER UI.
We found that strapi-plugin-documentation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.