admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

docs(api): complete OpenAPI/Swagger documentation for all endpoints

Browse Source 
- Add Swagger decorators (@ApiTags, @ApiOperation, @ApiResponse, @ApiParam,
  @ApiBearerAuth) to MCP transport controller — the only controller missing them
- Add reviews and mcp tags to DocumentBuilder config
- Enable JSON spec export at /api/v1/docs-json
- Update Helmet CSP to allow Swagger UI assets from cdn.jsdelivr.net

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Ho Ngoc Hai
2026-04-09 09:08:26 +07:00
parent 7f694e2e60
commit b23be886b1
2 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/api/src/main.ts
View File

@@ -43,10 +43,13 @@ async function bootstrap() {
.addTag('admin', 'Admin panel operations')
.addTag('notifications', 'Notification history & preferences')
.addTag('analytics', 'Market reports & price analytics')
.addTag('reviews', 'Property reviews & ratings')
.addTag('mcp', 'Model Context Protocol server transport')
.build();
const document = SwaggerModule.createDocument(app, swaggerConfig);
SwaggerModule.setup('api/v1/docs', app, document, {
swaggerOptions: { persistAuthorization: true },
jsonDocumentUrl: 'api/v1/docs-json',
});
// ── Security Headers (Helmet) ──
@@ -55,8 +58,8 @@ async function bootstrap() {
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"],
scriptSrc: ["'self'", "'unsafe-inline'", 'https://cdn.jsdelivr.net'],
styleSrc: ["'self'", "'unsafe-inline'", 'https://cdn.jsdelivr.net'],
imgSrc: ["'self'", 'data:', 'https:', 'blob:'],
connectSrc: ["'self'"],
fontSrc: ["'self'", 'data:'],