From 6e674b511ab00952950e87eb28c9f591d1d12b01 Mon Sep 17 00:00:00 2001
From: Bowen Liang <liangbowen@gf.com.cn>
Date: Tue, 26 Aug 2025 15:48:04 +0800
Subject: [PATCH] api: support to config disabling Swagger UI in api service
 (#24440)

---
 api/.env.example                |  4 ++++
 api/configs/feature/__init__.py | 15 ++++++++++++++-
 api/extensions/ext_login.py     |  2 +-
 api/libs/external_api.py        | 12 +++++++++---
 docker/.env.example             |  4 ++++
 docker/docker-compose.yaml      |  2 ++
 6 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/api/.env.example b/api/.env.example
index 3052dbfe2b..e947c5584b 100644
--- a/api/.env.example
+++ b/api/.env.example
@@ -564,3 +564,7 @@ QUEUE_MONITOR_THRESHOLD=200
 QUEUE_MONITOR_ALERT_EMAILS=
 # Monitor interval in minutes, default is 30 minutes
 QUEUE_MONITOR_INTERVAL=30
+
+# Swagger UI configuration
+SWAGGER_UI_ENABLED=true
+SWAGGER_UI_PATH=/swagger-ui.html
diff --git a/api/configs/feature/__init__.py b/api/configs/feature/__init__.py
index 2bccc4b7a0..7638cd1899 100644
--- a/api/configs/feature/__init__.py
+++ b/api/configs/feature/__init__.py
@@ -1,4 +1,4 @@
-from typing import Annotated, Literal, Optional
+from typing import Literal, Optional
 
 from pydantic import (
     AliasChoices,
@@ -976,6 +976,18 @@ class WorkflowLogConfig(BaseSettings):
     )
 
 
+class SwaggerUIConfig(BaseSettings):
+    SWAGGER_UI_ENABLED: bool = Field(
+        description="Whether to enable Swagger UI in api module",
+        default=True,
+    )
+
+    SWAGGER_UI_PATH: str = Field(
+        description="Swagger UI page path in api module",
+        default="/swagger-ui.html",
+    )
+
+
 class FeatureConfig(
     # place the configs in alphabet order
     AppExecutionConfig,
@@ -1007,6 +1019,7 @@ class FeatureConfig(
     WorkspaceConfig,
     LoginConfig,
     AccountConfig,
+    SwaggerUIConfig,
     # hosted services config
     HostedServiceConfig,
     CeleryBeatConfig,
diff --git a/api/extensions/ext_login.py b/api/extensions/ext_login.py
index 9e5c71fb1d..cd01a31068 100644
--- a/api/extensions/ext_login.py
+++ b/api/extensions/ext_login.py
@@ -21,7 +21,7 @@ login_manager = flask_login.LoginManager()
 def load_user_from_request(request_from_flask_login):
     """Load user based on the request."""
     # Skip authentication for documentation endpoints
-    if request.path.endswith("/docs") or request.path.endswith("/swagger.json"):
+    if dify_config.SWAGGER_UI_ENABLED and request.path.endswith((dify_config.SWAGGER_UI_PATH, "/swagger.json")):
         return None
 
     auth_header = request.headers.get("Authorization", "")
diff --git a/api/libs/external_api.py b/api/libs/external_api.py
index d5e3c76d20..a630a97fd6 100644
--- a/api/libs/external_api.py
+++ b/api/libs/external_api.py
@@ -3,11 +3,12 @@ import sys
 from collections.abc import Mapping
 from typing import Any
 
-from flask import current_app, got_request_exception
+from flask import Blueprint, Flask, current_app, got_request_exception
 from flask_restx import Api
 from werkzeug.exceptions import HTTPException
 from werkzeug.http import HTTP_STATUS_CODES
 
+from configs import dify_config
 from core.errors.error import AppInvokeQuotaExceededError
 
 
@@ -115,8 +116,13 @@ class ExternalApi(Api):
         }
     }
 
-    def __init__(self, *args, **kwargs):
+    def __init__(self, app: Blueprint | Flask, *args, **kwargs):
         kwargs.setdefault("authorizations", self._authorizations)
         kwargs.setdefault("security", "Bearer")
-        super().__init__(*args, **kwargs)
+        kwargs["add_specs"] = dify_config.SWAGGER_UI_ENABLED
+        kwargs["doc"] = dify_config.SWAGGER_UI_PATH if dify_config.SWAGGER_UI_ENABLED else False
+
+        # manual separate call on construction and init_app to ensure configs in kwargs effective
+        super().__init__(app=None, *args, **kwargs)  # type: ignore
+        self.init_app(app, **kwargs)
         register_external_error_handlers(self)
diff --git a/docker/.env.example b/docker/.env.example
index 711898016e..c6ed2acb35 100644
--- a/docker/.env.example
+++ b/docker/.env.example
@@ -1250,6 +1250,10 @@ QUEUE_MONITOR_ALERT_EMAILS=
 # Monitor interval in minutes, default is 30 minutes
 QUEUE_MONITOR_INTERVAL=30
 
+# Swagger UI configuration
+SWAGGER_UI_ENABLED=true
+SWAGGER_UI_PATH=/swagger-ui.html
+
 # Celery schedule tasks configuration
 ENABLE_CLEAN_EMBEDDING_CACHE_TASK=false
 ENABLE_CLEAN_UNUSED_DATASETS_TASK=false
diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
index d3b75d93af..0b9de5fc43 100644
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@@ -566,6 +566,8 @@ x-shared-env: &shared-api-worker-env
   QUEUE_MONITOR_THRESHOLD: ${QUEUE_MONITOR_THRESHOLD:-200}
   QUEUE_MONITOR_ALERT_EMAILS: ${QUEUE_MONITOR_ALERT_EMAILS:-}
   QUEUE_MONITOR_INTERVAL: ${QUEUE_MONITOR_INTERVAL:-30}
+  SWAGGER_UI_ENABLED: ${SWAGGER_UI_ENABLED:-true}
+  SWAGGER_UI_PATH: ${SWAGGER_UI_PATH:-/swagger-ui.html}
   ENABLE_CLEAN_EMBEDDING_CACHE_TASK: ${ENABLE_CLEAN_EMBEDDING_CACHE_TASK:-false}
   ENABLE_CLEAN_UNUSED_DATASETS_TASK: ${ENABLE_CLEAN_UNUSED_DATASETS_TASK:-false}
   ENABLE_CREATE_TIDB_SERVERLESS_TASK: ${ENABLE_CREATE_TIDB_SERVERLESS_TASK:-false}