block swagger routes

Author: stefangutica

config/config.custom.cs-e2e.yaml

@@ -0,0 +1,217 @@
+network: 'chain'
+metaChainShardId: 4294967295
+api:
+  public: true
+  publicPort: 3001
+  private: true
+  privatePort: 4001
+  websocket: true
+cron:
+  cacheWarmer: false
+  fastWarm: false
+  queueWorker: false
+  elasticUpdater: false
+flags:
+  useRequestCaching: true
+  useKeepAliveAgent: true
+  useTracing: false
+  useRequestLogging: false
+  useVmQueryTracing: false
+  processNfts: true
+  collectionPropertiesFromGateway: false
+features:
+  websocketSubscription:
+    enabled: true
+    port: 6002
+    maxSubscriptionsPerInstance: 10000
+    maxSubscriptionsPerClient: 10
+    broadcastIntervalMs: 6000
+  stateChanges:
+    enabled: false
+    port: 5675
+    rabbitUrl: 'amqp://guest:guest@157.245.73.214:5672'
+    exchange: 'state_accesses'
+    queueName: 'api_state_accesses_queue-test'
+    deadLetterExchange: 'api_state_accesses_queue_dlx'
+    esdtEnabled: true
+  eventsNotifier: 
+    enabled: false
+    port: 5674
+    url: 'amqp://guest:guest@127.0.0.1:5673'
+    exchange: 'all_events'
+    queue: 'api-process-logs-and-events'
+  guestCaching:
+    enabled: false
+    hitsThreshold: 100
+    ttl: 12
+  transactionPool:
+    enabled: true
+  transactionPoolWarmer:
+    enabled: false
+    cronExpression: '*/5 * * * * *'
+    ttlInSeconds: 60
+  updateCollectionExtraDetails:
+    enabled: false
+  updateAccountExtraDetails:
+    enabled: false
+  marketplace:
+    enabled: false
+    serviceUrl: 'https://devnet-nfts-graph.multiversx.com/graphql'
+  exchange:
+    enabled: false
+    serviceUrl: 'https://devnet-graph.xexchange.com/graphql'
+  dataApi:
+    enabled: false
+    serviceUrl: 'https://devnet-data-api.multiversx.com'
+  assetsFetch:
+    enabled: false
+    assetesUrl: 'https://tools.multiversx.com/assets-cdn'
+  auth:
+    enabled: false
+    maxExpirySeconds: 86400
+    acceptedOrigins:
+      - ''
+    admins:
+      - ''
+    jwtSecret: ''
+  stakingV4:
+    enabled: false
+    cronExpression: '*/5 * * * * *'
+    activationEpoch: 1043
+  stakingV5:
+    enabled: true
+    activationEpoch: 4817
+  chainBarnard:
+    enabled: true
+    activationEpoch: 1820
+    activationTimestamp: 1753376544
+  chainAndromeda:
+    enabled: true
+    activationEpoch: 4
+  nodeEpochsLeft:
+    enabled: false
+  transactionProcessor:
+    enabled: false
+    maxLookBehind: 100
+  transactionCompleted:
+    enabled: false
+    maxLookBehind: 100
+    logLevel: 'Error'
+  transactionBatch:
+    enabled: false
+    maxLookBehind: 100
+  elasticCircuitBreaker:
+    enabled: false
+    durationThresholdMs: 5000
+    failureCountThreshold: 5
+    resetTimeoutMs: 30000
+  elasticMigratedIndices:
+    logs: 'events'
+  statusChecker:
+    enabled: false
+    thresholds:
+      tokens: 500
+      nodes: 3000
+      providers: 10
+      tokenSupplyCount: 20
+      tokenAssets: 20
+      tokenAccounts: 500
+      tokenTransactions: 500
+      nodeValidators: 300
+  nftScamInfo:
+    enabled: false
+  processNfts:
+    enabled: false
+    nftQueueName: 'api-process-nfts'
+    deadLetterQueueName: 'api-process-nfts-dlq'
+  tps:
+    enabled: false
+    maxLookBehindNonces: 100
+  nodesFetch:
+    enabled: true
+    serviceUrl: 'https://devnet-api.multiversx.com'
+  tokensFetch:
+    enabled: true
+    serviceUrl: 'https://devnet-api.multiversx.com'
+  providersFetch:
+    enabled: true
+    serviceUrl: 'https://devnet-api.multiversx.com'
+image:
+  width: 600
+  height: 600
+  type: 'png'
+aws:
+  s3KeyId: ''
+  s3Secret: ''
+  s3Bucket: 'devnet-media.elrond.com'
+  s3Region: ''
+  s3Endpoint: ''
+urls:
+  self: 'https://devnet-api.multiversx.com'
+  elastic:
+    - 'http://localhost:9200'
+  gateway:
+    - 'http://localhost:8085'
+  verifier: 'https://play-api.multiversx.com'
+  redis: '127.0.0.1'
+  rabbitmq: 'amqp://127.0.0.1:5672'
+  providers: 'https://devnet-delegation-api.multiversx.com/providers'
+  delegation: 'https://devnet-delegation-api.multiversx.com'
+  media: 'https://devnet-media.elrond.com'
+  tmp: '/tmp'
+  ipfs: 'https://ipfs.io/ipfs'
+  socket: 'devnet-socket-api.multiversx.com'
+  maiarId: 'https://devnet-id-api.multiversx.com'
+indexer:
+  type: 'elastic'
+  maxPagination: 10000
+database:
+  enabled: true
+  url: 'mongodb://root:secret@127.0.0.1:27017/api?authSource=admin'
+  tls: false
+  type: 'mysql'
+  host: 'localhost'
+  port: 3306
+  username: 'root'
+  password: 'root'
+  database: 'api'
+caching:
+  cacheTtl: 6
+  processTtl: 600
+  poolLimit: 50
+  cacheDuration: 3
+keepAliveTimeout:
+  downstream: 61000
+  upstream: 60000
+contracts:
+  esdt: 'erd1qqqqqqqqqqqqqqqpqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqzllls8a5w6u'
+  auction: 'erd1qqqqqqqqqqqqqqqpqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqplllst77y4l'
+  staking: 'erd1qqqqqqqqqqqqqqqpqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqllls0lczs7'
+  delegationManager: 'erd1qqqqqqqqqqqqqqqpqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqylllslmq6y6'
+  delegation: 'erd1qqqqqqqqqqqqqpgq97wezxw6l7lgg7k9rxvycrz66vn92ksh2tssxwf7ep'
+  metabonding: 'erd1qqqqqqqqqqqqqpgqkg7we73j769ew5we4yyx7uyvnn0nefqgd8ssm6vjc2'
+inflation:
+  - 1952123
+  - 1746637
+  - 1541150
+  - 1335663
+  - 1130177
+  - 924690
+  - 719203
+stakingV5Inflation:
+  - 1069805
+nftProcess:
+  parallelism: 1
+  maxRetries: 3
+compression:
+  enabled: true
+  level: 6
+  threshold: 1024
+  chunkSize: 16384
+pubSubListener:
+  enabled: false
+restrictedRoutes:
+  enabled: true
+  routes:
+    - '/package.json'
+    - '/docs/package.json'

config/config.devnet-old.yaml

@@ -129,3 +129,8 @@ inflation:
 nftProcess:
   parallelism: 1
   maxRetries: 3
+restrictedRoutes:
+  enabled: true
+  routes:
+    - '/package.json'
+    - '/docs/package.json'

config/config.devnet.yaml

@@ -204,3 +204,8 @@ compression:
   level: 6
   threshold: 1024
   chunkSize: 16384
+restrictedRoutes:
+  enabled: true
+  routes:
+    - '/package.json'
+    - '/docs/package.json'

config/config.e2e-mocked.mainnet.yaml

@@ -86,3 +86,8 @@ test:
 transaction-action:
   mex:
     microServiceUrl: 'https://graph.xexchange.com/graphql'
+restrictedRoutes:
+  enabled: true
+  routes:
+    - '/package.json'
+    - '/docs/package.json'

config/config.e2e.mainnet.yaml

@@ -197,4 +197,9 @@ stakingV5Inflation:
   - 1262802
 nftProcess:
   parallelism: 1
-  maxRetries: 3
+  maxRetries: 3
+restrictedRoutes:
+  enabled: true
+  routes:
+    - '/package.json'
+    - '/docs/package.json'

config/config.mainnet.yaml

@@ -212,3 +212,9 @@ customUrlHeaders:
   - urlPattern: ''
     headers:
       x-custom-auth: ''
+restrictedRoutes:
+  enabled: true
+  routes:
+    - '/package.json'
+    - '/docs/package.json'
+

config/config.testnet.yaml

@@ -207,3 +207,8 @@ compression:
   level: 6
   threshold: 1024
   chunkSize: 16384
+restrictedRoutes:
+  enabled: true
+  routes:
+    - '/package.json'
+    - '/docs/package.json'

src/common/api-config/api.config.service.ts

@@ -1104,4 +1104,12 @@ export class ApiConfigService {
 
     return timestamp;
   }
+
+  isRestrictedRoutesEnabled(): boolean {
+    return this.configService.get<boolean>('restrictedRoutes.enabled') ?? false;
+  }
+
+  getRestrictedRoutes(): string[] {
+    return this.configService.get<string[]>('restrictedRoutes.routes') ?? [];
+  }
 }

src/main.ts

@@ -38,6 +38,7 @@ import * as requestIp from 'request-ip';
 import compression from 'compression';
 import { IoAdapter } from '@nestjs/platform-socket.io';
 import { WebsocketSubscriptionModule } from './crons/websocket/websocket.subscription.module';
+import { RestrictedRoutesMiddleware } from './utils/restricted.routes.middleware';
 
 async function bootstrap() {
   const logger = new Logger('Bootstrapper');
@@ -186,9 +187,16 @@ async function bootstrap() {
   logger.log(`Guest caching enabled: ${apiConfigService.isGuestCacheFeatureActive()}`);
   logger.log(`Transaction pool enabled: ${apiConfigService.isTransactionPoolEnabled()}`);
   logger.log(`Transaction pool cache warmer enabled: ${apiConfigService.isTransactionPoolCacheWarmerEnabled()}`);
+
+  logger.log('Restricted routes enabled: ' + apiConfigService.isRestrictedRoutesEnabled());
 }
 
 async function configurePublicApp(publicApp: NestExpressApplication, apiConfigService: ApiConfigService) {
+  if (apiConfigService.isRestrictedRoutesEnabled()) {
+    const restrictedRoutesMiddleware = new RestrictedRoutesMiddleware(apiConfigService);
+    publicApp.use(restrictedRoutesMiddleware.use.bind(restrictedRoutesMiddleware));
+  }
+
   if (apiConfigService.getCompressionEnabled()) {
     publicApp.use(compression({
       filter: (req: any, res: any) => {

src/utils/restricted.routes.middleware.ts

@@ -0,0 +1,17 @@
+import { NestMiddleware, NotFoundException } from '@nestjs/common';
+import { Request, Response, NextFunction } from 'express';
+import { ApiConfigService } from 'src/common/api-config/api.config.service';
+
+export class RestrictedRoutesMiddleware implements NestMiddleware {
+  constructor(
+    private readonly apiConfigService: ApiConfigService,
+  ) { }
+  use(req: Request, _res: Response, next: NextFunction) {
+    const restrictedRoutes = this.apiConfigService.getRestrictedRoutes();
+    if (restrictedRoutes.includes(req.path)) {
+      throw new NotFoundException(`Cannot GET ${req.path}`);
+    }
+
+    next();
+  }
+}