Swagger UI latest version support (3.17.3) #7966
Comments
|
I don't remember well why we didn't upgrade but there was a reason. Ping @cbornet as I'm pretty sure you know the answer :-) |
|
Even if we updated swagger-ui to 3.17.3, I doubt you would get openapi support because it's not yet supported by Springfox. |
|
Indeed, Springfox doesn’t support OpenAPI yet. We didn’t migrate to the new UI at the time because there was no easy way to pass the auth token. It seems there are solutions now. But do we want to move to the new UI ? I’m not sure I prefer it over the current one 😄 |
|
Yes, we didn't migrate since the new version lacked some features which
were available in the old version.
Here is the PR where I attempted to upgrade
#5645
But then we cant stay with the old version forever and would have to
upgrade at some point. If someone can revive the PR and fix the outstanding
items it would be great.
Thanks & Regards,
Deepu
…On Fri, Jul 13, 2018 at 8:51 PM Christophe Bornet ***@***.***> wrote:
Indeed, Springfox doesn’t support OpenAPI yet. We didn’t migrate to the
new UI at the time because there was no easy way to pass the auth token. It
seems there are solutions now. But do we want to move to the new UI ? I’m
not sure I prefer it over the current one 😄
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#7966 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABDlF6KXDPFL7JCZuerynbYwBix-AsdOks5uGOwmgaJpZM4VPK2g>
.
|
|
I am against migrating to swagger UI 3. The UI is awful and does not bring any new features (that I know of). I would rather move to ReDoc to provide API documentation (but the interactive querying is not possible yet). In the end, we have something that work really well for now. So I'm not so keen on changing things and risk making things worse. |
|
Following @PierreBesson advice, I'm closing the ticket |
|
I guess @deepu105 already did some work for Swagger UI v3. The current UI does not provide the support for Open API json but v3 UI provides the support. I have checked both the version. I thought jhispter always provide the support for latest version of components. My two cents. |
|
@abhinav910 as @cbornet highlighted even if we update the UI lib it still wouldn't work since spring fox doesn't support it yet. I think we can do the upgrade once spring fox supports openAPI. Personally, I don't have any issue with the new UI, but it does lack some features compared to the old one. And we would never support something just coz its new, it needs to be justified as well, in most cases new is better but sadly in this case, new UI doesn't even have some features from the old one |
|
@abhinav910 Swagger UI is "just" the front-end part. The lib that generates the OpenAPI/Swagger spec is Springfox and it currently doesn't generate OAIv3 specs (see springfox/springfox#2124). As soon as springfox supports OAI, be sure that JHipster will do the upgrade. But for now there's no rush. |
|
I guess its time to do this as we have started to get the deprecation warning during yarn install warning swagger-ui@2.2.10: No longer maintained, please upgrade to swagger-ui@3. |
|
Personally, I still dislike Swagger UI v3. I would prefer to migrate to Redoc: https://github.com/Rebilly/ReDoc |
|
@PierreBesson Redoc indeed looks cool, I didn't know about it. @cbornet you're the boss here, what do you think is best? |
|
Try it out is the most important feature else we could even do static docs
instead of a living page, and I personally don't think the new UI is bad,
its just not as feature rich as the old one. So IMO migration would be the
best choice
…On Fri, 24 Aug 2018, 10:39 am Julien Dubois, ***@***.***> wrote:
@PierreBesson <https://github.com/PierreBesson> Redoc indeed looks cool,
I didn't know about it. @cbornet <https://github.com/cbornet> you're the
boss here, what do you think is best?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#7966 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABDlF4jkBoqP8ZnrT9g6bbhBgoIS6kbIks5uT7uqgaJpZM4VPK2g>
.
|
|
Yes, it's probably time to migrate. See swagger-api/swagger-ui#2915 (comment) for how to pass the auth token to swagger-ui. |
|
OK let's do it. But we need to take the occasion to try to better integrate the swagger ui into the app (as an angular/react component). And we should make it optional to include it into the front-end assets. |
|
Yes totally agree! @PierreBesson are you willing to do it? Who is interested? |
|
I'm adding a bug bounty on this ticket as I think it's important, and there's a significant amount of work |
|
My old branch with the changes might still be useful, as I figured out few
things there already
Thanks & Regards,
Deepu
…On Wed, Aug 29, 2018 at 11:15 AM Julien Dubois ***@***.***> wrote:
I'm adding a bug bounty <https://www.jhipster.tech/bug-bounties/> on this
ticket as I think it's important, and there's a significant amount of work
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#7966 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABDlFwxI2iBoN8FFxj9-C2ByyN6jhPjxks5uVlvGgaJpZM4VPK2g>
.
|
|
Have you considered using the springfox-swagger-ui maven dependency? |
|
The reason we have our own is the different auth mechanism we support, you
have to provide JWT tokens and stuff to use the try it out feature, which
I'm not sure you can do with those plugins.
Thanks & Regards,
Deepu
…On Thu, Nov 22, 2018 at 11:03 AM Aurélien Mino ***@***.***> wrote:
Have you considered using the springfox-swagger-ui maven dependency?
It still uses Swagger UI 2.x, but it will follow Springfox lifecyle and
ability to handle OpenAPI.
And it should ease our task by not maintaining our own Swagger UI, no?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#7966 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABDlF7yTQ8v1PXkqURzDyW_VHAOczSR5ks5uxnZZgaJpZM4VPK2g>
.
|
|
@cbornet It seems that support for oas-3 is pratically done in https://github.com/springfox/springfox/tree/feature/2022/oas-3-support |
|
Yes. That's for the backend part and will be part of Springfox 3. This issue is about swagger UI for which we can already migrate. |
|
Also some configs of the swagger-ui needs to be retreived from the Springfox endpoints. See the current index.html about that. |
You can take a look at this jhipster module: https://github.com/intesys/generator-jhipster-apiutils. Among other things it upgrades swagger UI to version 3 (see the index.js) and does some of the things that are required to work with springfox endpoints. However, this module has few things that are missing / have to be fixed: 1) It works only with JWT 2) uses jquery. |
|
Ok, thanks! I will give it a go |
|
And seems like Springfox 3.0 might be out soon: springfox/springfox#3070 |
|
Dilip is asking for help. Don't hesitate to participate. Springfox is a very well-written lib. You learn a lot by contributing to it. |
|
Is anyone working on this? I would like to have a go at it :) |
|
go, it was opened for too long |
|
@ecostanzi I've still submitted my branch as a PR so if you find anything interesting in my code we could try share point of views? |
|
@Hawkurane let's focus on one PR (#10567) so that the reviewers know where to look at. I'd keep PR #10567 (and close #10570) for the frontend part, since it already works for both frontends and fetches the list of specs from swagger resources. Let's discuss here: #10567 (comment) wether to customize springfox configuration in jhipster-framework (jhipster/jhipster#425) or by using a new template in the generator. In the first case we'll have to keep both PRs open. WDYT? |
|
Sure, let's do that. I've closed my front part PR :) |
jdubois
added
$300
|
We really need this as GitHub is now always giving a moderate sev security vulnerability for Swagger UI
|
|
Which is complete bullshit 😠 as using swagger ui v2 does not constitute a security vulnerability. |
|
Indeed its bullshit, but its making our apps look bad and many would think
that the generated apps are not secure by default
…On Mon, 16 Dec 2019, 5:40 pm Pierre Besson, ***@***.***> wrote:
Which is complete bullshit 😠 as using swagger ui v2 does not constitute
a security vulnerability.
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#7966?email_source=notifications&email_token=AAIOKFYAMFHSYMZSOIMGFSDQY6VP7A5CNFSM4FJ4VWQKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEG7J7YI#issuecomment-566140897>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAIOKF7C4WU7THNOXCU25YDQY6VP7ANCNFSM4FJ4VWQA>
.
|
|
@ecostanzi : don't forget to claim the bounty, it's well deserved |
|
@econstanzi PR jhipster/jhipster#425 is still needed? |
|
As I don't need it during my test, I don't think so @DanielFran |
|
@DanielFran I think we can closed it, we postponed openapi security definitions for v7 |
Overview of the feature request
Swagger UI very old version (2.2.10) is used which does not provide the support for Open API
Motivation for or Use Case
Open API support
The text was updated successfully, but these errors were encountered: