From 14472c0cf4bc48f066af6da1c8f8b05084bd78d4 Mon Sep 17 00:00:00 2001
From: Arzhel Younsi <ayounsi@wikimedia.org>
Date: Wed, 6 Dec 2023 18:20:36 +0100
Subject: [PATCH] Add PUBLIC_SWAGGER configuration option

Swagger metadata are by default opened to unauthenticated users.
Add a configuration option to be able to only expose them to
authenticated users.

Even though it's only the metadata (and not read or write operations)
public Netbox instances attract a significant amount of "Google traffic"
and people experimenting with the API, slowing down Netbox.

An alternative would be to disable it by default (and not configuration
option) to keep the config more learn, but this might be a breaking
change for existing users.
---
 docs/configuration/miscellaneous.md    | 8 ++++++++
 netbox/netbox/configuration_example.py | 3 +++
 netbox/netbox/settings.py              | 1 +
 3 files changed, 12 insertions(+)

diff --git a/docs/configuration/miscellaneous.md b/docs/configuration/miscellaneous.md
index f143be139..2b12075ae 100644
--- a/docs/configuration/miscellaneous.md
+++ b/docs/configuration/miscellaneous.md
@@ -180,6 +180,14 @@ When determining the primary IP address for a device, IPv6 is preferred over IPv
 
 ---
 
+## PUBLIC_SWAGGER
+
+Default: True
+
+Swagger exposes by default the schemas to unauthenticated users. Set this to False to only expose them to authenticated users.
+
+---
+
 ## QUEUE_MAPPINGS
 
 Allows changing which queues are used internally for background tasks.
diff --git a/netbox/netbox/configuration_example.py b/netbox/netbox/configuration_example.py
index f415ca42f..c025d8a39 100644
--- a/netbox/netbox/configuration_example.py
+++ b/netbox/netbox/configuration_example.py
@@ -190,6 +190,9 @@ PLUGINS = []
 #     }
 # }
 
+# Expose the SWAGGER UI schemas to unauthenticated users
+PUBLIC_SWAGGER = True
+
 # Remote authentication support
 REMOTE_AUTH_ENABLED = False
 REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py
index 824bc4605..54b3c925f 100644
--- a/netbox/netbox/settings.py
+++ b/netbox/netbox/settings.py
@@ -653,6 +653,7 @@ SPECTACULAR_SETTINGS = {
     'VERSION': VERSION,
     'COMPONENT_SPLIT_REQUEST': True,
     'REDOC_DIST': 'SIDECAR',
+    'SERVE_PUBLIC': getattr(configuration, 'PUBLIC_SWAGGER', True),
     'SERVERS': [{
         'url': BASE_PATH,
         'description': 'NetBox',