revert: "security/fix-swagger-info-leak-m02" (#29721)

2025-12-16 14:19:33 +08:00
parent 4553e4c12f
commit a915b8a584
4 changed files with 8 additions and 61 deletions
--- a/api/configs/feature/init.py
+++ b/api/configs/feature/init.py
@@ -1252,19 +1252,9 @@ class WorkflowLogConfig(BaseSettings):


 class SwaggerUIConfig(BaseSettings):
-    """
-    Configuration for Swagger UI documentation.
-
-    Security Note: Swagger UI is automatically disabled in PRODUCTION environment
-    to prevent API information disclosure. Set SWAGGER_UI_ENABLED=true explicitly
-    to enable in production if needed.
-    """
-
-    SWAGGER_UI_ENABLED: bool | None = Field(
-        description="Whether to enable Swagger UI in api module. "
-        "Automatically disabled in PRODUCTION environment for security. "
-        "Set to true explicitly to enable in production.",
-        default=None,
+    SWAGGER_UI_ENABLED: bool = Field(
+        description="Whether to enable Swagger UI in api module",
+        default=True,
    )

    SWAGGER_UI_PATH: str = Field(
@@ -1272,23 +1262,6 @@ class SwaggerUIConfig(BaseSettings):
        default="/swagger-ui.html",
    )

-    @property
-    def swagger_ui_enabled(self) -> bool:
-        """
-        Compute whether Swagger UI should be enabled.
-
-        If SWAGGER_UI_ENABLED is explicitly set, use that value.
-        Otherwise, disable in PRODUCTION environment for security.
-        """
-        if self.SWAGGER_UI_ENABLED is not None:
-            return self.SWAGGER_UI_ENABLED
-
-        # Auto-disable in production environment
-        import os
-
-        deploy_env = os.environ.get("DEPLOY_ENV", "PRODUCTION")
-        return deploy_env.upper() != "PRODUCTION"
-

 class TenantIsolatedTaskQueueConfig(BaseSettings):
    TENANT_ISOLATED_TASK_CONCURRENCY: int = Field(