Conversation
Enable Swagger CLI plugin with introspectComments for automatic DTO property inference from TypeScript types and JSDoc comments.
Add typed response DTOs for purchases, wallets, and reports endpoints. Add reusable ApiUserIdHeader decorator combining x-user-id header and 401 response documentation.
Add @apitags, @apioperation, @ApiParam, @ApiHeader, and error response decorators to all controllers. Set up SwaggerModule in main.ts gated behind NODE_ENV !== production, serving UI at /api.
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces comprehensive API documentation using Swagger for the NestJS application. It sets up the necessary dependencies and configurations to generate interactive API docs, enhancing the discoverability and usability of the API for developers. The changes include adding Swagger to the project, configuring it for automatic DTO inference, and annotating existing and new endpoints with detailed documentation, ensuring a clear and standardized API interface. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
@coderabbitai review |
There was a problem hiding this comment.
Code Review
This pull request introduces Swagger API documentation for the existing endpoints, which is a great addition for developer experience. The implementation is solid, using @nestjs/swagger with its CLI plugin for DTO inference and providing detailed decorators for operations, parameters, and responses. The documentation is also correctly guarded to not be exposed in production environments. I've added a few suggestions to leverage NestJS's built-in validation pipes for cleaner code and to improve consistency in how user IDs are accessed where appropriate, while ensuring alignment with the project's architectural decisions.
|
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Code Review
This pull request introduces Swagger API documentation for the application, which is a great addition for developers. The setup is well-implemented, including enabling it only for non-production environments and using the NestJS Swagger plugin for DTO introspection. My review includes a suggestion to improve maintainability by dynamically setting the API version. Additionally, for the wallets controller, I've suggested standardizing how the userId is retrieved, which aligns with our POC guidelines for temporary authentication mechanisms.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review infoConfiguration used: Organization UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (3)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughAdds Swagger/OpenAPI support: new dependency 🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/main.ts`:
- Around line 18-28: Current check uses NODE_ENV !== 'production' to gate
Swagger which can enable docs if NODE_ENV is missing; change the guard to an
explicit opt-in flag (e.g., process.env.SWAGGER_ENABLED === 'true') before
calling DocumentBuilder, SwaggerModule.createDocument(app, config) and
SwaggerModule.setup('api', app, document); update the condition where
DocumentBuilder, createDocument and setup are invoked (references:
DocumentBuilder, SwaggerModule.createDocument, SwaggerModule.setup,
process.env.NODE_ENV, app) so Swagger is only mounted when the explicit
env/config flag is true (default false).
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (13)
CLAUDE.mdnest-cli.jsonpackage.jsonsrc/common/guards/user-id-api.decorator.tssrc/health/health.controller.tssrc/main.tssrc/purchases/dto/purchase-response.dto.tssrc/purchases/purchases.controller.tssrc/reports/dto/report-request-response.dto.tssrc/reports/dto/report-response.dto.tssrc/reports/reports.controller.tssrc/wallets/dto/wallet-response.dto.tssrc/wallets/wallets.controller.ts
WalkthroughThis pull request integrates Swagger/OpenAPI documentation into a NestJS application. Changes include adding the 🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
src/main.ts (1)
18-28:⚠️ Potential issue | 🟠 MajorHarden Swagger exposure to explicit opt-in.
At Line 18,
NODE_ENV !== 'production'enables docs whenNODE_ENVis missing/mis-set, which can expose/apiand/api-jsonunintentionally in production deployments.Suggested hardening
- if (process.env.NODE_ENV !== 'production') { + const enableSwagger = process.env.SWAGGER_ENABLED === 'true'; + if (enableSwagger) { const config = new DocumentBuilder() .setTitle('Wallet API') .setDescription( 'Digital wallet POC — deposits, purchases, royalties, reports', ) .setVersion('0.0.1') .build(); const document = SwaggerModule.createDocument(app, config); SwaggerModule.setup('api', app, document); }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/main.ts` around lines 18 - 28, Current check uses process.env.NODE_ENV !== 'production' which enables Swagger when NODE_ENV is missing; change the guard to require an explicit opt-in flag (e.g., process.env.SWAGGER_ENABLED === 'true' or a dedicated config flag) before creating the DocumentBuilder and calling SwaggerModule.createDocument/SwaggerModule.setup (references: DocumentBuilder, SwaggerModule.createDocument, SwaggerModule.setup, app); update the conditional to only run the Swagger setup when the explicit opt-in variable is set (optionally keep an additional safeguard checking NODE_ENV === 'development' but do not rely on NODE_ENV alone).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/purchases/purchases.controller.ts`:
- Around line 53-57: The purchase controller is reading x-user-id from headers
instead of using the guard-populated identity; change the purchase method
signature to accept the request object (e.g. `@Req`() req: Request & { userId:
string }) instead of `@Headers`('x-user-id') and use req.userId when calling the
service (the call in purchase that currently uses the header value should be
passed req.userId); ensure UserIdGuard remains applied and remove the raw header
parameter to keep a single trusted source of userId consistent with other
controllers.
---
Duplicate comments:
In `@src/main.ts`:
- Around line 18-28: Current check uses process.env.NODE_ENV !== 'production'
which enables Swagger when NODE_ENV is missing; change the guard to require an
explicit opt-in flag (e.g., process.env.SWAGGER_ENABLED === 'true' or a
dedicated config flag) before creating the DocumentBuilder and calling
SwaggerModule.createDocument/SwaggerModule.setup (references: DocumentBuilder,
SwaggerModule.createDocument, SwaggerModule.setup, app); update the conditional
to only run the Swagger setup when the explicit opt-in variable is set
(optionally keep an additional safeguard checking NODE_ENV === 'development' but
do not rely on NODE_ENV alone).
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (13)
CLAUDE.mdnest-cli.jsonpackage.jsonsrc/common/guards/user-id-api.decorator.tssrc/health/health.controller.tssrc/main.tssrc/purchases/dto/purchase-response.dto.tssrc/purchases/purchases.controller.tssrc/reports/dto/report-request-response.dto.tssrc/reports/dto/report-response.dto.tssrc/reports/reports.controller.tssrc/wallets/dto/wallet-response.dto.tssrc/wallets/wallets.controller.ts
- Replace NODE_ENV negation with explicit SWAGGER_ENABLED opt-in - Use guard-validated req.userId instead of raw x-user-id header
|
@coderabbitai review |
|
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Code Review
This pull request introduces Swagger API documentation, which is a great addition for improving the API's discoverability and developer experience. The implementation is solid, including adding the necessary dependencies, configuring Swagger, creating response DTOs, and annotating controller endpoints. I've included a couple of suggestions: one to further improve type safety in a DTO, and another to enhance code clarity in user-specific controllers by using a custom parameter decorator.
No description provided.