Stop using drf-spectacular

- Use Redoc instead of swagger
- Don't rely on CDN
- Fix docs for bulk_search API

Signed-off-by: Shivam Sandbhor <[email protected]>

requirements.txt

@@ -5,7 +5,6 @@ aiohttp>=3.7.4.post0
 djangorestframework>=3.12.4
 django-filter>=2.4.0
 django-widget-tweaks>=1.4.8
-drf-spectacular>=0.17.1
 packageurl-python>=0.9.4
 binaryornot>=0.4.4
 GitPython>=3.1.17

vulnerabilities/api.py

@@ -24,7 +24,6 @@
 from urllib.parse import unquote
 
 from django_filters import rest_framework as filters
-from drf_spectacular.utils import extend_schema, inline_serializer
 from packageurl import PackageURL
 
 from rest_framework import serializers, viewsets
@@ -35,10 +34,6 @@
 from vulnerabilities.models import VulnerabilityReference
 from vulnerabilities.models import VulnerabilitySeverity
 
-# This serializer is used for the bulk apis, to prevent wrong auto documentation
-# TODO: Fix the swagger documentation for bulk apis
-placeholder_serializer = inline_serializer(name="Placeholder", fields={})
-
 
 class VulnerabilitySeveritySerializer(serializers.ModelSerializer):
     class Meta:
@@ -135,7 +130,6 @@ class PackageViewSet(viewsets.ReadOnlyModelViewSet):
     filterset_class = PackageFilterSet
 
     # TODO: Fix the swagger documentation for this endpoint
-    @extend_schema(request=placeholder_serializer, responses=placeholder_serializer)
     @action(detail=False, methods=["post"])
     def bulk_search(self, request):
         """

vulnerabilities/templates/api_doc.html

@@ -0,0 +1,26 @@
+{% load static %}
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>ReDoc</title>
+    <!-- needed for adaptive design -->
+    <meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link href="{% static 'api_doc/font.css' %}" rel="stylesheet">
+
+
+    <!--
+    ReDoc doesn't change outer page styles
+    -->
+    <style>
+      body {
+        margin: 0;
+        padding: 0;
+      }
+    </style>
+  </head>
+  <body>
+    <redoc spec-url="{% static 'api_doc/api_schema.yaml' %}"></redoc>
+    <script src="{% static 'api_doc/redoc.standalone.js' %}"> </script>
+  </body>
+</html>

vulnerabilities/templates/base.html

@@ -14,7 +14,7 @@
                 <a class="navbar-item" href="{% url 'home' %}">
                     Home
                 </a>
-                <a class="navbar-item" href="{% url 'swagger-ui' %}">
+                <a class="navbar-item" href="{% url 'redoc' %}">
                     API Docs
                 </a>
                 {% if enable_curation %}

vulnerabilities/views.py

@@ -25,6 +25,7 @@
 from django.core.paginator import Paginator
 from django.db.models import Count
 from django.http import HttpResponse
+from django.http.response import HttpResponseNotAllowed
 from django.shortcuts import render, redirect
 from django.urls import reverse
 from django.views import View
@@ -248,3 +249,9 @@ def form_valid(self, form):
 
     def get_success_url(self):
         return reverse("vulnerability_view", kwargs={"pk": self.kwargs["vid"]})
+
+
+def schema_view(request):
+    if request.method != "GET":
+        return HttpResponseNotAllowed()
+    return render(request, "api_doc.html")

vulnerablecode/settings.py

@@ -16,6 +16,7 @@
 SECRET_KEY = env.str("SECRET_KEY")
 
 ALLOWED_HOSTS = env.list("ALLOWED_HOSTS", default=[".localhost", "127.0.0.1", "[::1]"])
+DEBUG = True
 
 # Application definition
 
@@ -30,7 +31,6 @@
     "rest_framework",
     "django_filters",
     "widget_tweaks",
-    "drf_spectacular",
 ]
 
 MIDDLEWARE = [
@@ -122,8 +122,7 @@
 # Static files (CSS, JavaScript, Images)
 
 STATIC_URL = "/static/"
-
-STATIC_ROOT = "/var/vulnerablecode/static"
+STATIC_ROOT = "./"
 
 STATICFILES_DIRS = [
     str(PROJECT_DIR.joinpath("static")),
@@ -134,14 +133,7 @@
     "DEFAULT_FILTER_BACKENDS": ("django_filters.rest_framework.DjangoFilterBackend",),
     "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.LimitOffsetPagination",
     "PAGE_SIZE": 100,
-    "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
-}
-
-SPECTACULAR_SETTINGS = {
-    "SERVE_INCLUDE_SCHEMA": False,
-    "TITLE": "VulnerableCode API",
 }
-# TODO: Specify the license for the API here.
 
 # Set this to true to enable community curation, ie users will be able to edit data
 ENABLE_CURATION = False

vulnerablecode/static/api_doc/9bcbfb5fe4bb244b68d4.worker.js.LICENSE.txt

@@ -0,0 +1,68 @@
+/*!
+ * ReDoc - OpenAPI/Swagger-generated API Reference Documentation
+ * -------------------------------------------------------------
+ *   Version: "2.0.0-rc.56"
+ *   Repo: https://github.com/Redocly/redoc
+ */
+
+/*!
+ * lunr.Builder
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/*!
+ * lunr.Index
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/*!
+ * lunr.Pipeline
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/*!
+ * lunr.Set
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/*!
+ * lunr.TokenSet
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/*!
+ * lunr.Vector
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/*!
+ * lunr.stemmer
+ * Copyright (C) 2020 Oliver Nightingale
+ * Includes code from - http://tartarus.org/~martin/PorterStemmer/js.txt
+ */
+
+/*!
+ * lunr.stopWordFilter
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/*!
+ * lunr.tokenizer
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/*!
+ * lunr.trimmer
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/*!
+ * lunr.utils
+ * Copyright (C) 2020 Oliver Nightingale
+ */
+
+/**
+ * lunr - http://lunrjs.com - A bit like Solr, but much smaller and not as bright - 2.3.9
+ * Copyright (C) 2020 Oliver Nightingale
+ * @license MIT
+ */