From 1199ca9e21dbe3ff37e1e4443dd80f0bd296858a Mon Sep 17 00:00:00 2001
From: SashegDev <gdsasheg@gmail.com>
Date: Thu, 7 May 2026 17:48:54 +0000
Subject: [PATCH] Server: Fix /docs endpoint - allow openapi.json and swagger

- Remove openapi.json, swagger-ui, api/docs from suspicious paths
- Fix is_suspicious_path() to allow swagger/openapi patterns
---
 server/middleware.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/server/middleware.py b/server/middleware.py
index ec873a6..a0f2990 100644
--- a/server/middleware.py
+++ b/server/middleware.py
@@ -69,7 +69,6 @@ SUSPICIOUS_PATHS = {
     "manage/env", "admin/env", "env",
     "actuator/env/aws", "actuator/env/cloud",
     "_layouts/15/", "_layouts/15/ToolPane.aspx",
-    "swagger-ui", "api/docs", "openapi.json",
     "wp-admin", "wp-login.php", "wordpress",
     "administrator", "phpmyadmin",
     ".git", ".svn", ".hg",
@@ -117,7 +116,7 @@ def is_suspicious_path(path: str) -> bool:
     # Contains suspicious patterns
     suspicious_patterns = [
         ".env", "phpinfo", "actuator", "wp-", "phpmyadmin",
-        ".git", ".svn", "swagger", "openapi",
+        ".git", ".svn",
     ]
     
     for pattern in suspicious_patterns: