Publicly Accessible API Documentation via Swagger vulnerability remediation

[ibi420]

Description

This change addresses a vulnerability where Swagger API documentation was publicly accessible in production environments. Swagger has now been disabled in production to prevent unauthorised users from discovering sensitive backend routes and internal API details.

Fixes # (issue)

Type of change

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

• Attempted to access Swagger documentation endpoints (/api/swagger_doc.json, /swagger_doc.json) in a production environment.
• Verified that requests are redirected to the homepage (/home) and Swagger documentation is no longer exposed.
• Confirmed that Swagger remains available and functional in development environments for testing and debugging purposes.

Testing Checklist

• Tested in latest Chrome

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have requested a review from security and project maintainers on the Pull Request

[martindolores]

Awesome work Ibi, I was able to pull your changes done and setup my environment as Production and was not able to access swagger 🤘

[MillicentAmolo]

This is a good solution. Now structure is clear and appropriate. Wonderful job

[AB-Deakin]

Peeer reviewed by Alex Brown and approved 25/09/2025