Swagger UI exposed publicly with no authentication - full API documentation visible to anyone

## Bug Description

Swagger/OpenAPI documentation is mounted at /api/docs (src/main.ts, line 25) with zero authentication guard.

## Code
```typescript
SwaggerModule.setup('api/docs', app, document);
```

## Impact
- Anyone can browse full API schema including all internal service topology
- Reveals Acadmap, CoSA, Smart Insti internal endpoint paths
- Especially dangerous since AuthGuard can return true unconditionally

## Fix
Only serve Swagger in development:
```typescript
if (process.env.NODE_ENV !== 'production') {
    SwaggerModule.setup('api/docs', app, document);
}
```
Or add an admin auth guard to the docs endpoint.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Swagger UI exposed publicly with no authentication - full API documentation visible to anyone #6

Bug Description

Code

Impact

Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Swagger UI exposed publicly with no authentication - full API documentation visible to anyone #6

Description

Bug Description

Code

Impact

Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions