@backstage/plugin-search-backend 2.1.0-next.2 → 2.1.0

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @backstage/plugin-search-backend
 
+## 2.1.0
+
+### Minor Changes
+
+- 0fbcf23: Migrated OpenAPI schemas to 3.1.
+
+### Patch Changes
+
+- a49a40d: Updated dependency `zod` to `^3.25.76 || ^4.0.0` & migrated to `/v3` or `/v4` imports.
+- Updated dependencies
+  - @backstage/backend-plugin-api@1.8.0
+  - @backstage/plugin-permission-common@0.9.7
+  - @backstage/plugin-permission-node@0.10.11
+  - @backstage/backend-openapi-utils@0.6.7
+  - @backstage/plugin-search-backend-node@1.4.2
+
 ## 2.1.0-next.2
 
 ### Patch Changes

package/dist/service/router.cjs.js

@@ -1,23 +1,23 @@
 'use strict';
 
-var zod = require('zod');
+var v3 = require('zod/v3');
 var errors = require('@backstage/errors');
 var pluginPermissionCommon = require('@backstage/plugin-permission-common');
 var AuthorizedSearchEngine = require('./AuthorizedSearchEngine.cjs.js');
 var router = require('../schema/openapi/generated/router.cjs.js');
 
-const jsonObjectSchema = zod.z.lazy(() => {
-  const jsonValueSchema = zod.z.lazy(
-    () => zod.z.union([
-      zod.z.string(),
-      zod.z.number(),
-      zod.z.boolean(),
-      zod.z.null(),
-      zod.z.array(jsonValueSchema),
+const jsonObjectSchema = v3.z.lazy(() => {
+  const jsonValueSchema = v3.z.lazy(
+    () => v3.z.union([
+      v3.z.string(),
+      v3.z.number(),
+      v3.z.boolean(),
+      v3.z.null(),
+      v3.z.array(jsonValueSchema),
       jsonObjectSchema
     ])
   );
-  return zod.z.record(jsonValueSchema);
+  return v3.z.record(jsonValueSchema);
 });
 const defaultMaxPageLimit = 100;
 const defaultMaxTermLength = 100;
@@ -35,17 +35,17 @@ async function createRouter(options) {
   } = options;
   const maxPageLimit = config.getOptionalNumber("search.maxPageLimit") ?? defaultMaxPageLimit;
   const maxTermLength = config.getOptionalNumber("search.maxTermLength") ?? defaultMaxTermLength;
-  const requestSchema = zod.z.object({
-    term: zod.z.string().refine(
+  const requestSchema = v3.z.object({
+    term: v3.z.string().refine(
       (term) => term.length <= maxTermLength,
       (term) => ({
         message: `The term length "${term.length}" is greater than "${maxTermLength}"`
       })
     ).default(""),
     filters: jsonObjectSchema.optional(),
-    types: zod.z.array(zod.z.string().refine((type) => Object.keys(types).includes(type))).optional(),
-    pageCursor: zod.z.string().optional(),
-    pageLimit: zod.z.number().refine(
+    types: v3.z.array(v3.z.string().refine((type) => Object.keys(types).includes(type))).optional(),
+    pageCursor: v3.z.string().optional(),
+    pageLimit: v3.z.number().refine(
       (pageLimit) => pageLimit <= maxPageLimit,
       (pageLimit) => ({
         message: `The page limit "${pageLimit}" is greater than "${maxPageLimit}"`

package/dist/service/router.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"router.cjs.js","sources":["../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport { z } from 'zod';\nimport { InputError } from '@backstage/errors';\nimport { Config } from '@backstage/config';\nimport { JsonObject, JsonValue } from '@backstage/types';\nimport {\n  PermissionAuthorizer,\n  PermissionEvaluator,\n  toPermissionEvaluator,\n} from '@backstage/plugin-permission-common';\nimport {\n  DocumentTypeInfo,\n  IndexableResultSet,\n  SearchResultSet,\n} from '@backstage/plugin-search-common';\nimport { SearchEngine } from '@backstage/plugin-search-backend-node';\nimport { AuthorizedSearchEngine } from './AuthorizedSearchEngine';\nimport { createOpenApiRouter } from '../schema/openapi';\nimport {\n  AuthService,\n  DiscoveryService,\n  HttpAuthService,\n  LoggerService,\n} from '@backstage/backend-plugin-api';\n\nconst jsonObjectSchema: z.ZodSchema<JsonObject> = z.lazy(() => {\n  const jsonValueSchema: z.ZodSchema<JsonValue> = z.lazy(() =>\n    z.union([\n      z.string(),\n      z.number(),\n      z.boolean(),\n      z.null(),\n      z.array(jsonValueSchema),\n      jsonObjectSchema,\n    ]),\n  );\n\n  return z.record(jsonValueSchema);\n});\n\n/**\n * @internal\n */\nexport type RouterOptions = {\n  engine: SearchEngine;\n  types: Record<string, DocumentTypeInfo>;\n  discovery?: DiscoveryService;\n  permissions: PermissionEvaluator | PermissionAuthorizer;\n  config: Config;\n  logger: LoggerService;\n  auth: AuthService;\n  httpAuth: HttpAuthService;\n};\n\nconst defaultMaxPageLimit = 100;\nconst defaultMaxTermLength = 100;\nconst allowedLocationProtocols = ['http:', 'https:'];\n\n/**\n * @internal\n */\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const router = await createOpenApiRouter();\n  const {\n    engine: inputEngine,\n    types,\n    permissions,\n    config,\n    logger,\n    auth,\n    httpAuth,\n  } = options;\n\n  const maxPageLimit =\n    config.getOptionalNumber('search.maxPageLimit') ?? defaultMaxPageLimit;\n\n  const maxTermLength =\n    config.getOptionalNumber('search.maxTermLength') ?? defaultMaxTermLength;\n\n  const requestSchema = z.object({\n    term: z\n      .string()\n      .refine(\n        term => term.length <= maxTermLength,\n        term => ({\n          message: `The term length \"${term.length}\" is greater than \"${maxTermLength}\"`,\n        }),\n      )\n      .default(''),\n    filters: jsonObjectSchema.optional(),\n    types: z\n      .array(z.string().refine(type => Object.keys(types).includes(type)))\n      .optional(),\n    pageCursor: z.string().optional(),\n    pageLimit: z\n      .number()\n      .refine(\n        pageLimit => pageLimit <= maxPageLimit,\n        pageLimit => ({\n          message: `The page limit \"${pageLimit}\" is greater than \"${maxPageLimit}\"`,\n        }),\n      )\n      .optional(),\n  });\n\n  let permissionEvaluator: PermissionEvaluator;\n  if ('authorizeConditional' in permissions) {\n    permissionEvaluator = permissions as PermissionEvaluator;\n  } else {\n    logger.warn(\n      'PermissionAuthorizer is deprecated. Please use an instance of PermissionEvaluator instead of PermissionAuthorizer in PluginEnvironment#permissions',\n    );\n    permissionEvaluator = toPermissionEvaluator(permissions);\n  }\n\n  const engine = config.getOptionalBoolean('permission.enabled')\n    ? new AuthorizedSearchEngine(\n        inputEngine,\n        types,\n        permissionEvaluator,\n        auth,\n        config,\n      )\n    : inputEngine;\n\n  const filterResultSet = ({ results, ...resultSet }: SearchResultSet) => ({\n    ...resultSet,\n    results: results.filter(result => {\n      const protocol = new URL(result.document.location, 'https://example.com')\n        .protocol;\n      const isAllowed = allowedLocationProtocols.includes(protocol);\n      if (!isAllowed) {\n        logger.info(\n          `Rejected search result for \"${result.document.title}\" as location protocol \"${protocol}\" is unsafe`,\n        );\n      }\n      return isAllowed;\n    }),\n  });\n\n  const toSearchResults = (resultSet: IndexableResultSet): SearchResultSet => ({\n    ...resultSet,\n    results: resultSet.results.map(result => ({\n      ...result,\n      document: {\n        ...result.document,\n        authorization: undefined,\n      },\n    })),\n  });\n\n  router.get('/query', async (req, res) => {\n    const parseResult = requestSchema.passthrough().safeParse(req.query);\n\n    if (!parseResult.success) {\n      throw new InputError(`Invalid query string: ${parseResult.error}`);\n    }\n\n    const query = parseResult.data;\n\n    logger.info(\n      `Search request received: term=\"${query.term}\", filters=${JSON.stringify(\n        query.filters,\n      )}, types=${query.types ? query.types.join(',') : ''}, pageCursor=${\n        query.pageCursor ?? ''\n      }`,\n    );\n\n    try {\n      const credentials = await httpAuth.credentials(req);\n      const { token } = await auth.getPluginRequestToken({\n        onBehalfOf: credentials,\n        targetPluginId: 'search',\n      });\n      const resultSet = await engine?.query(query, {\n        token,\n        credentials,\n      });\n\n      res.json(filterResultSet(toSearchResults(resultSet)));\n    } catch (error) {\n      // Log the error message here, but don't expose it to the user in the response\n      logger.error(\n        `There was a problem performing the search query: ${error.message}`,\n      );\n      if (error.name === 'MissingIndexError') {\n        // re-throw and let the default error handler middleware captures it and serializes it with the right response code on the standard form\n        throw error;\n      }\n\n      // If the error is not a MissingIndexError, we want to throw a generic error without the error message as it may leak internal information\n      throw new Error(`There was a problem performing the search query`);\n    }\n  });\n\n  return router;\n}\n"],"names":["z","router","createOpenApiRouter","toPermissionEvaluator","AuthorizedSearchEngine","InputError"],"mappings":";;;;;;;;AAyCA,MAAM,gBAAA,GAA4CA,KAAA,CAAE,IAAA,CAAK,MAAM;AAC7D,EAAA,MAAM,kBAA0CA,KAAA,CAAE,IAAA;AAAA,IAAK,MACrDA,MAAE,KAAA,CAAM;AAAA,MACNA,MAAE,MAAA,EAAO;AAAA,MACTA,MAAE,MAAA,EAAO;AAAA,MACTA,MAAE,OAAA,EAAQ;AAAA,MACVA,MAAE,IAAA,EAAK;AAAA,MACPA,KAAA,CAAE,MAAM,eAAe,CAAA;AAAA,MACvB;AAAA,KACD;AAAA,GACH;AAEA,EAAA,OAAOA,KAAA,CAAE,OAAO,eAAe,CAAA;AACjC,CAAC,CAAA;AAgBD,MAAM,mBAAA,GAAsB,GAAA;AAC5B,MAAM,oBAAA,GAAuB,GAAA;AAC7B,MAAM,wBAAA,GAA2B,CAAC,OAAA,EAAS,QAAQ,CAAA;AAKnD,eAAsB,aACpB,OAAA,EACyB;AACzB,EAAA,MAAMC,QAAA,GAAS,MAAMC,0BAAA,EAAoB;AACzC,EAAA,MAAM;AAAA,IACJ,MAAA,EAAQ,WAAA;AAAA,IACR,KAAA;AAAA,IACA,WAAA;AAAA,IACA,MAAA;AAAA,IACA,MAAA;AAAA,IACA,IAAA;AAAA,IACA;AAAA,GACF,GAAI,OAAA;AAEJ,EAAA,MAAM,YAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,qBAAqB,CAAA,IAAK,mBAAA;AAErD,EAAA,MAAM,aAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,sBAAsB,CAAA,IAAK,oBAAA;AAEtD,EAAA,MAAM,aAAA,GAAgBF,MAAE,MAAA,CAAO;AAAA,IAC7B,IAAA,EAAMA,KAAA,CACH,MAAA,EAAO,CACP,MAAA;AAAA,MACC,CAAA,IAAA,KAAQ,KAAK,MAAA,IAAU,aAAA;AAAA,MACvB,CAAA,IAAA,MAAS;AAAA,QACP,OAAA,EAAS,CAAA,iBAAA,EAAoB,IAAA,CAAK,MAAM,sBAAsB,aAAa,CAAA,CAAA;AAAA,OAC7E;AAAA,KACF,CACC,QAAQ,EAAE,CAAA;AAAA,IACb,OAAA,EAAS,iBAAiB,QAAA,EAAS;AAAA,IACnC,OAAOA,KAAA,CACJ,KAAA,CAAMA,KAAA,CAAE,MAAA,GAAS,MAAA,CAAO,CAAA,IAAA,KAAQ,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,QAAA,CAAS,IAAI,CAAC,CAAC,EAClE,QAAA,EAAS;AAAA,IACZ,UAAA,EAAYA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAChC,SAAA,EAAWA,KAAA,CACR,MAAA,EAAO,CACP,MAAA;AAAA,MACC,eAAa,SAAA,IAAa,YAAA;AAAA,MAC1B,CAAA,SAAA,MAAc;AAAA,QACZ,OAAA,EAAS,CAAA,gBAAA,EAAmB,SAAS,CAAA,mBAAA,EAAsB,YAAY,CAAA,CAAA;AAAA,OACzE;AAAA,MAED,QAAA;AAAS,GACb,CAAA;AAED,EAAA,IAAI,mBAAA;AACJ,EAAA,IAAI,0BAA0B,WAAA,EAAa;AACzC,IAAA,mBAAA,GAAsB,WAAA;AAAA,EACxB,CAAA,MAAO;AACL,IAAA,MAAA,CAAO,IAAA;AAAA,MACL;AAAA,KACF;AACA,IAAA,mBAAA,GAAsBG,6CAAsB,WAAW,CAAA;AAAA,EACzD;AAEA,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,kBAAA,CAAmB,oBAAoB,IACzD,IAAIC,6CAAA;AAAA,IACF,WAAA;AAAA,IACA,KAAA;AAAA,IACA,mBAAA;AAAA,IACA,IAAA;AAAA,IACA;AAAA,GACF,GACA,WAAA;AAEJ,EAAA,MAAM,kBAAkB,CAAC,EAAE,OAAA,EAAS,GAAG,WAAU,MAAwB;AAAA,IACvE,GAAG,SAAA;AAAA,IACH,OAAA,EAAS,OAAA,CAAQ,MAAA,CAAO,CAAA,MAAA,KAAU;AAChC,MAAA,MAAM,WAAW,IAAI,GAAA,CAAI,OAAO,QAAA,CAAS,QAAA,EAAU,qBAAqB,CAAA,CACrE,QAAA;AACH,MAAA,MAAM,SAAA,GAAY,wBAAA,CAAyB,QAAA,CAAS,QAAQ,CAAA;AAC5D,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAA,CAAO,IAAA;AAAA,UACL,CAAA,4BAAA,EAA+B,MAAA,CAAO,QAAA,CAAS,KAAK,2BAA2B,QAAQ,CAAA,WAAA;AAAA,SACzF;AAAA,MACF;AACA,MAAA,OAAO,SAAA;AAAA,IACT,CAAC;AAAA,GACH,CAAA;AAEA,EAAA,MAAM,eAAA,GAAkB,CAAC,SAAA,MAAoD;AAAA,IAC3E,GAAG,SAAA;AAAA,IACH,OAAA,EAAS,SAAA,CAAU,OAAA,CAAQ,GAAA,CAAI,CAAA,MAAA,MAAW;AAAA,MACxC,GAAG,MAAA;AAAA,MACH,QAAA,EAAU;AAAA,QACR,GAAG,MAAA,CAAO,QAAA;AAAA,QACV,aAAA,EAAe;AAAA;AACjB,KACF,CAAE;AAAA,GACJ,CAAA;AAEA,EAAAH,QAAA,CAAO,GAAA,CAAI,QAAA,EAAU,OAAO,GAAA,EAAK,GAAA,KAAQ;AACvC,IAAA,MAAM,cAAc,aAAA,CAAc,WAAA,EAAY,CAAE,SAAA,CAAU,IAAI,KAAK,CAAA;AAEnE,IAAA,IAAI,CAAC,YAAY,OAAA,EAAS;AACxB,MAAA,MAAM,IAAII,iBAAA,CAAW,CAAA,sBAAA,EAAyB,WAAA,CAAY,KAAK,CAAA,CAAE,CAAA;AAAA,IACnE;AAEA,IAAA,MAAM,QAAQ,WAAA,CAAY,IAAA;AAE1B,IAAA,MAAA,CAAO,IAAA;AAAA,MACL,CAAA,+BAAA,EAAkC,KAAA,CAAM,IAAI,CAAA,WAAA,EAAc,IAAA,CAAK,SAAA;AAAA,QAC7D,KAAA,CAAM;AAAA,OACP,CAAA,QAAA,EAAW,KAAA,CAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA,GAAI,EAAE,CAAA,aAAA,EAClD,KAAA,CAAM,cAAc,EACtB,CAAA;AAAA,KACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,WAAA,GAAc,MAAM,QAAA,CAAS,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,KAAA,EAAM,GAAI,MAAM,KAAK,qBAAA,CAAsB;AAAA,QACjD,UAAA,EAAY,WAAA;AAAA,QACZ,cAAA,EAAgB;AAAA,OACjB,CAAA;AACD,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,EAAQ,KAAA,CAAM,KAAA,EAAO;AAAA,QAC3C,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAED,MAAA,GAAA,CAAI,IAAA,CAAK,eAAA,CAAgB,eAAA,CAAgB,SAAS,CAAC,CAAC,CAAA;AAAA,IACtD,SAAS,KAAA,EAAO;AAEd,MAAA,MAAA,CAAO,KAAA;AAAA,QACL,CAAA,iDAAA,EAAoD,MAAM,OAAO,CAAA;AAAA,OACnE;AACA,MAAA,IAAI,KAAA,CAAM,SAAS,mBAAA,EAAqB;AAEtC,QAAA,MAAM,KAAA;AAAA,MACR;AAGA,MAAA,MAAM,IAAI,MAAM,CAAA,+CAAA,CAAiD,CAAA;AAAA,IACnE;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAOJ,QAAA;AACT;;;;"}
+{"version":3,"file":"router.cjs.js","sources":["../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport { z } from 'zod/v3';\nimport { InputError } from '@backstage/errors';\nimport { Config } from '@backstage/config';\nimport { JsonObject, JsonValue } from '@backstage/types';\nimport {\n  PermissionAuthorizer,\n  PermissionEvaluator,\n  toPermissionEvaluator,\n} from '@backstage/plugin-permission-common';\nimport {\n  DocumentTypeInfo,\n  IndexableResultSet,\n  SearchResultSet,\n} from '@backstage/plugin-search-common';\nimport { SearchEngine } from '@backstage/plugin-search-backend-node';\nimport { AuthorizedSearchEngine } from './AuthorizedSearchEngine';\nimport { createOpenApiRouter } from '../schema/openapi';\nimport {\n  AuthService,\n  DiscoveryService,\n  HttpAuthService,\n  LoggerService,\n} from '@backstage/backend-plugin-api';\n\nconst jsonObjectSchema: z.ZodSchema<JsonObject> = z.lazy(() => {\n  const jsonValueSchema: z.ZodSchema<JsonValue> = z.lazy(() =>\n    z.union([\n      z.string(),\n      z.number(),\n      z.boolean(),\n      z.null(),\n      z.array(jsonValueSchema),\n      jsonObjectSchema,\n    ]),\n  );\n\n  return z.record(jsonValueSchema);\n});\n\n/**\n * @internal\n */\nexport type RouterOptions = {\n  engine: SearchEngine;\n  types: Record<string, DocumentTypeInfo>;\n  discovery?: DiscoveryService;\n  permissions: PermissionEvaluator | PermissionAuthorizer;\n  config: Config;\n  logger: LoggerService;\n  auth: AuthService;\n  httpAuth: HttpAuthService;\n};\n\nconst defaultMaxPageLimit = 100;\nconst defaultMaxTermLength = 100;\nconst allowedLocationProtocols = ['http:', 'https:'];\n\n/**\n * @internal\n */\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const router = await createOpenApiRouter();\n  const {\n    engine: inputEngine,\n    types,\n    permissions,\n    config,\n    logger,\n    auth,\n    httpAuth,\n  } = options;\n\n  const maxPageLimit =\n    config.getOptionalNumber('search.maxPageLimit') ?? defaultMaxPageLimit;\n\n  const maxTermLength =\n    config.getOptionalNumber('search.maxTermLength') ?? defaultMaxTermLength;\n\n  const requestSchema = z.object({\n    term: z\n      .string()\n      .refine(\n        term => term.length <= maxTermLength,\n        term => ({\n          message: `The term length \"${term.length}\" is greater than \"${maxTermLength}\"`,\n        }),\n      )\n      .default(''),\n    filters: jsonObjectSchema.optional(),\n    types: z\n      .array(z.string().refine(type => Object.keys(types).includes(type)))\n      .optional(),\n    pageCursor: z.string().optional(),\n    pageLimit: z\n      .number()\n      .refine(\n        pageLimit => pageLimit <= maxPageLimit,\n        pageLimit => ({\n          message: `The page limit \"${pageLimit}\" is greater than \"${maxPageLimit}\"`,\n        }),\n      )\n      .optional(),\n  });\n\n  let permissionEvaluator: PermissionEvaluator;\n  if ('authorizeConditional' in permissions) {\n    permissionEvaluator = permissions as PermissionEvaluator;\n  } else {\n    logger.warn(\n      'PermissionAuthorizer is deprecated. Please use an instance of PermissionEvaluator instead of PermissionAuthorizer in PluginEnvironment#permissions',\n    );\n    permissionEvaluator = toPermissionEvaluator(permissions);\n  }\n\n  const engine = config.getOptionalBoolean('permission.enabled')\n    ? new AuthorizedSearchEngine(\n        inputEngine,\n        types,\n        permissionEvaluator,\n        auth,\n        config,\n      )\n    : inputEngine;\n\n  const filterResultSet = ({ results, ...resultSet }: SearchResultSet) => ({\n    ...resultSet,\n    results: results.filter(result => {\n      const protocol = new URL(result.document.location, 'https://example.com')\n        .protocol;\n      const isAllowed = allowedLocationProtocols.includes(protocol);\n      if (!isAllowed) {\n        logger.info(\n          `Rejected search result for \"${result.document.title}\" as location protocol \"${protocol}\" is unsafe`,\n        );\n      }\n      return isAllowed;\n    }),\n  });\n\n  const toSearchResults = (resultSet: IndexableResultSet): SearchResultSet => ({\n    ...resultSet,\n    results: resultSet.results.map(result => ({\n      ...result,\n      document: {\n        ...result.document,\n        authorization: undefined,\n      },\n    })),\n  });\n\n  router.get('/query', async (req, res) => {\n    const parseResult = requestSchema.passthrough().safeParse(req.query);\n\n    if (!parseResult.success) {\n      throw new InputError(`Invalid query string: ${parseResult.error}`);\n    }\n\n    const query = parseResult.data;\n\n    logger.info(\n      `Search request received: term=\"${query.term}\", filters=${JSON.stringify(\n        query.filters,\n      )}, types=${query.types ? query.types.join(',') : ''}, pageCursor=${\n        query.pageCursor ?? ''\n      }`,\n    );\n\n    try {\n      const credentials = await httpAuth.credentials(req);\n      const { token } = await auth.getPluginRequestToken({\n        onBehalfOf: credentials,\n        targetPluginId: 'search',\n      });\n      const resultSet = await engine?.query(query, {\n        token,\n        credentials,\n      });\n\n      res.json(filterResultSet(toSearchResults(resultSet)));\n    } catch (error) {\n      // Log the error message here, but don't expose it to the user in the response\n      logger.error(\n        `There was a problem performing the search query: ${error.message}`,\n      );\n      if (error.name === 'MissingIndexError') {\n        // re-throw and let the default error handler middleware captures it and serializes it with the right response code on the standard form\n        throw error;\n      }\n\n      // If the error is not a MissingIndexError, we want to throw a generic error without the error message as it may leak internal information\n      throw new Error(`There was a problem performing the search query`);\n    }\n  });\n\n  return router;\n}\n"],"names":["z","router","createOpenApiRouter","toPermissionEvaluator","AuthorizedSearchEngine","InputError"],"mappings":";;;;;;;;AAyCA,MAAM,gBAAA,GAA4CA,IAAA,CAAE,IAAA,CAAK,MAAM;AAC7D,EAAA,MAAM,kBAA0CA,IAAA,CAAE,IAAA;AAAA,IAAK,MACrDA,KAAE,KAAA,CAAM;AAAA,MACNA,KAAE,MAAA,EAAO;AAAA,MACTA,KAAE,MAAA,EAAO;AAAA,MACTA,KAAE,OAAA,EAAQ;AAAA,MACVA,KAAE,IAAA,EAAK;AAAA,MACPA,IAAA,CAAE,MAAM,eAAe,CAAA;AAAA,MACvB;AAAA,KACD;AAAA,GACH;AAEA,EAAA,OAAOA,IAAA,CAAE,OAAO,eAAe,CAAA;AACjC,CAAC,CAAA;AAgBD,MAAM,mBAAA,GAAsB,GAAA;AAC5B,MAAM,oBAAA,GAAuB,GAAA;AAC7B,MAAM,wBAAA,GAA2B,CAAC,OAAA,EAAS,QAAQ,CAAA;AAKnD,eAAsB,aACpB,OAAA,EACyB;AACzB,EAAA,MAAMC,QAAA,GAAS,MAAMC,0BAAA,EAAoB;AACzC,EAAA,MAAM;AAAA,IACJ,MAAA,EAAQ,WAAA;AAAA,IACR,KAAA;AAAA,IACA,WAAA;AAAA,IACA,MAAA;AAAA,IACA,MAAA;AAAA,IACA,IAAA;AAAA,IACA;AAAA,GACF,GAAI,OAAA;AAEJ,EAAA,MAAM,YAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,qBAAqB,CAAA,IAAK,mBAAA;AAErD,EAAA,MAAM,aAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,sBAAsB,CAAA,IAAK,oBAAA;AAEtD,EAAA,MAAM,aAAA,GAAgBF,KAAE,MAAA,CAAO;AAAA,IAC7B,IAAA,EAAMA,IAAA,CACH,MAAA,EAAO,CACP,MAAA;AAAA,MACC,CAAA,IAAA,KAAQ,KAAK,MAAA,IAAU,aAAA;AAAA,MACvB,CAAA,IAAA,MAAS;AAAA,QACP,OAAA,EAAS,CAAA,iBAAA,EAAoB,IAAA,CAAK,MAAM,sBAAsB,aAAa,CAAA,CAAA;AAAA,OAC7E;AAAA,KACF,CACC,QAAQ,EAAE,CAAA;AAAA,IACb,OAAA,EAAS,iBAAiB,QAAA,EAAS;AAAA,IACnC,OAAOA,IAAA,CACJ,KAAA,CAAMA,IAAA,CAAE,MAAA,GAAS,MAAA,CAAO,CAAA,IAAA,KAAQ,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,QAAA,CAAS,IAAI,CAAC,CAAC,EAClE,QAAA,EAAS;AAAA,IACZ,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAChC,SAAA,EAAWA,IAAA,CACR,MAAA,EAAO,CACP,MAAA;AAAA,MACC,eAAa,SAAA,IAAa,YAAA;AAAA,MAC1B,CAAA,SAAA,MAAc;AAAA,QACZ,OAAA,EAAS,CAAA,gBAAA,EAAmB,SAAS,CAAA,mBAAA,EAAsB,YAAY,CAAA,CAAA;AAAA,OACzE;AAAA,MAED,QAAA;AAAS,GACb,CAAA;AAED,EAAA,IAAI,mBAAA;AACJ,EAAA,IAAI,0BAA0B,WAAA,EAAa;AACzC,IAAA,mBAAA,GAAsB,WAAA;AAAA,EACxB,CAAA,MAAO;AACL,IAAA,MAAA,CAAO,IAAA;AAAA,MACL;AAAA,KACF;AACA,IAAA,mBAAA,GAAsBG,6CAAsB,WAAW,CAAA;AAAA,EACzD;AAEA,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,kBAAA,CAAmB,oBAAoB,IACzD,IAAIC,6CAAA;AAAA,IACF,WAAA;AAAA,IACA,KAAA;AAAA,IACA,mBAAA;AAAA,IACA,IAAA;AAAA,IACA;AAAA,GACF,GACA,WAAA;AAEJ,EAAA,MAAM,kBAAkB,CAAC,EAAE,OAAA,EAAS,GAAG,WAAU,MAAwB;AAAA,IACvE,GAAG,SAAA;AAAA,IACH,OAAA,EAAS,OAAA,CAAQ,MAAA,CAAO,CAAA,MAAA,KAAU;AAChC,MAAA,MAAM,WAAW,IAAI,GAAA,CAAI,OAAO,QAAA,CAAS,QAAA,EAAU,qBAAqB,CAAA,CACrE,QAAA;AACH,MAAA,MAAM,SAAA,GAAY,wBAAA,CAAyB,QAAA,CAAS,QAAQ,CAAA;AAC5D,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAA,CAAO,IAAA;AAAA,UACL,CAAA,4BAAA,EAA+B,MAAA,CAAO,QAAA,CAAS,KAAK,2BAA2B,QAAQ,CAAA,WAAA;AAAA,SACzF;AAAA,MACF;AACA,MAAA,OAAO,SAAA;AAAA,IACT,CAAC;AAAA,GACH,CAAA;AAEA,EAAA,MAAM,eAAA,GAAkB,CAAC,SAAA,MAAoD;AAAA,IAC3E,GAAG,SAAA;AAAA,IACH,OAAA,EAAS,SAAA,CAAU,OAAA,CAAQ,GAAA,CAAI,CAAA,MAAA,MAAW;AAAA,MACxC,GAAG,MAAA;AAAA,MACH,QAAA,EAAU;AAAA,QACR,GAAG,MAAA,CAAO,QAAA;AAAA,QACV,aAAA,EAAe;AAAA;AACjB,KACF,CAAE;AAAA,GACJ,CAAA;AAEA,EAAAH,QAAA,CAAO,GAAA,CAAI,QAAA,EAAU,OAAO,GAAA,EAAK,GAAA,KAAQ;AACvC,IAAA,MAAM,cAAc,aAAA,CAAc,WAAA,EAAY,CAAE,SAAA,CAAU,IAAI,KAAK,CAAA;AAEnE,IAAA,IAAI,CAAC,YAAY,OAAA,EAAS;AACxB,MAAA,MAAM,IAAII,iBAAA,CAAW,CAAA,sBAAA,EAAyB,WAAA,CAAY,KAAK,CAAA,CAAE,CAAA;AAAA,IACnE;AAEA,IAAA,MAAM,QAAQ,WAAA,CAAY,IAAA;AAE1B,IAAA,MAAA,CAAO,IAAA;AAAA,MACL,CAAA,+BAAA,EAAkC,KAAA,CAAM,IAAI,CAAA,WAAA,EAAc,IAAA,CAAK,SAAA;AAAA,QAC7D,KAAA,CAAM;AAAA,OACP,CAAA,QAAA,EAAW,KAAA,CAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA,GAAI,EAAE,CAAA,aAAA,EAClD,KAAA,CAAM,cAAc,EACtB,CAAA;AAAA,KACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,WAAA,GAAc,MAAM,QAAA,CAAS,WAAA,CAAY,GAAG,CAAA;AAClD,MAAA,MAAM,EAAE,KAAA,EAAM,GAAI,MAAM,KAAK,qBAAA,CAAsB;AAAA,QACjD,UAAA,EAAY,WAAA;AAAA,QACZ,cAAA,EAAgB;AAAA,OACjB,CAAA;AACD,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,EAAQ,KAAA,CAAM,KAAA,EAAO;AAAA,QAC3C,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAED,MAAA,GAAA,CAAI,IAAA,CAAK,eAAA,CAAgB,eAAA,CAAgB,SAAS,CAAC,CAAC,CAAA;AAAA,IACtD,SAAS,KAAA,EAAO;AAEd,MAAA,MAAA,CAAO,KAAA;AAAA,QACL,CAAA,iDAAA,EAAoD,MAAM,OAAO,CAAA;AAAA,OACnE;AACA,MAAA,IAAI,KAAA,CAAM,SAAS,mBAAA,EAAqB;AAEtC,QAAA,MAAM,KAAA;AAAA,MACR;AAGA,MAAA,MAAM,IAAI,MAAM,CAAA,+CAAA,CAAiD,CAAA;AAAA,IACnE;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAOJ,QAAA;AACT;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-search-backend",
-  "version": "2.1.0-next.2",
+  "version": "2.1.0",
   "description": "The Backstage backend plugin that provides your backstage app with search",
   "backstage": {
     "role": "backend-plugin",
@@ -70,27 +70,27 @@
     "test": "backstage-cli package test"
   },
   "dependencies": {
-    "@backstage/backend-openapi-utils": "0.6.7-next.1",
-    "@backstage/backend-plugin-api": "1.8.0-next.1",
-    "@backstage/config": "1.3.6",
-    "@backstage/errors": "1.2.7",
-    "@backstage/plugin-permission-common": "0.9.6",
-    "@backstage/plugin-permission-node": "0.10.11-next.1",
-    "@backstage/plugin-search-backend-node": "1.4.2-next.1",
-    "@backstage/plugin-search-common": "1.2.22",
-    "@backstage/types": "1.2.2",
+    "@backstage/backend-openapi-utils": "^0.6.7",
+    "@backstage/backend-plugin-api": "^1.8.0",
+    "@backstage/config": "^1.3.6",
+    "@backstage/errors": "^1.2.7",
+    "@backstage/plugin-permission-common": "^0.9.7",
+    "@backstage/plugin-permission-node": "^0.10.11",
+    "@backstage/plugin-search-backend-node": "^1.4.2",
+    "@backstage/plugin-search-common": "^1.2.22",
+    "@backstage/types": "^1.2.2",
     "dataloader": "^2.0.0",
     "express": "^4.22.0",
     "lodash": "^4.17.21",
     "qs": "^6.10.1",
     "yn": "^4.0.0",
-    "zod": "^3.25.76"
+    "zod": "^3.25.76 || ^4.0.0"
   },
   "devDependencies": {
-    "@backstage/backend-defaults": "0.16.0-next.2",
-    "@backstage/backend-test-utils": "1.11.1-next.2",
-    "@backstage/cli": "0.36.0-next.2",
-    "@backstage/repo-tools": "0.17.0-next.2",
+    "@backstage/backend-defaults": "^0.16.0",
+    "@backstage/backend-test-utils": "^1.11.1",
+    "@backstage/cli": "^0.36.0",
+    "@backstage/repo-tools": "^0.17.0",
     "@types/express": "^4.17.6",
     "@types/supertest": "^2.0.8",
     "supertest": "^7.0.0"