@checkstack/auth-common 0.6.6 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +57 -0
  2. package/package.json +3 -3
  3. package/src/rpc-contract.ts +14 -0
package/CHANGELOG.md CHANGED
@@ -1,5 +1,62 @@
1
1
  # @checkstack/auth-common
2
2
 
3
+ ## 0.7.0
4
+
5
+ ### Minor Changes
6
+
7
+ - 9016526: Add a `/rest/:pluginId/*` HTTP mount that serves every plugin's oRPC contract
8
+ through the REST/OpenAPI shape described by `/api/openapi.json`. Queries are
9
+ `GET` with query parameters, mutations are `POST` with the input as the raw
10
+ JSON body. The existing `/api/:pluginId/*` mount continues to serve oRPC's
11
+ native wire protocol unchanged, so existing clients are not affected.
12
+
13
+ The OpenAPI spec at `/api/openapi.json` now reflects the real mount: every
14
+ `paths` entry is prefixed with `/rest` instead of `/api`.
15
+
16
+ Also fixes a SPA-fallback bug: the backend's `/api-docs` route previously
17
+ returned 404 on production deployments because the static-file middleware
18
+ skipped any path starting with `/api`, capturing `/api-docs` along with real
19
+ API routes. The skip now requires a trailing slash (`/api/`, `/rest/`).
20
+
21
+ Required access rules are now visible in the API Docs UI. The OpenAPI spec
22
+ generator was reading a non-existent `accessRules` field on procedure
23
+ metadata; the real field is `access: AccessRule[]`. Each procedure's access
24
+ rules are now flattened to fully-qualified IDs (e.g. `catalog.system.read`)
25
+ and emitted under `x-orpc-meta.accessRules`, which the existing
26
+ `Required Access Rules` section in the docs UI already knew how to render.
27
+
28
+ The API Docs schema renderer now handles record types (zod `z.record`),
29
+ `$ref`s into `components.schemas`, `oneOf`/`anyOf`/`allOf`, nullable union
30
+ types (`type: ["string", "null"]`), and `format` qualifiers. Previously
31
+ record outputs like `{ statuses: object }` masked the actual value type;
32
+ they now render as `{ [key]: <ResolvedType> { ... } }` with the inner
33
+ schema expanded, capped at 12 levels with cycle detection.
34
+
35
+ **REST method conventions.** `proc()` now defaults to `GET` for queries and
36
+ `POST` for mutations on the `/rest` mount, using bracket-notation query
37
+ params (`?filter[status]=active&ids[0]=a`) for GET inputs. Existing
38
+ procedures were updated to follow REST semantics:
39
+
40
+ - `update*` mutations → `PATCH`
41
+ - `delete*` / `remove*` mutations → `DELETE`
42
+ - `getBulk*` queries and any query taking a large array input → `POST`
43
+ (because `@orpc/openapi@1.13.x` has no GET→POST URL-length fallback)
44
+
45
+ GET endpoints require an `object` input — bare scalars like
46
+ `.input(z.string())` are not valid on GET. `getSystemConfigurations` was
47
+ refactored from `.input(z.string())` to `.input(z.object({ systemId: ... }))`
48
+ to fit the GET shape; the only call-site update was the in-process router
49
+ unpacking `input.systemId` instead of passing `input` directly.
50
+
51
+ The API Docs UI now renders query parameters (path/query/header/cookie) in a
52
+ dedicated table for GET endpoints, and the fetch example shows them in the
53
+ URL with `<required>` / `<optional>` placeholders.
54
+
55
+ ### Patch Changes
56
+
57
+ - Updated dependencies [9016526]
58
+ - @checkstack/common@0.10.0
59
+
3
60
  ## 0.6.6
4
61
 
5
62
  ### Patch Changes
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@checkstack/auth-common",
3
- "version": "0.6.6",
3
+ "version": "0.7.0",
4
4
  "license": "Elastic-2.0",
5
5
  "type": "module",
6
6
  "exports": {
@@ -10,14 +10,14 @@
10
10
  }
11
11
  },
12
12
  "dependencies": {
13
- "@checkstack/common": "0.8.0",
13
+ "@checkstack/common": "0.9.0",
14
14
  "@orpc/contract": "^1.13.14",
15
15
  "zod": "^4.0.0"
16
16
  },
17
17
  "devDependencies": {
18
18
  "@checkstack/tsconfig": "0.0.7",
19
19
  "typescript": "^5.7.2",
20
- "@checkstack/scripts": "0.3.0"
20
+ "@checkstack/scripts": "0.3.1"
21
21
  },
22
22
  "scripts": {
23
23
  "typecheck": "tsgo -b",
package/src/rpc-contract.ts CHANGED
@@ -193,6 +193,7 @@ export const authContract = {
193
193
  userType: "user",
194
194
  access: [],
195
195
  })
196
+ .route({ method: "PATCH" })
196
197
  .input(
197
198
  z.object({
198
199
  name: z.string().min(1).optional(),
@@ -216,6 +217,7 @@ export const authContract = {
216
217
  userType: "user",
217
218
  access: [authAccess.users.manage],
218
219
  })
220
+ .route({ method: "DELETE" })
219
221
  .input(z.string())
220
222
  .output(z.void()),
221
223
 
@@ -232,6 +234,7 @@ export const authContract = {
232
234
  userType: "user",
233
235
  access: [authAccess.users.manage],
234
236
  })
237
+ .route({ method: "PATCH" })
235
238
  .input(z.object({ userId: z.string(), roles: z.array(z.string()) }))
236
239
  .output(z.void()),
237
240
 
@@ -270,6 +273,7 @@ export const authContract = {
270
273
  userType: "user",
271
274
  access: [authAccess.roles.update],
272
275
  })
276
+ .route({ method: "PATCH" })
273
277
  .input(
274
278
  z.object({
275
279
  id: z.string(),
@@ -285,6 +289,7 @@ export const authContract = {
285
289
  userType: "user",
286
290
  access: [authAccess.roles.delete],
287
291
  })
292
+ .route({ method: "DELETE" })
288
293
  .input(z.string())
289
294
  .output(z.void()),
290
295
 
@@ -303,6 +308,7 @@ export const authContract = {
303
308
  userType: "user",
304
309
  access: [authAccess.strategies],
305
310
  })
311
+ .route({ method: "PATCH" })
306
312
  .input(
307
313
  z.object({
308
314
  id: z.string(),
@@ -452,6 +458,7 @@ export const authContract = {
452
458
  userType: "user",
453
459
  access: [authAccess.applications],
454
460
  })
461
+ .route({ method: "PATCH" })
455
462
  .input(
456
463
  z.object({
457
464
  id: z.string(),
@@ -467,6 +474,7 @@ export const authContract = {
467
474
  userType: "user",
468
475
  access: [authAccess.applications],
469
476
  })
477
+ .route({ method: "DELETE" })
470
478
  .input(z.string())
471
479
  .output(z.void()),
472
480
 
@@ -538,6 +546,7 @@ export const authContract = {
538
546
  userType: "authenticated",
539
547
  access: [authAccess.teams.read],
540
548
  })
549
+ .route({ method: "PATCH" })
541
550
  .input(
542
551
  z.object({
543
552
  id: z.string(),
@@ -552,6 +561,7 @@ export const authContract = {
552
561
  userType: "authenticated",
553
562
  access: [authAccess.teams.manage],
554
563
  })
564
+ .route({ method: "DELETE" })
555
565
  .input(z.string())
556
566
  .output(z.void()),
557
567
 
@@ -568,6 +578,7 @@ export const authContract = {
568
578
  userType: "authenticated",
569
579
  access: [authAccess.teams.manage],
570
580
  })
581
+ .route({ method: "DELETE" })
571
582
  .input(z.object({ teamId: z.string(), userId: z.string() }))
572
583
  .output(z.void()),
573
584
 
@@ -584,6 +595,7 @@ export const authContract = {
584
595
  userType: "authenticated",
585
596
  access: [authAccess.teams.manage],
586
597
  })
598
+ .route({ method: "DELETE" })
587
599
  .input(z.object({ teamId: z.string(), userId: z.string() }))
588
600
  .output(z.void()),
589
601
 
@@ -625,6 +637,7 @@ export const authContract = {
625
637
  userType: "authenticated",
626
638
  access: [authAccess.teams.manage],
627
639
  })
640
+ .route({ method: "DELETE" })
628
641
  .input(
629
642
  z.object({
630
643
  resourceType: z.string(),
@@ -699,6 +712,7 @@ export const authContract = {
699
712
  userType: "service",
700
713
  access: [],
701
714
  })
715
+ .route({ method: "DELETE" })
702
716
  .input(z.object({ resourceType: z.string(), resourceId: z.string() }))
703
717
  .output(z.void()),
704
718