@checkstack/auth-common 0.6.6 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +65 -0
  2. package/package.json +3 -3
  3. package/src/rpc-contract.ts +14 -0
package/CHANGELOG.md CHANGED
@@ -1,5 +1,70 @@
1
1
  # @checkstack/auth-common
2
2
 
3
+ ## 0.7.1
4
+
5
+ ### Patch Changes
6
+
7
+ - Updated dependencies [f23f3c9]
8
+ - Updated dependencies [f23f3c9]
9
+ - @checkstack/common@0.11.0
10
+
11
+ ## 0.7.0
12
+
13
+ ### Minor Changes
14
+
15
+ - 9016526: Add a `/rest/:pluginId/*` HTTP mount that serves every plugin's oRPC contract
16
+ through the REST/OpenAPI shape described by `/api/openapi.json`. Queries are
17
+ `GET` with query parameters, mutations are `POST` with the input as the raw
18
+ JSON body. The existing `/api/:pluginId/*` mount continues to serve oRPC's
19
+ native wire protocol unchanged, so existing clients are not affected.
20
+
21
+ The OpenAPI spec at `/api/openapi.json` now reflects the real mount: every
22
+ `paths` entry is prefixed with `/rest` instead of `/api`.
23
+
24
+ Also fixes a SPA-fallback bug: the backend's `/api-docs` route previously
25
+ returned 404 on production deployments because the static-file middleware
26
+ skipped any path starting with `/api`, capturing `/api-docs` along with real
27
+ API routes. The skip now requires a trailing slash (`/api/`, `/rest/`).
28
+
29
+ Required access rules are now visible in the API Docs UI. The OpenAPI spec
30
+ generator was reading a non-existent `accessRules` field on procedure
31
+ metadata; the real field is `access: AccessRule[]`. Each procedure's access
32
+ rules are now flattened to fully-qualified IDs (e.g. `catalog.system.read`)
33
+ and emitted under `x-orpc-meta.accessRules`, which the existing
34
+ `Required Access Rules` section in the docs UI already knew how to render.
35
+
36
+ The API Docs schema renderer now handles record types (zod `z.record`),
37
+ `$ref`s into `components.schemas`, `oneOf`/`anyOf`/`allOf`, nullable union
38
+ types (`type: ["string", "null"]`), and `format` qualifiers. Previously
39
+ record outputs like `{ statuses: object }` masked the actual value type;
40
+ they now render as `{ [key]: <ResolvedType> { ... } }` with the inner
41
+ schema expanded, capped at 12 levels with cycle detection.
42
+
43
+ **REST method conventions.** `proc()` now defaults to `GET` for queries and
44
+ `POST` for mutations on the `/rest` mount, using bracket-notation query
45
+ params (`?filter[status]=active&ids[0]=a`) for GET inputs. Existing
46
+ procedures were updated to follow REST semantics:
47
+
48
+ - `update*` mutations → `PATCH`
49
+ - `delete*` / `remove*` mutations → `DELETE`
50
+ - `getBulk*` queries and any query taking a large array input → `POST`
51
+ (because `@orpc/openapi@1.13.x` has no GET→POST URL-length fallback)
52
+
53
+ GET endpoints require an `object` input — bare scalars like
54
+ `.input(z.string())` are not valid on GET. `getSystemConfigurations` was
55
+ refactored from `.input(z.string())` to `.input(z.object({ systemId: ... }))`
56
+ to fit the GET shape; the only call-site update was the in-process router
57
+ unpacking `input.systemId` instead of passing `input` directly.
58
+
59
+ The API Docs UI now renders query parameters (path/query/header/cookie) in a
60
+ dedicated table for GET endpoints, and the fetch example shows them in the
61
+ URL with `<required>` / `<optional>` placeholders.
62
+
63
+ ### Patch Changes
64
+
65
+ - Updated dependencies [9016526]
66
+ - @checkstack/common@0.10.0
67
+
3
68
  ## 0.6.6
4
69
 
5
70
  ### Patch Changes
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@checkstack/auth-common",
3
- "version": "0.6.6",
3
+ "version": "0.7.1",
4
4
  "license": "Elastic-2.0",
5
5
  "type": "module",
6
6
  "exports": {
@@ -10,14 +10,14 @@
10
10
  }
11
11
  },
12
12
  "dependencies": {
13
- "@checkstack/common": "0.8.0",
13
+ "@checkstack/common": "0.10.0",
14
14
  "@orpc/contract": "^1.13.14",
15
15
  "zod": "^4.0.0"
16
16
  },
17
17
  "devDependencies": {
18
18
  "@checkstack/tsconfig": "0.0.7",
19
19
  "typescript": "^5.7.2",
20
- "@checkstack/scripts": "0.3.0"
20
+ "@checkstack/scripts": "0.3.2"
21
21
  },
22
22
  "scripts": {
23
23
  "typecheck": "tsgo -b",
package/src/rpc-contract.ts CHANGED
@@ -193,6 +193,7 @@ export const authContract = {
193
193
  userType: "user",
194
194
  access: [],
195
195
  })
196
+ .route({ method: "PATCH" })
196
197
  .input(
197
198
  z.object({
198
199
  name: z.string().min(1).optional(),
@@ -216,6 +217,7 @@ export const authContract = {
216
217
  userType: "user",
217
218
  access: [authAccess.users.manage],
218
219
  })
220
+ .route({ method: "DELETE" })
219
221
  .input(z.string())
220
222
  .output(z.void()),
221
223
 
@@ -232,6 +234,7 @@ export const authContract = {
232
234
  userType: "user",
233
235
  access: [authAccess.users.manage],
234
236
  })
237
+ .route({ method: "PATCH" })
235
238
  .input(z.object({ userId: z.string(), roles: z.array(z.string()) }))
236
239
  .output(z.void()),
237
240
 
@@ -270,6 +273,7 @@ export const authContract = {
270
273
  userType: "user",
271
274
  access: [authAccess.roles.update],
272
275
  })
276
+ .route({ method: "PATCH" })
273
277
  .input(
274
278
  z.object({
275
279
  id: z.string(),
@@ -285,6 +289,7 @@ export const authContract = {
285
289
  userType: "user",
286
290
  access: [authAccess.roles.delete],
287
291
  })
292
+ .route({ method: "DELETE" })
288
293
  .input(z.string())
289
294
  .output(z.void()),
290
295
 
@@ -303,6 +308,7 @@ export const authContract = {
303
308
  userType: "user",
304
309
  access: [authAccess.strategies],
305
310
  })
311
+ .route({ method: "PATCH" })
306
312
  .input(
307
313
  z.object({
308
314
  id: z.string(),
@@ -452,6 +458,7 @@ export const authContract = {
452
458
  userType: "user",
453
459
  access: [authAccess.applications],
454
460
  })
461
+ .route({ method: "PATCH" })
455
462
  .input(
456
463
  z.object({
457
464
  id: z.string(),
@@ -467,6 +474,7 @@ export const authContract = {
467
474
  userType: "user",
468
475
  access: [authAccess.applications],
469
476
  })
477
+ .route({ method: "DELETE" })
470
478
  .input(z.string())
471
479
  .output(z.void()),
472
480
 
@@ -538,6 +546,7 @@ export const authContract = {
538
546
  userType: "authenticated",
539
547
  access: [authAccess.teams.read],
540
548
  })
549
+ .route({ method: "PATCH" })
541
550
  .input(
542
551
  z.object({
543
552
  id: z.string(),
@@ -552,6 +561,7 @@ export const authContract = {
552
561
  userType: "authenticated",
553
562
  access: [authAccess.teams.manage],
554
563
  })
564
+ .route({ method: "DELETE" })
555
565
  .input(z.string())
556
566
  .output(z.void()),
557
567
 
@@ -568,6 +578,7 @@ export const authContract = {
568
578
  userType: "authenticated",
569
579
  access: [authAccess.teams.manage],
570
580
  })
581
+ .route({ method: "DELETE" })
571
582
  .input(z.object({ teamId: z.string(), userId: z.string() }))
572
583
  .output(z.void()),
573
584
 
@@ -584,6 +595,7 @@ export const authContract = {
584
595
  userType: "authenticated",
585
596
  access: [authAccess.teams.manage],
586
597
  })
598
+ .route({ method: "DELETE" })
587
599
  .input(z.object({ teamId: z.string(), userId: z.string() }))
588
600
  .output(z.void()),
589
601
 
@@ -625,6 +637,7 @@ export const authContract = {
625
637
  userType: "authenticated",
626
638
  access: [authAccess.teams.manage],
627
639
  })
640
+ .route({ method: "DELETE" })
628
641
  .input(
629
642
  z.object({
630
643
  resourceType: z.string(),
@@ -699,6 +712,7 @@ export const authContract = {
699
712
  userType: "service",
700
713
  access: [],
701
714
  })
715
+ .route({ method: "DELETE" })
702
716
  .input(z.object({ resourceType: z.string(), resourceId: z.string() }))
703
717
  .output(z.void()),
704
718