@shophost/rest-api 2.0.30 → 2.0.32

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shophost/rest-api",
-  "version": "2.0.30",
+  "version": "2.0.32",
   "type": "module",
   "bin": {
     "shophost-rest-api": "./scripts/shophost-rest-api.mjs"
@@ -67,29 +67,34 @@
   },
   "dependencies": {
     "@hono/zod-openapi": "^1.2.2",
-    "@prisma/adapter-neon": "^7.4.2",
-    "@prisma/client": "^7.4.2",
-    "@prisma/client-runtime-utils": "^7.4.2",
-    "prisma": "^7.4.2",
+    "@prisma/adapter-neon": "^7.5.0",
+    "@prisma/client": "^7.5.0",
+    "@prisma/client-runtime-utils": "^7.5.0",
     "@react-email/components": "^0.0.36",
-    "@vercel/blob": "^0.27.2",
-    "axios": "^1.8.2",
+    "@vercel/blob": "^0.27.3",
+    "axios": "^1.9.0",
     "better-auth": "^1.5.5",
     "date-fns": "^4.1.0",
-    "dotenv": "^16.4.7",
-    "hono": "^4.10.6",
+    "dotenv": "^16.6.1",
+    "hono": "^4.12.8",
     "http-status-codes": "^2.3.0",
-    "nanoid": "^5.1.3",
-    "pino": "^9.6.0",
+    "nanoid": "^5.1.5",
+    "pino": "^9.7.0",
+    "prisma": "^7.5.0",
     "prisma-extension-pagination": "^0.7.6",
-    "resend": "^4.2.0",
+    "resend": "^4.5.2",
     "stripe": "^17.7.0",
-    "zod": "^4.1.11"
+    "zod": "^4.3.6"
   },
   "peerDependencies": {
     "next": ">=14.0.0",
     "react": ">=18.0.0",
     "react-dom": ">=18.0.0"
   },
+  "devDependencies": {
+    "@prisma/adapter-pg": "^7.5.0",
+    "@types/react": "^19.2.14",
+    "pg": "^8.20.0"
+  },
   "module": "./src/index.js"
 }

package/scripts/minify.mjs

@@ -0,0 +1,123 @@
+import { readFile, readdir, unlink, writeFile } from "node:fs/promises";
+import { join, relative } from "node:path";
+import { minify } from "terser";
+
+const DIST_SRC = new URL("../../../dist/packages/rest-api/src", import.meta.url)
+  .pathname;
+
+const DIRECTIVE_RE = /^(?:["']use (?:client|server)["'];?\s*\n?)+/;
+
+const TERSER_OPTIONS = {
+  compress: {
+    passes: 3,
+    dead_code: true,
+    drop_debugger: true,
+    conditionals: true,
+    evaluate: true,
+    booleans: true,
+    loops: true,
+    unused: true,
+    if_return: true,
+    join_vars: true,
+    collapse_vars: true,
+  },
+  mangle: {
+    toplevel: true,
+  },
+  format: {
+    comments: false,
+    ecma: 2020,
+  },
+  module: true,
+};
+
+async function collectFiles(dir, ext) {
+  const entries = await readdir(dir, { withFileTypes: true });
+  const files = [];
+
+  for (const entry of entries) {
+    const fullPath = join(dir, entry.name);
+
+    if (entry.isDirectory()) {
+      files.push(...(await collectFiles(fullPath, ext)));
+    } else if (entry.name.endsWith(ext)) {
+      files.push(fullPath);
+    }
+  }
+
+  return files;
+}
+
+async function run() {
+  const jsFiles = await collectFiles(DIST_SRC, ".js");
+  const mapFiles = await collectFiles(DIST_SRC, ".js.map");
+
+  // Remove source maps
+  await Promise.all(mapFiles.map((f) => unlink(f)));
+
+  if (mapFiles.length > 0) {
+    console.log(`  Removed ${mapFiles.length} source maps`);
+  }
+
+  // Minify JS files
+  let totalOriginal = 0;
+  let totalMinified = 0;
+
+  const results = await Promise.all(
+    jsFiles.map(async (filePath) => {
+      const source = await readFile(filePath, "utf-8");
+
+      // Extract "use client" / "use server" directives before minification
+      const directiveMatch = source.match(DIRECTIVE_RE);
+      const directive = directiveMatch ? directiveMatch[0].trim() + "\n" : "";
+      const sourceWithoutDirective = directive
+        ? source.slice(directiveMatch[0].length)
+        : source;
+
+      const result = await minify(sourceWithoutDirective, TERSER_OPTIONS);
+
+      if (result.code == null) {
+        throw new Error(`Terser returned no code for ${filePath}`);
+      }
+
+      // Strip trailing sourceMappingURL comment if present
+      const minified = result.code.replace(
+        /\/\/# sourceMappingURL=.+\.js\.map\s*$/,
+        ""
+      );
+
+      // Re-prepend directive so Next.js can identify client/server components
+      const code = directive + minified;
+
+      await writeFile(filePath, code, "utf-8");
+
+      return {
+        file: relative(DIST_SRC, filePath),
+        original: source.length,
+        minified: code.length,
+      };
+    })
+  );
+
+  for (const r of results) {
+    totalOriginal += r.original;
+    totalMinified += r.minified;
+  }
+
+  const ratio = ((1 - totalMinified / totalOriginal) * 100).toFixed(1);
+  console.log(
+    `  Minified ${jsFiles.length} files (${formatBytes(totalOriginal)} → ${formatBytes(totalMinified)}, ${ratio}% reduction)`
+  );
+}
+
+function formatBytes(bytes) {
+  if (bytes < 1024) return `${bytes} B`;
+  const kb = bytes / 1024;
+  if (kb < 1024) return `${kb.toFixed(1)} KB`;
+  return `${(kb / 1024).toFixed(1)} MB`;
+}
+
+run().catch((err) => {
+  console.error("Minification failed:", err);
+  process.exit(1);
+});

package/src/app.js

@@ -1,53 +1 @@
-import { __awaiter } from "tslib";
-import { cors } from "hono/cors";
-import { createApiRouter, createUnavailableAuth, handleAppError, } from "./core/hono/hono";
-import { buildAccessHandler, buildCartHandler, buildFileHandler, buildHealthHandler, buildLocationHandler, buildManufacturerHandler, buildOrderHandler, buildOrganizationHandler, buildPaymentHandler, buildProductCategoryHandler, buildProductHandler, buildReservationHandler, buildShippingHandler, buildShippingMethodHandler, buildWebhookHandler, } from "./features";
-const defaultCorsOptions = {
-    allowHeaders: [
-        "Content-Type",
-        "Authorization",
-        "X-Requested-With",
-        "Accept",
-        "Origin",
-        "X-CSRF-Token",
-    ],
-    allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"],
-    credentials: true,
-    exposeHeaders: ["Content-Length", "X-Kuma-Revision"],
-    origin: ["http://localhost:3000"],
-};
-export const buildApiApp = ({ corsOptions, maps, payment, prisma, resolveAuth = () => createUnavailableAuth(), } = {}) => {
-    var _a, _b, _c, _d, _e;
-    const app = createApiRouter();
-    // cors
-    app.use("*", cors(Object.assign(Object.assign({}, defaultCorsOptions), corsOptions)));
-    // auth
-    app.use("*", (c, next) => __awaiter(void 0, void 0, void 0, function* () {
-        const auth = resolveAuth(c.req.raw, c.req.path);
-        c.set("auth", auth);
-        Object.assign(c.req.raw, { auth });
-        yield next();
-    }));
-    // error handler
-    app.onError((error) => handleAppError(error));
-    // routes
-    app.route("/", buildHealthHandler());
-    app.route("/", buildManufacturerHandler(prisma));
-    app.route("/", buildOrganizationHandler(prisma, (_b = (_a = maps === null || maps === void 0 ? void 0 : maps.google) === null || _a === void 0 ? void 0 : _a.key) !== null && _b !== void 0 ? _b : ""));
-    app.route("/", buildFileHandler(prisma));
-    app.route("/", buildProductCategoryHandler(prisma));
-    app.route("/", buildProductHandler(prisma));
-    app.route("/", buildAccessHandler(prisma));
-    app.route("/", buildShippingMethodHandler(prisma));
-    app.route("/", buildOrderHandler(prisma, payment !== null && payment !== void 0 ? payment : {}));
-    app.route("/", buildCartHandler(prisma));
-    app.route("/", buildShippingHandler(prisma, (_d = (_c = maps === null || maps === void 0 ? void 0 : maps.google) === null || _c === void 0 ? void 0 : _c.key) !== null && _d !== void 0 ? _d : ""));
-    app.route("/", buildLocationHandler(maps !== null && maps !== void 0 ? maps : {}));
-    app.route("/", buildPaymentHandler(prisma, payment !== null && payment !== void 0 ? payment : {}));
-    app.route("/", buildWebhookHandler(prisma, payment !== null && payment !== void 0 ? payment : {}));
-    if ((_e = payment === null || payment === void 0 ? void 0 : payment.stripe) === null || _e === void 0 ? void 0 : _e.resendApiKey) {
-        app.route("/", buildReservationHandler(prisma, payment.stripe.resendApiKey));
-    }
-    return app;
-};
-//# sourceMappingURL=app.js.map
+import{__awaiter as o}from"tslib";import{cors as e}from"hono/cors";import{createApiRouter as t,createUnavailableAuth as r,handleAppError as i}from"./core/hono/hono";import{buildAccessHandler as n,buildCartHandler as u,buildFileHandler as l,buildHealthHandler as s,buildLocationHandler as d,buildManufacturerHandler as a,buildOrderHandler as p,buildOrganizationHandler as v,buildPaymentHandler as c,buildProductCategoryHandler as h,buildProductHandler as m,buildReservationHandler as g,buildShippingHandler as A,buildShippingMethodHandler as O,buildWebhookHandler as T}from"./features";const y={allowHeaders:["Content-Type","Authorization","X-Requested-With","Accept","Origin","X-CSRF-Token"],allowMethods:["GET","POST","PUT","DELETE","OPTIONS","PATCH"],credentials:!0,exposeHeaders:["Content-Length","X-Kuma-Revision"],origin:["http://localhost:3000"]};export const buildApiApp=({corsOptions:f,maps:b,payment:E,prisma:q,resolveAuth:w=()=>r()}={})=>{var C,P,j,k,H;const K=t();return K.use("*",e(Object.assign(Object.assign({},y),f))),K.use("*",(e,t)=>o(void 0,void 0,void 0,function*(){const o=w(e.req.raw,e.req.path);e.set("auth",o),Object.assign(e.req.raw,{auth:o}),yield t()})),K.onError(o=>i(o)),K.route("/",s()),K.route("/",a(q)),K.route("/",v(q,null!==(P=null===(C=null==b?void 0:b.google)||void 0===C?void 0:C.key)&&void 0!==P?P:"")),K.route("/",l(q)),K.route("/",h(q)),K.route("/",m(q)),K.route("/",n(q)),K.route("/",O(q)),K.route("/",p(q,null!=E?E:{})),K.route("/",u(q)),K.route("/",A(q,null!==(k=null===(j=null==b?void 0:b.google)||void 0===j?void 0:j.key)&&void 0!==k?k:"")),K.route("/",d(null!=b?b:{})),K.route("/",c(q,null!=E?E:{})),K.route("/",T(q,null!=E?E:{})),(null===(H=null==E?void 0:E.stripe)||void 0===H?void 0:H.resendApiKey)&&K.route("/",g(q,E.stripe.resendApiKey)),K};

package/src/core/auth/auth.schema.js

@@ -1,41 +1 @@
-import { z } from "@hono/zod-openapi";
-export const SignUpSchema = z.object({
-    email: z
-        .string()
-        .min(1, "Email is required")
-        .email("Invalid email")
-        .openapi({
-        example: "user@example.com",
-        description: "User's email address",
-    }),
-    password: z
-        .string()
-        .min(1, "Password is required")
-        .min(8, "Password must be more than 8 characters")
-        .max(32, "Password must be less than 32 characters")
-        .openapi({
-        example: "password123",
-        description: "User's password",
-    }),
-    firstname: z
-        .string()
-        .min(1, "First name is required")
-        .max(32, "First name must be less than 32 characters")
-        .openapi({
-        example: "John",
-        description: "User's first name",
-    }),
-    lastname: z
-        .string()
-        .min(1, "Last name is required")
-        .max(32, "Last name must be less than 32 characters")
-        .openapi({
-        example: "Doe",
-        description: "User's last name",
-    }),
-}).openapi("SignUp");
-export const SignInSchema = SignUpSchema.pick({
-    email: true,
-    password: true,
-}).openapi("SignIn");
-//# sourceMappingURL=auth.schema.js.map
+import{z as e}from"@hono/zod-openapi";export const SignUpSchema=e.object({email:e.string().min(1,"Email is required").email("Invalid email").openapi({example:"user@example.com",description:"User's email address"}),password:e.string().min(1,"Password is required").min(8,"Password must be more than 8 characters").max(32,"Password must be less than 32 characters").openapi({example:"password123",description:"User's password"}),firstname:e.string().min(1,"First name is required").max(32,"First name must be less than 32 characters").openapi({example:"John",description:"User's first name"}),lastname:e.string().min(1,"Last name is required").max(32,"Last name must be less than 32 characters").openapi({example:"Doe",description:"User's last name"})}).openapi("SignUp");export const SignInSchema=SignUpSchema.pick({email:!0,password:!0}).openapi("SignIn");

package/src/core/auth/auth.util.js

@@ -1,44 +1 @@
-import { __awaiter } from "tslib";
-import { HttpException } from "../exceptions/http-exception";
-import { logger } from "../logging/pino";
-export const getCurrentUser = (auth) => (headers) => __awaiter(void 0, void 0, void 0, function* () {
-    const session = yield auth.api.getSession({
-        headers: headers,
-    });
-    if (!(session === null || session === void 0 ? void 0 : session.user)) {
-        throw new HttpException(401, "Unauthorized");
-    }
-    return session.user;
-});
-export const isGranted = (auth) => (headers, organizationId, accessLevel) => __awaiter(void 0, void 0, void 0, function* () {
-    if (!accessLevel) {
-        throw new Error("Resource and access level are required");
-    }
-    const session = yield auth.api.getSession({
-        headers: headers,
-    });
-    if (!(session === null || session === void 0 ? void 0 : session.user)) {
-        throw new HttpException(401, "Unauthorized");
-    }
-    const hasPermission = yield auth.api.hasPermission({
-        headers,
-        body: {
-            organizationId,
-            permissions: {
-                project: [accessLevel],
-            },
-        },
-    });
-    if (!hasPermission.success) {
-        logger.error({
-            organizationId,
-            accessLevel,
-            message: "User does not have permission",
-            userId: session.user.id,
-            hasPermission,
-        });
-        throw new HttpException(403, "Forbidden");
-    }
-    return session.user;
-});
-//# sourceMappingURL=auth.util.js.map
+import{__awaiter as e}from"tslib";import{HttpException as o}from"../exceptions/http-exception";import{logger as r}from"../logging/pino";export const getCurrentUser=r=>i=>e(void 0,void 0,void 0,function*(){const e=yield r.api.getSession({headers:i});if(!(null==e?void 0:e.user))throw new o(401,"Unauthorized");return e.user});export const isGranted=i=>(s,n,t)=>e(void 0,void 0,void 0,function*(){if(!t)throw new Error("Resource and access level are required");const e=yield i.api.getSession({headers:s});if(!(null==e?void 0:e.user))throw new o(401,"Unauthorized");const d=yield i.api.hasPermission({headers:s,body:{organizationId:n,permissions:{project:[t]}}});if(!d.success)throw r.error({organizationId:n,accessLevel:t,message:"User does not have permission",userId:e.user.id,hasPermission:d}),new o(403,"Forbidden");return e.user});

package/src/core/auth/better-auth.lib.js

@@ -1,100 +1 @@
-import { betterAuth } from "better-auth";
-import { prismaAdapter } from "better-auth/adapters/prisma";
-import { nextCookies } from "better-auth/next-js";
-import { openAPI, organization } from "better-auth/plugins";
-import { createAccessControl } from "better-auth/plugins/access";
-import { getCurrentUser, isGranted } from "./auth.util";
-const statement = {
-    project: ["create", "read", "update", "delete"],
-    organization: ["create", "read", "update", "delete"],
-};
-const ac = createAccessControl(statement);
-const readOnly = ac.newRole({
-    project: ["read"],
-});
-const member = ac.newRole({
-    project: ["read"],
-});
-const manager = ac.newRole({
-    project: ["create", "read", "update", "delete"],
-});
-const admin = ac.newRole({
-    project: ["create", "read", "update", "delete"],
-    organization: ["update"],
-});
-const owner = ac.newRole({
-    project: ["create", "read", "update", "delete"],
-    organization: ["update", "delete"],
-});
-export const createAuthClient = ({ prisma, baseURL, domain, trustedOrigins, socialProviders, }) => {
-    const auth = betterAuth({
-        baseURL,
-        database: prismaAdapter(prisma, {
-            provider: "postgresql",
-        }),
-        trustedOrigins,
-        user: {
-            additionalFields: {
-                firstname: {
-                    type: "string",
-                    required: true,
-                },
-                lastname: {
-                    type: "string",
-                    required: true,
-                },
-            },
-        },
-        advanced: {
-            crossSubDomainCookies: {
-                enabled: true,
-                domain: domain,
-            },
-            useSecureCookies: domain !== "localhost",
-            defaultCookieAttributes: {
-                path: "/",
-                sameSite: "lax", // Use "none" if you need cross-site requests, but requires secure: true
-                httpOnly: true, // Prevents JavaScript access to cookies
-                secure: domain !== "localhost",
-            },
-        },
-        emailAndPassword: {
-            enabled: true,
-        },
-        socialProviders: Object.assign({}, ((socialProviders === null || socialProviders === void 0 ? void 0 : socialProviders.google)
-            ? {
-                google: {
-                    prompt: "select_account",
-                    clientId: socialProviders.google.clientId,
-                    clientSecret: socialProviders.google.clientSecret,
-                    mapProfileToUser: (profile) => {
-                        return {
-                            firstname: profile.given_name,
-                            lastname: profile.family_name,
-                        };
-                    },
-                },
-            }
-            : {})),
-        plugins: [
-            openAPI(),
-            nextCookies(),
-            organization({
-                ac,
-                roles: {
-                    member,
-                    readOnly,
-                    manager,
-                    admin,
-                    owner,
-                },
-            }),
-        ],
-    });
-    return {
-        auth,
-        getCurrentUser: getCurrentUser(auth),
-        isGranted: isGranted(auth),
-    };
-};
-//# sourceMappingURL=better-auth.lib.js.map
+import{betterAuth as e}from"better-auth";import{prismaAdapter as t}from"better-auth/adapters/prisma";import{nextCookies as r}from"better-auth/next-js";import{openAPI as a,organization as o}from"better-auth/plugins";import{createAccessControl as i}from"better-auth/plugins/access";import{getCurrentUser as n,isGranted as s}from"./auth.util";const l=i({project:["create","read","update","delete"],organization:["create","read","update","delete"]}),d=l.newRole({project:["read"]}),c=l.newRole({project:["read"]}),p=l.newRole({project:["create","read","update","delete"]}),u=l.newRole({project:["create","read","update","delete"],organization:["update"]}),m=l.newRole({project:["create","read","update","delete"],organization:["update","delete"]});export const createAuthClient=({prisma:i,baseURL:g,domain:b,trustedOrigins:h,socialProviders:f})=>{const j=e({baseURL:g,database:t(i,{provider:"postgresql"}),trustedOrigins:h,user:{additionalFields:{firstname:{type:"string",required:!0},lastname:{type:"string",required:!0}}},advanced:{crossSubDomainCookies:{enabled:!0,domain:b},useSecureCookies:"localhost"!==b,defaultCookieAttributes:{path:"/",sameSite:"lax",httpOnly:!0,secure:"localhost"!==b}},emailAndPassword:{enabled:!0},socialProviders:Object.assign({},(null==f?void 0:f.google)?{google:{prompt:"select_account",clientId:f.google.clientId,clientSecret:f.google.clientSecret,mapProfileToUser:e=>({firstname:e.given_name,lastname:e.family_name})}}:{}),plugins:[a(),r(),o({ac:l,roles:{member:c,readOnly:d,manager:p,admin:u,owner:m}})]});return{auth:j,getCurrentUser:n(j),isGranted:s(j)}};

package/src/core/auth/generate-password-hash.util.d.ts

@@ -1,6 +1,3 @@
-/**
- * Generate a salt and hash for the password.
- */
 export declare function generatePasswordSaltHash(password: string): Promise<{
     hash: string;
     salt: string;

package/src/core/auth/generate-password-hash.util.js

@@ -1,30 +1 @@
-import { __awaiter } from "tslib";
-import crypto from "crypto";
-/**
- * Generate a random salt using crypto.
- */
-function randomBytes() {
-    return new Promise((resolve, reject) => crypto.randomBytes(32, (err, saltBuffer) => err ? reject(err) : resolve(saltBuffer)));
-}
-/**
- * Generate a hash using PBKDF2.
- */
-function pbkdf2Promisified(password, salt) {
-    return new Promise((resolve, reject) => crypto.pbkdf2(password, salt, 25000, // Number of iterations
-    512, // Key length
-    "sha256", // Digest algorithm
-    (err, hashRaw) => (err ? reject(err) : resolve(hashRaw))));
-}
-/**
- * Generate a salt and hash for the password.
- */
-export function generatePasswordSaltHash(password) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const saltBuffer = yield randomBytes();
-        const salt = saltBuffer.toString("hex");
-        const hashRaw = yield pbkdf2Promisified(password, salt);
-        const hash = hashRaw.toString("hex");
-        return { hash, salt };
-    });
-}
-//# sourceMappingURL=generate-password-hash.util.js.map
+import{__awaiter as t}from"tslib";import r from"crypto";export function generatePasswordSaltHash(o){return t(this,void 0,void 0,function*(){const t=(yield new Promise((t,o)=>r.randomBytes(32,(r,e)=>r?o(r):t(e)))).toString("hex"),e=yield function(t,o){return new Promise((e,n)=>r.pbkdf2(t,o,25e3,512,"sha256",(t,r)=>t?n(t):e(r)))}(o,t);return{hash:e.toString("hex"),salt:t}})}

package/src/core/auth/headers.schema.js

@@ -1,22 +1 @@
-import { z } from "@hono/zod-openapi";
-export const HeaderSchema = z
-    .object({
-    "accept-language": z.string().optional().openapi({
-        example: "en-US",
-        description: "Accept-Language header",
-        param: {
-            in: "header",
-            name: "accept-language",
-        },
-    }),
-    cookie: z.string().optional().openapi({
-        example: "session=1234567890",
-        description: "Cookie header",
-        param: {
-            in: "header",
-            name: "cookie",
-        },
-    }),
-})
-    .openapi("Headers");
-//# sourceMappingURL=headers.schema.js.map
+import{z as e}from"@hono/zod-openapi";export const HeaderSchema=e.object({"accept-language":e.string().optional().openapi({example:"en-US",description:"Accept-Language header",param:{in:"header",name:"accept-language"}}),cookie:e.string().optional().openapi({example:"session=1234567890",description:"Cookie header",param:{in:"header",name:"cookie"}})}).openapi("Headers");

package/src/core/auth/user.schema.js

@@ -1,30 +1 @@
-import { z } from "@hono/zod-openapi";
-export const UserSchema = z
-    .object({
-    id: z.string().openapi({
-        example: "clm1234567890abcdef",
-        description: "User's ID",
-    }),
-    email: z.string().openapi({
-        example: "user@example.com",
-        description: "User's email address",
-        format: "email",
-    }),
-    firstname: z.string().openapi({
-        example: "John",
-        description: "User's first name",
-    }),
-    lastname: z.string().openapi({
-        example: "Doe",
-        description: "User's last name",
-    }),
-    image: z.string().nullable().optional().openapi({
-        example: "https://example.com/image.jpg",
-        description: "User's profile image",
-    }),
-    name: z.string().nullable().optional().openapi({
-        description: "User's full name (optional)",
-    }),
-})
-    .openapi("User");
-//# sourceMappingURL=user.schema.js.map
+import{z as e}from"@hono/zod-openapi";export const UserSchema=e.object({id:e.string().openapi({example:"clm1234567890abcdef",description:"User's ID"}),email:e.string().openapi({example:"user@example.com",description:"User's email address",format:"email"}),firstname:e.string().openapi({example:"John",description:"User's first name"}),lastname:e.string().openapi({example:"Doe",description:"User's last name"}),image:e.string().nullable().optional().openapi({example:"https://example.com/image.jpg",description:"User's profile image"}),name:e.string().nullable().optional().openapi({description:"User's full name (optional)"})}).openapi("User");