@terreno/api 0.18.0 → 0.19.0

package/dist/realtime/queryMatcher.js

@@ -35,7 +35,6 @@ var __read = (this && this.__read) || function (o, n) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.matchesQuery = void 0;
-// biome-ignore lint/suspicious/noExplicitAny: traversing arbitrary nested document fields by user-supplied dotted path
 var getNestedValue = function (doc, path) {
     var e_1, _a;
     var parts = path.split(".");
@@ -58,7 +57,6 @@ var getNestedValue = function (doc, path) {
     }
     return current;
 };
-// biome-ignore lint/suspicious/noExplicitAny: value may be any document field type (string, number, ObjectId, etc.)
 var normalize = function (value) {
     var _a;
     if (value === null || value === undefined) {
@@ -73,7 +71,6 @@ var normalize = function (value) {
     }
     return value;
 };
-// biome-ignore lint/suspicious/noExplicitAny: rawValue is an arbitrary document field, condition is an arbitrary user query operand
 var matchesCondition = function (rawValue, condition) {
     var e_2, _a;
     var value = normalize(rawValue);
@@ -127,7 +124,6 @@ var matchesCondition = function (rawValue, condition) {
                         return false;
                     }
                     var inValues = operand.map(normalize);
-                    // biome-ignore lint/suspicious/noExplicitAny: normalized value of arbitrary document field
                     if (!inValues.some(function (v) { return v === value || String(v) === String(value); })) {
                         return false;
                     }
@@ -138,7 +134,6 @@ var matchesCondition = function (rawValue, condition) {
                         return false;
                     }
                     var ninValues = operand.map(normalize);
-                    // biome-ignore lint/suspicious/noExplicitAny: normalized value of arbitrary document field
                     if (ninValues.some(function (v) { return v === value || String(v) === String(value); })) {
                         return false;
                     }
@@ -179,7 +174,6 @@ var matchesCondition = function (rawValue, condition) {
  * @param query - MongoDB-style query object
  * @returns true if the document matches all query conditions
  */
-// biome-ignore lint/suspicious/noExplicitAny: doc is arbitrary; query values are arbitrary user-supplied JSON
 var matchesQuery = function (doc, query) {
     var e_3, _a, e_4, _b, e_5, _c;
     try {

package/dist/realtime/queryStore.js

@@ -40,12 +40,9 @@ exports.clearQueryStore = exports.getQuerySubscriptionsForCollection = exports.r
  * Compute a deterministic queryId from collection and query on the server side.
  * This prevents clients from hijacking other subscriptions by providing a colliding queryId.
  */
-var computeQueryId = function (collection, 
-// biome-ignore lint/suspicious/noExplicitAny: MongoDB query filter values are arbitrary user-supplied JSON
-query) {
+var computeQueryId = function (collection, query) {
     var e_1, _a;
     var sortedKeys = Object.keys(query).sort();
-    // biome-ignore lint/suspicious/noExplicitAny: mirrors the input query value shape
     var normalized = {};
     try {
         for (var sortedKeys_1 = __values(sortedKeys), sortedKeys_1_1 = sortedKeys_1.next(); !sortedKeys_1_1.done; sortedKeys_1_1 = sortedKeys_1.next()) {
@@ -71,9 +68,7 @@ var socketQueries = new Map();
  * Register a query subscription for a socket.
  * The socket joins the `query:{queryId}` room (handled by the caller).
  */
-var addQuerySubscription = function (socketId, collection, 
-// biome-ignore lint/suspicious/noExplicitAny: MongoDB query filter values are arbitrary user-supplied JSON
-query, queryId) {
+var addQuerySubscription = function (socketId, collection, query, queryId) {
     var _a;
     querySubscriptions.set(queryId, { collection: collection, query: query, queryId: queryId });
     if (!socketQueries.has(socketId)) {
@@ -161,11 +156,8 @@ exports.removeAllSocketQueries = removeAllSocketQueries;
  * Get all unique query subscriptions for a given collection.
  * Used by the change stream watcher to evaluate which query rooms to emit to.
  */
-var getQuerySubscriptionsForCollection = function (collection
-// biome-ignore lint/suspicious/noExplicitAny: MongoDB query filter values are arbitrary user-supplied JSON
-) {
+var getQuerySubscriptionsForCollection = function (collection) {
     var e_5, _a;
-    // biome-ignore lint/suspicious/noExplicitAny: MongoDB query filter values are arbitrary user-supplied JSON
     var result = [];
     try {
         for (var querySubscriptions_1 = __values(querySubscriptions), querySubscriptions_1_1 = querySubscriptions_1.next(); !querySubscriptions_1_1.done; querySubscriptions_1_1 = querySubscriptions_1.next()) {

package/dist/realtime/realtime.test.js

@@ -2201,6 +2201,22 @@ var createMockSocket = function (decodedToken) {
             },
         };
     };
+    var invokeRegisteredChangeHandler = function (mockStream, event) { return __awaiter(void 0, void 0, void 0, function () {
+        var changeHandler;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    changeHandler = mockStream.listeners.get("change");
+                    if (!changeHandler) {
+                        throw new Error("expected change handler");
+                    }
+                    return [4 /*yield*/, changeHandler(event)];
+                case 1:
+                    _a.sent();
+                    return [2 /*return*/];
+            }
+        });
+    }); };
     var createMockIo = function () {
         var rooms = new Map();
         var sockets = new Map();
@@ -2272,7 +2288,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     (0, bun_test_1.it)("handles change events for registered models", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2304,22 +2320,22 @@ var createMockSocket = function (decodedToken) {
                     startChangeStreamWatcher = (_a.sent()).startChangeStreamWatcher;
                     io = createMockIo();
                     startChangeStreamWatcher(io, {}, true);
-                    changeHandler = mockStream.listeners.get("change");
-                    (0, bun_test_1.expect)(changeHandler).toBeDefined();
-                    return [4 /*yield*/, changeHandler({
+                    // Trigger an insert change event
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: { _id: "doc-1" },
                             fullDocument: { _id: "doc-1", name: "Test Todo" },
                             ns: { coll: "todos" },
                             operationType: "insert",
                         })];
                 case 2:
+                    // Trigger an insert change event
                     _a.sent();
                     return [2 /*return*/];
             }
         });
     }); });
     (0, bun_test_1.it)("skips events for unregistered collections", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2333,9 +2349,8 @@ var createMockSocket = function (decodedToken) {
                     startChangeStreamWatcher = (_a.sent()).startChangeStreamWatcher;
                     io = createMockIo();
                     startChangeStreamWatcher(io, {}, true);
-                    changeHandler = mockStream.listeners.get("change");
                     // Trigger for an unregistered collection — should not throw
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: { _id: "doc-1" },
                             fullDocument: { _id: "doc-1" },
                             ns: { coll: "unknown_collection" },
@@ -2349,7 +2364,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     (0, bun_test_1.it)("skips events when method is not enabled for the model", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2381,9 +2396,8 @@ var createMockSocket = function (decodedToken) {
                     startChangeStreamWatcher = (_a.sent()).startChangeStreamWatcher;
                     io = createMockIo();
                     startChangeStreamWatcher(io, {}, true);
-                    changeHandler = mockStream.listeners.get("change");
                     // Update event should be skipped because "update" not in methods
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: { _id: "doc-1" },
                             fullDocument: { _id: "doc-1", name: "Updated" },
                             ns: { coll: "todos" },
@@ -2398,7 +2412,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     (0, bun_test_1.it)("handles delete events for owner-strategy models", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2430,9 +2444,8 @@ var createMockSocket = function (decodedToken) {
                     startChangeStreamWatcher = (_a.sent()).startChangeStreamWatcher;
                     io = createMockIo();
                     startChangeStreamWatcher(io, {}, true);
-                    changeHandler = mockStream.listeners.get("change");
                     // Hard delete (no fullDocument)
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: { _id: "doc-1" },
                             ns: { coll: "todos" },
                             operationType: "delete",
@@ -2445,7 +2458,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     (0, bun_test_1.it)("handles delete events for broadcast-strategy models", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2477,9 +2490,8 @@ var createMockSocket = function (decodedToken) {
                     startChangeStreamWatcher = (_a.sent()).startChangeStreamWatcher;
                     io = createMockIo();
                     startChangeStreamWatcher(io, {}, true);
-                    changeHandler = mockStream.listeners.get("change");
                     // Hard delete for broadcast strategy
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: { _id: "doc-1" },
                             ns: { coll: "broadcasts" },
                             operationType: "delete",
@@ -2492,7 +2504,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     (0, bun_test_1.it)("includes updatedFields in event for update operations", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2524,8 +2536,7 @@ var createMockSocket = function (decodedToken) {
                     startChangeStreamWatcher = (_a.sent()).startChangeStreamWatcher;
                     io = createMockIo();
                     startChangeStreamWatcher(io, {}, true);
-                    changeHandler = mockStream.listeners.get("change");
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: { _id: "doc-1" },
                             fullDocument: { _id: "doc-1", name: "Updated", status: "done" },
                             ns: { coll: "todos" },
@@ -2563,7 +2574,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     (0, bun_test_1.it)("respects ignoredOperations config", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2595,9 +2606,8 @@ var createMockSocket = function (decodedToken) {
                     startChangeStreamWatcher = (_a.sent()).startChangeStreamWatcher;
                     io = createMockIo();
                     startChangeStreamWatcher(io, { ignoredOperations: ["insert"] }, true);
-                    changeHandler = mockStream.listeners.get("change");
                     // This insert should be skipped because "insert" is ignored
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: { _id: "doc-1" },
                             fullDocument: { _id: "doc-1" },
                             ns: { coll: "todos" },
@@ -2611,7 +2621,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     (0, bun_test_1.it)("skips events with no collectionName or docId", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2625,9 +2635,8 @@ var createMockSocket = function (decodedToken) {
                     startChangeStreamWatcher = (_a.sent()).startChangeStreamWatcher;
                     io = createMockIo();
                     startChangeStreamWatcher(io, {}, true);
-                    changeHandler = mockStream.listeners.get("change");
                     // Missing ns.coll
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: { _id: "doc-1" },
                             ns: {},
                             operationType: "insert",
@@ -2636,7 +2645,7 @@ var createMockSocket = function (decodedToken) {
                     // Missing ns.coll
                     _a.sent();
                     // Missing documentKey
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: {},
                             ns: { coll: "todos" },
                             operationType: "insert",
@@ -2649,7 +2658,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     (0, bun_test_1.it)("skips non-CRUD operation types", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2663,9 +2672,8 @@ var createMockSocket = function (decodedToken) {
                     startChangeStreamWatcher = (_a.sent()).startChangeStreamWatcher;
                     io = createMockIo();
                     startChangeStreamWatcher(io, {}, true);
-                    changeHandler = mockStream.listeners.get("change");
                     // "drop" is not in our pipeline filter, should be skipped
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             operationType: "drop",
                         })];
                 case 2:
@@ -2721,7 +2729,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     (0, bun_test_1.it)("catches errors thrown in the change handler", function () { return __awaiter(void 0, void 0, void 0, function () {
-        var mockStream, mockDb, startChangeStreamWatcher, emissions, mockSocket, rooms, sockets, io, changeHandler;
+        var mockStream, mockDb, startChangeStreamWatcher, emissions, mockSocket, rooms, sockets, io;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -2776,9 +2784,8 @@ var createMockSocket = function (decodedToken) {
                         to: function () { return ({ emit: function () { } }); },
                     };
                     startChangeStreamWatcher(io, {}, true);
-                    changeHandler = mockStream.listeners.get("change");
                     // Should not throw even though permission check throws
-                    return [4 /*yield*/, changeHandler({
+                    return [4 /*yield*/, invokeRegisteredChangeHandler(mockStream, {
                             documentKey: { _id: "doc-1" },
                             fullDocument: { _id: "doc-1", name: "Test" },
                             ns: { coll: "todos" },
@@ -2862,7 +2869,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     var makeServer = function () {
-        var http = require("http");
+        var http = require("node:http");
         var server = http.createServer();
         servers.push(server);
         return server;
@@ -2925,7 +2932,7 @@ var createMockSocket = function (decodedToken) {
         });
     }); });
     var makeServer = function () {
-        var http = require("http");
+        var http = require("node:http");
         var server = http.createServer();
         servers.push(server);
         return server;

package/package.json

@@ -109,5 +109,5 @@
     "updateSnapshot": "bun test --update-snapshots"
   },
   "types": "dist/index.d.ts",
-  "version": "0.18.0"
+  "version": "0.19.0"
 }

package/src/actions.openApi.test.ts

@@ -7,7 +7,7 @@ import {addAuthRoutes, setupAuth} from "./auth";
 import {setupServer} from "./expressServer";
 import {Permissions} from "./permissions";
 import {TerrenoApp} from "./terrenoApp";
-import {authAsUser, FoodModel, setupDb, UserModel} from "./tests";
+import {FoodModel, setupDb, UserModel} from "./tests";
 import {z} from "./zodOpenApi";
 
 const foodActionPermissions = {

package/src/actions.ts

@@ -9,7 +9,6 @@ import {loadDocOr404} from "./docLoader";
 import {APIError} from "./errors";
 import {defaultOpenApiErrorResponses} from "./openApi";
 import {checkPermissions, type PermissionMethod} from "./permissions";
-import {z} from "./zodOpenApi";
 
 // At least two characters: leading letter plus one or more alphanumeric/_/- chars.
 export const ACTION_NAME_PATTERN = /^[A-Za-z][A-Za-z0-9_-]+$/;

package/src/api.test.ts

@@ -2010,9 +2010,13 @@ describe("@terreno/api", () => {
     });
 
     it("returns 409 when precise conflict timestamp is older than doc.updated", async () => {
+      const ifUnmodifiedSince = DateTime.fromISO("2025-06-15T12:00:01.000Z").toHTTP();
+      if (ifUnmodifiedSince === null) {
+        throw new Error("expected HTTP If-Unmodified-Since value");
+      }
       await agent
         .patch(`/food/${spinach._id}`)
-        .set("If-Unmodified-Since", DateTime.fromISO("2025-06-15T12:00:01.000Z").toHTTP()!)
+        .set("If-Unmodified-Since", ifUnmodifiedSince)
         .set("X-Unmodified-Since-ISO", "2025-06-15T11:59:59.500Z")
         .send({name: "Precise Stale"})
         .expect(409);
@@ -2024,9 +2028,13 @@ describe("@terreno/api", () => {
         {$unset: {updated: ""}}
       );
 
+      const ifUnmodifiedSince = DateTime.fromISO("2025-06-15T11:59:59.999Z").toHTTP();
+      if (ifUnmodifiedSince === null) {
+        throw new Error("expected HTTP If-Unmodified-Since value");
+      }
       const res = await agent
         .patch(`/food/${spinach._id}`)
-        .set("If-Unmodified-Since", DateTime.fromISO("2025-06-15T11:59:59.999Z").toHTTP()!)
+        .set("If-Unmodified-Since", ifUnmodifiedSince)
         .send({name: "Created Fallback"})
         .expect(409);
 

package/src/auth.ts

@@ -54,7 +54,7 @@ export interface GenerateTokensOptions {
   sessionId?: string;
 }
 
-export function authenticateMiddleware(anonymous = false) {
+export const authenticateMiddleware = (anonymous = false) => {
   const strategies = ["jwt"];
   if (anonymous) {
     strategies.push("anonymous");
@@ -70,14 +70,14 @@ export function authenticateMiddleware(anonymous = false) {
     }
     return passportAuth(req, res, next);
   };
-}
+};
 
-export async function signupUser(
+export const signupUser = async (
   userModel: UserModel,
   email: string,
   password: string,
   body?: Record<string, unknown>
-) {
+) => {
   // Strip email and password from the body. They can cause mongoose to throw an error if strict is
   // set.
   const {email: _email, password: _password, ...bodyRest} = body ?? {};
@@ -100,7 +100,7 @@ export async function signupUser(
     const message = errorMessage(error);
     throw new APIError({title: message});
   }
-}
+};
 
 /**
  * Generates both an access token (JWT) and a refresh token for a given user.
@@ -126,7 +126,7 @@ export const generateTokens = async (
 ) => {
   const tokenSecretOrKey = process.env.TOKEN_SECRET;
   if (!tokenSecretOrKey) {
-    throw new Error("TOKEN_SECRET must be set in env.");
+    throw new APIError({status: 500, title: "TOKEN_SECRET must be set in env."});
   }
   const tokenUser = user as {_id?: ObjectId | string} | null | undefined;
   if (!tokenUser?._id) {
@@ -186,7 +186,7 @@ export const generateTokens = async (
 };
 
 // TODO allow customization
-export function setupAuth(app: express.Application, userModel: UserModel) {
+export const setupAuth = (app: express.Application, userModel: UserModel): void => {
   passport.use(new AnonymousStrategy());
   passport.use(userModel.createStrategy());
   passport.use(
@@ -208,7 +208,7 @@ export function setupAuth(app: express.Application, userModel: UserModel) {
   );
 
   if (!userModel.createStrategy) {
-    throw new Error("setupAuth userModel must have .createStrategy()");
+    throw new APIError({status: 500, title: "setupAuth userModel must have .createStrategy()"});
   }
 
   const customTokenExtractor: JwtFromRequestFunction = (req) => {
@@ -228,7 +228,7 @@ export function setupAuth(app: express.Application, userModel: UserModel) {
 
     const secretOrKey = process.env.TOKEN_SECRET;
     if (!secretOrKey) {
-      throw new Error("TOKEN_SECRET must be set in env.");
+      throw new APIError({status: 500, title: "TOKEN_SECRET must be set in env."});
     }
     const jwtOpts: StrategyOptions = {
       issuer: process.env.TOKEN_ISSUER,
@@ -264,11 +264,11 @@ export function setupAuth(app: express.Application, userModel: UserModel) {
 
   // Adds req.user to the request. This may wind up duplicating requests with passport,
   // but passport doesn't give us req.user early enough.
-  async function decodeJWTMiddleware(
+  const decodeJWTMiddleware = async (
     req: express.Request,
     res: express.Response,
     next: express.NextFunction
-  ) {
+  ) => {
     if (!process.env.TOKEN_SECRET) {
       return next();
     }
@@ -324,17 +324,17 @@ export function setupAuth(app: express.Application, userModel: UserModel) {
       }
     }
     return next();
-  }
+  };
   app.use(decodeJWTMiddleware);
   // biome-ignore lint/suspicious/noExplicitAny: express 5 type for urlencoded doesn't match RequestHandler
   app.use(express.urlencoded({extended: false}) as any);
-}
+};
 
-export function addAuthRoutes(
+export const addAuthRoutes = (
   app: express.Application,
   userModel: UserModel,
   authOptions?: AuthOptions
-): void {
+): void => {
   const router = express.Router();
   router.post("/login", async (req, res, next) => {
     passport.authenticate(
@@ -430,13 +430,13 @@ export function addAuthRoutes(
   }
   app.set("etag", false);
   app.use("/auth", router);
-}
+};
 
-export function addMeRoutes(
+export const addMeRoutes = (
   app: express.Application,
   userModel: UserModel,
   _authOptions?: AuthOptions
-): void {
+): void => {
   const router = express.Router();
   router.get("/me", authenticateMiddleware(), async (req, res) => {
     if (!req.user?.id) {
@@ -483,4 +483,4 @@ export function addMeRoutes(
   app.set("etag", false);
   app.use("/auth", router);
   app.use(apiErrorMiddleware);
-}
+};

package/src/expressServer.test.ts

@@ -812,7 +812,6 @@ describe("expressServer", () => {
       // Mock app.listen on the Express prototype to avoid opening a real port
       const express = await import("express");
       const originalListen = express.default.application.listen;
-      // biome-ignore lint/suspicious/noExplicitAny: mocking Express internals requires type escape
       express.default.application.listen = mock(function (this: unknown, ...args: unknown[]) {
         const cb = args.find((a: unknown) => typeof a === "function") as (() => void) | undefined;
         if (cb) {

package/src/openApi.ts

@@ -8,7 +8,7 @@ import type {ModelRouterOptions, OpenApiMiddleware} from "./api";
 import {logger} from "./logger";
 import {getOpenApiSpecForModel} from "./populate";
 
-const noop = (_a, _b, next) => next();
+const noop = (_a: unknown, _b: unknown, next: () => void) => next();
 
 const m2sOptions = {
   props: ["readOnly", "required", "enum", "default"],
@@ -44,7 +44,7 @@ export const defaultOpenApiErrorResponses = {
 };
 
 // We repeat this constantly, so we make it a component so we only have to define it once.
-function createAPIErrorComponent(openApi?: OpenApiMiddleware) {
+const createAPIErrorComponent = (openApi?: OpenApiMiddleware): void => {
   // Create a schema component called APIError
   openApi?.component("schemas", "APIError", {
     properties: {
@@ -111,12 +111,12 @@ function createAPIErrorComponent(openApi?: OpenApiMiddleware) {
     },
     type: "object",
   });
-}
+};
 
-export function getOpenApiMiddleware<T>(
+export const getOpenApiMiddleware = <T>(
   model: Model<T>,
   options: Partial<ModelRouterOptions<T>>
-): express.RequestHandler {
+): express.RequestHandler => {
   createAPIErrorComponent(options.openApi);
   if (!options.openApi?.path) {
     // Just log this once rather than for each middleware.
@@ -158,12 +158,12 @@ export function getOpenApiMiddleware<T>(
       options.openApiOverwrite?.get ?? {}
     )
   );
-}
+};
 
-export function listOpenApiMiddleware<T>(
+export const listOpenApiMiddleware = <T>(
   model: Model<T>,
   options: Partial<ModelRouterOptions<T>>
-): express.RequestHandler {
+): express.RequestHandler => {
   if (!options.openApi?.path) {
     return noop;
   }
@@ -324,12 +324,12 @@ export function listOpenApiMiddleware<T>(
       options.openApiOverwrite?.list ?? {}
     )
   );
-}
+};
 
-export function createOpenApiMiddleware<T>(
+export const createOpenApiMiddleware = <T>(
   model: Model<T>,
   options: Partial<ModelRouterOptions<T>>
-): express.RequestHandler {
+): express.RequestHandler => {
   if (!options.openApi?.path) {
     return noop;
   }
@@ -376,12 +376,12 @@ export function createOpenApiMiddleware<T>(
       options.openApiOverwrite?.create ?? {}
     )
   );
-}
+};
 
-export function patchOpenApiMiddleware<T>(
+export const patchOpenApiMiddleware = <T>(
   model: Model<T>,
   options: Partial<ModelRouterOptions<T>>
-): express.RequestHandler {
+): express.RequestHandler => {
   if (!options.openApi?.path) {
     return noop;
   }
@@ -428,12 +428,12 @@ export function patchOpenApiMiddleware<T>(
       options.openApiOverwrite?.update ?? {}
     )
   );
-}
+};
 
-export function deleteOpenApiMiddleware<T>(
+export const deleteOpenApiMiddleware = <T>(
   model: Model<T>,
   options: Partial<ModelRouterOptions<T>>
-): express.RequestHandler {
+): express.RequestHandler => {
   if (!options.openApi?.path) {
     return noop;
   }
@@ -456,16 +456,16 @@ export function deleteOpenApiMiddleware<T>(
       options.openApiOverwrite?.delete ?? {}
     )
   );
-}
+};
 
 // This is a generic OpenAPI wrapper for a read that returns any object described by `properties`.
 // Useful for endpoints that don't directly map to a model.
-export function readOpenApiMiddleware<T>(
+export const readOpenApiMiddleware = <T>(
   options: Partial<ModelRouterOptions<T>>,
   properties: Record<string, unknown>,
   required: string[],
   queryParameters: Array<Record<string, unknown>>
-): express.RequestHandler {
+): express.RequestHandler => {
   if (!options.openApi?.path) {
     // Just log this once rather than for each middleware.
     logger.debug(
@@ -502,4 +502,4 @@ export function readOpenApiMiddleware<T>(
       options.openApiOverwrite?.get ?? {}
     )
   );
-}
+};