nextlove 0.2.0

package/.eslintrc.json

@@ -0,0 +1,3 @@
+{
+  "extends": "next/core-web-vitals"
+}

package/README.md

@@ -0,0 +1,6 @@
+# NextJS API
+
+This repo consists of NextJS utility modules used by Seam, namely:
+- nextjs-server-modules
+- withRouteSpec
+- nextjs-exception-middleware

package/bin.js

@@ -0,0 +1,28 @@
+#! /usr/bin/node
+
+const argv = require("minimist")(process.argv.slice(2))
+const { register } = require("esbuild-register/dist/node")
+
+const { unregister } = register({
+  target: `node${process.version.slice(1)}`,
+})
+
+if (argv._[0] === "generate-openapi") {
+  if (argv._.length === 2) {
+    argv.packageDir = argv._[1]
+  }
+  if (argv["package-dir"]) {
+    argv.packageDir = argv["package-dir"]
+  }
+  if (!argv["packageDir"]) throw new Error("Missing --packageDir")
+
+  require("./dist/generate-openapi")
+    .generateOpenAPI({
+      packageDir: argv["packageDir"],
+    })
+    .then((result) => {
+      if (!argv.outputFile) {
+        console.log(result)
+      }
+    })
+}

package/next-env.d.ts

@@ -0,0 +1,5 @@
+/// <reference types="next" />
+/// <reference types="next/image-types/global" />
+
+// NOTE: This file should not be edited
+// see https://nextjs.org/docs/basic-features/typescript for more information.

package/next.config.js

@@ -0,0 +1,6 @@
+/** @type {import('next').NextConfig} */
+const nextConfig = {
+  reactStrictMode: true,
+}
+
+module.exports = nextConfig

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "nextlove",
+  "version": "0.2.0",
+  "private": false,
+  "repository": "https://github.com/seamapi/nextlove",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "bin": {
+    "nsm": "node_modules/nextjs-server-modules/bin.js",
+    "nextlove": "bin.js"
+  },
+  "main": "./dist/index.js",
+  "scripts": {
+    "test": "tsc --noEmit",
+    "build": "tsup --dts --sourcemap inline src"
+  },
+  "dependencies": {
+    "esbuild": "^0.14.7",
+    "esbuild-runner": "^2.2.1",
+    "lodash": "^4.17.21",
+    "next": "12.2.0",
+    "nextjs-exception-middleware": "^1.1.2",
+    "nextjs-middleware-wrappers": "^1.3.0",
+    "nextjs-server-modules": "^1.7.0",
+    "react": "18.2.0",
+    "react-dom": "18.2.0",
+    "zod": "^3.17.3"
+  },
+  "devDependencies": {
+    "@anatine/zod-openapi": "^1.10.0",
+    "@types/lodash": "^4.14.182",
+    "@types/node": "18.0.0",
+    "@types/react": "18.0.14",
+    "@types/react-dom": "18.0.5",
+    "chalk": "^5.1.2",
+    "esbuild-register": "^3.3.3",
+    "eslint": "8.18.0",
+    "eslint-config-next": "12.2.0",
+    "expect-type": "^0.15.0",
+    "minimist": "^1.2.7",
+    "nextjs-middleware-wrappers": "^1.3.0",
+    "openapi3-ts": "^3.1.1",
+    "ts-toolbelt": "^9.6.0",
+    "turbo": "^1.3.1",
+    "type-fest": "^3.1.0",
+    "typescript": "4.7.4"
+  }
+}

package/src/generate-openapi/index.ts

@@ -0,0 +1,224 @@
+import fs from "node:fs/promises"
+import path from "node:path"
+import globby from "globby"
+import { generateSchema } from "@anatine/zod-openapi"
+import {
+  OpenApiBuilder,
+  OperationObject,
+  ParameterObject,
+  SecurityRequirementObject,
+} from "openapi3-ts"
+import { RouteSpec, SetupParams } from "../types"
+import { Entries } from "type-fest"
+import chalk from "chalk"
+
+export const defaultMapFilePathToHTTPRoute = (file_path: string) => {
+  const route = file_path.replace(/^\.\/pages\/api\//, "")
+  return route.replace(/\.ts$/, "").replace("public", "")
+}
+
+const getSecurityObject = (
+  auth_type: RouteSpec["auth"]
+): SecurityRequirementObject[] => {
+  switch (auth_type) {
+    case "key_or_session":
+      return [
+        {
+          apiKeyAuth: [],
+        },
+        {
+          sessionAuth: [],
+        },
+      ]
+    case "key":
+      return [
+        {
+          apiKeyAuth: [],
+        },
+      ]
+    case "session":
+      return [
+        {
+          sessionAuth: [],
+        },
+      ]
+    case "none":
+      return []
+    default:
+      throw new Error(`Unknown auth type: ${auth_type}`)
+  }
+}
+
+interface GenerateOpenAPIOpts {
+  packageDir: string
+  outputFile?: string
+  pathGlob?: string
+  mapFilePathToHTTPRoute?: (file_path: string) => string
+}
+
+/**
+ * This function generates an OpenAPI spec from the Next.js API routes.
+ *
+ * You normally invoke this with `nextapi generate-openapi` in a
+ * "build:openapi" package.json script.
+ */
+export async function generateOpenAPI(opts: GenerateOpenAPIOpts) {
+  const {
+    packageDir,
+    outputFile,
+    pathGlob = "/pages/api/**/*.ts",
+    mapFilePathToHTTPRoute = defaultMapFilePathToHTTPRoute,
+  } = opts
+
+  // Load all route specs
+  console.log(`searching "${packageDir}${pathGlob}"...`)
+  const filepaths = await globby(`${packageDir}${pathGlob}`)
+  console.log(`found ${filepaths.length} files`)
+  const filepathToRouteFn = new Map<
+    string,
+    {
+      setupParams: SetupParams
+      routeSpec: RouteSpec
+      routeFn: Function
+    }
+  >()
+
+  await Promise.all(
+    filepaths.map(async (p) => {
+      const { default: routeFn } = await require(path.resolve(p))
+
+      if (routeFn) {
+        if (!routeFn._setupParams) {
+          console.warn(
+            chalk.yellow(
+              `Ignoring "${p}" because it wasn't created with withRouteSpec`
+            )
+          )
+          return
+        }
+        filepathToRouteFn.set(p, {
+          setupParams: routeFn._setupParams,
+          routeSpec: routeFn._routeSpec,
+          routeFn,
+        })
+      } else {
+        console.warn(chalk.yellow(`Couldn't find route ${p}`))
+      }
+    })
+  )
+
+  // TODO detect if there are multiple setups and output different APIs
+  const { setupParams: globalSetupParams } = filepathToRouteFn.values().next()
+    .value as { setupParams: SetupParams }
+
+  const securitySchemes = {}
+  const securityObjectsForAuthType = {}
+  for (const authName of Object.keys(globalSetupParams.authMiddlewareMap)) {
+    const mw = globalSetupParams.authMiddlewareMap[authName]
+    if (mw.securitySchema) {
+      securitySchemes[authName] = (mw as any).securitySchema
+    } else {
+      console.warn(
+        chalk.yellow(
+          `Authentication middleware "${authName}" has no securitySchema. You can define this on the function (e.g. after the export do... \n\nmyMiddleware.securitySchema = {\n  type: "http"\n  scheme: "bearer"\n  bearerFormat: "JWT"\n // or API Token etc.\n}\n\nYou can also define "securityObjects" this way, if you want to make the endpoint support multiple modes of authentication.\n\n`
+        )
+      )
+    }
+
+    securityObjectsForAuthType[authName] = (mw as any).securityObjects || [
+      {
+        [authName]: [],
+      },
+    ]
+  }
+
+  // Build OpenAPI spec
+  const builder = OpenApiBuilder.create({
+    openapi: "3.0.0",
+    info: {
+      title: globalSetupParams.apiName,
+      version: "1.0.0",
+    },
+    servers: [
+      {
+        url: globalSetupParams.productionServerUrl || "https://example.com",
+      },
+    ],
+    paths: {},
+    components: {
+      securitySchemes,
+    },
+  })
+
+  for (const [file_path, { setupParams, routeSpec }] of filepathToRouteFn) {
+    const route: OperationObject = {
+      summary: mapFilePathToHTTPRoute(file_path),
+      responses: {
+        200: {
+          description: "OK",
+        },
+        400: {
+          description: "Bad Request",
+        },
+        401: {
+          description: "Unauthorized",
+        },
+      },
+      security: securityObjectsForAuthType[routeSpec.auth],
+    }
+
+    if (routeSpec.jsonBody || routeSpec.commonParams) {
+      route.requestBody = {
+        content: {
+          "application/json": {
+            schema: generateSchema(
+              (routeSpec.jsonBody as any) || routeSpec.commonParams
+            ),
+          },
+        },
+      }
+    }
+
+    if (routeSpec.queryParams) {
+      const schema = generateSchema(routeSpec.queryParams)
+
+      if (schema.properties) {
+        const parameters: ParameterObject[] = Object.keys(
+          schema.properties as any
+        ).map((name) => {
+          return {
+            name,
+            in: "query",
+            schema: schema.properties![name],
+            required: schema.required?.includes(name),
+          }
+        })
+
+        route.parameters = parameters
+      }
+    }
+
+    if (routeSpec.jsonResponse) {
+      route.responses[200].content = {
+        "application/json": {
+          schema: generateSchema(routeSpec.jsonResponse),
+        },
+      }
+    }
+
+    // Some routes accept multiple methods
+    builder.addPath(mapFilePathToHTTPRoute(file_path), {
+      ...routeSpec.methods
+        .map((method) => ({
+          [method.toLowerCase()]: route,
+        }))
+        .reduceRight((acc, cur) => ({ ...acc, ...cur }), {}),
+    })
+  }
+
+  if (outputFile) {
+    await fs.writeFile(outputFile, builder.getSpecAsJson())
+  }
+
+  return builder.getSpecAsJson()
+}

package/src/index.ts

@@ -0,0 +1,4 @@
+export * from "nextjs-exception-middleware"
+export * from "./with-route-spec"
+export { wrappers } from "nextjs-middleware-wrappers"
+export * from "./types"

package/src/types/index.ts

@@ -0,0 +1,107 @@
+import { NextApiResponse, NextApiRequest } from "next"
+import { Middleware as WrapperMiddleware } from "nextjs-middleware-wrappers"
+import { z } from "zod"
+import { HTTPMethods } from "../with-route-spec/middlewares/with-methods"
+import { SecuritySchemeObject, SecurityRequirementObject } from "openapi3-ts"
+
+export type Middleware<T, Dep = {}> = WrapperMiddleware<T, Dep> & {
+  securitySchema?: SecuritySchemeObject
+  securityObjects?: SecurityRequirementObject[]
+}
+
+type ParamDef = z.ZodTypeAny | z.ZodEffects<z.ZodTypeAny>
+
+export interface RouteSpec<
+  Auth extends string = string,
+  Methods extends HTTPMethods[] = any,
+  JsonBody extends ParamDef = z.ZodTypeAny,
+  QueryParams extends ParamDef = z.ZodTypeAny,
+  CommonParams extends ParamDef = z.ZodTypeAny,
+  Middlewares extends readonly Middleware<any, any>[] = any[],
+  JsonResponse extends ParamDef = z.ZodTypeAny
+> {
+  methods: Methods
+  auth: Auth
+  jsonBody?: JsonBody
+  queryParams?: QueryParams
+  commonParams?: CommonParams
+  middlewares?: Middlewares
+  jsonResponse?: JsonResponse
+}
+
+export type MiddlewareChainOutput<
+  MWChain extends readonly Middleware<any, any>[]
+> = MWChain extends readonly []
+  ? {}
+  : MWChain extends readonly [infer First, ...infer Rest]
+  ? First extends Middleware<infer T, any>
+    ? T &
+        (Rest extends readonly Middleware<any, any>[]
+          ? MiddlewareChainOutput<Rest>
+          : never)
+    : never
+  : never
+
+export type AuthMiddlewares = {
+  [auth_type: string]: Middleware<any, any>
+}
+
+export interface SetupParams<
+  AuthMW extends AuthMiddlewares = AuthMiddlewares,
+  GlobalMW extends Middleware<any, any>[] = any[]
+> {
+  authMiddlewareMap: AuthMW
+  globalMiddlewares: GlobalMW
+  exceptionHandlingMiddleware?: ((next: Function) => Function) | null
+
+  // These improve OpenAPI generation
+  apiName: string
+  productionServerUrl: string
+}
+
+const defaultMiddlewareMap = {
+  none: (next) => next,
+} as const
+
+export type RouteFunction<
+  SP extends SetupParams<AuthMiddlewares>,
+  RS extends RouteSpec
+> = (
+  req: (SP["authMiddlewareMap"] &
+    typeof defaultMiddlewareMap)[RS["auth"]] extends Middleware<
+    infer AuthMWOut,
+    any
+  >
+    ? Omit<NextApiRequest, "query" | "body"> &
+        AuthMWOut &
+        MiddlewareChainOutput<
+          RS["middlewares"] extends readonly Middleware<any, any>[]
+            ? [...SP["globalMiddlewares"], ...RS["middlewares"]]
+            : SP["globalMiddlewares"]
+        > & {
+          body: (RS["jsonBody"] extends z.ZodTypeAny
+            ? z.infer<RS["jsonBody"]>
+            : {}) &
+            (RS["commonParams"] extends z.ZodTypeAny
+              ? z.infer<RS["commonParams"]>
+              : {})
+          query: (RS["queryParams"] extends z.ZodTypeAny
+            ? z.infer<RS["queryParams"]>
+            : {}) &
+            (RS["commonParams"] extends z.ZodTypeAny
+              ? z.infer<RS["commonParams"]>
+              : {})
+        }
+    : `unknown auth type: ${RS["auth"]}. You should configure this auth type in your auth_middlewares w/ createWithRouteSpec, or maybe you need to add "as const" to your route spec definition.`,
+  res: NextApiResponse<
+    RS["jsonResponse"] extends z.ZodTypeAny ? z.infer<RS["jsonResponse"]> : any
+  >
+) => Promise<void>
+
+export type CreateWithRouteSpecFunction = <
+  SP extends SetupParams<AuthMiddlewares, any>
+>(
+  setupParams: SP
+) => <RS extends RouteSpec<any, any, any, any, any, any, any>>(
+  route_spec: RS
+) => (next: RouteFunction<SP, RS>) => any

package/src/with-route-spec/index.ts

@@ -0,0 +1,96 @@
+import { NextApiResponse, NextApiRequest } from "next"
+import { withExceptionHandling } from "nextjs-exception-middleware"
+import wrappers, { Middleware } from "nextjs-middleware-wrappers"
+import { CreateWithRouteSpecFunction, RouteSpec } from "../types"
+import withMethods, { HTTPMethods } from "./middlewares/with-methods"
+import withValidation from "./middlewares/with-validation"
+import { z } from "zod"
+
+type ParamDef = z.ZodTypeAny | z.ZodEffects<z.ZodTypeAny>
+
+export const checkRouteSpec = <
+  AuthType extends string = string,
+  Methods extends HTTPMethods[] = HTTPMethods[],
+  JsonBody extends ParamDef = z.ZodTypeAny,
+  QueryParams extends ParamDef = z.ZodTypeAny,
+  CommonParams extends ParamDef = z.ZodTypeAny,
+  Middlewares extends readonly Middleware<any, any>[] = readonly Middleware<
+    any,
+    any
+  >[],
+  Spec extends RouteSpec<
+    AuthType,
+    Methods,
+    JsonBody,
+    QueryParams,
+    CommonParams,
+    Middlewares
+  > = RouteSpec<
+    AuthType,
+    Methods,
+    JsonBody,
+    QueryParams,
+    CommonParams,
+    Middlewares
+  >
+>(
+  spec: Spec
+): string extends Spec["auth"]
+  ? `your route spec is underspecified, add "as const"`
+  : Spec => spec as any
+
+export const createWithRouteSpec: CreateWithRouteSpecFunction = ((
+  setupParams
+) => {
+  const {
+    authMiddlewareMap = {},
+    globalMiddlewares = [],
+    exceptionHandlingMiddleware = withExceptionHandling({
+      addOkStatus: true,
+    }) as any,
+  } = setupParams
+
+  const withRouteSpec = (spec: RouteSpec) => {
+    const createRouteExport = (userDefinedRouteFn) => {
+      const rootRequestHandler = async (
+        req: NextApiRequest,
+        res: NextApiResponse
+      ) => {
+        authMiddlewareMap["none"] = (next) => next
+
+        const auth_middleware = authMiddlewareMap[spec.auth]
+        if (!auth_middleware) throw new Error(`Unknown auth type: ${spec.auth}`)
+
+        return wrappers(
+          ...((exceptionHandlingMiddleware
+            ? [exceptionHandlingMiddleware]
+            : []) as [any]),
+          ...((globalMiddlewares || []) as []),
+          auth_middleware,
+          ...((spec.middlewares || []) as []),
+          withMethods(spec.methods),
+          withValidation({
+            jsonBody: spec.jsonBody,
+            queryParams: spec.queryParams,
+            commonParams: spec.commonParams,
+          }),
+          userDefinedRouteFn
+        )(req as any, res)
+      }
+
+      rootRequestHandler._setupParams = setupParams
+      rootRequestHandler._routeSpec = spec
+
+      return rootRequestHandler
+    }
+
+    createRouteExport._setupParams = setupParams
+    createRouteExport._routeSpec = spec
+
+    return createRouteExport
+  }
+
+  withRouteSpec._setupParams = setupParams
+
+  return withRouteSpec
+}) as any

package/src/with-route-spec/middlewares/with-methods.ts

@@ -0,0 +1,22 @@
+import { MethodNotAllowedException } from "nextjs-exception-middleware"
+
+export type HTTPMethods =
+  | "GET"
+  | "POST"
+  | "DELETE"
+  | "PUT"
+  | "PATCH"
+  | "HEAD"
+  | "OPTIONS"
+
+export const withMethods = (methods: HTTPMethods[]) => (next) => (req, res) => {
+  if (!methods.includes(req.method)) {
+    throw new MethodNotAllowedException({
+      type: "method_not_allowed",
+      message: `only ${methods.join(",")} accepted`,
+    })
+  }
+  return next(req, res)
+}
+
+export default withMethods

package/src/with-route-spec/middlewares/with-validation.ts

@@ -0,0 +1,101 @@
+import type { NextApiRequest, NextApiResponse } from "next"
+import { z } from "zod"
+import { BadRequestException } from "nextjs-exception-middleware"
+import { isEmpty } from "lodash"
+
+const parseCommaSeparateArrays = (
+  schema: z.ZodTypeAny,
+  input: Record<string, unknown>
+) => {
+  const parsed_input = Object.assign({}, input)
+
+  // todo: iterate over Zod top level keys, if there's an array, parse it
+
+  return schema.parse(parsed_input)
+}
+
+export interface RequestInput<
+  JsonBody extends z.ZodTypeAny,
+  QueryParams extends z.ZodTypeAny,
+  CommonParams extends z.ZodTypeAny
+> {
+  jsonBody?: JsonBody
+  queryParams?: QueryParams
+  commonParams?: CommonParams
+}
+
+const zodIssueToString = (issue: z.ZodIssue) => {
+  if (issue.path.join(".") === "") {
+    return issue.message
+  }
+  if (issue.message === "Required") {
+    return `${issue.path.join(".")} is required`
+  }
+  return `${issue.message} for "${issue.path.join(".")}"`
+}
+
+export const withValidation =
+  <
+    JsonBody extends z.ZodTypeAny,
+    QueryParams extends z.ZodTypeAny,
+    CommonParams extends z.ZodTypeAny
+  >(
+    input: RequestInput<JsonBody, QueryParams, CommonParams>
+  ) =>
+  (next) =>
+  async (req: NextApiRequest, res: NextApiResponse) => {
+    if (
+      (req.method === "POST" || req.method === "PATCH") &&
+      !req.headers["content-type"]?.includes("application/json") &&
+      !isEmpty(req.body)
+    ) {
+      throw new BadRequestException({
+        type: "invalid_content_type",
+        message: `POST requests must have Content-Type header with "application/json"`,
+      })
+    }
+
+    try {
+      const original_combined_params = { ...req.query, ...req.body }
+      req.body = input.jsonBody?.parse(req.body)
+      req.query = input.queryParams?.parse(req.query)
+
+      if (input.commonParams) {
+        ;(req as any).commonParams = parseCommaSeparateArrays(
+          input.commonParams,
+          original_combined_params
+        )
+      }
+    } catch (error: any) {
+      if (error.name === "ZodError") {
+        let message
+        if (error.issues.length === 1) {
+          const issue = error.issues[0]
+          message = zodIssueToString(issue)
+        } else {
+          const message_components: string[] = []
+          for (const issue of error.issues) {
+            message_components.push(zodIssueToString(issue))
+          }
+          message =
+            `${error.issues.length} Input Errors: ` +
+            message_components.join(", ")
+        }
+
+        throw new BadRequestException({
+          type: "invalid_input",
+          message,
+          validation_errors: error.format(),
+        })
+      }
+
+      throw new BadRequestException({
+        type: "invalid_input",
+        message: "Error while parsing input",
+      })
+    }
+
+    return next(req, res)
+  }
+
+export default withValidation

package/tests/route-spec-types.ts

@@ -0,0 +1,154 @@
+import { MiddlewareChainOutput } from "../src/types"
+import {
+  checkRouteSpec,
+  createWithRouteSpec,
+  Middleware,
+  RouteSpec,
+} from "../src"
+import { expectTypeOf } from "expect-type"
+import { z } from "zod"
+
+const authTokenMiddleware: Middleware<{
+  auth: {
+    authorized_by: "auth_token"
+  }
+}> = (next) => (req, res) => {
+  req.auth = {
+    authorized_by: "auth_token",
+  }
+  return next(req, res)
+}
+const bearerMiddleware: Middleware<{
+  auth: {
+    authorized_by: "bearer"
+  }
+}> = (next) => (req, res) => {
+  req.auth = {
+    authorized_by: "bearer",
+  }
+  return next(req, res)
+}
+
+const dbMiddleware: Middleware<{
+  db: {
+    client: any
+  }
+}> = (next) => (req, res) => {
+  req.db = { client: "..." }
+  return next(req, res)
+}
+
+const userMiddleware: Middleware<
+  {
+    user: {
+      user_id: string
+    }
+  },
+  {}
+> = (next) => (req, res) => {
+  req.user = { user_id: "..." }
+  return next(req, res)
+}
+
+const chain = [dbMiddleware, bearerMiddleware] as const
+
+const chainOutput: MiddlewareChainOutput<typeof chain> = null as any
+
+expectTypeOf(chainOutput).toEqualTypeOf<{
+  db: {
+    client: any
+  }
+  auth: {
+    authorized_by: "bearer"
+  }
+}>
+
+const projSetup = {
+  authMiddlewareMap: {
+    auth_token: authTokenMiddleware,
+    bearer: bearerMiddleware,
+  },
+  globalMiddlewares: [dbMiddleware],
+
+  apiName: "test",
+  productionServerUrl: "https://example.com",
+} as const
+
+const withRouteSpec = createWithRouteSpec(projSetup)
+
+export const myRoute1Spec = checkRouteSpec({
+  auth: "none",
+  methods: ["POST"],
+  jsonBody: z.object({
+    count: z.number(),
+  }),
+})
+
+export const myRoute1 = withRouteSpec(myRoute1Spec)(async (req, res) => {
+  expectTypeOf(req.db).toMatchTypeOf<{ client: any }>()
+  expectTypeOf(req.body).toMatchTypeOf<{ count: number }>()
+})
+
+export const myRoute2Spec = checkRouteSpec({
+  auth: "auth_token",
+  methods: ["GET"],
+  queryParams: z.object({
+    id: z.string(),
+  }),
+})
+
+export const myRoute2 = withRouteSpec(myRoute2Spec)(async (req, res) => {
+  expectTypeOf(req.auth).toMatchTypeOf<{ authorized_by: "auth_token" }>()
+  expectTypeOf(req.query).toMatchTypeOf<{ id: string }>()
+})
+
+export const myRoute3Spec = checkRouteSpec({
+  auth: "none",
+  methods: ["POST"],
+  jsonBody: z.object({
+    A: z.string(),
+  }),
+  commonParams: z.object({
+    B: z.string(),
+  }),
+})
+
+export const myRoute3 = withRouteSpec(myRoute3Spec)(async (req, res) => {
+  expectTypeOf(req.body).toMatchTypeOf<{ A: string; B: string }>()
+})
+
+const withImproperMWRouteSpec = createWithRouteSpec({
+  authMiddlewareMap: {
+    // @ts-expect-error - improperly defined middleware
+    asd: () => {},
+  },
+  globalMiddlewares: [],
+})
+
+const middlewares = [userMiddleware] as const
+
+export const myRoute4Spec = checkRouteSpec({
+  auth: "none",
+  methods: ["POST"],
+  middlewares,
+})
+
+export const myRoute4 = withRouteSpec(myRoute4Spec)(async (req, res) => {
+  expectTypeOf(req.db).toMatchTypeOf<{ client: any }>()
+  expectTypeOf(req.user).toMatchTypeOf<{ user_id: string }>()
+})
+
+export const myRoute5Spec = checkRouteSpec({
+  auth: "none",
+  methods: ["POST"],
+  jsonResponse: z.object({
+    id: z.string(),
+  }),
+})
+
+export const myRoute5 = withRouteSpec(myRoute5Spec)(async (req, res) => {
+  // @ts-expect-error - should be a string
+  res.status(200).json({ id: 123 })
+
+  res.status(200).json({ id: "123" })
+})

package/tsconfig.json

@@ -0,0 +1,21 @@
+{
+  "compilerOptions": {
+    "target": "es2020",
+    "lib": ["dom", "dom.iterable", "esnext"],
+    "allowJs": true,
+    "skipLibCheck": true,
+    "strict": true,
+    "noImplicitAny": false,
+    "forceConsistentCasingInFileNames": true,
+    "noEmit": true,
+    "esModuleInterop": true,
+    "module": "esnext",
+    "moduleResolution": "node",
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "jsx": "preserve",
+    "incremental": false
+  },
+  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx"],
+  "exclude": ["node_modules"]
+}