Skip to content

feat: Add OpenAPI Support to oauth-apps.get API#36598

Merged
ggazzo merged 15 commits intoRocketChat:developfrom
ahmed-n-abdeltwab:feat/openapi-oauth-apps-get
Aug 8, 2025
Merged

feat: Add OpenAPI Support to oauth-apps.get API#36598
ggazzo merged 15 commits intoRocketChat:developfrom
ahmed-n-abdeltwab:feat/openapi-oauth-apps-get

Conversation

@ahmed-n-abdeltwab
Copy link
Contributor

@ahmed-n-abdeltwab ahmed-n-abdeltwab commented Aug 1, 2025
edited by ggazzo
Loading

https://rocketchat.atlassian.net/browse/ARCH-1734
Description:
This PR integrates OpenAPI support into the Rocket.Chat API, migrate of Rocket.Chat API endpoints to the new OpenAPI pattern. The update includes improved API documentation, enhanced type safety, and response validation using AJV.

Key Changes:

  • Implemented the new pattern and added AJV-based JSON schema validation for API.
  • Uses the ExtractRoutesFromAPI utility from the TypeScript definitions to dynamically derive the routes from the endpoint specifications.
  • Enabled Swagger UI integration for this API.
  • Route Methods Chaining for the endpoints.
  • This does not introduce any breaking changes to the endpoint logic.

Issue Reference:
Relates to #34983, part of the ongoing OpenAPI integration effort.

Testing:

  • Verified that the API response schemas are correctly documented in Swagger UI.

  • All tests passed without any breaking changes

    $ yarn testapi -f '[OAuthApps]' 


[OAuthApps]
  [/oauth-apps.list]
    ✔ should return an error when the user does not have the necessary permission (228ms)
    ✔ should return an array of oauth apps (202ms)
  [/oauth-apps.create]
    ✔ should return an error when the user does not have the necessary permission (348ms)
    ✔ should return an error when the 'name' property is invalid (53ms)
    ✔ should return an error when the 'redirectUri' property is invalid
    ✔ should return an error when the 'active' property is not a boolean
    ✔ should create an oauthApp
  [/oauth-apps.get]
    ✔ should return a single oauthApp by client id
    ✔ should return a single oauthApp by _id
    ✔ should return a single oauthApp by appId (deprecated)
    ✔ should return only non sensitive information if user does not have the permission to manage oauth apps when searching by clientId (191ms)
    ✔ should return only non sensitive information if user does not have the permission to manage oauth apps when searching by _id (210ms)
    ✔ should return only non sensitive information if user does not have the permission to manage oauth apps when searching by appId (deprecated) (203ms)
    ✔ should fail returning an oauth app when an invalid id is provided (avoid NoSQL injections)
    ✔ should fail returning an oauth app when an invalid id string is provided (avoid NoSQL injections)
    ✔ should fail returning an oauth app when an invalid clientId is provided (avoid NoSQL injections)
    ✔ should fail returning an oauth app when an invalid clientId string is provided (avoid NoSQL injections)
    ✔ should fail returning an oauth app when an invalid appId is provided (avoid NoSQL injections; deprecated)
    ✔ should fail returning an oauth app when an invalid appId string is provided (avoid NoSQL injections; deprecated)
  [/oauth-apps.update]
    ✔ should update an app's name, its Active and Redirect URI fields correctly by its id
    ✔ should fail updating an app if user does NOT have the manage-oauth-apps permission (221ms)
  [/oauth-apps.delete]
    ✔ should delete an app by its id
    ✔ should fail deleting an app by its id if user does NOT have the manage-oauth-apps permission (178ms)


23 passing (4s)

Endpoints:

Looking forward to your feedback! 🚀

@dionisio-bot
Copy link
Contributor

dionisio-bot bot commented Aug 1, 2025
edited
Loading

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

@changeset-bot
Copy link

changeset-bot bot commented Aug 1, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 9df5513

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 39 packages
Name Type
@rocket.chat/meteor Patch
@rocket.chat/core-typings Patch
@rocket.chat/rest-typings Patch
@rocket.chat/uikit-playground Patch
@rocket.chat/api-client Patch
@rocket.chat/apps Patch
@rocket.chat/core-services Patch
@rocket.chat/cron Patch
@rocket.chat/ddp-client Patch
@rocket.chat/freeswitch Patch
@rocket.chat/fuselage-ui-kit Patch
@rocket.chat/gazzodown Patch
@rocket.chat/http-router Patch
@rocket.chat/livechat Patch
@rocket.chat/model-typings Patch
@rocket.chat/ui-avatar Patch
@rocket.chat/ui-client Patch
@rocket.chat/ui-contexts Patch
@rocket.chat/web-ui-registration Patch
@rocket.chat/account-service Patch
@rocket.chat/authorization-service Patch
@rocket.chat/ddp-streamer Patch
@rocket.chat/omnichannel-transcript Patch
@rocket.chat/presence-service Patch
@rocket.chat/queue-worker Patch
@rocket.chat/stream-hub-service Patch
@rocket.chat/license Patch
@rocket.chat/omnichannel-services Patch
@rocket.chat/pdf-worker Patch
@rocket.chat/presence Patch
rocketchat-services Patch
@rocket.chat/models Patch
@rocket.chat/network-broker Patch
@rocket.chat/mock-providers Patch
@rocket.chat/ui-video-conf Patch
@rocket.chat/ui-voip Patch
@rocket.chat/instance-status Patch
@rocket.chat/omni-core Patch
@rocket.chat/omni-core-ee Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@ahmed-n-abdeltwab ahmed-n-abdeltwab mentioned this pull request Aug 1, 2025
Draft
ahmed-n-abdeltwab
ahmed-n-abdeltwab commented Aug 1, 2025
View reviewed changes
apps/meteor/app/api/server/definition.ts
Comment on lines +305 to +306
route: string;
response: Response;
Copy link
Contributor Author

@ahmed-n-abdeltwab ahmed-n-abdeltwab Aug 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was missing in the typedThis, so I added it.

ahmed-n-abdeltwab
ahmed-n-abdeltwab commented Aug 1, 2025
View reviewed changes
packages/core-typings/src/IOAuthApps.ts
active: boolean;
clientId: string;
clientSecret: string;
clientSecret?: string;
Copy link
Contributor Author

@ahmed-n-abdeltwab ahmed-n-abdeltwab Aug 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The IOAuthApps used in findOneAuthAppByIdOrClientId doesn’t include clientSecret, so I made it optional in the interface

Copy link
Contributor Author

@ahmed-n-abdeltwab ahmed-n-abdeltwab Aug 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

packages/models/src/models/OAuthApps.ts
findOneAuthAppByIdOrClientId(
		props: { clientId: string } | { appId: string } | { _id: string },
		options?: FindOptions<IOAuthApps>,
	): Promise<IOAuthApps | null> {
		return this.findOne(
			{
				...('_id' in props && { _id: props._id }),
				...('appId' in props && { _id: props.appId }),
				...('clientId' in props && { clientId: props.clientId }),
			},
			options,
		);
	}

Copy link
Contributor Author

@ahmed-n-abdeltwab ahmed-n-abdeltwab Aug 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without this change, AJV would throw an error saying clientSecret is required, even though it's not returned

ahmed-n-abdeltwab
ahmed-n-abdeltwab commented Aug 1, 2025
View reviewed changes
apps/meteor/tests/end-to-end/api/oauthapps.ts
Comment on lines +289 to +291
expect(res.body).to.have.property('errorType', 'error-invalid-params');
expect(res.body).to.have.property('error');
expect(res.body.error).to.include('must be string').and.include('must match exactly one schema in oneOf [invalid-params]');
expect(res.body.error).to.include('must be string').and.include('must match exactly one schema in oneOf');
Copy link
Contributor Author

@ahmed-n-abdeltwab ahmed-n-abdeltwab Aug 1, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error was must match exactly one schema in oneOf but didn’t include [invalid-params], so I added a separate assertion for errorType instead.

@ahmed-n-abdeltwab ahmed-n-abdeltwab marked this pull request as ready for review August 1, 2025 15:17
@ahmed-n-abdeltwab ahmed-n-abdeltwab requested review from a team as code owners August 1, 2025 15:17
@ahmed-n-abdeltwab ahmed-n-abdeltwab marked this pull request as draft August 5, 2025 06:54
@ahmed-n-abdeltwab ahmed-n-abdeltwab marked this pull request as ready for review August 5, 2025 17:21
@ahmed-n-abdeltwab
Copy link
Contributor Author

ahmed-n-abdeltwab commented Aug 5, 2025

@cardoso Ready for review whenever you have time

@codecov
Copy link

codecov bot commented Aug 6, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.65%. Comparing base (be7ceaa) to head (ba8b68f).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff            @@
##           develop   #36598   +/-   ##
========================================
  Coverage    65.65%   65.65%           
========================================
  Files         3197     3197           
  Lines       106812   106812           
  Branches     20332    20329    -3     
========================================
+ Hits         70130    70131    +1     
- Misses       34035    34038    +3     
+ Partials      2647     2643    -4
Flag Coverage Δ
unit 71.21% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@cardoso cardoso added this to the 7.10.0 milestone Aug 8, 2025
cardoso
cardoso approved these changes Aug 8, 2025
View reviewed changes
Copy link
Member

@cardoso cardoso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ggazzo 👍

@ggazzo ggazzo added the stat: QA assured Means it has been tested and approved by a company insider label Aug 8, 2025
@dionisio-bot dionisio-bot bot added the stat: ready to merge PR tested and approved waiting for merge label Aug 8, 2025
@ggazzo ggazzo merged commit 17bca96 into RocketChat:develop Aug 8, 2025
48 checks passed
@rocketchat-github-ci rocketchat-github-ci mentioned this pull request Aug 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cardoso cardoso cardoso approved these changes

Assignees

No one assigned

Labels

gsoc-project stat: QA assured Means it has been tested and approved by a company insider stat: ready to merge PR tested and approved waiting for merge

Projects

None yet

Milestone

7.10.0

Development

Successfully merging this pull request may close these issues.

3 participants

@ahmed-n-abdeltwab @cardoso @ggazzo