feat: openapi support plus more api validation

2025-11-14 00:31:25 +10:00 · 2025-05-10 15:16:26 -04:00
parent a0bc4bbc4c
commit 3df6818ffe
9 changed files with 100 additions and 39 deletions
--- a/server/api/v1/admin/auth/invitation/index.delete.ts
+++ b/server/api/v1/admin/auth/invitation/index.delete.ts
@ -1,20 +1,30 @@
+import { type } from "arktype";
 import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";

-export default defineEventHandler(async (h3) => {
+const DeleteInvite = type({
+  id: "string",
+});
+
+export default defineEventHandler<{
+  body: typeof DeleteInvite.infer;
+}>(async (h3) => {
  const allowed = await aclManager.allowSystemACL(h3, [
    "auth:simple:invitation:delete",
  ]);
  if (!allowed) throw createError({ statusCode: 403 });

-  const body = await readBody(h3);
-  const id = body.id;
-  if (!id)
+  const body = DeleteInvite(await readBody(h3));
+  if (body instanceof type.errors) {
+    // hover out.summary to see validation errors
+    console.error(body.summary);
+
    throw createError({
      statusCode: 400,
-      statusMessage: "id required for deletion",
+      statusMessage: body.summary,
    });
+  }

-  await prisma.invitation.delete({ where: { id: id } });
+  await prisma.invitation.delete({ where: { id: body.id } });
  return {};
 });
--- a/server/api/v1/admin/auth/invitation/index.post.ts
+++ b/server/api/v1/admin/auth/invitation/index.post.ts
@ -1,40 +1,35 @@
+import { type } from "arktype";
 import aclManager from "~/server/internal/acls";
 import prisma from "~/server/internal/db/database";

-export default defineEventHandler(async (h3) => {
+const CreateInvite = type({
+  isAdmin: "boolean",
+  username: "string",
+  email: "string.email",
+  expires: "string.date.iso.parse",
+});
+
+export default defineEventHandler<{
+  body: typeof CreateInvite.infer;
+}>(async (h3) => {
  const allowed = await aclManager.allowSystemACL(h3, [
    "auth:simple:invitation:new",
  ]);
  if (!allowed) throw createError({ statusCode: 403 });

-  const body = await readBody(h3);
-  const isAdmin = body.isAdmin;
-  const username = body.username;
-  const email = body.email;
-  const expires = body.expires;
+  const body = CreateInvite(await readBody(h3));
+  if (body instanceof type.errors) {
+    // hover out.summary to see validation errors
+    console.error(body.summary);

-  if (!expires)
-    throw createError({ statusCode: 400, statusMessage: "No expires field." });
-  if (isAdmin !== undefined && typeof isAdmin !== "boolean")
    throw createError({
      statusCode: 400,
-      statusMessage: "isAdmin must be a boolean",
-    });
-
-  const expiresDate = new Date(expires);
-  if (!(expiresDate instanceof Date && !isNaN(expiresDate.getTime())))
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid expires date",
+      statusMessage: body.summary,
    });
+  }

  const invitation = await prisma.invitation.create({
-    data: {
-      isAdmin: isAdmin,
-      username: username,
-      email: email,
-      expires: expiresDate,
-    },
+    data: body,
  });

  return invitation;