🍜

2025-05-15 15:53:44 +07:00 · 2025-05-15 15:53:44 +07:00 · f2c4d2442e
commit f2c4d2442e
--- a/apps/api/src/api-v1/consumers/admin-get-consumer-by-token.ts
+++ b/apps/api/src/api-v1/consumers/admin-get-consumer-by-token.ts
@ -4,11 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { aclAdmin } from '@/lib/acl-admin'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { consumerTokenParamsSchema, populateConsumerSchema } from './schemas'

@ -18,7 +18,7 @@ const route = createRoute({
  operationId: 'getConsumer',
  method: 'get',
  path: 'admin/consumers/tokens/{token}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: consumerTokenParamsSchema,
    query: populateConsumerSchema
--- a/apps/api/src/api-v1/consumers/get-consumer.ts
+++ b/apps/api/src/api-v1/consumers/get-consumer.ts
@ -4,11 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { acl } from '@/lib/acl'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { consumerIdParamsSchema, populateConsumerSchema } from './schemas'

@ -18,7 +18,7 @@ const route = createRoute({
  operationId: 'getConsumer',
  method: 'get',
  path: 'consumers/{consumersId}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: consumerIdParamsSchema,
    query: populateConsumerSchema
--- a/apps/api/src/api-v1/consumers/list-consumers.ts
+++ b/apps/api/src/api-v1/consumers/list-consumers.ts
@ -4,11 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { acl } from '@/lib/acl'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { projectIdParamsSchema } from '../projects/schemas'
 import { paginationAndPopulateConsumerSchema } from './schemas'
@ -19,7 +19,7 @@ const route = createRoute({
  operationId: 'listConsumers',
  method: 'get',
  path: 'projects/{projectId}/consumers',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: projectIdParamsSchema,
    query: paginationAndPopulateConsumerSchema
--- a/apps/api/src/api-v1/consumers/upsert-consumer.ts
+++ b/apps/api/src/api-v1/consumers/upsert-consumer.ts
@ -8,14 +8,13 @@ import { upsertStripeCustomer } from '@/lib/billing/upsert-stripe-customer'
 import { upsertStripePricingPlans } from '@/lib/billing/upsert-stripe-pricing-plans'
 import { upsertStripeSubscription } from '@/lib/billing/upsert-stripe-subscription'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
  openapiErrorResponse409,
  openapiErrorResponse410,
-  openapiErrorResponses,
-  parseZodSchema,
-  sha256
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema, sha256 } from '@/lib/utils'

 const route = createRoute({
  description:
@ -24,7 +23,7 @@ const route = createRoute({
  operationId: 'createConsumer',
  method: 'post',
  path: 'consumers',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    body: {
      required: true,
--- a/apps/api/src/api-v1/index.ts
+++ b/apps/api/src/api-v1/index.ts
@ -36,6 +36,12 @@ export const apiV1 = new OpenAPIHono({
  }
 })

+apiV1.openAPIRegistry.registerComponent('securitySchemes', 'Bearer', {
+  type: 'http',
+  scheme: 'bearer',
+  bearerFormat: 'JWT'
+})
+
 // Public routes
 const pub = new OpenAPIHono()

--- a/apps/api/src/api-v1/projects/create-project.ts
+++ b/apps/api/src/api-v1/projects/create-project.ts
@ -6,11 +6,10 @@ import { aclTeamMember } from '@/lib/acl-team-member'
 import { getProviderToken } from '@/lib/auth/get-provider-token'
 import { ensureAuthUser } from '@/lib/ensure-auth-user'
 import {
-  assert,
-  openapiErrorResponses,
-  parseZodSchema,
-  sha256
-} from '@/lib/utils'
+  openapiAuthenticatedSecuritySchemas,
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema, sha256 } from '@/lib/utils'

 const route = createRoute({
  description: 'Creates a new project.',
@ -18,7 +17,7 @@ const route = createRoute({
  operationId: 'createProject',
  method: 'post',
  path: 'projects',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    body: {
      required: true,
--- a/apps/api/src/api-v1/projects/get-project.ts
+++ b/apps/api/src/api-v1/projects/get-project.ts
@ -4,11 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { acl } from '@/lib/acl'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { populateProjectSchema, projectIdParamsSchema } from './schemas'

@ -18,7 +18,7 @@ const route = createRoute({
  operationId: 'getProject',
  method: 'get',
  path: 'projects/{projectId}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: projectIdParamsSchema,
    query: populateProjectSchema
--- a/apps/api/src/api-v1/projects/list-projects.ts
+++ b/apps/api/src/api-v1/projects/list-projects.ts
@ -3,7 +3,11 @@ import { createRoute, type OpenAPIHono, z } from '@hono/zod-openapi'
 import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { ensureAuthUser } from '@/lib/ensure-auth-user'
-import { openapiErrorResponses, parseZodSchema } from '@/lib/utils'
+import {
+  openapiAuthenticatedSecuritySchemas,
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { parseZodSchema } from '@/lib/utils'

 import { paginationAndPopulateProjectSchema } from './schemas'

@ -13,7 +17,7 @@ const route = createRoute({
  operationId: 'listProjects',
  method: 'get',
  path: 'projects',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    query: paginationAndPopulateProjectSchema
  },
--- a/apps/api/src/api-v1/projects/update-project.ts
+++ b/apps/api/src/api-v1/projects/update-project.ts
@ -3,11 +3,11 @@ import { createRoute, type OpenAPIHono } from '@hono/zod-openapi'
 import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { projectIdParamsSchema } from './schemas'

@ -17,7 +17,7 @@ const route = createRoute({
  operationId: 'updateProject',
  method: 'put',
  path: 'projects/{projectId}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: projectIdParamsSchema,
    body: {
--- a/apps/api/src/api-v1/teams/create-team.ts
+++ b/apps/api/src/api-v1/teams/create-team.ts
@ -4,7 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, schema } from '@/db'
 import { ensureAuthUser } from '@/lib/ensure-auth-user'
 import { ensureUniqueTeamSlug } from '@/lib/ensure-unique-team-slug'
-import { assert, openapiErrorResponses, parseZodSchema } from '@/lib/utils'
+import {
+  openapiAuthenticatedSecuritySchemas,
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 const route = createRoute({
  description: 'Creates a team.',
@ -12,7 +16,7 @@ const route = createRoute({
  operationId: 'createTeam',
  method: 'post',
  path: 'teams',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    body: {
      required: true,
--- a/apps/api/src/api-v1/teams/delete-team.ts
+++ b/apps/api/src/api-v1/teams/delete-team.ts
@ -4,11 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { aclTeamAdmin } from '@/lib/acl-team-admin'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { teamSlugParamsSchema } from './schemas'

@ -18,7 +18,7 @@ const route = createRoute({
  operationId: 'deleteTeam',
  method: 'delete',
  path: 'teams/{team}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: teamSlugParamsSchema
  },
--- a/apps/api/src/api-v1/teams/get-team.ts
+++ b/apps/api/src/api-v1/teams/get-team.ts
@ -4,11 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { aclTeamMember } from '@/lib/acl-team-member'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { teamSlugParamsSchema } from './schemas'

@ -18,7 +18,7 @@ const route = createRoute({
  operationId: 'getTeam',
  method: 'get',
  path: 'teams/{team}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: teamSlugParamsSchema
  },
--- a/apps/api/src/api-v1/teams/list-teams.ts
+++ b/apps/api/src/api-v1/teams/list-teams.ts
@ -2,7 +2,11 @@ import { createRoute, type OpenAPIHono, z } from '@hono/zod-openapi'

 import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, paginationSchema, schema } from '@/db'
-import { openapiErrorResponses, parseZodSchema } from '@/lib/utils'
+import {
+  openapiAuthenticatedSecuritySchemas,
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { parseZodSchema } from '@/lib/utils'

 const route = createRoute({
  description: 'Lists all teams the authenticated user belongs to.',
@ -10,7 +14,7 @@ const route = createRoute({
  operationId: 'listTeams',
  method: 'get',
  path: 'teams',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    query: paginationSchema
  },
--- a/apps/api/src/api-v1/teams/members/create-team-member.ts
+++ b/apps/api/src/api-v1/teams/members/create-team-member.ts
@ -4,12 +4,12 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { and, db, eq, schema } from '@/db'
 import { aclTeamAdmin } from '@/lib/acl-team-admin'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
  openapiErrorResponse409,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { teamSlugParamsSchema } from '../schemas'

@ -19,7 +19,7 @@ const route = createRoute({
  operationId: 'createTeamMember',
  method: 'post',
  path: 'teams/{team}/members',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: teamSlugParamsSchema,
    body: {
--- a/apps/api/src/api-v1/teams/members/delete-team-member.ts
+++ b/apps/api/src/api-v1/teams/members/delete-team-member.ts
@ -5,11 +5,11 @@ import { and, db, eq, schema } from '@/db'
 import { aclTeamAdmin } from '@/lib/acl-team-admin'
 import { aclTeamMember } from '@/lib/acl-team-member'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { teamSlugTeamMemberUserIdParamsSchema } from './schemas'

@ -19,7 +19,7 @@ const route = createRoute({
  operationId: 'deleteTeamMember',
  method: 'delete',
  path: 'teams/{team}/members/{userId}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: teamSlugTeamMemberUserIdParamsSchema
  },
--- a/apps/api/src/api-v1/teams/members/update-team-member.ts
+++ b/apps/api/src/api-v1/teams/members/update-team-member.ts
@ -5,11 +5,11 @@ import { and, db, eq, schema } from '@/db'
 import { aclTeamAdmin } from '@/lib/acl-team-admin'
 import { aclTeamMember } from '@/lib/acl-team-member'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { teamSlugTeamMemberUserIdParamsSchema } from './schemas'

@ -19,7 +19,7 @@ const route = createRoute({
  operationId: 'updateTeamMember',
  method: 'put',
  path: 'teams/{team}/members/{userId}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: teamSlugTeamMemberUserIdParamsSchema,
    body: {
--- a/apps/api/src/api-v1/teams/update-team.ts
+++ b/apps/api/src/api-v1/teams/update-team.ts
@ -4,11 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { aclTeamAdmin } from '@/lib/acl-team-admin'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { teamSlugParamsSchema } from './schemas'

@ -18,7 +18,7 @@ const route = createRoute({
  operationId: 'updateTeam',
  method: 'put',
  path: 'teams/{team}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: teamSlugParamsSchema,
    body: {
--- a/apps/api/src/api-v1/users/get-user.ts
+++ b/apps/api/src/api-v1/users/get-user.ts
@ -4,11 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { acl } from '@/lib/acl'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { userIdParamsSchema } from './schemas'

@ -18,7 +18,7 @@ const route = createRoute({
  operationId: 'getUser',
  method: 'get',
  path: 'users/{userId}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: userIdParamsSchema
  },
--- a/apps/api/src/api-v1/users/update-user.ts
+++ b/apps/api/src/api-v1/users/update-user.ts
@ -4,11 +4,11 @@ import type { AuthenticatedEnv } from '@/lib/types'
 import { db, eq, schema } from '@/db'
 import { acl } from '@/lib/acl'
 import {
-  assert,
+  openapiAuthenticatedSecuritySchemas,
  openapiErrorResponse404,
-  openapiErrorResponses,
-  parseZodSchema
-} from '@/lib/utils'
+  openapiErrorResponses
+} from '@/lib/openapi-utils'
+import { assert, parseZodSchema } from '@/lib/utils'

 import { userIdParamsSchema } from './schemas'

@ -18,7 +18,7 @@ const route = createRoute({
  operationId: 'updateUser',
  method: 'put',
  path: 'users/{userId}',
-  security: [{ bearerAuth: [] }],
+  security: openapiAuthenticatedSecuritySchemas,
  request: {
    params: userIdParamsSchema,
    body: {
--- a/apps/api/src/lib/openapi-utils.ts
+++ b/apps/api/src/lib/openapi-utils.ts
@ -0,0 +1,52 @@
+import { z } from '@hono/zod-openapi'
+
+const openapiErrorContent = {
+  'application/json': {
+    schema: z.object({
+      error: z.string()
+    })
+  }
+} as const
+
+export const openapiErrorResponses = {
+  400: {
+    description: 'Bad Request',
+    content: openapiErrorContent
+  },
+  401: {
+    description: 'Unauthorized',
+    content: openapiErrorContent
+  },
+  403: {
+    description: 'Forbidden',
+    content: openapiErrorContent
+  }
+} as const
+
+export const openapiErrorResponse404 = {
+  404: {
+    description: 'Not Found',
+    content: openapiErrorContent
+  }
+} as const
+
+export const openapiErrorResponse409 = {
+  409: {
+    description: 'Conflict',
+    content: openapiErrorContent
+  }
+} as const
+
+export const openapiErrorResponse410 = {
+  410: {
+    description: 'Gone',
+    content: openapiErrorContent
+  }
+} as const
+
+// No `as const` because zod openapi doesn't support readonly for `security`
+export const openapiAuthenticatedSecuritySchemas = [
+  {
+    Bearer: []
+  }
+]
--- a/apps/api/src/lib/utils.ts
+++ b/apps/api/src/lib/utils.ts
@ -2,7 +2,6 @@ import { createHash, randomUUID } from 'node:crypto'

 import type { ContentfulStatusCode } from 'hono/utils/http-status'
 import type { ZodSchema } from 'zod'
-import { z } from '@hono/zod-openapi'

 import { HttpError, ZodValidationError } from './errors'

@ -50,47 +49,3 @@ export function parseZodSchema<T>(
    })
  }
 }
-
-const errorContent = {
-  'application/json': {
-    schema: z.object({
-      error: z.string()
-    })
-  }
-} as const
-
-export const openapiErrorResponses = {
-  400: {
-    description: 'Bad Request',
-    content: errorContent
-  },
-  401: {
-    description: 'Unauthorized',
-    content: errorContent
-  },
-  403: {
-    description: 'Forbidden',
-    content: errorContent
-  }
-} as const
-
-export const openapiErrorResponse404 = {
-  404: {
-    description: 'Not Found',
-    content: errorContent
-  }
-} as const
-
-export const openapiErrorResponse409 = {
-  409: {
-    description: 'Conflict',
-    content: errorContent
-  }
-} as const
-
-export const openapiErrorResponse410 = {
-  410: {
-    description: 'Gone',
-    content: errorContent
-  }
-} as const