Problem Statement
14 REST API v1 endpoint files still lack validateParams validation and use either the legacy check() function or no validation at all. These files use the old API.v1.addRoute() pattern instead of the new chained .get()/.post() pattern with typed response schemas.
Migration Status
| File |
Routes |
Status |
call-history.ts |
2 |
⏳ Pending |
commands.ts |
5 |
⏳ Pending |
custom-sounds.ts |
4 |
⏳ Pending |
email-inbox.ts |
5 |
⏳ Pending |
instances.ts |
1 |
✅ Migrated — #38881 |
ldap.ts |
2 |
✅ Migrated — #38883 |
oauthapps.ts |
6 |
⏳ Pending |
permissions.ts |
2 |
✅ Already migrated |
presence.ts |
3 |
✅ Migrated — #38882 |
push.ts |
4 |
⏳ Pending |
roles.ts |
6 |
⏳ Pending |
stats.ts |
3 |
⏳ Pending (PR #38884 closed — conflict with existing work) |
uploads.ts |
3 |
⏳ Pending |
Expected Behavior
All API v1 endpoints should follow the new chained API pattern (as seen in permissions.ts and call-history.ts):
const endpoints = API.v1
.get("endpoint.name", {
authRequired: true,
query: compiledAjvValidator,
response: {
200: ajv.compile<ResponseType>({ ... }),
400: validateBadRequestErrorResponse,
401: validateUnauthorizedErrorResponse,
},
}, async function action() { ... });Instead of the legacy:
API.v1.addRoute("endpoint.name", { authRequired: true }, {
async get() { ... }
});Benefits of Migration
- Type-safe response schemas — enables OpenAPI spec generation
- Standardized error responses (400, 401, 403)
- AJV validation instead of Meteor
check() or no validation
- Chained route definitions with proper TypeScript inference
- Better developer experience with auto-generated API documentation
Suggested Approach
Migrate files incrementally, starting with smaller endpoints:
instances.ts (1 route, 45 lines) — easiest startpresence.ts (3 routes) — small scopestats.ts (3 routes) — small scopeldap.ts (2 routes) — small scopepush.ts (4 routes, replace check())email-inbox.ts (5 routes, replace check(), address TODOs)roles.ts (6 routes) — medium scope- Remaining larger files
Related
- Reference implementation:
apps/meteor/app/api/server/v1/permissions.ts
- Type definitions:
packages/rest-typings/src/v1/
- API framework:
apps/meteor/app/api/server/ApiClass.ts
Additional Context
This is part of the broader effort to standardize Rocket.Chat's REST API definitions to enable automatic OpenAPI documentation generation.
Problem Statement
14 REST API v1 endpoint files still lack
validateParamsvalidation and use either the legacycheck()function or no validation at all. These files use the oldAPI.v1.addRoute()pattern instead of the new chained.get()/.post()pattern with typed response schemas.Migration Status
call-history.tscommands.tscustom-sounds.tsemail-inbox.tsinstances.tsldap.tsoauthapps.tspermissions.tspresence.tspush.tsroles.tsstats.tsuploads.tsExpected Behavior
All API v1 endpoints should follow the new chained API pattern (as seen in
permissions.tsandcall-history.ts):Instead of the legacy:
Benefits of Migration
check()or no validationSuggested Approach
Migrate files incrementally, starting with smaller endpoints:
instances.ts(1 route, 45 lines) — easiest startpresence.ts(3 routes) — small scopestats.ts(3 routes) — small scopeldap.ts(2 routes) — small scopepush.ts(4 routes, replacecheck())email-inbox.ts(5 routes, replacecheck(), address TODOs)roles.ts(6 routes) — medium scopeRelated
apps/meteor/app/api/server/v1/permissions.tspackages/rest-typings/src/v1/apps/meteor/app/api/server/ApiClass.tsAdditional Context
This is part of the broader effort to standardize Rocket.Chat's REST API definitions to enable automatic OpenAPI documentation generation.