Simplify OpenAPI workspace schema #2769
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
WalkthroughReplaces module-level Zod schemas with inline schemas in Shopify and Stripe integration routes. Expands the Workspaces PATCH API to accept and validate allowedHostnames and publishableKey, updates persistence, and synchronizes hostname cache. OpenAPI spec now derives update body from createWorkspaceSchema.partial(). Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant C as Client
participant R as Workspaces PATCH Route
participant Z as Zod Schema
participant V as validateAllowedHostnames
participant DB as Database
participant Cache as allowedHostnamesCache (bg)
C->>R: PATCH /api/workspaces/:idOrSlug { body }
R->>Z: parseAsync(body) using extended update schema
Z-->>R: parsed { ...allowedHostnames?, publishableKey? }
alt allowedHostnames provided
R->>V: validate(allowedHostnames)
V-->>R: validHostnames
end
R->>DB: Update workspace (fields incl. publishableKey?, validHostnames?)
DB-->>R: Updated record
note over R: Trigger background cache sync if hostnames changed
R-->>Cache: sync(validHostnames) [async]
R-->>C: 200 OK (updated workspace)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested reviewers
Poem
Tip 🔌 Remote MCP (Model Context Protocol) integration is now available!Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats. ✨ Finishing Touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
apps/web/app/api/workspaces/[idOrSlug]/route.ts (2)
132-141: Guard defaultWorkspace updates when slug is undefinedIf slug is omitted, slug !== workspace.slug evaluates true and attempts to set defaultWorkspace to undefined. Guard for a provided string.
- if (slug !== workspace.slug) { + if (typeof slug === "string" && slug !== workspace.slug) { await prisma.user.updateMany({ where: { defaultWorkspace: workspace.slug, }, data: { defaultWorkspace: slug, }, }); }
172-180: flags are being added but parsed against WorkspaceSchema (likely stripped)WorkspaceSchema probably doesn’t include flags/domains, so parse will drop flags. Use WorkspaceSchemaExtended to keep response parity with GET.
- return NextResponse.json( - WorkspaceSchema.parse({ + return NextResponse.json( + WorkspaceSchemaExtended.parse({ ...response, id: prefixWorkspaceId(response.id), flags: await getFeatureFlags({ workspaceId: response.id, }), }), );
🧹 Nitpick comments (3)
apps/web/app/(ee)/api/shopify/integration/callback/route.ts (1)
15-19: Inline Zod schema usage looks good; consider using the shared z instanceValidation change is fine. For consistency (and to keep any OpenAPI/brand/type extensions applied in "@/lib/zod"), consider importing z from "@/lib/zod" instead of zod directly (Line 9).
Example import outside the changed hunk:
import z from "@/lib/zod";apps/web/app/api/workspaces/[idOrSlug]/route.ts (2)
21-34: Nit: simplify nullable union for publishableKeyEquivalent and shorter using nullable().
- publishableKey: z - .union([ - z - .string() - .regex( - /^dub_pk_[A-Za-z0-9_-]{16,64}$/, - "Invalid publishable key format", - ), - z.null(), - ]) - .optional(), + publishableKey: z + .string() + .regex(/^dub_pk_[A-Za-z0-9_-]{16,64}$/, "Invalid publishable key format") + .nullable() + .optional(),
97-103: Avoid orphaned uploads on DB failureThe file is uploaded before the DB update; if update throws, the new blob isn’t cleaned up. Consider: upload after a successful update, or capture the new key and delete it in the catch path; alternatively, perform a two-phase update or transactional outbox.
Also applies to: 143-147
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (4)
apps/web/app/(ee)/api/shopify/integration/callback/route.ts(1 hunks)apps/web/app/(ee)/api/stripe/integration/route.ts(1 hunks)apps/web/app/api/workspaces/[idOrSlug]/route.ts(2 hunks)apps/web/lib/openapi/workspaces/update-workspace.ts(2 hunks)
🧰 Additional context used
🧬 Code graph analysis (2)
apps/web/lib/openapi/workspaces/update-workspace.ts (1)
apps/web/lib/zod/schemas/workspaces.ts (1)
createWorkspaceSchema(130-146)
apps/web/app/api/workspaces/[idOrSlug]/route.ts (1)
apps/web/lib/zod/schemas/workspaces.ts (2)
updateWorkspaceSchema(148-161)createWorkspaceSchema(130-146)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: build
🔇 Additional comments (1)
apps/web/app/(ee)/api/stripe/integration/route.ts (1)
21-25: Inline Zod schema usage looks goodLocalizing validation with an inline schema improves readability and removes unnecessary module coupling. No functional concerns here.
| const updateWorkspaceSchema = createWorkspaceSchema.extend({ | ||
| allowedHostnames: z.array(z.string()).optional(), | ||
| publishableKey: z | ||
| .union([ | ||
| z | ||
| .string() | ||
| .regex( | ||
| /^dub_pk_[A-Za-z0-9_-]{16,64}$/, | ||
| "Invalid publishable key format", | ||
| ), | ||
| z.null(), | ||
| ]) | ||
| .optional(), | ||
| }); |
There was a problem hiding this comment.
PATCH schema accidentally requires create-time fields (missing partial())
Using createWorkspaceSchema.extend(...) makes name/slug required for PATCH. This will break partial updates.
Apply this diff:
-const updateWorkspaceSchema = createWorkspaceSchema.extend({
+const updateWorkspaceSchema = createWorkspaceSchema.partial().extend({
allowedHostnames: z.array(z.string()).optional(),
- publishableKey: z
- .union([
- z
- .string()
- .regex(
- /^dub_pk_[A-Za-z0-9_-]{16,64}$/,
- "Invalid publishable key format",
- ),
- z.null(),
- ])
- .optional(),
+ publishableKey: z
+ .union([
+ z
+ .string()
+ .regex(
+ /^dub_pk_[A-Za-z0-9_-]{16,64}$/,
+ "Invalid publishable key format",
+ ),
+ z.null(),
+ ])
+ .optional(),
});📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const updateWorkspaceSchema = createWorkspaceSchema.extend({ | |
| allowedHostnames: z.array(z.string()).optional(), | |
| publishableKey: z | |
| .union([ | |
| z | |
| .string() | |
| .regex( | |
| /^dub_pk_[A-Za-z0-9_-]{16,64}$/, | |
| "Invalid publishable key format", | |
| ), | |
| z.null(), | |
| ]) | |
| .optional(), | |
| }); | |
| const updateWorkspaceSchema = createWorkspaceSchema.partial().extend({ | |
| allowedHostnames: z.array(z.string()).optional(), | |
| publishableKey: z | |
| .union([ | |
| z | |
| .string() | |
| .regex( | |
| /^dub_pk_[A-Za-z0-9_-]{16,64}$/, | |
| "Invalid publishable key format", | |
| ), | |
| z.null(), | |
| ]) | |
| .optional(), | |
| }); |
🤖 Prompt for AI Agents
In apps/web/app/api/workspaces/[idOrSlug]/route.ts around lines 21 to 34, the
PATCH schema currently extends createWorkspaceSchema which keeps create-only
fields like name/slug required; change to use createWorkspaceSchema.partial()
before extending so all base fields become optional (e.g.,
createWorkspaceSchema.partial().extend({...})), keeping your existing
allowedHostnames and publishableKey definitions unchanged so PATCH accepts
partial updates.
| content: { | ||
| "application/json": { | ||
| schema: updateWorkspaceSchema, | ||
| schema: createWorkspaceSchema.partial(), |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
OpenAPI request schema is now missing fields supported by the route (allowedHostnames, publishableKey)
The PATCH route accepts allowedHostnames and publishableKey, but the spec now exposes only createWorkspaceSchema.partial(). Clients generated from this spec won’t be able to send these fields.
Apply this diff to align the OpenAPI schema with the route:
- schema: createWorkspaceSchema.partial(),
+ schema: createWorkspaceSchema
+ .partial()
+ .extend({
+ allowedHostnames: z.array(z.string()).optional(),
+ publishableKey: z
+ .union([
+ z
+ .string()
+ .regex(
+ /^dub_pk_[A-Za-z0-9_-]{16,64}$/,
+ "Invalid publishable key format",
+ ),
+ z.null(),
+ ])
+ .optional(),
+ }),Run this script to confirm the spec and route are in sync (prints occurrences for both files):
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Route fields:"
rg -n -C2 'allowedHostnames|publishableKey' apps/web/app/api/workspaces/\[idOrSlug\]/route.ts
echo
echo "OpenAPI fields:"
rg -n -C2 'allowedHostnames|publishableKey' apps/web/lib/openapi/workspaces/update-workspace.ts || echo "No matches in OpenAPI (mismatch)"Length of output: 2154
Missing allowedHostnames & publishableKey in OpenAPI schema
The OpenAPI definition in apps/web/lib/openapi/workspaces/update-workspace.ts still uses only createWorkspaceSchema.partial(), but the PATCH route (in apps/web/app/api/workspaces/[idOrSlug]/route.ts) accepts both allowedHostnames and publishableKey (as confirmed by your ripgrep output). Clients generated from this spec won’t be able to send those fields.
• File: apps/web/lib/openapi/workspaces/update-workspace.ts at the schema: definition (around line 25)
Apply this change to include the missing fields:
- schema: createWorkspaceSchema.partial(),
+ schema: createWorkspaceSchema
+ .partial()
+ .extend({
+ allowedHostnames: z.array(z.string()).optional(),
+ publishableKey: z
+ .union([
+ z
+ .string()
+ .regex(
+ /^dub_pk_[A-Za-z0-9_-]{16,64}$/,
+ "Invalid publishable key format",
+ ),
+ z.null(),
+ ])
+ .optional(),
+ }),📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| schema: createWorkspaceSchema.partial(), | |
| schema: createWorkspaceSchema | |
| .partial() | |
| .extend({ | |
| allowedHostnames: z.array(z.string()).optional(), | |
| publishableKey: z | |
| .union([ | |
| z | |
| .string() | |
| .regex( | |
| /^dub_pk_[A-Za-z0-9_-]{16,64}$/, | |
| "Invalid publishable key format", | |
| ), | |
| z.null(), | |
| ]) | |
| .optional(), | |
| }), |
🤖 Prompt for AI Agents
In apps/web/lib/openapi/workspaces/update-workspace.ts around line 25, the
OpenAPI schema currently uses createWorkspaceSchema.partial() but omits the
allowedHostnames and publishableKey fields accepted by the PATCH route; update
the schema to include those two fields (as optional) so generated clients can
send them — e.g., extend the partial createWorkspaceSchema with optional
allowedHostnames (array/string type matching your app route) and optional
publishableKey (string), ensuring the Zod/validator types and examples match the
route's expectations and that the overall schema remains a partial
(PATCH-friendly).
Summary by CodeRabbit
New Features
Documentation
Refactor