feat: Add OpenAPI Support to e2e.getUsersOfRoomWithoutKey API

[ahmed-n-abdeltwab]

Description:
This PR integrates OpenAPI support into the Rocket.Chat API, migrate of Rocket.Chat API endpoints to the new OpenAPI pattern. The update includes improved API documentation, enhanced type safety, and response validation using AJV.

Key Changes:

• Implemented the new pattern and added AJV-based JSON schema validation for API.
• Uses the ExtractRoutesFromAPI utility from the TypeScript definitions to dynamically derive the routes from the endpoint specifications.
• Enabled Swagger UI integration for this API.
• Route Methods Chaining for the endpoints.
• This does not introduce any breaking changes to the endpoint logic.

Issue Reference:
Relates to #34983, part of the ongoing OpenAPI integration effort.

Testing:

• Verified that the API response schemas are correctly documented in Swagger UI.
• All tests passed without any breaking changes

$ 
    

Endpoints:

• Get Users of Room Without E2E key

Looking forward to your feedback! 🚀

Summary by CodeRabbit

• New Features

  • Added OpenAPI support for e2e endpoints to improve API documentation and response validation.

• Refactor

  • Modernized route definitions and reorganized endpoint handling for clarity and maintainability.
  • Improved request/response validation to strengthen type safety.

• Chores

  • Bumped patch version metadata in release documentation.

• Breaking Changes

  • Adjusted public typings surface for e2e endpoints (some exported typing modules were removed).

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 3b21ab3

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 40 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/api-client	Patch
@rocket.chat/core-services	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/http-router	Patch
@rocket.chat/models	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/abac	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/livechat	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/cron	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/apps	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/license	Patch
@rocket.chat/pdf-worker	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.54%. Comparing base (b08592e) to head (3b21ab3).
⚠️ Report is 47 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #36786      +/-   ##
===========================================
- Coverage    70.58%   70.54%   -0.05%     
===========================================
  Files         3178     3189      +11     
  Lines       111796   112703     +907     
  Branches     20213    20392     +179     
===========================================
+ Hits         78914    79507     +593     
- Misses       30831    31131     +300     
- Partials      2051     2065      +14     

Flag	Coverage Δ
e2e	60.36% <ø> (-0.05%)	⬇️
e2e-api	47.82% <ø> (-1.04%)	⬇️
unit	71.52% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[ahmed-n-abdeltwab]

👍 @cardoso

[cardoso]

@ggazzo 👍

[ahmed-n-abdeltwab]

Looks fine

[coderabbitai]

Walkthrough

Parameter validation and AJV schemas for the e2e.getUsersOfRoomWithoutKey endpoint were moved from the shared typings package into the Meteor app; the app now defines local types, schemas, and validators and registers a new GET route while the shared rest-typings export and endpoint entry were removed.

Changes

Cohort / File(s)	Summary
App endpoint changes apps/meteor/app/api/server/v1/e2e.ts	Added local type e2eGetUsersOfRoomWithoutKeyParamsGET, JSON schema, and AJV validator; introduced GET e2e.getUsersOfRoomWithoutKey route using getUsersOfRoomWithoutKeyMethod(this.userId, rid); retained POST e2e.setRoomKeyID and an alias e2e.fetchMyKeys route.
Rest-typings index cleanup packages/rest-typings/src/index.ts	Removed the export of the parameter module for e2eGetUsersOfRoomWithoutKeyParamsGET from the public exports.
Rest-typings endpoint removal packages/rest-typings/src/v1/e2e.ts	Deleted the /v1/e2e.getUsersOfRoomWithoutKey entry from E2eEndpoints (removed its GET signature and response type).
Removed parameter module packages/rest-typings/src/v1/e2e/e2eGetUsersOfRoomWithoutKeyParamsGET.ts	Deleted file containing the exported type, AJV schema, and compiled validator for the endpoint query params.
Changeset .changeset/nice-squids-smoke.md	Bumped patch versions and documented migration to OpenAPI/chained route syntax for the e2e endpoints.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped the schema across the ridge,

left the shared crate and moved to the bridge.
Local validators hum, keys skip a beat,
endpoints aligned — the flow is neat.
🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: Add OpenAPI Support to e2e.getUsersOfRoomWithoutKey API' clearly and specifically describes the main objective of the PR: adding OpenAPI support to a specific e2e endpoint, which aligns with all the changes across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

apps/meteor/app/api/server/v1/e2e.ts (1)

264-295: Consider extracting a shared {rid} validator instead of reusing the GET-specific one.

ise2eGetUsersOfRoomWithoutKeyParamsGET is semantically named for a specific GET endpoint's query params, but it's used as validateParams for two unrelated POST routes. Extracting a generic validator (e.g. isRidParam) would remove the misleading name and make the intent of all three consumers clearer.

♻️ Suggested refactor

+const isRidParam = ajv.compile<{ rid: string }>({
+	type: 'object',
+	properties: {
+		rid: { type: 'string' },
+	},
+	additionalProperties: false,
+	required: ['rid'],
+});
+
-const ise2eGetUsersOfRoomWithoutKeyParamsGET = ajv.compile<e2eGetUsersOfRoomWithoutKeyParamsGET>(
-	e2eGetUsersOfRoomWithoutKeyParamsGETSchema,
-);
+const ise2eGetUsersOfRoomWithoutKeyParamsGET = ajv.compile<e2eGetUsersOfRoomWithoutKeyParamsGET>(
+	e2eGetUsersOfRoomWithoutKeyParamsGETSchema,
+);

Then replace validateParams: ise2eGetUsersOfRoomWithoutKeyParamsGET with validateParams: isRidParam at Lines 268 and 285.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/meteor/app/api/server/v1/e2e.ts` around lines 264 - 295, The validator
ise2eGetUsersOfRoomWithoutKeyParamsGET is misleadingly named for GET query
params but is being reused in the POST routes e2e.acceptSuggestedGroupKey and
e2e.rejectSuggestedGroupKey; extract a small generic validator (e.g.,
isRidParam) that validates the { rid } POST body param and replace
validateParams: ise2eGetUsersOfRoomWithoutKeyParamsGET with validateParams:
isRidParam in the handlers that call handleSuggestedGroupKey so the intent and
naming are correct across all consumers.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3664495 and 3b21ab3.

📒 Files selected for processing (2)

• .changeset/nice-squids-smoke.md
• apps/meteor/app/api/server/v1/e2e.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• .changeset/nice-squids-smoke.md

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/app/api/server/v1/e2e.ts

🧠 Learnings (4)

📓 Common learnings

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings (mapping subscription documents to room IDs), never undefined, even when user has no room subscriptions.

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings by mapping subscription documents to room IDs, never undefined, even when user has no room subscriptions.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: UserBridge.doGetUserRoomIds in packages/apps-engine/src/server/bridges/UserBridge.ts has a bug where it implicitly returns undefined when the app lacks read permission (missing return statement in the else case of the permission check).

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

📚 Learning: 2025-10-28T16:53:42.761Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

• apps/meteor/app/api/server/v1/e2e.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings by mapping subscription documents to room IDs, never undefined, even when user has no room subscriptions.

Applied to files:

• apps/meteor/app/api/server/v1/e2e.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings (mapping subscription documents to room IDs), never undefined, even when user has no room subscriptions.

Applied to files:

• apps/meteor/app/api/server/v1/e2e.ts

🧬 Code graph analysis (1)

apps/meteor/app/api/server/v1/e2e.ts (2)

packages/rest-typings/src/v1/Ajv.ts (3)

• ajv (24-24)
• validateBadRequestErrorResponse (47-47)
• validateUnauthorizedErrorResponse (70-70)

apps/meteor/app/api/server/index.ts (1)

• API (52-52)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build

🔇 Additional comments (2)

apps/meteor/app/api/server/v1/e2e.ts (2)

139-141: No issues found. The method returns { users: Pick<IUser, '_id' | 'e2e'>[] } as declared, which is the correct shape for API.v1.success(result) to produce { users: [...], success: true } matching the declared 200 response schema.

---

81-87: This follows the established codebase pattern for response validators.

The ajv.compile<void> usage is consistent with 15+ existing instances across the codebase, including in rest-typings. Response validators are used for runtime schema validation in API response definitions, not as TypeScript type guards. The pattern is intentional and established, so this change aligns with existing conventions.

Likely an incorrect or invalid review comment.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@apps/meteor/app/api/server/v1/e2e.ts`:
- Around line 264-295: The validator ise2eGetUsersOfRoomWithoutKeyParamsGET is
misleadingly named for GET query params but is being reused in the POST routes
e2e.acceptSuggestedGroupKey and e2e.rejectSuggestedGroupKey; extract a small
generic validator (e.g., isRidParam) that validates the { rid } POST body param
and replace validateParams: ise2eGetUsersOfRoomWithoutKeyParamsGET with
validateParams: isRidParam in the handlers that call handleSuggestedGroupKey so
the intent and naming are correct across all consumers.