You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
app.json allows to define an inlined OpenAPI Operation object per endpoint. This is currently ignored in CCF.
The aim of this issue is to determine whether the current approach (inlined Operation object) should be kept, and whether there are any implementation issues.
Inlining has the advantage of being self-contained, and hence not having to deal with sharing schemas between endpoints and dealing with naming conflicts in CCF when combining with built-in endpoints (gov/node).
There are a couple of downsides though, some just concerning end-user readability, others concerning losing of metadata:
As discovered in @Security decorator support for forum sample / tsoa apps #1824, OpenAPI requires security schemes to be defined in the top-level "components" section. Since those schemes cannot be inlined, they will be lost, essentially creating an invalid OpenAPI document, since the "security" fields of each operation will refer to names that are not defined: "Each name MUST correspond to a security scheme which is declared in the Security Schemes under the Components Object."
Same as above, Discriminator objects cannot be used when inlining as they require referencing schemas in components. This feature is useful to (in principle) short-cut validation and produce better error messages for union types. I don't think this feature is widely used and it doesn't hurt much if it gets stripped away. fwiw, tsoa doesn't emit/support it, although of course custom schemas can always be provided.
Inlining body schemas that are used by multiple endpoints, for example error responses, leads to a bigger OpenAPI doc and makes it less readable, since the meaningful schema names are lost. This is not the end of the world but if you were to generate API docs from it it wouldn't be pretty. Generating API clients from such OpenAPI docs (e.g. creating TypeScript interfaces) would also not be as nice, for the same reason.
app.jsonallows to define an inlined OpenAPIOperationobject per endpoint. This is currently ignored in CCF.The aim of this issue is to determine whether the current approach (inlined
Operationobject) should be kept, and whether there are any implementation issues.Inlining has the advantage of being self-contained, and hence not having to deal with sharing schemas between endpoints and dealing with naming conflicts in CCF when combining with built-in endpoints (gov/node).
There are a couple of downsides though, some just concerning end-user readability, others concerning losing of metadata:
"components"section. Since those schemes cannot be inlined, they will be lost, essentially creating an invalid OpenAPI document, since the"security"fields of each operation will refer to names that are not defined: "Each name MUST correspond to a security scheme which is declared in the Security Schemes under the Components Object."Discriminatorobjects cannot be used when inlining as they require referencing schemas incomponents. This feature is useful to (in principle) short-cut validation and produce better error messages for union types. I don't think this feature is widely used and it doesn't hurt much if it gets stripped away. fwiw, tsoa doesn't emit/support it, although of course custom schemas can always be provided.