CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-04 21:04:37 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[Fix] [Docs]: Exclude Unavailable Routes from API Reference (#1550)
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Details
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
Details
DB migration compat / Check if migrations changed (push) Has been cancelled
Details
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Details
Docker Server Build and Run / docker (push) Has been cancelled
Details
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Details
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Details
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Details
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Details
Runs E2E Fallback Tests / E2E Fallback Tests (Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Details
Lint & build / lint_and_build (24) (push) Has been cancelled
Details
TOC Generator / TOC Generator (push) Has been cancelled
Details
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
Details
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
Details
DB migration compat / No migration changes (skipped) (push) Has been cancelled
Details

Browse Source 
### Summary of Changes
Some routes were made visible that aren't actually accessible.
We fix that


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Hide internal `/internal/*` routes from the generated API reference so
docs only show endpoints that are actually accessible. Aligns the docs
with the requirement to hide internal API routes.

- **Bug Fixes**
- Added an explicit filter in `parseOpenAPI` to exclude `/internal`
paths for all audiences.
- Regenerated `docs-mintlify/openapi/{admin,client,server}.json` to
remove internal endpoints.
  - No runtime/API changes; docs only.

<sup>Written for commit c7b356a9b1.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1550?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added OAuth authentication endpoints for provider authorization and
token exchange.
* Expanded OAuth provider management with updated schema and additional
configuration options.

* **Bug Fixes**
  * Internal endpoints no longer appear in public API documentation.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: aman <aman@stack-auth.com>
This commit is contained in:
Aman Ganapathy 2026-06-03 19:37:06 -07:00 committed by GitHub
parent c14a9dd3d0
commit 45f8c7f5c4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 9 additions and 5596 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/backend/src/lib/openapi.tsx
View File

@ -8,6 +8,10 @@ import { typedEntries, typedFromEntries } from '@hexclave/shared/dist/utils/obje
import { deindent, stringCompare } from '@hexclave/shared/dist/utils/strings';
import * as yup from 'yup';
function isInternalApiPath(path: string) {
return path === '/internal' || path.startsWith('/internal/');
}
export function parseOpenAPI(options: {
endpoints: Map<string, Map<HttpMethod, SmartRouteHandler>>,
audience: 'client' | 'server' | 'admin',
@ -25,6 +29,11 @@ export function parseOpenAPI(options: {
}],
paths: Object.fromEntries(
[...options.endpoints]
// `/internal/*` routes are scoped to the internal Hexclave project (project.id === "internal")
// and are not part of the public API. Many of them use a permissive auth.type (e.g. adaptSchema),
// so the per-audience heuristic below does not exclude them; filter them out explicitly here so
// they never leak into the public API reference, regardless of their individual route metadata.
.filter(([path]) => !isInternalApiPath(path))
.map(([path, handlersByMethod]) => (
[path, Object.fromEntries(
[...handlersByMethod]

1688
docs-mintlify/openapi/admin.json
View File

File diff suppressed because it is too large Load Diff

2272
docs-mintlify/openapi/client.json
View File

File diff suppressed because it is too large Load Diff

1636
docs-mintlify/openapi/server.json
View File

File diff suppressed because it is too large Load Diff