feat: add 'x-visibility' extension property to OpenAPI spec

[hacksparrow]

Add x-visibility extension property to OpenAPI spec.

Addresses #1874.

Checklist

• npm test passes on your machine
• New tests added or existing tests modified to cover all changes
• Code conforms with the style guide
• API Documentation in code was updated
• Documentation in /docs/site was updated
• Affected artifact templates in packages/cli were updated
• Affected example projects in examples/* were updated

[bajtos]

Great start, let's polish the details now.

[bajtos]

Please use reverse logic + early return to make the code easier to follow and less nested.

if (route.spec['x-internal']) continue;

[bajtos]

Let's use the recently introduced sugar API instead of calling new Route.

server.route('get', '/greet', {'x-internal': true, /*...*/}, greet);

[hacksparrow]

VSC is complaining No overload expects 4 arguments, but overloads do exist that expect either 1 or 6 arguments..

Did you mean something like this?

server.route('get', '/greet', spec, MyController, factory, 'greet');

We'll have to create MyController and factory, in that case. It adds more to the test code.

[bajtos]

I opened a pull request to fix that problem, see #1898

[bajtos]

This change is not strictly necessary because OperationObject type already supports arbitrary extension (additional properties). Having said that, I see how LB4OperationObject can be useful because it allows IDEs like VisualStudio Code to offer auto-completion and also the compiler can check that developers don't assign a non-boolean value to this extension by a mistake.

So, if we want to keep LB4OperationObject, then please find other places in our public API that are accepting OperationObject and change them accordingly. Few examples to get you started:

• @operation decorator and verb-based shortcuts like @get
• server.route() method
• Route and ControllerRoute classes (and their constructors)

[hacksparrow]

Let's keep it and update the references.

[hacksparrow]

Replacing OperationObject with LB4OperationObject in all instances is not easy, let's not do it in this PR. So, for not let's keep it as such. Reverting to readonly spec: OperationObject.

[bajtos]

please preserve this empty line - it serves as a visual delimiter

[bajtos]

please preserve this empty line - it serves as a visual delimiter to make the code easier to read (skim through)

[bajtos]

Please replace server.route(new Route(...)) to server.route(...), see #1898

[raymondfeng]

I don't think x-internal reflects the purpose very well. Do we want to hide the route from OpenAPI spec or completely disable the route? I see a few options here:

• private (hidden from the spec and reports 404 error for the route)
• unlisted (hidden from the spec, but the route is still accessible)

[hacksparrow]

We just want to hide the route from OpenAPI spec, so unlisted is what we want.

What purpose could a route that's hidden from the spec and 404s, serve?

@bajtos, thoughts on @raymondfeng's suggestions?

[bajtos]

We want to hide the route from the generated OpenAPI spec, but still be available via the REST API for clients that know the route. Example use cases:

• a health endpoint used for DevOps monitoring
• an internal endpoint used by API Explorer to load dynamic configuration for a static-only front-end (we do this in LB 3.x now)
• a catch-all route to serve static files - see fix: optimize serving static files #1848

Personally, I prefer x-hidden: true or x-documented: false most.

[bajtos]

Besides the alternative names offered in my comment in the discussion above, I guess I can live with x-unlisted or even x-internal too, although I find them less descriptive than my proposals.

The rest of the patch looks good to me.

[hacksparrow]

So @raymondfeng what about x-hidden: true or x-documented: false?

[raymondfeng]

Maybe something like x-visibility: unlisted or x-visibility: undocumented? This way, we can extend the values in the future.

[bajtos]

Let's go with x-visibility: undocumented then 👍