Invalid OpenAPI 3.0 Spec Generation - Multiple Schema Violations #19
Description
The Swagger/OpenAPI spec generated by @bitwild/rockets-auth and @bitwild/rockets modules produces an invalid OpenAPI 3.0 specification that fails validation in tools like
https://orval.dev/.
Issues Found
- Mixed OpenAPI 2.0/3.0 Response Format
Response objects contain both schema (OpenAPI 2.0 style) and content (OpenAPI 3.0 style) simultaneously:
"responses": {
"200": {
"description": "Read-One UserDto",
"schema": {},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserDto"
}
}
}
}
} Expected: Only content should be present for OpenAPI 3.0 specs.
- Duplicate Path Parameters
Endpoints like /admin/users/{id} have the id path parameter defined multiple times in the parameters array:
"parameters": [
{ "name": "id", "in": "path", "required": true, "schema": { "type": "string" } },
{ "name": "fields", "in": "query", ... },
{ "name": "id", "required": true, "in": "path", "schema": { "type": "string" } }
] Error: uniqueItems must NOT have duplicate items
- Missing Path Parameters
Some endpoints with path variables (e.g., /admin/roles/{id}) have an empty parameters array despite requiring the id parameter:
"/admin/roles/{id}": {
"patch": {
"operationId": "admin_roles_updateOne",
"parameters": [],
...
}
} Error: The path params id can't be found in parameters
Affected Endpoints
- /admin/users/{id} (GET, PATCH, DELETE)
- /admin/roles/{id} (GET, PATCH, DELETE)
- /admin/users/{userId}/roles
- Other admin CRUD endpoints