chore: migrate rooms.hide and rooms.open to OpenAPI-compliant pattern

[Verifieddanny]

Migrate rooms.hide and rooms.open to OpenAPI-compliant pattern

Overview

Migrated rooms.hide and rooms.open REST API endpoints from the legacy API.v1.addRoute() pattern to the new chainable .post() pattern with full OpenAPI compliance, AJV validation, and typed response schemas.

This continues the ongoing effort to migrate all REST endpoints to the OpenAPI-compliant format tracked in RocketChat/Rocket.Chat-Open-API#150.

Changes

rooms.hide endpoint (POST /api/v1/rooms.hide)

• Converted from API.v1.addRoute('rooms.hide', ...) to chainable .post('rooms.hide', ...) pattern
• Retained existing isRoomsHideProps body validator for request validation
• Added typed response schemas:
  • 200: { success: true } — room successfully hidden
  • 400: Bad request error response (invalid roomId, room already hidden, invalid user)
  • 401: Unauthorized error response
• Preserved all existing business logic: room access check via canAccessRoomIdAsync, user existence validation, and hideRoomMethod call with mod count check

rooms.open endpoint (POST /api/v1/rooms.open)

• Converted from API.v1.addRoute('rooms.open', ...) to chainable .post('rooms.open', ...) pattern
• Retained existing isRoomsOpenProps body validator for request validation
• Added typed response schemas:
  • 200: { success: true } — room successfully opened
  • 400: Bad request error response
  • 401: Unauthorized error response
• Preserved existing business logic: calls openRoom(userId, roomId)

rest-typings cleanup

• Removed manual type definitions for both endpoints from rest-typings package
• Types are now auto-generated via ExtractRoutesFromAPI from the endpoint definitions themselves

Testing

rooms.hide

1. Open Swagger UI at http://localhost:3000/api-docs/
2. Navigate to POST /api/v1/rooms.hide
3. Execute with body:

{
  "roomId": "<valid-room-id>"
}

4. Returns 200 with { "success": true }
5. Calling again on same room returns 400 with error-room-already-hidden
6. Calling with invalid roomId returns 400
7. Calling without auth returns 401

rooms.open

1. Navigate to POST /api/v1/rooms.open
2. Execute with body:

{
  "roomId": "<valid-room-id>"
}

3. Returns 200 with { "success": true }
4. Calling without auth returns 401

Screenshots

rooms.hide request and response

rooms..open request and response

Related

• Tracking PR: [NOMERGE] feat: openapi migration progress Rocket.Chat-Open-API#150
• Previous migration (rooms.leave): chore: migrate rooms.leave endpoint to new OpenAPI pattern with AJV validation #38957 (merged)

Summary by CodeRabbit

• Refactor
  • Updated internal API structure for rooms.open and rooms.hide endpoints with enhanced validation and structured response schemas. Functionality remains unchanged.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 7591ff7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 41 packages

Name	Type
@rocket.chat/meteor	Minor
@rocket.chat/rest-typings	Minor
@rocket.chat/api-client	Patch
@rocket.chat/core-services	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/http-router	Patch
@rocket.chat/models	Patch
@rocket.chat/ui-contexts	Major
@rocket.chat/web-ui-registration	Major
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/abac	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/livechat	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/cron	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch
@rocket.chat/server-fetch	Patch
@rocket.chat/ui-client	Major
@rocket.chat/media-calls	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/fuselage-ui-kit	Major
@rocket.chat/gazzodown	Major
@rocket.chat/ui-avatar	Major
@rocket.chat/ui-video-conf	Major
@rocket.chat/ui-voip	Major
@rocket.chat/core-typings	Minor
@rocket.chat/apps	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/license	Patch
@rocket.chat/pdf-worker	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Migrates the rooms.open and rooms.hide endpoints from the legacy API routing pattern to a new OpenAPI-compliant structure with AJV validation and response schemas. The functionality remains unchanged; endpoints are relocated and restructured with explicit status codes and validation rules.

Changes

Cohort / File(s)	Summary
Changeset & Documentation .changeset/chore-mirgrate-room-hide-room-open.md	New changeset documenting the migration to OpenAPI-compliant pattern with AJV validation; bumps @rocket.chat/meteor and @rocket.chat/rest-typings to minor versions.
API Endpoints Migration apps/meteor/app/api/server/v1/rooms.ts	Relocates POST rooms.open and POST rooms.hide from public route definitions into roomEndpoints factory; adds response schemas (200/400/401) and maintains identical authorization, validation, and business logic.
Type Definitions Cleanup packages/rest-typings/src/v1/rooms.ts	Removes endpoint type mappings for /v1/rooms.open and /v1/rooms.hide from RoomsEndpoints.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

type: chore

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: migrating rooms.hide and rooms.open endpoints to an OpenAPI-compliant pattern, which is the core objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.changeset/chore-mirgrate-room-hide-room-open.md (1)

1-8: Minor typo in changeset filename.

The filename contains a typo: chore-mirgrate-room-hide-room-open.md should be chore-migrate-room-hide-room-open.md ("mirgrate" → "migrate").

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.changeset/chore-mirgrate-room-hide-room-open.md around lines 1 - 8, The
changeset filename has a typo ("mirgrate" → "migrate"); rename the file
.changeset/chore-mirgrate-room-hide-room-open.md to
.changeset/chore-migrate-room-hide-room-open.md, update any references to that
filename in CI or release tooling if present, commit the rename (git mv ...) so
history is preserved, and ensure the changeset content (the header and body)
remains unchanged other than the filename correction.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/meteor/app/api/server/v1/rooms.ts`:
- Line 1175: Fix the typo in the query options for Users.findOneById: change the
option key from "projections" to the correct Mongo/Mongoose key "projection" so
the call Users.findOneById(this.userId, { projection: { _id: 1 } }) actually
returns only the _id; update the invocation in the surrounding function to use
"projection" wherever "projections" appears.

---

Nitpick comments:
In @.changeset/chore-mirgrate-room-hide-room-open.md:
- Around line 1-8: The changeset filename has a typo ("mirgrate" → "migrate");
rename the file .changeset/chore-mirgrate-room-hide-room-open.md to
.changeset/chore-migrate-room-hide-room-open.md, update any references to that
filename in CI or release tooling if present, commit the rename (git mv ...) so
history is preserved, and ensure the changeset content (the header and body)
remains unchanged other than the filename correction.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fea32db and e05c7cb.

📒 Files selected for processing (3)

• .changeset/chore-mirgrate-room-hide-room-open.md
• apps/meteor/app/api/server/v1/rooms.ts
• packages/rest-typings/src/v1/rooms.ts

💤 Files with no reviewable changes (1)

• packages/rest-typings/src/v1/rooms.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: cubic · AI code reviewer
• GitHub Check: CodeQL-Build

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/app/api/server/v1/rooms.ts

🧠 Learnings (9)

📓 Common learnings

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38974
File: apps/meteor/app/api/server/v1/im.ts:220-221
Timestamp: 2026-02-24T19:09:09.561Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs for apps/meteor/app/api/server/v1 endpoints, maintainers prefer to avoid any logic changes; style-only cleanups (like removing inline comments) may be deferred to follow-ups to keep scope tight.

Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 35995
File: apps/meteor/app/api/server/v1/rooms.ts:1107-1112
Timestamp: 2026-02-23T17:53:18.785Z
Learning: In Rocket.Chat PR reviews, maintain strict scope boundaries—when a PR is focused on a specific endpoint (e.g., rooms.favorite), avoid reviewing or suggesting changes to other endpoints that were incidentally refactored (e.g., rooms.invite) unless explicitly requested by maintainers.

📚 Learning: 2026-02-24T19:09:09.561Z

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38974
File: apps/meteor/app/api/server/v1/im.ts:220-221
Timestamp: 2026-02-24T19:09:09.561Z
Learning: In RocketChat/Rocket.Chat OpenAPI migration PRs for apps/meteor/app/api/server/v1 endpoints, maintainers prefer to avoid any logic changes; style-only cleanups (like removing inline comments) may be deferred to follow-ups to keep scope tight.

Applied to files:

• .changeset/chore-mirgrate-room-hide-room-open.md

📚 Learning: 2025-10-28T16:53:42.761Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

• .changeset/chore-mirgrate-room-hide-room-open.md
• apps/meteor/app/api/server/v1/rooms.ts

📚 Learning: 2026-02-24T19:05:56.710Z

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 0
File: :0-0
Timestamp: 2026-02-24T19:05:56.710Z
Learning: Rocket.Chat repo context: When a workspace manifest on develop already pins a dependency version (e.g., packages/web-ui-registration → "rocket.chat/ui-contexts": "27.0.1"), a lockfile change in a feature PR that upgrades only that dependency’s resolution is considered a manifest-driven sync and can be kept, preferably as a small "chore: sync yarn.lock with manifests" commit.

Applied to files:

• .changeset/chore-mirgrate-room-hide-room-open.md

📚 Learning: 2026-02-23T17:53:18.785Z

Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 35995
File: apps/meteor/app/api/server/v1/rooms.ts:1107-1112
Timestamp: 2026-02-23T17:53:18.785Z
Learning: In Rocket.Chat PR reviews, maintain strict scope boundaries—when a PR is focused on a specific endpoint (e.g., rooms.favorite), avoid reviewing or suggesting changes to other endpoints that were incidentally refactored (e.g., rooms.invite) unless explicitly requested by maintainers.

Applied to files:

• .changeset/chore-mirgrate-room-hide-room-open.md

📚 Learning: 2026-02-25T20:10:07.657Z

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38913
File: packages/ddp-client/src/legacy/types/SDKLegacy.ts:34-34
Timestamp: 2026-02-25T20:10:07.657Z
Learning: In the RocketChat/Rocket.Chat monorepo, packages/ddp-client and apps/meteor do not use TypeScript project references. Module augmentations in apps/meteor (e.g., declare module 'rocket.chat/rest-typings') are not visible when compiling packages/ddp-client in isolation, which is why legacy SDK methods that depend on OperationResult types for OpenAPI-migrated endpoints must remain commented out.

Applied to files:

• .changeset/chore-mirgrate-room-hide-room-open.md

📚 Learning: 2026-02-24T19:09:01.522Z

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38974
File: apps/meteor/app/api/server/v1/im.ts:220-221
Timestamp: 2026-02-24T19:09:01.522Z
Learning: In Rocket.Chat OpenAPI migration PRs for endpoints under apps/meteor/app/api/server/v1, avoid introducing logic changes. Only perform scope-tight changes that preserve behavior; style-only cleanups (e.g., removing inline comments) may be deferred to follow-ups to keep the migration PR focused.

Applied to files:

• apps/meteor/app/api/server/v1/rooms.ts

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/app/api/server/v1/rooms.ts

📚 Learning: 2026-02-23T17:53:06.802Z

Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 35995
File: apps/meteor/app/api/server/v1/rooms.ts:1107-1112
Timestamp: 2026-02-23T17:53:06.802Z
Learning: During PR reviews that touch endpoint files under apps/meteor/app/api/server/v1, enforce strict scope: if a PR targets a specific endpoint (e.g., rooms.favorite), do not propose changes to unrelated endpoints (e.g., rooms.invite) unless maintainers explicitly request them. Focus feedback on the touched endpoint's behavior, API surface, and related tests; avoid broad cross-endpoint changes in the same PR unless requested.

Applied to files:

• apps/meteor/app/api/server/v1/rooms.ts

🧬 Code graph analysis (1)

apps/meteor/app/api/server/v1/rooms.ts (1)

packages/rest-typings/src/v1/rooms.ts (2)

• isRoomsHideProps (688-688)
• isRoomsOpenProps (628-628)

🔇 Additional comments (3)

apps/meteor/app/api/server/v1/rooms.ts (3)

1150-1188: LGTM! The rooms.hide endpoint migration follows the OpenAPI-compliant pattern correctly.

The endpoint properly:

• Uses isRoomsHideProps for AJV body validation
• Defines response schemas for 200/400/401 status codes
• Preserves business logic (authorization check, user validation, hide method with mod count check)

---

1190-1214: LGTM! The rooms.open endpoint migration is clean and follows the pattern.

The endpoint correctly uses isRoomsOpenProps for validation and maintains the original simple logic of calling openRoom(userId, roomId).

---

1147-1148: Continuation of rooms.leave endpoint looks correct.

The success response follows the established pattern for the endpoint chain.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Typo in projection option: projections should be projection.

MongoDB/Mongoose uses projection (singular) as the option name. This typo will cause the projection to be ignored, returning the full user document instead of just { _id: 1 }.

Proposed fix

-		const user = await Users.findOneById(this.userId, { projections: { _id: 1 } });
+		const user = await Users.findOneById(this.userId, { projection: { _id: 1 } });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const user = await Users.findOneById(this.userId, { projections: { _id: 1 } });
	const user = await Users.findOneById(this.userId, { projection: { _id: 1 } });

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/meteor/app/api/server/v1/rooms.ts` at line 1175, Fix the typo in the
query options for Users.findOneById: change the option key from "projections" to
the correct Mongo/Mongoose key "projection" so the call
Users.findOneById(this.userId, { projection: { _id: 1 } }) actually returns only
the _id; update the invocation in the surrounding function to use "projection"
wherever "projections" appears.

[ahmed-n-abdeltwab]

isnt this outoff the scoop for this PR?

[coderabbitai]

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for the old implementation of rooms.hide endpoint to check if the typo existed before
# Look for the legacy API.v1.addRoute pattern for rooms.hide
git log -p --all -S "rooms.hide" -- "apps/meteor/app/api/server/v1/rooms.ts" | grep -A 20 -B 5 "projections\|projection" | head -100

Length of output: 59

---

🏁 Script executed:

#!/bin/bash
# Also search the current state of develop/main branch to see the original implementation
git show origin/develop:apps/meteor/app/api/server/v1/rooms.ts | grep -A 30 "rooms.hide" | grep -A 20 "Users.findOneById"

Length of output: 408

---

🏁 Script executed:

#!/bin/bash
# Search for other usages of Users.findOneById in the file to see the correct pattern
rg -A 2 "Users\.findOneById" apps/meteor/app/api/server/v1/rooms.ts

Length of output: 354

---

@ahmed-n-abdeltwab You're absolutely right—this is out of scope for this migration PR.

I checked the original implementation on the develop branch, and the projections typo already existed in the old code. Since this PR is focused on migrating to the OpenAPI pattern while preserving existing behavior, fixing the typo would constitute a logic change (the current code returns the full user document, fixing it would return only _id).

Per the migration guidelines, this PR should maintain behavioral parity with the original implementation, even if that includes pre-existing bugs. The typo should be addressed in a separate bug-fix PR.

My apologies for flagging this during a migration-focused review. Would you like me to open a follow-up issue to track fixing this typo across the codebase?

---

🧠 Learnings used

Learnt from: tassoevan
Repo: RocketChat/Rocket.Chat PR: 38219
File: packages/core-typings/src/cloud/Announcement.ts:5-6
Timestamp: 2026-01-17T01:51:47.764Z
Learning: In packages/core-typings/src/cloud/Announcement.ts, the AnnouncementSchema.createdBy field intentionally overrides IBannerSchema.createdBy (object with _id and optional username) with a string enum ['cloud', 'system'] to match existing runtime behavior. This is documented as technical debt with a FIXME comment at apps/meteor/app/cloud/server/functions/syncWorkspace/handleCommsSync.ts:53 and should not be flagged as an error until the runtime behavior is corrected.

---

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: UserBridge.doGetUserRoomIds in packages/apps-engine/src/server/bridges/UserBridge.ts has a bug where it implicitly returns undefined when the app lacks read permission (missing return statement in the else case of the permission check).

---

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 38974
File: apps/meteor/app/api/server/v1/im.ts:220-221
Timestamp: 2026-02-24T19:09:01.522Z
Learning: In Rocket.Chat OpenAPI migration PRs for endpoints under apps/meteor/app/api/server/v1, avoid introducing logic changes. Only perform scope-tight changes that preserve behavior; style-only cleanups (e.g., removing inline comments) may be deferred to follow-ups to keep the migration PR focused.

---

Learnt from: ggazzo
Repo: RocketChat/Rocket.Chat PR: 35995
File: apps/meteor/app/api/server/v1/rooms.ts:1107-1112
Timestamp: 2026-02-23T17:53:06.802Z
Learning: During PR reviews that touch endpoint files under apps/meteor/app/api/server/v1, enforce strict scope: if a PR targets a specific endpoint (e.g., rooms.favorite), do not propose changes to unrelated endpoints (e.g., rooms.invite) unless maintainers explicitly request them. Focus feedback on the touched endpoint's behavior, API surface, and related tests; avoid broad cross-endpoint changes in the same PR unless requested.

[cubic-dev-ai]

No issues found across 3 files

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.69%. Comparing base (afaabea) to head (7591ff7).

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #39072      +/-   ##
===========================================
+ Coverage    70.66%   70.69%   +0.03%     
===========================================
  Files         3191     3191              
  Lines       112965   112965              
  Branches     20451    20467      +16     
===========================================
+ Hits         79829    79866      +37     
+ Misses       31088    31055      -33     
+ Partials      2048     2044       -4     

Flag	Coverage Δ
unit	71.31% <ø> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.