Skip to content

chore: reorganize backend folder structure — Phase 3 (REST API)#41126

Draft
sampaiodiego wants to merge 5 commits into
developfrom
backend-restructure-phase3
Draft

chore: reorganize backend folder structure — Phase 3 (REST API)#41126
sampaiodiego wants to merge 5 commits into
developfrom
backend-restructure-phase3

Conversation

@sampaiodiego

@sampaiodiego sampaiodiego commented Jun 30, 2026

Copy link
Copy Markdown
Member

Proposed changes

Phase 3 of the backend folder-structure migration: move the REST API framework and all REST endpoints into the responsibility-based server/api/ structure. Files move as-is — only import paths change, no refactoring.

Folder structure

Community — before

apps/meteor/
├── app/
│   ├── api/server/                    REST API framework + endpoints
│   │   ├── ApiClass.ts  api.ts  api.helpers.ts  router.ts  definition.ts  ajv.ts  index.ts
│   │   ├── helpers/   (10)
│   │   ├── lib/       (21)
│   │   ├── middlewares/ (11)
│   │   ├── default/   (2)
│   │   └── v1/        (40 endpoint files)
│   └── livechat/
│       ├── server/api.ts              ← imports/rest aggregator
│       ├── server/api/
│       │   ├── rest.ts                ← v1 aggregator
│       │   ├── v1/    (14 omnichannel endpoints)
│       │   └── lib/   (14 helpers)
│       └── imports/server/rest/ (14 omnichannel endpoints)
└── server/                            (no api/)

Community — after

apps/meteor/server/api/
├── ApiClass.ts  api.ts  api.helpers.ts  router.ts  definition.ts  index.ts
├── validation/
│   └── ajv.ts
├── lib/        (31 — helpers + lib merged)
├── default/    (info.ts  openApi.ts)
└── v1/
    ├── (40 endpoint files)
    ├── middlewares/ (11)
    └── omnichannel/                   livechat REST, flattened
        ├── index.ts                   ← aggregator (was livechat api.ts + api/rest.ts)
        ├── (28 endpoints; the imports/rest agent.ts → agentDepartments.ts)
        └── lib/ (14 helpers)

→ app/api/server/  and  app/livechat/server/api*  removed
EE mirror — before / after (stays inside ee/)

Before

apps/meteor/ee/
├── app/
│   ├── api-enterprise/server/
│   │   ├── canned-responses.ts  index.ts
│   │   ├── lib/canned-responses.js
│   │   └── middlewares/license.ts
│   └── livechat-enterprise/server/api/
│       ├── index.ts  (+ 15 endpoint files)
│       └── lib/ (12 helpers)
└── server/api/                        (already existed: audit.ts, chat.ts, …)

After

apps/meteor/ee/server/api/
├── (existing: audit.ts, chat.ts, federation.ts, …)
├── lib/
│   └── canned-responses.js
└── v1/
    ├── canned-responses.ts
    ├── middlewares/license.ts
    └── omnichannel/
        ├── index.ts  (+ 15 endpoint files)
        └── lib/ (12 helpers)

→ ee/app/api-enterprise/  removed (index folded into ee/server/index.ts)
→ ee/app/livechat-enterprise/server/api/  moved out

Two commits for reviewability:

1. Community (app/api/server/server/api/)

  • Framework files → server/api/ (ApiClass, api, router, definition, …)
  • ajv.tsserver/api/validation/
  • helpers/ + lib/ merged → server/api/lib/
  • v1/server/api/v1/, middlewares/server/api/v1/middlewares/
  • All livechat community REST → server/api/v1/omnichannel/ (flat). Both former source dirs (livechat/server/api/v1/ and the older livechat/imports/server/rest/) land here. The single filename collision (agent.ts) is resolved by renaming the imports/rest one to agentDepartments.ts (it only registers livechat/agents/:agentId/departments). The two registration aggregators are folded into server/api/v1/omnichannel/index.ts, and the app/livechat/server API files are removed entirely.

2. EE mirror (within ee/, license boundary preserved — no file leaves ee/)

  • ee/app/livechat-enterprise/server/api/ee/server/api/v1/omnichannel/
  • ee/app/api-enterprise/server/ee/server/api/ (endpoint → v1/, lib/api/lib/, middlewares/v1/middlewares/)
  • api-enterprise index aggregator folded into ee/server/index.ts and deleted

Migration-script hardening (mandatory per plan)

  • License-boundary guard in move-module.mjs + move-batch.mjs (refuses any move crossing the ee/ boundary)
  • Single-file and index-directory aware external-import rewriting (fixed two real bugs that broke post-git mv import updates)
  • Added tests/ to the import-scan dirs (caught by tsc, missed by lint)

Verification

  • yarn lint --quiet — clean (0 unresolved imports)
  • tsc --noEmit --skipLibCheck — 0 errors
  • verify-no-old-imports.mjs — 0 stragglers for every Phase 3 path

Note

Not run here (need a running server/DB): the REST API integration suite and manual endpoint smoke tests.
Commit-split caveat: the community move repoints the EE files it later relocates, so those import edits ride in commit 2 — the branch tip is fully green, but commit 1 alone isn't independently buildable for a few leaf EE API files.

🤖 Generated with Claude Code

@dionisio-bot

dionisio-bot Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Looks like this PR is not ready to merge, because of the following issues:

  • This PR is missing the 'stat: QA assured' label

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

@changeset-bot

changeset-bot Bot commented Jun 30, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 66e2489

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 85e81698-a64f-4ccc-80e2-2a0ae22704ca

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@sampaiodiego sampaiodiego force-pushed the backend-restructure-phase3 branch from b2c1f14 to 5ead36e Compare June 30, 2026 23:14
@sampaiodiego sampaiodiego marked this pull request as ready for review June 30, 2026 23:30
@sampaiodiego sampaiodiego requested review from a team as code owners June 30, 2026 23:30
@hacktron-app

hacktron-app Bot commented Jun 30, 2026

Copy link
Copy Markdown

⏭️ Hacktron Security Check — Skipped

Reason: This PR exceeds Hacktron's 200-file review cap and will not be scanned. Split the PR into smaller changes for review coverage.

Split the PR into smaller commits or open separate PRs for unrelated changes.

@sampaiodiego sampaiodiego added this to the 8.7.0 milestone Jun 30, 2026
@sampaiodiego sampaiodiego added the stat: QA assured Means it has been tested and approved by a company insider label Jun 30, 2026
@dionisio-bot dionisio-bot Bot added the stat: ready to merge PR tested and approved waiting for merge label Jun 30, 2026

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 issues found across 220 files

Note: This PR contains a large number of files. cubic only reviews up to 200 files per PR, so some files may not have been reviewed. cubic prioritizes the most important files to review.
Tip: cubic used a learning from your PR history. Let your coding agent read cubic learnings directly with the cubic MCP.

Re-trigger cubic

Comment thread apps/meteor/scripts/migration/move-module.mjs Outdated
Comment thread apps/meteor/server/api/lib/getUserInfo.spec.ts
@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.16%. Comparing base (b6e0d3b) to head (66e2489).

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##           develop   #41126      +/-   ##
===========================================
+ Coverage    69.14%   69.16%   +0.02%     
===========================================
  Files         3433     3535     +102     
  Lines       132323   138107    +5784     
  Branches     23091    24542    +1451     
===========================================
+ Hits         91489    95527    +4038     
- Misses       37472    38558    +1086     
- Partials      3362     4022     +660     
Flag Coverage Δ
e2e 59.35% <ø> (-0.01%) ⬇️
e2e-api 49.81% <100.00%> (+9.41%) ⬆️
unit 69.98% <100.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sampaiodiego sampaiodiego marked this pull request as draft July 1, 2026 04:25
@sampaiodiego sampaiodiego removed the stat: QA assured Means it has been tested and approved by a company insider label Jul 1, 2026
@dionisio-bot dionisio-bot Bot removed the stat: ready to merge PR tested and approved waiting for merge label Jul 1, 2026
sampaiodiego and others added 5 commits July 1, 2026 01:53
…API)

Move the community REST API framework and all REST endpoints from
`app/api/server/` into `server/api/`, extending the responsibility-based
structure:

- framework files → `server/api/` (ApiClass, api, router, definition, …)
- `ajv.ts` → `server/api/validation/`
- `helpers/` + `lib/` merged → `server/api/lib/`
- `v1/` → `server/api/v1/`, `middlewares/` → `server/api/v1/middlewares/`
- all livechat community REST → `server/api/v1/omnichannel/` (flat). Both
  former source dirs (`livechat/server/api/v1/` and the older
  `livechat/imports/server/rest/`) land here; the single filename collision
  (`agent.ts`) is resolved by renaming the imports/rest one to
  `agentDepartments.ts` (it only registers `livechat/agents/:agentId/departments`).
  The two registration aggregators are folded into
  `server/api/v1/omnichannel/index.ts` and the `app/livechat/server` API
  files are removed entirely.

Migration-script hardening (mandatory per the plan): add the license-boundary
guard to move-module.mjs and move-batch.mjs, single-file/index-aware
external-import rewriting, and `tests/` to the import-scan dirs.

Files move as-is; only import paths change. Verified with `yarn lint --quiet`
and `tsc --noEmit`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…API)

Mirror the Phase 3 REST API restructure inside `ee/`, staying entirely under
the Enterprise license boundary (no file leaves `ee/`):

- `ee/app/livechat-enterprise/server/api/` → `ee/server/api/v1/omnichannel/`
  (endpoints + `lib/` + relocated index aggregator)
- `ee/app/api-enterprise/server/` → `ee/server/api/` (canned-responses
  endpoint → `v1/`, `lib/` → `api/lib/`, `middlewares/` → `v1/middlewares/`)
- fold the `api-enterprise` index aggregator into `ee/server/index.ts` and
  delete it; repoint `livechat-enterprise/server/index.ts` at the new
  omnichannel aggregator.

Files move as-is; only import paths change. Verified with `yarn lint --quiet`
and `tsc --noEmit`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Phase-3 moved app/api/server/** into server/api/**, which silently broke
test string-literals that lint and tsc cannot see:

- proxyquire/jest.mock keys are matched literally against the loaded
  module's import specifiers; after the move they no longer matched, so
  the real modules loaded (crashing the mocha run via meteor/* or
  returning undefined and failing assertions).
- Jest testMatch and .mocharc.js spec globs pointed at old dirs, so
  moved specs stopped being discovered (getUserInfo.spec.ts was orphaned).

Fixes:
- FileUpload.spec.ts, eraseTeam.spec.ts, getServerInfo.spec.ts,
  getUserInfo.spec.ts, checkPermissions.spec.ts,
  checkPermissionsForInvocation.spec.ts — rewrite stale mock keys to the
  moved modules' new specifiers.
- jest.config.ts / .mocharc.js — re-wire discovery globs for the moved
  specs, keeping jest and mocha specs in separate globs (ignore the Jest
  getUserInfo.spec.ts from the mocha server/api/lib glob).
- MIGRATION_PLAN.md — document the proxyquire/jest.mock + runner-glob
  failure mode and the per-move fix procedure.

yarn testunit now passes (jest: 1818 passed/8 skipped; mocha: 1954
passing/0 failing).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The guard checked `p.split('/').includes('ee')` on the raw relative
string, so a `..` segment could slip a boundary-crossing move past it:
`--to ee/../server/foo` contains the literal `ee` segment but resolves
into the community tree, so an `ee/app/foo -> ee/../server/foo` move was
allowed and would silently relicense the EE file.

Resolve and relativize against ROOT before splitting so `..` is
collapsed first. Addresses cubic review on PR 41126.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sampaiodiego sampaiodiego force-pushed the backend-restructure-phase3 branch from 4e3d83a to 66e2489 Compare July 1, 2026 04:53
@rc-layne

rc-layne Bot commented Jul 1, 2026

Copy link
Copy Markdown

Caution

These are security findings reported by the security scanners configured in Layne. Findings may contain false positives - review them and fix what makes sense. If you believe a finding is not valid, contact the security team.

Layne found 4 high issues in this PR.

View 4 finding(s)
Severity Scanner File Rule Description
🟠 High semgrep apps/meteor/ee/server/api/v1/omnichannel/lib/triggers.ts:23 app.config.semgrep.rules.rocketchat.ssrf-validation-bypass-without-justification SSRF validation is disabled. Ensure the URL is not user-controlled or is restricted to a known-safe allowlist.
🟠 High semgrep apps/meteor/server/api/v1/misc.ts:649 app.config.semgrep.rules.nodejs.fips-non-compliant-crypto Non-FIPS-compliant cryptographic algorithm detected. FIPS 140-2/140-3 requires approved algorithms only. Use AES, SHA-256/384/512, HMAC-SHA256+, or RSA-2048+ instead. See: https://csrc.nist.gov/publications/detail/fips/140/3/final
🟠 High semgrep apps/meteor/server/api/v1/misc.ts:710 app.config.semgrep.rules.nodejs.fips-non-compliant-crypto Non-FIPS-compliant cryptographic algorithm detected. FIPS 140-2/140-3 requires approved algorithms only. Use AES, SHA-256/384/512, HMAC-SHA256+, or RSA-2048+ instead. See: https://csrc.nist.gov/publications/detail/fips/140/3/final
🟠 High semgrep apps/meteor/server/api/v1/omnichannel/webhooks.ts:68 app.config.semgrep.rules.rocketchat.ssrf-validation-bypass-without-justification SSRF validation is disabled. Ensure the URL is not user-controlled or is restricted to a known-safe allowlist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant