UNPKG

@tsed/schema

Version:

JsonSchema module for Ts.ED Framework

github.com/tsedio/tsed/tree/production/packages/specs/schema

tsedio/tsed

118 lines (117 loc) 2.95 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
import { JsonEntityFn } from "./jsonEntityFn.js"; /** * Marks a property as read-only, indicating it should not be modified by clients. * * The `@ReadOnly()` decorator sets the `readOnly` flag in the JSON Schema, which signals * to validators and API consumers that this property is for reading only and should not * be included in request payloads. In OpenAPI specs, read-only properties are excluded * from request body schemas but included in response schemas. * * ### Basic Usage * * ```typescript * class UserModel { * @ReadOnly() * id: string; * // Server-generated, clients cannot set this * * @ReadOnly() * createdAt: Date; * // Timestamp set by server * * @Property() * name: string; * // Can be read and written * } * ``` * * ### Server-Generated Fields * * ```typescript * class PostModel { * @ReadOnly() * id: number; * * @ReadOnly() * @Default(() => new Date()) * createdAt: Date; * * @ReadOnly() * @Default(() => new Date()) * updatedAt: Date; * * @Property() * title: string; * * @Property() * content: string; * } * ``` * * ### Computed Properties * * ```typescript * class OrderModel { * @Property() * items: OrderItem[]; * * @ReadOnly() * get totalPrice(): number { * return this.items.reduce((sum, item) => sum + item.price, 0); * } * // Computed value, clients cannot set it * } * ``` * * ### Toggle Read-Only * * ```typescript * class ConfigModel { * @ReadOnly(true) * lockedField: string; * // Read-only * * @ReadOnly(false) * editableField: string; * // Explicitly not read-only (default behavior) * } * ``` * * ### OpenAPI Behavior * * In OpenAPI/Swagger documentation: * - Read-only properties appear in **response** schemas * - Read-only properties are **excluded** from **request** schemas * - Helps generate accurate API documentation * * ### vs WriteOnly * * - `@ReadOnly()`: Property can be read but not written (responses only) * - `@WriteOnly()`: Property can be written but not read (requests only) * - Neither: Property can be both read and written * * ### Use Cases * * - **Database IDs**: Auto-generated primary keys * - **Timestamps**: Server-managed created/updated dates * - **Computed Values**: Derived or calculated properties * - **System Metadata**: Internal tracking fields * - **Audit Fields**: Who created/modified records * * ### Security Note * * While `@ReadOnly()` provides documentation and client-side validation hints, it does * not enforce security at the server level. Always validate incoming data server-side * and ignore read-only fields in request payloads. * * @param readOnly - Whether the property is read-only (default: true) * * @decorator * @validation * @public */ export function ReadOnly(readOnly = true) { return JsonEntityFn((store) => { store.itemSchema.readOnly(readOnly); }); }