refactor: migrate ldap endpoints to new chained API pattern

Migrates ldap.testConnection and ldap.testSearch POST endpoints from the
legacy addRoute() pattern to the new chained .post() API pattern with
typed AJV response schemas. Replaces Meteor check() with isLdapTestSearch
AJV validator for request body validation on ldap.testSearch.

Part of #38876

Author: smirk-dev

.changeset/refactor-ldap-api-chained-pattern.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Migrated `ldap.testConnection` and `ldap.testSearch` REST API endpoints from legacy `addRoute` pattern to the new chained `.post()` API pattern with typed response schemas and AJV body validation (replacing Meteor `check()`).

apps/meteor/app/api/server/v1/ldap.ts

@@ -1,62 +1,90 @@
 import { LDAP } from '@rocket.chat/core-services';
-import { Match, check } from 'meteor/check';
+import { ajv, validateUnauthorizedErrorResponse, validateForbiddenErrorResponse } from '@rocket.chat/rest-typings';
 
 import { SystemLogger } from '../../../../server/lib/logger/system';
 import { settings } from '../../../settings/server';
 import { API } from '../api';
 
-API.v1.addRoute(
+const messageResponseSchema = {
+	type: 'object' as const,
+	properties: {
+		message: { type: 'string' as const },
+		success: {
+			type: 'boolean' as const,
+			enum: [true] as const,
+		},
+	},
+	required: ['message', 'success'] as const,
+	additionalProperties: false,
+};
+
+const isLdapTestSearch = ajv.compile<{ username: string }>({
+	type: 'object',
+	properties: {
+		username: { type: 'string' },
+	},
+	required: ['username'],
+	additionalProperties: false,
+});
+
+API.v1.post(
 	'ldap.testConnection',
-	{ authRequired: true, permissionsRequired: ['test-admin-options'] },
 	{
-		async post() {
-			if (!this.userId) {
-				throw new Error('error-invalid-user');
-			}
-
-			if (settings.get<boolean>('LDAP_Enable') !== true) {
-				throw new Error('LDAP_disabled');
-			}
-
-			try {
-				await LDAP.testConnection();
-			} catch (err) {
-				SystemLogger.error({ err });
-				throw new Error('Connection_failed');
-			}
-
-			return API.v1.success({
-				message: 'LDAP_Connection_successful' as const,
-			});
+		authRequired: true,
+		permissionsRequired: ['test-admin-options'],
+		response: {
+			200: ajv.compile<{ message: string }>(messageResponseSchema),
+			401: validateUnauthorizedErrorResponse,
+			403: validateForbiddenErrorResponse,
 		},
 	},
+	async function action() {
+		if (!this.userId) {
+			throw new Error('error-invalid-user');
+		}
+
+		if (settings.get<boolean>('LDAP_Enable') !== true) {
+			throw new Error('LDAP_disabled');
+		}
+
+		try {
+			await LDAP.testConnection();
+		} catch (err) {
+			SystemLogger.error({ err });
+			throw new Error('Connection_failed');
+		}
+
+		return API.v1.success({
+			message: 'LDAP_Connection_successful' as const,
+		});
+	},
 );
 
-API.v1.addRoute(
+API.v1.post(
 	'ldap.testSearch',
-	{ authRequired: true, permissionsRequired: ['test-admin-options'] },
 	{
-		async post() {
-			check(
-				this.bodyParams,
-				Match.ObjectIncluding({
-					username: String,
-				}),
-			);
-
-			if (!this.userId) {
-				throw new Error('error-invalid-user');
-			}
-
-			if (settings.get('LDAP_Enable') !== true) {
-				throw new Error('LDAP_disabled');
-			}
-
-			await LDAP.testSearch(this.bodyParams.username);
-
-			return API.v1.success({
-				message: 'LDAP_User_Found' as const,
-			});
+		authRequired: true,
+		permissionsRequired: ['test-admin-options'],
+		body: isLdapTestSearch,
+		response: {
+			200: ajv.compile<{ message: string }>(messageResponseSchema),
+			401: validateUnauthorizedErrorResponse,
+			403: validateForbiddenErrorResponse,
 		},
 	},
+	async function action() {
+		if (!this.userId) {
+			throw new Error('error-invalid-user');
+		}
+
+		if (settings.get('LDAP_Enable') !== true) {
+			throw new Error('LDAP_disabled');
+		}
+
+		await LDAP.testSearch(this.bodyParams.username);
+
+		return API.v1.success({
+			message: 'LDAP_User_Found' as const,
+		});
+	},
 );