definitions: customer.Address: properties: addressType: description: billing, shipping, etc. type: string city: type: string country: type: string isDefault: type: boolean postalCode: type: string state: type: string street: type: string type: object customer.AddressForm: properties: address_type: type: string city: type: string country: type: string is_default: type: boolean postal_code: type: string state: type: string street: type: string type: object customer.AuthResponse: properties: access_token: type: string customer: $ref: '#/definitions/customer.CustomerResponse' expires_at: type: integer refresh_token: type: string type: object customer.ContactPerson: properties: email: type: string firstName: type: string fullName: type: string isPrimary: type: boolean lastName: type: string mobile: type: string phone: type: string position: type: string type: object customer.ContactPersonForm: properties: email: type: string first_name: type: string full_name: type: string is_primary: type: boolean last_name: type: string mobile: type: string phone: type: string position: type: string type: object customer.CreateCustomerForm: properties: address: allOf: - $ref: '#/definitions/customer.AddressForm' description: Address information annual_revenue: type: number business_type: description: Business information type: string company_id: type: string company_name: description: Company customer fields type: string contact_person: allOf: - $ref: '#/definitions/customer.ContactPersonForm' description: Contact person (for company customers) currency: type: string email: type: string employee_count: type: integer first_name: description: Individual customer fields type: string founded_year: type: integer full_name: type: string industry: type: string language: description: Preferences and settings type: string last_name: type: string mobile: type: string password: type: string phone: type: string registration_number: type: string tax_id: type: string timezone: type: string type: type: string username: type: string type: object customer.CustomerListResponse: properties: customers: items: $ref: '#/definitions/customer.CustomerResponse' type: array limit: type: integer offset: type: integer total: type: integer total_pages: type: integer type: object customer.CustomerResponse: properties: address: $ref: '#/definitions/customer.Address' annual_revenue: type: number business_type: type: string company_id: type: string company_name: type: string compliance_notes: type: string contact_person: $ref: '#/definitions/customer.ContactPerson' created_at: type: integer created_by: type: string currency: type: string email: type: string employee_count: type: integer first_name: type: string founded_year: type: integer full_name: type: string id: type: string industry: type: string is_compliant: type: boolean is_verified: type: boolean language: type: string last_name: type: string mobile: type: string phone: type: string registration_number: type: string status: type: string tax_id: type: string timezone: type: string type: type: string updated_at: type: integer updated_by: type: string username: type: string type: object customer.LoginForm: properties: password: type: string username: type: string type: object customer.RefreshTokenForm: properties: refresh_token: type: string type: object customer.UpdateCustomerForm: properties: address: allOf: - $ref: '#/definitions/customer.AddressForm' description: Address information annual_revenue: type: number business_type: description: Business information type: string company_id: type: string company_name: description: Company customer fields type: string contact_person: allOf: - $ref: '#/definitions/customer.ContactPersonForm' description: Contact person (for company customers) currency: type: string email: type: string employee_count: type: integer first_name: description: Individual customer fields type: string founded_year: type: integer full_name: type: string industry: type: string language: description: Preferences and settings type: string last_name: type: string mobile: type: string phone: type: string registration_number: type: string tax_id: type: string timezone: type: string type: type: string username: type: string type: object customer.UpdateCustomerStatusForm: properties: status: type: string type: object customer.UpdateCustomerVerificationForm: properties: compliance_notes: type: string is_compliant: type: boolean is_verified: type: boolean type: object main.HealthResponse: properties: status: type: string time: type: integer version: type: string type: object response.APIError: properties: code: type: string details: type: string message: type: string type: object response.APIResponse: properties: data: {} error: $ref: '#/definitions/response.APIError' message: type: string meta: $ref: '#/definitions/response.Meta' success: type: boolean type: object response.Meta: properties: limit: type: integer offset: type: integer page: type: integer pages: type: integer total: type: integer type: object user.AuthResponse: properties: access_token: type: string expires_at: type: integer refresh_token: type: string user: $ref: '#/definitions/user.UserResponse' type: object user.ChangePasswordForm: properties: new_password: type: string old_password: type: string type: object user.CreateUserForm: properties: company_id: type: string department: type: string email: type: string full_name: type: string password: type: string phone: type: string position: type: string profile_image: type: string role: type: string username: type: string type: object user.LoginForm: properties: password: type: string username: type: string type: object user.RefreshTokenForm: properties: refresh_token: type: string type: object user.ResetPasswordForm: properties: email: type: string type: object user.UpdateUserForm: properties: company_id: type: string department: type: string email: type: string full_name: type: string phone: type: string position: type: string profile_image: type: string role: type: string status: type: string username: type: string type: object user.UpdateUserRoleForm: properties: role: type: string type: object user.UpdateUserStatusForm: properties: status: type: string type: object user.UserListResponse: properties: limit: type: integer offset: type: integer total: type: integer total_pages: type: integer users: items: $ref: '#/definitions/user.UserResponse' type: array type: object user.UserResponse: properties: company_id: type: string created_at: type: integer created_by: type: string department: type: string email: type: string full_name: type: string id: type: string is_verified: type: boolean last_login_at: type: integer phone: type: string position: type: string profile_image: type: string role: type: string status: type: string updated_at: type: integer updated_by: type: string username: type: string type: object host: localhost:8081 info: contact: email: support@swagger.io name: API Support url: http://www.swagger.io/support description: This is the API documentation for the Tender Management System. license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html termsOfService: http://swagger.io/terms/ title: Tender Management API version: 1.0.0 paths: /admin/v1/change-password: put: consumes: - application/json description: Change current user password parameters: - description: Password change data in: body name: password required: true schema: $ref: '#/definitions/user.ChangePasswordForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Change password tags: - Users /admin/v1/customers: get: consumes: - application/json description: Retrieve a paginated list of customers with advanced filtering options including search, type, status, company, industry, verification status, and compliance status. Supports sorting and pagination. parameters: - description: Search term to filter customers by name, email, or company name in: query name: search type: string - description: Filter by customer type enum: - individual - company - government in: query name: type type: string - description: Filter by customer status enum: - active - inactive - suspended - pending in: query name: status type: string - description: Filter by company ID format: uuid in: query name: company_id type: string - description: Filter by industry in: query name: industry type: string - description: Filter by verification status in: query name: is_verified type: boolean - description: Filter by compliance status in: query name: is_compliant type: boolean - description: Filter by preferred language in: query name: language type: string - description: Filter by preferred currency in: query name: currency type: string - default: 20 description: Number of customers per page (1-100) in: query maximum: 100 minimum: 1 name: limit type: integer - default: 0 description: Number of customers to skip for pagination in: query minimum: 0 name: offset type: integer - default: created_at description: Field to sort by enum: - email - company_name - created_at - updated_at - status in: query name: sort_by type: string - default: desc description: Sort order enum: - asc - desc in: query name: sort_order type: string produces: - application/json responses: "200": description: Customers retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.CustomerListResponse' type: object "400": description: Bad request - Invalid query parameters schema: $ref: '#/definitions/response.APIResponse' "422": description: Validation error - Invalid query parameters schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: List customers with filters and pagination tags: - Customers-Admin post: consumes: - application/json description: Create a new customer with comprehensive information including personal details, company information, address, and business details. This endpoint is used by the web panel for full customer registration. parameters: - description: Customer information including type (individual|company|government), personal details, company info, address, and business details in: body name: customer required: true schema: $ref: '#/definitions/customer.CreateCustomerForm' produces: - application/json responses: "201": description: Customer created successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.CustomerResponse' type: object "400": description: Bad request - Invalid input data schema: $ref: '#/definitions/response.APIResponse' "409": description: Conflict - Customer with this email/company already exists schema: $ref: '#/definitions/response.APIResponse' "422": description: Validation error - Invalid request data schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Create a new customer tags: - Customers-Admin /admin/v1/customers/{id}: delete: consumes: - application/json description: Soft delete a customer by setting status to inactive. The customer record is preserved but marked as deleted. This is a reversible operation. parameters: - description: Customer UUID format: uuid in: path name: id required: true type: string produces: - application/json responses: "200": description: Customer deleted successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request - Invalid customer ID format schema: $ref: '#/definitions/response.APIResponse' "404": description: Not found - Customer does not exist schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Delete customer tags: - Customers-Admin get: consumes: - application/json description: Retrieve detailed customer information by unique customer ID. Returns comprehensive customer data including personal details, company information, address, verification status, and audit fields. parameters: - description: Customer UUID format: uuid in: path name: id required: true type: string produces: - application/json responses: "200": description: Customer retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.CustomerResponse' type: object "400": description: Bad request - Invalid customer ID format schema: $ref: '#/definitions/response.APIResponse' "404": description: Not found - Customer does not exist schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get customer by ID tags: - Customers-Admin put: consumes: - application/json description: Update existing customer information with comprehensive details. All fields are optional and only provided fields will be updated. This endpoint is used by the web panel for full customer management. parameters: - description: Customer UUID format: uuid in: path name: id required: true type: string - description: Customer update information - all fields are optional in: body name: customer required: true schema: $ref: '#/definitions/customer.UpdateCustomerForm' produces: - application/json responses: "200": description: Customer updated successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.CustomerResponse' type: object "400": description: Bad request - Invalid customer ID or input data schema: $ref: '#/definitions/response.APIResponse' "404": description: Not found - Customer does not exist schema: $ref: '#/definitions/response.APIResponse' "409": description: Conflict - Customer with this email/company already exists schema: $ref: '#/definitions/response.APIResponse' "422": description: Validation error - Invalid request data schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update customer information tags: - Customers-Admin /admin/v1/customers/{id}/activate: post: consumes: - application/json description: Reactivate a suspended customer account by setting their status back to active. This reverses the suspension action. parameters: - description: Customer UUID format: uuid in: path name: id required: true type: string produces: - application/json responses: "200": description: Customer activated successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request - Invalid customer ID schema: $ref: '#/definitions/response.APIResponse' "404": description: Not found - Customer does not exist schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Activate suspended customer account tags: - Customers-Admin /admin/v1/customers/{id}/status: patch: consumes: - application/json description: Update the status of a customer account. Valid statuses include active, inactive, suspended, and pending. This affects the customer's ability to access the system. parameters: - description: Customer UUID format: uuid in: path name: id required: true type: string - description: Status update information in: body name: status required: true schema: $ref: '#/definitions/customer.UpdateCustomerStatusForm' produces: - application/json responses: "200": description: Customer status updated successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request - Invalid customer ID or status schema: $ref: '#/definitions/response.APIResponse' "404": description: Not found - Customer does not exist schema: $ref: '#/definitions/response.APIResponse' "422": description: Validation error - Invalid status value schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update customer status tags: - Customers-Admin /admin/v1/customers/{id}/suspend: post: consumes: - application/json description: Suspend a customer account by setting their status to suspended. Suspended customers cannot access the system. A reason for suspension must be provided. parameters: - description: Customer UUID format: uuid in: path name: id required: true type: string - description: Suspension reason in: body name: reason required: true schema: type: object produces: - application/json responses: "200": description: Customer suspended successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request - Invalid customer ID or missing reason schema: $ref: '#/definitions/response.APIResponse' "404": description: Not found - Customer does not exist schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Suspend customer account tags: - Customers-Admin /admin/v1/customers/{id}/verification: patch: consumes: - application/json description: Update the verification and compliance status of a customer. This includes marking customers as verified and compliant, with optional compliance notes for audit purposes. parameters: - description: Customer UUID format: uuid in: path name: id required: true type: string - description: Verification and compliance update information in: body name: verification required: true schema: $ref: '#/definitions/customer.UpdateCustomerVerificationForm' produces: - application/json responses: "200": description: Customer verification updated successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request - Invalid customer ID schema: $ref: '#/definitions/response.APIResponse' "404": description: Not found - Customer does not exist schema: $ref: '#/definitions/response.APIResponse' "422": description: Validation error - Invalid verification data schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update customer verification and compliance status tags: - Customers-Admin /admin/v1/customers/{id}/verify: post: consumes: - application/json description: Mark a customer as verified. This is a simple verification action that sets the customer's verification status to true. parameters: - description: Customer UUID format: uuid in: path name: id required: true type: string produces: - application/json responses: "200": description: Customer verified successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request - Invalid customer ID schema: $ref: '#/definitions/response.APIResponse' "404": description: Not found - Customer does not exist schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Verify customer tags: - Customers-Admin /admin/v1/customers/company/{companyId}: get: consumes: - application/json description: Retrieve all customers associated with a specific company. This is useful for company administrators to see all users within their organization. parameters: - description: Company UUID format: uuid in: path name: companyId required: true type: string - default: 20 description: Number of customers per page (1-100) in: query maximum: 100 minimum: 1 name: limit type: integer - default: 0 description: Number of customers to skip for pagination in: query minimum: 0 name: offset type: integer produces: - application/json responses: "200": description: Customers retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: items: $ref: '#/definitions/customer.CustomerResponse' type: array meta: $ref: '#/definitions/response.Meta' type: object "400": description: Bad request - Invalid company ID format schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get customers by company ID tags: - Customers-Admin /admin/v1/customers/status/{status}: get: consumes: - application/json description: Retrieve customers filtered by their account status (active, inactive, suspended, or pending). Useful for administrative monitoring and management. parameters: - description: Customer status enum: - active - inactive - suspended - pending in: path name: status required: true type: string - default: 20 description: Number of customers per page (1-100) in: query maximum: 100 minimum: 1 name: limit type: integer - default: 0 description: Number of customers to skip for pagination in: query minimum: 0 name: offset type: integer produces: - application/json responses: "200": description: Customers retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: items: $ref: '#/definitions/customer.CustomerResponse' type: array meta: $ref: '#/definitions/response.Meta' type: object "400": description: Bad request - Invalid customer status schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get customers by status tags: - Customers-Admin /admin/v1/customers/type/{type}: get: consumes: - application/json description: Retrieve customers filtered by their type (individual, company, or government). Useful for administrative reporting and management. parameters: - description: Customer type enum: - individual - company - government in: path name: type required: true type: string - default: 20 description: Number of customers per page (1-100) in: query maximum: 100 minimum: 1 name: limit type: integer - default: 0 description: Number of customers to skip for pagination in: query minimum: 0 name: offset type: integer produces: - application/json responses: "200": description: Customers retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: items: $ref: '#/definitions/customer.CustomerResponse' type: array meta: $ref: '#/definitions/response.Meta' type: object "400": description: Bad request - Invalid customer type schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get customers by type tags: - Customers-Admin /admin/v1/login: post: consumes: - application/json description: Authenticate user with username and password parameters: - description: Login credentials in: body name: login required: true schema: $ref: '#/definitions/user.LoginForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.AuthResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' summary: Login user tags: - Authorization /admin/v1/logout: delete: consumes: - application/json description: Logout current user and invalidate tokens produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Logout user tags: - Users /admin/v1/profile: get: consumes: - application/json description: Get current user profile information produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get user profile tags: - Users put: consumes: - application/json description: Update current user profile information parameters: - description: Profile update data in: body name: profile required: true schema: $ref: '#/definitions/user.UpdateUserForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user profile tags: - Users /admin/v1/refresh-token: post: consumes: - application/json description: Refresh access token using refresh token parameters: - description: Refresh token in: body name: refresh required: true schema: $ref: '#/definitions/user.RefreshTokenForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.AuthResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' summary: Refresh access token tags: - Authorization /admin/v1/reset-password: post: consumes: - application/json description: Send password reset email to user parameters: - description: Password reset request in: body name: reset required: true schema: $ref: '#/definitions/user.ResetPasswordForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' summary: Reset password tags: - Authorization /admin/v1/users: get: consumes: - application/json description: List users with search and filters (admin only) parameters: - description: Search term in: query name: search type: string - description: User status filter in: query name: status type: string - description: User role filter in: query name: role type: string - description: Company ID filter in: query name: company_id type: string - description: Limit results in: query name: limit type: integer - description: Offset results in: query name: offset type: integer - description: Sort field in: query name: sort_by type: string - description: Sort order in: query name: sort_order type: string produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserListResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: List users tags: - Users post: consumes: - application/json description: Create a new user (admin only) parameters: - description: User creation data in: body name: user required: true schema: $ref: '#/definitions/user.CreateUserForm' produces: - application/json responses: "201": description: Created schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Create user tags: - Users /admin/v1/users/{id}: delete: consumes: - application/json description: Delete a user (admin only) parameters: - description: User ID in: path name: id required: true type: string produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Delete user tags: - Users get: consumes: - application/json description: Get user details by ID (admin only) parameters: - description: User ID in: path name: id required: true type: string produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get user by ID tags: - Users put: consumes: - application/json description: Update user information (admin only) parameters: - description: User ID in: path name: id required: true type: string - description: User update data in: body name: user required: true schema: $ref: '#/definitions/user.UpdateUserForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user tags: - Users /admin/v1/users/{id}/role: put: consumes: - application/json description: Update user role (admin only) parameters: - description: User ID in: path name: id required: true type: string - description: Role update data in: body name: role required: true schema: $ref: '#/definitions/user.UpdateUserRoleForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user role tags: - Users /admin/v1/users/{id}/status: put: consumes: - application/json description: Update user account status (admin only) parameters: - description: User ID in: path name: id required: true type: string - description: Status update data in: body name: status required: true schema: $ref: '#/definitions/user.UpdateUserStatusForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user status tags: - Users /admin/v1/users/company/{company_id}: get: consumes: - application/json description: Get users belonging to a specific company (admin only) parameters: - description: Company ID in: path name: company_id required: true type: string - description: Limit results in: query name: limit type: integer - description: Offset results in: query name: offset type: integer produces: - application/json responses: "200": description: Users with pagination metadata schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: additionalProperties: true type: object type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get users by company ID tags: - Users /admin/v1/users/role/{role}: get: consumes: - application/json description: Get users with a specific role (admin only) parameters: - description: User role in: path name: role required: true type: string - description: Limit results in: query name: limit type: integer - description: Offset results in: query name: offset type: integer produces: - application/json responses: "200": description: Users with pagination metadata schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: additionalProperties: true type: object type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get users by role tags: - Users /api/v1/login: post: consumes: - application/json description: Authenticate customer with username (email) and password. Returns access token, refresh token, and customer information upon successful authentication. parameters: - description: Login credentials (username/email and password) in: body name: login required: true schema: $ref: '#/definitions/customer.LoginForm' produces: - application/json responses: "200": description: Login successful schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.AuthResponse' type: object "400": description: Bad request - Invalid input data schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized - Invalid credentials or inactive account schema: $ref: '#/definitions/response.APIResponse' "422": description: Validation error - Invalid request data schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' summary: Customer login tags: - Customers-Authorization /api/v1/logout: delete: consumes: - application/json description: Logout customer and invalidate access token. This ensures the token cannot be used for future requests. produces: - application/json responses: "200": description: Logout successful schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized - Invalid or missing access token schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Customer logout tags: - Customers-Authorization /api/v1/profile: get: consumes: - application/json description: Retrieve authenticated customer's profile information. This endpoint requires a valid access token and returns the customer's own profile data. produces: - application/json responses: "200": description: Profile retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.CustomerResponse' type: object "401": description: Unauthorized - Invalid or missing access token schema: $ref: '#/definitions/response.APIResponse' "404": description: Not found - Customer profile not found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get customer profile tags: - Customers-Authorization /api/v1/refresh-token: post: consumes: - application/json description: Refresh access token using a valid refresh token. This allows customers to maintain their session without re-authentication. parameters: - description: Refresh token for generating new access token in: body name: refresh required: true schema: $ref: '#/definitions/customer.RefreshTokenForm' produces: - application/json responses: "200": description: Token refreshed successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.AuthResponse' type: object "400": description: Bad request - Invalid refresh token or feature not implemented schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized - Invalid or expired refresh token schema: $ref: '#/definitions/response.APIResponse' "422": description: Validation error - Invalid request data schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' summary: Refresh customer access token tags: - Customers-Authorization /health: get: consumes: - application/json description: Get server health status produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/main.HealthResponse' summary: Health check tags: - Health securityDefinitions: BearerAuth: description: Type "Bearer" followed by a space and JWT token. in: header name: Authorization type: apiKey swagger: "2.0" tags: - description: User management operations including authentication, profile management, and admin operations name: Users - description: Authentication operations including login, logout, and token management name: Authorization - description: Customer management operations including authentication, profile management, and admin operations name: Customers-Admin - description: Customer authentication operations including login, logout, and token management name: Customers-Authorization - description: Health check operations name: Health