basePath: /api/v1 definitions: customer.AddDeviceTokenForm: properties: device_token: type: string device_type: type: string type: object customer.AuthResponse: properties: access_token: type: string customer: $ref: '#/definitions/customer.CustomerResponse' expires_at: type: integer refresh_token: type: string type: object customer.ChangePasswordForm: properties: new_password: type: string old_password: type: string type: object customer.CustomerResponse: properties: birthdate: type: integer company_id: type: string created_at: type: integer device_tokens: items: $ref: '#/definitions/customer.DeviceToken' type: array email: type: string full_name: type: string gender: type: string id: type: string is_verified: type: boolean last_login_at: type: integer mobile: type: string national_id: type: string profile_image: type: string status: type: string updated_at: type: integer username: type: string type: object customer.DeviceToken: properties: createdAt: description: Unix timestamp type: integer deviceType: $ref: '#/definitions/customer.DeviceType' token: type: string updatedAt: description: Unix timestamp type: integer type: object customer.DeviceType: enum: - android - ios type: string x-enum-varnames: - DeviceTypeAndroid - DeviceTypeIOS customer.LoginForm: properties: email_or_mobile: type: string password: type: string type: object customer.RefreshTokenForm: properties: refresh_token: type: string type: object customer.RegisterCustomerForm: properties: birthdate: type: integer company_id: type: string email: type: string full_name: type: string gender: type: string mobile: type: string national_id: type: string password: type: string profile_image: type: string username: type: string type: object customer.RemoveDeviceTokenForm: properties: device_token: type: string type: object customer.UpdateCustomerForm: properties: birthdate: type: integer email: type: string full_name: type: string gender: type: string mobile: type: string national_id: type: string profile_image: type: string status: type: string username: type: string type: object customer.UpdateCustomerStatusForm: properties: status: type: string type: object response.APIError: properties: code: type: string details: type: string message: type: string type: object response.APIResponse: properties: data: {} error: $ref: '#/definitions/response.APIError' message: type: string meta: $ref: '#/definitions/response.Meta' success: type: boolean type: object response.Meta: properties: limit: type: integer offset: type: integer page: type: integer pages: type: integer total: type: integer type: object user.AuthResponse: properties: access_token: type: string expires_at: type: integer refresh_token: type: string user: $ref: '#/definitions/user.UserResponse' type: object user.ChangePasswordForm: properties: new_password: type: string old_password: type: string type: object user.CreateUserForm: properties: company_id: type: string department: type: string email: type: string full_name: type: string password: type: string phone: type: string position: type: string profile_image: type: string role: type: string username: type: string type: object user.LoginForm: properties: email_or_username: type: string password: type: string type: object user.RefreshTokenForm: properties: refresh_token: type: string type: object user.ResetPasswordForm: properties: email: type: string type: object user.UpdateUserForm: properties: company_id: type: string department: type: string email: type: string full_name: type: string phone: type: string position: type: string profile_image: type: string role: type: string status: type: string username: type: string type: object user.UpdateUserRoleForm: properties: role: type: string type: object user.UpdateUserStatusForm: properties: status: type: string type: object user.UserListResponse: properties: limit: type: integer offset: type: integer total: type: integer total_pages: type: integer users: items: $ref: '#/definitions/user.UserResponse' type: array type: object user.UserResponse: properties: company_id: type: string created_at: type: integer created_by: type: string department: type: string email: type: string full_name: type: string id: type: string is_verified: type: boolean last_login_at: type: integer phone: type: string position: type: string profile_image: type: string role: type: string status: type: string updated_at: type: integer updated_by: type: string username: type: string type: object host: localhost:8081 info: contact: email: support@swagger.io name: API Support url: http://www.swagger.io/support description: This is the API documentation for the Tender Management System. license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html termsOfService: http://swagger.io/terms/ title: Tender Management API version: 1.0.0 paths: /admin/customers: get: consumes: - application/json description: Retrieve a paginated list of customers (admin only) parameters: - default: 1 description: Page number in: query name: page type: integer - default: 20 description: Number of items per page in: query name: limit type: integer - description: Search term in: query name: search type: string produces: - application/json responses: "200": description: Customers retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: items: $ref: '#/definitions/customer.CustomerResponse' type: array type: object "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: List customers tags: - customers /admin/customers/{id}: get: consumes: - application/json description: Retrieve customer information by ID (admin only) parameters: - description: Customer ID in: path name: id required: true type: string produces: - application/json responses: "200": description: Customer retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.CustomerResponse' type: object "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "404": description: Customer not found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get customer by ID tags: - customers /admin/customers/{id}/status: put: consumes: - application/json description: Update customer status (admin only) parameters: - description: Customer ID in: path name: id required: true type: string - description: Status update information in: body name: status required: true schema: $ref: '#/definitions/customer.UpdateCustomerStatusForm' produces: - application/json responses: "200": description: Customer status updated successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "404": description: Customer not found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update customer status tags: - customers /admin/customers/device-tokens: get: consumes: - application/json description: Retrieve all device tokens (admin only) produces: - application/json responses: "200": description: Device tokens retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: items: type: string type: array type: object "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get all device tokens tags: - customers /admin/customers/register: post: consumes: - application/json description: Register a new customer with the provided information parameters: - description: Customer registration information in: body name: customer required: true schema: $ref: '#/definitions/customer.RegisterCustomerForm' produces: - application/json responses: "201": description: Customer registered successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.CustomerResponse' type: object "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "409": description: Customer already exists schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' summary: Register a new customer tags: - customers /customers/change-password: put: consumes: - application/json description: Change the authenticated customer's password parameters: - description: Password change information in: body name: password required: true schema: $ref: '#/definitions/customer.ChangePasswordForm' produces: - application/json responses: "200": description: Password changed successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Change customer password tags: - customers /customers/device-token: delete: consumes: - application/json description: Remove a device token for push notifications parameters: - description: Device token information in: body name: device_token required: true schema: $ref: '#/definitions/customer.RemoveDeviceTokenForm' produces: - application/json responses: "200": description: Device token removed successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Remove device token tags: - customers post: consumes: - application/json description: Add a device token for push notifications parameters: - description: Device token information in: body name: device_token required: true schema: $ref: '#/definitions/customer.AddDeviceTokenForm' produces: - application/json responses: "200": description: Device token added successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Add device token tags: - customers /customers/login: post: consumes: - application/json description: Authenticate customer with email and password parameters: - description: Login credentials in: body name: credentials required: true schema: $ref: '#/definitions/customer.LoginForm' produces: - application/json responses: "200": description: Login successful schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.AuthResponse' type: object "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Invalid credentials schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' summary: Customer login tags: - customers /customers/logout: post: consumes: - application/json description: Logout customer and invalidate device token parameters: - description: Logout request with device token in: body name: logout required: true schema: type: object produces: - application/json responses: "200": description: Logged out successfully schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Customer logout tags: - customers /customers/profile: get: consumes: - application/json description: Retrieve the authenticated customer's profile information produces: - application/json responses: "200": description: Profile retrieved successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.CustomerResponse' type: object "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "404": description: Customer not found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get customer profile tags: - customers put: consumes: - application/json description: Update the authenticated customer's profile information parameters: - description: Profile update information in: body name: profile required: true schema: $ref: '#/definitions/customer.UpdateCustomerForm' produces: - application/json responses: "200": description: Profile updated successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.CustomerResponse' type: object "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update customer profile tags: - customers /customers/refresh-token: post: consumes: - application/json description: Refresh the access token using a refresh token parameters: - description: Refresh token information in: body name: token required: true schema: $ref: '#/definitions/customer.RefreshTokenForm' produces: - application/json responses: "200": description: Token refreshed successfully schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/customer.AuthResponse' type: object "400": description: Bad request schema: $ref: '#/definitions/response.APIResponse' "401": description: Invalid refresh token schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal server error schema: $ref: '#/definitions/response.APIResponse' summary: Refresh access token tags: - customers /users/admin: get: consumes: - application/json description: List users with search and filters (admin only) parameters: - description: Search term in: query name: search type: string - description: User status filter in: query name: status type: string - description: User role filter in: query name: role type: string - description: Company ID filter in: query name: company_id type: string - description: Limit results in: query name: limit type: integer - description: Offset results in: query name: offset type: integer - description: Sort field in: query name: sort_by type: string - description: Sort order in: query name: sort_order type: string produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserListResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: List users tags: - users post: consumes: - application/json description: Create a new user (admin only) parameters: - description: User creation data in: body name: user required: true schema: $ref: '#/definitions/user.CreateUserForm' produces: - application/json responses: "201": description: Created schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Create user tags: - users /users/admin/{id}: delete: consumes: - application/json description: Delete a user (admin only) parameters: - description: User ID in: path name: id required: true type: string produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Delete user tags: - users get: consumes: - application/json description: Get user details by ID (admin only) parameters: - description: User ID in: path name: id required: true type: string produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get user by ID tags: - users put: consumes: - application/json description: Update user information (admin only) parameters: - description: User ID in: path name: id required: true type: string - description: User update data in: body name: user required: true schema: $ref: '#/definitions/user.UpdateUserForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user tags: - users /users/admin/{id}/role: put: consumes: - application/json description: Update user role (admin only) parameters: - description: User ID in: path name: id required: true type: string - description: Role update data in: body name: role required: true schema: $ref: '#/definitions/user.UpdateUserRoleForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user role tags: - users /users/admin/{id}/status: put: consumes: - application/json description: Update user account status (admin only) parameters: - description: User ID in: path name: id required: true type: string - description: Status update data in: body name: status required: true schema: $ref: '#/definitions/user.UpdateUserStatusForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user status tags: - users /users/admin/company/{company_id}: get: consumes: - application/json description: Get users belonging to a specific company (admin only) parameters: - description: Company ID in: path name: company_id required: true type: string - description: Limit results in: query name: limit type: integer - description: Offset results in: query name: offset type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get users by company ID tags: - users /users/admin/role/{role}: get: consumes: - application/json description: Get users with a specific role (admin only) parameters: - description: User role in: path name: role required: true type: string - description: Limit results in: query name: limit type: integer - description: Offset results in: query name: offset type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get users by role tags: - users /users/change-password: put: consumes: - application/json description: Change current user password parameters: - description: Password change data in: body name: password required: true schema: $ref: '#/definitions/user.ChangePasswordForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Change password tags: - users /users/login: post: consumes: - application/json description: Authenticate user with email/username and password parameters: - description: Login credentials in: body name: login required: true schema: $ref: '#/definitions/user.LoginForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.AuthResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' summary: Login user tags: - users /users/logout: post: consumes: - application/json description: Logout current user and invalidate tokens produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Logout user tags: - users /users/profile: get: consumes: - application/json description: Get current user profile information produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get user profile tags: - users put: consumes: - application/json description: Update current user profile information parameters: - description: Profile update data in: body name: profile required: true schema: $ref: '#/definitions/user.UpdateUserForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user profile tags: - users /users/refresh-token: post: consumes: - application/json description: Refresh access token using refresh token parameters: - description: Refresh token in: body name: refresh required: true schema: $ref: '#/definitions/user.RefreshTokenForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.AuthResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' summary: Refresh access token tags: - users /users/reset-password: post: consumes: - application/json description: Send password reset email to user parameters: - description: Password reset request in: body name: reset required: true schema: $ref: '#/definitions/user.ResetPasswordForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' summary: Reset password tags: - users securityDefinitions: BearerAuth: description: Type "Bearer" followed by a space and JWT token. in: header name: Authorization type: apiKey swagger: "2.0" tags: - description: Customer management operations name: customers - description: User management operations name: users - description: Health check operations name: health - description: Authentication operations name: auth