Files
tm_back/cmd/web/docs/swagger.yaml
T
n.nakhostin 8c1e593686 Implement customer management domain with authorization and API enhancements
- Introduced a new customer management domain, including entities, services, handlers, and forms for customer operations.
- Added JWT-based user authorization settings in the configuration file for both user and customer management.
- Updated API endpoints to reflect the new structure, including changes to health check and user management routes.
- Enhanced Swagger documentation to include new customer-related endpoints and authorization details.
- Refactored the Makefile to include a target for generating API documentation.
- Removed obsolete documentation files to streamline the project structure.
2025-08-11 12:55:08 +03:30

2077 lines
55 KiB
YAML

definitions:
customer.Address:
properties:
addressType:
description: billing, shipping, etc.
type: string
city:
type: string
country:
type: string
isDefault:
type: boolean
postalCode:
type: string
state:
type: string
street:
type: string
type: object
customer.AddressForm:
properties:
address_type:
type: string
city:
type: string
country:
type: string
is_default:
type: boolean
postal_code:
type: string
state:
type: string
street:
type: string
type: object
customer.AuthResponse:
properties:
access_token:
type: string
customer:
$ref: '#/definitions/customer.CustomerResponse'
expires_at:
type: integer
refresh_token:
type: string
type: object
customer.ContactPerson:
properties:
email:
type: string
firstName:
type: string
fullName:
type: string
isPrimary:
type: boolean
lastName:
type: string
mobile:
type: string
phone:
type: string
position:
type: string
type: object
customer.ContactPersonForm:
properties:
email:
type: string
first_name:
type: string
full_name:
type: string
is_primary:
type: boolean
last_name:
type: string
mobile:
type: string
phone:
type: string
position:
type: string
type: object
customer.CreateCustomerForm:
properties:
address:
allOf:
- $ref: '#/definitions/customer.AddressForm'
description: Address information
annual_revenue:
type: number
business_type:
description: Business information
type: string
company_id:
type: string
company_name:
description: Company customer fields
type: string
contact_person:
allOf:
- $ref: '#/definitions/customer.ContactPersonForm'
description: Contact person (for company customers)
currency:
type: string
email:
type: string
employee_count:
type: integer
first_name:
description: Individual customer fields
type: string
founded_year:
type: integer
full_name:
type: string
industry:
type: string
language:
description: Preferences and settings
type: string
last_name:
type: string
mobile:
type: string
password:
type: string
phone:
type: string
registration_number:
type: string
tax_id:
type: string
timezone:
type: string
type:
type: string
username:
type: string
type: object
customer.CustomerListResponse:
properties:
customers:
items:
$ref: '#/definitions/customer.CustomerResponse'
type: array
limit:
type: integer
offset:
type: integer
total:
type: integer
total_pages:
type: integer
type: object
customer.CustomerResponse:
properties:
address:
$ref: '#/definitions/customer.Address'
annual_revenue:
type: number
business_type:
type: string
company_id:
type: string
company_name:
type: string
compliance_notes:
type: string
contact_person:
$ref: '#/definitions/customer.ContactPerson'
created_at:
type: integer
created_by:
type: string
currency:
type: string
email:
type: string
employee_count:
type: integer
first_name:
type: string
founded_year:
type: integer
full_name:
type: string
id:
type: string
industry:
type: string
is_compliant:
type: boolean
is_verified:
type: boolean
language:
type: string
last_name:
type: string
mobile:
type: string
phone:
type: string
registration_number:
type: string
status:
type: string
tax_id:
type: string
timezone:
type: string
type:
type: string
updated_at:
type: integer
updated_by:
type: string
username:
type: string
type: object
customer.LoginForm:
properties:
password:
type: string
username:
type: string
type: object
customer.RefreshTokenForm:
properties:
refresh_token:
type: string
type: object
customer.UpdateCustomerForm:
properties:
address:
allOf:
- $ref: '#/definitions/customer.AddressForm'
description: Address information
annual_revenue:
type: number
business_type:
description: Business information
type: string
company_id:
type: string
company_name:
description: Company customer fields
type: string
contact_person:
allOf:
- $ref: '#/definitions/customer.ContactPersonForm'
description: Contact person (for company customers)
currency:
type: string
email:
type: string
employee_count:
type: integer
first_name:
description: Individual customer fields
type: string
founded_year:
type: integer
full_name:
type: string
industry:
type: string
language:
description: Preferences and settings
type: string
last_name:
type: string
mobile:
type: string
phone:
type: string
registration_number:
type: string
tax_id:
type: string
timezone:
type: string
type:
type: string
username:
type: string
type: object
customer.UpdateCustomerStatusForm:
properties:
status:
type: string
type: object
customer.UpdateCustomerVerificationForm:
properties:
compliance_notes:
type: string
is_compliant:
type: boolean
is_verified:
type: boolean
type: object
main.HealthResponse:
properties:
status:
type: string
time:
type: integer
version:
type: string
type: object
response.APIError:
properties:
code:
type: string
details:
type: string
message:
type: string
type: object
response.APIResponse:
properties:
data: {}
error:
$ref: '#/definitions/response.APIError'
message:
type: string
meta:
$ref: '#/definitions/response.Meta'
success:
type: boolean
type: object
response.Meta:
properties:
limit:
type: integer
offset:
type: integer
page:
type: integer
pages:
type: integer
total:
type: integer
type: object
user.AuthResponse:
properties:
access_token:
type: string
expires_at:
type: integer
refresh_token:
type: string
user:
$ref: '#/definitions/user.UserResponse'
type: object
user.ChangePasswordForm:
properties:
new_password:
type: string
old_password:
type: string
type: object
user.CreateUserForm:
properties:
company_id:
type: string
department:
type: string
email:
type: string
full_name:
type: string
password:
type: string
phone:
type: string
position:
type: string
profile_image:
type: string
role:
type: string
username:
type: string
type: object
user.LoginForm:
properties:
password:
type: string
username:
type: string
type: object
user.RefreshTokenForm:
properties:
refresh_token:
type: string
type: object
user.ResetPasswordForm:
properties:
email:
type: string
type: object
user.UpdateUserForm:
properties:
company_id:
type: string
department:
type: string
email:
type: string
full_name:
type: string
phone:
type: string
position:
type: string
profile_image:
type: string
role:
type: string
status:
type: string
username:
type: string
type: object
user.UpdateUserRoleForm:
properties:
role:
type: string
type: object
user.UpdateUserStatusForm:
properties:
status:
type: string
type: object
user.UserListResponse:
properties:
limit:
type: integer
offset:
type: integer
total:
type: integer
total_pages:
type: integer
users:
items:
$ref: '#/definitions/user.UserResponse'
type: array
type: object
user.UserResponse:
properties:
company_id:
type: string
created_at:
type: integer
created_by:
type: string
department:
type: string
email:
type: string
full_name:
type: string
id:
type: string
is_verified:
type: boolean
last_login_at:
type: integer
phone:
type: string
position:
type: string
profile_image:
type: string
role:
type: string
status:
type: string
updated_at:
type: integer
updated_by:
type: string
username:
type: string
type: object
host: localhost:8081
info:
contact:
email: support@swagger.io
name: API Support
url: http://www.swagger.io/support
description: This is the API documentation for the Tender Management System.
license:
name: Apache 2.0
url: http://www.apache.org/licenses/LICENSE-2.0.html
termsOfService: http://swagger.io/terms/
title: Tender Management API
version: 1.0.0
paths:
/admin/v1/change-password:
put:
consumes:
- application/json
description: Change current user password
parameters:
- description: Password change data
in: body
name: password
required: true
schema:
$ref: '#/definitions/user.ChangePasswordForm'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Change password
tags:
- Users
/admin/v1/customers:
get:
consumes:
- application/json
description: Retrieve a paginated list of customers with advanced filtering
options including search, type, status, company, industry, verification status,
and compliance status. Supports sorting and pagination.
parameters:
- description: Search term to filter customers by name, email, or company name
in: query
name: search
type: string
- description: Filter by customer type
enum:
- individual
- company
- government
in: query
name: type
type: string
- description: Filter by customer status
enum:
- active
- inactive
- suspended
- pending
in: query
name: status
type: string
- description: Filter by company ID
format: uuid
in: query
name: company_id
type: string
- description: Filter by industry
in: query
name: industry
type: string
- description: Filter by verification status
in: query
name: is_verified
type: boolean
- description: Filter by compliance status
in: query
name: is_compliant
type: boolean
- description: Filter by preferred language
in: query
name: language
type: string
- description: Filter by preferred currency
in: query
name: currency
type: string
- default: 20
description: Number of customers per page (1-100)
in: query
maximum: 100
minimum: 1
name: limit
type: integer
- default: 0
description: Number of customers to skip for pagination
in: query
minimum: 0
name: offset
type: integer
- default: created_at
description: Field to sort by
enum:
- email
- company_name
- created_at
- updated_at
- status
in: query
name: sort_by
type: string
- default: desc
description: Sort order
enum:
- asc
- desc
in: query
name: sort_order
type: string
produces:
- application/json
responses:
"200":
description: Customers retrieved successfully
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/customer.CustomerListResponse'
type: object
"400":
description: Bad request - Invalid query parameters
schema:
$ref: '#/definitions/response.APIResponse'
"422":
description: Validation error - Invalid query parameters
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: List customers with filters and pagination
tags:
- Customers-Admin
post:
consumes:
- application/json
description: Create a new customer with comprehensive information including
personal details, company information, address, and business details. This
endpoint is used by the web panel for full customer registration.
parameters:
- description: Customer information including type (individual|company|government),
personal details, company info, address, and business details
in: body
name: customer
required: true
schema:
$ref: '#/definitions/customer.CreateCustomerForm'
produces:
- application/json
responses:
"201":
description: Customer created successfully
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/customer.CustomerResponse'
type: object
"400":
description: Bad request - Invalid input data
schema:
$ref: '#/definitions/response.APIResponse'
"409":
description: Conflict - Customer with this email/company already exists
schema:
$ref: '#/definitions/response.APIResponse'
"422":
description: Validation error - Invalid request data
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Create a new customer
tags:
- Customers-Admin
/admin/v1/customers/{id}:
delete:
consumes:
- application/json
description: Soft delete a customer by setting status to inactive. The customer
record is preserved but marked as deleted. This is a reversible operation.
parameters:
- description: Customer UUID
format: uuid
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: Customer deleted successfully
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad request - Invalid customer ID format
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not found - Customer does not exist
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Delete customer
tags:
- Customers-Admin
get:
consumes:
- application/json
description: Retrieve detailed customer information by unique customer ID. Returns
comprehensive customer data including personal details, company information,
address, verification status, and audit fields.
parameters:
- description: Customer UUID
format: uuid
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: Customer retrieved successfully
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/customer.CustomerResponse'
type: object
"400":
description: Bad request - Invalid customer ID format
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not found - Customer does not exist
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Get customer by ID
tags:
- Customers-Admin
put:
consumes:
- application/json
description: Update existing customer information with comprehensive details.
All fields are optional and only provided fields will be updated. This endpoint
is used by the web panel for full customer management.
parameters:
- description: Customer UUID
format: uuid
in: path
name: id
required: true
type: string
- description: Customer update information - all fields are optional
in: body
name: customer
required: true
schema:
$ref: '#/definitions/customer.UpdateCustomerForm'
produces:
- application/json
responses:
"200":
description: Customer updated successfully
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/customer.CustomerResponse'
type: object
"400":
description: Bad request - Invalid customer ID or input data
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not found - Customer does not exist
schema:
$ref: '#/definitions/response.APIResponse'
"409":
description: Conflict - Customer with this email/company already exists
schema:
$ref: '#/definitions/response.APIResponse'
"422":
description: Validation error - Invalid request data
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Update customer information
tags:
- Customers-Admin
/admin/v1/customers/{id}/activate:
post:
consumes:
- application/json
description: Reactivate a suspended customer account by setting their status
back to active. This reverses the suspension action.
parameters:
- description: Customer UUID
format: uuid
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: Customer activated successfully
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad request - Invalid customer ID
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not found - Customer does not exist
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Activate suspended customer account
tags:
- Customers-Admin
/admin/v1/customers/{id}/status:
patch:
consumes:
- application/json
description: Update the status of a customer account. Valid statuses include
active, inactive, suspended, and pending. This affects the customer's ability
to access the system.
parameters:
- description: Customer UUID
format: uuid
in: path
name: id
required: true
type: string
- description: Status update information
in: body
name: status
required: true
schema:
$ref: '#/definitions/customer.UpdateCustomerStatusForm'
produces:
- application/json
responses:
"200":
description: Customer status updated successfully
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad request - Invalid customer ID or status
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not found - Customer does not exist
schema:
$ref: '#/definitions/response.APIResponse'
"422":
description: Validation error - Invalid status value
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Update customer status
tags:
- Customers-Admin
/admin/v1/customers/{id}/suspend:
post:
consumes:
- application/json
description: Suspend a customer account by setting their status to suspended.
Suspended customers cannot access the system. A reason for suspension must
be provided.
parameters:
- description: Customer UUID
format: uuid
in: path
name: id
required: true
type: string
- description: Suspension reason
in: body
name: reason
required: true
schema:
type: object
produces:
- application/json
responses:
"200":
description: Customer suspended successfully
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad request - Invalid customer ID or missing reason
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not found - Customer does not exist
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Suspend customer account
tags:
- Customers-Admin
/admin/v1/customers/{id}/verification:
patch:
consumes:
- application/json
description: Update the verification and compliance status of a customer. This
includes marking customers as verified and compliant, with optional compliance
notes for audit purposes.
parameters:
- description: Customer UUID
format: uuid
in: path
name: id
required: true
type: string
- description: Verification and compliance update information
in: body
name: verification
required: true
schema:
$ref: '#/definitions/customer.UpdateCustomerVerificationForm'
produces:
- application/json
responses:
"200":
description: Customer verification updated successfully
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad request - Invalid customer ID
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not found - Customer does not exist
schema:
$ref: '#/definitions/response.APIResponse'
"422":
description: Validation error - Invalid verification data
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Update customer verification and compliance status
tags:
- Customers-Admin
/admin/v1/customers/{id}/verify:
post:
consumes:
- application/json
description: Mark a customer as verified. This is a simple verification action
that sets the customer's verification status to true.
parameters:
- description: Customer UUID
format: uuid
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: Customer verified successfully
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad request - Invalid customer ID
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not found - Customer does not exist
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Verify customer
tags:
- Customers-Admin
/admin/v1/customers/company/{companyId}:
get:
consumes:
- application/json
description: Retrieve all customers associated with a specific company. This
is useful for company administrators to see all users within their organization.
parameters:
- description: Company UUID
format: uuid
in: path
name: companyId
required: true
type: string
- default: 20
description: Number of customers per page (1-100)
in: query
maximum: 100
minimum: 1
name: limit
type: integer
- default: 0
description: Number of customers to skip for pagination
in: query
minimum: 0
name: offset
type: integer
produces:
- application/json
responses:
"200":
description: Customers retrieved successfully
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
items:
$ref: '#/definitions/customer.CustomerResponse'
type: array
meta:
$ref: '#/definitions/response.Meta'
type: object
"400":
description: Bad request - Invalid company ID format
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Get customers by company ID
tags:
- Customers-Admin
/admin/v1/customers/status/{status}:
get:
consumes:
- application/json
description: Retrieve customers filtered by their account status (active, inactive,
suspended, or pending). Useful for administrative monitoring and management.
parameters:
- description: Customer status
enum:
- active
- inactive
- suspended
- pending
in: path
name: status
required: true
type: string
- default: 20
description: Number of customers per page (1-100)
in: query
maximum: 100
minimum: 1
name: limit
type: integer
- default: 0
description: Number of customers to skip for pagination
in: query
minimum: 0
name: offset
type: integer
produces:
- application/json
responses:
"200":
description: Customers retrieved successfully
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
items:
$ref: '#/definitions/customer.CustomerResponse'
type: array
meta:
$ref: '#/definitions/response.Meta'
type: object
"400":
description: Bad request - Invalid customer status
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Get customers by status
tags:
- Customers-Admin
/admin/v1/customers/type/{type}:
get:
consumes:
- application/json
description: Retrieve customers filtered by their type (individual, company,
or government). Useful for administrative reporting and management.
parameters:
- description: Customer type
enum:
- individual
- company
- government
in: path
name: type
required: true
type: string
- default: 20
description: Number of customers per page (1-100)
in: query
maximum: 100
minimum: 1
name: limit
type: integer
- default: 0
description: Number of customers to skip for pagination
in: query
minimum: 0
name: offset
type: integer
produces:
- application/json
responses:
"200":
description: Customers retrieved successfully
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
items:
$ref: '#/definitions/customer.CustomerResponse'
type: array
meta:
$ref: '#/definitions/response.Meta'
type: object
"400":
description: Bad request - Invalid customer type
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Get customers by type
tags:
- Customers-Admin
/admin/v1/login:
post:
consumes:
- application/json
description: Authenticate user with username and password
parameters:
- description: Login credentials
in: body
name: login
required: true
schema:
$ref: '#/definitions/user.LoginForm'
produces:
- application/json
responses:
"200":
description: OK
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/user.AuthResponse'
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
summary: Login user
tags:
- Authorization
/admin/v1/logout:
delete:
consumes:
- application/json
description: Logout current user and invalidate tokens
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Logout user
tags:
- Users
/admin/v1/profile:
get:
consumes:
- application/json
description: Get current user profile information
produces:
- application/json
responses:
"200":
description: OK
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/user.UserResponse'
type: object
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not Found
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Get user profile
tags:
- Users
put:
consumes:
- application/json
description: Update current user profile information
parameters:
- description: Profile update data
in: body
name: profile
required: true
schema:
$ref: '#/definitions/user.UpdateUserForm'
produces:
- application/json
responses:
"200":
description: OK
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/user.UserResponse'
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Update user profile
tags:
- Users
/admin/v1/refresh-token:
post:
consumes:
- application/json
description: Refresh access token using refresh token
parameters:
- description: Refresh token
in: body
name: refresh
required: true
schema:
$ref: '#/definitions/user.RefreshTokenForm'
produces:
- application/json
responses:
"200":
description: OK
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/user.AuthResponse'
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
summary: Refresh access token
tags:
- Authorization
/admin/v1/reset-password:
post:
consumes:
- application/json
description: Send password reset email to user
parameters:
- description: Password reset request
in: body
name: reset
required: true
schema:
$ref: '#/definitions/user.ResetPasswordForm'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
summary: Reset password
tags:
- Authorization
/admin/v1/users:
get:
consumes:
- application/json
description: List users with search and filters (admin only)
parameters:
- description: Search term
in: query
name: search
type: string
- description: User status filter
in: query
name: status
type: string
- description: User role filter
in: query
name: role
type: string
- description: Company ID filter
in: query
name: company_id
type: string
- description: Limit results
in: query
name: limit
type: integer
- description: Offset results
in: query
name: offset
type: integer
- description: Sort field
in: query
name: sort_by
type: string
- description: Sort order
in: query
name: sort_order
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/user.UserListResponse'
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"403":
description: Forbidden
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: List users
tags:
- Users
post:
consumes:
- application/json
description: Create a new user (admin only)
parameters:
- description: User creation data
in: body
name: user
required: true
schema:
$ref: '#/definitions/user.CreateUserForm'
produces:
- application/json
responses:
"201":
description: Created
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/user.UserResponse'
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"403":
description: Forbidden
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Create user
tags:
- Users
/admin/v1/users/{id}:
delete:
consumes:
- application/json
description: Delete a user (admin only)
parameters:
- description: User ID
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"403":
description: Forbidden
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not Found
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Delete user
tags:
- Users
get:
consumes:
- application/json
description: Get user details by ID (admin only)
parameters:
- description: User ID
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/user.UserResponse'
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"403":
description: Forbidden
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not Found
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Get user by ID
tags:
- Users
put:
consumes:
- application/json
description: Update user information (admin only)
parameters:
- description: User ID
in: path
name: id
required: true
type: string
- description: User update data
in: body
name: user
required: true
schema:
$ref: '#/definitions/user.UpdateUserForm'
produces:
- application/json
responses:
"200":
description: OK
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/user.UserResponse'
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"403":
description: Forbidden
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not Found
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Update user
tags:
- Users
/admin/v1/users/{id}/role:
put:
consumes:
- application/json
description: Update user role (admin only)
parameters:
- description: User ID
in: path
name: id
required: true
type: string
- description: Role update data
in: body
name: role
required: true
schema:
$ref: '#/definitions/user.UpdateUserRoleForm'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"403":
description: Forbidden
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not Found
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Update user role
tags:
- Users
/admin/v1/users/{id}/status:
put:
consumes:
- application/json
description: Update user account status (admin only)
parameters:
- description: User ID
in: path
name: id
required: true
type: string
- description: Status update data
in: body
name: status
required: true
schema:
$ref: '#/definitions/user.UpdateUserStatusForm'
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/response.APIResponse'
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"403":
description: Forbidden
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not Found
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Update user status
tags:
- Users
/admin/v1/users/company/{company_id}:
get:
consumes:
- application/json
description: Get users belonging to a specific company (admin only)
parameters:
- description: Company ID
in: path
name: company_id
required: true
type: string
- description: Limit results
in: query
name: limit
type: integer
- description: Offset results
in: query
name: offset
type: integer
produces:
- application/json
responses:
"200":
description: Users with pagination metadata
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
additionalProperties: true
type: object
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"403":
description: Forbidden
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Get users by company ID
tags:
- Users
/admin/v1/users/role/{role}:
get:
consumes:
- application/json
description: Get users with a specific role (admin only)
parameters:
- description: User role
in: path
name: role
required: true
type: string
- description: Limit results
in: query
name: limit
type: integer
- description: Offset results
in: query
name: offset
type: integer
produces:
- application/json
responses:
"200":
description: Users with pagination metadata
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
additionalProperties: true
type: object
type: object
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized
schema:
$ref: '#/definitions/response.APIResponse'
"403":
description: Forbidden
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Get users by role
tags:
- Users
/api/v1/login:
post:
consumes:
- application/json
description: Authenticate customer with username (email) and password. Returns
access token, refresh token, and customer information upon successful authentication.
parameters:
- description: Login credentials (username/email and password)
in: body
name: login
required: true
schema:
$ref: '#/definitions/customer.LoginForm'
produces:
- application/json
responses:
"200":
description: Login successful
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/customer.AuthResponse'
type: object
"400":
description: Bad request - Invalid input data
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized - Invalid credentials or inactive account
schema:
$ref: '#/definitions/response.APIResponse'
"422":
description: Validation error - Invalid request data
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
summary: Customer login
tags:
- Customers-Authorization
/api/v1/logout:
delete:
consumes:
- application/json
description: Logout customer and invalidate access token. This ensures the token
cannot be used for future requests.
produces:
- application/json
responses:
"200":
description: Logout successful
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized - Invalid or missing access token
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Customer logout
tags:
- Customers-Authorization
/api/v1/profile:
get:
consumes:
- application/json
description: Retrieve authenticated customer's profile information. This endpoint
requires a valid access token and returns the customer's own profile data.
produces:
- application/json
responses:
"200":
description: Profile retrieved successfully
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/customer.CustomerResponse'
type: object
"401":
description: Unauthorized - Invalid or missing access token
schema:
$ref: '#/definitions/response.APIResponse'
"404":
description: Not found - Customer profile not found
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
security:
- BearerAuth: []
summary: Get customer profile
tags:
- Customers-Authorization
/api/v1/refresh-token:
post:
consumes:
- application/json
description: Refresh access token using a valid refresh token. This allows customers
to maintain their session without re-authentication.
parameters:
- description: Refresh token for generating new access token
in: body
name: refresh
required: true
schema:
$ref: '#/definitions/customer.RefreshTokenForm'
produces:
- application/json
responses:
"200":
description: Token refreshed successfully
schema:
allOf:
- $ref: '#/definitions/response.APIResponse'
- properties:
data:
$ref: '#/definitions/customer.AuthResponse'
type: object
"400":
description: Bad request - Invalid refresh token or feature not implemented
schema:
$ref: '#/definitions/response.APIResponse'
"401":
description: Unauthorized - Invalid or expired refresh token
schema:
$ref: '#/definitions/response.APIResponse'
"422":
description: Validation error - Invalid request data
schema:
$ref: '#/definitions/response.APIResponse'
"500":
description: Internal server error
schema:
$ref: '#/definitions/response.APIResponse'
summary: Refresh customer access token
tags:
- Customers-Authorization
/health:
get:
consumes:
- application/json
description: Get server health status
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/main.HealthResponse'
summary: Health check
tags:
- Health
securityDefinitions:
BearerAuth:
description: Type "Bearer" followed by a space and JWT token.
in: header
name: Authorization
type: apiKey
swagger: "2.0"
tags:
- description: User management operations including authentication, profile management,
and admin operations
name: Users
- description: Authentication operations including login, logout, and token management
name: Authorization
- description: Customer management operations including authentication, profile management,
and admin operations
name: Customers-Admin
- description: Customer authentication operations including login, logout, and token
management
name: Customers-Authorization
- description: Health check operations
name: Health