From 550398c7011a9f2dff3f4a5c2283c3a263add9c3 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Wed, 6 Mar 2024 04:58:04 -0500
Subject: [PATCH] feat: add swagger spec and support to account api

---
 api/account/account.go   |  17 +++-
 api/account/swagger.yaml | 206 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 221 insertions(+), 2 deletions(-)
 create mode 100644 api/account/swagger.yaml

diff --git a/api/account/account.go b/api/account/account.go
index b8f74ec..8f2b7b5 100644
--- a/api/account/account.go
+++ b/api/account/account.go
@@ -3,8 +3,11 @@ package account
 import (
 	"context"
 	"crypto/ed25519"
+	_ "embed"
 	"net/http"
 
+	"git.lumeweb.com/LumeWeb/portal/api/swagger"
+
 	"git.lumeweb.com/LumeWeb/portal/api/router"
 
 	"git.lumeweb.com/LumeWeb/portal/config"
@@ -20,6 +23,9 @@ import (
 	"go.uber.org/fx"
 )
 
+//go:embed swagger.yaml
+var swagSpec []byte
+
 var (
 	_ registry.API       = (*AccountAPI)(nil)
 	_ router.RoutableAPI = (*AccountAPI)(nil)
@@ -272,7 +278,7 @@ func (a AccountAPI) Routes() (*httprouter.Router, error) {
 		Purpose:  account.JWTPurposeLogin,
 	})
 
-	return jape.Mux(map[string]jape.Handler{
+	routes := map[string]jape.Handler{
 		"POST /api/auth/login":                  middleware.ApplyMiddlewares(a.login, authMw2fa, middleware.ProxyMiddleware),
 		"POST /api/auth/register":               middleware.ApplyMiddlewares(a.register, middleware.ProxyMiddleware),
 		"POST /api/auth/verify-email":           middleware.ApplyMiddlewares(a.verifyEmail, middleware.ProxyMiddleware),
@@ -282,7 +288,14 @@ func (a AccountAPI) Routes() (*httprouter.Router, error) {
 		"POST /api/auth/otp/disable":            middleware.ApplyMiddlewares(a.otpDisable, authMw, middleware.ProxyMiddleware),
 		"POST /api/auth/password-reset/request": middleware.ApplyMiddlewares(a.passwordResetRequest, middleware.ProxyMiddleware),
 		"POST /api/auth/password-reset/confirm": middleware.ApplyMiddlewares(a.passwordResetConfirm, middleware.ProxyMiddleware),
-	}), nil
+	}
+
+	routes, err := swagger.Swagger(swagSpec, routes)
+	if err != nil {
+		return nil, err
+	}
+
+	return jape.Mux(routes), nil
 }
 func (a AccountAPI) Can(w http.ResponseWriter, r *http.Request) bool {
 	return false
diff --git a/api/account/swagger.yaml b/api/account/swagger.yaml
new file mode 100644
index 0000000..a36e491
--- /dev/null
+++ b/api/account/swagger.yaml
@@ -0,0 +1,206 @@
+openapi: 3.0.0
+info:
+    title: Account Management API
+    version: "1.0"
+    description: API for managing user accounts, including login, registration, OTP operations, and password resets.
+paths:
+    /api/auth/login:
+        post:
+            summary: Login to the system
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/LoginRequest'
+            responses:
+                '200':
+                    description: Successfully logged in
+                    headers:
+                        Authorization:
+                            schema:
+                                type: string
+                            description: Bearer token for the session
+                '401':
+                    description: Unauthorized
+    /api/auth/register:
+        post:
+            summary: Register a new account
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/RegisterRequest'
+            responses:
+                '200':
+                    description: Successfully registered
+                '400':
+                    description: Bad Request
+    /api/auth/verify-email:
+        post:
+            summary: Verify email address
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/VerifyEmailRequest'
+            responses:
+                '200':
+                    description: Email verified successfully
+    /api/auth/otp/generate:
+        get:
+            summary: Generate OTP for two-factor authentication
+            responses:
+                '200':
+                    description: OTP generated successfully
+                    content:
+                        application/json:
+                            schema:
+                                $ref: '#/components/schemas/OTPGenerateResponse'
+    /api/auth/otp/verify:
+        post:
+            summary: Verify OTP for enabling two-factor authentication
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/OTPVerifyRequest'
+            responses:
+                '200':
+                    description: OTP verified successfully
+    /api/auth/otp/validate:
+        post:
+            summary: Validate OTP for two-factor authentication login
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/OTPValidateRequest'
+            responses:
+                '200':
+                    description: OTP validated successfully
+    /api/auth/otp/disable:
+        post:
+            summary: Disable OTP for two-factor authentication
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/OTPDisableRequest'
+            responses:
+                '200':
+                    description: OTP disabled successfully
+    /api/auth/password-reset/request:
+        post:
+            summary: Request a password reset
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/PasswordResetRequest'
+            responses:
+                '200':
+                    description: Password reset requested successfully
+    /api/auth/password-reset/confirm:
+        post:
+            summary: Confirm a password reset
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            $ref: '#/components/schemas/PasswordResetVerifyRequest'
+            responses:
+                '200':
+                    description: Password reset successfully
+
+components:
+    schemas:
+        LoginRequest:
+            type: object
+            required:
+                - email
+                - password
+            properties:
+                email:
+                    type: string
+                password:
+                    type: string
+        RegisterRequest:
+            type: object
+            required:
+                - firstName
+                - lastName
+                - email
+                - password
+            properties:
+                firstName:
+                    type: string
+                lastName:
+                    type: string
+                email:
+                    type: string
+                password:
+                    type: string
+        VerifyEmailRequest:
+            type: object
+            required:
+                - email
+                - token
+            properties:
+                email:
+                    type: string
+                token:
+                    type: string
+        OTPGenerateResponse:
+            type: object
+            properties:
+                OTP:
+                    type: string
+        OTPVerifyRequest:
+            type: object
+            required:
+                - OTP
+            properties:
+                OTP:
+                    type: string
+        OTPValidateRequest:
+            type: object
+            required:
+                - OTP
+            properties:
+                OTP:
+                    type: string
+        OTPDisableRequest:
+            type: object
+            required:
+                - password
+            properties:
+                password:
+                    type: string
+        PasswordResetRequest:
+            type: object
+            required:
+                - email
+            properties:
+                email:
+                    type: string
+        PasswordResetVerifyRequest:
+            type: object
+            required:
+                - email
+                - token
+                - password
+            properties:
+                email:
+                    type: string
+                token:
+                    type: string
+                password:
+                    type: string