enhance API documentation

Author: while1618

backend/spring-boot/src/main/java/org/bugzkit/api/admin/controller/UserController.java

@@ -1,12 +1,18 @@
 package org.bugzkit.api.admin.controller;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import org.bugzkit.api.admin.payload.request.PatchUserRequest;
 import org.bugzkit.api.admin.payload.request.UserRequest;
 import org.bugzkit.api.admin.service.UserService;
 import org.bugzkit.api.shared.constants.Path;
+import org.bugzkit.api.shared.error.ErrorMessage;
 import org.bugzkit.api.shared.generic.crud.CrudController;
 import org.bugzkit.api.user.payload.dto.UserDTO;
 import org.springframework.http.ResponseEntity;
@@ -28,6 +34,30 @@ public UserController(UserService userService) {
     this.userService = userService;
   }
 
+  @Operation(summary = "Partially update a user by ID")
+  @ApiResponses({
+    @ApiResponse(responseCode = "200", description = "OK"),
+    @ApiResponse(
+        responseCode = "400",
+        description = "Validation error",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(
+        responseCode = "401",
+        description = "Unauthorized",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(
+        responseCode = "403",
+        description = "Forbidden",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(
+        responseCode = "404",
+        description = "Not found",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(
+        responseCode = "409",
+        description = "Conflict — username or email already exists",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class)))
+  })
   @PatchMapping("/{id}")
   public ResponseEntity<UserDTO> patch(
       @PathVariable Long id, @Valid @RequestBody PatchUserRequest patchUserRequest) {

backend/spring-boot/src/main/java/org/bugzkit/api/admin/payload/request/PatchUserRequest.java

@@ -1,5 +1,6 @@
 package org.bugzkit.api.admin.payload.request;
 
+import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.Pattern;
 import java.util.Set;
@@ -11,10 +12,18 @@
 @Builder
 @FieldMatch(first = "password", second = "confirmPassword", message = "{user.passwordsDoNotMatch}")
 public record PatchUserRequest(
-    @Pattern(regexp = Regex.USERNAME, message = "{user.usernameInvalid}") String username,
-    @Email(message = "{user.emailInvalid}", regexp = Regex.EMAIL) String email,
-    @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}") String password,
-    @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}") String confirmPassword,
-    Boolean active,
-    Boolean lock,
+    @Schema(example = "john_doe")
+        @Pattern(regexp = Regex.USERNAME, message = "{user.usernameInvalid}")
+        String username,
+    @Schema(example = "john@example.com")
+        @Email(message = "{user.emailInvalid}", regexp = Regex.EMAIL)
+        String email,
+    @Schema(example = "Secret123!")
+        @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}")
+        String password,
+    @Schema(example = "Secret123!")
+        @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}")
+        String confirmPassword,
+    @Schema(example = "true") Boolean active,
+    @Schema(example = "false") Boolean lock,
     Set<RoleName> roleNames) {}

backend/spring-boot/src/main/java/org/bugzkit/api/admin/payload/request/UserRequest.java

@@ -1,5 +1,6 @@
 package org.bugzkit.api.admin.payload.request;
 
+import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.NotEmpty;
@@ -14,18 +15,22 @@
 @Builder
 @FieldMatch(first = "password", second = "confirmPassword", message = "{user.passwordsDoNotMatch}")
 public record UserRequest(
-    @NotBlank(message = "{user.usernameRequired}")
+    @Schema(example = "john_doe")
+        @NotBlank(message = "{user.usernameRequired}")
         @Pattern(regexp = Regex.USERNAME, message = "{user.usernameInvalid}")
         String username,
-    @NotBlank(message = "{user.emailRequired}")
+    @Schema(example = "john@example.com")
+        @NotBlank(message = "{user.emailRequired}")
         @Email(message = "{user.emailInvalid}", regexp = Regex.EMAIL)
         String email,
-    @NotBlank(message = "{user.passwordRequired}")
+    @Schema(example = "Secret123!")
+        @NotBlank(message = "{user.passwordRequired}")
         @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}")
         String password,
-    @NotBlank(message = "{user.passwordRequired}")
+    @Schema(example = "Secret123!")
+        @NotBlank(message = "{user.passwordRequired}")
         @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}")
         String confirmPassword,
-    @NotNull(message = "{user.activeRequired}") Boolean active,
-    @NotNull(message = "{user.lockRequired}") Boolean lock,
+    @Schema(example = "true") @NotNull(message = "{user.activeRequired}") Boolean active,
+    @Schema(example = "false") @NotNull(message = "{user.lockRequired}") Boolean lock,
     @NotEmpty(message = "{user.rolesEmpty}") Set<RoleName> roleNames) {}

backend/spring-boot/src/main/java/org/bugzkit/api/auth/controller/AuthController.java

@@ -1,5 +1,10 @@
 package org.bugzkit.api.auth.controller;
 
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletRequest;
@@ -18,6 +23,7 @@
 import org.bugzkit.api.auth.util.AuthUtil;
 import org.bugzkit.api.auth.util.JwtUtil;
 import org.bugzkit.api.shared.constants.Path;
+import org.bugzkit.api.shared.error.ErrorMessage;
 import org.bugzkit.api.shared.interceptor.RateLimit;
 import org.bugzkit.api.user.payload.dto.UserDTO;
 import org.springframework.beans.factory.annotation.Value;
@@ -53,13 +59,39 @@ public AuthController(AuthService authService, DeviceService deviceService) {
     this.deviceService = deviceService;
   }
 
+  @Operation(summary = "Register a new user account")
+  @ApiResponses({
+    @ApiResponse(responseCode = "201", description = "Registered"),
+    @ApiResponse(
+        responseCode = "400",
+        description = "Validation error",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(
+        responseCode = "409",
+        description = "Username or email already exists",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(responseCode = "429", description = "Too many requests", content = @Content)
+  })
   @RateLimit(requests = 5, duration = 60)
   @PostMapping("/register")
   public ResponseEntity<UserDTO> register(
       @Valid @RequestBody RegisterUserRequest registerUserRequest) {
     return new ResponseEntity<>(authService.register(registerUserRequest), HttpStatus.CREATED);
   }
 
+  @Operation(summary = "Sign in and receive access and refresh token cookies")
+  @ApiResponses({
+    @ApiResponse(responseCode = "204", description = "Authenticated — cookies set"),
+    @ApiResponse(
+        responseCode = "400",
+        description = "Validation error",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(
+        responseCode = "401",
+        description = "Invalid credentials or account inactive/locked",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(responseCode = "429", description = "Too many requests", content = @Content)
+  })
   @RateLimit(requests = 10, duration = 60)
   @PostMapping("/tokens")
   public ResponseEntity<Void> authenticate(
@@ -70,13 +102,23 @@ public ResponseEntity<Void> authenticate(
     return setAuthCookies(authTokens);
   }
 
+  @Operation(summary = "Sign out and clear auth cookies for the current device")
+  @ApiResponse(responseCode = "204", description = "Signed out — cookies cleared")
   @DeleteMapping("/tokens")
   public ResponseEntity<Void> deleteTokens(HttpServletRequest request) {
     final var accessToken = AuthUtil.getValueFromCookie("accessToken", request);
     authService.deleteTokens(accessToken);
     return removeAuthCookies();
   }
 
+  @Operation(summary = "List all active devices for the current user")
+  @ApiResponses({
+    @ApiResponse(responseCode = "200", description = "OK"),
+    @ApiResponse(
+        responseCode = "401",
+        description = "Unauthorized",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class)))
+  })
   @SecurityRequirement(name = "cookieAuth")
   @GetMapping("/tokens/devices")
   public ResponseEntity<List<DeviceDTO>> findAllDevices(HttpServletRequest request) {
@@ -85,19 +127,38 @@ public ResponseEntity<List<DeviceDTO>> findAllDevices(HttpServletRequest request
     return ResponseEntity.ok(deviceService.findAll(deviceId));
   }
 
+  @Operation(summary = "Sign out from all devices and clear auth cookies")
+  @ApiResponse(responseCode = "204", description = "Signed out from all devices")
   @DeleteMapping("/tokens/devices")
   public ResponseEntity<Void> deleteTokensOnAllDevices() {
     authService.deleteTokensOnAllDevices();
     return removeAuthCookies();
   }
 
+  @Operation(summary = "Revoke a specific device and invalidate all access tokens")
+  @ApiResponses({
+    @ApiResponse(responseCode = "204", description = "Device revoked"),
+    @ApiResponse(
+        responseCode = "401",
+        description = "Unauthorized",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class)))
+  })
   @SecurityRequirement(name = "cookieAuth")
   @DeleteMapping("/tokens/devices/{deviceId}")
   public ResponseEntity<Void> revokeDevice(@PathVariable String deviceId) {
     deviceService.revoke(deviceId);
     return ResponseEntity.noContent().build();
   }
 
+  @Operation(summary = "Refresh access and refresh token cookies using the refresh token")
+  @ApiResponses({
+    @ApiResponse(responseCode = "204", description = "Tokens refreshed — cookies updated"),
+    @ApiResponse(
+        responseCode = "400",
+        description = "Invalid or expired refresh token",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(responseCode = "429", description = "Too many requests", content = @Content)
+  })
   @RateLimit(requests = 10, duration = 60)
   @PostMapping("/tokens/refresh")
   public ResponseEntity<Void> refreshTokens(HttpServletRequest request) {
@@ -107,6 +168,15 @@ public ResponseEntity<Void> refreshTokens(HttpServletRequest request) {
     return setAuthCookies(authTokens);
   }
 
+  @Operation(summary = "Send a password reset email")
+  @ApiResponses({
+    @ApiResponse(responseCode = "204", description = "Email sent if account exists"),
+    @ApiResponse(
+        responseCode = "400",
+        description = "Validation error",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(responseCode = "429", description = "Too many requests", content = @Content)
+  })
   @RateLimit(requests = 3, duration = 60)
   @PostMapping("/password/forgot")
   public ResponseEntity<Void> forgotPassword(
@@ -115,6 +185,15 @@ public ResponseEntity<Void> forgotPassword(
     return ResponseEntity.noContent().build();
   }
 
+  @Operation(summary = "Reset password using a token from the reset email")
+  @ApiResponses({
+    @ApiResponse(responseCode = "204", description = "Password reset"),
+    @ApiResponse(
+        responseCode = "400",
+        description = "Invalid or expired token, or validation error",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(responseCode = "429", description = "Too many requests", content = @Content)
+  })
   @RateLimit(requests = 5, duration = 60)
   @PostMapping("/password/reset")
   public ResponseEntity<Void> resetPassword(
@@ -123,6 +202,17 @@ public ResponseEntity<Void> resetPassword(
     return ResponseEntity.noContent().build();
   }
 
+  @Operation(summary = "Resend the email verification link")
+  @ApiResponses({
+    @ApiResponse(
+        responseCode = "204",
+        description = "Email sent if account exists and is inactive"),
+    @ApiResponse(
+        responseCode = "400",
+        description = "Validation error",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(responseCode = "429", description = "Too many requests", content = @Content)
+  })
   @RateLimit(requests = 3, duration = 60)
   @PostMapping("/verification-email")
   public ResponseEntity<Void> sendVerificationMail(
@@ -131,6 +221,15 @@ public ResponseEntity<Void> sendVerificationMail(
     return ResponseEntity.noContent().build();
   }
 
+  @Operation(summary = "Verify email address using a token from the verification email")
+  @ApiResponses({
+    @ApiResponse(responseCode = "204", description = "Email verified"),
+    @ApiResponse(
+        responseCode = "400",
+        description = "Invalid or expired token",
+        content = @Content(schema = @Schema(implementation = ErrorMessage.class))),
+    @ApiResponse(responseCode = "429", description = "Too many requests", content = @Content)
+  })
   @RateLimit(requests = 5, duration = 60)
   @PostMapping("/verify-email")
   public ResponseEntity<Void> verifyEmail(

backend/spring-boot/src/main/java/org/bugzkit/api/auth/payload/request/AuthTokensRequest.java

@@ -1,14 +1,17 @@
 package org.bugzkit.api.auth.payload.request;
 
+import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.Pattern;
 import org.bugzkit.api.shared.constants.Regex;
 import org.bugzkit.api.shared.validator.UsernameOrEmail;
 
 public record AuthTokensRequest(
-    @NotBlank(message = "{user.usernameOrEmailRequired}")
+    @Schema(example = "john_doe")
+        @NotBlank(message = "{user.usernameOrEmailRequired}")
         @UsernameOrEmail(message = "{user.usernameOrEmailInvalid}")
         String usernameOrEmail,
-    @NotBlank(message = "{user.passwordRequired}")
+    @Schema(example = "Secret123!")
+        @NotBlank(message = "{user.passwordRequired}")
         @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}")
         String password) {}

backend/spring-boot/src/main/java/org/bugzkit/api/auth/payload/request/ForgotPasswordRequest.java

@@ -1,10 +1,12 @@
 package org.bugzkit.api.auth.payload.request;
 
+import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.NotBlank;
 import org.bugzkit.api.shared.constants.Regex;
 
 public record ForgotPasswordRequest(
-    @NotBlank(message = "{user.emailRequired}")
+    @Schema(example = "john@example.com")
+        @NotBlank(message = "{user.emailRequired}")
         @Email(message = "{user.emailInvalid}", regexp = Regex.EMAIL)
         String email) {}

backend/spring-boot/src/main/java/org/bugzkit/api/auth/payload/request/RegisterUserRequest.java

@@ -1,5 +1,6 @@
 package org.bugzkit.api.auth.payload.request;
 
+import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.Pattern;
@@ -10,15 +11,19 @@
 @Builder
 @FieldMatch(first = "password", second = "confirmPassword", message = "{user.passwordsDoNotMatch}")
 public record RegisterUserRequest(
-    @NotBlank(message = "{user.usernameRequired}")
+    @Schema(example = "john_doe")
+        @NotBlank(message = "{user.usernameRequired}")
         @Pattern(regexp = Regex.USERNAME, message = "{user.usernameInvalid}")
         String username,
-    @NotBlank(message = "{user.emailRequired}")
+    @Schema(example = "john@example.com")
+        @NotBlank(message = "{user.emailRequired}")
         @Email(message = "{user.emailInvalid}", regexp = Regex.EMAIL)
         String email,
-    @NotBlank(message = "{user.passwordRequired}")
+    @Schema(example = "Secret123!")
+        @NotBlank(message = "{user.passwordRequired}")
         @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}")
         String password,
-    @NotBlank(message = "{user.passwordRequired}")
+    @Schema(example = "Secret123!")
+        @NotBlank(message = "{user.passwordRequired}")
         @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}")
         String confirmPassword) {}

backend/spring-boot/src/main/java/org/bugzkit/api/auth/payload/request/ResetPasswordRequest.java

@@ -1,16 +1,21 @@
 package org.bugzkit.api.auth.payload.request;
 
+import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.Pattern;
 import org.bugzkit.api.shared.constants.Regex;
 import org.bugzkit.api.shared.validator.FieldMatch;
 
 @FieldMatch(first = "password", second = "confirmPassword", message = "{user.passwordsDoNotMatch}")
 public record ResetPasswordRequest(
-    @NotBlank(message = "{auth.tokenRequired}") String token,
-    @NotBlank(message = "{user.passwordRequired}")
+    @Schema(example = "550e8400-e29b-41d4-a716-446655440000")
+        @NotBlank(message = "{auth.tokenRequired}")
+        String token,
+    @Schema(example = "NewSecret123!")
+        @NotBlank(message = "{user.passwordRequired}")
         @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}")
         String password,
-    @NotBlank(message = "{user.passwordRequired}")
+    @Schema(example = "NewSecret123!")
+        @NotBlank(message = "{user.passwordRequired}")
         @Pattern(regexp = Regex.PASSWORD, message = "{user.passwordInvalid}")
         String confirmPassword) {}