basePath: /v1 definitions: handlers.LoginRequest: properties: email: type: string password: type: string required: - email - password type: object handlers.RefreshRequest: properties: refresh_token: type: string required: - refresh_token type: object handlers.RegisterRequest: properties: email: type: string password: minLength: 6 type: string username: minLength: 3 type: string required: - email - password - username type: object models.CorsBlacklist: properties: created_at: type: string created_by: type: string id: type: string is_active: type: boolean origin: type: string reason: type: string updated_at: type: string type: object models.CorsWhitelist: properties: created_at: type: string created_by: type: string description: type: string id: type: string is_active: type: boolean origin: type: string updated_at: type: string type: object models.Permission: properties: description: type: string id: type: integer name: description: user:read, user:write type: string type: object models.RateLimitSetting: properties: created_at: type: string description: type: string id: type: string is_active: type: boolean max_requests: description: Max istek sayısı type: integer name: description: e.g., "login", "register", "api" type: string updated_at: type: string updated_by: type: string window_seconds: description: Zaman penceresi (saniye) type: integer type: object models.Role: properties: description: type: string id: type: integer name: description: admin, user type: string permissions: items: $ref: '#/definitions/models.Permission' type: array type: object models.SocialAccount: properties: avatar_url: description: Avatar URL from provider type: string created_at: type: string email: type: string id: type: string name: description: Full name from provider type: string provider: description: google, github type: string provider_id: type: string updated_at: type: string user_id: type: string type: object models.User: properties: avatar: description: Avatar URL from OAuth or uploaded type: string created_at: type: string email: type: string email_verified: description: |- Email verification: only required for email/password registration; OAuth users are treated as verified Changed to *bool to handle false values correctly with GORM defaults type: boolean email_verified_at: type: string id: type: string roles: items: $ref: '#/definitions/models.Role' type: array social_accounts: items: $ref: '#/definitions/models.SocialAccount' type: array updated_at: type: string username: type: string type: object info: contact: {} description: Centralized Authentication Service title: GAuth-Central API version: "1.0" paths: /admin/users: get: parameters: - default: 1 description: Page number in: query name: page type: integer - default: 10 description: Items per page in: query name: limit type: integer produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Get all users (Admin only) tags: - Admin - User Management post: consumes: - multipart/form-data parameters: - description: Email in: formData name: email required: true type: string - description: Password in: formData name: password required: true type: string - description: Username in: formData name: user_name required: true type: string - description: Email verified in: formData name: email_verified type: boolean - description: 'Roles (comma separated: admin,user)' in: formData name: roles type: string - description: Avatar image in: formData name: avatar type: file produces: - application/json responses: "201": description: Created schema: $ref: '#/definitions/models.User' security: - ApiKeyAuth: [] summary: Create new user (Admin only) tags: - Admin - User Management /admin/users/{id}: delete: parameters: - description: User ID in: path name: id required: true type: string - default: false description: Hard delete (permanent) in: query name: hard type: boolean responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Delete user (Admin only) tags: - Admin - User Management get: parameters: - description: User ID in: path name: id required: true type: string produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/models.User' security: - ApiKeyAuth: [] summary: Get user by ID (Admin only) tags: - Admin - User Management put: consumes: - multipart/form-data parameters: - description: User ID in: path name: id required: true type: string - description: Email in: formData name: email type: string - description: Password in: formData name: password type: string - description: Username in: formData name: user_name type: string - description: Email verified in: formData name: email_verified type: boolean - description: 'Roles (comma separated: admin,user)' in: formData name: roles type: string - description: Avatar image in: formData name: avatar type: file produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Update user (Admin only) tags: - Admin - User Management /admin/users/{id}/avatar: post: consumes: - multipart/form-data parameters: - description: User ID in: path name: id required: true type: string - description: Avatar image file in: formData name: avatar required: true type: file produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Upload avatar for any user (Admin only) tags: - Admin - User Management /admin/users/{id}/restore: post: parameters: - description: User ID in: path name: id required: true type: string responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Restore a soft deleted user (Admin only) tags: - Admin - User Management /admin/users/{id}/roles: post: consumes: - application/json parameters: - description: User ID in: path name: id required: true type: string - description: Roles in: body name: roles required: true schema: type: object produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Assign roles to user (Admin only) tags: - Admin - User Management /admin/users/{id}/roles/{role}: delete: parameters: - description: User ID in: path name: id required: true type: string - description: Role name in: path name: role required: true type: string responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Remove role from user (Admin only) tags: - Admin - User Management /admin/users/deleted: get: parameters: - default: 1 description: Page number in: query name: page type: integer - default: 10 description: Items per page in: query name: limit type: integer produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Get all soft deleted users (Admin only) tags: - Admin - User Management /admin/users/search: get: parameters: - description: Search query in: query name: q required: true type: string - default: 1 description: Page number in: query name: page type: integer - default: 10 description: Items per page in: query name: limit type: integer produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Search users (Admin only) tags: - Admin - User Management /auth/{provider}: get: description: Redirect to OAuth2 provider parameters: - description: Provider (google, github) in: path name: provider required: true type: string responses: {} summary: Start OAuth2 flow tags: - oauth /auth/{provider}/callback: get: description: Handle callback from OAuth2 provider parameters: - description: Provider (google, github) in: path name: provider required: true type: string responses: "200": description: OK schema: additionalProperties: type: string type: object "401": description: Unauthorized schema: additionalProperties: type: string type: object summary: OAuth2 Callback tags: - oauth /auth/login: post: consumes: - application/json description: Login with email and password to get JWT token parameters: - description: Login Request in: body name: request required: true schema: $ref: '#/definitions/handlers.LoginRequest' produces: - application/json responses: "200": description: OK schema: additionalProperties: type: string type: object "400": description: Bad Request schema: additionalProperties: type: string type: object "401": description: Unauthorized schema: additionalProperties: type: string type: object summary: Login user tags: - auth /auth/me: get: description: Get details of the currently authenticated user produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/models.User' "401": description: Unauthorized schema: additionalProperties: type: string type: object security: - ApiKeyAuth: [] summary: Get Current User Profile tags: - auth /auth/refresh: post: consumes: - application/json description: 'usage: send refresh_token to get new access_token' parameters: - description: Refresh Request in: body name: request required: true schema: $ref: '#/definitions/handlers.RefreshRequest' produces: - application/json responses: "200": description: OK schema: additionalProperties: type: string type: object "400": description: Bad Request schema: additionalProperties: type: string type: object "401": description: Unauthorized schema: additionalProperties: type: string type: object summary: Refresh Access Token tags: - auth /auth/register: post: consumes: - application/json description: Register with username, email and password parameters: - description: Register Request in: body name: request required: true schema: $ref: '#/definitions/handlers.RegisterRequest' produces: - application/json responses: "201": description: Created schema: additionalProperties: true type: object "400": description: Bad Request schema: additionalProperties: type: string type: object summary: Register a new user tags: - auth /auth/verify-email: get: description: Verify email with token sent after email/password registration parameters: - description: Verification token in: query name: token required: true type: string responses: "200": description: OK schema: additionalProperties: type: string type: object "400": description: Bad Request schema: additionalProperties: type: string type: object summary: Verify email address tags: - auth /profile: get: produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/models.User' security: - ApiKeyAuth: [] summary: Get current user profile tags: - Profile put: consumes: - multipart/form-data parameters: - description: Username in: formData name: user_name type: string - description: Avatar image in: formData name: avatar type: file produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Update current user profile tags: - Profile /profile/email: put: consumes: - application/json parameters: - description: Email change request in: body name: request required: true schema: type: object produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Change email address tags: - Profile /profile/password: put: consumes: - application/json parameters: - description: Password change request in: body name: request required: true schema: type: object produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Change password tags: - Profile /settings/cors/blacklist: get: produces: - application/json responses: "200": description: OK schema: items: $ref: '#/definitions/models.CorsBlacklist' type: array security: - ApiKeyAuth: [] summary: Get all CORS blacklist entries tags: - Settings post: consumes: - application/json parameters: - description: Blacklist data in: body name: blacklist required: true schema: type: object produces: - application/json responses: "201": description: Created schema: $ref: '#/definitions/models.CorsBlacklist' security: - ApiKeyAuth: [] summary: Create CORS blacklist entry tags: - Settings /settings/cors/blacklist/{id}: delete: parameters: - description: Blacklist ID in: path name: id required: true type: string responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Delete CORS blacklist entry tags: - Settings put: consumes: - application/json parameters: - description: Blacklist ID in: path name: id required: true type: string - description: Update data in: body name: blacklist required: true schema: type: object produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Update CORS blacklist entry tags: - Settings /settings/cors/whitelist: get: produces: - application/json responses: "200": description: OK schema: items: $ref: '#/definitions/models.CorsWhitelist' type: array security: - ApiKeyAuth: [] summary: Get all CORS whitelist entries tags: - Settings post: consumes: - application/json parameters: - description: Whitelist data in: body name: whitelist required: true schema: type: object produces: - application/json responses: "201": description: Created schema: $ref: '#/definitions/models.CorsWhitelist' security: - ApiKeyAuth: [] summary: Create CORS whitelist entry tags: - Settings /settings/cors/whitelist/{id}: delete: parameters: - description: Whitelist ID in: path name: id required: true type: string responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Delete CORS whitelist entry tags: - Settings put: consumes: - application/json parameters: - description: Whitelist ID in: path name: id required: true type: string - description: Update data in: body name: whitelist required: true schema: type: object produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Update CORS whitelist entry tags: - Settings /settings/ratelimit: get: produces: - application/json responses: "200": description: OK schema: items: $ref: '#/definitions/models.RateLimitSetting' type: array security: - ApiKeyAuth: [] summary: Get all rate limit settings tags: - Settings /settings/ratelimit/{id}: put: consumes: - application/json parameters: - description: Setting ID in: path name: id required: true type: string - description: Update data in: body name: setting required: true schema: type: object produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Update rate limit setting tags: - Settings /user/avatar: delete: produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Delete user avatar tags: - User post: consumes: - multipart/form-data parameters: - description: Avatar image file in: formData name: avatar required: true type: file produces: - application/json responses: "200": description: OK schema: additionalProperties: true type: object security: - ApiKeyAuth: [] summary: Upload user avatar tags: - User securityDefinitions: ApiKeyAuth: in: header name: Authorization type: apiKey swagger: "2.0"