NM-240: update api swagger docs (#3861)

* NM-240: update api swagger docs

* NM-240: remove api doc for debug api

* NM-240: generate swagger

* NM-240: remove deprecated and unused apis, update jit models

* NM-240: deprecate ununsed apis from api docs

controllers/acls.go

@@ -37,8 +37,9 @@ func aclHandlers(r *mux.Router) {
 // @Summary     List Acl Policy types
 // @Router      /api/v1/acls/policy_types [get]
 // @Tags        ACL
-// @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Success     200 {object} models.AclPolicyTypes
 // @Failure     500 {object} models.ErrorResponse
 func aclPolicyTypes(w http.ResponseWriter, r *http.Request) {
 	resp := models.AclPolicyTypes{
@@ -198,8 +199,10 @@ func aclDebug(w http.ResponseWriter, r *http.Request) {
 // @Summary     List Acls in a network
 // @Router      /api/v1/acls [get]
 // @Tags        ACL
-// @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Param       network query string true "Network ID"
+// @Success     200 {array} models.Acl
 // @Failure     500 {object} models.ErrorResponse
 func getAcls(w http.ResponseWriter, r *http.Request) {
 	netID := r.URL.Query().Get("network")
@@ -223,11 +226,13 @@ func getAcls(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, acls, "fetched all acls in the network "+netID)
 }
 
-// @Summary     List Egress Acls in a network
+// @Summary     List Egress Acls
 // @Router      /api/v1/acls/egress [get]
 // @Tags        ACL
-// @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Param       egress_id query string true "Egress ID"
+// @Success     200 {array} models.Acl
 // @Failure     500 {object} models.ErrorResponse
 func getEgressAcls(w http.ResponseWriter, r *http.Request) {
 	eID := r.URL.Query().Get("egress_id")
@@ -255,8 +260,12 @@ func getEgressAcls(w http.ResponseWriter, r *http.Request) {
 // @Summary     Create Acl
 // @Router      /api/v1/acls [post]
 // @Tags        ACL
+// @Security    oauth
 // @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Produce     json
+// @Param       body body models.Acl true "ACL policy details"
+// @Success     200 {object} models.Acl
+// @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func createAcl(w http.ResponseWriter, r *http.Request) {
 	var req models.Acl
@@ -325,8 +334,12 @@ func createAcl(w http.ResponseWriter, r *http.Request) {
 // @Summary     Update Acl
 // @Router      /api/v1/acls [put]
 // @Tags        ACL
+// @Security    oauth
 // @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Produce     json
+// @Param       body body models.UpdateAclRequest true "ACL update details"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func updateAcl(w http.ResponseWriter, r *http.Request) {
 	var updateAcl models.UpdateAclRequest
@@ -387,8 +400,11 @@ func updateAcl(w http.ResponseWriter, r *http.Request) {
 // @Summary     Delete Acl
 // @Router      /api/v1/acls [delete]
 // @Tags        ACL
-// @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Param       acl_id query string true "ACL ID"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func deleteAcl(w http.ResponseWriter, r *http.Request) {
 	aclID, _ := url.QueryUnescape(r.URL.Query().Get("acl_id"))

controllers/dns.go

@@ -48,9 +48,10 @@ func dnsHandlers(r *mux.Router) {
 
 // @Summary     List Global Nameservers
 // @Router      /api/v1/nameserver/global [get]
-// @Tags        Auth
-// @Accept      json
-// @Success     200 {object} models.SuccessResponse
+// @Tags        DNS
+// @Security    oauth
+// @Produce     json
+// @Success     200 {object} map[string]schema.Nameserver
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -62,9 +63,11 @@ func getGlobalNs(w http.ResponseWriter, r *http.Request) {
 // @Summary     Create Nameserver
 // @Router      /api/v1/nameserver [post]
 // @Tags        DNS
+// @Security    oauth
 // @Accept      json
+// @Produce     json
 // @Param       body body models.NameserverReq true "Nameserver request body"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} schema.Nameserver
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -151,10 +154,11 @@ func createNs(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     List Nameservers
 // @Router      /api/v1/nameserver [get]
-// @Tags        Auth
-// @Accept      json
+// @Tags        DNS
+// @Security    oauth
+// @Produce     json
 // @Param       network query string true "Network identifier"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {array} schema.Nameserver
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -180,10 +184,12 @@ func listNs(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Update Nameserver
 // @Router      /api/v1/nameserver [put]
-// @Tags        Auth
+// @Tags        DNS
+// @Security    oauth
 // @Accept      json
+// @Produce     json
 // @Param       body body models.NameserverReq true "Nameserver request body"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} schema.Nameserver
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -296,10 +302,12 @@ func updateNs(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Delete Nameserver Resource
 // @Router      /api/v1/nameserver [delete]
-// @Tags        Auth
+// @Tags        DNS
+// @Security    oauth
 // @Accept      json
+// @Produce     json
 // @Param       id query string true "Nameserver ID"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {string} string
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -351,9 +359,10 @@ func deleteNs(w http.ResponseWriter, r *http.Request) {
 }
 
 // @Summary     Gets node DNS entries associated with a network
-// @Router      /api/dns/{network} [get]
+// @Router      /api/dns/adm/{network}/nodes [get]
 // @Tags        DNS
-// @Accept      json
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network identifier"
 // @Success     200 {array} models.DNSEntry
 // @Failure     500 {object} models.ErrorResponse
@@ -378,7 +387,8 @@ func getNodeDNS(w http.ResponseWriter, r *http.Request) {
 // @Summary     Get all DNS entries
 // @Router      /api/dns [get]
 // @Tags        DNS
-// @Accept      json
+// @Security    oauth
+// @Produce     json
 // @Success     200 {array} models.DNSEntry
 // @Failure     500 {object} models.ErrorResponse
 func getAllDNS(w http.ResponseWriter, r *http.Request) {
@@ -397,7 +407,8 @@ func getAllDNS(w http.ResponseWriter, r *http.Request) {
 // @Summary     Gets custom DNS entries associated with a network
 // @Router      /api/dns/adm/{network}/custom [get]
 // @Tags        DNS
-// @Accept      json
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network identifier"
 // @Success     200 {array} models.DNSEntry
 // @Failure     500 {object} models.ErrorResponse
@@ -429,7 +440,8 @@ func getCustomDNS(w http.ResponseWriter, r *http.Request) {
 // @Summary     Get all DNS entries associated with the network
 // @Router      /api/dns/adm/{network} [get]
 // @Tags        DNS
-// @Accept      json
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network identifier"
 // @Success     200 {array} models.DNSEntry
 // @Failure     500 {object} models.ErrorResponse
@@ -452,9 +464,11 @@ func getDNS(w http.ResponseWriter, r *http.Request) {
 }
 
 // @Summary     Create a new DNS entry
-// @Router      /api/dns/adm/{network} [post]
+// @Router      /api/dns/{network} [post]
 // @Tags        DNS
+// @Security    oauth
 // @Accept      json
+// @Produce     json
 // @Param       network path string true "Network identifier"
 // @Param       body body models.DNSEntry true "DNS entry details"
 // @Success     200 {object} models.DNSEntry
@@ -508,10 +522,11 @@ func createDNS(w http.ResponseWriter, r *http.Request) {
 // @Summary     Delete a DNS entry
 // @Router      /api/dns/{network}/{domain} [delete]
 // @Tags        DNS
-// @Accept      json
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network identifier"
 // @Param       domain path string true "Domain Name"
-// @Success     200 {array} models.DNSEntry
+// @Success     200 {string} string
 // @Failure     500 {object} models.ErrorResponse
 func deleteDNS(w http.ResponseWriter, r *http.Request) {
 	// Set header
@@ -565,7 +580,8 @@ func GetDNSEntry(domain string, network string) (models.DNSEntry, error) {
 // @Summary     Push DNS entries to nameserver
 // @Router      /api/dns/adm/pushdns [post]
 // @Tags        DNS
-// @Accept      json
+// @Security    oauth
+// @Produce     json
 // @Success     200 {string} string "DNS Pushed to CoreDNS"
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -595,7 +611,8 @@ func pushDNS(w http.ResponseWriter, r *http.Request) {
 // @Summary     Sync DNS entries for a given network
 // @Router      /api/dns/adm/{network}/sync [post]
 // @Tags        DNS
-// @Accept      json
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network identifier"
 // @Success     200 {string} string "DNS Sync completed successfully"
 // @Failure     400 {object} models.ErrorResponse

controllers/egress.go

@@ -27,10 +27,12 @@ func egressHandlers(r *mux.Router) {
 
 // @Summary     Create Egress Resource
 // @Router      /api/v1/egress [post]
-// @Tags        Auth
+// @Tags        Egress
+// @Security    oauth
 // @Accept      json
+// @Produce     json
 // @Param       body body models.EgressReq true "Egress request data"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} schema.Egress
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -174,12 +176,13 @@ func createEgress(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, e, "created egress resource")
 }
 
-// @Summary     List Egress Resource
+// @Summary     List Egress Resources
 // @Router      /api/v1/egress [get]
-// @Tags        Auth
-// @Accept      json
+// @Tags        Egress
+// @Security    oauth
+// @Produce     json
 // @Param       network query string true "Network identifier"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {array} schema.Egress
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -205,10 +208,12 @@ func listEgress(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Update Egress Resource
 // @Router      /api/v1/egress [put]
-// @Tags        Auth
+// @Tags        Egress
+// @Security    oauth
 // @Accept      json
+// @Produce     json
 // @Param       body body models.EgressReq true "Egress request data"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} schema.Egress
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -394,8 +399,9 @@ func updateEgress(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Delete Egress Resource
 // @Router      /api/v1/egress [delete]
-// @Tags        Auth
-// @Accept      json
+// @Tags        Egress
+// @Security    oauth
+// @Produce     json
 // @Param       id query string true "Egress resource ID"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse

controllers/enrollmentkeys.go

@@ -38,6 +38,7 @@ func enrollmentKeyHandlers(r *mux.Router) {
 // @Router      /api/v1/enrollment-keys [get]
 // @Tags        EnrollmentKeys
 // @Security    oauth
+// @Produce     json
 // @Success     200 {array} models.EnrollmentKey
 // @Failure     500 {object} models.ErrorResponse
 func getEnrollmentKeys(w http.ResponseWriter, r *http.Request) {
@@ -65,11 +66,11 @@ func getEnrollmentKeys(w http.ResponseWriter, r *http.Request) {
 }
 
 // @Summary     Deletes an EnrollmentKey from Netmaker server
-// @Router      /api/v1/enrollment-keys/{keyid} [delete]
+// @Router      /api/v1/enrollment-keys/{keyID} [delete]
 // @Tags        EnrollmentKeys
 // @Security    oauth
-// @Param       keyid path string true "Enrollment Key ID"
-// @Success     200
+// @Param       keyID path string true "Enrollment Key ID"
+// @Success     200 {string} string
 // @Failure     500 {object} models.ErrorResponse
 func deleteEnrollmentKey(w http.ResponseWriter, r *http.Request) {
 	params := mux.Vars(r)
@@ -112,6 +113,8 @@ func deleteEnrollmentKey(w http.ResponseWriter, r *http.Request) {
 // @Router      /api/v1/enrollment-keys [post]
 // @Tags        EnrollmentKeys
 // @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       body body models.APIEnrollmentKey true "Enrollment Key parameters"
 // @Success     200 {object} models.EnrollmentKey
 // @Failure     400 {object} models.ErrorResponse
@@ -220,11 +223,13 @@ func createEnrollmentKey(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(newEnrollmentKey)
 }
 
-// @Summary     Updates an EnrollmentKey. Updates are only limited to the relay to use
-// @Router      /api/v1/enrollment-keys/{keyid} [put]
+// @Summary     Updates an EnrollmentKey
+// @Router      /api/v1/enrollment-keys/{keyID} [put]
 // @Tags        EnrollmentKeys
 // @Security    oauth
-// @Param       keyid path string true "Enrollment Key ID"
+// @Accept      json
+// @Produce     json
+// @Param       keyID path string true "Enrollment Key ID"
 // @Param       body body models.APIEnrollmentKey true "Enrollment Key parameters"
 // @Success     200 {object} models.EnrollmentKey
 // @Failure     400 {object} models.ErrorResponse
@@ -290,7 +295,8 @@ func updateEnrollmentKey(w http.ResponseWriter, r *http.Request) {
 // @Summary     Handles a Netclient registration with server and add nodes accordingly
 // @Router      /api/v1/host/register/{token} [post]
 // @Tags        EnrollmentKeys
-// @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       token path string true "Enrollment Key Token"
 // @Param       body body models.Host true "Host registration parameters"
 // @Success     200 {object} models.RegisterResponse

controllers/ext_client.go

@@ -59,12 +59,13 @@ func checkIngressExists(nodeID string) bool {
 	return node.IsIngressGateway
 }
 
-// @Summary     Get all remote access client associated with network
+// @Summary     Get all config files associated with network
 // @Router      /api/extclients/{network} [get]
-// @Tags        Remote Access Client
-// @Security    oauth2
+// @Tags        Config Files
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
-// @Success     200 {object} models.ExtClient
+// @Success     200 {array} models.ExtClient
 // @Failure     500 {object} models.ErrorResponse
 func getNetworkExtClients(w http.ResponseWriter, r *http.Request) {
 
@@ -86,14 +87,13 @@ func getNetworkExtClients(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(extclients)
 }
 
-// @Summary     Fetches All Remote Access Clients across all networks
+// @Summary     Fetch all config files across all networks
 // @Router      /api/extclients [get]
-// @Tags        Remote Access Client
-// @Security    oauth2
-// @Success     200 {object} models.ExtClient
+// @Tags        Config Files
+// @Security    oauth
+// @Produce     json
+// @Success     200 {array} models.ExtClient
 // @Failure     500 {object} models.ErrorResponse
-// Not quite sure if this is necessary. Probably necessary based on front end but may
-// want to review after iteration 1 if it's being used or not
 func getAllExtClients(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
@@ -110,10 +110,11 @@ func getAllExtClients(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(clients)
 }
 
-// @Summary     Get an individual remote access client
+// @Summary     Get an individual config file
 // @Router      /api/extclients/{network}/{clientid} [get]
-// @Tags        Remote Access Client
-// @Security    oauth2
+// @Tags        Config Files
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       clientid path string true "Client ID"
 // @Success     200 {object} models.ExtClient
@@ -149,13 +150,15 @@ func getExtClient(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(client)
 }
 
-// @Summary     Get an individual remote access client
+// @Summary     Get config file configuration
 // @Router      /api/extclients/{network}/{clientid}/{type} [get]
-// @Tags        Remote Access Client
-// @Security    oauth2
+// @Tags        Config Files
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       clientid path string true "Client ID"
-// @Param       type path string true "Client config type"
+// @Param       type path string true "Config type (qr or file)"
+// @Param       preferredip query string false "Preferred endpoint IP"
 // @Success     200 {object} models.ExtClient
 // @Failure     500 {object} models.ErrorResponse
 // @Failure     403 {object} models.ErrorResponse
@@ -391,12 +394,12 @@ Endpoint = %s
 	json.NewEncoder(w).Encode(client)
 }
 
-// @Summary     Get an individual remote access client
+// @Summary     Get config file HA configuration
 // @Router      /api/v1/client_conf/{network} [get]
-// @Tags        Remote Access Client
-// @Security    oauth2
+// @Tags        Config Files
+// @Security    oauth
 // @Param       network path string true "Network ID"
-// @Success     200 {object} models.ExtClient
+// @Success     200 {string} string "WireGuard config file"
 // @Failure     500 {object} models.ErrorResponse
 // @Failure     403 {object} models.ErrorResponse
 func getExtClientHAConf(w http.ResponseWriter, r *http.Request) {
@@ -630,13 +633,16 @@ Endpoint = %s
 	}
 }
 
-// @Summary     Create an individual remote access client
+// @Summary     Create a config file
 // @Router      /api/extclients/{network}/{nodeid} [post]
-// @Tags        Remote Access Client
-// @Security    oauth2
+// @Tags        Config Files
+// @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       nodeid path string true "Node ID (Ingress Gateway)"
-// @Success     200 {string} string "OK"
+// @Param       body body models.CustomExtClient true "Custom ext client parameters"
+// @Success     200 {object} models.ExtClient
 // @Failure     500 {object} models.ErrorResponse
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     403 {object} models.ErrorResponse
@@ -883,12 +889,15 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 	}()
 }
 
-// @Summary     Update an individual remote access client
+// @Summary     Update a config file
 // @Router      /api/extclients/{network}/{clientid} [put]
-// @Tags        Remote Access Client
-// @Security    oauth2
+// @Tags        Config Files
+// @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       clientid path string true "Client ID"
+// @Param       body body models.CustomExtClient true "Custom ext client update"
 // @Success     200 {object} models.ExtClient
 // @Failure     500 {object} models.ErrorResponse
 // @Failure     400 {object} models.ErrorResponse
@@ -1031,13 +1040,14 @@ func updateExtClient(w http.ResponseWriter, r *http.Request) {
 
 }
 
-// @Summary     Delete an individual remote access client
+// @Summary     Delete a config file
 // @Router      /api/extclients/{network}/{clientid} [delete]
-// @Tags        Remote Access Client
-// @Security    oauth2
+// @Tags        Config Files
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       clientid path string true "Client ID"
-// @Success     200
+// @Success     200 {object} models.SuccessResponse
 // @Failure     500 {object} models.ErrorResponse
 // @Failure     403 {object} models.ErrorResponse
 func deleteExtClient(w http.ResponseWriter, r *http.Request) {

controllers/files.go

@@ -6,12 +6,6 @@ import (
 	"github.com/gorilla/mux"
 )
 
-// @Summary     Retrieve a file from the file server
-// @Router      /meshclient/files/{filename}  [get]
-// @Tags        Meshclient
-// @Param       filename path string true "Filename"
-// @Success     200 {file} file "file"
-// @Failure     404 {string} string "404 not found"
 func fileHandlers(r *mux.Router) {
 	r.PathPrefix("/meshclient/files").
 		Handler(http.StripPrefix("/meshclient/files", http.FileServer(http.Dir("./meshclient/files"))))

controllers/gateway.go

@@ -29,10 +29,13 @@ func gwHandlers(r *mux.Router) {
 
 // @Summary     Create a gateway
 // @Router      /api/nodes/{network}/{nodeid}/gateway [post]
-// @Tags        Nodes
-// @Security    oauth2
+// @Tags        Gateways
+// @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       nodeid path string true "Node ID"
+// @Param       body body models.CreateGwReq true "Gateway request"
 // @Success     200 {object} models.ApiNode
 // @Failure     500 {object} models.ErrorResponse
 func createGateway(w http.ResponseWriter, r *http.Request) {
@@ -169,8 +172,9 @@ func createGateway(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Delete a gateway
 // @Router      /api/nodes/{network}/{nodeid}/gateway [delete]
-// @Tags        Nodes
-// @Security    oauth2
+// @Tags        Gateways
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       nodeid path string true "Node ID"
 // @Success     200 {object} models.ApiNode
@@ -306,8 +310,9 @@ func deleteGateway(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Assign a node to a gateway
 // @Router      /api/nodes/{network}/{nodeid}/gateway/assign [post]
-// @Tags        Nodes
-// @Security    oauth2
+// @Tags        Gateways
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       nodeid path string true "Client node ID to assign to gateway"
 // @Param       gw_id query string true "Gateway node ID"
@@ -441,9 +446,11 @@ func assignGw(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Unassign client nodes from a gateway
 // @Router      /api/nodes/{network}/{nodeid}/gateway/unassign [post]
-// @Tags        Nodes
-// @Security    oauth2
-// @Param       body body models.InetNodeReq true "Internet gateway request with client node IDs to unassign"
+// @Tags        Gateways
+// @Security    oauth
+// @Produce     json
+// @Param       network path string true "Network ID"
+// @Param       nodeid path string true "Node ID"
 // @Success     200 {object} models.ApiNode
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse

controllers/hosts.go

@@ -158,6 +158,7 @@ func upgradeHost(w http.ResponseWriter, r *http.Request) {
 // @Router      /api/hosts [get]
 // @Tags        Hosts
 // @Security    oauth
+// @Produce     json
 // @Success     200 {array} models.ApiHost
 // @Failure     500 {object} models.ErrorResponse
 func getHosts(w http.ResponseWriter, r *http.Request) {
@@ -181,6 +182,7 @@ func getHosts(w http.ResponseWriter, r *http.Request) {
 // @Router      /api/v1/host [get]
 // @Tags        Hosts
 // @Security    oauth
+// @Produce     json
 // @Success     200 {object} models.HostPull
 // @Failure     500 {object} models.ErrorResponse
 func pull(w http.ResponseWriter, r *http.Request) {
@@ -272,6 +274,8 @@ func pull(w http.ResponseWriter, r *http.Request) {
 // @Router      /api/hosts/{hostid} [put]
 // @Tags        Hosts
 // @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       hostid path string true "Host ID"
 // @Param       body body models.ApiHost true "New host data"
 // @Success     200 {object} models.ApiHost
@@ -448,6 +452,7 @@ func hostUpdateFallback(w http.ResponseWriter, r *http.Request) {
 // @Router      /api/hosts/{hostid} [delete]
 // @Tags        Hosts
 // @Security    oauth
+// @Produce     json
 // @Param       hostid path string true "Host ID"
 // @Param       force query bool false "Force delete"
 // @Success     200 {object} models.ApiHost
@@ -784,6 +789,7 @@ func deleteHostFromNetwork(w http.ResponseWriter, r *http.Request) {
 // @Router      /api/hosts/adm/authenticate [post]
 // @Tags        Auth
 // @Accept      json
+// @Produce     json
 // @Param       body body models.AuthParams true "Authentication parameters"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
@@ -1149,12 +1155,6 @@ func syncHost(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
 
-// @Summary     Deletes all EMQX hosts
-// @Router      /api/emqx/hosts [delete]
-// @Tags        Hosts
-// @Security    oauth
-// @Success     200 {string} string "deleted hosts data on emqx"
-// @Failure     500 {object} models.ErrorResponse
 func delEmqxHosts(w http.ResponseWriter, r *http.Request) {
 	currentHosts, err := logic.GetAllHosts()
 	if err != nil {
@@ -1182,11 +1182,12 @@ func delEmqxHosts(w http.ResponseWriter, r *http.Request) {
 }
 
 // @Summary     Fetches host peerinfo
-// @Router      /api/host/{hostid}/peer_info [get]
+// @Router      /api/v1/host/{hostid}/peer_info [get]
 // @Tags        Hosts
 // @Security    oauth
+// @Produce     json
 // @Param       hostid path string true "Host ID"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} models.HostPeerInfo
 // @Failure     500 {object} models.ErrorResponse
 func getHostPeerInfo(w http.ResponseWriter, r *http.Request) {
 	hostId := mux.Vars(r)["hostid"]
@@ -1215,6 +1216,8 @@ func getHostPeerInfo(w http.ResponseWriter, r *http.Request) {
 // @Router      /api/v1/pending_hosts [get]
 // @Tags        Hosts
 // @Security    oauth
+// @Produce     json
+// @Param       network query string true "Network ID"
 // @Success     200 {array} schema.PendingHost
 // @Failure     500 {object} models.ErrorResponse
 func getPendingHosts(w http.ResponseWriter, r *http.Request) {
@@ -1237,12 +1240,13 @@ func getPendingHosts(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, pendingHosts, "returned pending hosts in "+netID)
 }
 
-// @Summary     approve pending hosts in a network
+// @Summary     Approve pending host in a network
 // @Router      /api/v1/pending_hosts/approve/{id} [post]
 // @Tags        Hosts
 // @Security    oauth
+// @Produce     json
 // @Param       id path string true "Pending Host ID"
-// @Success     200 {array} models.ApiNode
+// @Success     200 {object} models.ApiNode
 // @Failure     500 {object} models.ErrorResponse
 func approvePendingHost(w http.ResponseWriter, r *http.Request) {
 	id := mux.Vars(r)["id"]
@@ -1325,12 +1329,13 @@ func approvePendingHost(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, newNode.ConvertToAPINode(), "added pending host to "+p.Network)
 }
 
-// @Summary     reject pending hosts in a network
+// @Summary     Reject pending host in a network
 // @Router      /api/v1/pending_hosts/reject/{id} [post]
 // @Tags        Hosts
 // @Security    oauth
+// @Produce     json
 // @Param       id path string true "Pending Host ID"
-// @Success     200 {array} models.ApiNode
+// @Success     200 {object} schema.PendingHost
 // @Failure     500 {object} models.ErrorResponse
 func rejectPendingHost(w http.ResponseWriter, r *http.Request) {
 	id := mux.Vars(r)["id"]

controllers/inet_gws.go

@@ -13,16 +13,6 @@ import (
 	"github.com/gravitl/netmaker/servercfg"
 )
 
-// @Summary     Create an internet gateway
-// @Router      /api/nodes/{network}/{nodeid}/inet_gw [post]
-// @Tags        PRO
-// @Accept      json
-// @Param       network path string true "Network ID"
-// @Param       nodeid path string true "Node ID"
-// @Param       body body models.InetNodeReq true "Internet gateway request"
-// @Success     200 {object} models.Node
-// @Failure     400 {object} models.ErrorResponse
-// @Failure     500 {object} models.ErrorResponse
 func createInternetGw(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	w.Header().Set("Content-Type", "application/json")
@@ -100,16 +90,6 @@ func createInternetGw(w http.ResponseWriter, r *http.Request) {
 	go mq.PublishPeerUpdate(false)
 }
 
-// @Summary     Update an internet gateway
-// @Router      /api/nodes/{network}/{nodeid}/inet_gw [put]
-// @Tags        PRO
-// @Accept      json
-// @Param       network path string true "Network ID"
-// @Param       nodeid path string true "Node ID"
-// @Param       body body models.InetNodeReq true "Internet gateway request"
-// @Success     200 {object} models.Node
-// @Failure     400 {object} models.ErrorResponse
-// @Failure     500 {object} models.ErrorResponse
 func updateInternetGw(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	w.Header().Set("Content-Type", "application/json")
@@ -160,14 +140,6 @@ func updateInternetGw(w http.ResponseWriter, r *http.Request) {
 	go mq.PublishPeerUpdate(false)
 }
 
-// @Summary     Delete an internet gateway
-// @Router      /api/nodes/{network}/{nodeid}/inet_gw [delete]
-// @Tags        PRO
-// @Param       network path string true "Network ID"
-// @Param       nodeid path string true "Node ID"
-// @Success     200 {object} models.Node
-// @Failure     400 {object} models.ErrorResponse
-// @Failure     500 {object} models.ErrorResponse
 func deleteInternetGw(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	w.Header().Set("Content-Type", "application/json")

controllers/ipservice.go

@@ -18,7 +18,7 @@ func ipHandlers(r *mux.Router) {
 // @Summary     Get the current public IP address.
 // @Router      /api/getip [get]
 // @Tags        IP Service
-// @Security    oauth2
+// @Produce     json
 // @Success     200 {string} string "The public IP address."
 // @Failure     400 {string} string "Invalid IP address or no IP found."
 func getPublicIP(w http.ResponseWriter, r *http.Request) {

controllers/legacy.go

@@ -22,7 +22,8 @@ func legacyHandlers(r *mux.Router) {
 // @Summary     Delete all legacy nodes from DB.
 // @Router      /api/v1/legacy/nodes [delete]
 // @Tags        Nodes
-// @Security    oauth2
+// @Security    oauth
+// @Produce     json
 // @Success     200 {string} string "Wiped all legacy nodes."
 // @Failure     400 {object} models.ErrorResponse
 func wipeLegacyNodes(w http.ResponseWriter, r *http.Request) {

controllers/migrate.go

@@ -19,17 +19,15 @@ import (
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
-// swagger:route PUT /api/v1/nodes/migrate nodes migrateData
-//
-// Used to migrate a legacy node.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: hostPull
+// @Summary     Used to migrate a legacy node.
+// @Router      /api/v1/nodes/migrate [put]
+// @Tags        Nodes
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       body body models.MigrationData true "Migration data"
+// @Success     200 {object} models.HostPull
+// @Failure     400 {object} models.ErrorResponse
 func migrate(w http.ResponseWriter, r *http.Request) {
 	data := models.MigrationData{}
 	host := models.Host{}

controllers/network.go

@@ -85,7 +85,7 @@ func getNetworks(w http.ResponseWriter, r *http.Request) {
 // @Tags        Networks
 // @Security    oauth
 // @Produce     json
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {array} models.NetworkStatResp
 // @Failure     500 {object} models.ErrorResponse
 func getNetworksStats(w http.ResponseWriter, r *http.Request) {
 
@@ -480,7 +480,7 @@ func OldNetworkACLStatus(w http.ResponseWriter, r *http.Request) {
 // @Security    oauth
 // @Param       networkname path string true "Network name"
 // @Produce     json
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} map[string][]string
 // @Failure     500 {object} models.ErrorResponse
 func getNetworkEgressRoutes(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)

controllers/node.go

@@ -254,11 +254,12 @@ func Authorize(
 }
 
 // @Summary     Gets all nodes associated with network including pending nodes
-// @Router      /api/nodes/adm/{network} [get]
-// @Securitydefinitions.oauth2.application OAuth2Application
+// @Router      /api/nodes/{network} [get]
 // @Tags        Nodes
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
-// @Success     200 {array} models.Node
+// @Success     200 {array} models.ApiNode
 // @Failure     500 {object} models.ErrorResponse
 func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
@@ -283,10 +284,10 @@ func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
 // @Summary     Get all nodes across all networks
 // @Router      /api/nodes [get]
 // @Tags        Nodes
-// @Securitydefinitions.oauth2.application OAuth2Application
+// @Security    oauth
+// @Produce     json
 // @Success     200 {array} models.ApiNode
 // @Failure     500 {object} models.ErrorResponse
-// Not quite sure if this is necessary. Probably necessary based on front end but may want to review after iteration 1 if it's being used or not
 func getAllNodes(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	var nodes []models.Node
@@ -324,11 +325,11 @@ func getAllNodes(w http.ResponseWriter, r *http.Request) {
 // @Summary     Get all nodes status on the network
 // @Router      /api/v1/nodes/{network}/status [get]
 // @Tags        Nodes
-// @Securitydefinitions.oauth2.application OAuth2Application
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
-// @Success     200 {array} models.ApiNode
+// @Success     200 {object} map[string]models.NodeStatus
 // @Failure     500 {object} models.ErrorResponse
-// Not quite sure if this is necessary. Probably necessary based on front end but may want to review after iteration 1 if it's being used or not
 func getNetworkNodeStatus(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	netID := params["network"]
@@ -356,7 +357,8 @@ func getNetworkNodeStatus(w http.ResponseWriter, r *http.Request) {
 // @Summary     Get an individual node
 // @Router      /api/nodes/{network}/{nodeid} [get]
 // @Tags        Nodes
-// @Security    oauth2
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       nodeid path string true "Node ID"
 // @Success     200 {object} models.NodeGet
@@ -428,9 +430,12 @@ func getNode(w http.ResponseWriter, r *http.Request) {
 // @Summary     Create an egress gateway
 // @Router      /api/nodes/{network}/{nodeid}/creategateway [post]
 // @Tags        Nodes
-// @Security    oauth2
+// @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       nodeid path string true "Node ID"
+// @Param       body body models.EgressGatewayRequest true "Egress gateway request"
 // @Success     200 {object} models.ApiNode
 // @Failure     500 {object} models.ErrorResponse
 func createEgressGateway(w http.ResponseWriter, r *http.Request) {
@@ -486,7 +491,8 @@ func createEgressGateway(w http.ResponseWriter, r *http.Request) {
 // @Summary     Delete an egress gateway
 // @Router      /api/nodes/{network}/{nodeid}/deletegateway [delete]
 // @Tags        Nodes
-// @Security    oauth2
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       nodeid path string true "Node ID"
 // @Success     200 {object} models.ApiNode
@@ -533,9 +539,12 @@ func deleteEgressGateway(w http.ResponseWriter, r *http.Request) {
 // @Summary     Update an individual node
 // @Router      /api/nodes/{network}/{nodeid} [put]
 // @Tags        Nodes
-// @Security    oauth2
+// @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       nodeid path string true "Node ID"
+// @Param       body body models.ApiNode true "Node update data"
 // @Success     200 {object} models.ApiNode
 // @Failure     500 {object} models.ErrorResponse
 func updateNode(w http.ResponseWriter, r *http.Request) {
@@ -744,10 +753,12 @@ func updateNode(w http.ResponseWriter, r *http.Request) {
 // @Summary     Delete an individual node
 // @Router      /api/nodes/{network}/{nodeid} [delete]
 // @Tags        Nodes
-// @Security    oauth2
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Param       nodeid path string true "Node ID"
-// @Success     200 {string} string "Node deleted."
+// @Param       force query string false "Force delete"
+// @Success     200 {object} models.SuccessResponse
 // @Failure     500 {object} models.ErrorResponse
 func deleteNode(w http.ResponseWriter, r *http.Request) {
 	// Set header

controllers/server.go

@@ -90,7 +90,7 @@ func getUsage(w http.ResponseWriter, _ *http.Request) {
 // @Summary     Get the server status
 // @Router      /api/server/status [get]
 // @Tags        Server
-// @Security    oauth2
+// @Produce     json
 // @Success     200 {object} object "Server status"
 func getStatus(w http.ResponseWriter, r *http.Request) {
 	type status struct {
@@ -164,7 +164,8 @@ func allowUsers(next http.Handler) http.HandlerFunc {
 // @Summary     Get the server information
 // @Router      /api/server/getserverinfo [get]
 // @Tags        Server
-// @Security    oauth2
+// @Security    oauth
+// @Produce     json
 // @Success     200 {object} models.ServerConfig
 func getServerInfo(w http.ResponseWriter, r *http.Request) {
 	// Set header
@@ -179,8 +180,9 @@ func getServerInfo(w http.ResponseWriter, r *http.Request) {
 // @Summary     Get the server configuration
 // @Router      /api/server/getconfig [get]
 // @Tags        Server
-// @Security    oauth2
-// @Success     200 {object} config.ServerConfig
+// @Security    oauth
+// @Produce     json
+// @Success     200 {object} models.ServerConfig
 func getConfig(w http.ResponseWriter, r *http.Request) {
 	// Set header
 	w.Header().Set("Content-Type", "application/json")
@@ -202,7 +204,8 @@ func getConfig(w http.ResponseWriter, r *http.Request) {
 // @Summary     Get the server settings
 // @Router      /api/server/settings [get]
 // @Tags        Server
-// @Security    oauth2
+// @Security    oauth
+// @Produce     json
 // @Success     200 {object} models.ServerSettings
 func getSettings(w http.ResponseWriter, r *http.Request) {
 	scfg := logic.GetServerSettings()
@@ -216,8 +219,13 @@ func getSettings(w http.ResponseWriter, r *http.Request) {
 // @Summary     Update the server settings
 // @Router      /api/server/settings [put]
 // @Tags        Server
-// @Security    oauth2
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       body body models.ServerSettings true "Server settings"
 // @Success     200 {object} models.ServerSettings
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
 func updateSettings(w http.ResponseWriter, r *http.Request) {
 	var req models.ServerSettings
 	force := r.URL.Query().Get("force")
@@ -423,11 +431,11 @@ func identifySettingsUpdateAction(old, new models.ServerSettings) models.Action
 	return models.Update
 }
 
-// @Summary     Get feature flags for this server.
+// @Summary     Get feature flags for this server
 // @Router      /api/server/feature_flags [get]
 // @Tags        Server
-// @Security    oauth2
-// @Success     200 {object} models.ServerSettings
+// @Produce     json
+// @Success     200 {object} models.FeatureFlags
 func getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, logic.GetFeatureFlags(), "")
 }

controllers/user.go

@@ -61,12 +61,14 @@ func userHandlers(r *mux.Router) {
 	r.HandleFunc("/api/v1/users/logout", logic.SecurityCheck(false, logic.ContinueIfUserMatch(http.HandlerFunc(logout)))).Methods(http.MethodPost)
 }
 
-// @Summary     Authenticate a user to retrieve an authorization token
+// @Summary     Create a user API access token
 // @Router      /api/v1/users/access_token [post]
-// @Tags        Auth
+// @Tags        Users
+// @Security    oauth
 // @Accept      json
-// @Param       body body models.UserAuthParams true "Authentication parameters"
-// @Success     200 {object} models.SuccessResponse
+// @Produce     json
+// @Param       body body schema.UserAccessToken true "Access token request"
+// @Success     200 {object} models.SuccessfulUserLoginResponse
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -159,10 +161,11 @@ func createUserAccessToken(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Get user access tokens
 // @Router      /api/v1/users/access_token [get]
-// @Tags        Auth
-// @Accept      json
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username query string true "Username"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {array} schema.UserAccessToken
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -177,8 +180,9 @@ func getUserAccessTokens(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Delete user access tokens
 // @Router      /api/v1/users/access_token [delete]
-// @Tags        Auth
-// @Accept      json
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       id query string true "Token ID"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
@@ -256,6 +260,7 @@ func deleteUserAccessTokens(w http.ResponseWriter, r *http.Request) {
 // @Router      /api/users/adm/authenticate [post]
 // @Tags        Auth
 // @Accept      json
+// @Produce     json
 // @Param       body body models.UserAuthParams true "Authentication parameters"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
@@ -417,13 +422,15 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
 
 }
 
-// @Summary     Validates a user's identity against it's token. This is used by UI before a user performing a critical operation to validate the user's identity.
+// @Summary     Validate a user's identity
 // @Router      /api/users/{username}/validate-identity [post]
-// @Tags        Auth
+// @Tags        Users
+// @Security    oauth
 // @Accept      json
+// @Produce     json
 // @Param       username path string true "Username"
 // @Param       body body models.UserIdentityValidationRequest true "User Identity Validation Request"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} models.UserIdentityValidationResponse
 // @Failure     400 {object} models.ErrorResponse
 func validateUserIdentity(w http.ResponseWriter, r *http.Request) {
 	username := r.Header.Get("user")
@@ -455,10 +462,13 @@ func validateUserIdentity(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// @Summary     Initiate setting up TOTP 2FA for a user.
-// @Router      /api/users/auth/init-totp [post]
+// @Summary     Initiate setting up TOTP 2FA for a user
+// @Router      /api/users/{username}/auth/init-totp [post]
 // @Tags        Auth
-// @Success     200 {object} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Param       username path string true "Username"
+// @Success     200 {object} models.TOTPInitiateResponse
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func initiateTOTPSetup(w http.ResponseWriter, r *http.Request) {
@@ -516,9 +526,13 @@ func initiateTOTPSetup(w http.ResponseWriter, r *http.Request) {
 	}, "totp setup initiated")
 }
 
-// @Summary     Verify and complete setting up TOTP 2FA for a user.
-// @Router      /api/users/auth/complete-totp [post]
+// @Summary     Verify and complete setting up TOTP 2FA for a user
+// @Router      /api/users/{username}/auth/complete-totp [post]
 // @Tags        Auth
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       username path string true "Username"
 // @Param       body body models.UserTOTPVerificationParams true "TOTP verification parameters"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
@@ -601,12 +615,14 @@ func completeTOTPSetup(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// @Summary     Verify a user's TOTP token.
-// @Router      /api/users/auth/verify-totp [post]
+// @Summary     Verify a user's TOTP token
+// @Router      /api/users/{username}/auth/verify-totp [post]
 // @Tags        Auth
 // @Accept      json
+// @Produce     json
+// @Param       username path string true "Username"
 // @Param       body body models.UserTOTPVerificationParams true "TOTP verification parameters"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} models.SuccessfulUserLoginResponse
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -690,6 +706,7 @@ func verifyTOTP(w http.ResponseWriter, r *http.Request) {
 // @Summary     Check if the server has a super admin
 // @Router      /api/users/adm/hassuperadmin [get]
 // @Tags        Users
+// @Produce     json
 // @Success     200 {object} bool
 // @Failure     500 {object} models.ErrorResponse
 func hasSuperAdmin(w http.ResponseWriter, r *http.Request) {
@@ -710,8 +727,10 @@ func hasSuperAdmin(w http.ResponseWriter, r *http.Request) {
 // @Summary     Get an individual user
 // @Router      /api/users/{username} [get]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username path string true "Username of the user to fetch"
-// @Success     200 {object} models.User
+// @Success     200 {object} models.ReturnUser
 // @Failure     500 {object} models.ErrorResponse
 func getUser(w http.ResponseWriter, r *http.Request) {
 	// set header.
@@ -733,7 +752,10 @@ func getUser(w http.ResponseWriter, r *http.Request) {
 // @Summary     Enable a user's account
 // @Router      /api/users/{username}/enable [post]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username path string true "Username of the user to enable"
+// @Param       force_enable_configs query string false "Force enable configs"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -825,7 +847,10 @@ func enableUserAccount(w http.ResponseWriter, r *http.Request) {
 // @Summary     Disable a user's account
 // @Router      /api/users/{username}/disable [post]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username path string true "Username of the user to disable"
+// @Param       force_disable_configs query string false "Force disable configs"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -921,8 +946,10 @@ func disableUserAccount(w http.ResponseWriter, r *http.Request) {
 // @Summary     Get a user's preferences and settings
 // @Router      /api/users/{username}/settings [get]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username path string true "Username of the user"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} models.UserSettings
 func getUserSettings(w http.ResponseWriter, r *http.Request) {
 	userID := r.Header.Get("user")
 	userSettings := logic.GetUserSettings(userID)
@@ -932,8 +959,12 @@ func getUserSettings(w http.ResponseWriter, r *http.Request) {
 // @Summary     Update a user's preferences and settings
 // @Router      /api/users/{username}/settings [put]
 // @Tags        Users
+// @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       username path string true "Username of the user"
-// @Success     200 {object} models.SuccessResponse
+// @Param       body body models.UserSettings true "User settings"
+// @Success     200 {object} models.UserSettings
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func updateUserSettings(w http.ResponseWriter, r *http.Request) {
@@ -958,17 +989,15 @@ func updateUserSettings(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, req, "updated user settings")
 }
 
-// swagger:route GET /api/v1/users user getUserV1
-//
-// Get an individual user with role info.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: ReturnUserWithRolesAndGroups
+// @Summary     Get an individual user with role info
+// @Router      /api/v1/users [get]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Param       username query string true "Username"
+// @Success     200 {object} models.ReturnUserWithRolesAndGroups
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
 func getUserV1(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -1006,17 +1035,13 @@ func getUserV1(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, resp, "fetched user with role info")
 }
 
-// swagger:route GET /api/users user getUsers
-//
-// Get all users.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Get all users
+// @Router      /api/users [get]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Success     200 {array} models.ReturnUser
+// @Failure     500 {object} models.ErrorResponse
 func getUsers(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -1041,8 +1066,10 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
 // @Summary     Create a super admin
 // @Router      /api/users/adm/createsuperadmin [post]
 // @Tags        Users
+// @Accept      json
+// @Produce     json
 // @Param       body body models.User true "User details"
-// @Success     200 {object} models.User
+// @Success     200 {object} models.ReturnUser
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func createSuperAdmin(w http.ResponseWriter, r *http.Request) {
@@ -1079,8 +1106,10 @@ func createSuperAdmin(w http.ResponseWriter, r *http.Request) {
 // @Summary     Transfer super admin role to another admin user
 // @Router      /api/users/adm/transfersuperadmin/{username} [post]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username path string true "Username of the user to transfer super admin role"
-// @Success     200 {object} models.User
+// @Success     200 {object} models.ReturnUser
 // @Failure     403 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func transferSuperAdmin(w http.ResponseWriter, r *http.Request) {
@@ -1138,9 +1167,12 @@ func transferSuperAdmin(w http.ResponseWriter, r *http.Request) {
 // @Summary     Create a user
 // @Router      /api/users/{username} [post]
 // @Tags        Users
+// @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       username path string true "Username of the user to create"
 // @Param       body body models.User true "User details"
-// @Success     200 {object} models.User
+// @Success     200 {object} models.ReturnUser
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     403 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -1229,9 +1261,12 @@ func createUser(w http.ResponseWriter, r *http.Request) {
 // @Summary     Update a user
 // @Router      /api/users/{username} [put]
 // @Tags        Users
+// @Security    oauth
+// @Accept      json
+// @Produce     json
 // @Param       username path string true "Username of the user to update"
 // @Param       body body models.User true "User details"
-// @Success     200 {object} models.User
+// @Success     200 {object} models.ReturnUser
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     403 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -1480,8 +1515,12 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 // @Summary     Delete a user
 // @Router      /api/users/{username} [delete]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username path string true "Username of the user to delete"
+// @Param       force_delete_configs query string false "Force delete configs"
 // @Success     200 {string} string
+// @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func deleteUser(w http.ResponseWriter, r *http.Request) {
 	// Set header
@@ -1630,11 +1669,6 @@ func socketHandler(w http.ResponseWriter, r *http.Request) {
 	go auth.SessionHandler(conn)
 }
 
-// @Summary     lists all user roles.
-// @Tags        Users
-// @Param       role_id query string true "roleid required to get the role details"
-// @Success     200 {object}  []models.UserRolePermissionTemplate
-// @Failure     500 {object} models.ErrorResponse
 func listRoles(w http.ResponseWriter, r *http.Request) {
 	var roles []models.UserRolePermissionTemplate
 	var err error
@@ -1650,17 +1684,14 @@ func listRoles(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, roles, "successfully fetched user roles permission templates")
 }
 
-// swagger:route POST /api/v1/user/logout user logout
-//
-// LogOut user.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Log out a user
+// @Router      /api/v1/users/logout [post]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Param       username query string true "Username"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
 func logout(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")

models/jit.go

@@ -0,0 +1,27 @@
+package models
+
+// JITOperationRequest - request body for JIT admin operations
+type JITOperationRequest struct {
+	Action    string `json:"action"` // enable, disable, request, approve, deny
+	RequestID string `json:"request_id,omitempty"`
+	GrantID   string `json:"grant_id,omitempty"`
+	Reason    string `json:"reason,omitempty"`
+	ExpiresAt int64  `json:"expires_at,omitempty"` // Unix epoch timestamp (seconds) for when access should expire
+}
+
+// JITAccessRequest - request body for user JIT access request
+type JITAccessRequest struct {
+	NetworkID string `json:"network_id"` // Network identifier
+	Reason    string `json:"reason"`     // Reason for access request (required)
+}
+
+// UserJITNetworkStatus represents JIT status for a network from user's perspective
+type UserJITNetworkStatus struct {
+	NetworkID      string `json:"network_id"`
+	NetworkName    string `json:"network_name,omitempty"`
+	JITEnabled     bool   `json:"jit_enabled"`
+	HasAccess      bool   `json:"has_access"`
+	Grant          any    `json:"grant,omitempty"`   // schema.JITGrant
+	Request        any    `json:"request,omitempty"` // schema.JITRequest
+	PendingRequest bool   `json:"pending_request"`
+}

pro/controllers/auto_relay.go

@@ -40,9 +40,11 @@ func AutoRelayHandlers(r *mux.Router) {
 
 // @Summary     Get auto relay nodes
 // @Router      /api/v1/node/{nodeid}/auto_relay [get]
-// @Tags        PRO
+// @Tags        Auto Relay
+// @Security    oauth
+// @Produce     json
 // @Param       nodeid path string true "Node ID"
-// @Success     200 {object} models.Node
+// @Success     200 {array} models.Node
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     404 {object} models.ErrorResponse
 func getAutoRelayGws(w http.ResponseWriter, r *http.Request) {
@@ -84,7 +86,9 @@ func getAutoRelayGws(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Create AutoRelay node
 // @Router      /api/v1/node/{nodeid}/auto_relay [post]
-// @Tags        PRO
+// @Tags        Auto Relay
+// @Security    oauth
+// @Produce     json
 // @Param       nodeid path string true "Node ID"
 // @Success     200 {object} models.Node
 // @Failure     400 {object} models.ErrorResponse
@@ -111,7 +115,9 @@ func setAutoRelay(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Reset AutoRelay for a network
 // @Router      /api/v1/node/{network}/auto_relay/reset [post]
-// @Tags        PRO
+// @Tags        Auto Relay
+// @Security    oauth
+// @Produce     json
 // @Param       network path string true "Network ID"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -142,7 +148,9 @@ func resetAutoRelayGw(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Delete autorelay node
 // @Router      /api/v1/node/{nodeid}/auto_relay [delete]
-// @Tags        PRO
+// @Tags        Auto Relay
+// @Security    oauth
+// @Produce     json
 // @Param       nodeid path string true "Node ID"
 // @Success     200 {object} models.Node
 // @Failure     400 {object} models.ErrorResponse
@@ -178,9 +186,11 @@ func unsetAutoRelay(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     AutoRelay me
 // @Router      /api/v1/node/{nodeid}/auto_relay_me [post]
-// @Tags        PRO
-// @Param       nodeid path string true "Node ID"
+// @Tags        Auto Relay
+// @Security    oauth
 // @Accept      json
+// @Produce     json
+// @Param       nodeid path string true "Node ID"
 // @Param       body body models.AutoRelayMeReq true "AutoRelay request"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
@@ -339,11 +349,13 @@ func autoRelayME(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "relayed successfully")
 }
 
-// @Summary     AutoRelay me
+// @Summary     Update AutoRelay me
 // @Router      /api/v1/node/{nodeid}/auto_relay_me [put]
-// @Tags        PRO
-// @Param       nodeid path string true "Node ID"
+// @Tags        Auto Relay
+// @Security    oauth
 // @Accept      json
+// @Produce     json
+// @Param       nodeid path string true "Node ID"
 // @Param       body body models.AutoRelayMeReq true "AutoRelay request"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
@@ -499,11 +511,13 @@ func autoRelayMEUpdate(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "relayed successfully")
 }
 
-// @Summary     checkautoRelayCtx
+// @Summary     Check AutoRelay context
 // @Router      /api/v1/node/{nodeid}/auto_relay_check [get]
-// @Tags        PRO
-// @Param       nodeid path string true "Node ID"
+// @Tags        Auto Relay
+// @Security    oauth
 // @Accept      json
+// @Produce     json
+// @Param       nodeid path string true "Node ID"
 // @Param       body body models.AutoRelayMeReq true "autorelay request"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse

pro/controllers/events.go

@@ -19,11 +19,17 @@ func EventHandlers(r *mux.Router) {
 	r.HandleFunc("/api/v1/activity", logic.SecurityCheck(true, http.HandlerFunc(listActivity))).Methods(http.MethodGet)
 }
 
-// @Summary     list activity.
+// @Summary     List network activity
 // @Router      /api/v1/network/activity [get]
 // @Tags        Activity
-// @Param       network_id query string true "network_id required to get the network events"
-// @Success     200 {object} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Param       network_id query string true "Network ID required to get the network events"
+// @Param       from_date query string false "Start date in RFC3339 format"
+// @Param       to_date query string false "End date in RFC3339 format"
+// @Param       page query int false "Page number"
+// @Param       per_page query int false "Items per page"
+// @Success     200 {array} schema.Event
 // @Failure     500 {object} models.ErrorResponse
 func listNetworkActivity(w http.ResponseWriter, r *http.Request) {
 	netID := r.URL.Query().Get("network_id")
@@ -73,11 +79,17 @@ func listNetworkActivity(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, netActivity, "successfully fetched network activity")
 }
 
-// @Summary     list activity.
+// @Summary     List user activity
 // @Router      /api/v1/user/activity [get]
 // @Tags        Activity
-// @Param       network_id query string true "network_id required to get the network events"
-// @Success     200 {object} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Param       username query string true "Username required to get the user events"
+// @Param       from_date query string false "Start date in RFC3339 format"
+// @Param       to_date query string false "End date in RFC3339 format"
+// @Param       page query int false "Page number"
+// @Param       per_page query int false "Items per page"
+// @Success     200 {array} schema.Event
 // @Failure     500 {object} models.ErrorResponse
 func listUserActivity(w http.ResponseWriter, r *http.Request) {
 	username := r.URL.Query().Get("username")
@@ -126,10 +138,18 @@ func listUserActivity(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userActivity, "successfully fetched user activity "+username)
 }
 
-// @Summary     list activity.
+// @Summary     List all activity
 // @Router      /api/v1/activity [get]
 // @Tags        Activity
-// @Success     200 {object} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Param       username query string false "Filter by username"
+// @Param       network_id query string false "Filter by network ID"
+// @Param       from_date query string false "Start date in RFC3339 format"
+// @Param       to_date query string false "End date in RFC3339 format"
+// @Param       page query int false "Page number"
+// @Param       per_page query int false "Items per page"
+// @Success     200 {array} schema.Event
 // @Failure     500 {object} models.ErrorResponse
 func listActivity(w http.ResponseWriter, r *http.Request) {
 	username := r.URL.Query().Get("username")

pro/controllers/failover.go

@@ -36,13 +36,6 @@ func FailOverHandlers(r *mux.Router) {
 		Methods(http.MethodGet)
 }
 
-// @Summary     Get failover node
-// @Router      /api/v1/node/{nodeid}/failover [get]
-// @Tags        PRO
-// @Param       nodeid path string true "Node ID"
-// @Success     200 {object} models.Node
-// @Failure     400 {object} models.ErrorResponse
-// @Failure     404 {object} models.ErrorResponse
 func getfailOver(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	nodeid := params["nodeid"]
@@ -66,13 +59,6 @@ func getfailOver(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, failOverNode, "get failover node successfully")
 }
 
-// @Summary     Create failover node
-// @Router      /api/v1/node/{nodeid}/failover [post]
-// @Tags        PRO
-// @Param       nodeid path string true "Node ID"
-// @Success     200 {object} models.Node
-// @Failure     400 {object} models.ErrorResponse
-// @Failure     500 {object} models.ErrorResponse
 func createfailOver(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	nodeid := params["nodeid"]
@@ -93,12 +79,6 @@ func createfailOver(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, node, "created failover successfully")
 }
 
-// @Summary     Reset failover for a network
-// @Router      /api/v1/node/{network}/failover/reset [post]
-// @Tags        PRO
-// @Param       network path string true "Network ID"
-// @Success     200 {object} models.SuccessResponse
-// @Failure     500 {object} models.ErrorResponse
 func resetFailOver(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	net := params["network"]
@@ -125,13 +105,6 @@ func resetFailOver(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "failover has been reset successfully")
 }
 
-// @Summary     Delete failover node
-// @Router      /api/v1/node/{nodeid}/failover [delete]
-// @Tags        PRO
-// @Param       nodeid path string true "Node ID"
-// @Success     200 {object} models.Node
-// @Failure     400 {object} models.ErrorResponse
-// @Failure     500 {object} models.ErrorResponse
 func deletefailOver(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	nodeid := params["nodeid"]
@@ -159,15 +132,6 @@ func deletefailOver(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, node, "deleted failover successfully")
 }
 
-// @Summary     Failover me
-// @Router      /api/v1/node/{nodeid}/failover_me [post]
-// @Tags        PRO
-// @Param       nodeid path string true "Node ID"
-// @Accept      json
-// @Param       body body models.FailOverMeReq true "Failover request"
-// @Success     200 {object} models.SuccessResponse
-// @Failure     400 {object} models.ErrorResponse
-// @Failure     500 {object} models.ErrorResponse
 func failOverME(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	nodeid := params["nodeid"]
@@ -321,15 +285,6 @@ func failOverME(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "relayed successfully")
 }
 
-// @Summary     checkfailOverCtx
-// @Router      /api/v1/node/{nodeid}/failover_check [get]
-// @Tags        PRO
-// @Param       nodeid path string true "Node ID"
-// @Accept      json
-// @Param       body body models.FailOverMeReq true "Failover request"
-// @Success     200 {object} models.SuccessResponse
-// @Failure     400 {object} models.ErrorResponse
-// @Failure     500 {object} models.ErrorResponse
 func checkfailOverCtx(w http.ResponseWriter, r *http.Request) {
 	var params = mux.Vars(r)
 	nodeid := params["nodeid"]

pro/controllers/flows.go

@@ -37,6 +37,56 @@ ORDER BY version DESC
 LIMIT ? OFFSET ?`
 )
 
+// FlowRow represents a single flow log entry
+type FlowRow struct {
+	FlowID        string    `ch:"flow_id" json:"flow_id"`
+	HostID        string    `ch:"host_id" json:"host_id"`
+	HostName      string    `ch:"host_name" json:"host_name"`
+	NetworkID     string    `ch:"network_id" json:"network_id"`
+	Protocol      uint16    `ch:"protocol" json:"protocol"`
+	SrcPort       uint16    `ch:"src_port" json:"src_port"`
+	DstPort       uint16    `ch:"dst_port" json:"dst_port"`
+	ICMPType      uint8     `ch:"icmp_type" json:"icmp_type"`
+	ICMPCode      uint8     `ch:"icmp_code" json:"icmp_code"`
+	Direction     string    `ch:"direction" json:"direction"`
+	SrcIP         string    `ch:"src_ip" json:"src_ip"`
+	SrcType       string    `ch:"src_type" json:"src_type"`
+	SrcEntityID   string    `ch:"src_entity_id" json:"src_entity_id"`
+	SrcEntityName string    `ch:"src_entity_name" json:"src_entity_name"`
+	DstIP         string    `ch:"dst_ip" json:"dst_ip"`
+	DstType       string    `ch:"dst_type" json:"dst_type"`
+	DstEntityID   string    `ch:"dst_entity_id" json:"dst_entity_id"`
+	DstEntityName string    `ch:"dst_entity_name" json:"dst_entity_name"`
+	StartTs       time.Time `ch:"start_ts" json:"start_ts"`
+	EndTs         time.Time `ch:"end_ts" json:"end_ts"`
+	BytesSent     uint64    `ch:"bytes_sent" json:"bytes_sent"`
+	BytesRecv     uint64    `ch:"bytes_recv" json:"bytes_recv"`
+	PacketsSent   uint64    `ch:"packets_sent" json:"packets_sent"`
+	PacketsRecv   uint64    `ch:"packets_recv" json:"packets_recv"`
+	Status        uint32    `ch:"status" json:"status"`
+	Version       time.Time `ch:"version" json:"version"`
+}
+
+// @Summary     List flow logs
+// @Router      /api/v1/flows [get]
+// @Tags        Traffic Logs
+// @Security    oauth
+// @Produce     json
+// @Param       network_id query string false "Filter by network ID"
+// @Param       from query string false "Start time in RFC3339 format"
+// @Param       to query string false "End time in RFC3339 format"
+// @Param       src_type query string false "Source type filter"
+// @Param       src_entity_id query string false "Source entity ID filter"
+// @Param       dst_type query string false "Destination type filter"
+// @Param       dst_entity_id query string false "Destination entity ID filter"
+// @Param       protocol query string false "Protocol filter"
+// @Param       node_id query string false "Node ID filter"
+// @Param       username query string false "Username filter"
+// @Param       page query int false "Page number"
+// @Param       per_page query int false "Items per page (max 1000)"
+// @Success     200 {array} FlowRow
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
 func handleListFlows(w http.ResponseWriter, r *http.Request) {
 	if !proLogic.GetFeatureFlags().EnableFlowLogs || !logic.GetServerSettings().EnableFlowLogs {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("flow logs not enabled"), logic.Forbidden))
@@ -191,35 +241,6 @@ func handleListFlows(w http.ResponseWriter, r *http.Request) {
 	}
 	defer rows.Close()
 
-	type FlowRow struct {
-		FlowID        string    `ch:"flow_id" json:"flow_id"`
-		HostID        string    `ch:"host_id" json:"host_id"`
-		HostName      string    `ch:"host_name" json:"host_name"`
-		NetworkID     string    `ch:"network_id" json:"network_id"`
-		Protocol      uint16    `ch:"protocol" json:"protocol"`
-		SrcPort       uint16    `ch:"src_port" json:"src_port"`
-		DstPort       uint16    `ch:"dst_port" json:"dst_port"`
-		ICMPType      uint8     `ch:"icmp_type" json:"icmp_type"`
-		ICMPCode      uint8     `ch:"icmp_code" json:"icmp_code"`
-		Direction     string    `ch:"direction" json:"direction"`
-		SrcIP         string    `ch:"src_ip" json:"src_ip"`
-		SrcType       string    `ch:"src_type" json:"src_type"`
-		SrcEntityID   string    `ch:"src_entity_id" json:"src_entity_id"`
-		SrcEntityName string    `ch:"src_entity_name" json:"src_entity_name"`
-		DstIP         string    `ch:"dst_ip" json:"dst_ip"`
-		DstType       string    `ch:"dst_type" json:"dst_type"`
-		DstEntityID   string    `ch:"dst_entity_id" json:"dst_entity_id"`
-		DstEntityName string    `ch:"dst_entity_name" json:"dst_entity_name"`
-		StartTs       time.Time `ch:"start_ts" json:"start_ts"`
-		EndTs         time.Time `ch:"end_ts" json:"end_ts"`
-		BytesSent     uint64    `ch:"bytes_sent" json:"bytes_sent"`
-		BytesRecv     uint64    `ch:"bytes_recv" json:"bytes_recv"`
-		PacketsSent   uint64    `ch:"packets_sent" json:"packets_sent"`
-		PacketsRecv   uint64    `ch:"packets_recv" json:"packets_recv"`
-		Status        uint32    `ch:"status" json:"status"`
-		Version       time.Time `ch:"version" json:"version"`
-	}
-
 	result := make([]FlowRow, 0, 1000)
 
 	for rows.Next() {

pro/controllers/jit.go

@@ -32,22 +32,31 @@ func JITHandlers(r *mux.Router) {
 		http.HandlerFunc(requestJITAccess))).Methods(http.MethodPost)
 }
 
-// JITRequest - request body for JIT operations
-type JITRequest struct {
-	Action    string `json:"action"` // enable, disable, request, approve, deny
-	RequestID string `json:"request_id,omitempty"`
-	GrantID   string `json:"grant_id,omitempty"`
-	Reason    string `json:"reason,omitempty"`
-	ExpiresAt int64  `json:"expires_at,omitempty"` // Unix epoch timestamp (seconds) for when access should expire
-}
 
-// JITAccessRequest - request body for user JIT access request
-type JITAccessRequest struct {
-	NetworkID string `json:"network_id"` // Network identifier
-	Reason    string `json:"reason"`     // Reason for access request (required)
-}
-
-// handleJIT - handles JIT operations based on action
+// @Summary     List JIT requests for a network
+// @Router      /api/v1/jit [get]
+// @Tags        JIT
+// @Security    oauth
+// @Produce     json
+// @Param       network query string true "Network ID"
+// @Param       status query string false "Filter by status (pending, approved, denied, expired)"
+// @Param       page query int false "Page number"
+// @Param       per_page query int false "Items per page"
+// @Success     200 {array} schema.JITRequest
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
+//
+// @Summary     Handle JIT operations (enable, disable, approve, deny)
+// @Router      /api/v1/jit [post]
+// @Tags        JIT
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       network query string true "Network ID"
+// @Param       body body models.JITOperationRequest true "JIT operation request"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
 func handleJIT(w http.ResponseWriter, r *http.Request) {
 	// Check if JIT feature is enabled
 	featureFlags := logic.GetFeatureFlags()
@@ -126,7 +135,7 @@ func handleJITGet(w http.ResponseWriter, r *http.Request, networkID string, user
 
 // handleJITPost - handles POST requests for JIT operations
 func handleJITPost(w http.ResponseWriter, r *http.Request, networkID string, user *models.User) {
-	var req JITRequest
+	var req models.JITOperationRequest
 	err := json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		logger.Log(0, "error decoding request body:", err.Error())
@@ -312,7 +321,16 @@ func handleDenyRequest(w http.ResponseWriter, r *http.Request, networkID string,
 	logic.ReturnSuccessResponse(w, r, "JIT request denied")
 }
 
-// deleteJITGrant - deletes/revokes a JIT grant
+// @Summary     Delete/revoke a JIT grant
+// @Router      /api/v1/jit [delete]
+// @Tags        JIT
+// @Security    oauth
+// @Produce     json
+// @Param       network query string true "Network ID"
+// @Param       grant_id query string true "Grant ID to revoke"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
 func deleteJITGrant(w http.ResponseWriter, r *http.Request) {
 	// Check if JIT feature is enabled
 	featureFlags := logic.GetFeatureFlags()
@@ -456,7 +474,14 @@ func isNetworkAdmin(user *models.User, networkID string) bool {
 	return false
 }
 
-// getUserJITNetworks - gets all networks with JIT status for the current user
+// @Summary     Get user JIT networks status
+// @Router      /api/v1/jit_user/networks [get]
+// @Tags        JIT
+// @Security    oauth
+// @Produce     json
+// @Success     200 {array} models.UserJITNetworkStatus
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
 func getUserJITNetworks(w http.ResponseWriter, r *http.Request) {
 	// Check if JIT feature is enabled
 	featureFlags := logic.GetFeatureFlags()
@@ -497,7 +522,17 @@ func getUserJITNetworks(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, networksWithJITStatus, "fetched user JIT network status")
 }
 
-// requestJITAccess - creates a JIT access request (user-facing endpoint)
+// @Summary     Request JIT access to a network
+// @Router      /api/v1/jit_user/request [post]
+// @Tags        JIT
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       network query string true "Network ID"
+// @Param       body body models.JITAccessRequest true "JIT access request"
+// @Success     200 {object} schema.JITRequest
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
 func requestJITAccess(w http.ResponseWriter, r *http.Request) {
 	// Check if JIT feature is enabled
 	featureFlags := logic.GetFeatureFlags()
@@ -519,7 +554,7 @@ func requestJITAccess(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var req JITAccessRequest
+	var req models.JITAccessRequest
 	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		logger.Log(0, "error decoding request body:", err.Error())

pro/controllers/metrics.go

@@ -22,7 +22,15 @@ func MetricHandlers(r *mux.Router) {
 	r.HandleFunc("/api/metrics-ext/{network}", logic.SecurityCheck(true, http.HandlerFunc(getNetworkExtMetrics))).Methods(http.MethodGet)
 }
 
-// get the metrics of a given node
+// @Summary     Get metrics for a specific node
+// @Router      /api/metrics/{network}/{nodeid} [get]
+// @Tags        Metrics
+// @Security    oauth
+// @Produce     json
+// @Param       network path string true "Network ID"
+// @Param       nodeid path string true "Node ID"
+// @Success     200 {object} models.Metrics
+// @Failure     500 {object} models.ErrorResponse
 func getNodeMetrics(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -43,7 +51,14 @@ func getNodeMetrics(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(metrics)
 }
 
-// get the metrics of all nodes in given network
+// @Summary     Get metrics for all nodes in a network
+// @Router      /api/metrics/{network} [get]
+// @Tags        Metrics
+// @Security    oauth
+// @Produce     json
+// @Param       network path string true "Network ID"
+// @Success     200 {object} models.NetworkMetrics
+// @Failure     500 {object} models.ErrorResponse
 func getNetworkNodesMetrics(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -77,7 +92,14 @@ func getNetworkNodesMetrics(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(networkMetrics)
 }
 
-// get the metrics for ext clients on a given network
+// @Summary     Get metrics for external clients in a network
+// @Router      /api/metrics-ext/{network} [get]
+// @Tags        Metrics
+// @Security    oauth
+// @Produce     json
+// @Param       network path string true "Network ID"
+// @Success     200 {object} models.Metrics
+// @Failure     500 {object} models.ErrorResponse
 func getNetworkExtMetrics(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -136,7 +158,13 @@ func getNetworkExtMetrics(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(networkMetrics.Connectivity)
 }
 
-// get Metrics of all nodes on server, lots of data
+// @Summary     Get metrics for all nodes on server
+// @Router      /api/metrics [get]
+// @Tags        Metrics
+// @Security    oauth
+// @Produce     json
+// @Success     200 {object} models.NetworkMetrics
+// @Failure     500 {object} models.ErrorResponse
 func getAllMetrics(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	logger.Log(1, r.Header.Get("user"), "requested fetching all metrics")

pro/controllers/networks.go

@@ -12,6 +12,14 @@ func NetworkHandlers(r *mux.Router) {
 	r.HandleFunc("/api/v1/networks/{network}/graph", logic.SecurityCheck(true, http.HandlerFunc(getNetworkGraph))).Methods(http.MethodGet)
 }
 
+// @Summary     Get network topology graph
+// @Router      /api/v1/networks/{network}/graph [get]
+// @Tags        Networks
+// @Security    oauth
+// @Produce     json
+// @Param       network path string true "Network ID"
+// @Success     200 {array} models.ApiNode
+// @Failure     500 {object} models.ErrorResponse
 func getNetworkGraph(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 

pro/controllers/posture_check.go

@@ -29,8 +29,9 @@ func PostureCheckHandlers(r *mux.Router) {
 
 // @Summary     List Posture Checks Available Attributes
 // @Router      /api/v1/posture_check/attrs [get]
-// @Tags        Auth
-// @Accept      json
+// @Tags        Posture Check
+// @Security    oauth
+// @Produce     json
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
@@ -40,12 +41,14 @@ func listPostureChecksAttrs(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, schema.PostureCheckAttrValues, "fetched posture checks")
 }
 
-// @Summary     Create  Posture Check
+// @Summary     Create Posture Check
 // @Router      /api/v1/posture_check [post]
-// @Tags        DNS
+// @Tags        Posture Check
+// @Security    oauth
 // @Accept      json
+// @Produce     json
 // @Param       body body schema.PostureCheck true "Posture Check payload"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} schema.PostureCheck
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -112,10 +115,12 @@ func createPostureCheck(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     List Posture Checks
 // @Router      /api/v1/posture_check [get]
-// @Tags        Auth
-// @Accept      json
+// @Tags        Posture Check
+// @Security    oauth
+// @Produce     json
 // @Param       network query string true "Network ID"
-// @Success     200 {object} models.SuccessResponse
+// @Param       id query string false "Posture Check ID to fetch a specific check"
+// @Success     200 {array} schema.PostureCheck
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -161,10 +166,12 @@ func listPostureChecks(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Update Posture Check
 // @Router      /api/v1/posture_check [put]
-// @Tags        Auth
+// @Tags        Posture Check
+// @Security    oauth
 // @Accept      json
+// @Produce     json
 // @Param       body body schema.PostureCheck true "Posture Check payload"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} schema.PostureCheck
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -244,10 +251,11 @@ func updatePostureCheck(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Delete Posture Check
 // @Router      /api/v1/posture_check [delete]
-// @Tags        Auth
-// @Accept      json
+// @Tags        Posture Check
+// @Security    oauth
+// @Produce     json
 // @Param       id query string true "Posture Check ID"
-// @Success     200 {object} models.SuccessResponse
+// @Success     200 {object} schema.PostureCheck
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
@@ -296,10 +304,12 @@ func deletePostureCheck(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     List Posture Check violated Nodes
 // @Router      /api/v1/posture_check/violations [get]
-// @Tags        Auth
-// @Accept      json
+// @Tags        Posture Check
+// @Security    oauth
+// @Produce     json
 // @Param       network query string true "Network ID"
-// @Success     200 {object} models.SuccessResponse
+// @Param       users query string false "If 'true', list violated users instead of nodes"
+// @Success     200 {array} models.ApiNode
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     401 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse

pro/controllers/tags.go

@@ -32,8 +32,10 @@ func TagHandlers(r *mux.Router) {
 // @Summary     List Tags in a network
 // @Router      /api/v1/tags [get]
 // @Tags        TAG
-// @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Param       network query string true "Network ID"
+// @Success     200 {array} models.TagListRespNodes
 // @Failure     500 {object} models.ErrorResponse
 func getTags(w http.ResponseWriter, r *http.Request) {
 	netID, _ := url.QueryUnescape(r.URL.Query().Get("network"))
@@ -60,8 +62,11 @@ func getTags(w http.ResponseWriter, r *http.Request) {
 // @Summary     Create Tag
 // @Router      /api/v1/tags [post]
 // @Tags        TAG
+// @Security    oauth
 // @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Produce     json
+// @Param       body body models.CreateTagReq true "Tag creation request"
+// @Success     200 {object} models.TagListRespNodes
 // @Failure     500 {object} models.ErrorResponse
 func createTag(w http.ResponseWriter, r *http.Request) {
 	var req models.CreateTagReq
@@ -162,8 +167,11 @@ func createTag(w http.ResponseWriter, r *http.Request) {
 // @Summary     Update Tag
 // @Router      /api/v1/tags [put]
 // @Tags        TAG
+// @Security    oauth
 // @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Produce     json
+// @Param       body body models.UpdateTagReq true "Tag update request"
+// @Success     200 {object} models.TagListRespNodes
 // @Failure     500 {object} models.ErrorResponse
 func updateTag(w http.ResponseWriter, r *http.Request) {
 	var updateTag models.UpdateTagReq
@@ -248,8 +256,10 @@ func updateTag(w http.ResponseWriter, r *http.Request) {
 // @Summary     Delete Tag
 // @Router      /api/v1/tags [delete]
 // @Tags        TAG
-// @Accept      json
-// @Success     200 {array} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Param       tag_id query string true "Tag ID to delete"
+// @Success     200 {object} models.SuccessResponse
 // @Failure     500 {object} models.ErrorResponse
 func deleteTag(w http.ResponseWriter, r *http.Request) {
 	tagID, _ := url.QueryUnescape(r.URL.Query().Get("tag_id"))

pro/controllers/users.go

@@ -78,14 +78,16 @@ func UserHandlers(r *mux.Router) {
 	r.HandleFunc("/api/idp", logic.SecurityCheck(true, http.HandlerFunc(removeIDPIntegration))).Methods(http.MethodDelete)
 }
 
-// swagger:route POST /api/v1/users/invite-signup user userInviteSignUp
-//
-// user signup via invite.
-//
-//	Schemes: https
-//
-//	Responses:
-//		200: ReturnSuccessResponse
+// @Summary     User signup via invite
+// @Router      /api/v1/users/invite-signup [post]
+// @Tags        Users
+// @Accept      json
+// @Produce     json
+// @Param       email query string true "Invitee email"
+// @Param       invite_code query string true "Invite code"
+// @Param       body body models.User true "User signup data"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
 func userInviteSignUp(w http.ResponseWriter, r *http.Request) {
 	email, _ := url.QueryUnescape(r.URL.Query().Get("email"))
 	code := r.URL.Query().Get("invite_code")
@@ -140,14 +142,14 @@ func userInviteSignUp(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "created user successfully "+email)
 }
 
-// swagger:route GET /api/v1/users/invite user userInviteVerify
-//
-// verfies user invite.
-//
-//	Schemes: https
-//
-//	Responses:
-//		200: ReturnSuccessResponse
+// @Summary     Verify user invite
+// @Router      /api/v1/users/invite [get]
+// @Tags        Users
+// @Produce     json
+// @Param       email query string true "Invitee email"
+// @Param       invite_code query string true "Invite code"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     500 {object} models.ErrorResponse
 func userInviteVerify(w http.ResponseWriter, r *http.Request) {
 	email := r.URL.Query().Get("email")
 	code := r.URL.Query().Get("invite_code")
@@ -160,17 +162,15 @@ func userInviteVerify(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "invite is valid")
 }
 
-// swagger:route POST /api/v1/users/invite user inviteUsers
-//
-// invite users.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Invite users
+// @Router      /api/v1/users/invite [post]
+// @Tags        Users
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       body body models.InviteUsersReq true "Invite users request"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
 func inviteUsers(w http.ResponseWriter, r *http.Request) {
 	var inviteReq models.InviteUsersReq
 	err := json.NewDecoder(r.Body).Decode(&inviteReq)
@@ -300,17 +300,13 @@ func inviteUsers(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "triggered user invites")
 }
 
-// swagger:route GET /api/v1/users/invites user listUserInvites
-//
-// lists all pending invited users.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: ReturnSuccessResponseWithJson
+// @Summary     List all pending user invites
+// @Router      /api/v1/users/invites [get]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Success     200 {array} models.UserInvite
+// @Failure     500 {object} models.ErrorResponse
 func listUserInvites(w http.ResponseWriter, r *http.Request) {
 	usersInvites, err := logic.ListUserInvites()
 	if err != nil {
@@ -321,17 +317,14 @@ func listUserInvites(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, usersInvites, "fetched pending user invites")
 }
 
-// swagger:route DELETE /api/v1/users/invite user deleteUserInvite
-//
-// delete pending invite.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: ReturnSuccessResponse
+// @Summary     Delete a pending user invite
+// @Router      /api/v1/users/invite [delete]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Param       invitee_email query string true "Invitee email to delete"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     500 {object} models.ErrorResponse
 func deleteUserInvite(w http.ResponseWriter, r *http.Request) {
 	email := r.URL.Query().Get("invitee_email")
 	err := logic.DeleteUserInvite(email)
@@ -364,17 +357,13 @@ func deleteUserInvite(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "deleted user invite")
 }
 
-// swagger:route DELETE /api/v1/users/invites user deleteAllUserInvites
-//
-// deletes all pending invites.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: ReturnSuccessResponse
+// @Summary     Delete all pending user invites
+// @Router      /api/v1/users/invites [delete]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Success     200 {object} models.SuccessResponse
+// @Failure     500 {object} models.ErrorResponse
 func deleteAllUserInvites(w http.ResponseWriter, r *http.Request) {
 	err := database.DeleteAllRecords(database.USER_INVITES_TABLE_NAME)
 	if err != nil {
@@ -399,17 +388,13 @@ func deleteAllUserInvites(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "cleared all pending user invites")
 }
 
-// swagger:route GET /api/v1/user/groups user listUserGroups
-//
-// Get all user groups.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     List all user groups
+// @Router      /api/v1/users/groups [get]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Success     200 {array} models.UserGroup
+// @Failure     500 {object} models.ErrorResponse
 func listUserGroups(w http.ResponseWriter, r *http.Request) {
 	groups, err := proLogic.ListUserGroups()
 	if err != nil {
@@ -422,17 +407,14 @@ func listUserGroups(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, groups, "successfully fetched user groups")
 }
 
-// swagger:route GET /api/v1/user/group user getUserGroup
-//
-// Get user group.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Get a user group
+// @Router      /api/v1/users/group [get]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Param       group_id query string true "Group ID"
+// @Success     200 {object} models.UserGroup
+// @Failure     500 {object} models.ErrorResponse
 func getUserGroup(w http.ResponseWriter, r *http.Request) {
 
 	gid := r.URL.Query().Get("group_id")
@@ -451,17 +433,16 @@ func getUserGroup(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, group, "successfully fetched user group")
 }
 
-// swagger:route POST /api/v1/user/group user createUserGroup
-//
-// Create user groups.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Create a user group
+// @Router      /api/v1/users/group [post]
+// @Tags        Users
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       body body models.CreateGroupReq true "Create group request"
+// @Success     200 {object} models.UserGroup
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
 func createUserGroup(w http.ResponseWriter, r *http.Request) {
 	var userGroupReq models.CreateGroupReq
 	err := json.NewDecoder(r.Body).Decode(&userGroupReq)
@@ -512,17 +493,16 @@ func createUserGroup(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userGroupReq.Group, "created user group")
 }
 
-// swagger:route PUT /api/v1/user/group user updateUserGroup
-//
-// Update user group.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Update a user group
+// @Router      /api/v1/users/group [put]
+// @Tags        Users
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       body body models.UserGroup true "User group update data"
+// @Success     200 {object} models.UserGroup
+// @Failure     400 {object} models.ErrorResponse
+// @Failure     500 {object} models.ErrorResponse
 func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 	var userGroup models.UserGroup
 	err := json.NewDecoder(r.Body).Decode(&userGroup)
@@ -762,17 +742,14 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userGroup, "updated user group")
 }
 
-// swagger:route GET /api/v1/users/unassigned_network_user user listUnAssignedNetUsers
-//
-// list unassigned network users.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     List unassigned network users
+// @Router      /api/v1/users/unassigned_network_users [get]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Param       network_id query string true "Network ID"
+// @Success     200 {array} models.ReturnUser
+// @Failure     400 {object} models.ErrorResponse
 func listUnAssignedNetUsers(w http.ResponseWriter, r *http.Request) {
 	netID := r.URL.Query().Get("network_id")
 	if netID == "" {
@@ -804,17 +781,15 @@ func listUnAssignedNetUsers(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, unassignedUsers, "returned unassigned network service users")
 }
 
-// swagger:route PUT /api/v1/users/add_network_user user addUsertoNetwork
-//
-// add user to network.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Add user to network
+// @Router      /api/v1/users/add_network_user [put]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Param       username query string true "Username"
+// @Param       network_id query string true "Network ID"
+// @Success     200 {object} models.User
+// @Failure     400 {object} models.ErrorResponse
 func addUsertoNetwork(w http.ResponseWriter, r *http.Request) {
 	username := r.URL.Query().Get("username")
 	if username == "" {
@@ -861,17 +836,15 @@ func addUsertoNetwork(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, user, "updated user group")
 }
 
-// swagger:route PUT /api/v1/users/remove_network_user user removeUserfromNetwork
-//
-// add user to network.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
+// @Summary     Remove user from network
+// @Router      /api/v1/users/remove_network_user [put]
+// @Tags        Users
+// @Security    oauth
+// @Produce     json
+// @Param       username query string true "Username"
+// @Param       network_id query string true "Network ID"
+// @Success     200 {object} models.User
+// @Failure     400 {object} models.ErrorResponse
 func removeUserfromNetwork(w http.ResponseWriter, r *http.Request) {
 	username := r.URL.Query().Get("username")
 	if username == "" {
@@ -918,23 +891,14 @@ func removeUserfromNetwork(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, user, "updated user group")
 }
 
-// swagger:route DELETE /api/v1/user/group user deleteUserGroup
-//
-// delete user group.
-//
-//			Schemes: https
-//
-//			Security:
-//	  		oauth
-//
-//			Responses:
-//				200: userBodyResponse
-//
-// @Summary     Delete user group.
-// @Router      /api/v1/user/group [delete]
+// @Summary     Delete user group
+// @Router      /api/v1/users/group [delete]
 // @Tags        Users
-// @Param       group_id query string true "group id required to delete the role"
-// @Success     200 {string} string
+// @Security    oauth
+// @Produce     json
+// @Param       group_id query string true "Group ID required to delete the group"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
 
@@ -982,11 +946,13 @@ func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, nil, "deleted user group")
 }
 
-// @Summary     lists all user roles.
+// @Summary     List all user roles
 // @Router      /api/v1/users/roles [get]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       platform query string false "If true, lists platform roles. Otherwise, lists network roles."
-// @Success     200 {object}  []models.UserRolePermissionTemplate
+// @Success     200 {array} models.UserRolePermissionTemplate
 // @Failure     500 {object} models.ErrorResponse
 func ListRoles(w http.ResponseWriter, r *http.Request) {
 	platform := r.URL.Query().Get("platform")
@@ -1008,10 +974,12 @@ func ListRoles(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, roles, "successfully fetched user roles permission templates")
 }
 
-// @Summary     Get user role permission template.
-// @Router      /api/v1/user/role [get]
+// @Summary     Get user role permission template
+// @Router      /api/v1/users/role [get]
 // @Tags        Users
-// @Param       role_id query string true "roleid required to get the role details"
+// @Security    oauth
+// @Produce     json
+// @Param       role_id query string true "Role ID required to get the role details"
 // @Success     200 {object} models.UserRolePermissionTemplate
 // @Failure     500 {object} models.ErrorResponse
 func getRole(w http.ResponseWriter, r *http.Request) {
@@ -1031,11 +999,15 @@ func getRole(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, role, "successfully fetched user role permission templates")
 }
 
-// @Summary     Create user role permission template.
-// @Router      /api/v1/user/role [post]
+// @Summary     Create user role permission template
+// @Router      /api/v1/users/role [post]
 // @Tags        Users
-// @Param       body body models.UserRolePermissionTemplate true "user role template"
-// @Success     200 {object}  models.UserRolePermissionTemplate
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       body body models.UserRolePermissionTemplate true "User role template"
+// @Success     200 {object} models.UserRolePermissionTemplate
+// @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func createRole(w http.ResponseWriter, r *http.Request) {
 	var userRole models.UserRolePermissionTemplate
@@ -1076,11 +1048,15 @@ func createRole(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userRole, "created user role")
 }
 
-// @Summary     Update user role permission template.
-// @Router      /api/v1/user/role [put]
+// @Summary     Update user role permission template
+// @Router      /api/v1/users/role [put]
 // @Tags        Users
-// @Param       body body models.UserRolePermissionTemplate true "user role template"
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       body body models.UserRolePermissionTemplate true "User role template"
 // @Success     200 {object} models.UserRolePermissionTemplate
+// @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func updateRole(w http.ResponseWriter, r *http.Request) {
 	var userRole models.UserRolePermissionTemplate
@@ -1131,11 +1107,14 @@ func updateRole(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userRole, "updated user role")
 }
 
-// @Summary     Delete user role permission template.
-// @Router      /api/v1/user/role [delete]
+// @Summary     Delete user role permission template
+// @Router      /api/v1/users/role [delete]
 // @Tags        Users
-// @Param       role_id query string true "roleid required to delete the role"
-// @Success     200 {string} string
+// @Security    oauth
+// @Produce     json
+// @Param       role_id query string true "Role ID required to delete the role"
+// @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func deleteRole(w http.ResponseWriter, r *http.Request) {
 
@@ -1179,7 +1158,8 @@ func deleteRole(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Attach user to a remote access gateway
 // @Router      /api/users/{username}/remote_access_gw/{remote_access_gateway_id} [post]
-// @Tags        PRO
+// @Tags        Users
+// @Security    oauth
 // @Accept      json
 // @Produce     json
 // @Param       username path string true "Username"
@@ -1266,7 +1246,8 @@ func attachUserToRemoteAccessGw(w http.ResponseWriter, r *http.Request) {
 
 // @Summary     Remove user from a remote access gateway
 // @Router      /api/users/{username}/remote_access_gw/{remote_access_gateway_id} [delete]
-// @Tags        PRO
+// @Tags        Users
+// @Security    oauth
 // @Accept      json
 // @Produce     json
 // @Param       username path string true "Username"
@@ -1346,11 +1327,6 @@ func removeUserFromRemoteAccessGW(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(logic.ToReturnUser(*user))
 }
 
-// @Summary     Get Users Remote Access Gw Networks.
-// @Router      /api/v1/rac/networks [get]
-// @Tags        RAC
-// @Success     200 {object} map[string][]models.UserRemoteGws
-// @Failure     500 {object} models.ErrorResponse
 func getUserRemoteAccessNetworks(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -1382,12 +1358,6 @@ func getUserRemoteAccessNetworks(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, networks, "fetched user accessible networks")
 }
 
-// @Summary     Get Users Remote Access Gw Networks.
-// @Router      /api/v1/rac/network/{network}/access_points [get]
-// @Tags        RAC
-// @Param       network path string true "Network Name"
-// @Success     200 {object} map[string][]models.UserRemoteGws
-// @Failure     500 {object} models.ErrorResponse
 func getUserRemoteAccessNetworkGateways(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -1431,13 +1401,6 @@ func getUserRemoteAccessNetworkGateways(w http.ResponseWriter, r *http.Request)
 	logic.ReturnSuccessResponseWithJson(w, r, userGws, "fetched user accessible gateways in network "+network)
 }
 
-// @Summary     Get Users Remote Access Gw Networks.
-// @Router      /api/v1/rac/access_point/{access_point_id}/config [get]
-// @Tags        RAC
-// @Param       access_point_id path string true "Access Point ID"
-// @Param       body body models.UserRemoteGwsReq true "Remote Access Client ID"
-// @Success     200 {object} map[string][]models.UserRemoteGws
-// @Failure     500 {object} models.ErrorResponse
 func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -1560,11 +1523,16 @@ func getRemoteAccessGatewayConf(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userGw, "fetched user config to gw "+remoteGwID)
 }
 
-// @Summary     Get Users Remote Access Gw.
+// @Summary     Get user remote access gateways
 // @Router      /api/users/{username}/remote_access_gw [get]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username path string true "Username to fetch all the gateways with access"
-// @Success     200 {object} map[string][]models.UserRemoteGws
+// @Param       device_id query string false "Device ID"
+// @Param       remote_access_clientid query string false "Remote access client ID"
+// @Param       from_mobile query string false "If 'true', returns array format"
+// @Success     200 {object} models.SuccessResponse
 // @Failure     500 {object} models.ErrorResponse
 func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 	// set header.
@@ -1794,9 +1762,10 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(userGws)
 }
 
-// @Summary     List users attached to an remote access gateway
+// @Summary     List users attached to a remote access gateway
 // @Router      /api/users/ingress/{ingress_id} [get]
-// @Tags        PRO
+// @Tags        Users
+// @Security    oauth
 // @Accept      json
 // @Produce     json
 // @Param       ingress_id path string true "Ingress Gateway ID"
@@ -1833,12 +1802,12 @@ func ingressGatewayUsers(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(gwUsers)
 }
 
-// @Summary     List users network ip mappings
-// @Router      /api/users/network_ip [get]
-// @Tags        PRO
-// @Accept      json
+// @Summary     List users network IP mappings
+// @Router      /api/v1/users/network_ip [get]
+// @Tags        Users
+// @Security    oauth
 // @Produce     json
-// @Success     200 {array} models.UserIPMap
+// @Success     200 {object} models.UserIPMap
 // @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func userNetworkMapping(w http.ResponseWriter, r *http.Request) {
@@ -1905,7 +1874,9 @@ func getAllowedRagEndpoints(ragNode *models.Node, ragHost *models.Host) []string
 // @Summary     Get all pending users
 // @Router      /api/users_pending [get]
 // @Tags        Users
-// @Success     200 {array} models.User
+// @Security    oauth
+// @Produce     json
+// @Success     200 {array} models.ReturnUser
 // @Failure     500 {object} models.ErrorResponse
 func getPendingUsers(w http.ResponseWriter, r *http.Request) {
 	// set header.
@@ -1926,8 +1897,10 @@ func getPendingUsers(w http.ResponseWriter, r *http.Request) {
 // @Summary     Approve a pending user
 // @Router      /api/users_pending/user/{username} [post]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username path string true "Username of the pending user to approve"
-// @Success     200 {string} string
+// @Success     200 {object} models.SuccessResponse
 // @Failure     500 {object} models.ErrorResponse
 func approvePendingUser(w http.ResponseWriter, r *http.Request) {
 	// set header.
@@ -1987,8 +1960,10 @@ func approvePendingUser(w http.ResponseWriter, r *http.Request) {
 // @Summary     Delete a pending user
 // @Router      /api/users_pending/user/{username} [delete]
 // @Tags        Users
+// @Security    oauth
+// @Produce     json
 // @Param       username path string true "Username of the pending user to delete"
-// @Success     200 {string} string
+// @Success     200 {object} models.SuccessResponse
 // @Failure     500 {object} models.ErrorResponse
 func deletePendingUser(w http.ResponseWriter, r *http.Request) {
 	// set header.
@@ -2039,7 +2014,9 @@ func deletePendingUser(w http.ResponseWriter, r *http.Request) {
 // @Summary     Delete all pending users
 // @Router      /api/users_pending [delete]
 // @Tags        Users
-// @Success     200 {string} string
+// @Security    oauth
+// @Produce     json
+// @Success     200 {object} models.SuccessResponse
 // @Failure     500 {object} models.ErrorResponse
 func deleteAllPendingUsers(w http.ResponseWriter, r *http.Request) {
 	// set header.
@@ -2066,9 +2043,11 @@ func deleteAllPendingUsers(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "cleared all pending users")
 }
 
-// @Summary     Sync users and groups from idp.
+// @Summary     Sync users and groups from IDP
 // @Router      /api/idp/sync [post]
 // @Tags        IDP
+// @Security    oauth
+// @Produce     json
 // @Success     200 {object} models.SuccessResponse
 func syncIDP(w http.ResponseWriter, r *http.Request) {
 	go func() {
@@ -2083,9 +2062,13 @@ func syncIDP(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "starting sync from idp")
 }
 
-// @Summary     Test IDP Sync Credentials.
+// @Summary     Test IDP Sync Credentials
 // @Router      /api/idp/sync/test [post]
 // @Tags        IDP
+// @Security    oauth
+// @Accept      json
+// @Produce     json
+// @Param       body body models.IDPSyncTestRequest true "IDP sync test request"
 // @Success     200 {object} models.SuccessResponse
 // @Failure     400 {object} models.ErrorResponse
 func testIDPSync(w http.ResponseWriter, r *http.Request) {
@@ -2129,18 +2112,23 @@ func testIDPSync(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponse(w, r, "idp sync test successful")
 }
 
-// @Summary     Gets idp sync status.
+// @Summary     Get IDP sync status
 // @Router      /api/idp/sync/status [get]
 // @Tags        IDP
-// @Success     200 {object} models.SuccessResponse
+// @Security    oauth
+// @Produce     json
+// @Success     200 {object} models.IDPSyncStatus
 func getIDPSyncStatus(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, proAuth.GetIDPSyncStatus(), "idp sync status retrieved")
 }
 
-// @Summary     Remove idp integration.
+// @Summary     Remove IDP integration
 // @Router      /api/idp [delete]
 // @Tags        IDP
+// @Security    oauth
+// @Produce     json
 // @Success     200 {object} models.SuccessResponse
+// @Failure     400 {object} models.ErrorResponse
 // @Failure     500 {object} models.ErrorResponse
 func removeIDPIntegration(w http.ResponseWriter, r *http.Request) {
 	superAdmin, err := logic.GetSuperAdmin()