swagger doc fixes

Author: Rajat

apps/api/AGENTS.md

@@ -1,4 +1,4 @@
 ## Development Tips
 
 - Always stick to industry standards and best practices for maintaining the REST API documentation using swagger and openapi.
-- Stick to OpenAPI 3.0.0 specification for the API documentation.
+- Stick to OpenAPI >=3.0.3 specification for the API documentation.

apps/api/src/index.ts

@@ -69,7 +69,20 @@ app.get(
     },
 );
 
-app.use("/docs", swaggerUi.serve, swaggerUi.setup(swaggerOutput));
+app.use(
+    "/docs",
+    swaggerUi.serve,
+    swaggerUi.setup(swaggerOutput, {
+        explorer: true,
+        swaggerOptions: {
+            persistAuthorization: true,
+            displayRequestDuration: true,
+            docExpansion: "none",
+            defaultModelsExpandDepth: -1,
+            validatorUrl: null,
+        },
+    }),
+);
 
 app.use("/settings/media", mediaSettingsRoutes(passport));
 app.use("/media/signature", signatureRoutes);
@@ -78,27 +91,7 @@ app.use("/media", mediaRoutes);
 
 app.get(
     "/cleanup/temp",
-    /* 
-        #swagger.tags = ['Cleanup']
-        #swagger.summary = 'Cleanup expired temp uploads'
-        #swagger.description = 'Cleanup expired temp uploads'
-        #swagger.responses[200] = {
-            description: "OK",
-            content: {
-                "application/json": {
-                    schema: {
-                        type: "object",
-                        properties: {
-                            message: {
-                                type: "string",
-                                example: "Expired temp uploads cleaned up",
-                            },
-                        },
-                    },
-                },
-            },
-        }
-    */
+    /* #swagger.ignore = true */
     async (req, res) => {
         await cleanupExpiredTempUploads();
         res.status(200).json({
@@ -108,27 +101,7 @@ app.get(
 );
 app.get(
     "/cleanup/tus",
-    /* 
-        #swagger.tags = ['Cleanup']
-        #swagger.summary = 'Cleanup expired tus uploads'
-        #swagger.description = 'Cleanup expired tus uploads'
-        #swagger.responses[200] = {
-            description: "OK",
-            content: {
-                "application/json": {
-                    schema: {
-                        type: "object",
-                        properties: {
-                            message: {
-                                type: "string",
-                                example: "Expired tus uploads cleaned up",
-                            },
-                        },
-                    },
-                },
-            },
-        }
-    */
+    /* #swagger.ignore = true */
     async (req, res) => {
         await cleanupTUSUploads();
         res.status(200).json({

apps/api/src/media-settings/routes.ts

@@ -36,7 +36,9 @@ export default (passport: any) => {
                     }
                 }
             }
+            #swagger.responses[400] = { description: 'Bad Request' }
             #swagger.responses[401] = { description: 'Unauthorized' }
+            #swagger.responses[500] = { description: 'Internal Server Error' }
         */
         apikey,
         updateMediaSettingsHandler,
@@ -58,6 +60,7 @@ export default (passport: any) => {
                 }
             }
             #swagger.responses[401] = { description: 'Unauthorized' }
+            #swagger.responses[500] = { description: 'Internal Server Error' }
         */
         apikey,
         getMediaSettingsHandler,

apps/api/src/media/handlers.ts

@@ -80,7 +80,9 @@ export async function getMedia(
     res: any,
     next: (...args: any[]) => void,
 ) {
-    const { page, limit, access, group } = req.query;
+    const filters =
+        req.body && Object.keys(req.body).length > 0 ? req.body : req.query;
+    const { page, limit, access, group } = filters;
 
     const { error } = getMediaSchema.validate({ page, limit, access, group });
 

apps/api/src/media/routes.ts

@@ -26,7 +26,7 @@ router.post(
     /* 
         #swagger.tags = ['Media']
         #swagger.summary = 'Upload Media'
-        #swagger.description = 'Upload a new media file. Requires an API key in the `x-medialit-apikey` header or a signature in the `x-medialit-signature` header.'
+        #swagger.description = 'Upload a new media file. Use API key auth from Authorize (`x-medialit-apikey`) or pass `x-medialit-signature` for this endpoint only.'
         #swagger.security = [{ "apiKeyAuth": [] }]
         #swagger.parameters['x-medialit-signature'] = {
             in: 'header',
@@ -35,6 +35,7 @@ router.post(
             required: false
         }
         #swagger.requestBody = {
+            required: true,
             content: {
                 "multipart/form-data": {
                     schema: {
@@ -44,7 +45,8 @@ router.post(
                             caption: { type: "string" },
                             access: { type: "string", enum: ["public", "private"] },
                             group: { type: "string" }
-                        }
+                        },
+                        required: ["file"]
                     }
                 }
             }
@@ -59,6 +61,16 @@ router.post(
         }
         #swagger.responses[400] = { description: 'Bad Request' }
         #swagger.responses[401] = { description: 'Unauthorized' }
+        #swagger.responses[404] = {
+            description: 'Invalid signature',
+            content: {
+                "application/json": {
+                    schema: { $ref: '#/components/schemas/ErrorResponse' },
+                    example: { error: 'Invalid signature' }
+                }
+            }
+        }
+        #swagger.responses[500] = { description: 'Internal Server Error' }
     */
     cors(),
     fileUpload({
@@ -150,6 +162,7 @@ router.post(
         }
         #swagger.responses[401] = { description: 'Unauthorized' }
         #swagger.responses[404] = { description: 'Media not found' }
+        #swagger.responses[500] = { description: 'Internal Server Error' }
     */
     apikey,
     getMediaDetails,
@@ -159,12 +172,15 @@ router.post(
     /* 
         #swagger.tags = ['Media']
         #swagger.summary = 'List Media'
-        #swagger.description = 'List all media files. POST is used to support authenticated requests and complex filters.'
+        #swagger.description = 'List media files filtered by optional query payload.'
         #swagger.security = [{ "apiKeyAuth": [] }]
-        #swagger.parameters['query'] = {
-            in: 'query',
-            name: 'filters',
-            schema: { $ref: '#/components/schemas/GetMediaQuery' }
+        #swagger.requestBody = {
+            required: false,
+            content: {
+                "application/json": {
+                    schema: { $ref: '#/components/schemas/GetMediaQuery' }
+                }
+            }
         }
         #swagger.responses[200] = {
             description: 'List retrieved successfully',
@@ -177,7 +193,9 @@ router.post(
                 }
             }
         } 
+        #swagger.responses[400] = { description: 'Bad Request' }
         #swagger.responses[401] = { description: 'Unauthorized' }
+        #swagger.responses[500] = { description: 'Internal Server Error' }
     */
     apikey,
     getMedia,
@@ -204,6 +222,8 @@ router.post(
             }
         }
         #swagger.responses[401] = { description: 'Unauthorized' }
+        #swagger.responses[404] = { description: 'Media not found' }
+        #swagger.responses[500] = { description: 'Internal Server Error' }
     */
     apikey,
     sealMedia,
@@ -235,7 +255,7 @@ router.delete(
             }
         }
         #swagger.responses[401] = { description: 'Unauthorized' }
-        #swagger.responses[404] = { description: 'Media not found' }
+        #swagger.responses[500] = { description: 'Internal Server Error' }
     */
     apikey,
     deleteMedia,

apps/api/src/signature/handlers.ts

@@ -30,6 +30,6 @@ export async function getSignature(
         return res.status(200).json({ signature });
     } catch (err: any) {
         logger.error({ err }, err.message);
-        return res.status(500).json(err.message);
+        return res.status(500).json({ error: err.message });
     }
 }

apps/api/src/signature/routes.ts

@@ -20,7 +20,9 @@ router.post(
                 }
             }
         }
+        #swagger.responses[400] = { description: 'Bad Request' }
         #swagger.responses[401] = { description: 'Unauthorized' }
+        #swagger.responses[500] = { description: 'Internal Server Error' }
     */
     apikey,
     getSignature,

apps/api/src/swagger-generator.ts

@@ -17,11 +17,20 @@ import {
 import { signatureResponseSchema } from "./signature/schemas";
 
 const doc = {
-    openapi: "3.0.0",
+    openapi: "3.0.3",
     info: {
         title: "Medialit API",
         description: "Easy file uploads for serverless apps",
         version: "0.3.0",
+        termsOfService: "https://medialit.cloud/p/terms",
+        contact: {
+            name: "Medialit Support",
+            url: "https://medialit.cloud",
+        },
+        license: {
+            name: "AGPL-3.0",
+            url: "https://www.gnu.org/licenses/agpl-3.0.en.html",
+        },
     },
     servers: [
         {
@@ -38,6 +47,16 @@ const doc = {
             },
         },
     ],
+    tags: [
+        {
+            name: "Media",
+            description: "Upload, list, and manage media resources.",
+        },
+        {
+            name: "Settings",
+            description: "Manage media processing configuration.",
+        },
+    ],
     components: {
         securitySchemes: {
             apiKeyAuth: {
@@ -57,6 +76,28 @@ swaggerAutogen()(outputFile, routes, doc).then(() => {
     // Post-process to inject Joi schemas directly (avoiding autogen inference)
     const content = JSON.parse(fs.readFileSync(outputFile, "utf8"));
 
+    const operationIdByMethodAndPath: Record<string, string> = {
+        "get /health": "getHealth",
+        "post /settings/media/create": "updateMediaSettings",
+        "post /settings/media/get": "getMediaSettings",
+        "post /media/signature/create": "createUploadSignature",
+        "post /media/create": "uploadMedia",
+        "post /media/get/count": "getMediaCount",
+        "post /media/get/size": "getMediaSize",
+        "post /media/get/{mediaId}": "getMediaDetails",
+        "post /media/get": "listMedia",
+        "post /media/seal/{mediaId}": "sealMedia",
+        "delete /media/delete/{mediaId}": "deleteMedia",
+    };
+
+    const errorDescriptionByStatus: Record<string, string> = {
+        "400": "Bad Request",
+        "401": "Unauthorized",
+        "404": "Not Found",
+        "409": "Conflict",
+        "500": "Internal Server Error",
+    };
+
     // Inject components.schemas manually
     content.components.schemas = {
         ...content.components.schemas,
@@ -68,8 +109,93 @@ swaggerAutogen()(outputFile, routes, doc).then(() => {
         SignatureResponse: joiToSwagger(signatureResponseSchema).swagger,
         MediaCountResponse: joiToSwagger(mediaCountResponseSchema).swagger,
         MediaSizeResponse: joiToSwagger(mediaSizeResponseSchema).swagger,
+        ErrorResponse: {
+            type: "object",
+            properties: {
+                error: {
+                    type: "string",
+                    example: "Unauthorized",
+                },
+            },
+            required: ["error"],
+            additionalProperties: false,
+        },
     };
 
+    if (content.paths) {
+        delete content.paths["/cleanup/temp"];
+        delete content.paths["/cleanup/tus"];
+    }
+
+    Object.entries(content.paths || {}).forEach(([apiPath, pathItem]: any) => {
+        Object.entries(pathItem || {}).forEach(([method, operation]: any) => {
+            if (!operation || typeof operation !== "object") {
+                return;
+            }
+
+            const operationId =
+                operationIdByMethodAndPath[`${method} ${apiPath}`];
+            if (operationId) {
+                operation.operationId = operationId;
+            }
+
+            if (Array.isArray(operation.parameters)) {
+                operation.parameters.forEach((parameter: any) => {
+                    if (parameter && typeof parameter === "object") {
+                        delete parameter.type;
+                    }
+                });
+            }
+
+            if (apiPath === "/media/create" && method === "post") {
+                operation.security = [{ apiKeyAuth: [] }];
+            }
+
+            if (apiPath === "/health" && method === "get") {
+                operation.security = [];
+            }
+
+            if (apiPath === "/media/get" && method === "post") {
+                delete operation.parameters;
+                operation.requestBody = {
+                    required: false,
+                    content: {
+                        "application/json": {
+                            schema: {
+                                $ref: "#/components/schemas/GetMediaQuery",
+                            },
+                        },
+                    },
+                };
+            }
+
+            operation.responses = operation.responses || {};
+            ["400", "401", "404", "409", "500"].forEach((statusCode) => {
+                const existingResponse = operation.responses[statusCode];
+                if (!existingResponse || existingResponse.$ref) {
+                    return;
+                }
+
+                operation.responses[statusCode] = {
+                    ...existingResponse,
+                    description:
+                        existingResponse.description ||
+                        errorDescriptionByStatus[statusCode],
+                    content: existingResponse.content || {
+                        "application/json": {
+                            schema: {
+                                $ref: "#/components/schemas/ErrorResponse",
+                            },
+                            example: {
+                                error: errorDescriptionByStatus[statusCode],
+                            },
+                        },
+                    },
+                };
+            });
+        });
+    });
+
     if (content.openapi && content.swagger) {
         delete content.swagger;
     }