info:
  description: zrok client access
  title: zrok
  version: 0.3.0

basePath: /api/v1

securityDefinitions:
  key:
    type: apiKey
    in: header
    name: x-token

paths:
  #
  # account
  #
  /changePassword:
    post:
      tags:
        - account
      security:
        - key: []
      operationId: changePassword
      parameters:
        - name: body
          in: body
          schema:
            $ref: '#/definitions/changePasswordRequest'
      responses:
        200:
          description: changed password
        400:
          description: password not changed
        401:
          description: unauthorized
        422:
          description: password validation failure
          schema:
            $ref: '#/definitions/errorMessage'
        500:
          description: internal server error

  /invite:
    post:
      tags:
        - account
      operationId: invite
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/inviteRequest"
      responses:
        201:
          description: invitation created
        400:
          description: invitation not created (already exists)
          schema:
            $ref: '#/definitions/errorMessage'
        401:
          description: unauthorized
        500:
          description: internal server error

  /login:
    post:
      tags:
        - account
      operationId: login
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/loginRequest"
      responses:
        200:
          description: login successful
          schema:
            $ref: "#/definitions/loginResponse"
        401:
          description: invalid login

  /regenerateToken:
    post:
      tags:
        - account
      security:
        - key: []
      operationId: regenerateToken
      parameters:
        - name: body
          in: body
          schema:
            properties:
              emailAddress:
                type: string
      responses:
        200:
          description: regenerate account token
          schema:
            properties:
              token:
                type: string
        404:
          description: account not found
        500:
          description: internal server error

  /register:
    post:
      tags:
        - account
      operationId: register
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/registerRequest"
      responses:
        200:
          description: account created
          schema:
            $ref: "#/definitions/registerResponse"
        404:
          description: request not found
        422:
          description: password validation failure
          schema:
            $ref: '#/definitions/errorMessage'
        500:
          description: internal server error

  /resetPassword:
    post:
      tags:
        - account
      operationId: resetPassword
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/resetPasswordRequest"
      responses:
        200:
          description: password reset
        404:
          description: request not found
        422:
          description: password validation failure
          schema:
            $ref: '#/definitions/errorMessage'
        500:
          description: internal server error

  /resetPasswordRequest:
    post:
      tags:
        - account
      operationId: resetPasswordRequest
      parameters:
        - name: body
          in: body
          schema:
            properties:
              emailAddress:
                type: string
      responses:
        201:
          description: forgot password request created
        400:
          description: forgot password request not created
        500:
          description: internal server error

  /verify:
    post:
      tags:
        - account
      operationId: verify
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/verifyRequest"
      responses:
        200:
          description: token ready
          schema:
            $ref: "#/definitions/verifyResponse"
        404:
          description: token not found
        500:
          description: internal server error

  #
  # admin
  #
  /frontend:
    post:
      tags:
        - admin
      security:
        - key: []
      operationId: createFrontend
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/createFrontendRequest"
      responses:
        201:
          description: frontend created
          schema:
            $ref: "#/definitions/createFrontendResponse"
        400:
          description: bad request
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error
    patch:
      tags:
        - admin
      security:
        - key: []
      operationId: updateFrontend
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/updateFrontendRequest"
      responses:
        200:
          description: frontend updated
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error
    delete:
      tags:
        - admin
      security:
        - key: []
      operationId: deleteFrontend
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/deleteFrontendRequest"
      responses:
        200:
          description: frontend deleted
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error

  /frontends:
    get:
      tags:
        - admin
      security:
        - key: []
      operationId: listFrontends
      responses:
        200:
          description: ok
          schema:
            $ref: "#/definitions/publicFrontendList"
        401:
          description: unauthorized
        500:
          description: internal server error

  /identity:
    post:
      tags:
        - admin
      security:
        - key: []
      operationId: createIdentity
      parameters:
        - name: body
          in: body
          schema:
            properties:
              name:
                type: string
      responses:
        201:
          description: created
          schema:
            properties:
              identity:
                type: string
              cfg:
                type: string
        401:
          description: unauthorized
        500:
          description: internal server error

  /invite/token/generate:
    post:
      tags:
        - admin
      security:
        - key: []
      operationId: inviteTokenGenerate
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/inviteTokenGenerateRequest"
      responses:
        201:
          description: invitation tokens created
        400:
          description: invitation tokens not created
        401:
          description: unauthorized
        500:
          description: internal server error
  #
  # environment
  #
  /enable:
    post:
      tags:
        - environment
      security:
        - key: []
      operationId: enable
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/enableRequest"
      responses:
        201:
          description: environment enabled
          schema:
            $ref: "#/definitions/enableResponse"
        401:
          description: unauthorized
        404:
          description: account not found
        500:
          description: internal server error

  /disable:
    post:
      tags:
        - environment
      security:
        - key: []
      operationId: disable
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/disableRequest"
      responses:
        200:
          description: environment disabled
        401:
          description: invalid environment
        500:
          description: internal server error

  #
  # metadata
  #
  /configuration:
    get:
      tags:
        - metadata
      operationId: configuration
      responses:
        200:
          description: current configuration
          schema:
            $ref: "#/definitions/configuration"

  /detail/account:
    get:
      tags:
        - metadata
      security:
        - key: []
      operationId: getAccountDetail
      responses:
        200:
          description: ok
          schema:
            $ref: "#/definitions/environments"
        500:
          description: internal server error

  /detail/environment/{envZId}:
    get:
      tags:
        - metadata
      security:
        - key: []
      operationId: getEnvironmentDetail
      parameters:
        - name: envZId
          in: path
          type: string
          required: true
      responses:
        200:
          description: ok
          schema:
            $ref: "#/definitions/environmentAndResources"
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error

  /detail/frontend/{feId}:
    get:
      tags:
        - metadata
      security:
        - key: []
      operationId: getFrontendDetail
      parameters:
        - name: feId
          in: path
          type: integer
          required: true
      responses:
        200:
          description: ok
          schema:
            $ref: "#/definitions/frontend"
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error

  /detail/share/{shrToken}:
    get:
      tags:
        - metadata
      security:
        - key: []
      operationId: getShareDetail
      parameters:
        - name: shrToken
          in: path
          type: string
          required: true
      responses:
        200:
          description: ok
          schema:
            $ref: "#/definitions/share"
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error

  /overview:
    get:
      tags:
        - metadata
      security:
        - key: []
      operationId: overview
      responses:
        200:
          description: overview returned
          schema:
            $ref: "#/definitions/overview"
        500:
          description: internal server error
          schema:
            $ref: "#/definitions/errorMessage"

  /metrics/account:
    get:
      tags:
        - metadata
      security:
        - key: []
      operationId: getAccountMetrics
      parameters:
        - name: duration
          in: query
          type: string
      responses:
        200:
          description: account metrics
          schema:
            $ref: "#/definitions/metrics"
        400:
          description: bad request
        500:
          description: internal server error

  /metrics/environment/{envId}:
    get:
      tags:
        - metadata
      security:
        - key: []
      operationId: getEnvironmentMetrics
      parameters:
        - name: envId
          in: path
          type: string
          required: true
        - name: duration
          in: query
          type: string
      responses:
        200:
          description: environment metrics
          schema:
            $ref: "#/definitions/metrics"
        400:
          description: bad request
        401:
          description: unauthorized
        500:
          description: internal server error


  /metrics/share/{shrToken}:
    get:
      tags:
        - metadata
      security:
        - key: []
      operationId: getShareMetrics
      parameters:
        - name: shrToken
          in: path
          type: string
          required: true
        - name: duration
          in: query
          type: string
      responses:
        200:
          description: share metrics
          schema:
            $ref: "#/definitions/metrics"
        400:
          description: bad request
        401:
          description: unauthorized
        500:
          description: internal server error


  /version:
    get:
      tags:
        - metadata
      operationId: version
      responses:
        200:
          description: current server version
          schema:
            $ref: "#/definitions/version"

  #
  # share
  #
  /access:
    post:
      tags:
        - share
      security:
        - key: []
      operationId: access
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/accessRequest"
      responses:
        201:
          description: access created
          schema:
            $ref: "#/definitions/accessResponse"
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error

  /share:
    post:
      tags:
        - share
      security:
        - key: []
      operationId: share
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/shareRequest"
      responses:
        201:
          description: share created
          schema:
            $ref: "#/definitions/shareResponse"
        401:
          description: unauthorized
        404:
          description: not found
        409:
          description: conflict
        422:
          description: unprocessable
        500:
          description: internal server error
          schema:
            $ref: "#/definitions/errorMessage"
    patch:
      tags:
        - share
      security:
        - key: []
      operationId: updateShare
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/updateShareRequest"
      responses:
        200:
          description: share updated
        400:
          description: bad request
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error

  /unaccess:
    delete:
      tags:
        - share
      security:
        - key: []
      operationId: unaccess
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/unaccessRequest"
      responses:
        200:
          description: access removed
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error

  /unshare:
    delete:
      tags:
        - share
      security:
        - key: []
      operationId: unshare
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/unshareRequest"
      responses:
        200:
          description: share removed
        401:
          description: unauthorized
        404:
          description: not found
        500:
          description: internal server error
          schema:
            $ref: "#/definitions/errorMessage"

definitions:
  accessRequest:
    type: object
    properties:
      envZId:
        type: string
      shrToken:
        type: string

  accessResponse:
    type: object
    properties:
      frontendToken:
        type: string
      backendMode:
        type: string

  authUser:
    type: object
    properties:
      username:
        type: string
      password:
        type: string

  changePasswordRequest:
    type: object
    properties:
      email:
        type: string
      oldPassword:
        type: string
      newPassword:
         type: string

  configuration:
    type: object
    properties:
      version:
        type: string
      touLink:
        type: string
      invitesOpen:
        type: boolean
      requiresInviteToken:
        type: boolean
      inviteTokenContact:
        type: string
      passwordRequirements:
        $ref: "#/definitions/passwordRequirements"

  createFrontendRequest:
    type: object
    properties:
      zId:
        type: string
      url_template:
        type: string
      public_name:
        type: string

  createFrontendResponse:
    type: object
    properties:
      token:
        type: string

  deleteFrontendRequest:
    type: object
    properties:
      frontendToken:
        type: string

  disableRequest:
    type: object
    properties:
      identity:
        type: string

  enableRequest:
    type: object
    properties:
      description:
        type: string
      host:
        type: string

  enableResponse:
    type: object
    properties:
      identity:
        type: string
      cfg:
        type: string

  environment:
    type: object
    properties:
      description:
        type: string
      host:
        type: string
      address:
        type: string
      zId:
        type: string
      activity:
        $ref: "#/definitions/sparkData"
      limited:
        type: boolean
      createdAt:
        type: integer
      updatedAt:
        type: integer

  environments:
    type: array
    items:
      $ref: "#/definitions/environment"

  environmentAndResources:
    type: object
    properties:
      environment:
        $ref: "#/definitions/environment"
      frontends:
        $ref: "#/definitions/frontends"
      shares:
        $ref: "#/definitions/shares"

  errorMessage:
    type: string

  frontend:
    type: object
    properties:
      id:
        type: integer
      token:
        type: string
      shrToken:
        type: string
      zId:
        type: string
      createdAt:
        type: integer
      updatedAt:
        type: integer

  frontends:
    type: array
    items:
      $ref: "#/definitions/frontend"

  inviteTokenGenerateRequest:
    type: object
    properties:
      tokens:
        type: array
        items:
          type: string

  inviteRequest:
    type: object
    properties:
      email:
        type: string
      token:
        type: string

  loginRequest:
    type: object
    properties:
      email:
        type: string
      password:
        type: string

  loginResponse:
    type: string

  metrics:
    type: object
    properties:
      scope:
        type: string
      id:
        type: string
      period:
        type: number
      samples:
        type: array
        items:
          $ref: "#/definitions/metricsSample"

  metricsSample:
    type: object
    properties:
      rx:
        type: number
      tx:
        type: number
      timestamp:
        type: number

  overview:
    type: object
    properties:
      accountLimited:
        type: boolean
      environments:
        type: array
        items:
          $ref: "#/definitions/environmentAndResources"
          
  passwordRequirements:
    type: object
    properties:
      length:
        type: integer
      requireCapital:
        type: boolean
      requireNumeric:
        type: boolean
      requireSpecial:
        type: boolean
      validSpecialCharacters:
        type: string

  principal:
    type: object
    properties:
      id:
        type: integer
      email:
        type: string
      token:
        type: string
      limitless:
        type: boolean
      admin:
        type: boolean

  publicFrontend:
    type: object
    properties:
      token:
        type: string
      zId:
        type: string
      urlTemplate:
        type: string
      publicName:
        type: string
      createdAt:
        type: integer
      updatedAt:
        type: integer

  publicFrontendList:
    type: array
    items:
      $ref: "#/definitions/publicFrontend"

  registerRequest:
    type: object
    properties:
      token:
        type: string
      password:
        type: string

  registerResponse:
    type: object
    properties:
      token:
        type: string

  resetPasswordRequest:
    type: object
    properties:
      token:
        type: string
      password:
        type: string

  share:
    type: object
    properties:
      token:
        type: string
      zId:
        type: string
      shareMode:
        type: string
      backendMode:
        type: string
      frontendSelection:
        type: string
      frontendEndpoint:
        type: string
      backendProxyEndpoint:
        type: string
      reserved:
        type: boolean
      activity:
        $ref: "#/definitions/sparkData"
      limited:
        type: boolean
      createdAt:
        type: integer
      updatedAt:
        type: integer

  shares:
    type: array
    items:
      $ref: "#/definitions/share"

  shareRequest:
    type: object
    properties:
      envZId:
        type: string
      shareMode:
        type: string
        enum: ["public", "private"]
      frontendSelection:
        type: array
        items:
          type: string
      backendMode:
        type: string
        enum: ["proxy", "web", "tcpTunnel", "udpTunnel", "caddy", "drive", "socks", "vpn"]
      backendProxyEndpoint:
        type: string
      authScheme:
        type: string
      authUsers:
        type: array
        items:
          $ref: "#/definitions/authUser"
      oauthProvider:
        type: string
        enum: ["github", "google"]
      oauthEmailDomains:
        type: array
        items:
          type: string
      oauthAuthorizationCheckInterval:
        type: string
      reserved:
        type: boolean
      permissionMode:
        type: string
        enum: ["open", "closed"]
      accessGrants:
        type: array
        items:
          type: string
      uniqueName:
        type: string

  shareResponse:
    type: object
    properties:
      frontendProxyEndpoints:
        type: array
        items:
          type: string
      shrToken:
        type: string

  sparkData:
    type: array
    items:
      $ref: "#/definitions/sparkDataSample"

  sparkDataSample:
    type: object
    properties:
      rx:
        type: number
      tx:
        type: number

  unaccessRequest:
    type: object
    properties:
      frontendToken:
        type: string
      envZId:
        type: string
      shrToken:
        type: string

  unshareRequest:
    type: object
    properties:
      envZId:
        type: string
      shrToken:
        type: string
      reserved:
        type: boolean

  updateFrontendRequest:
    type: object
    properties:
      frontendToken:
        type: string
      publicName:
        type: string
      urlTemplate:
        type: string

  updateShareRequest:
    type: object
    properties:
      shrToken:
        type: string
      backendProxyEndpoint:
        type: string
      addAccessGrants:
        type: array
        items:
          type: string
      removeAccessGrants:
        type: array
        items:
          type: string

  verifyRequest:
    type: object
    properties:
      token:
        type: string
  verifyResponse:
    type: object
    properties:
      email:
        type: string

  version:
    type: string

produces:
- application/zrok.v1+json
consumes:
- application/zrok.v1+json
schemes:
- http
swagger: "2.0"