mirror/FileRise
1
0
Fork 0
mirror of https://github.com/error311/FileRise.git synced 2026-05-16 17:09:43 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
1ee8306deb12208904e88696af7fbf6fcc2ea738
FileRise/openapi.json.dist
T
Ryan b0fde45a36 release(v3.0.0): storage adapter seam + source-aware core (Sources-ready) 
- Display file size for items thumbnail view (closes #85)
- add StorageAdapterInterface + LocalFsAdapter and StorageFactory/StorageRegistry
- introduce SourceContext (active source, per-source upload/meta/trash roots, read-only gating)
- make core file/folder ops source-aware (uploads, downloads, shares, trash, portals, OnlyOffice)
- add cross-source copy/move for files + folders with guardrails and audit logging
- add source selector UI + visible-sources API and propagate sourceId through UI flows
- add minimizable transfer progress UI and toast severity styling
- add Pro API-level gating + bundle installer refactor + one-click Pro bundle download/install
2026-01-11 22:22:59 -05:00

6663 lines
247 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"openapi": "3.0.0",
"info": {
"title": "FileRise API",
"version": "3.0.0"
},
"servers": [
{
"url": "/",
"description": "Same-origin server"
}
],
"paths": {
"/api/addUser.php": {
"post": {
"tags": [
"Users"
],
"summary": "Add a new user",
"description": "Adds a new user to the system. In setup mode (setup=1 with no users), auth/CSRF is not required and the new user is automatically made admin.",
"operationId": "addUser",
"parameters": [
{
"name": "setup",
"in": "query",
"description": "Use setup=1 to enable first-run bootstrap",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "X-CSRF-Token",
"in": "header",
"description": "Required outside setup mode",
"required": false,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"username",
"password"
],
"properties": {
"username": {
"type": "string",
"example": "johndoe"
},
"password": {
"type": "string",
"example": "securepassword"
},
"isAdmin": {
"type": "boolean",
"example": true
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "User added successfully",
"content": {
"application/json": {
"schema": {
"properties": {
"success": {
"type": "string",
"example": "User added successfully"
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"405": {
"description": "Method not allowed"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/acl/getGrants.php": {
"get": {
"tags": [
"Admin"
],
"summary": "Get ACL grants for a user",
"description": "Returns explicit and inherited folder grants for a user.",
"operationId": "adminGetAclGrants",
"parameters": [
{
"name": "user",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "johndoe"
},
{
"name": "sourceId",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "local"
}
],
"responses": {
"200": {
"description": "Grants map",
"content": {
"application/json": {
"schema": {
"properties": {
"grants": {
"type": "object"
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Invalid user"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/acl/saveGrants.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Save ACL grants",
"description": "Saves per-folder ACL grants for one user or a batch of users.",
"operationId": "adminSaveAclGrants",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"required": [
"user",
"grants"
],
"properties": {
"user": {
"type": "string",
"example": "johndoe"
},
"sourceId": {
"type": "string",
"example": "local"
},
"grants": {
"description": "Map of folder -> capabilities",
"type": "object"
}
},
"type": "object"
},
{
"required": [
"changes"
],
"properties": {
"sourceId": {
"type": "string",
"example": "local"
},
"changes": {
"type": "array",
"items": {
"required": [
"user",
"grants"
],
"properties": {
"user": {
"type": "string",
"example": "johndoe"
},
"grants": {
"type": "object"
}
},
"type": "object"
}
}
},
"type": "object"
}
]
}
}
}
},
"responses": {
"200": {
"description": "Save result (model-defined JSON)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Invalid CSRF token"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/changeUserPassword.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Admin reset user password",
"description": "Resets a user's password (admin only).",
"operationId": "adminChangeUserPassword",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"username",
"newPassword"
],
"properties": {
"username": {
"type": "string",
"example": "johndoe"
},
"newPassword": {
"type": "string",
"example": "newpass123"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Password updated"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
},
"422": {
"description": "Validation error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/clamavTest.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Run ClamAV connectivity test",
"description": "Runs a test scan of a temporary file and returns engine info.",
"operationId": "adminClamavTest",
"responses": {
"200": {
"description": "Test result",
"content": {
"application/json": {
"schema": {
"properties": {
"success": {
"type": "boolean"
},
"command": {
"type": "string"
},
"engine": {
"type": "string",
"nullable": true
},
"details": {
"type": "string"
},
"error": {
"type": "string"
}
},
"type": "object"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/diskUsageDeleteSnapshot.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Delete disk usage snapshot",
"description": "Deletes the cached disk usage snapshot file.",
"operationId": "adminDiskUsageDeleteSnapshot",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": false,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": false,
"content": {
"application/json": {
"schema": {
"properties": {
"sourceId": {
"type": "string",
"example": "local"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Snapshot deleted"
},
"400": {
"description": "CSRF mismatch"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/diskUsageSummary.php": {
"get": {
"tags": [
"Admin"
],
"summary": "Get disk usage snapshot summary",
"description": "Returns snapshot summary and optional scan log tail.",
"operationId": "adminDiskUsageSummary",
"parameters": [
{
"name": "topFolders",
"in": "query",
"required": false,
"schema": {
"type": "integer",
"minimum": 1
},
"example": 5
},
{
"name": "topFiles",
"in": "query",
"required": false,
"schema": {
"type": "integer",
"minimum": 0
},
"example": 0
},
{
"name": "sourceId",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Summary payload"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Snapshot not found"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/diskUsageTriggerScan.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Trigger disk usage scan",
"description": "Starts a background disk usage scan to build a new snapshot.",
"operationId": "adminDiskUsageTriggerScan",
"requestBody": {
"required": false,
"content": {
"application/json": {
"schema": {
"properties": {
"sourceId": {
"type": "string",
"example": "local"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Scan started"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/downloadProBundle.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Download and install latest Pro bundle",
"description": "Downloads the latest FileRise Pro bundle from filerise.net and installs it.",
"operationId": "adminDownloadProBundle",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Install result"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
},
"413": {
"description": "Bundle too large"
},
"502": {
"description": "Remote download failed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/getConfig.php": {
"get": {
"tags": [
"Admin"
],
"summary": "Get UI configuration",
"description": "Returns a public subset for everyone; authenticated admins receive additional loginOptions fields.",
"operationId": "getAdminConfig",
"responses": {
"200": {
"description": "Configuration loaded",
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/AdminGetConfigPublic"
},
{
"$ref": "#/components/schemas/AdminGetConfigAdmin"
}
]
}
}
}
},
"500": {
"description": "Server error"
}
}
}
},
"/api/admin/installProBundle.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Install Pro bundle",
"description": "Uploads and installs a FileRise Pro bundle zip.",
"operationId": "adminInstallProBundle",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"multipart/form-data": {
"schema": {
"required": [
"bundle"
],
"properties": {
"bundle": {
"type": "string",
"format": "binary"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Install result"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
},
"413": {
"description": "Bundle too large"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/oidcDebugInfo.php": {
"get": {
"tags": [
"Admin"
],
"summary": "Get OIDC debug info",
"description": "Returns OIDC diagnostics for admins.",
"operationId": "adminOidcDebugInfo",
"responses": {
"200": {
"description": "Debug info"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/oidcTest.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Test OIDC discovery",
"description": "Fetches the discovery document for a provider URL.",
"operationId": "adminOidcTest",
"requestBody": {
"required": false,
"content": {
"application/json": {
"schema": {
"properties": {
"providerUrl": {
"type": "string",
"example": "https://issuer.example.com"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Discovery result"
},
"500": {
"description": "Server error"
}
}
}
},
"/api/admin/readMetadata.php": {
"get": {
"tags": [
"Admin"
],
"summary": "Read share metadata JSON",
"description": "Admin-only: returns the cleaned metadata for file or folder share links.",
"operationId": "readMetadata",
"parameters": [
{
"name": "file",
"in": "query",
"description": "Which metadata file to read",
"required": true,
"schema": {
"type": "string",
"enum": [
"share_links.json",
"share_folder_links.json"
]
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/ShareLinksMap"
},
{
"$ref": "#/components/schemas/ShareFolderLinksMap"
}
]
}
}
}
},
"400": {
"description": "Missing or invalid file param"
},
"403": {
"description": "Forbidden (admin only)"
},
"500": {
"description": "Corrupted JSON"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/setEncryptionKey.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Configure encryption master key",
"description": "Generates or clears the encryption master key file.",
"operationId": "adminSetEncryptionKey",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"action"
],
"properties": {
"action": {
"type": "string",
"enum": [
"generate",
"clear"
]
},
"force": {
"type": "boolean",
"example": false
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Operation result"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"409": {
"description": "Conflict"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/setLicense.php": {
"post": {
"tags": [
"Admin"
],
"summary": "Set Pro license key",
"description": "Stores the FileRise Pro license key.",
"operationId": "adminSetLicense",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"license"
],
"properties": {
"license": {
"type": "string",
"example": "FRPRO-XXXX-XXXX"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "License stored"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/admin/updateConfig.php": {
"put": {
"tags": [
"Admin"
],
"summary": "Update admin configuration",
"description": "Merges the provided settings into the on-disk configuration and persists them. Requires an authenticated admin session and a valid CSRF token. When OIDC is enabled (disableOIDCLogin=false), `providerUrl`, `redirectUri`, and `clientId` are required and must be HTTPS (HTTP allowed only for localhost).",
"operationId": "updateAdminConfig",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AdminUpdateConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Configuration updated",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SimpleSuccess"
}
}
}
},
"400": {
"description": "Validation error (e.g., bad authHeaderName, missing OIDC fields when enabled, or negative upload limit)",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SimpleError"
}
}
}
},
"403": {
"description": "Unauthorized access or invalid CSRF token",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SimpleError"
}
}
}
},
"500": {
"description": "Server error while loading or saving configuration",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SimpleError"
}
}
}
}
},
"security": [
{
"cookieAuth": [],
"CsrfHeader": []
}
]
}
},
"/api/admin/virusLog.php": {
"get": {
"tags": [
"Admin"
],
"summary": "Fetch virus detections log",
"description": "Returns virus detections as JSON or CSV (Pro only).",
"operationId": "adminVirusLog",
"parameters": [
{
"name": "limit",
"in": "query",
"required": false,
"schema": {
"type": "integer",
"minimum": 1
},
"example": 200
},
{
"name": "format",
"in": "query",
"required": false,
"schema": {
"type": "string",
"enum": [
"json",
"csv"
]
},
"example": "json"
}
],
"responses": {
"200": {
"description": "Log entries or CSV"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden or Pro required"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/auth/auth.php": {
"post": {
"tags": [
"Auth"
],
"summary": "Authenticate user",
"description": "Handles user authentication via OIDC or form-based credentials. For OIDC flows, processes callbacks; otherwise, performs standard authentication with optional TOTP verification.",
"operationId": "authUser",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"username",
"password"
],
"properties": {
"username": {
"type": "string",
"example": "johndoe"
},
"password": {
"type": "string",
"example": "secretpassword"
},
"remember_me": {
"type": "boolean",
"example": true
},
"totp_code": {
"type": "string",
"example": "123456"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Login successful; returns user info and status",
"content": {
"application/json": {
"schema": {
"properties": {
"status": {
"type": "string",
"example": "ok"
},
"success": {
"type": "string",
"example": "Login successful"
},
"username": {
"type": "string",
"example": "johndoe"
},
"isAdmin": {
"type": "boolean",
"example": true
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Bad Request (e.g., missing credentials)"
},
"401": {
"description": "Unauthorized (e.g., invalid credentials, too many attempts)"
},
"429": {
"description": "Too many failed login attempts"
}
}
}
},
"/api/auth/checkAuth.php": {
"get": {
"tags": [
"Auth"
],
"summary": "Check authentication status",
"operationId": "checkAuth",
"responses": {
"200": {
"description": "Authenticated status or setup flag",
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"properties": {
"authenticated": {
"type": "boolean",
"example": true
},
"isAdmin": {
"type": "boolean",
"example": true
},
"totp_enabled": {
"type": "boolean",
"example": false
},
"username": {
"type": "string",
"example": "johndoe"
},
"folderOnly": {
"type": "boolean",
"example": false
}
},
"type": "object"
},
{
"properties": {
"setup": {
"type": "boolean",
"example": true
}
},
"type": "object"
}
]
}
}
}
}
}
}
},
"/api/auth/login_basic.php": {
"get": {
"tags": [
"Auth"
],
"summary": "Authenticate using HTTP Basic Authentication",
"description": "Performs HTTP Basic authentication. If credentials are missing, sends a 401 response prompting for Basic auth. On valid credentials, optionally handles TOTP verification and finalizes session login.",
"operationId": "loginBasic",
"responses": {
"200": {
"description": "Login successful; redirects to index.html",
"content": {
"application/json": {
"schema": {
"properties": {
"success": {
"type": "string",
"example": "Login successful"
}
},
"type": "object"
}
}
}
},
"401": {
"description": "Unauthorized due to missing credentials or invalid credentials."
},
"429": {
"description": "Too many failed login attempts."
}
}
}
},
"/api/auth/logout.php": {
"post": {
"tags": [
"Auth"
],
"summary": "Logout user",
"description": "Clears the session, removes persistent login tokens, and redirects the user to the login page.",
"operationId": "logoutUser",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"302": {
"description": "Redirects to the login page with a logout flag."
},
"401": {
"description": "Unauthorized"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/auth/token.php": {
"get": {
"tags": [
"Auth"
],
"summary": "Retrieve CSRF token and share URL",
"description": "Returns the current CSRF token along with the configured share URL.",
"operationId": "getToken",
"responses": {
"200": {
"description": "CSRF token and share URL",
"content": {
"application/json": {
"schema": {
"properties": {
"csrf_token": {
"type": "string",
"example": "0123456789abcdef..."
},
"share_url": {
"type": "string",
"example": "https://yourdomain.com/share.php"
}
},
"type": "object"
}
}
}
}
}
}
},
"/api/changePassword.php": {
"post": {
"tags": [
"Users"
],
"summary": "Change user password",
"description": "Allows an authenticated user to change their password by verifying the old password and updating to a new one.",
"operationId": "changePassword",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"oldPassword",
"newPassword",
"confirmPassword"
],
"properties": {
"oldPassword": {
"type": "string",
"example": "oldpass123"
},
"newPassword": {
"type": "string",
"example": "newpass456"
},
"confirmPassword": {
"type": "string",
"example": "newpass456"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Password updated successfully",
"content": {
"application/json": {
"schema": {
"properties": {
"success": {
"type": "string",
"example": "Password updated successfully."
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Invalid CSRF token"
},
"405": {
"description": "Method not allowed"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/copyFiles.php": {
"post": {
"tags": [
"Files"
],
"summary": "Copy files between folders",
"description": "Requires read access on source and write access on destination. Enforces folder scope and ownership.",
"operationId": "copyFiles",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"description": "CSRF token from the current session",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"source",
"destination",
"files"
],
"properties": {
"source": {
"type": "string",
"example": "root"
},
"destination": {
"type": "string",
"example": "userA/projects"
},
"files": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"report.pdf",
"notes.txt"
]
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Copy result (model-defined)"
},
"400": {
"description": "Invalid request or folder name"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/createFile.php": {
"post": {
"tags": [
"Files"
],
"summary": "Create an empty file",
"description": "Requires write access on the target folder. Enforces folder-only scope.",
"operationId": "createFile",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"name"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"name": {
"type": "string",
"example": "new.txt"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Creation result (model-defined)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/createShareLink.php": {
"post": {
"tags": [
"Shares"
],
"summary": "Create a share link for a file",
"description": "Requires share permission on the folder. Non-admins must own the file unless bypassOwnership.",
"operationId": "createShareLink",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"file"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"file": {
"type": "string",
"example": "invoice.pdf"
},
"expirationValue": {
"type": "integer",
"example": 60
},
"expirationUnit": {
"type": "string",
"enum": [
"seconds",
"minutes",
"hours",
"days"
],
"example": "minutes"
},
"password": {
"type": "string",
"example": ""
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Share link created",
"content": {
"application/json": {
"schema": {
"properties": {
"token": {
"type": "string",
"example": "abc123"
},
"url": {
"type": "string",
"example": "/api/file/share.php?token=abc123"
},
"expires": {
"type": "integer",
"example": 1700000000
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/deleteFiles.php": {
"post": {
"tags": [
"Files"
],
"summary": "Delete files to Trash",
"description": "Requires write access on the folder and (for non-admins) ownership of the files.",
"operationId": "deleteFiles",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"files"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"files": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"old.docx",
"draft.md"
]
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Delete result (model-defined)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/deleteShareLink.php": {
"post": {
"tags": [
"Shares"
],
"summary": "Delete a share link by token",
"description": "Deletes a share token. NOTE: Current implementation does not require authentication.",
"operationId": "deleteShareLink",
"requestBody": {
"required": true,
"content": {
"application/x-www-form-urlencoded": {
"schema": {
"required": [
"token"
],
"properties": {
"token": {
"type": "string",
"example": "abc123"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Deletion result (success or not found)"
}
}
}
},
"/api/file/deleteTrashFiles.php": {
"post": {
"tags": [
"Trash"
],
"summary": "Permanently delete Trash items (admin only)",
"operationId": "deleteTrashFiles",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"required": [
"deleteAll"
],
"properties": {
"deleteAll": {
"type": "boolean",
"example": true
}
},
"type": "object"
},
{
"required": [
"files"
],
"properties": {
"files": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"trash/abc",
"trash/def"
]
}
},
"type": "object"
}
]
}
}
}
},
"responses": {
"200": {
"description": "Deletion result (model-defined)"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Admin only"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/download.php": {
"get": {
"tags": [
"Files"
],
"summary": "Download a file",
"description": "Requires view access (or own-only with ownership). Streams the file with appropriate Content-Type.",
"operationId": "downloadFile",
"parameters": [
{
"name": "folder",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "root"
},
{
"name": "file",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "photo.jpg"
}
],
"responses": {
"200": {
"description": "Binary file",
"content": {
"application/octet-stream": {
"schema": {
"type": "string",
"format": "binary"
}
}
}
},
"400": {
"description": "Invalid folder/file"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not found"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/downloadZip.php": {
"post": {
"tags": [
"Files"
],
"summary": "Download multiple files as a ZIP",
"description": "Requires view access (or own-only with ownership). May be gated by account flag.",
"operationId": "downloadZip",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"files"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"files": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"a.jpg",
"b.png"
]
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "ZIP archive",
"content": {
"application/zip": {
"schema": {
"type": "string",
"format": "binary"
}
}
}
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/downloadZipFile.php": {
"get": {
"tags": [
"Files"
],
"summary": "Download a finished ZIP by token",
"description": "Streams the zip once; token is one-shot.",
"operationId": "downloadZipFile",
"parameters": [
{
"name": "k",
"in": "query",
"description": "Job token",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "name",
"in": "query",
"description": "Suggested filename",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "ZIP stream"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not found"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/extractZip.php": {
"post": {
"tags": [
"Files"
],
"summary": "Extract ZIP file(s) into a folder",
"description": "Requires write access on the target folder.",
"operationId": "extractZip",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"files"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"files": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"archive.zip"
]
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Extraction result (model-defined)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/getFileList.php": {
"get": {
"tags": [
"Files"
],
"summary": "List files in a folder",
"description": "Requires view access (full) or read_own (own-only results).",
"operationId": "getFileList",
"parameters": [
{
"name": "folder",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "root"
},
{
"name": "sourceId",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "local"
}
],
"responses": {
"200": {
"description": "Listing result (model-defined JSON)"
},
"400": {
"description": "Invalid folder"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/getFileTag.php": {
"get": {
"tags": [
"Tags"
],
"summary": "Get global file tags",
"description": "Returns tag metadata (no auth in current implementation).",
"operationId": "getFileTag",
"responses": {
"200": {
"description": "Tags map (model-defined JSON)"
}
}
}
},
"/api/file/getShareLinks.php": {
"get": {
"tags": [
"Shares"
],
"summary": "Get (raw) share links file",
"description": "Returns the full share links JSON (no auth in current implementation).",
"operationId": "getShareLinks",
"responses": {
"200": {
"description": "Share links (model-defined JSON)"
}
}
}
},
"/api/file/getTrashItems.php": {
"get": {
"tags": [
"Trash"
],
"summary": "List items in Trash (admin only)",
"operationId": "getTrashItems",
"responses": {
"200": {
"description": "Trash contents (model-defined JSON)"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Admin only"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/moveFiles.php": {
"post": {
"tags": [
"Files"
],
"operationId": "moveFiles",
"requestBody": {
"$ref": "#/components/requestBodies/MoveFilesRequest"
},
"responses": {
"200": {
"description": "Moved"
},
"400": {
"description": "Bad Request"
},
"401": {
"$ref": "#/components/responses/Unauthorized"
},
"403": {
"$ref": "#/components/responses/Forbidden"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/renameFile.php": {
"put": {
"tags": [
"Files"
],
"summary": "Rename a file",
"description": "Requires write access; non-admins must own the file.",
"operationId": "renameFile",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"oldName",
"newName"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"oldName": {
"type": "string",
"example": "old.pdf"
},
"newName": {
"type": "string",
"example": "new.pdf"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Rename result (model-defined)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/restoreFiles.php": {
"post": {
"tags": [
"Trash"
],
"summary": "Restore files from Trash (admin only)",
"operationId": "restoreFiles",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"files"
],
"properties": {
"files": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"trash/12345.json"
]
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Restore result (model-defined)"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Admin only"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/saveFile.php": {
"put": {
"tags": [
"Files"
],
"summary": "Create or overwrite a files content",
"description": "Requires write access. Overwrite enforces ownership for non-admins. Certain executable extensions are denied.",
"operationId": "saveFile",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"fileName",
"content"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"fileName": {
"type": "string",
"example": "readme.txt"
},
"content": {
"type": "string",
"example": "Hello world"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Save result (model-defined)"
},
"400": {
"description": "Invalid input or disallowed extension"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/saveFileTag.php": {
"post": {
"tags": [
"Tags"
],
"summary": "Save tags for a file (or delete one)",
"description": "Requires write access and (for non-admins) ownership when modifying.",
"operationId": "saveFileTag",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"file"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"file": {
"type": "string",
"example": "doc.md"
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"work",
"urgent"
]
},
"deleteGlobal": {
"type": "boolean",
"example": false
},
"tagToDelete": {
"type": "string",
"example": null,
"nullable": true
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Save result (model-defined)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/share.php": {
"get": {
"tags": [
"Shares"
],
"summary": "Download a shared file",
"description": "Returns a shared file stream. If a password is required, an HTML prompt is returned.",
"operationId": "shareFileDownload",
"parameters": [
{
"name": "token",
"in": "query",
"description": "Share token",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "pass",
"in": "query",
"description": "Share password",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "File stream or password prompt",
"content": {
"application/octet-stream": {},
"text/html": {}
}
},
"400": {
"description": "Missing/invalid token"
},
"403": {
"description": "Forbidden or expired"
},
"404": {
"description": "Not found"
}
}
}
},
"/api/file/snippet.php": {
"get": {
"tags": [
"Files"
],
"summary": "Get a small text snippet from a file for hover previews",
"description": "Returns a short UTF-8 text snippet from supported file types (txt, md, csv, code, DOCX, XLSX, PPTX, etc.) for use in quick previews.",
"operationId": "getFileSnippet",
"parameters": [
{
"name": "folder",
"in": "query",
"description": "Logical folder path (e.g. root, clients/acme)",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "file",
"in": "query",
"description": "File name",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Snippet JSON",
"content": {
"application/json": {
"schema": {
"properties": {
"snippet": {
"type": "string"
},
"truncated": {
"type": "boolean"
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Missing/invalid input"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "File not found"
},
"500": {
"description": "Internal error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/file/zipStatus.php": {
"get": {
"tags": [
"Files"
],
"summary": "Check status of a background ZIP build",
"description": "Returns status for the authenticated user's token.",
"operationId": "zipStatus",
"parameters": [
{
"name": "k",
"in": "query",
"description": "Job token",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Status payload"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not found"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/capabilities.php": {
"get": {
"tags": [
"Folders"
],
"summary": "Get folder capabilities",
"description": "Returns effective permissions and capability flags for a folder.",
"operationId": "getFolderCapabilities",
"parameters": [
{
"name": "folder",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "root"
},
{
"name": "sourceId",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "local"
}
],
"responses": {
"200": {
"description": "Capabilities payload"
},
"401": {
"description": "Unauthorized"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/createFolder.php": {
"post": {
"tags": [
"Folders"
],
"summary": "Create a new folder",
"description": "Requires authentication, CSRF token, and write access to the parent folder. Seeds ACL owner.",
"operationId": "createFolder",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"description": "CSRF token from the current session",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folderName"
],
"properties": {
"folderName": {
"type": "string",
"example": "reports"
},
"parent": {
"description": "Parent folder (default root)",
"type": "string",
"example": "root",
"nullable": true
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Creation result (model-defined JSON)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/createShareFolderLink.php": {
"post": {
"tags": [
"Shared Folders"
],
"summary": "Create a share link for a folder",
"description": "Requires authentication, CSRF token, and share permission. Non-admins must own the folder (unless bypass) and cannot share root.",
"operationId": "createShareFolderLink",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder"
],
"properties": {
"folder": {
"type": "string",
"example": "team/reports"
},
"expirationValue": {
"type": "integer",
"example": 60
},
"expirationUnit": {
"type": "string",
"enum": [
"seconds",
"minutes",
"hours",
"days"
],
"example": "minutes"
},
"password": {
"type": "string",
"example": ""
},
"allowUpload": {
"type": "integer",
"enum": [
0,
1
],
"example": 0
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Share folder link created",
"content": {
"application/json": {
"schema": {
"properties": {
"token": {
"type": "string",
"example": "sf_abc123"
},
"url": {
"type": "string",
"example": "/api/folder/shareFolder.php?token=sf_abc123"
},
"expires": {
"type": "integer",
"example": 1700000000
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/deleteFolder.php": {
"post": {
"tags": [
"Folders"
],
"summary": "Delete a folder",
"description": "Requires authentication, CSRF token, write scope, and (for non-admins) folder ownership.",
"operationId": "deleteFolder",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder"
],
"properties": {
"folder": {
"type": "string",
"example": "userA/reports"
},
"sourceId": {
"type": "string",
"example": "local"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Deletion result (model-defined JSON)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/deleteShareFolderLink.php": {
"post": {
"tags": [
"Shared Folders",
"Admin"
],
"summary": "Delete a shared-folder link by token (admin only)",
"description": "Requires authentication, CSRF token, and admin privileges.",
"operationId": "deleteShareFolderLink",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"token"
],
"properties": {
"token": {
"type": "string",
"example": "sf_abc123"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Deleted"
},
"400": {
"description": "No token provided"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Admin only"
},
"404": {
"description": "Not found"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/downloadSharedFile.php": {
"get": {
"tags": [
"Shared Folders"
],
"summary": "Download a file from a shared folder (by token)",
"description": "Public endpoint; validates token and file name, then streams the file.",
"operationId": "downloadSharedFile",
"parameters": [
{
"name": "token",
"in": "query",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "file",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "report.pdf"
}
],
"responses": {
"200": {
"description": "Binary file",
"content": {
"application/octet-stream": {
"schema": {
"type": "string",
"format": "binary"
}
}
}
},
"400": {
"description": "Invalid input"
},
"404": {
"description": "Not found"
}
}
}
},
"/api/folder/encryptionJobStart.php": {
"post": {
"tags": [
"Folders"
],
"summary": "Start folder encryption/decryption job",
"description": "Queues an encryption or decryption job for a folder.",
"operationId": "startFolderEncryptionJob",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"mode"
],
"properties": {
"folder": {
"type": "string",
"example": "team/reports"
},
"mode": {
"type": "string",
"enum": [
"encrypt",
"decrypt"
]
},
"totalFiles": {
"type": "integer",
"example": 0
},
"totalBytes": {
"type": "integer",
"example": 0
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Job started"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
},
"409": {
"description": "Conflict"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/encryptionJobStatus.php": {
"get": {
"tags": [
"Folders"
],
"summary": "Get folder encryption job status",
"operationId": "getFolderEncryptionJobStatus",
"parameters": [
{
"name": "jobId",
"in": "query",
"description": "Job id",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Job status"
},
"400": {
"description": "Invalid job id"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Job not found"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/encryptionJobTick.php": {
"post": {
"tags": [
"Folders"
],
"summary": "Process encryption job tick",
"description": "Processes a small batch for an active encryption/decryption job.",
"operationId": "tickFolderEncryptionJob",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"jobId"
],
"properties": {
"jobId": {
"type": "string",
"example": "a1b2c3d4e5f6"
},
"maxFiles": {
"type": "integer",
"example": 2
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Tick result"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Job not found"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/encryptionPlan.php": {
"get": {
"tags": [
"Folders"
],
"summary": "Plan folder encryption/decryption",
"description": "Scans a folder to estimate file/byte counts for encryption jobs.",
"operationId": "planFolderEncryption",
"parameters": [
{
"name": "folder",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "root"
},
{
"name": "mode",
"in": "query",
"required": false,
"schema": {
"type": "string",
"enum": [
"encrypt",
"decrypt"
]
},
"example": "encrypt"
}
],
"responses": {
"200": {
"description": "Plan result"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"409": {
"description": "Conflict"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/getFolderColors.php": {
"get": {
"tags": [
"Folders"
],
"summary": "Get folder color map",
"operationId": "getFolderColors",
"responses": {
"200": {
"description": "Folder color map"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/getFolderEncryption.php": {
"get": {
"tags": [
"Folders"
],
"summary": "Get folder encryption capabilities",
"operationId": "getFolderEncryption",
"parameters": [
{
"name": "folder",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "root"
}
],
"responses": {
"200": {
"description": "Encryption capability payload"
},
"401": {
"description": "Unauthorized"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/getFolderList.php": {
"get": {
"tags": [
"Folders"
],
"summary": "List folders (optionally under a parent)",
"description": "Requires authentication. Non-admins see folders for which they have full view or own-only access.",
"operationId": "getFolderList",
"parameters": [
{
"name": "folder",
"in": "query",
"description": "Parent folder to include and descend (default all); use 'root' for top-level",
"required": false,
"schema": {
"type": "string"
},
"example": "root"
},
{
"name": "sourceId",
"in": "query",
"description": "Optional source id (admin can target disabled sources)",
"required": false,
"schema": {
"type": "string"
},
"example": "local"
}
],
"responses": {
"200": {
"description": "List of folders",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"properties": {
"folder": {
"type": "string",
"example": "team/reports"
},
"fileCount": {
"type": "integer",
"example": 12
},
"metadataFile": {
"type": "string",
"example": "/path/to/meta.json"
}
},
"type": "object"
}
}
}
}
},
"400": {
"description": "Invalid folder"
},
"401": {
"description": "Unauthorized"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/getShareFolderLinks.php": {
"get": {
"tags": [
"Shared Folders",
"Admin"
],
"summary": "List active shared-folder links (admin only)",
"description": "Returns all non-expired shared-folder links. Admin-only.",
"operationId": "getShareFolderLinks",
"responses": {
"200": {
"description": "Active share-folder links (model-defined JSON)"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Admin only"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/isEmpty.php": {
"get": {
"tags": [
"Folders"
],
"summary": "Check if folder is empty",
"description": "ACL-aware check used for folder tree icons.",
"operationId": "folderIsEmpty",
"parameters": [
{
"name": "folder",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "root"
},
{
"name": "sourceId",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "local"
},
{
"name": "deep",
"in": "query",
"description": "When 1, return recursive totals.",
"required": false,
"schema": {
"type": "integer"
},
"example": 1
},
{
"name": "depth",
"in": "query",
"description": "Max recursive depth when deep=1 (0 = unlimited).",
"required": false,
"schema": {
"type": "integer"
},
"example": 2
}
],
"responses": {
"200": {
"description": "Stats payload"
},
"401": {
"description": "Unauthorized"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/listChildren.php": {
"get": {
"tags": [
"Folders"
],
"summary": "List folder children",
"description": "Returns a paged list of child folders for tree navigation.",
"operationId": "listFolderChildren",
"parameters": [
{
"name": "folder",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "root"
},
{
"name": "limit",
"in": "query",
"required": false,
"schema": {
"type": "integer",
"maximum": 2000,
"minimum": 1
},
"example": 500
},
{
"name": "cursor",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Child list payload"
},
"401": {
"description": "Unauthorized"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/moveFolder.php": {
"post": {
"tags": [
"Folders"
],
"summary": "Move or copy a folder",
"description": "Moves (default) or copies a folder into a destination folder.",
"operationId": "moveFolder",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"source",
"destination"
],
"properties": {
"source": {
"type": "string",
"example": "team/q1"
},
"destination": {
"type": "string",
"example": "archive"
},
"mode": {
"type": "string",
"example": "move"
},
"sourceId": {
"type": "string",
"example": "local"
},
"destSourceId": {
"type": "string",
"example": "s3-main"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Move result (model-defined JSON)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/renameFolder.php": {
"post": {
"tags": [
"Folders"
],
"summary": "Rename or move a folder",
"description": "Requires authentication, CSRF token, scope checks on old and new paths, and (for non-admins) ownership of the source folder.",
"operationId": "renameFolder",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"oldFolder",
"newFolder"
],
"properties": {
"oldFolder": {
"type": "string",
"example": "team/q1"
},
"newFolder": {
"type": "string",
"example": "team/quarter-1"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Rename result (model-defined JSON)"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/saveFolderColor.php": {
"post": {
"tags": [
"Folders"
],
"summary": "Save folder color",
"description": "Sets or clears a custom folder color.",
"operationId": "saveFolderColor",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder"
],
"properties": {
"folder": {
"type": "string",
"example": "team/reports"
},
"color": {
"description": "Empty string clears",
"type": "string",
"example": "#ff9900",
"nullable": true
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Save result"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/setFolderEncryption.php": {
"post": {
"tags": [
"Folders"
],
"summary": "Set folder encryption state",
"description": "Enables or disables folder encryption (v1 compatibility).",
"operationId": "setFolderEncryption",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"encrypted"
],
"properties": {
"folder": {
"type": "string",
"example": "team/reports"
},
"encrypted": {
"type": "boolean",
"example": true
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Update result"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Folder not found"
},
"409": {
"description": "Conflict"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/folder/shareFolder.php": {
"get": {
"tags": [
"Shared Folders"
],
"summary": "Open a shared folder by token (HTML UI)",
"description": "If the share is password-protected and no password is supplied, an HTML password form is returned. Otherwise renders an HTML listing with optional upload form.",
"operationId": "shareFolder",
"parameters": [
{
"name": "token",
"in": "query",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "pass",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "page",
"in": "query",
"required": false,
"schema": {
"type": "integer",
"minimum": 1
},
"example": 1
}
],
"responses": {
"200": {
"description": "HTML page (password form or folder listing)",
"content": {
"text/html": {}
}
},
"400": {
"description": "Missing/invalid token"
},
"403": {
"description": "Forbidden or wrong password"
}
}
}
},
"/api/folder/uploadToSharedFolder.php": {
"post": {
"tags": [
"Shared Folders"
],
"summary": "Upload a file into a shared folder (by token)",
"description": "Public form-upload endpoint. Only allowed when the share link has uploads enabled. On success responds with a redirect to the share page.",
"operationId": "uploadToSharedFolder",
"requestBody": {
"required": true,
"content": {
"multipart/form-data": {
"schema": {
"required": [
"token",
"fileToUpload"
],
"properties": {
"token": {
"description": "Share token",
"type": "string"
},
"fileToUpload": {
"description": "File to upload",
"type": "string",
"format": "binary"
}
},
"type": "object"
}
}
}
},
"responses": {
"302": {
"description": "Redirect to /api/folder/shareFolder.php?token=..."
},
"400": {
"description": "Upload error or invalid input"
},
"405": {
"description": "Method not allowed"
}
}
}
},
"/api/getUserPermissions.php": {
"get": {
"tags": [
"Users"
],
"summary": "Retrieve user permissions",
"description": "Returns the permissions for the current user, or all permissions if the user is an admin.",
"operationId": "getUserPermissions",
"responses": {
"200": {
"description": "Successful response with user permissions",
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"401": {
"description": "Unauthorized"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/getUsers.php": {
"get": {
"tags": [
"Users"
],
"summary": "Retrieve a list of users",
"description": "Returns a JSON array of users. Only available to authenticated admin users.",
"operationId": "getUsers",
"responses": {
"200": {
"description": "Successful response with an array of users",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"properties": {
"username": {
"type": "string",
"example": "johndoe"
},
"role": {
"type": "string",
"example": "admin"
}
},
"type": "object"
}
}
}
}
},
"401": {
"description": "Unauthorized: the user is not authenticated or is not an admin"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/media/getProgress.php": {
"get": {
"tags": [
"Media"
],
"summary": "Get media playback progress",
"operationId": "getMediaProgress",
"parameters": [
{
"name": "folder",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "root"
},
{
"name": "file",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "video.mp4"
}
],
"responses": {
"200": {
"description": "Progress state"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/media/getViewedMap.php": {
"get": {
"tags": [
"Media"
],
"summary": "Get viewed media map",
"operationId": "getViewedMediaMap",
"parameters": [
{
"name": "folder",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "root"
}
],
"responses": {
"200": {
"description": "Viewed map"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/media/updateProgress.php": {
"post": {
"tags": [
"Media"
],
"summary": "Update media playback progress",
"operationId": "updateMediaProgress",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder",
"file"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"file": {
"type": "string",
"example": "video.mp4"
},
"seconds": {
"type": "number",
"format": "float",
"example": 42.5
},
"duration": {
"type": "number",
"format": "float",
"example": 3600,
"nullable": true
},
"completed": {
"type": "boolean",
"nullable": true
},
"clear": {
"type": "boolean",
"example": false
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Update result"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/onlyoffice/callback.php": {
"post": {
"tags": [
"ONLYOFFICE"
],
"summary": "ONLYOFFICE save callback",
"parameters": [
{
"name": "sourceId",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK / error JSON"
}
}
}
},
"/api/onlyoffice/config.php": {
"get": {
"tags": [
"ONLYOFFICE"
],
"summary": "Get editor config for a file (signed URLs, callback)",
"parameters": [
{
"name": "folder",
"in": "query",
"schema": {
"type": "string"
}
},
{
"name": "file",
"in": "query",
"schema": {
"type": "string"
}
},
{
"name": "sourceId",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Editor config"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Disabled / Not found"
}
}
}
},
"/api/onlyoffice/signed-download.php": {
"get": {
"tags": [
"ONLYOFFICE"
],
"summary": "Serve a signed file blob to ONLYOFFICE",
"parameters": [
{
"name": "tok",
"in": "query",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "File stream"
},
"403": {
"description": "Signature/expiry invalid"
}
}
}
},
"/api/onlyoffice/status.php": {
"get": {
"tags": [
"ONLYOFFICE"
],
"summary": "ONLYOFFICE availability & supported extensions",
"responses": {
"200": {
"description": "Status JSON"
}
}
}
},
"/api/pro/audit/exportCsv.php": {
"get": {
"tags": [
"Pro"
],
"summary": "Export audit log as CSV",
"description": "Exports audit log entries as CSV.",
"operationId": "proAuditExportCsv",
"parameters": [
{
"name": "folder",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "team"
},
{
"name": "user",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "action",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "source",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "storage",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "from",
"in": "query",
"description": "ISO timestamp or epoch",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "to",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "limit",
"in": "query",
"required": false,
"schema": {
"type": "integer",
"maximum": 5000,
"minimum": 1
},
"example": 1000
}
],
"responses": {
"200": {
"description": "CSV stream",
"content": {
"text/csv": {}
}
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden or Pro required"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/audit/list.php": {
"get": {
"tags": [
"Pro"
],
"summary": "List audit log entries",
"description": "Returns audit log entries for admins, or for a specific folder when non-admin.",
"operationId": "proAuditList",
"parameters": [
{
"name": "folder",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "team"
},
{
"name": "user",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "action",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "source",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "storage",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "from",
"in": "query",
"description": "ISO timestamp or epoch",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "to",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "limit",
"in": "query",
"required": false,
"schema": {
"type": "integer",
"maximum": 500,
"minimum": 1
},
"example": 200
}
],
"responses": {
"200": {
"description": "Audit list payload"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden or Pro required"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/diskUsageChildren.php": {
"get": {
"tags": [
"Pro"
],
"summary": "Get disk usage children",
"description": "Returns per-folder usage children for the storage explorer (Pro).",
"operationId": "proDiskUsageChildren",
"parameters": [
{
"name": "folder",
"in": "query",
"required": false,
"schema": {
"type": "string"
},
"example": "root"
},
{
"name": "sourceId",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Children payload"
},
"403": {
"description": "Forbidden or Pro required"
},
"404": {
"description": "Snapshot not found"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/diskUsageDeleteFilePermanent.php": {
"post": {
"tags": [
"Pro"
],
"summary": "Permanently delete a file",
"description": "Deletes a single file from storage explorer (Pro, admin).",
"operationId": "proDiskUsageDeleteFilePermanent",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"name"
],
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"name": {
"type": "string",
"example": "large.zip"
},
"sourceId": {
"type": "string",
"example": "local"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Delete result"
},
"400": {
"description": "Invalid input"
},
"403": {
"description": "Forbidden or Pro required"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/diskUsageDeleteFolderRecursive.php": {
"post": {
"tags": [
"Pro"
],
"summary": "Permanently delete a folder",
"description": "Recursively deletes a folder from storage explorer (Pro, admin).",
"operationId": "proDiskUsageDeleteFolderRecursive",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"folder"
],
"properties": {
"folder": {
"type": "string",
"example": "team/archive"
},
"sourceId": {
"type": "string",
"example": "local"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Delete result"
},
"400": {
"description": "Invalid input"
},
"403": {
"description": "Forbidden or Pro required"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/diskUsageTopFiles.php": {
"get": {
"tags": [
"Pro"
],
"summary": "Get top files by size",
"description": "Returns the largest files across the instance (Pro).",
"operationId": "proDiskUsageTopFiles",
"parameters": [
{
"name": "limit",
"in": "query",
"required": false,
"schema": {
"type": "integer",
"minimum": 1
},
"example": 100
},
{
"name": "sourceId",
"in": "query",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Top files payload"
},
"403": {
"description": "Forbidden or Pro required"
},
"404": {
"description": "Snapshot not found"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/groups/list.php": {
"get": {
"tags": [
"Pro"
],
"summary": "List Pro groups",
"description": "Returns user groups defined in FileRise Pro.",
"operationId": "proGroupsList",
"responses": {
"200": {
"description": "Groups payload"
},
"400": {
"description": "Invalid input"
},
"403": {
"description": "Forbidden or Pro required"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/groups/save.php": {
"post": {
"tags": [
"Pro"
],
"summary": "Save Pro groups",
"description": "Saves group definitions in FileRise Pro.",
"operationId": "proGroupsSave",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"groups"
],
"properties": {
"groups": {
"type": "object"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Save result"
},
"400": {
"description": "Invalid input"
},
"403": {
"description": "Forbidden or Pro required"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/portals/get.php": {
"get": {
"tags": [
"Pro"
],
"summary": "Get portal by slug",
"description": "Returns portal metadata (public).",
"operationId": "proPortalsGet",
"parameters": [
{
"name": "slug",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "client-portal"
}
],
"responses": {
"200": {
"description": "Portal payload"
},
"404": {
"description": "Portal not found"
}
}
}
},
"/api/pro/portals/list.php": {
"get": {
"tags": [
"Pro"
],
"summary": "List portals",
"description": "Returns all portals (admin only, Pro).",
"operationId": "proPortalsList",
"responses": {
"200": {
"description": "Portals payload"
},
"400": {
"description": "Invalid input"
},
"403": {
"description": "Forbidden or Pro required"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/portals/publicMeta.php": {
"get": {
"tags": [
"Pro"
],
"summary": "Get public portal metadata",
"description": "Returns the public metadata needed for the portal login page.",
"operationId": "proPortalsPublicMeta",
"parameters": [
{
"name": "slug",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "client-portal"
}
],
"responses": {
"200": {
"description": "Public portal payload"
},
"400": {
"description": "Missing slug"
},
"404": {
"description": "Portal not found or Pro inactive"
},
"410": {
"description": "Portal expired"
},
"500": {
"description": "Server error"
}
}
}
},
"/api/pro/portals/save.php": {
"post": {
"tags": [
"Pro"
],
"summary": "Save portals",
"description": "Saves portal definitions (admin only, Pro).",
"operationId": "proPortalsSave",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"portals"
],
"properties": {
"portals": {
"type": "object"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Save result"
},
"400": {
"description": "Invalid input"
},
"403": {
"description": "Forbidden or Pro required"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/portals/submissions.php": {
"get": {
"tags": [
"Pro"
],
"summary": "List portal submissions",
"description": "Returns submissions for a portal (admin only, Pro).",
"operationId": "proPortalsSubmissions",
"parameters": [
{
"name": "slug",
"in": "query",
"required": true,
"schema": {
"type": "string"
},
"example": "client-portal"
}
],
"responses": {
"200": {
"description": "Submissions payload"
},
"400": {
"description": "Missing slug"
},
"403": {
"description": "Forbidden or Pro required"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/portals/submitForm.php": {
"post": {
"tags": [
"Pro"
],
"summary": "Submit portal form",
"description": "Submits a portal form payload (requires auth, Pro).",
"operationId": "proPortalsSubmitForm",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"slug",
"form"
],
"properties": {
"slug": {
"type": "string",
"example": "client-portal"
},
"form": {
"properties": {
"name": {
"type": "string",
"example": "Jane Doe"
},
"email": {
"type": "string",
"example": "jane@example.com"
},
"reference": {
"type": "string",
"example": "PO-123"
},
"notes": {
"type": "string",
"example": "Please review"
}
},
"type": "object"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Submission saved"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden or Pro required"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/portals/uploadLogo.php": {
"post": {
"tags": [
"Pro"
],
"summary": "Upload portal logo",
"description": "Uploads a portal logo image (admin only, Pro).",
"operationId": "proPortalsUploadLogo",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"multipart/form-data": {
"schema": {
"required": [
"portal_logo"
],
"properties": {
"portal_logo": {
"type": "string",
"format": "binary"
},
"slug": {
"type": "string",
"example": "client-portal"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Upload result"
},
"400": {
"description": "Invalid input"
},
"403": {
"description": "Forbidden or Pro required"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/search/query.php": {
"get": {
"tags": [
"Pro"
],
"summary": "Search files (Pro)",
"description": "Searches across folders using the Pro search index.",
"operationId": "proSearchQuery",
"parameters": [
{
"name": "q",
"in": "query",
"description": "Search query",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "limit",
"in": "query",
"required": false,
"schema": {
"type": "integer",
"minimum": 1
},
"example": 50
},
{
"name": "sourceId",
"in": "query",
"description": "Source id or 'all'",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "force",
"in": "query",
"description": "Admins only: force refresh",
"required": false,
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Search results"
},
"400": {
"description": "Invalid input"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden or Pro required"
},
"503": {
"description": "Search disabled"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/pro/uploadBrandLogo.php": {
"post": {
"tags": [
"Pro"
],
"summary": "Upload branding logo",
"description": "Uploads a branding logo image (admin only, Pro).",
"operationId": "proUploadBrandLogo",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"multipart/form-data": {
"schema": {
"required": [
"brand_logo"
],
"properties": {
"brand_logo": {
"type": "string",
"format": "binary"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Upload result"
},
"400": {
"description": "Invalid input"
},
"403": {
"description": "Forbidden or Pro required"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/profile/getCurrentUser.php": {
"get": {
"tags": [
"Users"
],
"operationId": "getCurrentUser",
"responses": {
"200": {
"description": "Current user",
"content": {
"application/json": {
"schema": {
"required": [
"username",
"isAdmin",
"totp_enabled",
"profile_picture"
],
"properties": {
"username": {
"type": "string",
"example": "ryan"
},
"isAdmin": {
"type": "boolean"
},
"totp_enabled": {
"type": "boolean"
},
"profile_picture": {
"type": "string",
"example": "/uploads/profile_pics/ryan.png"
}
},
"type": "object"
}
}
}
},
"401": {
"$ref": "#/components/responses/Unauthorized"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/profile/uploadPicture.php": {
"post": {
"tags": [
"Users"
],
"summary": "Upload or replace the current user's profile picture",
"description": "Accepts a single image file (JPEG, PNG, or GIF) up to 2 MB. Requires a valid session cookie and CSRF token.",
"operationId": "uploadProfilePicture",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"description": "Anti-CSRF token associated with the current session.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"multipart/form-data": {
"schema": {
"required": [
"profile_picture"
],
"properties": {
"profile_picture": {
"description": "JPEG, PNG, or GIF image. Max size: 2 MB.",
"type": "string",
"format": "binary"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Profile picture updated.",
"content": {
"application/json": {
"schema": {
"required": [
"success",
"url"
],
"properties": {
"success": {
"type": "boolean",
"example": true
},
"url": {
"type": "string",
"example": "/uploads/profile_pics/alice_9f3c2e1a8bcd.png"
}
},
"type": "object"
}
}
}
},
"400": {
"description": "No file uploaded, invalid file type, or file too large."
},
"401": {
"$ref": "#/components/responses/Unauthorized"
},
"403": {
"$ref": "#/components/responses/Forbidden"
},
"500": {
"description": "Server error while saving the picture."
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/removeUser.php": {
"delete": {
"tags": [
"Users"
],
"summary": "Remove a user",
"description": "Removes the specified user from the system. Cannot remove the currently logged-in user. Accepts DELETE or POST.",
"operationId": "removeUser",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"username"
],
"properties": {
"username": {
"type": "string",
"example": "johndoe"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "User removed successfully",
"content": {
"application/json": {
"schema": {
"properties": {
"success": {
"type": "string",
"example": "User removed successfully"
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Invalid CSRF token"
},
"405": {
"description": "Method not allowed"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/siteConfig.php": {
"get": {
"tags": [
"Config"
],
"summary": "Get public site configuration",
"description": "Returns the public site configuration used by the frontend.",
"operationId": "getSiteConfig",
"responses": {
"200": {
"description": "Site config payload"
},
"500": {
"description": "Server error"
}
}
}
},
"/api/totp_disable.php": {
"put": {
"tags": [
"TOTP"
],
"summary": "Disable TOTP for the authenticated user",
"description": "Clears the TOTP secret from the users file for the current user. Accepts PUT or POST.",
"operationId": "disableTOTP",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "TOTP disabled successfully",
"content": {
"application/json": {
"schema": {
"properties": {
"success": {
"type": "boolean",
"example": true
},
"message": {
"type": "string",
"example": "TOTP disabled successfully."
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Missing username"
},
"403": {
"description": "Not authenticated or invalid CSRF token"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Failed to disable TOTP"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/totp_recover.php": {
"post": {
"tags": [
"TOTP"
],
"summary": "Recover TOTP",
"description": "Verifies a recovery code to disable TOTP and finalize login.",
"operationId": "recoverTOTP",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"recovery_code"
],
"properties": {
"recovery_code": {
"type": "string",
"example": "ABC123DEF456"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Recovery successful",
"content": {
"application/json": {
"schema": {
"properties": {
"status": {
"type": "string",
"example": "ok"
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Invalid input or recovery code"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Invalid CSRF token"
},
"405": {
"description": "Method not allowed"
},
"429": {
"description": "Too many attempts"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/totp_saveCode.php": {
"post": {
"tags": [
"TOTP"
],
"summary": "Generate and save a new TOTP recovery code",
"description": "Generates a new TOTP recovery code for the authenticated user, stores its hash, and returns the plain text recovery code.",
"operationId": "totpSaveCode",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Recovery code generated successfully",
"content": {
"application/json": {
"schema": {
"properties": {
"status": {
"type": "string",
"example": "ok"
},
"recoveryCode": {
"type": "string",
"example": "ABC123DEF456"
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Invalid CSRF token or unauthorized"
},
"405": {
"description": "Method not allowed"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/totp_setup.php": {
"get": {
"tags": [
"TOTP"
],
"summary": "Set up TOTP and generate a QR code",
"description": "Generates (or retrieves) the TOTP secret for the user and builds a QR code image for scanning.",
"operationId": "setupTOTP",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "QR code image for TOTP setup",
"content": {
"image/png": {}
}
},
"400": {
"description": "Missing username"
},
"403": {
"description": "Not authorized or invalid CSRF token"
},
"500": {
"description": "Server error"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/totp_verify.php": {
"post": {
"tags": [
"TOTP"
],
"summary": "Verify TOTP code",
"description": "Verifies a TOTP code and completes login for pending users or validates TOTP for setup verification.",
"operationId": "verifyTOTP",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"totp_code"
],
"properties": {
"totp_code": {
"type": "string",
"example": "123456"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "TOTP successfully verified",
"content": {
"application/json": {
"schema": {
"properties": {
"status": {
"type": "string",
"example": "ok"
},
"message": {
"type": "string",
"example": "Login successful"
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Bad Request (e.g., invalid input)"
},
"403": {
"description": "Not authenticated or invalid CSRF token"
},
"429": {
"description": "Too many attempts. Try again later."
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/updateUserPanel.php": {
"put": {
"tags": [
"Users"
],
"summary": "Update user panel settings",
"description": "Updates user panel settings. Accessible to authenticated users. Accepts PUT or POST.",
"operationId": "updateUserPanel",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"totp_enabled"
],
"properties": {
"totp_enabled": {
"type": "boolean",
"example": false
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "User panel updated successfully",
"content": {
"application/json": {
"schema": {
"properties": {
"success": {
"type": "string",
"example": "User panel updated: TOTP disabled"
}
},
"type": "object"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Invalid CSRF token"
},
"405": {
"description": "Method not allowed"
},
"400": {
"description": "Bad Request"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/updateUserPermissions.php": {
"put": {
"tags": [
"Users"
],
"summary": "Update user permissions",
"description": "Updates permissions for users. Only available to authenticated admin users. Accepts PUT or POST.",
"operationId": "updateUserPermissions",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"permissions"
],
"properties": {
"permissions": {
"type": "array",
"items": {
"properties": {
"username": {
"type": "string",
"example": "johndoe"
},
"folderOnly": {
"type": "boolean",
"example": true
},
"readOnly": {
"type": "boolean",
"example": false
},
"disableUpload": {
"type": "boolean",
"example": false
}
},
"type": "object"
}
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "User permissions updated successfully",
"content": {
"application/json": {
"schema": {
"properties": {
"success": {
"type": "string",
"example": "User permissions updated successfully."
}
},
"type": "object"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Invalid CSRF token"
},
"405": {
"description": "Method not allowed"
},
"400": {
"description": "Bad Request"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/upload/removeChunks.php": {
"post": {
"tags": [
"Uploads"
],
"summary": "Remove temporary chunk directory",
"description": "Deletes the temporary directory used for a chunked upload. Requires a valid CSRF token in the form field.",
"operationId": "removeChunks",
"requestBody": {
"required": true,
"content": {
"application/x-www-form-urlencoded": {
"schema": {
"required": [
"folder",
"csrf_token"
],
"properties": {
"folder": {
"type": "string",
"example": "resumable_myupload123"
},
"csrf_token": {
"description": "CSRF token for this session",
"type": "string"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "Removal result",
"content": {
"application/json": {
"schema": {
"properties": {
"success": {
"type": "boolean",
"example": true
},
"message": {
"type": "string",
"example": "Temporary folder removed."
}
},
"type": "object"
}
}
}
},
"400": {
"description": "Invalid input"
},
"403": {
"description": "Invalid CSRF token"
}
},
"security": [
{
"cookieAuth": []
}
]
}
},
"/api/upload/upload.php": {
"post": {
"tags": [
"Uploads"
],
"summary": "Upload a file (supports chunked + full uploads)",
"description": "Requires a session (cookie) and a CSRF token (header preferred; falls back to form field). Checks user/account flags and folder-level WRITE ACL, then delegates to the model. Returns JSON for chunked uploads; full uploads may redirect after success.",
"operationId": "handleUpload",
"parameters": [
{
"name": "X-CSRF-Token",
"in": "header",
"description": "CSRF token for this session (preferred). If omitted, send as form field `csrf_token`.",
"required": false,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"required": true,
"content": {
"multipart/form-data": {
"schema": {
"required": [
"fileToUpload"
],
"properties": {
"fileToUpload": {
"description": "File or chunk payload.",
"type": "string",
"format": "binary"
},
"folder": {
"description": "Target folder (defaults to 'root' if omitted).",
"type": "string",
"example": "root"
},
"csrf_token": {
"description": "CSRF token (form fallback).",
"type": "string"
},
"upload_token": {
"description": "Legacy alias for CSRF token (accepted by server).",
"type": "string"
},
"resumableChunkNumber": {
"type": "integer"
},
"resumableTotalChunks": {
"type": "integer"
},
"resumableChunkSize": {
"type": "integer"
},
"resumableCurrentChunkSize": {
"type": "integer"
},
"resumableTotalSize": {
"type": "integer"
},
"resumableType": {
"type": "string"
},
"resumableIdentifier": {
"type": "string"
},
"resumableFilename": {
"type": "string"
},
"resumableRelativePath": {
"type": "string"
}
},
"type": "object"
}
}
}
},
"responses": {
"200": {
"description": "JSON result (success, chunk status, or CSRF refresh).",
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"properties": {
"success": {
"type": "string",
"example": "File uploaded successfully"
},
"newFilename": {
"type": "string",
"example": "5f2d7c123a_example.png"
}
},
"type": "object"
},
{
"properties": {
"status": {
"type": "string",
"example": "chunk uploaded"
}
},
"type": "object"
},
{
"properties": {
"csrf_expired": {
"type": "boolean",
"example": true
},
"csrf_token": {
"type": "string",
"example": "b1c2...f9"
}
},
"type": "object"
}
]
}
}
}
},
"302": {
"description": "Redirect after a successful full upload.",
"headers": {
"Location": {
"description": "Where the client is redirected",
"schema": {
"type": "string"
}
}
}
},
"400": {
"description": "Bad request (missing/invalid fields, model error)"
},
"401": {
"description": "Unauthorized (no session)"
},
"403": {
"description": "Forbidden (upload disabled or no WRITE to folder)"
},
"500": {
"description": "Server error while processing upload"
}
},
"security": [
{
"cookieAuth": []
}
]
}
}
},
"components": {
"schemas": {
"SimpleSuccess": {
"properties": {
"success": {
"type": "boolean",
"example": true
}
},
"type": "object"
},
"SimpleError": {
"properties": {
"error": {
"type": "string",
"example": "Something went wrong"
}
},
"type": "object"
},
"ShareLinkEntry": {
"properties": {
"folder": {
"type": "string",
"example": "root"
},
"file": {
"type": "string",
"example": "invoice.pdf"
},
"expires": {
"type": "integer",
"format": "int64",
"example": 1735689600
},
"password": {
"type": "string",
"example": "***",
"nullable": true
},
"token": {
"type": "string",
"example": "0123456789abcdef0123456789abcdef"
},
"sourceId": {
"type": "string",
"example": "local"
},
"sourceName": {
"type": "string",
"example": "Local"
}
},
"type": "object"
},
"ShareLinksMap": {
"type": "object",
"additionalProperties": {
"$ref": "#/components/schemas/ShareLinkEntry"
}
},
"ShareFolderLinkEntry": {
"properties": {
"folder": {
"type": "string",
"example": "shared/reports"
},
"expires": {
"type": "integer",
"format": "int64",
"example": 1735689600
},
"password": {
"type": "string",
"example": "***",
"nullable": true
},
"allowUpload": {
"type": "integer",
"example": 1
},
"token": {
"type": "string",
"example": "0123456789abcdef0123456789abcdef"
},
"sourceId": {
"type": "string",
"example": "local"
},
"sourceName": {
"type": "string",
"example": "Local"
}
},
"type": "object"
},
"ShareFolderLinksMap": {
"type": "object",
"additionalProperties": {
"$ref": "#/components/schemas/ShareFolderLinkEntry"
}
},
"LoginOptionsPublic": {
"properties": {
"disableFormLogin": {
"type": "boolean"
},
"disableBasicAuth": {
"type": "boolean"
},
"disableOIDCLogin": {
"type": "boolean"
}
},
"type": "object"
},
"LoginOptionsAdminExtra": {
"properties": {
"authBypass": {
"type": "boolean",
"nullable": true
},
"authHeaderName": {
"type": "string",
"example": "X-Remote-User",
"nullable": true
}
},
"type": "object"
},
"OIDCConfigPublic": {
"properties": {
"providerUrl": {
"type": "string",
"example": "https://accounts.example.com"
},
"redirectUri": {
"type": "string",
"example": "https://your.filerise.app/callback"
}
},
"type": "object"
},
"AdminGetConfigPublic": {
"required": [
"header_title",
"loginOptions",
"globalOtpauthUrl",
"enableWebDAV",
"sharedMaxUploadSize",
"oidc"
],
"properties": {
"header_title": {
"type": "string",
"example": "FileRise"
},
"loginOptions": {
"$ref": "#/components/schemas/LoginOptionsPublic"
},
"globalOtpauthUrl": {
"type": "string"
},
"enableWebDAV": {
"type": "boolean"
},
"sharedMaxUploadSize": {
"type": "integer",
"format": "int64"
},
"oidc": {
"$ref": "#/components/schemas/OIDCConfigPublic"
}
},
"type": "object"
},
"AdminGetConfigAdmin": {
"allOf": [
{
"$ref": "#/components/schemas/AdminGetConfigPublic"
},
{
"properties": {
"loginOptions": {
"allOf": [
{
"$ref": "#/components/schemas/LoginOptionsPublic"
},
{
"$ref": "#/components/schemas/LoginOptionsAdminExtra"
}
]
}
},
"type": "object"
}
]
},
"AdminUpdateConfigRequest": {
"properties": {
"header_title": {
"type": "string",
"maxLength": 100,
"example": "FileRise"
},
"loginOptions": {
"properties": {
"disableFormLogin": {
"type": "boolean",
"example": false
},
"disableBasicAuth": {
"type": "boolean",
"example": false
},
"disableOIDCLogin": {
"description": "false = OIDC enabled",
"type": "boolean",
"example": true
},
"authBypass": {
"type": "boolean",
"example": false
},
"authHeaderName": {
"description": "Letters/numbers/dashes only",
"type": "string",
"pattern": "^[A-Za-z0-9\\\\-]+$",
"example": "X-Remote-User"
}
},
"type": "object",
"additionalProperties": false
},
"globalOtpauthUrl": {
"type": "string",
"example": "otpauth://totp/{label}?secret={secret}&issuer=FileRise"
},
"enableWebDAV": {
"type": "boolean",
"example": false
},
"sharedMaxUploadSize": {
"type": "integer",
"format": "int64",
"minimum": 0,
"example": 52428800
},
"oidc": {
"description": "When disableOIDCLogin=false (OIDC enabled), providerUrl, redirectUri, and clientId are required.",
"properties": {
"providerUrl": {
"type": "string",
"format": "uri",
"example": "https://issuer.example.com"
},
"clientId": {
"type": "string",
"example": "my-client-id"
},
"clientSecret": {
"type": "string",
"writeOnly": true,
"example": "***"
},
"redirectUri": {
"type": "string",
"format": "uri",
"example": "https://app.example.com/auth/callback"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"responses": {
"Unauthorized": {
"description": "Unauthorized (no session)",
"content": {
"application/json": {
"schema": {
"properties": {
"error": {
"type": "string",
"example": "Unauthorized"
}
},
"type": "object"
}
}
}
},
"Forbidden": {
"description": "Forbidden (not enough privileges)",
"content": {
"application/json": {
"schema": {
"properties": {
"error": {
"type": "string",
"example": "Invalid CSRF token."
}
},
"type": "object"
}
}
}
}
},
"requestBodies": {
"MoveFilesRequest": {
"required": true,
"content": {
"application/json": {
"schema": {
"required": [
"source",
"destination",
"files"
],
"properties": {
"source": {
"type": "string",
"example": "inbox"
},
"destination": {
"type": "string",
"example": "archive"
},
"files": {
"type": "array",
"items": {
"type": "string"
}
}
},
"type": "object"
}
}
}
}
},
"securitySchemes": {
"cookieAuth": {
"type": "apiKey",
"description": "Session cookie used for authenticated endpoints",
"name": "PHPSESSID",
"in": "cookie"
},
"CsrfHeader": {
"type": "apiKey",
"description": "CSRF token header required for state-changing requests",
"name": "X-CSRF-Token",
"in": "header"
}
}
},
"tags": [
{
"name": "Admin",
"description": "Admin endpoints"
},
{
"name": "Users",
"description": "Users"
},
{
"name": "Auth",
"description": "Auth"
},
{
"name": "Files",
"description": "Files"
},
{
"name": "Shares",
"description": "Shares"
},
{
"name": "Trash",
"description": "Trash"
},
{
"name": "Tags",
"description": "Tags"
},
{
"name": "Folders",
"description": "Folders"
},
{
"name": "Shared Folders",
"description": "Shared Folders"
},
{
"name": "Media",
"description": "Media"
},
{
"name": "ONLYOFFICE",
"description": "ONLYOFFICE"
},
{
"name": "Pro",
"description": "Pro"
},
{
"name": "Config",
"description": "Config"
},
{
"name": "TOTP",
"description": "TOTP"
},
{
"name": "Uploads",
"description": "Uploads"
}
]
}
Reference in New Issue View Git Blame Copy Permalink