acm-uiuc
diff --git a/‎src/api/components/index.ts‎
Lines changed: 15 additions & 5 deletions b/‎src/api/components/index.ts‎
Lines changed: 15 additions & 5 deletions
diff --git a/‎src/api/index.ts‎
Lines changed: 16 additions & 1 deletion b/‎src/api/index.ts‎
Lines changed: 16 additions & 1 deletion
diff --git a/‎src/api/routes/apiKey.ts‎
Lines changed: 42 additions & 3 deletions b/‎src/api/routes/apiKey.ts‎
Lines changed: 42 additions & 3 deletions
diff --git a/‎src/api/routes/iam.ts‎
Lines changed: 29 additions & 4 deletions b/‎src/api/routes/iam.ts‎
Lines changed: 29 additions & 4 deletions
diff --git a/‎src/api/routes/ics.ts‎
Lines changed: 15 additions & 2 deletions b/‎src/api/routes/ics.ts‎
Lines changed: 15 additions & 2 deletions
diff --git a/‎src/api/routes/linkry.ts‎
Lines changed: 90 additions & 3 deletions b/‎src/api/routes/linkry.ts‎
Lines changed: 90 additions & 3 deletions
@@ -205,6 +205,7 @@ export function withRoles<T extends FastifyZodOpenApiSchema>(
     ...schema.response,
   };
   return {
+    ...schema,
     security,
     "x-required-roles": roles,
     "x-disable-api-key-auth": disableApiKeyAuth,
@@ -232,7 +233,6 @@ ${schema.description}
 <hr />
 ${roles.length > 0 ? `Requires any of the following roles:\n\n${roles.map((item) => `* ${AppRoleHumanMapper[item]} (<code>${item}</code>)`).join("\n")}` : "Requires valid authentication but no specific authorization."}
   `,
-    ...schema,
     response: responses,
   };
 }
@@ -241,11 +241,21 @@ export function withTags<T extends FastifyZodOpenApiSchema>(
   tags: string[],
   schema: T,
 ) {
+  const cleanedResponse = schema.response
+    ? Object.fromEntries(
+        Object.entries(schema.response).filter(([_, value]) => value !== null),
+      )
+    : {};
   const responses = {
-    500: internalServerError,
-    429: rateLimitExceededError,
-    400: validationError,
-    ...schema.response,
+    ...(schema.response && schema.response["500"] !== null
+      ? { 500: internalServerError }
+      : {}),
+    ...(schema.response && schema.response["429"] !== null
+      ? { 429: rateLimitExceededError }
+      : {}),
+    ...(schema.response &&
+      schema.response["400"] !== null && { 400: validationError }),
+    ...cleanedResponse,
   };
   return {
     tags,
 
@@ -26,6 +26,7 @@ import {
 import { type ZodOpenApiVersion } from "zod-openapi";
 import { withTags } from "./components/index.js";
 import RedisModule from "ioredis";
+import * as z from "zod/v4";
 
 /** BEGIN EXTERNAL PLUGINS */
 import fastifyIp from "fastify-ip";
@@ -356,7 +357,21 @@ Otherwise, email [[email protected]](mailto:[email protected]) for sup
     "/api/v1/healthz",
     {
       schema: withTags(["Generic"], {
-        summary: "Verify that the API server is healthy.",
+        summary: "Get API server health status",
+        response: {
+          200: {
+            description: "The API server is healthy.",
+            content: {
+              "application/json": {
+                schema: z.object({
+                  message: z.literal("UP").meta({ example: "UP" }),
+                }),
+              },
+            },
+          },
+          400: null,
+          429: null,
+        },
       }),
     },
     async (_, reply) => {
 
@@ -37,8 +37,26 @@ const apiKeyRoute: FastifyPluginAsync = async (fastify, _options) => {
       schema: withRoles(
         [AppRoles.MANAGE_ORG_API_KEYS],
         withTags(["API Keys"], {
-          summary: "Create an organization API key.",
+          summary: "Create an organization API key",
+          description:
+            "Organization API keys are not tied to the permissions of a specific user, but rather are assigned their own permissions with optional restrictions.",
           body: apiKeyPostBody,
+          response: {
+            201: {
+              description: "The organization API key has been created.",
+              content: {
+                "application/json": {
+                  schema: z.object({
+                    apiKey: z.string().min(1).meta({
+                      description: "The API key.",
+                      example:
+                        "acmuiuc_sample435be_example244b8607e7665319c221496ad7282edbb09558f720e0e634ab77615b_d305c1",
+                    }),
+                  }),
+                },
+              },
+            },
+          },
         }),
         { disableApiKeyAuth: true },
       ),
@@ -143,13 +161,23 @@ If you did not create this API key, please secure your account and notify the AC
       schema: withRoles(
         [AppRoles.MANAGE_ORG_API_KEYS],
         withTags(["API Keys"], {
-          summary: "Delete an organization API key.",
+          summary: "Delete an organization API key",
           params: z.object({
             keyId: z.string().min(1).meta({
               description:
                 "Key ID to delete. The key ID is the second segment of the API key.",
             }),
           }),
+          response: {
+            204: {
+              description: "The organization API key has been deleted.",
+              content: {
+                "application/json": {
+                  schema: z.null(),
+                },
+              },
+            },
+          },
         }),
         { disableApiKeyAuth: true },
       ),
@@ -242,7 +270,18 @@ If you did not delete this API key, please secure your account and notify the AC
       schema: withRoles(
         [AppRoles.MANAGE_ORG_API_KEYS],
         withTags(["API Keys"], {
-          summary: "Get all organization API keys.",
+          summary: "Get all organization API keys",
+          response: {
+            200: {
+              description:
+                "The list of organization API keys has been retrieved.",
+              content: {
+                "application/json": {
+                  schema: z.array(apiKeyPostBody),
+                },
+              },
+            },
+          },
         }),
         { disableApiKeyAuth: true },
       ),
 
@@ -31,6 +31,8 @@ import {
   groupModificationPatchSchema,
   EntraGroupActions,
   entraProfilePatchRequest,
+  entraActionResponseSchema,
+  entraGroupMembershipListResponse,
 } from "../../common/types/iam.js";
 import { clearAuthCache, getGroupRoles } from "../functions/authorization.js";
 import { getRoleCredentials } from "api/functions/sts.js";
@@ -220,8 +222,17 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
         [AppRoles.IAM_INVITE_ONLY, AppRoles.IAM_ADMIN],
         withTags(["IAM"], {
           body: invitePostRequestSchema,
-          summary: "Invite a user to the ACM @ UIUC Entra ID tenant.",
-          // response: { 202: entraActionResponseSchema },
+          summary: "Invite users to the ACM @ UIUC Entra ID tenant",
+          response: {
+            202: {
+              description: "At least one of the users have been invited.",
+              content: {
+                "application/json": {
+                  schema: entraActionResponseSchema,
+                },
+              },
+            },
+          },
         }),
       ),
       onRequest: fastify.authorizeFromSchema,
@@ -290,7 +301,12 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
         }
       }
       await Promise.allSettled(logPromises);
-      reply.status(202).send(response);
+      if (response.success.length > 0) {
+        reply.status(202);
+      } else {
+        reply.status(500);
+      }
+      reply.send(response);
     },
   );
   fastify.withTypeProvider<FastifyZodOpenApiTypeProvider>().patch(
@@ -553,7 +569,16 @@ No action is required from you at this time.
       schema: withRoles(
         [AppRoles.IAM_ADMIN],
         withTags(["IAM"], {
-          // response: { 200: entraGroupMembershipListResponse },
+          response: {
+            200: {
+              description: "The members of the group have been retrieved.",
+              content: {
+                "application/json": {
+                  schema: entraGroupMembershipListResponse,
+                },
+              },
+            },
+          },
           params: z.object({
             groupId,
           }),
 
@@ -56,8 +56,21 @@ const icalPlugin: FastifyPluginAsync = async (fastify, _options) => {
             description: "Organization to retrieve calendar for",
           }),
         }),
-        summary:
-          "Retrieve the calendar for ACM @ UIUC or a specific sub-organization.",
+        summary: "Retrieve an organization's calendar",
+        response: {
+          200: {
+            description: "The organization's calendar has been generated.",
+            content: {
+              "text/calendar": {
+                schema: z.string().meta({
+                  description: "Calendar in iCalendar format.",
+                  example:
+                    "BEGIN:VCALENDAR\nVERSION:2.0\nPRODID:-//sebbo.net//ical-generator//EN\nMETHOD:PUBLISH\nNAME:ACM@UIUC - Infrastructure Committee Events\nX-WR-CALNAME:ACM@UIUC - Infrastructure Committee Events\nTIMEZONE-ID:America/Chicago\nX-WR-TIMEZONE:America/Chicago\nEND:VCALENDAR",
+                }),
+              },
+            },
+          },
+        },
       } satisfies FastifyZodOpenApiSchema),
     },
     async (request, reply) => {
 
@@ -26,7 +26,13 @@ import {
   getLinkryKvArn,
   setKey,
 } from "api/functions/cloudfrontKvStore.js";
-import { createRequest, linkrySlug } from "common/types/linkry.js";
+import {
+  createRequest,
+  linkryAccessList,
+  linkryRecordWithOwner,
+  linkryRedirectTarget,
+  linkrySlug,
+} from "common/types/linkry.js";
 import {
   extractUniqueSlugs,
   fetchOwnerRecords,
@@ -82,7 +88,40 @@ const linkryRoutes: FastifyPluginAsync = async (fastify, _options) => {
       {
         schema: withRoles(
           [AppRoles.LINKS_MANAGER, AppRoles.LINKS_ADMIN],
-          withTags(["Linkry"], {}),
+          withTags(["Linkry"], {
+            summary: "Get current user's links",
+            description:
+              "If the user has bypass permissions, all links will be returned. Otherwise, only links owned by the current user, or delegated to the current user, will be returned.",
+            response: {
+              200: {
+                description: "The current user's links have been retrieved.",
+                content: {
+                  "application/json": {
+                    schema: z.object({
+                      ownedLinks: z
+                        .array(
+                          z.object({
+                            slug: linkrySlug,
+                            createdAt: z.iso.datetime(),
+                            updatedAt: z.iso.datetime(),
+                            redirect: linkryRedirectTarget,
+                            access: linkryAccessList,
+                          }),
+                        )
+                        .meta({
+                          description:
+                            "A list of all links that the current user owns.",
+                        }),
+                      delegatedLinks: z.array(linkryRecordWithOwner).meta({
+                        description:
+                          "A list of all links that the current user has delegated access to (including superuser access).",
+                      }),
+                    }),
+                  },
+                },
+              },
+            },
+          }),
         ),
         onRequest: fastify.authorizeFromSchema,
       },
@@ -177,7 +216,27 @@ const linkryRoutes: FastifyPluginAsync = async (fastify, _options) => {
         schema: withRoles(
           [AppRoles.LINKS_MANAGER, AppRoles.LINKS_ADMIN],
           withTags(["Linkry"], {
+            summary: "Create short link record",
             body: createRequest,
+            response: {
+              201: {
+                description: "The short link has been created.",
+                headers: {
+                  Location: z
+                    .url()
+                    .min(1)
+                    .meta({
+                      description: "The resource URL for the shortened link.",
+                      example: `${fastify.environmentConfig.UserFacingUrl}/api/v1/linkry/redir/healthz`,
+                    }),
+                },
+                content: {
+                  "application/json": {
+                    schema: z.null(),
+                  },
+                },
+              },
+            },
           }),
         ),
         preValidation: async (request, reply) => {
@@ -450,7 +509,13 @@ const linkryRoutes: FastifyPluginAsync = async (fastify, _options) => {
             message: `Created redirect to "${request.body.redirect}"`,
           },
         });
-        return reply.status(201).send();
+        return reply
+          .header(
+            "Location",
+            `${fastify.environmentConfig.UserFacingUrl}/api/v1/linkry/redir/${request.body.slug}`,
+          )
+          .status(201)
+          .send();
       },
     );
 
@@ -463,6 +528,17 @@ const linkryRoutes: FastifyPluginAsync = async (fastify, _options) => {
             params: z.object({
               slug: linkrySlug,
             }),
+            summary: "Get a short link record",
+            response: {
+              200: {
+                description: "The short link record has been retrieved.",
+                content: {
+                  "application/json": {
+                    schema: linkryRecordWithOwner,
+                  },
+                },
+              },
+            },
           }),
         ),
         onRequest: fastify.authorizeFromSchema,
@@ -512,9 +588,20 @@ const linkryRoutes: FastifyPluginAsync = async (fastify, _options) => {
         schema: withRoles(
           [AppRoles.LINKS_MANAGER, AppRoles.LINKS_ADMIN],
           withTags(["Linkry"], {
+            summary: "Delete a short link record",
             params: z.object({
               slug: linkrySlug,
             }),
+            response: {
+              204: {
+                description: "The short link record has been deleted.",
+                content: {
+                  "application/json": {
+                    schema: z.null(),
+                  },
+                },
+              },
+            },
           }),
         ),
         onRequest: async (request, reply) => {