docs: Add full Swagger JSDoc coverage

server/api/controllers/access-tokens/create.js

@@ -3,6 +3,106 @@
  * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
  */
 
+/**
+ * @swagger
+ * /api/access-tokens:
+ *   post:
+ *     summary: User login
+ *     description: Authenticates a user using email/username and password. Returns an access token for API authentication.
+ *     tags:
+ *       - Access Tokens
+ *     requestBody:
+ *       required: true
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             required:
+ *               - emailOrUsername
+ *               - password
+ *             properties:
+ *               emailOrUsername:
+ *                 type: string
+ *                 maxLength: 256
+ *                 description: Email address or username of the user
+ *                 example: john.doe@example.com
+ *               password:
+ *                 type: string
+ *                 maxLength: 256
+ *                 description: Password of the user
+ *                 example: SecurePassword123!
+ *               withHttpOnlyToken:
+ *                 type: boolean
+ *                 description: Whether to include an HTTP-only authentication cookie
+ *                 example: true
+ *     responses:
+ *       200:
+ *         description: Login successful
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: object
+ *               required:
+ *                 - item
+ *               properties:
+ *                 item:
+ *                   type: string
+ *                   description: Access token for API authentication
+ *                   example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ4...
+ *         headers:
+ *           Set-Cookie:
+ *             description: HTTP-only authentication cookie (if withHttpOnlyToken is true)
+ *             schema:
+ *               type: string
+ *               example: httpOnlyToken=29aa3e38-8d24-4029-9743-9cbcf0a0dd5c; HttpOnly; Secure; SameSite=Strict
+ *       400:
+ *         $ref: '#/components/responses/ValidationError'
+ *       401:
+ *         description: Invalid credentials
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: object
+ *               required:
+ *                 - code
+ *                 - message
+ *               properties:
+ *                 code:
+ *                   type: string
+ *                   description: Error code
+ *                   example: E_UNAUTHORIZED
+ *                 message:
+ *                   type: string
+ *                   enum:
+ *                     - Invalid credentials
+ *                     - Invalid email or username
+ *                     - Invalid password
+ *                   description: Specific error message
+ *                   example: Invalid credentials
+ *       403:
+ *         description: Authentication restriction
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: object
+ *               required:
+ *                 - code
+ *                 - message
+ *               properties:
+ *                 code:
+ *                   type: string
+ *                   description: Error code
+ *                   example: E_FORBIDDEN
+ *                 message:
+ *                   type: string
+ *                   enum:
+ *                     - Use single sign-on
+ *                     - Terms acceptance required
+ *                     - Admin login required to initialize instance
+ *                   description: Specific error message
+ *                   example: Use single sign-on
+ */
+
 const bcrypt = require('bcrypt');
 
 const { isEmailOrUsername } = require('../../../utils/validators');