feat(api): add Swagger annotations for privacy opt-out and account deletion

2026-02-25 19:51:54 +01:00 · 2026-02-25 19:51:54 +01:00 · d35b7d37fb
commit d35b7d37fb
parent 9636613eaa
2 changed files with 20 additions and 0 deletions
--- a/veza-backend-api/internal/handlers/account_deletion_handler.go
+++ b/veza-backend-api/internal/handlers/account_deletion_handler.go
@ -22,6 +22,17 @@ type DeleteAccountRequest struct {
 }

 // DeleteAccountHandler returns a handler for DELETE /users/me (v0.803 SEC2-05)
+//
+// @Summary      Delete account
+// @Description  Permanently delete user account with anonymization, session revocation, audit log
+// @Tags         Users
+// @Security     BearerAuth
+// @Param        body  body  DeleteAccountRequest  true  "Password, reason, confirm_text (must be DELETE)"
+// @Success      200   {object}  map[string]interface{}
+// @Failure      400   {object}  map[string]interface{}
+// @Failure      401   {object}  map[string]interface{}
+// @Failure      500   {object}  map[string]interface{}
+// @Router       /users/me [delete]
 func DeleteAccountHandler(
 	db *gorm.DB,
 	sessionService *services.SessionService,
--- a/veza-backend-api/internal/handlers/privacy_handler.go
+++ b/veza-backend-api/internal/handlers/privacy_handler.go
@ -10,6 +10,15 @@ import (

 // PrivacyOptOut sets the CCPA "Do Not Sell" preference for the authenticated user.
 // v0.803 SEC2-06: CCPA compliance - honors user opt-out request.
+//
+// @Summary      CCPA Do Not Sell opt-out
+// @Description  Saves the user's Do Not Sell preference (CCPA compliance)
+// @Tags         Users
+// @Security     BearerAuth
+// @Success      200  {object}  map[string]interface{}
+// @Failure      401  {object}  map[string]interface{}
+// @Failure      500  {object}  map[string]interface{}
+// @Router       /users/me/privacy/opt-out [post]
 func PrivacyOptOut(db *gorm.DB) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		userID, ok := GetUserIDUUID(c)