feat: debug-endpoints (#110)

* reorg + pprof endpoints

* fix spacing issue

* fix generation directory

backend/app/api/handlers/debughandlers/debug.go

@@ -0,0 +1,16 @@
+package debughandlers
+
+import (
+	"expvar"
+	"net/http"
+	"net/http/pprof"
+)
+
+func New(mux *http.ServeMux) {
+	mux.HandleFunc("/debug/pprof", pprof.Index)
+	mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
+	mux.HandleFunc("/debug/pprof/profile", pprof.Profile)
+	mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
+	mux.HandleFunc("/debug/pprof/trace", pprof.Trace)
+	mux.Handle("/debug/vars", expvar.Handler())
+}

backend/app/api/handlers/v1/controller.go

@@ -0,0 +1,89 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/pkgs/server"
+)
+
+func WithMaxUploadSize(maxUploadSize int64) func(*V1Controller) {
+	return func(ctrl *V1Controller) {
+		ctrl.maxUploadSize = maxUploadSize
+	}
+}
+
+func WithDemoStatus(demoStatus bool) func(*V1Controller) {
+	return func(ctrl *V1Controller) {
+		ctrl.isDemo = demoStatus
+	}
+}
+
+func WithRegistration(allowRegistration bool) func(*V1Controller) {
+	return func(ctrl *V1Controller) {
+		ctrl.allowRegistration = allowRegistration
+	}
+}
+
+type V1Controller struct {
+	svc               *services.AllServices
+	maxUploadSize     int64
+	isDemo            bool
+	allowRegistration bool
+}
+
+type (
+	ReadyFunc func() bool
+
+	Build struct {
+		Version   string `json:"version"`
+		Commit    string `json:"commit"`
+		BuildTime string `json:"buildTime"`
+	}
+
+	ApiSummary struct {
+		Healthy  bool     `json:"health"`
+		Versions []string `json:"versions"`
+		Title    string   `json:"title"`
+		Message  string   `json:"message"`
+		Build    Build    `json:"build"`
+		Demo     bool     `json:"demo"`
+	}
+)
+
+func BaseUrlFunc(prefix string) func(s string) string {
+	return func(s string) string {
+		return prefix + "/v1" + s
+	}
+}
+
+func NewControllerV1(svc *services.AllServices, options ...func(*V1Controller)) *V1Controller {
+	ctrl := &V1Controller{
+		svc:               svc,
+		allowRegistration: true,
+	}
+
+	for _, opt := range options {
+		opt(ctrl)
+	}
+
+	return ctrl
+}
+
+// HandleBase godoc
+// @Summary Retrieves the basic information about the API
+// @Tags    Base
+// @Produce json
+// @Success 200 {object} ApiSummary
+// @Router  /v1/status [GET]
+func (ctrl *V1Controller) HandleBase(ready ReadyFunc, build Build) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		server.Respond(w, http.StatusOK, ApiSummary{
+			Healthy: ready(),
+			Title:   "Go API Template",
+			Message: "Welcome to the Go API Template Application!",
+			Build:   build,
+			Demo:    ctrl.isDemo,
+		})
+	}
+}

backend/app/api/handlers/v1/partials.go

@@ -0,0 +1,21 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/pkgs/server"
+	"github.com/rs/zerolog/log"
+)
+
+func (ctrl *V1Controller) routeID(w http.ResponseWriter, r *http.Request) (uuid.UUID, error) {
+	ID, err := uuid.Parse(chi.URLParam(r, "id"))
+	if err != nil {
+		log.Err(err).Msg("failed to parse id")
+		server.RespondError(w, http.StatusBadRequest, err)
+		return uuid.Nil, err
+	}
+
+	return ID, nil
+}

backend/app/api/handlers/v1/v1_ctrl_auth.go

@@ -0,0 +1,134 @@
+package v1
+
+import (
+	"errors"
+	"net/http"
+	"time"
+
+	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/pkgs/server"
+	"github.com/rs/zerolog/log"
+)
+
+type (
+	TokenResponse struct {
+		Token     string    `json:"token"`
+		ExpiresAt time.Time `json:"expiresAt"`
+	}
+
+	LoginForm struct {
+		Username string `json:"username"`
+		Password string `json:"password"`
+	}
+)
+
+// HandleAuthLogin godoc
+// @Summary User Login
+// @Tags    Authentication
+// @Accept  x-www-form-urlencoded
+// @Accept  application/json
+// @Param   username formData string false "string" example(admin@admin.com)
+// @Param   password formData string false "string" example(admin)
+// @Produce json
+// @Success 200 {object} TokenResponse
+// @Router  /v1/users/login [POST]
+func (ctrl *V1Controller) HandleAuthLogin() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		loginForm := &LoginForm{}
+
+		switch r.Header.Get("Content-Type") {
+		case server.ContentFormUrlEncoded:
+			err := r.ParseForm()
+			if err != nil {
+				server.Respond(w, http.StatusBadRequest, server.Wrap(err))
+				log.Error().Err(err).Msg("failed to parse form")
+				return
+			}
+
+			loginForm.Username = r.PostFormValue("username")
+			loginForm.Password = r.PostFormValue("password")
+		case server.ContentJSON:
+			err := server.Decode(r, loginForm)
+
+			if err != nil {
+				log.Err(err).Msg("failed to decode login form")
+				server.Respond(w, http.StatusBadRequest, server.Wrap(err))
+				return
+			}
+		default:
+			server.Respond(w, http.StatusBadRequest, errors.New("invalid content type"))
+			return
+		}
+
+		if loginForm.Username == "" || loginForm.Password == "" {
+			server.RespondError(w, http.StatusBadRequest, errors.New("username and password are required"))
+			return
+		}
+
+		newToken, err := ctrl.svc.User.Login(r.Context(), loginForm.Username, loginForm.Password)
+
+		if err != nil {
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		server.Respond(w, http.StatusOK, TokenResponse{
+			Token:     "Bearer " + newToken.Raw,
+			ExpiresAt: newToken.ExpiresAt,
+		})
+	}
+}
+
+// HandleAuthLogout godoc
+// @Summary  User Logout
+// @Tags     Authentication
+// @Success  204
+// @Router   /v1/users/logout [POST]
+// @Security Bearer
+func (ctrl *V1Controller) HandleAuthLogout() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		token := services.UseTokenCtx(r.Context())
+
+		if token == "" {
+			server.RespondError(w, http.StatusUnauthorized, errors.New("no token within request context"))
+			return
+		}
+
+		err := ctrl.svc.User.Logout(r.Context(), token)
+
+		if err != nil {
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		server.Respond(w, http.StatusNoContent, nil)
+	}
+}
+
+// HandleAuthLogout godoc
+// @Summary     User Token Refresh
+// @Description handleAuthRefresh returns a handler that will issue a new token from an existing token.
+// @Description This does not validate that the user still exists within the database.
+// @Tags        Authentication
+// @Success     200
+// @Router      /v1/users/refresh [GET]
+// @Security    Bearer
+func (ctrl *V1Controller) HandleAuthRefresh() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		requestToken := services.UseTokenCtx(r.Context())
+
+		if requestToken == "" {
+			server.RespondError(w, http.StatusUnauthorized, errors.New("no user token found"))
+			return
+		}
+
+		newToken, err := ctrl.svc.User.RenewToken(r.Context(), requestToken)
+
+		if err != nil {
+			server.RespondUnauthorized(w)
+			return
+		}
+
+		server.Respond(w, http.StatusOK, newToken)
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_group.go

@@ -0,0 +1,121 @@
+package v1
+
+import (
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/pkgs/server"
+	"github.com/rs/zerolog/log"
+)
+
+type (
+	GroupInvitationCreate struct {
+		Uses      int       `json:"uses"`
+		ExpiresAt time.Time `json:"expiresAt"`
+	}
+
+	GroupInvitation struct {
+		Token     string    `json:"token"`
+		ExpiresAt time.Time `json:"expiresAt"`
+		Uses      int       `json:"uses"`
+	}
+)
+
+// HandleGroupGet godoc
+// @Summary  Get the current user's group
+// @Tags     Group
+// @Produce  json
+// @Success  200 {object} repo.Group
+// @Router   /v1/groups [Get]
+// @Security Bearer
+func (ctrl *V1Controller) HandleGroupGet() http.HandlerFunc {
+	return ctrl.handleGroupGeneral()
+}
+
+// HandleGroupUpdate godoc
+// @Summary  Updates some fields of the current users group
+// @Tags     Group
+// @Produce  json
+// @Param    payload body     repo.GroupUpdate true "User Data"
+// @Success  200     {object} repo.Group
+// @Router   /v1/groups [Put]
+// @Security Bearer
+func (ctrl *V1Controller) HandleGroupUpdate() http.HandlerFunc {
+	return ctrl.handleGroupGeneral()
+}
+
+func (ctrl *V1Controller) handleGroupGeneral() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		ctx := services.NewContext(r.Context())
+
+		switch r.Method {
+		case http.MethodGet:
+			group, err := ctrl.svc.Group.Get(ctx)
+			if err != nil {
+				log.Err(err).Msg("failed to get group")
+				server.RespondError(w, http.StatusInternalServerError, err)
+				return
+			}
+
+			group.Currency = strings.ToUpper(group.Currency) // TODO: Hack to fix the currency enums being lower caseÍ
+			server.Respond(w, http.StatusOK, group)
+
+		case http.MethodPut:
+			data := repo.GroupUpdate{}
+			if err := server.Decode(r, &data); err != nil {
+				server.RespondError(w, http.StatusBadRequest, err)
+				return
+			}
+
+			group, err := ctrl.svc.Group.UpdateGroup(ctx, data)
+			if err != nil {
+				log.Err(err).Msg("failed to update group")
+				server.RespondError(w, http.StatusInternalServerError, err)
+				return
+			}
+			group.Currency = strings.ToUpper(group.Currency) // TODO: Hack to fix the currency enums being lower case
+			server.Respond(w, http.StatusOK, group)
+		}
+	}
+}
+
+// HandleGroupInvitationsCreate godoc
+// @Summary  Get the current user
+// @Tags     Group
+// @Produce  json
+// @Param    payload body     GroupInvitationCreate true "User Data"
+// @Success  200     {object} GroupInvitation
+// @Router   /v1/groups/invitations [Post]
+// @Security Bearer
+func (ctrl *V1Controller) HandleGroupInvitationsCreate() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		data := GroupInvitationCreate{}
+		if err := server.Decode(r, &data); err != nil {
+			log.Err(err).Msg("failed to decode user registration data")
+			server.RespondError(w, http.StatusBadRequest, err)
+			return
+		}
+
+		if data.ExpiresAt.IsZero() {
+			data.ExpiresAt = time.Now().Add(time.Hour * 24)
+		}
+
+		ctx := services.NewContext(r.Context())
+
+		token, err := ctrl.svc.Group.NewInvitation(ctx, data.Uses, data.ExpiresAt)
+		if err != nil {
+			log.Err(err).Msg("failed to create new token")
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		server.Respond(w, http.StatusCreated, GroupInvitation{
+			Token:     token,
+			ExpiresAt: data.ExpiresAt,
+			Uses:      data.Uses,
+		})
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_items.go

@@ -0,0 +1,230 @@
+package v1
+
+import (
+	"encoding/csv"
+	"net/http"
+	"net/url"
+	"strconv"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/pkgs/server"
+	"github.com/rs/zerolog/log"
+)
+
+// HandleItemsGetAll godoc
+// @Summary  Get All Items
+// @Tags     Items
+// @Produce  json
+// @Param    q         query    string   false "search string"
+// @Param    page      query    int      false "page number"
+// @Param    pageSize  query    int      false "items per page"
+// @Param    labels    query    []string false "label Ids"    collectionFormat(multi)
+// @Param    locations query    []string false "location Ids" collectionFormat(multi)
+// @Success  200       {object} repo.PaginationResult[repo.ItemSummary]{}
+// @Router   /v1/items [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemsGetAll() http.HandlerFunc {
+	uuidList := func(params url.Values, key string) []uuid.UUID {
+		var ids []uuid.UUID
+		for _, id := range params[key] {
+			uid, err := uuid.Parse(id)
+			if err != nil {
+				continue
+			}
+			ids = append(ids, uid)
+		}
+		return ids
+	}
+
+	intOrNegativeOne := func(s string) int {
+		i, err := strconv.Atoi(s)
+		if err != nil {
+			return -1
+		}
+		return i
+	}
+
+	extractQuery := func(r *http.Request) repo.ItemQuery {
+		params := r.URL.Query()
+
+		return repo.ItemQuery{
+			Page:        intOrNegativeOne(params.Get("page")),
+			PageSize:    intOrNegativeOne(params.Get("perPage")),
+			Search:      params.Get("q"),
+			LocationIDs: uuidList(params, "locations"),
+			LabelIDs:    uuidList(params, "labels"),
+		}
+	}
+
+	return func(w http.ResponseWriter, r *http.Request) {
+		ctx := services.NewContext(r.Context())
+		items, err := ctrl.svc.Items.Query(ctx, extractQuery(r))
+		if err != nil {
+			log.Err(err).Msg("failed to get items")
+			server.RespondServerError(w)
+			return
+		}
+		server.Respond(w, http.StatusOK, items)
+	}
+}
+
+// HandleItemsCreate godoc
+// @Summary  Create a new item
+// @Tags     Items
+// @Produce  json
+// @Param    payload body     repo.ItemCreate true "Item Data"
+// @Success  200     {object} repo.ItemSummary
+// @Router   /v1/items [POST]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemsCreate() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		createData := repo.ItemCreate{}
+		if err := server.Decode(r, &createData); err != nil {
+			log.Err(err).Msg("failed to decode request body")
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		user := services.UseUserCtx(r.Context())
+		item, err := ctrl.svc.Items.Create(r.Context(), user.GroupID, createData)
+		if err != nil {
+			log.Err(err).Msg("failed to create item")
+			server.RespondServerError(w)
+			return
+		}
+
+		server.Respond(w, http.StatusCreated, item)
+	}
+}
+
+// HandleItemGet godocs
+// @Summary  Gets a item and fields
+// @Tags     Items
+// @Produce  json
+// @Param    id  path     string true "Item ID"
+// @Success  200 {object} repo.ItemOut
+// @Router   /v1/items/{id} [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemGet() http.HandlerFunc {
+	return ctrl.handleItemsGeneral()
+}
+
+// HandleItemDelete godocs
+// @Summary  deletes a item
+// @Tags     Items
+// @Produce  json
+// @Param    id path string true "Item ID"
+// @Success  204
+// @Router   /v1/items/{id} [DELETE]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemDelete() http.HandlerFunc {
+	return ctrl.handleItemsGeneral()
+}
+
+// HandleItemUpdate godocs
+// @Summary  updates a item
+// @Tags     Items
+// @Produce  json
+// @Param    id      path     string          true "Item ID"
+// @Param    payload body     repo.ItemUpdate true "Item Data"
+// @Success  200     {object} repo.ItemOut
+// @Router   /v1/items/{id} [PUT]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemUpdate() http.HandlerFunc {
+	return ctrl.handleItemsGeneral()
+}
+
+func (ctrl *V1Controller) handleItemsGeneral() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		ctx := services.NewContext(r.Context())
+		ID, err := ctrl.routeID(w, r)
+		if err != nil {
+			return
+		}
+
+		switch r.Method {
+		case http.MethodGet:
+			items, err := ctrl.svc.Items.GetOne(r.Context(), ctx.GID, ID)
+			if err != nil {
+				log.Err(err).Msg("failed to get item")
+				server.RespondServerError(w)
+				return
+			}
+			server.Respond(w, http.StatusOK, items)
+			return
+		case http.MethodDelete:
+			err = ctrl.svc.Items.Delete(r.Context(), ctx.GID, ID)
+			if err != nil {
+				log.Err(err).Msg("failed to delete item")
+				server.RespondServerError(w)
+				return
+			}
+			server.Respond(w, http.StatusNoContent, nil)
+			return
+		case http.MethodPut:
+			body := repo.ItemUpdate{}
+			if err := server.Decode(r, &body); err != nil {
+				log.Err(err).Msg("failed to decode request body")
+				server.RespondError(w, http.StatusInternalServerError, err)
+				return
+			}
+			body.ID = ID
+			result, err := ctrl.svc.Items.Update(r.Context(), ctx.GID, body)
+			if err != nil {
+				log.Err(err).Msg("failed to update item")
+				server.RespondServerError(w)
+				return
+			}
+			server.Respond(w, http.StatusOK, result)
+		}
+
+	}
+}
+
+// HandleItemsImport godocs
+// @Summary  imports items into the database
+// @Tags     Items
+// @Produce  json
+// @Success  204
+// @Param    csv formData file true "Image to upload"
+// @Router   /v1/items/import [Post]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemsImport() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		err := r.ParseMultipartForm(ctrl.maxUploadSize << 20)
+		if err != nil {
+			log.Err(err).Msg("failed to parse multipart form")
+			server.RespondServerError(w)
+			return
+		}
+
+		file, _, err := r.FormFile("csv")
+		if err != nil {
+			log.Err(err).Msg("failed to get file from form")
+			server.RespondServerError(w)
+			return
+		}
+
+		reader := csv.NewReader(file)
+		data, err := reader.ReadAll()
+		if err != nil {
+			log.Err(err).Msg("failed to read csv")
+			server.RespondServerError(w)
+			return
+		}
+
+		user := services.UseUserCtx(r.Context())
+
+		_, err = ctrl.svc.Items.CsvImport(r.Context(), user.GroupID, data)
+		if err != nil {
+			log.Err(err).Msg("failed to import items")
+			server.RespondServerError(w)
+			return
+		}
+
+		server.Respond(w, http.StatusNoContent, nil)
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_items_attachments.go

@@ -0,0 +1,242 @@
+package v1
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/ent/attachment"
+	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/pkgs/server"
+	"github.com/rs/zerolog/log"
+)
+
+type (
+	ItemAttachmentToken struct {
+		Token string `json:"token"`
+	}
+)
+
+// HandleItemsImport godocs
+// @Summary  imports items into the database
+// @Tags     Items Attachments
+// @Produce  json
+// @Param    id   path     string true "Item ID"
+// @Param    file formData file   true "File attachment"
+// @Param    type formData string true "Type of file"
+// @Param    name formData string true "name of the file including extension"
+// @Success  200  {object} repo.ItemOut
+// @Failure  422  {object} []server.ValidationError
+// @Router   /v1/items/{id}/attachments [POST]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemAttachmentCreate() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		err := r.ParseMultipartForm(ctrl.maxUploadSize << 20)
+		if err != nil {
+			log.Err(err).Msg("failed to parse multipart form")
+			server.RespondError(w, http.StatusBadRequest, errors.New("failed to parse multipart form"))
+			return
+		}
+
+		errs := make(server.ValidationErrors, 0)
+
+		file, _, err := r.FormFile("file")
+		if err != nil {
+			switch {
+			case errors.Is(err, http.ErrMissingFile):
+				log.Debug().Msg("file for attachment is missing")
+				errs = errs.Append("file", "file is required")
+			default:
+				log.Err(err).Msg("failed to get file from form")
+				server.RespondServerError(w)
+				return
+			}
+		}
+
+		attachmentName := r.FormValue("name")
+		if attachmentName == "" {
+			log.Debug().Msg("failed to get name from form")
+			errs = errs.Append("name", "name is required")
+		}
+
+		if errs.HasErrors() {
+			server.Respond(w, http.StatusUnprocessableEntity, errs)
+			return
+		}
+
+		attachmentType := r.FormValue("type")
+		if attachmentType == "" {
+			attachmentType = attachment.TypeAttachment.String()
+		}
+
+		id, err := ctrl.routeID(w, r)
+		if err != nil {
+			return
+		}
+
+		ctx := services.NewContext(r.Context())
+
+		item, err := ctrl.svc.Items.AttachmentAdd(
+			ctx,
+			id,
+			attachmentName,
+			attachment.Type(attachmentType),
+			file,
+		)
+
+		if err != nil {
+			log.Err(err).Msg("failed to add attachment")
+			server.RespondServerError(w)
+			return
+		}
+
+		server.Respond(w, http.StatusCreated, item)
+	}
+}
+
+// HandleItemAttachmentGet godocs
+// @Summary  retrieves an attachment for an item
+// @Tags     Items Attachments
+// @Produce  application/octet-stream
+// @Param    id    path  string true "Item ID"
+// @Param    token query string true "Attachment token"
+// @Success  200
+// @Router   /v1/items/{id}/attachments/download [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemAttachmentDownload() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		token := server.GetParam(r, "token", "")
+
+		doc, err := ctrl.svc.Items.AttachmentPath(r.Context(), token)
+
+		if err != nil {
+			log.Err(err).Msg("failed to get attachment")
+			server.RespondServerError(w)
+			return
+		}
+
+		w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", doc.Title))
+		w.Header().Set("Content-Type", "application/octet-stream")
+		http.ServeFile(w, r, doc.Path)
+	}
+}
+
+// HandleItemAttachmentToken godocs
+// @Summary  retrieves an attachment for an item
+// @Tags     Items Attachments
+// @Produce  application/octet-stream
+// @Param    id            path     string true "Item ID"
+// @Param    attachment_id path     string true "Attachment ID"
+// @Success  200           {object} ItemAttachmentToken
+// @Router   /v1/items/{id}/attachments/{attachment_id} [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemAttachmentToken() http.HandlerFunc {
+	return ctrl.handleItemAttachmentsHandler
+}
+
+// HandleItemAttachmentDelete godocs
+// @Summary  retrieves an attachment for an item
+// @Tags     Items Attachments
+// @Param    id            path string true "Item ID"
+// @Param    attachment_id path string true "Attachment ID"
+// @Success  204
+// @Router   /v1/items/{id}/attachments/{attachment_id} [DELETE]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemAttachmentDelete() http.HandlerFunc {
+	return ctrl.handleItemAttachmentsHandler
+}
+
+// HandleItemAttachmentUpdate godocs
+// @Summary  retrieves an attachment for an item
+// @Tags     Items Attachments
+// @Param    id            path     string                    true "Item ID"
+// @Param    attachment_id path     string                    true "Attachment ID"
+// @Param    payload       body     repo.ItemAttachmentUpdate true "Attachment Update"
+// @Success  200           {object} repo.ItemOut
+// @Router   /v1/items/{id}/attachments/{attachment_id} [PUT]
+// @Security Bearer
+func (ctrl *V1Controller) HandleItemAttachmentUpdate() http.HandlerFunc {
+	return ctrl.handleItemAttachmentsHandler
+}
+
+func (ctrl *V1Controller) handleItemAttachmentsHandler(w http.ResponseWriter, r *http.Request) {
+	ID, err := ctrl.routeID(w, r)
+	if err != nil {
+		return
+	}
+
+	attachmentId, err := uuid.Parse(chi.URLParam(r, "attachment_id"))
+	if err != nil {
+		log.Err(err).Msg("failed to parse attachment_id param")
+		server.RespondError(w, http.StatusBadRequest, err)
+		return
+	}
+
+	ctx := services.NewContext(r.Context())
+
+	switch r.Method {
+
+	// Token Handler
+	case http.MethodGet:
+		token, err := ctrl.svc.Items.AttachmentToken(ctx, ID, attachmentId)
+		if err != nil {
+			switch err {
+			case services.ErrNotFound:
+				log.Err(err).
+					Str("id", attachmentId.String()).
+					Msg("failed to find attachment with id")
+
+				server.RespondError(w, http.StatusNotFound, err)
+
+			case services.ErrFileNotFound:
+				log.Err(err).
+					Str("id", attachmentId.String()).
+					Msg("failed to find file path for attachment with id")
+				log.Warn().Msg("attachment with no file path removed from database")
+
+				server.RespondError(w, http.StatusNotFound, err)
+
+			default:
+				log.Err(err).Msg("failed to get attachment")
+				server.RespondServerError(w)
+				return
+			}
+		}
+
+		server.Respond(w, http.StatusOK, ItemAttachmentToken{Token: token})
+
+	// Delete Attachment Handler
+	case http.MethodDelete:
+		err = ctrl.svc.Items.AttachmentDelete(r.Context(), ctx.GID, ID, attachmentId)
+		if err != nil {
+			log.Err(err).Msg("failed to delete attachment")
+			server.RespondServerError(w)
+			return
+		}
+
+		server.Respond(w, http.StatusNoContent, nil)
+
+	// Update Attachment Handler
+	case http.MethodPut:
+		var attachment repo.ItemAttachmentUpdate
+		err = server.Decode(r, &attachment)
+		if err != nil {
+			log.Err(err).Msg("failed to decode attachment")
+			server.RespondError(w, http.StatusBadRequest, err)
+			return
+		}
+
+		attachment.ID = attachmentId
+		val, err := ctrl.svc.Items.AttachmentUpdate(ctx, ID, &attachment)
+		if err != nil {
+			log.Err(err).Msg("failed to delete attachment")
+			server.RespondServerError(w)
+			return
+		}
+
+		server.Respond(w, http.StatusOK, val)
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_labels.go

@@ -0,0 +1,150 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/hay-kot/homebox/backend/ent"
+	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/pkgs/server"
+	"github.com/rs/zerolog/log"
+)
+
+// HandleLabelsGetAll godoc
+// @Summary  Get All Labels
+// @Tags     Labels
+// @Produce  json
+// @Success  200 {object} server.Results{items=[]repo.LabelOut}
+// @Router   /v1/labels [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLabelsGetAll() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := services.UseUserCtx(r.Context())
+		labels, err := ctrl.svc.Labels.GetAll(r.Context(), user.GroupID)
+		if err != nil {
+			log.Err(err).Msg("error getting labels")
+			server.RespondServerError(w)
+			return
+		}
+		server.Respond(w, http.StatusOK, server.Results{Items: labels})
+	}
+}
+
+// HandleLabelsCreate godoc
+// @Summary  Create a new label
+// @Tags     Labels
+// @Produce  json
+// @Param    payload body     repo.LabelCreate true "Label Data"
+// @Success  200     {object} repo.LabelSummary
+// @Router   /v1/labels [POST]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLabelsCreate() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		createData := repo.LabelCreate{}
+		if err := server.Decode(r, &createData); err != nil {
+			log.Err(err).Msg("error decoding label create data")
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		user := services.UseUserCtx(r.Context())
+		label, err := ctrl.svc.Labels.Create(r.Context(), user.GroupID, createData)
+		if err != nil {
+			log.Err(err).Msg("error creating label")
+			server.RespondServerError(w)
+			return
+		}
+
+		server.Respond(w, http.StatusCreated, label)
+	}
+}
+
+// HandleLabelDelete godocs
+// @Summary  deletes a label
+// @Tags     Labels
+// @Produce  json
+// @Param    id path string true "Label ID"
+// @Success  204
+// @Router   /v1/labels/{id} [DELETE]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLabelDelete() http.HandlerFunc {
+	return ctrl.handleLabelsGeneral()
+}
+
+// HandleLabelGet godocs
+// @Summary  Gets a label and fields
+// @Tags     Labels
+// @Produce  json
+// @Param    id  path     string true "Label ID"
+// @Success  200 {object} repo.LabelOut
+// @Router   /v1/labels/{id} [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLabelGet() http.HandlerFunc {
+	return ctrl.handleLabelsGeneral()
+}
+
+// HandleLabelUpdate godocs
+// @Summary  updates a label
+// @Tags     Labels
+// @Produce  json
+// @Param    id  path     string true "Label ID"
+// @Success  200 {object} repo.LabelOut
+// @Router   /v1/labels/{id} [PUT]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLabelUpdate() http.HandlerFunc {
+	return ctrl.handleLabelsGeneral()
+}
+
+func (ctrl *V1Controller) handleLabelsGeneral() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		ctx := services.NewContext(r.Context())
+		ID, err := ctrl.routeID(w, r)
+		if err != nil {
+			return
+		}
+
+		switch r.Method {
+		case http.MethodGet:
+			labels, err := ctrl.svc.Labels.Get(r.Context(), ctx.GID, ID)
+			if err != nil {
+				if ent.IsNotFound(err) {
+					log.Err(err).
+						Str("id", ID.String()).
+						Msg("label not found")
+					server.RespondError(w, http.StatusNotFound, err)
+					return
+				}
+				log.Err(err).Msg("error getting label")
+				server.RespondServerError(w)
+				return
+			}
+			server.Respond(w, http.StatusOK, labels)
+
+		case http.MethodDelete:
+			err = ctrl.svc.Labels.Delete(r.Context(), ctx.GID, ID)
+			if err != nil {
+				log.Err(err).Msg("error deleting label")
+				server.RespondServerError(w)
+				return
+			}
+			server.Respond(w, http.StatusNoContent, nil)
+
+		case http.MethodPut:
+			body := repo.LabelUpdate{}
+			if err := server.Decode(r, &body); err != nil {
+				log.Err(err).Msg("error decoding label update data")
+				server.RespondError(w, http.StatusInternalServerError, err)
+				return
+			}
+
+			body.ID = ID
+			result, err := ctrl.svc.Labels.Update(r.Context(), ctx.GID, body)
+			if err != nil {
+				log.Err(err).Msg("error updating label")
+				server.RespondServerError(w)
+				return
+			}
+			server.Respond(w, http.StatusOK, result)
+		}
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_locations.go

@@ -0,0 +1,154 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/hay-kot/homebox/backend/ent"
+	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/pkgs/server"
+	"github.com/rs/zerolog/log"
+)
+
+// HandleLocationGetAll godoc
+// @Summary  Get All Locations
+// @Tags     Locations
+// @Produce  json
+// @Success  200 {object} server.Results{items=[]repo.LocationOutCount}
+// @Router   /v1/locations [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLocationGetAll() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := services.UseUserCtx(r.Context())
+		locations, err := ctrl.svc.Location.GetAll(r.Context(), user.GroupID)
+		if err != nil {
+			log.Err(err).Msg("failed to get locations")
+			server.RespondServerError(w)
+			return
+		}
+
+		server.Respond(w, http.StatusOK, server.Results{Items: locations})
+	}
+}
+
+// HandleLocationCreate godoc
+// @Summary  Create a new location
+// @Tags     Locations
+// @Produce  json
+// @Param    payload body     repo.LocationCreate true "Location Data"
+// @Success  200     {object} repo.LocationSummary
+// @Router   /v1/locations [POST]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLocationCreate() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		createData := repo.LocationCreate{}
+		if err := server.Decode(r, &createData); err != nil {
+			log.Err(err).Msg("failed to decode location create data")
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		user := services.UseUserCtx(r.Context())
+		location, err := ctrl.svc.Location.Create(r.Context(), user.GroupID, createData)
+		if err != nil {
+			log.Err(err).Msg("failed to create location")
+			server.RespondServerError(w)
+			return
+		}
+
+		server.Respond(w, http.StatusCreated, location)
+	}
+}
+
+// HandleLocationDelete godocs
+// @Summary  deletes a location
+// @Tags     Locations
+// @Produce  json
+// @Param    id path string true "Location ID"
+// @Success  204
+// @Router   /v1/locations/{id} [DELETE]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLocationDelete() http.HandlerFunc {
+	return ctrl.handleLocationGeneral()
+}
+
+// HandleLocationGet godocs
+// @Summary  Gets a location and fields
+// @Tags     Locations
+// @Produce  json
+// @Param    id  path     string true "Location ID"
+// @Success  200 {object} repo.LocationOut
+// @Router   /v1/locations/{id} [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLocationGet() http.HandlerFunc {
+	return ctrl.handleLocationGeneral()
+}
+
+// HandleLocationUpdate godocs
+// @Summary  updates a location
+// @Tags     Locations
+// @Produce  json
+// @Param    id      path     string              true "Location ID"
+// @Param    payload body     repo.LocationUpdate true "Location Data"
+// @Success  200     {object} repo.LocationOut
+// @Router   /v1/locations/{id} [PUT]
+// @Security Bearer
+func (ctrl *V1Controller) HandleLocationUpdate() http.HandlerFunc {
+	return ctrl.handleLocationGeneral()
+}
+
+func (ctrl *V1Controller) handleLocationGeneral() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		ctx := services.NewContext(r.Context())
+		ID, err := ctrl.routeID(w, r)
+		if err != nil {
+			return
+		}
+
+		switch r.Method {
+		case http.MethodGet:
+			location, err := ctrl.svc.Location.GetOne(r.Context(), ctx.GID, ID)
+			if err != nil {
+				l := log.Err(err).
+					Str("ID", ID.String()).
+					Str("GID", ctx.GID.String())
+
+				if ent.IsNotFound(err) {
+					l.Msg("location not found")
+					server.RespondError(w, http.StatusNotFound, err)
+					return
+				}
+
+				l.Msg("failed to get location")
+				server.RespondServerError(w)
+				return
+			}
+			server.Respond(w, http.StatusOK, location)
+		case http.MethodPut:
+			body := repo.LocationUpdate{}
+			if err := server.Decode(r, &body); err != nil {
+				log.Err(err).Msg("failed to decode location update data")
+				server.RespondError(w, http.StatusInternalServerError, err)
+				return
+			}
+
+			body.ID = ID
+
+			result, err := ctrl.svc.Location.Update(r.Context(), ctx.GID, body)
+			if err != nil {
+				log.Err(err).Msg("failed to update location")
+				server.RespondServerError(w)
+				return
+			}
+			server.Respond(w, http.StatusOK, result)
+		case http.MethodDelete:
+			err = ctrl.svc.Location.Delete(r.Context(), ctx.GID, ID)
+			if err != nil {
+				log.Err(err).Msg("failed to delete location")
+				server.RespondServerError(w)
+				return
+			}
+			server.Respond(w, http.StatusNoContent, nil)
+		}
+	}
+}

backend/app/api/handlers/v1/v1_ctrl_user.go

@@ -0,0 +1,157 @@
+package v1
+
+import (
+	"net/http"
+
+	"github.com/google/uuid"
+	"github.com/hay-kot/homebox/backend/internal/repo"
+	"github.com/hay-kot/homebox/backend/internal/services"
+	"github.com/hay-kot/homebox/backend/pkgs/server"
+	"github.com/rs/zerolog/log"
+)
+
+// HandleUserSelf godoc
+// @Summary Get the current user
+// @Tags    User
+// @Produce json
+// @Param   payload body services.UserRegistration true "User Data"
+// @Success 204
+// @Router  /v1/users/register [Post]
+func (ctrl *V1Controller) HandleUserRegistration() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		regData := services.UserRegistration{}
+
+		if err := server.Decode(r, &regData); err != nil {
+			log.Err(err).Msg("failed to decode user registration data")
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		if !ctrl.allowRegistration && regData.GroupToken == "" {
+			server.RespondError(w, http.StatusForbidden, nil)
+			return
+		}
+
+		_, err := ctrl.svc.User.RegisterUser(r.Context(), regData)
+		if err != nil {
+			log.Err(err).Msg("failed to register user")
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		server.Respond(w, http.StatusNoContent, nil)
+	}
+}
+
+// HandleUserSelf godoc
+// @Summary  Get the current user
+// @Tags     User
+// @Produce  json
+// @Success  200 {object} server.Result{item=repo.UserOut}
+// @Router   /v1/users/self [GET]
+// @Security Bearer
+func (ctrl *V1Controller) HandleUserSelf() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		token := services.UseTokenCtx(r.Context())
+		usr, err := ctrl.svc.User.GetSelf(r.Context(), token)
+		if usr.ID == uuid.Nil || err != nil {
+			log.Err(err).Msg("failed to get user")
+			server.RespondServerError(w)
+			return
+		}
+
+		server.Respond(w, http.StatusOK, server.Wrap(usr))
+	}
+}
+
+// HandleUserSelfUpdate godoc
+// @Summary  Update the current user
+// @Tags     User
+// @Produce  json
+// @Param    payload body     repo.UserUpdate true "User Data"
+// @Success  200     {object} server.Result{item=repo.UserUpdate}
+// @Router   /v1/users/self [PUT]
+// @Security Bearer
+func (ctrl *V1Controller) HandleUserSelfUpdate() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		updateData := repo.UserUpdate{}
+		if err := server.Decode(r, &updateData); err != nil {
+			log.Err(err).Msg("failed to decode user update data")
+			server.RespondError(w, http.StatusBadRequest, err)
+			return
+		}
+
+		actor := services.UseUserCtx(r.Context())
+		newData, err := ctrl.svc.User.UpdateSelf(r.Context(), actor.ID, updateData)
+
+		if err != nil {
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		server.Respond(w, http.StatusOK, server.Wrap(newData))
+	}
+}
+
+// HandleUserSelfDelete godoc
+// @Summary  Deletes the user account
+// @Tags     User
+// @Produce  json
+// @Success  204
+// @Router   /v1/users/self [DELETE]
+// @Security Bearer
+func (ctrl *V1Controller) HandleUserSelfDelete() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if ctrl.isDemo {
+			server.RespondError(w, http.StatusForbidden, nil)
+			return
+		}
+
+		actor := services.UseUserCtx(r.Context())
+		if err := ctrl.svc.User.DeleteSelf(r.Context(), actor.ID); err != nil {
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		server.Respond(w, http.StatusNoContent, nil)
+	}
+}
+
+type (
+	ChangePassword struct {
+		Current string `json:"current,omitempty"`
+		New     string `json:"new,omitempty"`
+	}
+)
+
+// HandleUserSelfChangePassword godoc
+// @Summary  Updates the users password
+// @Tags     User
+// @Success  204
+// @Param    payload body ChangePassword true "Password Payload"
+// @Router   /v1/users/change-password [PUT]
+// @Security Bearer
+func (ctrl *V1Controller) HandleUserSelfChangePassword() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if ctrl.isDemo {
+			server.RespondError(w, http.StatusForbidden, nil)
+			return
+		}
+
+		var cp ChangePassword
+		err := server.Decode(r, &cp)
+		if err != nil {
+			log.Err(err).Msg("user failed to change password")
+		}
+
+		ctx := services.NewContext(r.Context())
+
+		ok := ctrl.svc.User.ChangePassword(ctx, cp.Current, cp.New)
+		if !ok {
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		server.Respond(w, http.StatusNoContent, nil)
+	}
+}