added swagger documentation to all code

not polished yet has still some internal Models visible and wrong naming for packages (API Sections)

backend/appsystem/handlers.go

@@ -5,10 +5,26 @@ import (
 )
 
 // Versionsinfo returns version and git commit information
+// Versionsinfo godoc
+// @Summary Get application version
+// @Description Returns the current application version information
+// @Tags System
+// @Produce json
+// @Success 200 {object} object "Version information"
+// @Router /api/version [get]
+// @Router /api/public/version [get]
 func Versionsinfo(c *gin.Context) {
 	c.JSON(200, GetInfo())
 }
 
+// SystemInfo godoc
+// @Summary Get system information
+// @Description Returns system configuration and environment information
+// @Tags System
+// @Produce json
+// @Success 200 {object} object "System information"
+// @Router /api/systeminfo [get]
+// @Router /api/public/systeminfo [get]
 func SystemInfo(c *gin.Context) {
 	c.JSON(200, GetInfo2())
 }

backend/character/audit_log_handlers.go

@@ -9,6 +9,18 @@ import (
 )
 
 // GetCharacterAuditLog gibt alle Audit-Log-Einträge für einen Charakter zurück
+// GetCharacterAuditLog godoc
+// @Summary Get character audit log
+// @Description Returns audit log of all changes to a character (optionally filtered by field)
+// @Tags Characters
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param field query string false "Filter by field name"
+// @Success 200 {array} models.AuditLogEntry "Audit log entries"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Security BearerAuth
+// @Router /api/characters/{id}/audit-log [get]
 func GetCharacterAuditLog(c *gin.Context) {
 	charID := c.Param("id")
 
@@ -42,6 +54,17 @@ func GetCharacterAuditLog(c *gin.Context) {
 }
 
 // GetAuditLogStats gibt Statistiken über Änderungen zurück
+// GetAuditLogStats godoc
+// @Summary Get audit log statistics
+// @Description Returns statistics about character changes (total changes, by field, etc.)
+// @Tags Characters
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {object} object "Audit log statistics"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Security BearerAuth
+// @Router /api/characters/{id}/audit-log/stats [get]
 func GetAuditLogStats(c *gin.Context) {
 	charID := c.Param("id")
 

backend/character/derived_values_calculator.go

@@ -120,6 +120,18 @@ func CalculateStaticFieldsLogic(req CalculateStaticFieldsRequest) StaticFieldsRe
 }
 
 // CalculateStaticFields berechnet alle Felder ohne Würfelwürfe (HTTP Handler)
+// CalculateStaticFields godoc
+// @Summary Calculate static character fields
+// @Description Calculates derived character values without dice rolls (e.g., modifiers, bonuses)
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param request body object{race_id=int,attributes=object} true "Character attributes and race"
+// @Success 200 {object} object "Calculated static fields"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/calculate-static-fields [post]
 func CalculateStaticFields(c *gin.Context) {
 	var req CalculateStaticFieldsRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
@@ -136,6 +148,18 @@ func CalculateStaticFields(c *gin.Context) {
 }
 
 // CalculateRolledField berechnet ein Feld mit Würfelwurf
+// CalculateRolledField godoc
+// @Summary Calculate rolled character field
+// @Description Calculates a derived value with dice rolls (e.g., hit points, magic resistance)
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param request body object{field=string,attributes=object,race_id=int} true "Field name and character data"
+// @Success 200 {object} object "Rolled field result with dice details"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/calculate-rolled-field [post]
 func CalculateRolledField(c *gin.Context) {
 	var req CalculateRolledFieldRequest
 	if err := c.ShouldBindJSON(&req); err != nil {

backend/character/handlers.go

@@ -41,6 +41,15 @@ func checkCharacterOwnership(c *gin.Context, character *models.Char) bool {
 	return true
 }
 
+// ListCharacters godoc
+// @Summary List all characters
+// @Description Returns all characters owned by or shared with the authenticated user
+// @Tags Characters
+// @Produce json
+// @Success 200 {array} models.Char "List of characters"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters [get]
 func ListCharacters(c *gin.Context) {
 	logger.Debug("ListCharacters aufgerufen")
 
@@ -84,6 +93,18 @@ func ListCharacters(c *gin.Context) {
 	c.JSON(http.StatusOK, allCharacters)
 }
 
+// CreateCharacter godoc
+// @Summary Create new character
+// @Description Creates a new character for the authenticated user
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param character body models.Char true "Character data"
+// @Success 201 {object} models.Char "Created character"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters [post]
 func CreateCharacter(c *gin.Context) {
 	var character models.Char
 	if err := c.ShouldBindJSON(&character); err != nil {
@@ -98,6 +119,19 @@ func CreateCharacter(c *gin.Context) {
 
 	c.JSON(http.StatusCreated, character)
 }
+
+// GetCharacter godoc
+// @Summary Get character by ID
+// @Description Returns a specific character by ID (must be owned by or shared with user)
+// @Tags Characters
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {object} models.Char "Character data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/characters/{id} [get]
 func GetCharacter(c *gin.Context) {
 	id := c.Param("id")
 	var character models.Char
@@ -109,6 +143,22 @@ func GetCharacter(c *gin.Context) {
 	feChar := ToFeChar(&character)
 	c.JSON(http.StatusOK, feChar)
 }
+
+// UpdateCharacter godoc
+// @Summary Update character
+// @Description Updates an existing character (must be owner)
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param character body models.Char true "Updated character data"
+// @Success 200 {object} models.Char "Updated character"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/characters/{id} [put]
 func UpdateCharacter(c *gin.Context) {
 	id := c.Param("id")
 	var character models.Char
@@ -149,6 +199,19 @@ func UpdateCharacter(c *gin.Context) {
 
 	c.JSON(http.StatusOK, character)
 }
+
+// DeleteCharacter godoc
+// @Summary Delete character
+// @Description Deletes a character (must be owner)
+// @Tags Characters
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {object} map[string]string "Character deleted successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/characters/{id} [delete]
 func DeleteCharacter(c *gin.Context) {
 	id := c.Param("id")
 	var character models.Char
@@ -276,6 +339,18 @@ type ExperienceAndWealthResponse struct {
 }
 
 // GetCharacterExperienceAndWealth gibt nur die EP und Vermögensdaten eines Charakters zurück
+// GetCharacterExperienceAndWealth godoc
+// @Summary Get character experience and wealth
+// @Description Returns detailed experience points, practice points, and wealth information
+// @Tags Characters
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {object} object "Experience and wealth data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/characters/{id}/experience-wealth [get]
 func GetCharacterExperienceAndWealth(c *gin.Context) {
 	id := c.Param("id")
 	var character models.Char
@@ -317,6 +392,20 @@ type UpdateExperienceRequest struct {
 
 // UpdateCharacterExperience aktualisiert die Erfahrungspunkte eines Charakters
 // TODO Wenn EP verändert werden ändert sich auch ES
+// UpdateCharacterExperience godoc
+// @Summary Update character experience
+// @Description Updates character experience points with audit logging
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param experience body object{experience_points=int,reason=string} true "Experience data"
+// @Success 200 {object} map[string]interface{} "Experience updated successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/{id}/experience [put]
 func UpdateCharacterExperience(c *gin.Context) {
 	id := c.Param("id")
 	var character models.Char
@@ -412,6 +501,20 @@ type UpdateWealthRequest struct {
 }
 
 // UpdateCharacterWealth aktualisiert das Vermögen eines Charakters
+// UpdateCharacterWealth godoc
+// @Summary Update character wealth
+// @Description Updates character wealth (gold, silver, copper) with audit logging
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param wealth body object{gold=int,silver=int,copper=int,reason=string} true "Wealth data"
+// @Success 200 {object} map[string]interface{} "Wealth updated successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/{id}/wealth [put]
 func UpdateCharacterWealth(c *gin.Context) {
 	id := c.Param("id")
 	var character models.Char
@@ -631,6 +734,20 @@ func getCharacterClass(character *models.Char) string {
 }
 
 // LearnSkill lernt eine neue Fertigkeit und erstellt Audit-Log-Einträge
+// LearnSkill godoc
+// @Summary Learn new skill
+// @Description Adds a new skill to the character with experience cost deduction and audit logging
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param skill_data body object{skill_id=int,initial_value=int,reward_type=string} true "Skill learning data"
+// @Success 200 {object} object "Skill learned successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/{id}/learn-skill-new [post]
 func LearnSkill(c *gin.Context) {
 	charID := c.Param("id")
 	var character models.Char
@@ -1116,6 +1233,19 @@ func deductResources(char *models.Char, skillName string, currentLevel, finalLev
 	return newEP, newGold, nil
 }
 
+// ImproveSkill godoc
+// @Summary Improve existing skill
+// @Description Increases the value of an existing skill with experience cost deduction and audit logging
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param improve_data body object{character_id=int,skill_id=int,new_value=int,reward_type=string} true "Skill improvement data"
+// @Success 200 {object} object "Skill improved successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/improve-skill-new [post]
 func ImproveSkill(c *gin.Context) {
 	var request gsmaster.LernCostRequest
 	if err := c.ShouldBindJSON(&request); err != nil {
@@ -1291,6 +1421,20 @@ func calculateSpellLearningCosts(char *models.Char, request *gsmaster.LernCostRe
 }
 
 // LearnSpell lernt einen neuen Zauber und erstellt Audit-Log-Einträge
+// LearnSpell godoc
+// @Summary Learn new spell
+// @Description Adds a new spell to the character with experience cost deduction and audit logging
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param spell_data body object{spell_id=int,reward_type=string} true "Spell learning data"
+// @Success 200 {object} object "Spell learned successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/{id}/learn-spell-new [post]
 func LearnSpell(c *gin.Context) {
 	char_ID := c.Param("id")
 	/*
@@ -1407,6 +1551,16 @@ func LearnSpell(c *gin.Context) {
 // GetRewardTypesStatic is deprecated. Use GetRewardTypes instead.
 // This function provides hardcoded reward type mappings.
 // GetRewardTypesStatic liefert verfügbare Belohnungsarten für ein bestimmtes Lernszenario
+// GetRewardTypesStatic godoc
+// @Summary Get reward types
+// @Description Returns available reward types for skill/spell learning contexts
+// @Tags Reference Data
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {array} string "List of reward types"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/{id}/reward-types [get]
 func GetRewardTypesStatic(c *gin.Context) {
 	characterID := c.Param("id")
 	learningType := c.Query("learning_type") // 'improve', 'learn', 'spell'
@@ -1459,6 +1613,18 @@ func GetRewardTypesStatic(c *gin.Context) {
 }
 
 // GetAvailableSkillsNewSystem gibt alle verfügbaren Fertigkeiten mit Lernkosten zurück (POST mit LernCostRequest)
+// GetAvailableSkillsNewSystem godoc
+// @Summary Get available skills
+// @Description Returns list of skills available to learn for character (excluding already learned)
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param request body object{character_id=int} true "Character ID"
+// @Success 200 {array} object "Available skills with costs"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/available-skills-new [post]
 func GetAvailableSkillsNewSystem(c *gin.Context) {
 	// Parse LernCostRequest aus POST body
 	var baseRequest gsmaster.LernCostRequest
@@ -1596,6 +1762,18 @@ func getCharacterClassCode(className string) (string, error) {
 	return characterClass.Code, nil
 }
 
+// GetAvailableSpellsForCreation godoc
+// @Summary Get spells for character creation
+// @Description Returns list of spells available during character creation with learning costs
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param request body object{character_class_id=int} true "Character class ID"
+// @Success 200 {array} object "Available spells with creation costs"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/available-spells-creation [post]
 func GetAvailableSpellsForCreation(c *gin.Context) {
 	var request struct {
 		CharacterClass string `json:"characterClass" binding:"required"`
@@ -1646,6 +1824,18 @@ func GetAvailableSpellsForCreation(c *gin.Context) {
 }
 
 // GetAvailableSkillsForCreation returns skills with learning costs for character creation
+// GetAvailableSkillsForCreation godoc
+// @Summary Get skills for character creation
+// @Description Returns list of skills available during character creation with learning costs
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param request body object{character_class_id=int,race_id=int} true "Character class and race"
+// @Success 200 {array} object "Available skills with creation costs"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/available-skills-creation [post]
 func GetAvailableSkillsForCreation(c *gin.Context) {
 	var request struct {
 		CharacterClass string `json:"characterClass" binding:"required"`
@@ -2271,6 +2461,18 @@ func shouldSkillBeInCategory(skillName, category string) bool {
 }
 
 // GetAvailableSpellsNewSystem gibt alle verfügbaren Zauber mit Lernkosten zurück (POST mit LernCostRequest)
+// GetAvailableSpellsNewSystem godoc
+// @Summary Get available spells
+// @Description Returns list of spells available to learn for character (excluding already learned)
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param request body object{character_id=int} true "Character ID"
+// @Success 200 {array} object "Available spells with costs"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/available-spells-new [post]
 func GetAvailableSpellsNewSystem(c *gin.Context) {
 	//characterID := c.Param("id")
 
@@ -2374,6 +2576,18 @@ func GetAvailableSpellsNewSystem(c *gin.Context) {
 }
 
 // GetSpellDetails gibt detaillierte Informationen zu einem bestimmten Zauber zurück
+// GetSpellDetails godoc
+// @Summary Get spell details
+// @Description Returns detailed information about a specific spell
+// @Tags Reference Data
+// @Produce json
+// @Param spell_id query int true "Spell ID"
+// @Success 200 {object} models.Spell "Spell details"
+// @Failure 400 {object} map[string]string "Invalid spell ID"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 404 {object} map[string]string "Spell not found"
+// @Security BearerAuth
+// @Router /api/characters/spell-details [get]
 func GetSpellDetails(c *gin.Context) {
 	spellName := c.Query("name")
 	if spellName == "" {
@@ -2418,6 +2632,18 @@ func GetSpellDetails(c *gin.Context) {
 // Character Creation Session Management
 
 // CreateCharacterSession erstellt eine neue Charakter-Erstellungssession
+// CreateCharacterSession godoc
+// @Summary Create character creation session
+// @Description Starts a new character creation session for the authenticated user
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param session_data body object{game_system_id=int} true "Game system ID"
+// @Success 201 {object} models.CharacterCreationSession "Created session"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/create-session [post]
 func CreateCharacterSession(c *gin.Context) {
 	logger.Debug("CreateCharacterSession aufgerufen")
 
@@ -2479,6 +2705,15 @@ func CreateCharacterSession(c *gin.Context) {
 }
 
 // ListCharacterSessions gibt alle aktiven Sessions für einen Benutzer zurück
+// ListCharacterSessions godoc
+// @Summary List character creation sessions
+// @Description Returns all active character creation sessions for the authenticated user
+// @Tags Character Creation
+// @Produce json
+// @Success 200 {array} models.CharacterCreationSession "List of sessions"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/create-sessions [get]
 func ListCharacterSessions(c *gin.Context) {
 	logger.Debug("ListCharacterSessions aufgerufen")
 
@@ -2557,6 +2792,17 @@ func getProgressText(step int) string {
 }
 
 // GetCharacterSession gibt Session-Daten zurück
+// GetCharacterSession godoc
+// @Summary Get character creation session
+// @Description Returns data for an active character creation session
+// @Tags Character Creation
+// @Produce json
+// @Param sessionId path string true "Session ID"
+// @Success 200 {object} models.CharacterCreationSession "Session data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 404 {object} map[string]string "Session not found"
+// @Security BearerAuth
+// @Router /api/characters/create-session/{sessionId} [get]
 func GetCharacterSession(c *gin.Context) {
 	logger.Debug("GetCharacterSession aufgerufen")
 
@@ -2614,6 +2860,19 @@ type UpdateBasicInfoRequest struct {
 }
 
 // UpdateCharacterBasicInfo speichert Grundinformationen
+// UpdateCharacterBasicInfo godoc
+// @Summary Update character basic info
+// @Description Updates basic character information in creation session
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param sessionId path string true "Session ID"
+// @Param basic_info body object{name=string,race_id=int,class_id=int,origin_id=int} true "Basic character info"
+// @Success 200 {object} models.CharacterCreationSession "Updated session"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/create-session/{sessionId}/basic [put]
 func UpdateCharacterBasicInfo(c *gin.Context) {
 	logger.Debug("UpdateCharacterBasicInfo aufgerufen")
 
@@ -2694,6 +2953,19 @@ type UpdateAttributesRequest struct {
 }
 
 // UpdateCharacterAttributes speichert Grundwerte
+// UpdateCharacterAttributes godoc
+// @Summary Update character attributes
+// @Description Updates character attributes in creation session
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param sessionId path string true "Session ID"
+// @Param attributes body object{St=int,Gs=int,Ko=int,In=int,Zt=int} true "Character attributes"
+// @Success 200 {object} models.CharacterCreationSession "Updated session"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/create-session/{sessionId}/attributes [put]
 func UpdateCharacterAttributes(c *gin.Context) {
 	logger.Debug("UpdateCharacterAttributes aufgerufen")
 
@@ -2787,6 +3059,19 @@ type UpdateDerivedValuesRequest struct {
 }
 
 // UpdateCharacterDerivedValues speichert abgeleitete Werte
+// UpdateCharacterDerivedValues godoc
+// @Summary Update derived character values
+// @Description Updates derived values (HP, magic resistance, etc.) in creation session
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param sessionId path string true "Session ID"
+// @Param derived_values body object{LP=int,MR=int,damage_bonus=int} true "Derived values"
+// @Success 200 {object} models.CharacterCreationSession "Updated session"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/create-session/{sessionId}/derived [put]
 func UpdateCharacterDerivedValues(c *gin.Context) {
 	logger.Debug("UpdateCharacterDerivedValues aufgerufen")
 
@@ -2876,6 +3161,19 @@ type UpdateSkillsRequest struct {
 }
 
 // UpdateCharacterSkills speichert Fertigkeiten und Zauber
+// UpdateCharacterSkills godoc
+// @Summary Update character skills
+// @Description Updates character skills and spells in creation session
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param sessionId path string true "Session ID"
+// @Param skills body object{learned_skills=array,learned_spells=array} true "Skills and spells"
+// @Success 200 {object} models.CharacterCreationSession "Updated session"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/create-session/{sessionId}/skills [put]
 func UpdateCharacterSkills(c *gin.Context) {
 	logger.Debug("UpdateCharacterSkills aufgerufen")
 
@@ -2940,6 +3238,18 @@ func UpdateCharacterSkills(c *gin.Context) {
 }
 
 // FinalizeCharacterCreation schließt die Charakter-Erstellung ab
+// FinalizeCharacterCreation godoc
+// @Summary Finalize character creation
+// @Description Completes character creation session and creates the final character
+// @Tags Character Creation
+// @Accept json
+// @Produce json
+// @Param sessionId path string true "Session ID"
+// @Success 201 {object} models.Char "Created character"
+// @Failure 400 {object} map[string]string "Invalid session data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/create-session/{sessionId}/finalize [post]
 func FinalizeCharacterCreation(c *gin.Context) {
 	logger.Debug("FinalizeCharacterCreation aufgerufen")
 
@@ -3156,6 +3466,17 @@ func FinalizeCharacterCreation(c *gin.Context) {
 }
 
 // DeleteCharacterSession löscht eine Session
+// DeleteCharacterSession godoc
+// @Summary Delete character creation session
+// @Description Deletes an active character creation session
+// @Tags Character Creation
+// @Produce json
+// @Param sessionId path string true "Session ID"
+// @Success 200 {object} map[string]string "Session deleted successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 404 {object} map[string]string "Session not found"
+// @Security BearerAuth
+// @Router /api/characters/create-session/{sessionId} [delete]
 func DeleteCharacterSession(c *gin.Context) {
 	logger.Debug("DeleteCharacterSession aufgerufen")
 
@@ -3197,6 +3518,15 @@ func DeleteCharacterSession(c *gin.Context) {
 // Reference Data Handlers
 
 // GetRaces gibt verfügbare Rassen zurück
+// GetRaces godoc
+// @Summary Get available races
+// @Description Returns list of all available character races
+// @Tags Character Creation
+// @Produce json
+// @Success 200 {object} object "List of race names"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/races [get]
 func GetRaces(c *gin.Context) {
 	// TODO: Aus Datenbank laden
 	races := []string{
@@ -3207,6 +3537,15 @@ func GetRaces(c *gin.Context) {
 }
 
 // GetCharacterClasses gibt verfügbare Klassen zurück
+// GetCharacterClasses godoc
+// @Summary Get available character classes
+// @Description Returns list of all available character classes
+// @Tags Character Creation
+// @Produce json
+// @Success 200 {array} models.CharacterClass "List of character classes"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/classes [get]
 func GetCharacterClasses(c *gin.Context) {
 	// Get game system from query parameter, default to GameSystemId: 1
 	gameSystem := c.DefaultQuery("game_system", "midgard")
@@ -3228,6 +3567,15 @@ func GetCharacterClasses(c *gin.Context) {
 }
 
 // GetOrigins gibt verfügbare Herkünfte zurück
+// GetOrigins godoc
+// @Summary Get available origins
+// @Description Returns list of available character origins/backgrounds
+// @Tags Character Creation
+// @Produce json
+// @Success 200 {object} object "List of origin names"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/origins [get]
 func GetOrigins(c *gin.Context) {
 	// TODO: Aus Datenbank laden
 	origins := []string{
@@ -3241,6 +3589,16 @@ func GetOrigins(c *gin.Context) {
 }
 
 // SearchBeliefs sucht Glaubensrichtungen
+// SearchBeliefs godoc
+// @Summary Search beliefs
+// @Description Searches for character beliefs/religions by query string
+// @Tags Character Creation
+// @Produce json
+// @Param q query string false "Search query"
+// @Success 200 {array} models.Believe "List of matching beliefs"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/beliefs [get]
 func SearchBeliefs(c *gin.Context) {
 	query := c.Query("q")
 
@@ -3304,6 +3662,17 @@ type TypicalSkill struct {
 }
 
 // GetCharacterClassLearningPoints gibt die Lernpunkte und typischen Fertigkeiten für eine Charakterklasse zurück
+// GetCharacterClassLearningPoints godoc
+// @Summary Get character class learning points
+// @Description Returns learning point allocations for a specific character class
+// @Tags Character Creation
+// @Produce json
+// @Param class_id query int true "Character class ID"
+// @Success 200 {object} object "Learning points data"
+// @Failure 400 {object} map[string]string "Invalid class ID"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/classes/learning-points [get]
 func GetCharacterClassLearningPoints(c *gin.Context) {
 	className := c.Query("class")
 	if className == "" {
@@ -3437,6 +3806,17 @@ func getStandBonusPoints(social_class string) map[string]int {
 }
 
 // GetDatasheetOptions returns all available options for datasheet select boxes
+// GetDatasheetOptions godoc
+// @Summary Get datasheet export options
+// @Description Returns available PDF templates and options for character sheet export
+// @Tags Characters
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {object} object "Datasheet export options"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Security BearerAuth
+// @Router /api/characters/{id}/datasheet-options [get]
 func GetDatasheetOptions(c *gin.Context) {
 	logger.Debug("GetDatasheetOptions aufgerufen")
 

backend/character/image_handler.go

@@ -13,6 +13,20 @@ type ImageUpdateRequest struct {
 	Image string `json:"image" binding:"required"`
 }
 
+// UpdateCharacterImage godoc
+// @Summary Update character image
+// @Description Uploads and sets a character portrait image (owner only)
+// @Tags Characters
+// @Accept multipart/form-data
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param image formData file true "Character portrait image"
+// @Success 200 {object} map[string]string "Image updated successfully"
+// @Failure 400 {object} map[string]string "Invalid image file"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/{id}/image [put]
 func UpdateCharacterImage(c *gin.Context) {
 	id := c.Param("id")
 	logger.Debug("UpdateCharacterImage called for character ID: %s", id)

backend/character/lerncost_handler.go

@@ -89,6 +89,18 @@ type MultiLevelCostResponse struct {
 // 5. Wende Belohnungen an
 // 6. Wende PP und Gold-für-EP an
 // 7. Sammle Ergebnisse und sende als JSON-Antwort
+// GetLernCostNewSystem godoc
+// @Summary Calculate learning costs
+// @Description Calculates the experience point cost for learning or improving a skill/spell
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param learn_request body object{character_id=int,skill_id=int,spell_id=int,current_value=int,reward_type=string} true "Learning cost request"
+// @Success 200 {object} object "Learning cost calculation result"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/lerncost-new [post]
 func GetLernCostNewSystem(c *gin.Context) {
 	// Request-Parameter abrufen
 	var request gsmaster.LernCostRequest

backend/character/practice_points_handler.go

@@ -26,6 +26,17 @@ type PracticePointActionResponse struct {
 }
 
 // GetPracticePoints gibt die verfügbaren Praxispunkte eines Charakters zurück
+// GetPracticePoints godoc
+// @Summary Get practice points
+// @Description Returns all practice points for a character
+// @Tags Characters
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {array} PracticePointResponse "Practice points list"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Security BearerAuth
+// @Router /api/characters/{id}/practice-points [get]
 func GetPracticePoints(c *gin.Context) {
 	// Charakter-ID aus der URL abrufen
 	charID := c.Param("id")
@@ -52,6 +63,20 @@ func GetPracticePoints(c *gin.Context) {
 }
 
 // UpdatePracticePoints aktualisiert die Praxispunkte eines Charakters
+// UpdatePracticePoints godoc
+// @Summary Update practice points
+// @Description Updates the practice points for a character (owner only)
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param practice_points body []PracticePointResponse true "Practice points data"
+// @Success 200 {object} map[string]string "Practice points updated successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/{id}/practice-points [put]
 func UpdatePracticePoints(c *gin.Context) {
 	// Charakter-ID aus der URL abrufen
 	charID := c.Param("id")
@@ -114,6 +139,20 @@ func UpdatePracticePoints(c *gin.Context) {
 
 // AddPracticePoint fügt einen Praxispunkt zu einer Fertigkeit hinzu
 // TODO prüfe speichern der PP für Spells
+// AddPracticePoint godoc
+// @Summary Add practice point
+// @Description Adds a new practice point to a character (owner only)
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param practice_point body PracticePointResponse true "Practice point data"
+// @Success 200 {object} PracticePointResponse "Added practice point"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/{id}/practice-points/add [post]
 func AddPracticePoint(c *gin.Context) {
 	// Charakter-ID aus der URL abrufen
 	charID := c.Param("id")
@@ -217,6 +256,20 @@ func AddPracticePoint(c *gin.Context) {
 }
 
 // UsePracticePoint verbraucht Praxispunkte für eine spezifische Fertigkeit
+// UsePracticePoint godoc
+// @Summary Use practice point
+// @Description Marks a practice point as used and applies it to skill improvement (owner only)
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param use_data body object{practice_point_id=int,skill_id=int} true "Practice point usage data"
+// @Success 200 {object} map[string]string "Practice point used successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/{id}/practice-points/use [post]
 func UsePracticePoint(c *gin.Context) {
 	// Charakter-ID aus der URL abrufen
 	charID := c.Param("id")

backend/character/share_handlers.go

@@ -10,6 +10,18 @@ import (
 )
 
 // GetCharacterShares returns the list of users a character is shared with
+// GetCharacterShares godoc
+// @Summary Get character shares
+// @Description Returns list of users with whom the character is shared
+// @Tags Characters
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {array} object "List of user shares"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/characters/{id}/shares [get]
 func GetCharacterShares(c *gin.Context) {
 	charID := c.Param("id")
 
@@ -55,6 +67,20 @@ func GetCharacterShares(c *gin.Context) {
 }
 
 // UpdateCharacterShares updates the list of users a character is shared with
+// UpdateCharacterShares godoc
+// @Summary Update character shares
+// @Description Updates the list of users with whom the character is shared (owner only)
+// @Tags Characters
+// @Accept json
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param shares body object{user_ids=[]int} true "List of user IDs to share with"
+// @Success 200 {object} map[string]string "Shares updated successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/characters/{id}/shares [put]
 func UpdateCharacterShares(c *gin.Context) {
 	charID := c.Param("id")
 
@@ -108,6 +134,17 @@ func UpdateCharacterShares(c *gin.Context) {
 }
 
 // GetAvailableUsersForSharing returns a list of users (excluding the owner)
+// GetAvailableUsersForSharing godoc
+// @Summary Get available users for sharing
+// @Description Returns list of users available to share character with (excludes owner and current shares)
+// @Tags Characters
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {array} object "List of available users"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Security BearerAuth
+// @Router /api/characters/{id}/available-users [get]
 func GetAvailableUsersForSharing(c *gin.Context) {
 	charID := c.Param("id")
 

backend/character/system_information_handlers.go

@@ -32,6 +32,15 @@ func GetCharacterClassesHandlerOld(c *gin.Context) {
 }
 */
 // GetSkillCategoriesHandlerStatic gibt alle verfügbaren Fertigkeitskategorien zurück
+// GetSkillCategoriesHandlerStatic godoc
+// @Summary Get skill categories
+// @Description Returns list of all skill categories (static data)
+// @Tags Reference Data
+// @Produce json
+// @Success 200 {array} object "List of skill categories"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/characters/skill-categories [get]
 func GetSkillCategoriesHandlerStatic(c *gin.Context) {
 	categories := map[string]interface{}{
 		"Alltag": map[string]interface{}{

backend/cmd/main.go

@@ -17,14 +17,43 @@ import (
 	"bamort/user"
 
 	"github.com/gin-gonic/gin"
+
+	// Swagger documentation
+	_ "bamort/docs/swagger"
+
+	swaggerFiles "github.com/swaggo/files"
+	ginSwagger "github.com/swaggo/gin-swagger"
 )
 
 // @title BaMoRT API
-// @version 1
-// @description This is the API for BaMoRT
+// @version 2.0
+// @description BaMoRT (MOAM Replacement) - Role-playing Game Character Management System API
+// @description
+// @description This API provides comprehensive character management, import/export functionality,
+// @description master data management, and PDF generation for tabletop role-playing games.
+// @description
+// @description ## Authentication
+// @description Most endpoints require authentication via JWT token. Obtain a token by calling POST /login.
+// @description Include the token in the Authorization header: `Authorization: Bearer <token>`
+// @description
+// @description ## Character Import/Export
+// @description The API supports pluggable adapters for importing/exporting characters from various systems.
+// @description Supported formats include MOAM VTT, Foundry VTT, and more via microservice adapters.
+//
+// @contact.name BaMoRT Support
+// @contact.email bamort.support@trokan.de
+//
+// @license.name Custom License
+// @license.url https://github.com/Bardioc26/bamort/blob/main/LICENSE
+//
 // @host localhost:8180
 // @BasePath /
-// @schemes http
+// @schemes http https
+//
+// @securityDefinitions.apikey BearerAuth
+// @in header
+// @name Authorization
+// @description Type "Bearer" followed by a space and the JWT token
 func main() {
 	// Verwende die globale Konfigurationsvariable (bereits in config.init() geladen)
 	cfg := config.Cfg
@@ -125,10 +154,14 @@ func main() {
 	pdfrender.RegisterPublicRoutes(r)
 	appsystem.RegisterPublicRoutes(r)
 
+	// Swagger documentation endpoint
+	serverAddress := cfg.GetServerAddress()
+	r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
+	logger.Info("Swagger UI verfügbar unter: %s/swagger/index.html", serverAddress)
+
 	logger.Info("API-Routen erfolgreich registriert")
 
 	// Server starten
-	serverAddress := cfg.GetServerAddress()
 	logger.Info("Server startet auf Adresse: %s", serverAddress)
 	if err := r.Run(serverAddress); err != nil {
 		logger.Error("Fehler beim Starten des Servers: %s", err.Error())

backend/equipment/handlers.go

@@ -34,6 +34,19 @@ func checkEquipmentOwnership(c *gin.Context, characterID uint) bool {
 	return true
 }
 
+// CreateAusruestung godoc
+// @Summary Create equipment
+// @Description Creates a new equipment item for a character (owner only)
+// @Tags Equipment
+// @Accept json
+// @Produce json
+// @Param equipment body models.EqAusruestung true "Equipment data"
+// @Success 201 {object} models.EqAusruestung "Created equipment"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/equipment [post]
 func CreateAusruestung(c *gin.Context) {
 	var ausruestung models.EqAusruestung
 	if err := c.ShouldBindJSON(&ausruestung); err != nil {
@@ -54,6 +67,17 @@ func CreateAusruestung(c *gin.Context) {
 	c.JSON(http.StatusCreated, ausruestung)
 }
 
+// ListAusruestung godoc
+// @Summary List character equipment
+// @Description Returns all equipment items for a specific character
+// @Tags Equipment
+// @Produce json
+// @Param character_id path int true "Character ID"
+// @Success 200 {array} models.EqAusruestung "List of equipment"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Security BearerAuth
+// @Router /api/equipment/character/{character_id} [get]
 func ListAusruestung(c *gin.Context) {
 	characterID := c.Param("character_id")
 
@@ -66,6 +90,20 @@ func ListAusruestung(c *gin.Context) {
 	c.JSON(http.StatusOK, ausruestung)
 }
 
+// UpdateAusruestung godoc
+// @Summary Update equipment
+// @Description Updates an existing equipment item (owner only)
+// @Tags Equipment
+// @Accept json
+// @Produce json
+// @Param ausruestung_id path int true "Equipment ID"
+// @Param equipment body models.EqAusruestung true "Updated equipment data"
+// @Success 200 {object} models.EqAusruestung "Updated equipment"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/equipment/{ausruestung_id} [put]
 func UpdateAusruestung(c *gin.Context) {
 	ausruestungID := c.Param("ausruestung_id")
 	var ausruestung models.EqAusruestung
@@ -93,6 +131,18 @@ func UpdateAusruestung(c *gin.Context) {
 	c.JSON(http.StatusOK, ausruestung)
 }
 
+// DeleteAusruestung godoc
+// @Summary Delete equipment
+// @Description Deletes an equipment item (owner only)
+// @Tags Equipment
+// @Produce json
+// @Param ausruestung_id path int true "Equipment ID"
+// @Success 200 {object} map[string]string "Equipment deleted successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Failure 404 {object} map[string]string "Equipment not found"
+// @Security BearerAuth
+// @Router /api/equipment/{ausruestung_id} [delete]
 func DeleteAusruestung(c *gin.Context) {
 	ausruestungID := c.Param("ausruestung_id")
 
@@ -119,6 +169,19 @@ func DeleteAusruestung(c *gin.Context) {
 Endpoints for Managing Weapons (Waffen)
 */
 
+// CreateWaffe godoc
+// @Summary Create weapon
+// @Description Creates a new weapon for a character (owner only)
+// @Tags Equipment
+// @Accept json
+// @Produce json
+// @Param weapon body models.EqWaffe true "Weapon data"
+// @Success 201 {object} models.EqWaffe "Created weapon"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/weapons [post]
 func CreateWaffe(c *gin.Context) {
 	var waffe models.EqWaffe
 	if err := c.ShouldBindJSON(&waffe); err != nil {
@@ -139,6 +202,17 @@ func CreateWaffe(c *gin.Context) {
 	c.JSON(http.StatusCreated, waffe)
 }
 
+// ListWaffen godoc
+// @Summary List character weapons
+// @Description Returns all weapons for a specific character
+// @Tags Equipment
+// @Produce json
+// @Param character_id path int true "Character ID"
+// @Success 200 {array} models.EqWaffe "List of weapons"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Security BearerAuth
+// @Router /api/weapons/character/{character_id} [get]
 func ListWaffen(c *gin.Context) {
 	characterID := c.Param("character_id")
 
@@ -151,6 +225,20 @@ func ListWaffen(c *gin.Context) {
 	c.JSON(http.StatusOK, waffen)
 }
 
+// UpdateWaffe godoc
+// @Summary Update weapon
+// @Description Updates an existing weapon (owner only)
+// @Tags Equipment
+// @Accept json
+// @Produce json
+// @Param waffe_id path int true "Weapon ID"
+// @Param weapon body models.EqWaffe true "Updated weapon data"
+// @Success 200 {object} models.EqWaffe "Updated weapon"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Security BearerAuth
+// @Router /api/weapons/{waffe_id} [put]
 func UpdateWaffe(c *gin.Context) {
 	waffeID := c.Param("waffe_id")
 	var waffe models.EqWaffe
@@ -178,6 +266,18 @@ func UpdateWaffe(c *gin.Context) {
 	c.JSON(http.StatusOK, waffe)
 }
 
+// DeleteWaffe godoc
+// @Summary Delete weapon
+// @Description Deletes a weapon (owner only)
+// @Tags Equipment
+// @Produce json
+// @Param waffe_id path int true "Weapon ID"
+// @Success 200 {object} map[string]string "Weapon deleted successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied - owner only"
+// @Failure 404 {object} map[string]string "Weapon not found"
+// @Security BearerAuth
+// @Router /api/weapons/{waffe_id} [delete]
 func DeleteWaffe(c *gin.Context) {
 	waffeID := c.Param("waffe_id")
 

backend/go.mod

@@ -9,9 +9,12 @@ require (
 	github.com/chromedp/cdproto v0.0.0-20250803210736-d308e07a266d
 	github.com/chromedp/chromedp v0.14.2
 	github.com/gin-contrib/cors v1.7.3
-	github.com/gin-gonic/gin v1.10.0
+	github.com/gin-gonic/gin v1.11.0
 	github.com/pdfcpu/pdfcpu v0.11.1
-	github.com/stretchr/testify v1.10.0
+	github.com/stretchr/testify v1.11.1
+	github.com/swaggo/files v1.0.1
+	github.com/swaggo/gin-swagger v1.6.1
+	github.com/swaggo/swag v1.16.6
 	gorm.io/driver/mysql v1.5.7
 	gorm.io/driver/sqlite v1.5.7
 	gorm.io/gorm v1.25.12
@@ -19,30 +22,43 @@ require (
 
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
-	github.com/bytedance/sonic v1.12.8 // indirect
-	github.com/bytedance/sonic/loader v0.2.3 // indirect
+	github.com/KyleBanks/depth v1.2.1 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/chromedp/sysutil v1.1.0 // indirect
 	github.com/clipperhouse/uax29/v2 v2.2.0 // indirect
-	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
-	github.com/gin-contrib/sse v1.0.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-json-experiment/json v0.0.0-20250725192818-e39067aee2d2 // indirect
+	github.com/go-openapi/jsonpointer v0.22.4 // indirect
+	github.com/go-openapi/jsonreference v0.21.4 // indirect
+	github.com/go-openapi/spec v0.22.3 // indirect
+	github.com/go-openapi/swag/conv v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+	github.com/go-openapi/swag/loading v0.25.4 // indirect
+	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.24.0 // indirect
+	github.com/go-playground/validator/v10 v10.30.1 // indirect
 	github.com/go-sql-driver/mysql v1.8.1 // indirect
 	github.com/gobwas/httphead v0.1.0 // indirect
 	github.com/gobwas/pool v0.2.1 // indirect
 	github.com/gobwas/ws v1.4.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/hhrutter/lzw v1.0.0 // indirect
 	github.com/hhrutter/pkcs7 v0.2.0 // indirect
 	github.com/hhrutter/tiff v1.0.2 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
@@ -50,18 +66,25 @@ require (
 	github.com/mattn/go-sqlite3 v1.14.24 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.59.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.12 // indirect
-	golang.org/x/arch v0.13.0 // indirect
-	golang.org/x/crypto v0.43.0 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
+	go.uber.org/mock v0.6.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/arch v0.24.0 // indirect
+	golang.org/x/crypto v0.48.0 // indirect
 	golang.org/x/image v0.32.0 // indirect
-	golang.org/x/net v0.45.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/text v0.30.0 // indirect
-	google.golang.org/protobuf v1.36.4 // indirect
+	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	golang.org/x/tools v0.42.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

backend/go.sum

@@ -1,10 +1,13 @@
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
-github.com/bytedance/sonic v1.12.8 h1:4xYRVRlXIgvSZ4e8iVTlMF5szgpXd4AfvuWgA8I8lgs=
-github.com/bytedance/sonic v1.12.8/go.mod h1:uVvFidNmlt9+wa31S1urfwwthTWteBgG0hWuoKAXTx8=
-github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.3 h1:yctD0Q3v2NOGfSWPLPvG2ggA2kV6TS6s4wioyEqssH0=
-github.com/bytedance/sonic/loader v0.2.3/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
+github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
+github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
+github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
+github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
+github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/chromedp/cdproto v0.0.0-20250803210736-d308e07a266d h1:ZtA1sedVbEW7EW80Iz2GR3Ye6PwbJAJXjv7D74xG6HU=
 github.com/chromedp/cdproto v0.0.0-20250803210736-d308e07a266d/go.mod h1:NItd7aLkcfOA/dcMXvl8p1u+lQqioRMq/SqDp71Pb/k=
 github.com/chromedp/chromedp v0.14.2 h1:r3b/WtwM50RsBZHMUm9fsNhhzRStTHrKdr2zmwbZSzM=
@@ -13,31 +16,59 @@ github.com/chromedp/sysutil v1.1.0 h1:PUFNv5EcprjqXZD9nJb9b/c9ibAbxiYo4exNWZyipw
 github.com/chromedp/sysutil v1.1.0/go.mod h1:WiThHUdltqCNKGc4gaU50XgYjwjYIhKWoHGPTUfWTJ8=
 github.com/clipperhouse/uax29/v2 v2.2.0 h1:ChwIKnQN3kcZteTXMgb1wztSgaU+ZemkgWdohwgs8tY=
 github.com/clipperhouse/uax29/v2 v2.2.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM=
-github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
-github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
-github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM=
+github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/gin-contrib/cors v1.7.3 h1:hV+a5xp8hwJoTw7OY+a70FsL8JkVVFTXw9EcfrYUdns=
 github.com/gin-contrib/cors v1.7.3/go.mod h1:M3bcKZhxzsvI+rlRSkkxHyljJt1ESd93COUvemZ79j4=
-github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E=
-github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0=
-github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
-github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/gin-contrib/gzip v0.0.6 h1:NjcunTcGAj5CO1gn4N8jHOSIeRFHIbn51z6K+xaN4d4=
+github.com/gin-contrib/gzip v0.0.6/go.mod h1:QOJlmV2xmayAjkNS2Y8NQsMneuRShOU/kjovCXNuzzk=
+github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
+github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
+github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
+github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
 github.com/go-json-experiment/json v0.0.0-20250725192818-e39067aee2d2 h1:iizUGZ9pEquQS5jTGkh4AqeeHCMbfbjeb0zMt0aEFzs=
 github.com/go-json-experiment/json v0.0.0-20250725192818-e39067aee2d2/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
+github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4=
+github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80=
+github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8=
+github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4=
+github.com/go-openapi/spec v0.22.3 h1:qRSmj6Smz2rEBxMnLRBMeBWxbbOvuOoElvSvObIgwQc=
+github.com/go-openapi/spec v0.22.3/go.mod h1:iIImLODL2loCh3Vnox8TY2YWYJZjMAKYyLH2Mu8lOZs=
+github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM=
+github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
+github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
+github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
+github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
+github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
+github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
+github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
+github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
+github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
+github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
+github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
+github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
+github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
+github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
+github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
+github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg=
-github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
+github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
+github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
@@ -49,8 +80,10 @@ github.com/gobwas/ws v1.4.0 h1:CTaoG1tojrh4ucGPcoJFiAQUAsEWekEWvLy7GsVNqGs=
 github.com/gobwas/ws v1.4.0/go.mod h1:G3gNqMNtPppf5XUz7O4shetPpcZ1VJ7zt18dlUeakrc=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
+github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/hhrutter/lzw v1.0.0 h1:laL89Llp86W3rRs83LvKbwYRx6INE8gDn0XNb1oXtm0=
 github.com/hhrutter/lzw v1.0.0/go.mod h1:2HC6DJSn/n6iAZfgM3Pg+cP1KxeWc3ezG8bBqW5+WEo=
@@ -64,12 +97,10 @@ github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
-github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
-github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80 h1:6Yzfa6GP0rIo/kULo2bwGEkFvCePZ3qHDDTC3/J9Swo=
@@ -91,47 +122,91 @@ github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde h1:x0TT0RDC7UhA
 github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
 github.com/pdfcpu/pdfcpu v0.11.1 h1:htHBSkGH5jMKWC6e0sihBFbcKZ8vG1M67c8/dJxhjas=
 github.com/pdfcpu/pdfcpu v0.11.1/go.mod h1:pP3aGga7pRvwFWAm9WwFvo+V68DfANi9kxSQYioNYcw=
-github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
-github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
+github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
+github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/swaggo/files v1.0.1 h1:J1bVJ4XHZNq0I46UU90611i9/YzdrF7x92oX1ig5IdE=
+github.com/swaggo/files v1.0.1/go.mod h1:0qXmMNH6sXNf+73t65aKeB+ApmgxdnkQzVTAj2uaMUg=
+github.com/swaggo/gin-swagger v1.6.1 h1:Ri06G4gc9N4t4k8hekMigJ9zKTFSlqj/9paAQCQs7cY=
+github.com/swaggo/gin-swagger v1.6.1/go.mod h1:LQ+hJStHakCWRiK/YNYtJOu4mR2FP+pxLnILT/qNiTw=
+github.com/swaggo/swag v1.16.6 h1:qBNcx53ZaX+M5dxVyTrgQ0PJ/ACK+NzhwcbieTt+9yI=
+github.com/swaggo/swag v1.16.6/go.mod h1:ngP2etMK5a0P3QBizic5MEwpRmluJZPHjXcMoj4Xesg=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
-github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-golang.org/x/arch v0.13.0 h1:KCkqVVV1kGg0X87TFysjCJ8MxtZEIU4Ja/yXGeoECdA=
-golang.org/x/arch v0.13.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
-golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
+github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
+github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
+go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+golang.org/x/arch v0.24.0 h1:qlJ3M9upxvFfwRM51tTg3Yl+8CP9vCC1E7vlFpgv99Y=
+golang.org/x/arch v0.24.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
+golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
 golang.org/x/image v0.32.0 h1:6lZQWq75h7L5IWNk0r+SCpUJ6tUVd3v4ZHnbRKLkUDQ=
 golang.org/x/image v0.32.0/go.mod h1:/R37rrQmKXtO6tYXAjtDLwQgFLHmhW+V6ayXlxzP2Pc=
-golang.org/x/net v0.45.0 h1:RLBg5JKixCy82FtLJpeNlVM0nrSqpCRYzVU1n8kj0tM=
-golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
-golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
-golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
-google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -147,4 +222,3 @@ gorm.io/driver/sqlite v1.5.7/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDa
 gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
 gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
 gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
-nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=

backend/gsmaster/handlers.go

@@ -174,6 +174,15 @@ func deleteMDItem[T any](c *gin.Context) {
 	}
 }
 
+// GetMasterData godoc
+// @Summary Get all master data
+// @Description Returns a summary of all game system master data (skills, spells, equipment, weapons)
+// @Tags Master Data
+// @Produce json
+// @Success 200 {object} object "Master data summary"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance [get]
 func GetMasterData(c *gin.Context) {
 	type dtaStruct struct {
 		Skills          []models.Skill       `json:"skills"`
@@ -226,6 +235,15 @@ func GetMasterData(c *gin.Context) {
 	c.JSON(http.StatusOK, dta)
 }
 
+// GetMDSkills godoc
+// @Summary Get all skills
+// @Description Returns list of all game system skills
+// @Tags Master Data
+// @Produce json
+// @Success 200 {array} models.SkFertigkeit "List of skills"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/skills [get]
 func GetMDSkills(c *gin.Context) {
 	type dtaStruct struct {
 		Skills          []models.Skill       `json:"skills"`
@@ -251,24 +269,83 @@ func GetMDSkills(c *gin.Context) {
 	c.JSON(http.StatusOK, dta)
 }
 
+// GetMDSkill godoc
+// @Summary Get skill by ID
+// @Description Returns a specific skill by ID
+// @Tags Master Data
+// @Produce json
+// @Param id path int true "Skill ID"
+// @Success 200 {object} models.SkFertigkeit "Skill data"
+// @Failure 404 {object} map[string]string "Skill not found"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/skills/{id} [get]
 func GetMDSkill(c *gin.Context) {
 	getMDItem[models.Skill](c)
 }
 
+// UpdateMDSkill godoc
+// @Summary Update skill
+// @Description Updates an existing skill (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param id path int true "Skill ID"
+// @Param skill body models.SkFertigkeit true "Updated skill data"
+// @Success 200 {object} models.SkFertigkeit "Updated skill"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/skills/{id} [put]
 func UpdateMDSkill(c *gin.Context) {
 	updateMDItem[models.Skill](c)
 }
 
+// AddSkill godoc
+// @Summary Add new skill
+// @Description Creates a new skill in the game system (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param skill body models.SkFertigkeit true "New skill data"
+// @Success 201 {object} models.SkFertigkeit "Created skill"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/skills [post]
 func AddSkill(c *gin.Context) {
 	addMDItem[models.Skill](c)
 }
 
+// DeleteMDSkill godoc
+// @Summary Delete skill
+// @Description Deletes a skill from the game system (maintainer only)
+// @Tags Master Data Admin
+// @Produce json
+// @Param id path int true "Skill ID"
+// @Success 200 {object} map[string]string "Skill deleted successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Failure 404 {object} map[string]string "Skill not found"
+// @Security BearerAuth
+// @Router /api/maintenance/skills/{id} [delete]
 func DeleteMDSkill(c *gin.Context) {
 	deleteMDItem[models.Skill](c)
 }
 
 //
 
+// GetMDWeaponSkills godoc
+// @Summary Get all weapon skills
+// @Description Returns list of all weapon skills
+// @Tags Master Data
+// @Produce json
+// @Success 200 {array} models.SkWaffenfertigkeit "List of weapon skills"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/weaponskills [get]
 func GetMDWeaponSkills(c *gin.Context) {
 	type dtaStruct struct {
 		Weaponskills []models.WeaponSkill `json:"weaponskills"`
@@ -281,18 +358,68 @@ func GetMDWeaponSkills(c *gin.Context) {
 	c.JSON(http.StatusOK, dta)
 }
 
+// GetMDWeaponSkill godoc
+// @Summary Get weapon skill by ID
+// @Description Returns a specific weapon skill by ID
+// @Tags Master Data
+// @Produce json
+// @Param id path int true "Weapon skill ID"
+// @Success 200 {object} models.SkWaffenfertigkeit "Weapon skill data"
+// @Failure 404 {object} map[string]string "Weapon skill not found"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/weaponskills/{id} [get]
 func GetMDWeaponSkill(c *gin.Context) {
 	getMDItem[models.WeaponSkill](c)
 }
 
+// UpdateMDWeaponSkill godoc
+// @Summary Update weapon skill
+// @Description Updates an existing weapon skill (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param id path int true "Weapon skill ID"
+// @Param weaponskill body models.SkWaffenfertigkeit true "Updated weapon skill data"
+// @Success 200 {object} models.SkWaffenfertigkeit "Updated weapon skill"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/weaponskills/{id} [put]
 func UpdateMDWeaponSkill(c *gin.Context) {
 	updateMDItem[models.WeaponSkill](c)
 }
 
+// AddWeaponSkill godoc
+// @Summary Add new weapon skill
+// @Description Creates a new weapon skill in the game system (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param weaponskill body models.SkWaffenfertigkeit true "New weapon skill data"
+// @Success 201 {object} models.SkWaffenfertigkeit "Created weapon skill"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/weaponskills [post]
 func AddWeaponSkill(c *gin.Context) {
 	addMDItem[models.WeaponSkill](c)
 }
 
+// DeleteMDWeaponSkill godoc
+// @Summary Delete weapon skill
+// @Description Deletes a weapon skill from the game system (maintainer only)
+// @Tags Master Data Admin
+// @Produce json
+// @Param id path int true "Weapon skill ID"
+// @Success 200 {object} map[string]string "Weapon skill deleted successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Failure 404 {object} map[string]string "Weapon skill not found"
+// @Security BearerAuth
+// @Router /api/maintenance/weaponskills/{id} [delete]
 func DeleteMDWeaponSkill(c *gin.Context) {
 	deleteMDItem[models.WeaponSkill](c)
 }
@@ -309,26 +436,94 @@ func GetMDSkillCategories(c *gin.Context) {
 	c.JSON(http.StatusOK, skillCategories)
 }
 
+// GetMDSpells godoc
+// @Summary Get all spells
+// @Description Returns list of all game system spells
+// @Tags Master Data
+// @Produce json
+// @Success 200 {array} models.Spell "List of spells"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/spells [get]
 func GetMDSpells(c *gin.Context) {
 	getMDItems[models.Spell](c)
 }
 
+// GetMDSpell godoc
+// @Summary Get spell by ID
+// @Description Returns a specific spell by ID
+// @Tags Master Data
+// @Produce json
+// @Param id path int true "Spell ID"
+// @Success 200 {object} models.Spell "Spell data"
+// @Failure 404 {object} map[string]string "Spell not found"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/spells/{id} [get]
 func GetMDSpell(c *gin.Context) {
 	getMDItem[models.Spell](c)
 }
 
+// UpdateMDSpell godoc
+// @Summary Update spell
+// @Description Updates an existing spell (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param id path int true "Spell ID"
+// @Param spell body models.Spell true "Updated spell data"
+// @Success 200 {object} models.Spell "Updated spell"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/spells/{id} [put]
 func UpdateMDSpell(c *gin.Context) {
 	updateMDItem[models.Spell](c)
 }
 
+// AddSpell godoc
+// @Summary Add new spell
+// @Description Creates a new spell in the game system (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param spell body models.Spell true "New spell data"
+// @Success 201 {object} models.Spell "Created spell"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/spells [post]
 func AddSpell(c *gin.Context) {
 	addMDItem[models.Spell](c)
 }
 
+// DeleteMDSpell godoc
+// @Summary Delete spell
+// @Description Deletes a spell from the game system (maintainer only)
+// @Tags Master Data Admin
+// @Produce json
+// @Param id path int true "Spell ID"
+// @Success 200 {object} map[string]string "Spell deleted successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Failure 404 {object} map[string]string "Spell not found"
+// @Security BearerAuth
+// @Router /api/maintenance/spells/{id} [delete]
 func DeleteMDSpell(c *gin.Context) {
 	deleteMDItem[models.Spell](c)
 }
 
+// GetMDEquipments godoc
+// @Summary Get all equipment
+// @Description Returns list of all game system equipment items
+// @Tags Master Data
+// @Produce json
+// @Success 200 {array} models.Equipment "List of equipment"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/equipment [get]
 func GetMDEquipments(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {
@@ -344,6 +539,17 @@ func GetMDEquipments(c *gin.Context) {
 	c.JSON(http.StatusOK, equipments)
 }
 
+// GetMDEquipment godoc
+// @Summary Get equipment by ID
+// @Description Returns a specific equipment item by ID
+// @Tags Master Data
+// @Produce json
+// @Param id path int true "Equipment ID"
+// @Success 200 {object} models.Equipment "Equipment data"
+// @Failure 404 {object} map[string]string "Equipment not found"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/equipment/{id} [get]
 func GetMDEquipment(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {
@@ -365,6 +571,20 @@ func GetMDEquipment(c *gin.Context) {
 	c.JSON(http.StatusOK, equipment)
 }
 
+// UpdateMDEquipment godoc
+// @Summary Update equipment item
+// @Description Updates an existing equipment item (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param id path int true "Equipment ID"
+// @Param equipment body models.Equipment true "Updated equipment data"
+// @Success 200 {object} models.Equipment "Updated equipment"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/equipment/{id} [put]
 func UpdateMDEquipment(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {
@@ -400,6 +620,19 @@ func UpdateMDEquipment(c *gin.Context) {
 	c.JSON(http.StatusOK, equipment)
 }
 
+// AddEquipment godoc
+// @Summary Add new equipment
+// @Description Creates a new equipment item in the game system (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param equipment body models.Equipment true "New equipment data"
+// @Success 201 {object} models.Equipment "Created equipment"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/equipment [post]
 func AddEquipment(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {
@@ -425,6 +658,18 @@ func AddEquipment(c *gin.Context) {
 	c.JSON(http.StatusCreated, equipment)
 }
 
+// DeleteMDEquipment godoc
+// @Summary Delete equipment
+// @Description Deletes an equipment item from the game system (maintainer only)
+// @Tags Master Data Admin
+// @Produce json
+// @Param id path int true "Equipment ID"
+// @Success 200 {object} map[string]string "Equipment deleted successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Failure 404 {object} map[string]string "Equipment not found"
+// @Security BearerAuth
+// @Router /api/maintenance/equipment/{id} [delete]
 func DeleteMDEquipment(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {
@@ -446,6 +691,15 @@ func DeleteMDEquipment(c *gin.Context) {
 }
 
 // Refactored handler functions
+// GetMDWeapons godoc
+// @Summary Get all weapons
+// @Description Returns list of all game system weapons
+// @Tags Master Data
+// @Produce json
+// @Success 200 {array} models.Weapon "List of weapons"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/weapons [get]
 func GetMDWeapons(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {
@@ -461,6 +715,17 @@ func GetMDWeapons(c *gin.Context) {
 	c.JSON(http.StatusOK, weapons)
 }
 
+// GetMDWeapon godoc
+// @Summary Get weapon by ID
+// @Description Returns a specific weapon by ID
+// @Tags Master Data
+// @Produce json
+// @Param id path int true "Weapon ID"
+// @Success 200 {object} models.Weapon "Weapon data"
+// @Failure 404 {object} map[string]string "Weapon not found"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/maintenance/weapons/{id} [get]
 func GetMDWeapon(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {
@@ -482,6 +747,20 @@ func GetMDWeapon(c *gin.Context) {
 	c.JSON(http.StatusOK, weapon)
 }
 
+// UpdateMDWeapon godoc
+// @Summary Update weapon
+// @Description Updates an existing weapon (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param id path int true "Weapon ID"
+// @Param weapon body models.Weapon true "Updated weapon data"
+// @Success 200 {object} models.Weapon "Updated weapon"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/weapons/{id} [put]
 func UpdateMDWeapon(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {
@@ -517,6 +796,19 @@ func UpdateMDWeapon(c *gin.Context) {
 	c.JSON(http.StatusOK, weapon)
 }
 
+// AddWeapon godoc
+// @Summary Add new weapon
+// @Description Creates a new weapon in the game system (maintainer only)
+// @Tags Master Data Admin
+// @Accept json
+// @Produce json
+// @Param weapon body models.Weapon true "New weapon data"
+// @Success 201 {object} models.Weapon "Created weapon"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/weapons [post]
 func AddWeapon(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {
@@ -542,6 +834,18 @@ func AddWeapon(c *gin.Context) {
 	c.JSON(http.StatusCreated, weapon)
 }
 
+// DeleteMDWeapon godoc
+// @Summary Delete weapon
+// @Description Deletes a weapon from the game system (maintainer only)
+// @Tags Master Data Admin
+// @Produce json
+// @Param id path int true "Weapon ID"
+// @Success 200 {object} map[string]string "Weapon deleted successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Failure 404 {object} map[string]string "Weapon not found"
+// @Security BearerAuth
+// @Router /api/maintenance/weapons/{id} [delete]
 func DeleteMDWeapon(c *gin.Context) {
 	gs, ok := resolveGameSystem(c)
 	if !ok {

backend/importero/handler.go

@@ -18,6 +18,18 @@ func respondWithError(c *gin.Context, status int, message string) {
 }
 
 // Upload files
+// UploadFiles godoc
+// @Summary Upload files
+// @Description Uploads files for import processing
+// @Tags Import/Export
+// @Accept multipart/form-data
+// @Produce json
+// @Param files formData file true "File(s) to upload"
+// @Success 200 {object} object "Upload result"
+// @Failure 400 {object} map[string]string "Invalid file upload"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/importer/upload [post]
 func UploadFiles(c *gin.Context) {
 	// Get files from the request
 	file_vtt, err1 := c.FormFile("file_vtt")
@@ -98,6 +110,18 @@ func isValidFileType(filename string) bool {
 // @Failure 400 {object} map[string]interface{} "Bad request - missing file parameter, file not found, or invalid file type"
 // @Failure 500 {object} map[string]interface{} "Internal server error - import failed"
 // @Router /api/importer/spells/csv [post]
+// ImportSpellCSVHandler godoc
+// @Summary Import spells from CSV
+// @Description Imports spells from a CSV file
+// @Tags Import/Export
+// @Accept multipart/form-data
+// @Produce json
+// @Param file formData file true "CSV file containing spells"
+// @Success 200 {object} object "Import result"
+// @Failure 400 {object} map[string]string "Invalid CSV file"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/importer/spells/csv [post]
 func ImportSpellCSVHandler(c *gin.Context) {
 	// Try to get file from multipart form first
 	file, err := c.FormFile("file")
@@ -213,6 +237,18 @@ func ImportSpellCSVHandler(c *gin.Context) {
 // @Failure 404 {object} map[string]interface{} "Character not found"
 // @Failure 500 {object} map[string]interface{} "Internal server error - export failed"
 // @Router /api/importer/export/vtt/{id} [get]
+// ExportCharacterVTTHandler godoc
+// @Summary Export character to VTT JSON
+// @Description Exports a character in Virtual Tabletop (VTT) JSON format
+// @Tags Import/Export
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {object} object "Character in VTT format"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/importer/export/vtt/{id} [get]
 func ExportCharacterVTTHandler(c *gin.Context) {
 	// Get character ID from URL parameter
 	charID := c.Param("id")
@@ -260,6 +296,18 @@ func ExportCharacterVTTHandler(c *gin.Context) {
 // @Failure 404 {object} map[string]interface{} "Character not found"
 // @Failure 500 {object} map[string]interface{} "Internal server error - export failed"
 // @Router /api/importer/export/vtt/{id}/file [get]
+// ExportCharacterVTTFileHandler godoc
+// @Summary Download character as VTT JSON file
+// @Description Downloads a character as a VTT JSON file attachment
+// @Tags Import/Export
+// @Produce application/json
+// @Param id path int true "Character ID"
+// @Success 200 {file} binary "VTT JSON file download"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/importer/export/vtt/{id}/file [get]
 func ExportCharacterVTTFileHandler(c *gin.Context) {
 	// Get character ID from URL parameter
 	charID := c.Param("id")
@@ -315,6 +363,15 @@ func ExportCharacterVTTFileHandler(c *gin.Context) {
 // @Success 200 {file} file "CSV file"
 // @Failure 500 {object} map[string]interface{} "Internal server error - export failed"
 // @Router /api/importer/export/spells/csv [get]
+// ExportSpellsCSVHandler godoc
+// @Summary Export spells to CSV
+// @Description Exports all spells as a CSV file
+// @Tags Import/Export
+// @Produce text/csv
+// @Success 200 {file} binary "CSV file with spells"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/importer/export/spells/csv [get]
 func ExportSpellsCSVHandler(c *gin.Context) {
 	gameSystem := c.Query("game_system")
 
@@ -366,6 +423,18 @@ func ExportSpellsCSVHandler(c *gin.Context) {
 // @Failure 404 {object} map[string]interface{} "Character not found"
 // @Failure 500 {object} map[string]interface{} "Internal server error - export failed"
 // @Router /api/importer/export/csv/{id} [get]
+// ExportCharacterCSVHandler godoc
+// @Summary Export character to CSV
+// @Description Exports a character as a CSV file
+// @Tags Import/Export
+// @Produce text/csv
+// @Param id path int true "Character ID"
+// @Success 200 {file} binary "CSV file with character data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/importer/export/csv/{id} [get]
 func ExportCharacterCSVHandler(c *gin.Context) {
 	// Get character ID from URL parameter
 	charID := c.Param("id")

backend/maintenance/believe_handlers.go

@@ -45,6 +45,16 @@ func resolveGameSystemOrDefault(c *gin.Context) *models.GameSystem {
 	return gs
 }
 
+// GetBelieves godoc
+// @Summary Get beliefs
+// @Description Returns list of all beliefs/religions (maintainer only)
+// @Tags Maintenance
+// @Produce json
+// @Success 200 {array} models.Believe "List of beliefs"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/gsm-believes [get]
 func GetBelieves(c *gin.Context) {
 	gs := resolveGameSystemOrDefault(c)
 	if gs == nil {
@@ -84,6 +94,20 @@ func GetBelieves(c *gin.Context) {
 	})
 }
 
+// UpdateBelieve godoc
+// @Summary Update belief
+// @Description Updates an existing belief/religion (maintainer only)
+// @Tags Maintenance
+// @Accept json
+// @Produce json
+// @Param id path int true "Belief ID"
+// @Param belief body models.Believe true "Updated belief data"
+// @Success 200 {object} models.Believe "Updated belief"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/gsm-believes/{id} [put]
 func UpdateBelieve(c *gin.Context) {
 	gs := resolveGameSystemOrDefault(c)
 	if gs == nil {

backend/maintenance/handlers.go

@@ -556,6 +556,16 @@ func setupCheck(c *gin.Context, db *gorm.DB) {
 
 }
 
+// SetupCheck godoc
+// @Summary System setup check
+// @Description Checks system configuration and database connectivity (maintainer only)
+// @Tags Maintenance
+// @Produce json
+// @Success 200 {object} object "Setup check results"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/setupcheck [get]
 func SetupCheck(c *gin.Context) {
 	logger.Info("Starte Setup-Check...")
 
@@ -601,6 +611,16 @@ func PopulateClassLearningPoints(c *gin.Context) {
 }
 */
 
+// ReconnectDataBase godoc
+// @Summary Reconnect to database
+// @Description Closes and reopens the database connection (maintainer only)
+// @Tags Maintenance
+// @Produce json
+// @Success 200 {object} map[string]string "Database reconnected successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/reconndb [get]
 func ReconnectDataBase(c *gin.Context) {
 	logger.Info("Führe Datenbank-Reconnect durch...")
 
@@ -615,6 +635,16 @@ func ReconnectDataBase(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"message": "Database reconnected successfully"})
 }
 
+// ReloadENV godoc
+// @Summary Reload environment variables
+// @Description Reloads environment configuration from .env file (maintainer only)
+// @Tags Maintenance
+// @Produce json
+// @Success 200 {object} map[string]string "Environment reloaded successfully"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/reloadenv [get]
 func ReloadENV(c *gin.Context) {
 	logger.Info("Starte Reload der Umgebungsvariablen...")
 

backend/maintenance/masterdata_handlers.go

@@ -10,6 +10,16 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
+// GetGameSystems godoc
+// @Summary Get game systems
+// @Description Returns list of all game systems (maintainer only)
+// @Tags Maintenance
+// @Produce json
+// @Success 200 {array} models.GameSystem "List of game systems"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/game-systems [get]
 func GetGameSystems(c *gin.Context) {
 	var systems []models.GameSystem
 	if err := database.DB.Order("code ASC").Find(&systems).Error; err != nil {
@@ -26,6 +36,20 @@ type gameSystemUpdateRequest struct {
 	IsActive    *bool  `json:"is_active"`
 }
 
+// UpdateGameSystem godoc
+// @Summary Update game system
+// @Description Updates an existing game system (maintainer only)
+// @Tags Maintenance
+// @Accept json
+// @Produce json
+// @Param id path int true "Game system ID"
+// @Param system body models.GameSystem true "Updated game system data"
+// @Success 200 {object} models.GameSystem "Updated game system"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/game-systems/{id} [put]
 func UpdateGameSystem(c *gin.Context) {
 	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
 	if err != nil {
@@ -75,6 +99,16 @@ type sourceUpdateRequest struct {
 	IsActive    *bool  `json:"is_active"`
 }
 
+// GetLitSources godoc
+// @Summary Get literature sources
+// @Description Returns list of all literature sources (maintainer only)
+// @Tags Maintenance
+// @Produce json
+// @Success 200 {array} models.Source "List of literature sources"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/gsm-lit-sources [get]
 func GetLitSources(c *gin.Context) {
 	gs := resolveGameSystemOrDefault(c)
 	if gs == nil {
@@ -92,6 +126,20 @@ func GetLitSources(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"sources": sources})
 }
 
+// UpdateLitSource godoc
+// @Summary Update literature source
+// @Description Updates an existing literature source (maintainer only)
+// @Tags Maintenance
+// @Accept json
+// @Produce json
+// @Param id path int true "Literature source ID"
+// @Param source body models.Source true "Updated literature source data"
+// @Success 200 {object} models.Source "Updated literature source"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/gsm-lit-sources/{id} [put]
 func UpdateLitSource(c *gin.Context) {
 	gs := resolveGameSystemOrDefault(c)
 	if gs == nil {
@@ -150,6 +198,16 @@ type miscUpdateRequest struct {
 	PageNumber *int   `json:"page_number"`
 }
 
+// GetMisc godoc
+// @Summary Get miscellaneous master data
+// @Description Returns list of all miscellaneous master data entries (maintainer only)
+// @Tags Maintenance
+// @Produce json
+// @Success 200 {array} object "List of miscellaneous data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/gsm-misc [get]
 func GetMisc(c *gin.Context) {
 	gs := resolveGameSystemOrDefault(c)
 	if gs == nil {
@@ -171,6 +229,20 @@ func GetMisc(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"misc": items})
 }
 
+// UpdateMisc godoc
+// @Summary Update miscellaneous master data
+// @Description Updates a miscellaneous master data entry (maintainer only)
+// @Tags Maintenance
+// @Accept json
+// @Produce json
+// @Param id path int true "Misc data ID"
+// @Param data body object true "Updated miscellaneous data"
+// @Success 200 {object} object "Updated miscellaneous data"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/gsm-misc/{id} [put]
 func UpdateMisc(c *gin.Context) {
 	gs := resolveGameSystemOrDefault(c)
 	if gs == nil {
@@ -227,6 +299,16 @@ type skillImprovementUpdateRequest struct {
 	DifficultyID *uint `json:"difficulty_id"`
 }
 
+// GetSkillImprovementCost2 godoc
+// @Summary Get skill improvement costs
+// @Description Returns skill improvement cost table (maintainer only)
+// @Tags Maintenance
+// @Produce json
+// @Success 200 {array} models.SkillImprovementCost "Skill improvement costs"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/skill-improvement-cost2 [get]
 func GetSkillImprovementCost2(c *gin.Context) {
 	var costs []models.SkillImprovementCost
 	if err := database.DB.Order("current_level ASC").Find(&costs).Error; err != nil {
@@ -252,6 +334,20 @@ func GetSkillImprovementCost2(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"costs": responses})
 }
 
+// UpdateSkillImprovementCost2 godoc
+// @Summary Update skill improvement cost
+// @Description Updates a skill improvement cost entry (maintainer only)
+// @Tags Maintenance
+// @Accept json
+// @Produce json
+// @Param id path int true "Cost entry ID"
+// @Param cost body models.SkillImprovementCost true "Updated cost data"
+// @Success 200 {object} models.SkillImprovementCost "Updated cost entry"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - maintainer access required"
+// @Security BearerAuth
+// @Router /api/maintenance/skill-improvement-cost2/{id} [put]
 func UpdateSkillImprovementCost2(c *gin.Context) {
 	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
 	if err != nil {

backend/pdfrender/handlers.go

@@ -21,6 +21,15 @@ type TemplateInfo struct {
 }
 
 // ListTemplates returns a list of available export templates
+// ListTemplates godoc
+// @Summary List PDF templates
+// @Description Returns list of available PDF character sheet templates
+// @Tags PDF Export
+// @Produce json
+// @Success 200 {array} object "List of template names"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/pdf/templates [get]
 func ListTemplates(c *gin.Context) {
 	templatesDir := config.Cfg.TemplatesDir
 
@@ -51,6 +60,20 @@ func ListTemplates(c *gin.Context) {
 //   - showUserName: whether to show user name (default: false)
 //
 // Returns JSON with filename: {"filename": "CharacterName_20231225_143045.pdf"}
+// ExportCharacterToPDF godoc
+// @Summary Export character to PDF
+// @Description Generates a PDF character sheet for the specified character
+// @Tags PDF Export
+// @Produce json
+// @Param id path int true "Character ID"
+// @Param template query string false "Template name (default: Default_A4_Quer)"
+// @Success 200 {object} object "PDF export result with filename and URL"
+// @Failure 400 {object} map[string]string "Invalid request"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/pdf/export/{id} [get]
 func ExportCharacterToPDF(c *gin.Context) {
 	// Get character ID
 	charID := c.Param("id")
@@ -194,6 +217,15 @@ func ExportCharacterToPDF(c *gin.Context) {
 }
 
 // GetPDFFile serves a PDF file from the xporttemp directory
+// GetPDFFile godoc
+// @Summary Get PDF file
+// @Description Downloads a generated PDF file (public endpoint)
+// @Tags PDF Export
+// @Produce application/pdf
+// @Param filename path string true "PDF filename"
+// @Success 200 {file} binary "PDF file"
+// @Failure 404 {object} map[string]string "File not found"
+// @Router /api/pdf/file/{filename} [get]
 func GetPDFFile(c *gin.Context) {
 	filename := c.Param("filename")
 	if filename == "" {
@@ -227,6 +259,15 @@ func GetPDFFile(c *gin.Context) {
 }
 
 // CleanupExportTemp removes PDF files older than 7 days from xporttemp directory
+// CleanupExportTemp godoc
+// @Summary Cleanup old PDF files
+// @Description Removes PDF files older than 1 hour from export_temp directory
+// @Tags PDF Export
+// @Produce json
+// @Success 200 {object} object "Cleanup result with number of files deleted"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/pdf/cleanup [post]
 func CleanupExportTemp(c *gin.Context) {
 	// Clean up files older than 7 days
 	maxAge := 7 * 24 * time.Hour

backend/scripts/generate-swagger.sh

@@ -11,6 +11,10 @@ echo ""
 # Change to backend directory
 cd "$(dirname "$0")/.."
 
+# Set up Go bin path
+GOPATH="${GOPATH:-$HOME/go}"
+export PATH="$GOPATH/bin:$PATH"
+
 # Check if swag is installed
 if ! command -v swag &> /dev/null; then
     echo "Installing swag..."

backend/transfero/handlers.go

@@ -15,6 +15,18 @@ func dummyproc(c *gin.Context) {
 }
 
 // ExportCharacterHandler handles character export requests
+// ExportCharacterHandler godoc
+// @Summary Export character as JSON
+// @Description Exports a character as JSON for API consumption
+// @Tags Import/Export
+// @Produce json
+// @Param id path int true "Character ID"
+// @Success 200 {object} object "Character data in JSON format"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/transfer/export/{id} [get]
 func ExportCharacterHandler(c *gin.Context) {
 	// Get character ID from URL parameter
 	charIDStr := c.Param("id")
@@ -36,6 +48,18 @@ func ExportCharacterHandler(c *gin.Context) {
 }
 
 // DownloadCharacterHandler exports character as downloadable JSON file
+// DownloadCharacterHandler godoc
+// @Summary Download character as JSON file
+// @Description Downloads a character as a JSON file attachment
+// @Tags Import/Export
+// @Produce application/json
+// @Param id path int true "Character ID"
+// @Success 200 {file} binary "JSON file download"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Access denied"
+// @Failure 404 {object} map[string]string "Character not found"
+// @Security BearerAuth
+// @Router /api/transfer/download/{id} [get]
 func DownloadCharacterHandler(c *gin.Context) {
 	// Get character ID from URL parameter
 	charIDStr := c.Param("id")
@@ -67,6 +91,18 @@ func DownloadCharacterHandler(c *gin.Context) {
 }
 
 // ImportCharacterHandler handles character import requests
+// ImportCharacterHandler godoc
+// @Summary Import character from JSON
+// @Description Imports a character from JSON data
+// @Tags Import/Export
+// @Accept json
+// @Produce json
+// @Param character body object true "Character JSON data"
+// @Success 201 {object} object "Imported character"
+// @Failure 400 {object} map[string]string "Invalid JSON data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/transfer/import [post]
 func ImportCharacterHandler(c *gin.Context) {
 	// Get user ID from context (set by auth middleware)
 	userID, exists := c.Get("userID")
@@ -102,6 +138,16 @@ func ImportCharacterHandler(c *gin.Context) {
 }
 
 // ExportDatabaseHandler handles full database export requests
+// ExportDatabaseHandler godoc
+// @Summary Export full database
+// @Description Exports the entire database as JSON (admin only)
+// @Tags Import/Export
+// @Produce json
+// @Success 200 {object} object "Database export data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - admin access required"
+// @Security BearerAuth
+// @Router /api/transfer/database/export [post]
 func ExportDatabaseHandler(c *gin.Context) {
 	// Use configured export directory
 	exportDir := config.Cfg.ExportTempDir
@@ -126,6 +172,19 @@ func ExportDatabaseHandler(c *gin.Context) {
 }
 
 // ImportDatabaseHandler handles full database import requests
+// ImportDatabaseHandler godoc
+// @Summary Import full database
+// @Description Imports an entire database from JSON (admin only)
+// @Tags Import/Export
+// @Accept json
+// @Produce json
+// @Param database body object true "Database JSON data"
+// @Success 200 {object} object "Import result"
+// @Failure 400 {object} map[string]string "Invalid JSON data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - admin access required"
+// @Security BearerAuth
+// @Router /api/transfer/database/import [post]
 func ImportDatabaseHandler(c *gin.Context) {
 	// Parse request body with filepath
 	var req struct {

backend/user/admin_handlers.go

@@ -12,7 +12,16 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-// ListUsers returns all users (admin only)
+// ListUsers godoc
+// @Summary List all users
+// @Description Returns a list of all registered users (admin only)
+// @Tags Admin
+// @Produce json
+// @Success 200 {array} User "List of users"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - admin access required"
+// @Security BearerAuth
+// @Router /api/users [get]
 func ListUsers(c *gin.Context) {
 	logger.Debug("Listing all users...")
 
@@ -34,7 +43,19 @@ func ListUsers(c *gin.Context) {
 	c.JSON(http.StatusOK, users)
 }
 
-// GetUser returns a specific user by ID (admin only, or own profile)
+// GetUser godoc
+// @Summary Get user by ID
+// @Description Returns a specific user by ID (admin only, or own profile)
+// @Tags Admin
+// @Produce json
+// @Param id path int true "User ID"
+// @Success 200 {object} User "User data"
+// @Failure 400 {object} map[string]string "Invalid user ID"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden"
+// @Failure 404 {object} map[string]string "User not found"
+// @Security BearerAuth
+// @Router /api/users/{id} [get]
 func GetUser(c *gin.Context) {
 	logger.Debug("Fetching user by ID...")
 
@@ -85,6 +106,21 @@ func GetUser(c *gin.Context) {
 }
 
 // UpdateUserRole updates a user's role (admin only)
+// UpdateUserRole godoc
+// @Summary Update user role
+// @Description Updates the role of a specific user (admin only)
+// @Tags Admin
+// @Accept json
+// @Produce json
+// @Param id path int true "User ID"
+// @Param role body object{role=string} true "New role ('user' or 'admin')"
+// @Success 200 {object} map[string]string "Role updated successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - admin access required"
+// @Failure 404 {object} map[string]string "User not found"
+// @Security BearerAuth
+// @Router /api/users/{id}/role [put]
 func UpdateUserRole(c *gin.Context) {
 	logger.Debug("Updating user role...")
 
@@ -146,6 +182,19 @@ func UpdateUserRole(c *gin.Context) {
 }
 
 // DeleteUser deletes a user (admin only)
+// DeleteUser godoc
+// @Summary Delete user
+// @Description Deletes a user account (admin only)
+// @Tags Admin
+// @Produce json
+// @Param id path int true "User ID"
+// @Success 200 {object} map[string]string "User deleted successfully"
+// @Failure 400 {object} map[string]string "Invalid user ID"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - admin access required"
+// @Failure 404 {object} map[string]string "User not found"
+// @Security BearerAuth
+// @Router /api/users/{id} [delete]
 func DeleteUser(c *gin.Context) {
 	logger.Debug("Deleting user...")
 
@@ -199,6 +248,21 @@ func DeleteUser(c *gin.Context) {
 }
 
 // ChangeUserPassword allows admin to change a user's password (admin only)
+// ChangeUserPassword godoc
+// @Summary Change user password (admin)
+// @Description Changes the password for any user (admin only)
+// @Tags Admin
+// @Accept json
+// @Produce json
+// @Param id path int true "User ID"
+// @Param password body object{new_password=string} true "New password"
+// @Success 200 {object} map[string]string "Password changed successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 403 {object} map[string]string "Forbidden - admin access required"
+// @Failure 404 {object} map[string]string "User not found"
+// @Security BearerAuth
+// @Router /api/users/{id}/password [put]
 func ChangeUserPassword(c *gin.Context) {
 	logger.Debug("Admin changing user password...")
 

backend/user/handlers.go

@@ -24,6 +24,17 @@ func respondWithError(c *gin.Context, status int, message string) {
 	c.JSON(status, gin.H{"error": message})
 }
 
+// RegisterUser godoc
+// @Summary Register a new user
+// @Description Creates a new user account with username, email, and password
+// @Tags Authentication
+// @Accept json
+// @Produce json
+// @Param user body object{username=string,email=string,password_hash=string} true "User registration data"
+// @Success 201 {object} map[string]string "User registered successfully"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 500 {object} map[string]string "Failed to create user"
+// @Router /register [post]
 func RegisterUser(c *gin.Context) {
 	logger.Debug("Starte Benutzerregistrierung...")
 
@@ -79,6 +90,7 @@ func RegisterUser(c *gin.Context) {
 	c.JSON(http.StatusCreated, gin.H{"message": "User registered successfully:"})
 }
 
+// GenerateToken creates a JWT token for the given user
 func GenerateToken(u *User) string {
 	logger.Debug("Generiere Token für Benutzer: %s (ID: %d)", u.Username, u.UserID)
 
@@ -151,6 +163,17 @@ func CheckToken(token string) *User {
 	return nil
 }
 
+// LoginUser godoc
+// @Summary User login
+// @Description Authenticates a user and returns a JWT token
+// @Tags Authentication
+// @Accept json
+// @Produce json
+// @Param credentials body object{username=string,password=string} true "Login credentials"
+// @Success 200 {object} map[string]interface{} "Login successful with token and user data"
+// @Failure 400 {object} map[string]string "Invalid request data"
+// @Failure 401 {object} map[string]string "Invalid credentials"
+// @Router /login [post]
 func LoginUser(c *gin.Context) {
 	logger.Debug("Starte Benutzer-Anmeldung...")
 
@@ -329,6 +352,16 @@ func sendResetEmail(email, username, resetHash, frontendURL string) error {
 }
 
 // RequestPasswordReset Handler für Passwort-Reset-Anfrage
+// RequestPasswordReset godoc
+// @Summary Request password reset
+// @Description Sends a password reset email to the user
+// @Tags Authentication
+// @Accept json
+// @Produce json
+// @Param email body object{email=string} true "User email address"
+// @Success 200 {object} map[string]string "Password reset email sent"
+// @Failure 400 {object} map[string]string "Invalid email format"
+// @Router /password-reset/request [post]
 func RequestPasswordReset(c *gin.Context) {
 	logger.Debug("Starte Passwort-Reset-Anfrage...")
 
@@ -391,6 +424,16 @@ func RequestPasswordReset(c *gin.Context) {
 }
 
 // ResetPassword Handler für das Zurücksetzen des Passworts
+// ResetPassword godoc
+// @Summary Reset password
+// @Description Resets user password using a valid reset token
+// @Tags Authentication
+// @Accept json
+// @Produce json
+// @Param reset_data body object{token=string,new_password=string} true "Reset token and new password"
+// @Success 200 {object} map[string]string "Password reset successful"
+// @Failure 400 {object} map[string]string "Invalid token or password"
+// @Router /password-reset/reset [post]
 func ResetPassword(c *gin.Context) {
 	logger.Debug("Starte Passwort-Reset...")
 
@@ -446,6 +489,15 @@ func ResetPassword(c *gin.Context) {
 }
 
 // ValidateResetToken Handler zur Validierung eines Reset-Tokens
+// ValidateResetToken godoc
+// @Summary Validate reset token
+// @Description Validates a password reset token
+// @Tags Authentication
+// @Produce json
+// @Param token path string true "Reset token"
+// @Success 200 {object} map[string]string "Token is valid"
+// @Failure 400 {object} map[string]string "Invalid or expired token"
+// @Router /password-reset/validate/{token} [get]
 func ValidateResetToken(c *gin.Context) {
 	logger.Debug("Validiere Reset-Token...")
 
@@ -479,6 +531,16 @@ func ValidateResetToken(c *gin.Context) {
 }
 
 // GetUserProfile Handler to get current user's profile information
+// GetUserProfile godoc
+// @Summary Get current user profile
+// @Description Returns the profile information of the authenticated user
+// @Tags User
+// @Produce json
+// @Success 200 {object} User "User profile data"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Failure 404 {object} map[string]string "User not found"
+// @Security BearerAuth
+// @Router /api/user/profile [get]
 func GetUserProfile(c *gin.Context) {
 	logger.Debug("Lade Benutzerprofil...")
 
@@ -509,6 +571,18 @@ func GetUserProfile(c *gin.Context) {
 }
 
 // UpdateEmail Handler to update user's email address
+// UpdateEmail godoc
+// @Summary Update user email
+// @Description Updates the email address of the authenticated user
+// @Tags User
+// @Accept json
+// @Produce json
+// @Param email body object{email=string} true "New email address"
+// @Success 200 {object} map[string]string "Email updated successfully"
+// @Failure 400 {object} map[string]string "Invalid email format"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/user/email [put]
 func UpdateEmail(c *gin.Context) {
 	logger.Debug("Starte E-Mail-Aktualisierung...")
 
@@ -562,6 +636,18 @@ func UpdateEmail(c *gin.Context) {
 }
 
 // UpdatePassword Handler to update user's password
+// UpdatePassword godoc
+// @Summary Update user password
+// @Description Updates the password of the authenticated user
+// @Tags User
+// @Accept json
+// @Produce json
+// @Param passwords body object{old_password=string,new_password=string} true "Old and new passwords"
+// @Success 200 {object} map[string]string "Password updated successfully"
+// @Failure 400 {object} map[string]string "Invalid password data"
+// @Failure 401 {object} map[string]string "Unauthorized or wrong old password"
+// @Security BearerAuth
+// @Router /api/user/password [put]
 func UpdatePassword(c *gin.Context) {
 	logger.Debug("Starte Passwort-Aktualisierung...")
 
@@ -616,6 +702,18 @@ func UpdatePassword(c *gin.Context) {
 }
 
 // UpdateLanguage Handler to update user's preferred language
+// UpdateLanguage godoc
+// @Summary Update preferred language
+// @Description Updates the preferred language setting for the authenticated user
+// @Tags User
+// @Accept json
+// @Produce json
+// @Param language body object{language=string} true "Language code (e.g., 'en', 'de')"
+// @Success 200 {object} map[string]string "Language updated successfully"
+// @Failure 400 {object} map[string]string "Invalid language code"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/user/language [put]
 func UpdateLanguage(c *gin.Context) {
 	logger.Debug("Starte Sprach-Aktualisierung...")
 
@@ -666,6 +764,18 @@ func UpdateLanguage(c *gin.Context) {
 }
 
 // UpdateDisplayName Handler to update user's display name
+// UpdateDisplayName godoc
+// @Summary Update display name
+// @Description Updates the display name of the authenticated user
+// @Tags User
+// @Accept json
+// @Produce json
+// @Param display_name body object{display_name=string} true "New display name"
+// @Success 200 {object} map[string]string "Display name updated successfully"
+// @Failure 400 {object} map[string]string "Invalid display name"
+// @Failure 401 {object} map[string]string "Unauthorized"
+// @Security BearerAuth
+// @Router /api/user/display-name [put]
 func UpdateDisplayName(c *gin.Context) {
 	logger.Debug("Starte Anzeigenamen-Aktualisierung...")