More Persian lang updates

Persian Locale
Merge pull request #4785 from NginxProxyManager/react
2025-12-06 00:16:49 +00:00 · 2025-11-03 08:12:52 +10:00 · 2025-11-02 22:52:43 +10:00 · 2025-11-02 22:48:16 +10:00 · 2025-11-02 21:28:25 +10:00 · 2025-10-31 12:50:54 +10:00
196 changed files with 5592 additions and 1672 deletions
--- a/backend/biome.json
+++ b/backend/biome.json
@@ -1,5 +1,5 @@
 {
-    "$schema": "https://biomejs.dev/schemas/2.2.4/schema.json",
+    "$schema": "https://biomejs.dev/schemas/2.3.1/schema.json",
    "vcs": {
        "enabled": true,
        "clientKind": "git",
--- a/backend/internal/access-list.js
+++ b/backend/internal/access-list.js
@@ -195,11 +195,11 @@ const internalAccessList = {
 		);

 		await internalAccessList.build(freshRow)
-		if (Number.parseInt(row.proxy_host_count, 10)) {
-			await internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
+		if (Number.parseInt(freshRow.proxy_host_count, 10)) {
+			await internalNginx.bulkGenerateConfigs("proxy_host", freshRow.proxy_hosts);
 		}
 		await internalNginx.reload();
-		return internalAccessList.maskItems(row);
+		return internalAccessList.maskItems(freshRow);
 	},

 	/**
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -1,9 +1,9 @@
 import fs from "node:fs";
 import https from "node:https";
+import path from "path";
 import archiver from "archiver";
 import _ from "lodash";
 import moment from "moment";
-import path from "path";
 import tempWrite from "temp-write";
 import dnsPlugins from "../certbot/dns-plugins.json" with { type: "json" };
 import { installPlugin } from "../lib/certbot.js";
@@ -20,17 +20,15 @@ import internalNginx from "./nginx.js";

 const letsencryptConfig = "/etc/letsencrypt.ini";
 const certbotCommand = "certbot";
+const certbotLogsDir = "/data/logs";
+const certbotWorkDir = "/tmp/letsencrypt-lib";

 const omissions = () => {
-	return ["is_deleted", "owner.is_deleted"];
+	return ["is_deleted", "owner.is_deleted", "meta.dns_provider_credentials"];
 };

 const internalCertificate = {
-	allowedSslFiles: [
-		"certificate",
-		"certificate_key",
-		"intermediate_certificate",
-	],
+	allowedSslFiles: ["certificate", "certificate_key", "intermediate_certificate"],
 	intervalTimeout: 1000 * 60 * 60, // 1 hour
 	interval: null,
 	intervalProcessing: false,
@@ -57,10 +55,7 @@ const internalCertificate = {
 			);

 			const expirationThreshold = moment()
-				.add(
-					internalCertificate.renewBeforeExpirationBy[0],
-					internalCertificate.renewBeforeExpirationBy[1],
-				)
+				.add(internalCertificate.renewBeforeExpirationBy[0], internalCertificate.renewBeforeExpirationBy[1])
 				.format("YYYY-MM-DD HH:mm:ss");

 			// Fetch all the letsencrypt certs from the db that will expire within the configured threshold
@@ -127,10 +122,7 @@ const internalCertificate = {
 		}

 		// this command really should clean up and delete the cert if it can't fully succeed
-		const certificate = await certificateModel
-			.query()
-			.insertAndFetch(data)
-			.then(utils.omitRow(omissions()));
+		const certificate = await certificateModel.query().insertAndFetch(data);

 		try {
 			if (certificate.provider === "letsencrypt") {
@@ -144,18 +136,12 @@ const internalCertificate = {
 				// 6. Re-instate previously disabled hosts

 				// 1. Find out any hosts that are using any of the hostnames in this cert
-				const inUseResult = await internalHost.getHostsWithDomains(
-					certificate.domain_names,
-				);
+				const inUseResult = await internalHost.getHostsWithDomains(certificate.domain_names);

 				// 2. Disable them in nginx temporarily
 				await internalCertificate.disableInUseHosts(inUseResult);

-				const user = await userModel
-					.query()
-					.where("is_deleted", 0)
-					.andWhere("id", data.owner_user_id)
-					.first();
+				const user = await userModel.query().where("is_deleted", 0).andWhere("id", data.owner_user_id).first();
 				if (!user || !user.email) {
 					throw new error.ValidationError(
 						"A valid email address must be set on your user account to use Let's Encrypt",
@@ -167,10 +153,7 @@ const internalCertificate = {
 					try {
 						await internalNginx.reload();
 						// 4. Request cert
-						await internalCertificate.requestLetsEncryptSslWithDnsChallenge(
-							certificate,
-							user.email,
-						);
+						await internalCertificate.requestLetsEncryptSslWithDnsChallenge(certificate, user.email);
 						await internalNginx.reload();
 						// 6. Re-instate previously disabled hosts
 						await internalCertificate.enableInUseHosts(inUseResult);
@@ -187,10 +170,7 @@ const internalCertificate = {
 						await internalNginx.reload();
 						setTimeout(() => {}, 5000);
 						// 4. Request cert
-						await internalCertificate.requestLetsEncryptSsl(
-							certificate,
-							user.email,
-						);
+						await internalCertificate.requestLetsEncryptSsl(certificate, user.email);
 						// 5. Remove LE config
 						await internalNginx.deleteLetsEncryptRequestConfig(certificate);
 						await internalNginx.reload();
@@ -214,9 +194,7 @@ const internalCertificate = {
 					const savedRow = await certificateModel
 						.query()
 						.patchAndFetchById(certificate.id, {
-							expires_on: moment(certInfo.dates.to, "X").format(
-								"YYYY-MM-DD HH:mm:ss",
-							),
+							expires_on: moment(certInfo.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"),
 						})
 						.then(utils.omitRow(omissions()));

@@ -224,6 +202,9 @@ const internalCertificate = {
 					savedRow.meta = _.assign({}, savedRow.meta, {
 						letsencrypt_certificate: certInfo,
 					});
+
+					await internalCertificate.addCreatedAuditLog(access, certificate.id, savedRow);
+
 					return savedRow;
 				} catch (err) {
 					// Delete the certificate from the database if it was not created successfully
@@ -240,14 +221,18 @@ const internalCertificate = {
 		data.meta = _.assign({}, data.meta || {}, certificate.meta);

 		// Add to audit log
+		await internalCertificate.addCreatedAuditLog(access, certificate.id, utils.omitRow(omissions())(data));
+
+		return utils.omitRow(omissions())(certificate);
+	},
+
+	addCreatedAuditLog: async (access, certificate_id, meta) => {
 		await internalAuditLog.add(access, {
 			action: "created",
 			object_type: "certificate",
-			object_id: certificate.id,
-			meta: data,
+			object_id: certificate_id,
+			meta: meta,
 		});
-
-		return certificate;
 	},

 	/**
@@ -307,10 +292,7 @@ const internalCertificate = {
 			.query()
 			.where("is_deleted", 0)
 			.andWhere("id", data.id)
-			.allowGraph("[owner]")
-			.allowGraph("[proxy_hosts]")
-			.allowGraph("[redirection_hosts]")
-			.allowGraph("[dead_hosts]")
+			.allowGraph("[owner,proxy_hosts,redirection_hosts,dead_hosts,streams]")
 			.first();

 		if (accessData.permission_visibility !== "all") {
@@ -327,7 +309,24 @@ const internalCertificate = {
 		}
 		// Custom omissions
 		if (typeof data.omit !== "undefined" && data.omit !== null) {
-			return _.omit(row, data.omit);
+			return _.omit(row, [...data.omit]);
+		}
+
+		return internalCertificate.cleanExpansions(row);
+	},
+
+	cleanExpansions: (row) => {
+		if (typeof row.proxy_hosts !== "undefined") {
+			row.proxy_hosts = utils.omitRows(["is_deleted"])(row.proxy_hosts);
+		}
+		if (typeof row.redirection_hosts !== "undefined") {
+			row.redirection_hosts = utils.omitRows(["is_deleted"])(row.redirection_hosts);
+		}
+		if (typeof row.dead_hosts !== "undefined") {
+			row.dead_hosts = utils.omitRows(["is_deleted"])(row.dead_hosts);
+		}
+		if (typeof row.streams !== "undefined") {
+			row.streams = utils.omitRows(["is_deleted"])(row.streams);
 		}
 		return row;
 	},
@@ -344,9 +343,7 @@ const internalCertificate = {
 		if (certificate.provider === "letsencrypt") {
 			const zipDirectory = internalCertificate.getLiveCertPath(data.id);
 			if (!fs.existsSync(zipDirectory)) {
-				throw new error.ItemNotFoundError(
-					`Certificate ${certificate.nice_name} does not exists`,
-				);
+				throw new error.ItemNotFoundError(`Certificate ${certificate.nice_name} does not exists`);
 			}

 			const certFiles = fs
@@ -363,9 +360,7 @@ const internalCertificate = {
 				fileName: opName,
 			};
 		}
-		throw new error.ValidationError(
-			"Only Let'sEncrypt certificates can be downloaded",
-		);
+		throw new error.ValidationError("Only Let'sEncrypt certificates can be downloaded");
 	},

 	/**
@@ -441,7 +436,7 @@ const internalCertificate = {
 			.query()
 			.where("is_deleted", 0)
 			.groupBy("id")
-			.allowGraph("[owner,proxy_hosts,redirection_hosts,dead_hosts]")
+			.allowGraph("[owner,proxy_hosts,redirection_hosts,dead_hosts,streams]")
 			.orderBy("nice_name", "ASC");

 		if (accessData.permission_visibility !== "all") {
@@ -459,7 +454,11 @@ const internalCertificate = {
 			query.withGraphFetched(`[${expand.join(", ")}]`);
 		}

-		return await query.then(utils.omitRows(omissions()));
+		const r = await query.then(utils.omitRows(omissions()));
+		for (let i = 0; i < r.length; i++) {
+			r[i] = internalCertificate.cleanExpansions(r[i]);
+		}
+		return r;
 	},

 	/**
@@ -470,10 +469,7 @@ const internalCertificate = {
 	 * @returns {Promise}
 	 */
 	getCount: async (userId, visibility) => {
-		const query = certificateModel
-			.query()
-			.count("id as count")
-			.where("is_deleted", 0);
+		const query = certificateModel.query().count("id as count").where("is_deleted", 0);

 		if (visibility !== "all") {
 			query.andWhere("owner_user_id", userId);
@@ -521,17 +517,13 @@ const internalCertificate = {
 			});
 		}).then(() => {
 			return new Promise((resolve, reject) => {
-				fs.writeFile(
-					`${dir}/privkey.pem`,
-					certificate.meta.certificate_key,
-					(err) => {
-						if (err) {
-							reject(err);
-						} else {
-							resolve();
-						}
-					},
-				);
+				fs.writeFile(`${dir}/privkey.pem`, certificate.meta.certificate_key, (err) => {
+					if (err) {
+						reject(err);
+					} else {
+						resolve();
+					}
+				});
 			});
 		});
 	},
@@ -604,9 +596,7 @@ const internalCertificate = {
 	upload: async (access, data) => {
 		const row = await internalCertificate.get(access, { id: data.id });
 		if (row.provider !== "other") {
-			throw new error.ValidationError(
-				"Cannot upload certificates for this type of provider",
-			);
+			throw new error.ValidationError("Cannot upload certificates for this type of provider");
 		}

 		const validations = await internalCertificate.validate(data);
@@ -622,9 +612,7 @@ const internalCertificate = {

 		const certificate = await internalCertificate.update(access, {
 			id: data.id,
-			expires_on: moment(validations.certificate.dates.to, "X").format(
-				"YYYY-MM-DD HH:mm:ss",
-			),
+			expires_on: moment(validations.certificate.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"),
 			domain_names: [validations.certificate.cn],
 			meta: _.clone(row.meta), // Prevent the update method from changing this value that we'll use later
 		});
@@ -649,9 +637,7 @@ const internalCertificate = {
 		}, 10000);

 		try {
-			const result = await utils.exec(
-				`openssl pkey -in ${filepath} -check -noout 2>&1 `,
-			);
+			const result = await utils.exec(`openssl pkey -in ${filepath} -check -noout 2>&1 `);
 			clearTimeout(failTimeout);
 			if (!result.toLowerCase().includes("key is valid")) {
 				throw new error.ValidationError(`Result Validation Error: ${result}`);
@@ -661,10 +647,7 @@ const internalCertificate = {
 		} catch (err) {
 			clearTimeout(failTimeout);
 			fs.unlinkSync(filepath);
-			throw new error.ValidationError(
-				`Certificate Key is not valid (${err.message})`,
-				err,
-			);
+			throw new error.ValidationError(`Certificate Key is not valid (${err.message})`, err);
 		}
 	},

@@ -678,10 +661,7 @@ const internalCertificate = {
 	getCertificateInfo: async (certificate, throwExpired) => {
 		try {
 			const filepath = await tempWrite(certificate, "/tmp");
-			const certData = await internalCertificate.getCertificateInfoFromFile(
-				filepath,
-				throwExpired,
-			);
+			const certData = await internalCertificate.getCertificateInfoFromFile(filepath, throwExpired);
 			fs.unlinkSync(filepath);
 			return certData;
 		} catch (err) {
@@ -701,13 +681,7 @@ const internalCertificate = {
 		const certData = {};

 		try {
-			const result = await utils.execFile("openssl", [
-				"x509",
-				"-in",
-				certificateFile,
-				"-subject",
-				"-noout",
-			]);
+			const result = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-subject", "-noout"]);
 			// Examples:
 			// subject=CN = *.jc21.com
 			// subject=CN = something.example.com
@@ -717,13 +691,7 @@ const internalCertificate = {
 				certData.cn = match[1];
 			}

-			const result2 = await utils.execFile("openssl", [
-				"x509",
-				"-in",
-				certificateFile,
-				"-issuer",
-				"-noout",
-			]);
+			const result2 = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-issuer", "-noout"]);
 			// Examples:
 			// issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 			// issuer=C = US, O = Let's Encrypt, CN = E5
@@ -734,13 +702,7 @@ const internalCertificate = {
 				certData.issuer = match2[1];
 			}

-			const result3 = await utils.execFile("openssl", [
-				"x509",
-				"-in",
-				certificateFile,
-				"-dates",
-				"-noout",
-			]);
+			const result3 = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-dates", "-noout"]);
 			// notBefore=Jul 14 04:04:29 2018 GMT
 			// notAfter=Oct 12 04:04:29 2018 GMT
 			let validFrom = null;
@@ -752,10 +714,7 @@ const internalCertificate = {
 				const match = regex.exec(str.trim());

 				if (match && typeof match[2] !== "undefined") {
-					const date = Number.parseInt(
-						moment(match[2], "MMM DD HH:mm:ss YYYY z").format("X"),
-						10,
-					);
+					const date = Number.parseInt(moment(match[2], "MMM DD HH:mm:ss YYYY z").format("X"), 10);

 					if (match[1].toLowerCase() === "notbefore") {
 						validFrom = date;
@@ -767,15 +726,10 @@ const internalCertificate = {
 			});

 			if (!validFrom || !validTo) {
-				throw new error.ValidationError(
-					`Could not determine dates from certificate: ${result}`,
-				);
+				throw new error.ValidationError(`Could not determine dates from certificate: ${result}`);
 			}

-			if (
-				throw_expired &&
-				validTo < Number.parseInt(moment().format("X"), 10)
-			) {
+			if (throw_expired && validTo < Number.parseInt(moment().format("X"), 10)) {
 				throw new error.ValidationError("Certificate has expired");
 			}

@@ -786,10 +740,7 @@ const internalCertificate = {

 			return certData;
 		} catch (err) {
-			throw new error.ValidationError(
-				`Certificate is not valid (${err.message})`,
-				err,
-			);
+			throw new error.ValidationError(`Certificate is not valid (${err.message})`, err);
 		}
 	},

@@ -830,18 +781,18 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-name",
 			`npm-${certificate.id}`,
 			"--agree-tos",
 			"--authenticator",
 			"webroot",
-			"--email",
+			"-m",
 			email,
 			"--preferred-challenges",
-			"dns,http",
+			"http",
 			"--domains",
 			certificate.domain_names.join(","),
 		];
@@ -870,11 +821,7 @@ const internalCertificate = {

 		const credentialsLocation = `/etc/letsencrypt/credentials/credentials-${certificate.id}`;
 		fs.mkdirSync("/etc/letsencrypt/credentials", { recursive: true });
-		fs.writeFileSync(
-			credentialsLocation,
-			certificate.meta.dns_provider_credentials,
-			{ mode: 0o600 },
-		);
+		fs.writeFileSync(credentialsLocation, certificate.meta.dns_provider_credentials, { mode: 0o600 });

 		// Whether the plugin has a --<name>-credentials argument
 		const hasConfigArg = certificate.meta.dns_provider !== "route53";
@@ -884,14 +831,16 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-name",
 			`npm-${certificate.id}`,
 			"--agree-tos",
-			"--email",
+			"-m",
 			email,
+			"--preferred-challenges",
+			"dns",
 			"--domains",
 			certificate.domain_names.join(","),
 			"--authenticator",
@@ -899,10 +848,7 @@ const internalCertificate = {
 		];

 		if (hasConfigArg) {
-			args.push(
-				`--${dnsPlugin.full_plugin_name}-credentials`,
-				credentialsLocation,
-			);
+			args.push(`--${dnsPlugin.full_plugin_name}-credentials`, credentialsLocation);
 		}
 		if (certificate.meta.propagation_seconds !== undefined) {
 			args.push(
@@ -911,10 +857,7 @@ const internalCertificate = {
 			);
 		}

-		const adds = internalCertificate.getAdditionalCertbotArgs(
-			certificate.id,
-			certificate.meta.dns_provider,
-		);
+		const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider);
 		args.push(...adds.args);

 		logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`);
@@ -950,13 +893,9 @@ const internalCertificate = {
 				`${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`,
 			);

-			const updatedCertificate = await certificateModel
-				.query()
-				.patchAndFetchById(certificate.id, {
-					expires_on: moment(certInfo.dates.to, "X").format(
-						"YYYY-MM-DD HH:mm:ss",
-					),
-				});
+			const updatedCertificate = await certificateModel.query().patchAndFetchById(certificate.id, {
+				expires_on: moment(certInfo.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"),
+			});

 			// Add to audit log
 			await internalAuditLog.add(access, {
@@ -965,11 +904,11 @@ const internalCertificate = {
 				object_id: updatedCertificate.id,
 				meta: updatedCertificate,
 			});
-		} else {
-			throw new error.ValidationError(
-				"Only Let'sEncrypt certificates can be renewed",
-			);
+
+			return updatedCertificate;
 		}
+
+		throw new error.ValidationError("Only Let'sEncrypt certificates can be renewed");
 	},

 	/**
@@ -987,21 +926,18 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-name",
 			`npm-${certificate.id}`,
 			"--preferred-challenges",
-			"dns,http",
+			"http",
 			"--no-random-sleep-on-renew",
 			"--disable-hook-validation",
 		];

-		const adds = internalCertificate.getAdditionalCertbotArgs(
-			certificate.id,
-			certificate.meta.dns_provider,
-		);
+		const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider);
 		args.push(...adds.args);

 		logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`);
@@ -1031,19 +967,18 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-name",
 			`npm-${certificate.id}`,
+			"--preferred-challenges",
+			"dns",
 			"--disable-hook-validation",
 			"--no-random-sleep-on-renew",
 		];

-		const adds = internalCertificate.getAdditionalCertbotArgs(
-			certificate.id,
-			certificate.meta.dns_provider,
-		);
+		const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider);
 		args.push(...adds.args);

 		logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`);
@@ -1068,9 +1003,9 @@ const internalCertificate = {
 			"--config",
 			letsencryptConfig,
 			"--work-dir",
-			"/tmp/letsencrypt-lib",
+			certbotWorkDir,
 			"--logs-dir",
-			"/tmp/letsencrypt-log",
+			certbotLogsDir,
 			"--cert-path",
 			`${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`,
 			"--delete-after-revoke",
@@ -1083,9 +1018,7 @@ const internalCertificate = {

 		try {
 			const result = await utils.execFile(certbotCommand, args, adds.opts);
-			await utils.exec(
-				`rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`,
-			);
+			await utils.exec(`rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`);
 			logger.info(result);
 			return result;
 		} catch (err) {
@@ -1102,10 +1035,7 @@ const internalCertificate = {
 	 */
 	hasLetsEncryptSslCerts: (certificate) => {
 		const letsencryptPath = internalCertificate.getLiveCertPath(certificate.id);
-		return (
-			fs.existsSync(`${letsencryptPath}/fullchain.pem`) &&
-			fs.existsSync(`${letsencryptPath}/privkey.pem`)
-		);
+		return fs.existsSync(`${letsencryptPath}/fullchain.pem`) && fs.existsSync(`${letsencryptPath}/privkey.pem`);
 	},

 	/**
@@ -1119,24 +1049,15 @@ const internalCertificate = {
 	disableInUseHosts: async (inUseResult) => {
 		if (inUseResult?.total_count) {
 			if (inUseResult?.proxy_hosts.length) {
-				await internalNginx.bulkDeleteConfigs(
-					"proxy_host",
-					inUseResult.proxy_hosts,
-				);
+				await internalNginx.bulkDeleteConfigs("proxy_host", inUseResult.proxy_hosts);
 			}

 			if (inUseResult?.redirection_hosts.length) {
-				await internalNginx.bulkDeleteConfigs(
-					"redirection_host",
-					inUseResult.redirection_hosts,
-				);
+				await internalNginx.bulkDeleteConfigs("redirection_host", inUseResult.redirection_hosts);
 			}

 			if (inUseResult?.dead_hosts.length) {
-				await internalNginx.bulkDeleteConfigs(
-					"dead_host",
-					inUseResult.dead_hosts,
-				);
+				await internalNginx.bulkDeleteConfigs("dead_host", inUseResult.dead_hosts);
 			}
 		}
 	},
@@ -1152,24 +1073,15 @@ const internalCertificate = {
 	enableInUseHosts: async (inUseResult) => {
 		if (inUseResult.total_count) {
 			if (inUseResult.proxy_hosts.length) {
-				await internalNginx.bulkGenerateConfigs(
-					"proxy_host",
-					inUseResult.proxy_hosts,
-				);
+				await internalNginx.bulkGenerateConfigs("proxy_host", inUseResult.proxy_hosts);
 			}

 			if (inUseResult.redirection_hosts.length) {
-				await internalNginx.bulkGenerateConfigs(
-					"redirection_host",
-					inUseResult.redirection_hosts,
-				);
+				await internalNginx.bulkGenerateConfigs("redirection_host", inUseResult.redirection_hosts);
 			}

 			if (inUseResult.dead_hosts.length) {
-				await internalNginx.bulkGenerateConfigs(
-					"dead_host",
-					inUseResult.dead_hosts,
-				);
+				await internalNginx.bulkGenerateConfigs("dead_host", inUseResult.dead_hosts);
 			}
 		}
 	},
@@ -1184,8 +1096,7 @@ const internalCertificate = {
 		await access.can("certificates:list");

 		// Create a test challenge file
-		const testChallengeDir =
-			"/data/letsencrypt-acme-challenge/.well-known/acme-challenge";
+		const testChallengeDir = "/data/letsencrypt-acme-challenge/.well-known/acme-challenge";
 		const testChallengeFile = `${testChallengeDir}/test-challenge`;
 		fs.mkdirSync(testChallengeDir, { recursive: true });
 		fs.writeFileSync(testChallengeFile, "Success", { encoding: "utf8" });
@@ -1215,42 +1126,38 @@ const internalCertificate = {
 		};

 		const result = await new Promise((resolve) => {
-			const req = https.request(
-				"https://www.site24x7.com/tools/restapi-tester",
-				options,
-				(res) => {
-					let responseBody = "";
+			const req = https.request("https://www.site24x7.com/tools/restapi-tester", options, (res) => {
+				let responseBody = "";

-					res.on("data", (chunk) => {
-						responseBody = responseBody + chunk;
-					});
+				res.on("data", (chunk) => {
+					responseBody = responseBody + chunk;
+				});

-					res.on("end", () => {
-						try {
-							const parsedBody = JSON.parse(`${responseBody}`);
-							if (res.statusCode !== 200) {
-								logger.warn(
-									`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned: ${parsedBody.message}`,
-								);
-								resolve(undefined);
-							} else {
-								resolve(parsedBody);
-							}
-						} catch (err) {
-							if (res.statusCode !== 200) {
-								logger.warn(
-									`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned`,
-								);
-							} else {
-								logger.warn(
-									`Failed to test HTTP challenge for domain ${domain} because response failed to be parsed: ${err.message}`,
-								);
-							}
+				res.on("end", () => {
+					try {
+						const parsedBody = JSON.parse(`${responseBody}`);
+						if (res.statusCode !== 200) {
+							logger.warn(
+								`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned: ${parsedBody.message}`,
+							);
 							resolve(undefined);
+						} else {
+							resolve(parsedBody);
 						}
-					});
-				},
-			);
+					} catch (err) {
+						if (res.statusCode !== 200) {
+							logger.warn(
+								`Failed to test HTTP challenge for domain ${domain} because HTTP status code ${res.statusCode} was returned`,
+							);
+						} else {
+							logger.warn(
+								`Failed to test HTTP challenge for domain ${domain} because response failed to be parsed: ${err.message}`,
+							);
+						}
+						resolve(undefined);
+					}
+				});
+			});

 			// Make sure to write the request body.
 			req.write(formBody);
@@ -1271,10 +1178,7 @@ const internalCertificate = {
 			);
 			return `other:${result.error.msg}`;
 		}
-		if (
-			`${result.responsecode}` === "200" &&
-			result.htmlresponse === "Success"
-		) {
+		if (`${result.responsecode}` === "200" && result.htmlresponse === "Success") {
 			// Server exists and has responded with the correct data
 			return "ok";
 		}
@@ -1288,26 +1192,19 @@ const internalCertificate = {
 		}
 		if (`${result.responsecode}` === "404") {
 			// Server exists but responded with a 404
-			logger.info(
-				`HTTP challenge test failed for domain ${domain} because code 404 was returned`,
-			);
+			logger.info(`HTTP challenge test failed for domain ${domain} because code 404 was returned`);
 			return "404";
 		}
 		if (
 			`${result.responsecode}` === "0" ||
-			(typeof result.reason === "string" &&
-				result.reason.toLowerCase() === "host unavailable")
+			(typeof result.reason === "string" && result.reason.toLowerCase() === "host unavailable")
 		) {
 			// Server does not exist at domain
-			logger.info(
-				`HTTP challenge test failed for domain ${domain} the host was not found`,
-			);
+			logger.info(`HTTP challenge test failed for domain ${domain} the host was not found`);
 			return "no-host";
 		}
 		// Other errors
-		logger.info(
-			`HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`,
-		);
+		logger.info(`HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`);
 		return `other:${result.responsecode}`;
 	},

--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@@ -381,14 +381,14 @@ const internalNginx = {
 	},

 	/**
-	 * @param   {String}  host_type
+	 * @param   {String}  hostType
 	 * @param   {Array}   hosts
 	 * @returns {Promise}
 	 */
-	bulkGenerateConfigs: (host_type, hosts) => {
+	bulkGenerateConfigs: (hostType, hosts) => {
 		const promises = [];
 		hosts.map((host) => {
-			promises.push(internalNginx.generateConfig(host_type, host));
+			promises.push(internalNginx.generateConfig(hostType, host));
 			return true;
 		});

--- a/backend/lib/access.js
+++ b/backend/lib/access.js
@@ -265,7 +265,7 @@ export default function (tokenString) {
 					schemas: [roleSchema, permsSchema, objectSchema, permissionSchema],
 				});

-				const valid = ajv.validate("permissions", dataSchema);
+				const valid = await ajv.validate("permissions", dataSchema);
 				return valid && dataSchema[permission];
 			} catch (err) {
 				err.permission = permission;
--- a/backend/models/certificate.js
+++ b/backend/models/certificate.js
@@ -8,6 +8,7 @@ import deadHostModel from "./dead_host.js";
 import now from "./now_helper.js";
 import proxyHostModel from "./proxy_host.js";
 import redirectionHostModel from "./redirection_host.js";
+import streamModel from "./stream.js";
 import userModel from "./user.js";

 Model.knex(db);
@@ -114,6 +115,17 @@ class Certificate extends Model {
 					qb.where("redirection_host.is_deleted", 0);
 				},
 			},
+			streams: {
+				relation: Model.HasManyRelation,
+				modelClass: streamModel,
+				join: {
+					from: "certificate.id",
+					to: "stream.certificate_id",
+				},
+				modify: (qb) => {
+					qb.where("stream.is_deleted", 0);
+				},
+			},
 		};
 	}
 }
--- a/backend/package.json
+++ b/backend/package.json
@@ -20,9 +20,9 @@
 		"body-parser": "^1.20.3",
 		"compression": "^1.7.4",
 		"express": "^4.20.0",
-		"express-fileupload": "^1.1.9",
-		"gravatar": "^1.8.0",
-		"jsonwebtoken": "^9.0.0",
+		"express-fileupload": "^1.5.2",
+		"gravatar": "^1.8.2",
+		"jsonwebtoken": "^9.0.2",
 		"knex": "2.4.2",
 		"liquidjs": "10.6.1",
 		"lodash": "^4.17.21",
@@ -38,7 +38,7 @@
 	},
 	"devDependencies": {
 		"@apidevtools/swagger-parser": "^10.1.0",
-		"@biomejs/biome": "^2.3.0",
+		"@biomejs/biome": "^2.3.2",
 		"chalk": "4.1.2",
 		"nodemon": "^2.0.2"
 	},
--- a/backend/schema/common.json
+++ b/backend/schema/common.json
@@ -7,7 +7,8 @@
 			"description": "Unique identifier",
 			"readOnly": true,
 			"type": "integer",
-			"minimum": 1
+			"minimum": 1,
+			"example": 11
 		},
 		"expand": {
 			"anyOf": [
@@ -38,35 +39,42 @@
 		"created_on": {
 			"description": "Date and time of creation",
 			"readOnly": true,
-			"type": "string"
+			"type": "string",
+			"example": "2025-10-28T04:17:54.000Z"
 		},
 		"modified_on": {
 			"description": "Date and time of last update",
 			"readOnly": true,
-			"type": "string"
+			"type": "string",
+			"example": "2025-10-28T04:17:54.000Z"
 		},
 		"user_id": {
 			"description": "User ID",
 			"type": "integer",
-			"minimum": 1
+			"minimum": 1,
+			"example": 2
 		},
 		"certificate_id": {
 			"description": "Certificate ID",
 			"anyOf": [
 				{
 					"type": "integer",
-					"minimum": 0
+					"minimum": 0,
+					"example": 5
 				},
 				{
 					"type": "string",
-					"pattern": "^new$"
+					"pattern": "^new$",
+					"example": "new"
 				}
-			]
+			],
+			"example": 5
 		},
 		"access_list_id": {
 			"description": "Access List ID",
 			"type": "integer",
-			"minimum": 0
+			"minimum": 0,
+			"example": 3
 		},
 		"domain_names": {
 			"description": "Domain Names separated by a comma",
@@ -77,44 +85,157 @@
 			"items": {
 				"type": "string",
 				"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
-			}
+			},
+			"example": ["example.com", "www.example.com"]
 		},
 		"enabled": {
 			"description": "Is Enabled",
-			"type": "boolean"
+			"type": "boolean",
+			"example": false
 		},
 		"ssl_forced": {
 			"description": "Is SSL Forced",
-			"type": "boolean"
+			"type": "boolean",
+			"example": true
 		},
 		"hsts_enabled": {
 			"description": "Is HSTS Enabled",
-			"type": "boolean"
+			"type": "boolean",
+			"example": true
 		},
 		"hsts_subdomains": {
 			"description": "Is HSTS applicable to all subdomains",
-			"type": "boolean"
+			"type": "boolean",
+			"example": true
 		},
 		"ssl_provider": {
 			"type": "string",
-			"pattern": "^(letsencrypt|other)$"
+			"pattern": "^(letsencrypt|other)$",
+			"example": "letsencrypt"
 		},
 		"http2_support": {
 			"description": "HTTP2 Protocol Support",
-			"type": "boolean"
+			"type": "boolean",
+			"example": true
 		},
 		"block_exploits": {
 			"description": "Should we block common exploits",
-			"type": "boolean"
+			"type": "boolean",
+			"example": false
 		},
 		"caching_enabled": {
 			"description": "Should we cache assets",
-			"type": "boolean"
+			"type": "boolean",
+			"example": true
 		},
 		"email": {
 			"description": "Email address",
 			"type": "string",
-			"pattern": "^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}$"
+			"pattern": "^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}$",
+			"example": "me@example.com"
+		},
+		"directive": {
+			"type": "string",
+			"enum": ["allow", "deny"],
+			"example": "allow"
+		},
+		"address": {
+			"oneOf": [
+				{
+					"type": "string",
+					"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
+				},
+				{
+					"type": "string",
+					"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
+				},
+				{
+					"type": "string",
+					"pattern": "^all$"
+				}
+			],
+			"example": "192.168.0.11"
+		},
+		"access_items": {
+			"type": "array",
+			"items": {
+				"type": "object",
+				"additionalProperties": false,
+				"properties": {
+					"username": {
+						"type": "string",
+						"minLength": 1
+					},
+					"password": {
+						"type": "string"
+					}
+				},
+				"example": {
+					"username": "admin",
+					"password": "pass"
+				}
+			},
+			"example": [
+				{
+					"username": "admin",
+					"password": "pass"
+				}
+			]
+		},
+		"access_clients": {
+			"type": "array",
+			"items": {
+				"type": "object",
+				"additionalProperties": false,
+				"properties": {
+					"address": {
+						"$ref": "#/properties/address"
+					},
+					"directive": {
+						"$ref": "#/properties/directive"
+					}
+				},
+				"example": {
+					"directive": "allow",
+					"address": "192.168.0.0/24"
+				}
+			},
+			"example": [
+				{
+					"directive": "allow",
+					"address": "192.168.0.0/24"
+				}
+			]
+		},
+		"certificate_files": {
+			"description": "Certificate Files",
+			"content": {
+				"multipart/form-data": {
+					"schema": {
+						"type": "object",
+						"additionalProperties": false,
+						"required": ["certificate", "certificate_key"],
+						"properties": {
+							"certificate": {
+								"type": "string",
+								"example": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----"
+							},
+							"certificate_key": {
+								"type": "string",
+								"example": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----"
+							},
+							"intermediate_certificate": {
+								"type": "string",
+								"example": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----"
+							}
+						}
+					},
+					"example": {
+						"certificate": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----",
+						"certificate_key": "-----BEGIN PRIVATE\nMIID...-----END CERTIFICATE-----"
+					}
+				}
+			}
 		}
 	}
 }
--- a/backend/schema/components/access-list-object.json
+++ b/backend/schema/components/access-list-object.json
@@ -1,8 +1,7 @@
 {
 	"type": "object",
 	"description": "Access List object",
-	"required": ["id", "created_on", "modified_on", "owner_user_id", "name", "directive", "address", "satisfy_any", "pass_auth", "meta"],
-	"additionalProperties": false,
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "name", "meta", "satisfy_any", "pass_auth", "proxy_host_count"],
 	"properties": {
 		"id": {
 			"$ref": "../common.json#/properties/id"
@@ -18,36 +17,25 @@
 		},
 		"name": {
 			"type": "string",
-			"minLength": 1
-		},
-		"directive": {
-			"type": "string",
-			"enum": ["allow", "deny"]
-		},
-		"address": {
-			"oneOf": [
-				{
-					"type": "string",
-					"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
-				},
-				{
-					"type": "string",
-					"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
-				},
-				{
-					"type": "string",
-					"pattern": "^all$"
-				}
-			]
-		},
-		"satisfy_any": {
-			"type": "boolean"
-		},
-		"pass_auth": {
-			"type": "boolean"
+			"minLength": 1,
+			"example": "My Access List"
 		},
 		"meta": {
-			"type": "object"
+			"type": "object",
+			"example": {}
+		},
+		"satisfy_any": {
+			"type": "boolean",
+			"example": true
+		},
+		"pass_auth": {
+			"type": "boolean",
+			"example": false
+		},
+		"proxy_host_count": {
+			"type": "integer",
+			"minimum": 0,
+			"example": 3
 		}
 	}
 }
--- a/backend/schema/components/audit-log-object.json
+++ b/backend/schema/components/audit-log-object.json
@@ -26,16 +26,19 @@
 			"$ref": "../common.json#/properties/user_id"
 		},
 		"object_type": {
-			"type": "string"
+			"type": "string",
+			"example": "certificate"
 		},
 		"object_id": {
 			"$ref": "../common.json#/properties/id"
 		},
 		"action": {
-			"type": "string"
+			"type": "string",
+			"example": "created"
 		},
 		"meta": {
-			"type": "object"
+			"type": "object",
+			"example": {}
 		},
 		"user": {
 			"$ref": "./user-object.json"
--- a/backend/schema/components/certificate-object.json
+++ b/backend/schema/components/certificate-object.json
@@ -21,7 +21,8 @@
 		},
 		"nice_name": {
 			"type": "string",
-			"description": "Nice Name for the custom certificate"
+			"description": "Nice Name for the custom certificate",
+			"example": "My Custom Cert"
 		},
 		"domain_names": {
 			"description": "Domain Names separated by a comma",
@@ -31,12 +32,14 @@
 			"items": {
 				"type": "string",
 				"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
-			}
+			},
+			"example": ["example.com", "www.example.com"]
 		},
 		"expires_on": {
 			"description": "Date and time of expiration",
 			"readOnly": true,
-			"type": "string"
+			"type": "string",
+			"example": "2025-10-28T04:17:54.000Z"
 		},
 		"owner": {
 			"$ref": "./user-object.json"
@@ -56,10 +59,10 @@
 				"dns_challenge": {
 					"type": "boolean"
 				},
-				"dns_provider": {
+				"dns_provider_credentials": {
 					"type": "string"
 				},
-				"dns_provider_credentials": {
+				"dns_provider": {
 					"type": "string"
 				},
 				"letsencrypt_certificate": {
@@ -69,6 +72,9 @@
 					"type": "integer",
 					"minimum": 0
 				}
+			},
+			"example": {
+				"dns_challenge": false
 			}
 		}
 	}
--- a/backend/schema/components/dead-host-object.json
+++ b/backend/schema/components/dead-host-object.json
@@ -35,13 +35,30 @@
 			"$ref": "../common.json#/properties/http2_support"
 		},
 		"advanced_config": {
-			"type": "string"
+			"type": "string",
+			"example": ""
 		},
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
 		},
 		"meta": {
-			"type": "object"
+			"type": "object",
+			"example": {}
+		},
+		"certificate": {
+			"oneOf": [
+				{
+					"type": "null",
+					"example": null
+				},
+				{
+					"$ref": "./certificate-object.json"
+				}
+			],
+			"example": null
+		},
+		"owner": {
+			"$ref": "./user-object.json"
 		}
 	}
 }
--- a/backend/schema/components/error-object.json
+++ b/backend/schema/components/error-object.json
@@ -5,10 +5,12 @@
 	"required": ["code", "message"],
 	"properties": {
 		"code": {
-			"type": "integer"
+			"type": "integer",
+			"example": 400
 		},
 		"message": {
-			"type": "string"
+			"type": "string",
+			"example": "Bad Request"
 		}
 	}
 }
--- a/backend/schema/components/health-object.json
+++ b/backend/schema/components/health-object.json
@@ -27,15 +27,18 @@
 			"properties": {
 				"major": {
 					"type": "integer",
-					"minimum": 0
+					"minimum": 0,
+					"example": 2
 				},
 				"minor": {
 					"type": "integer",
-					"minimum": 0
+					"minimum": 0,
+					"example": 10
 				},
 				"revision": {
 					"type": "integer",
-					"minimum": 0
+					"minimum": 0,
+					"example": 1
 				}
 			}
 		}
--- a/backend/schema/components/permission-object.json
+++ b/backend/schema/components/permission-object.json
@@ -5,37 +5,44 @@
 		"visibility": {
 			"type": "string",
 			"description": "Visibility Type",
-			"enum": ["all", "user"]
+			"enum": ["all", "user"],
+			"example": "all"
 		},
 		"access_lists": {
 			"type": "string",
 			"description": "Access Lists Permissions",
-			"enum": ["hidden", "view", "manage"]
+			"enum": ["hidden", "view", "manage"],
+			"example": "view"
 		},
 		"dead_hosts": {
 			"type": "string",
 			"description": "404 Hosts Permissions",
-			"enum": ["hidden", "view", "manage"]
+			"enum": ["hidden", "view", "manage"],
+			"example": "manage"
 		},
 		"proxy_hosts": {
 			"type": "string",
 			"description": "Proxy Hosts Permissions",
-			"enum": ["hidden", "view", "manage"]
+			"enum": ["hidden", "view", "manage"],
+			"example": "hidden"
 		},
 		"redirection_hosts": {
 			"type": "string",
 			"description": "Redirection Permissions",
-			"enum": ["hidden", "view", "manage"]
+			"enum": ["hidden", "view", "manage"],
+			"example": "view"
 		},
 		"streams": {
 			"type": "string",
 			"description": "Streams Permissions",
-			"enum": ["hidden", "view", "manage"]
+			"enum": ["hidden", "view", "manage"],
+			"example": "manage"
 		},
 		"certificates": {
 			"type": "string",
 			"description": "Certificates Permissions",
-			"enum": ["hidden", "view", "manage"]
+			"enum": ["hidden", "view", "manage"],
+			"example": "hidden"
 		}
 	}
 }
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@@ -24,7 +24,6 @@
 		"hsts_enabled",
 		"hsts_subdomains"
 	],
-	"additionalProperties": false,
 	"properties": {
 		"id": {
 			"$ref": "../common.json#/properties/id"
@@ -44,12 +43,14 @@
 		"forward_host": {
 			"type": "string",
 			"minLength": 1,
-			"maxLength": 255
+			"maxLength": 255,
+			"example": "127.0.0.1"
 		},
 		"forward_port": {
 			"type": "integer",
 			"minimum": 1,
-			"maximum": 65535
+			"maximum": 65535,
+			"example": 8080
 		},
 		"access_list_id": {
 			"$ref": "../common.json#/properties/access_list_id"
@@ -67,22 +68,28 @@
 			"$ref": "../common.json#/properties/block_exploits"
 		},
 		"advanced_config": {
-			"type": "string"
+			"type": "string",
+			"example": ""
 		},
 		"meta": {
-			"type": "object"
+			"type": "object",
+			"example": {
+				"nginx_online": true,
+				"nginx_err": null
+			}
 		},
 		"allow_websocket_upgrade": {
 			"description": "Allow Websocket Upgrade for all paths",
-			"example": true,
-			"type": "boolean"
+			"type": "boolean",
+			"example": true
 		},
 		"http2_support": {
 			"$ref": "../common.json#/properties/http2_support"
 		},
 		"forward_scheme": {
 			"type": "string",
-			"enum": ["http", "https"]
+			"enum": ["http", "https"],
+			"example": "http"
 		},
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
@@ -118,7 +125,15 @@
 						"type": "string"
 					}
 				}
-			}
+			},
+			"example": [
+				{
+					"path": "/app",
+					"forward_scheme": "http",
+					"forward_host": "example.com",
+					"forward_port": 80
+				}
+			]
 		},
 		"hsts_enabled": {
 			"$ref": "../common.json#/properties/hsts_enabled"
@@ -129,12 +144,14 @@
 		"certificate": {
 			"oneOf": [
 				{
-					"type": "null"
+					"type": "null",
+					"example": null
 				},
 				{
 					"$ref": "./certificate-object.json"
 				}
-			]
+			],
+			"example": null
 		},
 		"owner": {
 			"$ref": "./user-object.json"
@@ -142,12 +159,14 @@
 		"access_list": {
 			"oneOf": [
 				{
-					"type": "null"
+					"type": "null",
+					"example": null
 				},
 				{
 					"$ref": "./access-list-object.json"
 				}
-			]
+			],
+			"example": null
 		}
 	}
 }
--- a/backend/schema/components/redirection-host-object.json
+++ b/backend/schema/components/redirection-host-object.json
@@ -1,7 +1,26 @@
 {
 	"type": "object",
 	"description": "Redirection Host object",
-	"required": ["id", "created_on", "modified_on", "owner_user_id", "domain_names", "forward_http_code", "forward_scheme", "forward_domain_name", "preserve_path", "certificate_id", "ssl_forced", "hsts_enabled", "hsts_subdomains", "http2_support", "block_exploits", "advanced_config", "enabled", "meta"],
+	"required": [
+		"id",
+		"created_on",
+		"modified_on",
+		"owner_user_id",
+		"domain_names",
+		"forward_http_code",
+		"forward_scheme",
+		"forward_domain_name",
+		"preserve_path",
+		"certificate_id",
+		"ssl_forced",
+		"hsts_enabled",
+		"hsts_subdomains",
+		"http2_support",
+		"block_exploits",
+		"advanced_config",
+		"enabled",
+		"meta"
+	],
 	"additionalProperties": false,
 	"properties": {
 		"id": {
@@ -21,25 +40,30 @@
 		},
 		"forward_http_code": {
 			"description": "Redirect HTTP Status Code",
-			"example": 302,
 			"type": "integer",
 			"minimum": 300,
-			"maximum": 308
+			"maximum": 308,
+			"example": 302
 		},
 		"forward_scheme": {
 			"type": "string",
-			"enum": ["auto", "http", "https"]
+			"enum": [
+				"auto",
+				"http",
+				"https"
+			],
+			"example": "http"
 		},
 		"forward_domain_name": {
 			"description": "Domain Name",
-			"example": "jc21.com",
 			"type": "string",
-			"pattern": "^(?:[^.*]+\\.?)+[^.]$"
+			"pattern": "^(?:[^.*]+\\.?)+[^.]$",
+			"example": "jc21.com"
 		},
 		"preserve_path": {
 			"description": "Should the path be preserved",
-			"example": true,
-			"type": "boolean"
+			"type": "boolean",
+			"example": true
 		},
 		"certificate_id": {
 			"$ref": "../common.json#/properties/certificate_id"
@@ -60,13 +84,33 @@
 			"$ref": "../common.json#/properties/block_exploits"
 		},
 		"advanced_config": {
-			"type": "string"
+			"type": "string",
+			"example": ""
 		},
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
 		},
 		"meta": {
-			"type": "object"
+			"type": "object",
+			"example": {
+				"nginx_online": true,
+				"nginx_err": null
+			}
+		},
+		"certificate": {
+			"oneOf": [
+				{
+					"type": "null",
+					"example": null
+				},
+				{
+					"$ref": "./certificate-object.json"
+				}
+			],
+			"example": null
+		},
+		"owner": {
+			"$ref": "./user-object.json"
 		}
 	}
 }
--- a/backend/schema/components/security-schemes.json
+++ b/backend/schema/components/security-schemes.json
@@ -1,6 +1,8 @@
 {
-	"BearerAuth": {
+	"bearerAuth": {
 		"type": "http",
-		"scheme": "bearer"
+		"scheme": "bearer",
+		"bearerFormat": "JWT",
+		"description": "JWT Bearer Token authentication"
 	}
 }
--- a/backend/schema/components/stream-object.json
+++ b/backend/schema/components/stream-object.json
@@ -1,7 +1,19 @@
 {
 	"type": "object",
 	"description": "Stream object",
-	"required": ["id", "created_on", "modified_on", "owner_user_id", "incoming_port", "forwarding_host", "forwarding_port", "tcp_forwarding", "udp_forwarding", "enabled", "meta"],
+	"required": [
+		"id",
+		"created_on",
+		"modified_on",
+		"owner_user_id",
+		"incoming_port",
+		"forwarding_host",
+		"forwarding_port",
+		"tcp_forwarding",
+		"udp_forwarding",
+		"enabled",
+		"meta"
+	],
 	"additionalProperties": false,
 	"properties": {
 		"id": {
@@ -19,15 +31,16 @@
 		"incoming_port": {
 			"type": "integer",
 			"minimum": 1,
-			"maximum": 65535
+			"maximum": 65535,
+			"example": 9090
 		},
 		"forwarding_host": {
 			"anyOf": [
 				{
 					"description": "Domain Name",
-					"example": "jc21.com",
 					"type": "string",
-					"pattern": "^(?:[^.*]+\\.?)+[^.]$"
+					"pattern": "^(?:[^.*]+\\.?)+[^.]$",
+					"example": "example.com"
 				},
 				{
 					"type": "string",
@@ -37,18 +50,22 @@
 					"type": "string",
 					"format": "ipv6"
 				}
-			]
+			],
+			"example": "example.com"
 		},
 		"forwarding_port": {
 			"type": "integer",
 			"minimum": 1,
-			"maximum": 65535
+			"maximum": 65535,
+			"example": 80
 		},
 		"tcp_forwarding": {
-			"type": "boolean"
+			"type": "boolean",
+			"example": true
 		},
 		"udp_forwarding": {
-			"type": "boolean"
+			"type": "boolean",
+			"example": false
 		},
 		"enabled": {
 			"$ref": "../common.json#/properties/enabled"
@@ -57,10 +74,8 @@
 			"$ref": "../common.json#/properties/certificate_id"
 		},
 		"meta": {
-			"type": "object"
-		},
-		"owner": {
-			"$ref": "./user-object.json"
+			"type": "object",
+			"example": {}
 		},
 		"certificate": {
 			"oneOf": [
@@ -70,7 +85,11 @@
 				{
 					"$ref": "./certificate-object.json"
 				}
-			]
+			],
+			"example": null
+		},
+		"owner": {
+			"$ref": "./user-object.json"
 		}
 	}
 }
--- a/backend/schema/components/user-object.json
+++ b/backend/schema/components/user-object.json
@@ -77,37 +77,37 @@
 				"proxy_hosts": {
 					"type": "string",
 					"description": "Proxy Hosts access level",
-					"example": "all",
+					"example": "manage",
 					"pattern": "^(manage|view|hidden)$"
 				},
 				"redirection_hosts": {
 					"type": "string",
 					"description": "Redirection Hosts access level",
-					"example": "all",
+					"example": "manage",
 					"pattern": "^(manage|view|hidden)$"
 				},
 				"dead_hosts": {
 					"type": "string",
 					"description": "Dead Hosts access level",
-					"example": "all",
+					"example": "manage",
 					"pattern": "^(manage|view|hidden)$"
 				},
 				"streams": {
 					"type": "string",
 					"description": "Streams access level",
-					"example": "all",
+					"example": "manage",
 					"pattern": "^(manage|view|hidden)$"
 				},
 				"access_lists": {
 					"type": "string",
 					"description": "Access Lists access level",
-					"example": "all",
+					"example": "hidden",
 					"pattern": "^(manage|view|hidden)$"
 				},
 				"certificates": {
 					"type": "string",
 					"description": "Certificates access level",
-					"example": "all",
+					"example": "view",
 					"pattern": "^(manage|view|hidden)$"
 				}
 			}
--- a/backend/schema/paths/audit-log/get.json
+++ b/backend/schema/paths/audit-log/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "getAuditLogs",
 	"summary": "Get Audit Logs",
-	"tags": ["Audit Log"],
+	"tags": ["audit-log"],
 	"security": [
 		{
-			"BearerAuth": ["audit-log"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"responses": {
--- a/backend/schema/paths/audit-log/id/get.json
+++ b/backend/schema/paths/audit-log/id/get.json
@@ -1,13 +1,11 @@
 {
 	"operationId": "getAuditLog",
 	"summary": "Get Audit Log Event",
-	"tags": [
-		"Audit Log"
-	],
+	"tags": ["audit-log"],
 	"security": [
 		{
-			"BearerAuth": [
-				"audit-log"
+			"bearerAuth": [
+				"admin"
 			]
 		}
 	],
@@ -15,6 +13,7 @@
 		{
 			"in": "path",
 			"name": "id",
+			"description": "Audit Log Event ID",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/get.json
+++ b/backend/schema/paths/get.json
@@ -1,7 +1,7 @@
 {
 	"operationId": "health",
 	"summary": "Returns the API health status",
-	"tags": ["Public"],
+	"tags": ["public"],
 	"responses": {
 		"200": {
 			"description": "200 response",
--- a/backend/schema/paths/nginx/access-lists/get.json
+++ b/backend/schema/paths/nginx/access-lists/get.json
@@ -1,10 +1,12 @@
 {
 	"operationId": "getAccessLists",
 	"summary": "Get all access lists",
-	"tags": ["Access Lists"],
+	"tags": ["access-lists"],
 	"security": [
 		{
-			"BearerAuth": ["access_lists"]
+			"bearerAuth": [
+				"access_lists.view"
+			]
 		}
 	],
 	"parameters": [
@@ -14,7 +16,12 @@
 			"description": "Expansions",
 			"schema": {
 				"type": "string",
-				"enum": ["owner", "items", "clients", "proxy_hosts"]
+				"enum": [
+					"owner",
+					"items",
+					"clients",
+					"proxy_hosts"
+				]
 			}
 		}
 	],
@@ -23,22 +30,16 @@
 			"description": "200 response",
 			"content": {
 				"application/json": {
-					"examples": {
-						"default": {
-							"value": [
-								{
-									"id": 1,
-									"created_on": "2024-10-08T22:15:40.000Z",
-									"modified_on": "2024-10-08T22:15:40.000Z",
-									"owner_user_id": 1,
-									"name": "test1234",
-									"meta": {},
-									"satisfy_any": true,
-									"pass_auth": false,
-									"proxy_host_count": 0
-								}
-							]
-						}
+					"example": {
+						"id": 1,
+						"created_on": "2024-10-08T22:15:40.000Z",
+						"modified_on": "2024-10-08T22:15:40.000Z",
+						"owner_user_id": 1,
+						"name": "test1234",
+						"meta": {},
+						"satisfy_any": true,
+						"pass_auth": false,
+						"proxy_host_count": 0
 					},
 					"schema": {
 						"$ref": "../../../components/access-list-object.json"
--- a/backend/schema/paths/nginx/access-lists/listID/delete.json
+++ b/backend/schema/paths/nginx/access-lists/listID/delete.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "deleteAccessList",
 	"summary": "Delete a Access List",
-	"tags": ["Access Lists"],
+	"tags": ["access-lists"],
 	"security": [
 		{
-			"BearerAuth": ["access_lists"]
+			"bearerAuth": ["access_lists.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "listID",
+			"description": "Access List ID",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/access-lists/listID/get.json
+++ b/backend/schema/paths/nginx/access-lists/listID/get.json
@@ -1,49 +1,54 @@
 {
-	"operationId": "getAccessList",
-	"summary": "Get a access List",
-	"tags": ["Access Lists"],
-	"security": [
-		{
-			"BearerAuth": ["access_lists"]
-		}
-	],
-	"parameters": [
-		{
-			"in": "path",
-			"name": "listID",
-			"schema": {
-				"type": "integer",
-				"minimum": 1
-			},
-			"required": true,
-			"example": 1
-		}
-	],
-	"responses": {
-		"200": {
-			"description": "200 response",
-			"content": {
-				"application/json": {
-					"examples": {
-						"default": {
-							"value": {
-								"id": 1,
-								"created_on": "2020-01-30T09:36:08.000Z",
-								"modified_on": "2020-01-30T09:41:04.000Z",
-								"is_disabled": false,
-								"email": "jc@jc21.com",
-								"name": "Jamie Curnow",
-								"nickname": "James",
-								"avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm",
-								"roles": ["admin"]
-							}
-						}
-					},
-					"schema": {
-						"$ref": "../../../../components/access-list-object.json"
-					}
-				}
-			}
-		}
-	}
+    "operationId": "getAccessList",
+    "summary": "Get a access List",
+    "tags": [
+        "access-lists"
+    ],
+    "security": [
+        {
+            "bearerAuth": [
+                "access_lists.view"
+            ]
+        }
+    ],
+    "parameters": [
+        {
+            "in": "path",
+            "name": "listID",
+            "description": "Access List ID",
+            "schema": {
+                "type": "integer",
+                "minimum": 1
+            },
+            "required": true,
+            "example": 1
+        }
+    ],
+    "responses": {
+        "200": {
+            "description": "200 response",
+            "content": {
+                "application/json": {
+                    "examples": {
+                        "default": {
+                            "value": {
+                                "id": 1,
+                                "created_on": "2025-10-28T04:06:55.000Z",
+                                "modified_on": "2025-10-29T22:48:20.000Z",
+                                "owner_user_id": 1,
+                                "name": "My Access List",
+                                "meta": {},
+                                "satisfy_any": false,
+                                "pass_auth": false,
+                                "proxy_host_count": 1
+                            }
+                        }
+                    },
+                    "schema": {
+                        "$ref": "../../../../components/access-list-object.json"
+                    }
+                }
+            }
+        }
+    }
 }
--- a/backend/schema/paths/nginx/access-lists/listID/put.json
+++ b/backend/schema/paths/nginx/access-lists/listID/put.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "updateAccessList",
 	"summary": "Update a Access List",
-	"tags": ["Access Lists"],
+	"tags": ["access-lists"],
 	"security": [
 		{
-			"BearerAuth": ["access_lists"]
+			"bearerAuth": ["access_lists.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "listID",
+			"description": "Access List ID",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
@@ -39,50 +40,29 @@
 							"$ref": "../../../../components/access-list-object.json#/properties/pass_auth"
 						},
 						"items": {
-							"type": "array",
-							"items": {
-								"type": "object",
-								"additionalProperties": false,
-								"properties": {
-									"username": {
-										"type": "string",
-										"minLength": 1
-									},
-									"password": {
-										"type": "string"
-									}
-								}
-							}
+							"$ref": "../../../../common.json#/properties/access_items"
 						},
 						"clients": {
-							"type": "array",
-							"items": {
-								"type": "object",
-								"additionalProperties": false,
-								"properties": {
-									"address": {
-										"oneOf": [
-											{
-												"type": "string",
-												"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
-											},
-											{
-												"type": "string",
-												"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
-											},
-											{
-												"type": "string",
-												"pattern": "^all$"
-											}
-										]
-									},
-									"directive": {
-										"$ref": "../../../../components/access-list-object.json#/properties/directive"
-									}
-								}
-							}
+							"$ref": "../../../../common.json#/properties/access_clients"
 						}
 					}
+				},
+				"example": {
+					"name": "My Access List",
+					"satisfy_any": true,
+					"pass_auth": false,
+					"items": [
+						{
+							"username": "admin2",
+							"password": "pass2"
+						}
+					],
+					"clients": [
+						{
+							"directive": "allow",
+							"address": "192.168.0.0/24"
+						}
+					]
 				}
 			}
 		}
@@ -108,7 +88,6 @@
 									"id": 1,
 									"created_on": "2024-10-07T22:43:55.000Z",
 									"modified_on": "2024-10-08T12:52:54.000Z",
-									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
--- a/backend/schema/paths/nginx/access-lists/post.json
+++ b/backend/schema/paths/nginx/access-lists/post.json
@@ -1,10 +1,12 @@
 {
 	"operationId": "createAccessList",
 	"summary": "Create a Access List",
-	"tags": ["Access Lists"],
+	"tags": ["access-lists"],
 	"security": [
 		{
-			"BearerAuth": ["access_lists"]
+			"bearerAuth": [
+				"access_lists.manage"
+			]
 		}
 	],
 	"requestBody": {
@@ -15,7 +17,9 @@
 				"schema": {
 					"type": "object",
 					"additionalProperties": false,
-					"required": ["name"],
+					"required": [
+						"name"
+					],
 					"properties": {
 						"name": {
 							"$ref": "../../../components/access-list-object.json#/properties/name"
@@ -27,54 +31,29 @@
 							"$ref": "../../../components/access-list-object.json#/properties/pass_auth"
 						},
 						"items": {
-							"type": "array",
-							"items": {
-								"type": "object",
-								"additionalProperties": false,
-								"properties": {
-									"username": {
-										"type": "string",
-										"minLength": 1
-									},
-									"password": {
-										"type": "string",
-										"minLength": 1
-									}
-								}
-							}
+							"$ref": "../../../common.json#/properties/access_items"
 						},
 						"clients": {
-							"type": "array",
-							"items": {
-								"type": "object",
-								"additionalProperties": false,
-								"properties": {
-									"address": {
-										"oneOf": [
-											{
-												"type": "string",
-												"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
-											},
-											{
-												"type": "string",
-												"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
-											},
-											{
-												"type": "string",
-												"pattern": "^all$"
-											}
-										]
-									},
-									"directive": {
-										"$ref": "../../../components/access-list-object.json#/properties/directive"
-									}
-								}
-							}
-						},
-						"meta": {
-							"$ref": "../../../components/access-list-object.json#/properties/meta"
+							"$ref": "../../../common.json#/properties/access_clients"
 						}
 					}
+				},
+				"example": {
+					"name": "My Access List",
+					"satisfy_any": true,
+					"pass_auth": false,
+					"items": [
+						{
+							"username": "admin",
+							"password": "pass"
+						}
+					],
+					"clients": [
+						{
+							"directive": "allow",
+							"address": "192.168.0.0/24"
+						}
+					]
 				}
 			}
 		}
@@ -100,13 +79,14 @@
 									"id": 1,
 									"created_on": "2024-10-07T22:43:55.000Z",
 									"modified_on": "2024-10-08T12:52:54.000Z",
-									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
 									"nickname": "some guy",
 									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
-									"roles": ["admin"]
+									"roles": [
+										"admin"
+									]
 								},
 								"items": [
 									{
--- a/backend/schema/paths/nginx/certificates/certID/delete.json
+++ b/backend/schema/paths/nginx/certificates/certID/delete.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "deleteCertificate",
 	"summary": "Delete a Certificate",
-	"tags": ["Certificates"],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": ["certificates"]
+			"bearerAuth": ["certificates.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "certID",
+			"description": "Certificate ID",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/certificates/certID/download/get.json
+++ b/backend/schema/paths/nginx/certificates/certID/download/get.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "downloadCertificate",
 	"summary": "Downloads a Certificate",
-	"tags": ["Certificates"],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": ["certificates"]
+			"bearerAuth": ["certificates.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "certID",
+			"description": "Certificate ID",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/certificates/certID/get.json
+++ b/backend/schema/paths/nginx/certificates/certID/get.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "getCertificate",
 	"summary": "Get a Certificate",
-	"tags": ["Certificates"],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": ["certificates"]
+			"bearerAuth": ["certificates.view"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "certID",
+			"description": "Certificate ID",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/certificates/certID/renew/post.json
+++ b/backend/schema/paths/nginx/certificates/certID/renew/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "renewCertificate",
 	"summary": "Renews a Certificate",
-	"tags": ["Certificates"],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": ["certificates"]
+			"bearerAuth": ["certificates.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "certID",
+			"description": "Certificate ID",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
@@ -32,7 +33,6 @@
 								"id": 4,
 								"created_on": "2024-10-09T05:31:58.000Z",
 								"owner_user_id": 1,
-								"is_deleted": false,
 								"provider": "letsencrypt",
 								"nice_name": "My Test Cert",
 								"domain_names": ["test.jc21.supernerd.pro"],
--- a/backend/schema/paths/nginx/certificates/certID/upload/post.json
+++ b/backend/schema/paths/nginx/certificates/certID/upload/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "uploadCertificate",
 	"summary": "Uploads a custom Certificate",
-	"tags": ["Certificates"],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": ["certificates"]
+			"bearerAuth": ["certificates.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "certID",
+			"description": "Certificate ID",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
@@ -20,28 +21,7 @@
 		}
 	],
 	"requestBody": {
-		"description": "Certificate Files",
-		"required": true,
-		"content": {
-			"multipart/form-data": {
-				"schema": {
-					"type": "object",
-					"additionalProperties": false,
-					"required": ["certificate", "certificate_key"],
-					"properties": {
-						"certificate": {
-							"type": "string"
-						},
-						"certificate_key": {
-							"type": "string"
-						},
-						"intermediate_certificate": {
-							"type": "string"
-						}
-					}
-				}
-			}
-		}
+		"$ref": "../../../../../common.json#/properties/certificate_files"
 	},
 	"responses": {
 		"200": {
@@ -63,15 +43,18 @@
 						"properties": {
 							"certificate": {
 								"type": "string",
-								"minLength": 1
+								"minLength": 1,
+								"example": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----"
 							},
 							"certificate_key": {
 								"type": "string",
-								"minLength": 1
+								"minLength": 1,
+								"example": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----"
 							},
 							"intermediate_certificate": {
 								"type": "string",
-								"minLength": 1
+								"minLength": 1,
+								"example": "-----BEGIN CERTIFICATE-----\nMIID...-----END CERTIFICATE-----"
 							}
 						}
 					}
--- a/backend/schema/paths/nginx/certificates/dns-providers/get.json
+++ b/backend/schema/paths/nginx/certificates/dns-providers/get.json
@@ -1,14 +1,10 @@
 {
 	"operationId": "getDNSProviders",
 	"summary": "Get DNS Providers for Certificates",
-	"tags": [
-		"Certificates"
-	],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": [
-				"certificates"
-			]
+			"bearerAuth": ["certificates.view"]
 		}
 	],
 	"responses": {
--- a/backend/schema/paths/nginx/certificates/get.json
+++ b/backend/schema/paths/nginx/certificates/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "getCertificates",
 	"summary": "Get all certificates",
-	"tags": ["Certificates"],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": ["certificates"]
+			"bearerAuth": ["certificates.view"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/paths/nginx/certificates/post.json
+++ b/backend/schema/paths/nginx/certificates/post.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "createCertificate",
 	"summary": "Create a Certificate",
-	"tags": ["Certificates"],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": ["certificates"]
+			"bearerAuth": ["certificates.manage"]
 		}
 	],
 	"requestBody": {
@@ -30,6 +30,13 @@
 							"$ref": "../../../components/certificate-object.json#/properties/meta"
 						}
 					}
+				},
+				"example": {
+					"provider": "letsencrypt",
+					"domain_names": ["test.example.com"],
+					"meta": {
+						"dns_challenge": false
+					}
 				}
 			}
 		}
@@ -47,7 +54,6 @@
 								"id": 5,
 								"created_on": "2024-10-09 05:28:35",
 								"owner_user_id": 1,
-								"is_deleted": false,
 								"provider": "letsencrypt",
 								"nice_name": "test.example.com",
 								"domain_names": ["test.example.com"],
--- a/backend/schema/paths/nginx/certificates/test-http/post.json
+++ b/backend/schema/paths/nginx/certificates/test-http/post.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "testHttpReach",
 	"summary": "Test HTTP Reachability",
-	"tags": ["Certificates"],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": ["certificates"]
+			"bearerAuth": ["certificates.view"]
 		}
 	],
 	"requestBody": {
--- a/backend/schema/paths/nginx/certificates/validate/post.json
+++ b/backend/schema/paths/nginx/certificates/validate/post.json
@@ -1,35 +1,14 @@
 {
 	"operationId": "validateCertificates",
 	"summary": "Validates given Custom Certificates",
-	"tags": ["Certificates"],
+	"tags": ["certificates"],
 	"security": [
 		{
-			"BearerAuth": ["certificates"]
+			"bearerAuth": ["certificates.manage"]
 		}
 	],
 	"requestBody": {
-		"description": "Certificate Files",
-		"required": true,
-		"content": {
-			"multipart/form-data": {
-				"schema": {
-					"type": "object",
-					"additionalProperties": false,
-					"required": ["certificate", "certificate_key"],
-					"properties": {
-						"certificate": {
-							"type": "string"
-						},
-						"certificate_key": {
-							"type": "string"
-						},
-						"intermediate_certificate": {
-							"type": "string"
-						}
-					}
-				}
-			}
-		}
+		"$ref": "../../../../common.json#/properties/certificate_files"
 	},
 	"responses": {
 		"200": {
@@ -62,10 +41,12 @@
 								"required": ["cn", "issuer", "dates"],
 								"properties": {
 									"cn": {
-										"type": "string"
+										"type": "string",
+										"example": "example.com"
 									},
 									"issuer": {
-										"type": "string"
+										"type": "string",
+										"example": "C = US, O = Let's Encrypt, CN = E5"
 									},
 									"dates": {
 										"type": "object",
@@ -78,12 +59,17 @@
 											"to": {
 												"type": "integer"
 											}
+										},
+										"example": {
+											"from": 1728448218,
+											"to": 1736224217
 										}
 									}
 								}
 							},
 							"certificate_key": {
-								"type": "boolean"
+								"type": "boolean",
+								"example": true
 							}
 						}
 					}
--- a/backend/schema/paths/nginx/dead-hosts/get.json
+++ b/backend/schema/paths/nginx/dead-hosts/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "getDeadHosts",
 	"summary": "Get all 404 hosts",
-	"tags": ["404 Hosts"],
+	"tags": ["404-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["dead_hosts"]
+			"bearerAuth": ["dead_hosts.view"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/paths/nginx/dead-hosts/hostID/delete.json
+++ b/backend/schema/paths/nginx/dead-hosts/hostID/delete.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "deleteDeadHost",
 	"summary": "Delete a 404 Host",
-	"tags": ["404 Hosts"],
+	"tags": ["404-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["dead_hosts"]
+			"bearerAuth": ["dead_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the 404 Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/dead-hosts/hostID/disable/post.json
+++ b/backend/schema/paths/nginx/dead-hosts/hostID/disable/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "disableDeadHost",
 	"summary": "Disable a 404 Host",
-	"tags": ["404 Hosts"],
+	"tags": ["404-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["dead_hosts"]
+			"bearerAuth": ["dead_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the 404 Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/dead-hosts/hostID/enable/post.json
+++ b/backend/schema/paths/nginx/dead-hosts/hostID/enable/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "enableDeadHost",
 	"summary": "Enable a 404 Host",
-	"tags": ["404 Hosts"],
+	"tags": ["404-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["dead_hosts"]
+			"bearerAuth": ["dead_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the 404 Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/dead-hosts/hostID/get.json
+++ b/backend/schema/paths/nginx/dead-hosts/hostID/get.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "getDeadHost",
 	"summary": "Get a 404 Host",
-	"tags": ["404 Hosts"],
+	"tags": ["404-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["dead_hosts"]
+			"bearerAuth": ["dead_hosts.view"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the 404 Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/dead-hosts/hostID/put.json
+++ b/backend/schema/paths/nginx/dead-hosts/hostID/put.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "updateDeadHost",
 	"summary": "Update a 404 Host",
-	"tags": ["404 Hosts"],
+	"tags": ["404-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["dead_hosts"]
+			"bearerAuth": ["dead_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the 404 Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
@@ -86,7 +87,6 @@
 									"id": 1,
 									"created_on": "2024-10-09T00:59:56.000Z",
 									"modified_on": "2024-10-09T00:59:56.000Z",
-									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
--- a/backend/schema/paths/nginx/dead-hosts/post.json
+++ b/backend/schema/paths/nginx/dead-hosts/post.json
@@ -1,10 +1,12 @@
 {
 	"operationId": "create404Host",
 	"summary": "Create a 404 Host",
-	"tags": ["404 Hosts"],
+	"tags": ["404-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["dead_hosts"]
+			"bearerAuth": [
+				"dead_hosts.manage"
+			]
 		}
 	],
 	"requestBody": {
@@ -15,7 +17,9 @@
 				"schema": {
 					"type": "object",
 					"additionalProperties": false,
-					"required": ["domain_names"],
+					"required": [
+						"domain_names"
+					],
 					"properties": {
 						"domain_names": {
 							"$ref": "../../../components/dead-host-object.json#/properties/domain_names"
@@ -42,6 +46,18 @@
 							"$ref": "../../../components/dead-host-object.json#/properties/meta"
 						}
 					}
+				},
+				"example": {
+					"domain_names": [
+						"test.example.com"
+					],
+					"certificate_id": 0,
+					"ssl_forced": false,
+					"advanced_config": "",
+					"http2_support": false,
+					"hsts_enabled": false,
+					"hsts_subdomains": false,
+					"meta": {}
 				}
 			}
 		}
@@ -58,7 +74,9 @@
 								"created_on": "2024-10-09T01:38:52.000Z",
 								"modified_on": "2024-10-09T01:38:52.000Z",
 								"owner_user_id": 1,
-								"domain_names": ["test.example.com"],
+								"domain_names": [
+									"test.example.com"
+								],
 								"certificate_id": 0,
 								"ssl_forced": false,
 								"advanced_config": "",
@@ -72,13 +90,14 @@
 									"id": 1,
 									"created_on": "2024-10-09T00:59:56.000Z",
 									"modified_on": "2024-10-09T00:59:56.000Z",
-									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
 									"nickname": "Admin",
 									"avatar": "",
-									"roles": ["admin"]
+									"roles": [
+										"admin"
+									]
 								}
 							}
 						}
--- a/backend/schema/paths/nginx/proxy-hosts/get.json
+++ b/backend/schema/paths/nginx/proxy-hosts/get.json
@@ -1,10 +1,12 @@
 {
 	"operationId": "getProxyHosts",
 	"summary": "Get all proxy hosts",
-	"tags": ["Proxy Hosts"],
+	"tags": ["proxy-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["proxy_hosts"]
+			"bearerAuth": [
+				"proxy_hosts.view"
+			]
 		}
 	],
 	"parameters": [
@@ -14,7 +16,11 @@
 			"description": "Expansions",
 			"schema": {
 				"type": "string",
-				"enum": ["access_list", "owner", "certificate"]
+				"enum": [
+					"access_list",
+					"owner",
+					"certificate"
+				]
 			}
 		}
 	],
@@ -28,14 +34,16 @@
 							"value": [
 								{
 									"id": 1,
-									"created_on": "2024-10-08T23:23:03.000Z",
-									"modified_on": "2024-10-08T23:23:04.000Z",
+									"created_on": "2025-10-28T01:10:26.000Z",
+									"modified_on": "2025-10-28T04:07:16.000Z",
 									"owner_user_id": 1,
-									"domain_names": ["test.example.com"],
+									"domain_names": [
+										"test.jc21com"
+									],
 									"forward_host": "127.0.0.1",
-									"forward_port": 8989,
-									"access_list_id": 0,
-									"certificate_id": 0,
+									"forward_port": 8081,
+									"access_list_id": 1,
+									"certificate_id": 1,
 									"ssl_forced": false,
 									"caching_enabled": false,
 									"block_exploits": false,
@@ -48,7 +56,7 @@
 									"http2_support": false,
 									"forward_scheme": "http",
 									"enabled": true,
-									"locations": null,
+									"locations": [],
 									"hsts_enabled": false,
 									"hsts_subdomains": false
 								}
--- a/backend/schema/paths/nginx/proxy-hosts/hostID/delete.json
+++ b/backend/schema/paths/nginx/proxy-hosts/hostID/delete.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "deleteProxyHost",
 	"summary": "Delete a Proxy Host",
-	"tags": ["Proxy Hosts"],
+	"tags": ["proxy-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["proxy_hosts"]
+			"bearerAuth": ["proxy_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Proxy Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/proxy-hosts/hostID/disable/post.json
+++ b/backend/schema/paths/nginx/proxy-hosts/hostID/disable/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "disableProxyHost",
 	"summary": "Disable a Proxy Host",
-	"tags": ["Proxy Hosts"],
+	"tags": ["proxy-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["proxy_hosts"]
+			"bearerAuth": ["proxy_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Proxy Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/proxy-hosts/hostID/enable/post.json
+++ b/backend/schema/paths/nginx/proxy-hosts/hostID/enable/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "enableProxyHost",
 	"summary": "Enable a Proxy Host",
-	"tags": ["Proxy Hosts"],
+	"tags": ["proxy-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["proxy_hosts"]
+			"bearerAuth": ["proxy_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Proxy Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/proxy-hosts/hostID/get.json
+++ b/backend/schema/paths/nginx/proxy-hosts/hostID/get.json
@@ -1,16 +1,19 @@
 {
 	"operationId": "getProxyHost",
 	"summary": "Get a Proxy Host",
-	"tags": ["Proxy Hosts"],
+	"tags": ["proxy-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["proxy_hosts"]
+			"bearerAuth": [
+				"proxy_hosts.view"
+			]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Proxy Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
@@ -27,13 +30,15 @@
 					"examples": {
 						"default": {
 							"value": {
-								"id": 1,
-								"created_on": "2024-10-08T23:23:03.000Z",
-								"modified_on": "2024-10-08T23:26:38.000Z",
+								"id": 3,
+								"created_on": "2025-10-30T01:12:05.000Z",
+								"modified_on": "2025-10-30T01:12:05.000Z",
 								"owner_user_id": 1,
-								"domain_names": ["test.example.com"],
-								"forward_host": "192.168.0.10",
-								"forward_port": 8989,
+								"domain_names": [
+									"test.example.com"
+								],
+								"forward_host": "127.0.0.1",
+								"forward_port": 8080,
 								"access_list_id": 0,
 								"certificate_id": 0,
 								"ssl_forced": false,
@@ -48,9 +53,22 @@
 								"http2_support": false,
 								"forward_scheme": "http",
 								"enabled": true,
-								"locations": null,
+								"locations": [],
 								"hsts_enabled": false,
-								"hsts_subdomains": false
+								"hsts_subdomains": false,
+								"owner": {
+									"id": 1,
+									"created_on": "2025-10-28T00:50:24.000Z",
+									"modified_on": "2025-10-28T00:50:24.000Z",
+									"is_disabled": false,
+									"email": "jc@jc21.com",
+									"name": "jamiec",
+									"nickname": "jamiec",
+									"avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm",
+									"roles": [
+										"admin"
+									]
+								}
 							}
 						}
 					},
--- a/backend/schema/paths/nginx/proxy-hosts/hostID/put.json
+++ b/backend/schema/paths/nginx/proxy-hosts/hostID/put.json
@@ -1,16 +1,19 @@
 {
 	"operationId": "updateProxyHost",
 	"summary": "Update a Proxy Host",
-	"tags": ["Proxy Hosts"],
+	"tags": ["proxy-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["proxy_hosts"]
+			"bearerAuth": [
+				"proxy_hosts.manage"
+			]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Proxy Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
@@ -93,13 +96,15 @@
 					"examples": {
 						"default": {
 							"value": {
-								"id": 1,
-								"created_on": "2024-10-08T23:23:03.000Z",
-								"modified_on": "2024-10-08T23:26:37.000Z",
+								"id": 3,
+								"created_on": "2025-10-30T01:12:05.000Z",
+								"modified_on": "2025-10-30T01:17:06.000Z",
 								"owner_user_id": 1,
-								"domain_names": ["test.example.com"],
-								"forward_host": "192.168.0.10",
-								"forward_port": 8989,
+								"domain_names": [
+									"test.example.com"
+								],
+								"forward_host": "127.0.0.1",
+								"forward_port": 8080,
 								"access_list_id": 0,
 								"certificate_id": 0,
 								"ssl_forced": false,
@@ -114,19 +119,21 @@
 								"http2_support": false,
 								"forward_scheme": "http",
 								"enabled": true,
+								"locations": [],
 								"hsts_enabled": false,
 								"hsts_subdomains": false,
 								"owner": {
 									"id": 1,
-									"created_on": "2024-10-07T22:43:55.000Z",
-									"modified_on": "2024-10-08T12:52:54.000Z",
-									"is_deleted": false,
+									"created_on": "2025-10-28T00:50:24.000Z",
+									"modified_on": "2025-10-28T00:50:24.000Z",
 									"is_disabled": false,
-									"email": "admin@example.com",
-									"name": "Administrator",
-									"nickname": "some guy",
-									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
-									"roles": ["admin"]
+									"email": "jc@jc21.com",
+									"name": "jamiec",
+									"nickname": "jamiec",
+									"avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm",
+									"roles": [
+										"admin"
+									]
 								},
 								"certificate": null,
 								"access_list": null
--- a/backend/schema/paths/nginx/proxy-hosts/post.json
+++ b/backend/schema/paths/nginx/proxy-hosts/post.json
@@ -1,10 +1,12 @@
 {
 	"operationId": "createProxyHost",
 	"summary": "Create a Proxy Host",
-	"tags": ["Proxy Hosts"],
+	"tags": ["proxy-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["proxy_hosts"]
+			"bearerAuth": [
+				"proxy_hosts.manage"
+			]
 		}
 	],
 	"requestBody": {
@@ -15,7 +17,12 @@
 				"schema": {
 					"type": "object",
 					"additionalProperties": false,
-					"required": ["domain_names", "forward_scheme", "forward_host", "forward_port"],
+					"required": [
+						"domain_names",
+						"forward_scheme",
+						"forward_host",
+						"forward_port"
+					],
 					"properties": {
 						"domain_names": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/domain_names"
@@ -69,6 +76,14 @@
 							"$ref": "../../../components/proxy-host-object.json#/properties/locations"
 						}
 					}
+				},
+				"example": {
+					"domain_names": [
+						"test.example.com"
+					],
+					"forward_scheme": "http",
+					"forward_host": "127.0.0.1",
+					"forward_port": 8080
 				}
 			}
 		}
@@ -81,13 +96,15 @@
 					"examples": {
 						"default": {
 							"value": {
-								"id": 1,
-								"created_on": "2024-10-08T23:23:03.000Z",
-								"modified_on": "2024-10-08T23:23:03.000Z",
+								"id": 3,
+								"created_on": "2025-10-30T01:12:05.000Z",
+								"modified_on": "2025-10-30T01:12:05.000Z",
 								"owner_user_id": 1,
-								"domain_names": ["test.example.com"],
+								"domain_names": [
+									"test.example.com"
+								],
 								"forward_host": "127.0.0.1",
-								"forward_port": 8989,
+								"forward_port": 8080,
 								"access_list_id": 0,
 								"certificate_id": 0,
 								"ssl_forced": false,
@@ -99,20 +116,22 @@
 								"http2_support": false,
 								"forward_scheme": "http",
 								"enabled": true,
+								"locations": [],
 								"hsts_enabled": false,
 								"hsts_subdomains": false,
 								"certificate": null,
 								"owner": {
 									"id": 1,
-									"created_on": "2024-10-07T22:43:55.000Z",
-									"modified_on": "2024-10-08T12:52:54.000Z",
-									"is_deleted": false,
+									"created_on": "2025-10-28T00:50:24.000Z",
+									"modified_on": "2025-10-28T00:50:24.000Z",
 									"is_disabled": false,
-									"email": "admin@example.com",
-									"name": "Administrator",
-									"nickname": "some guy",
-									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
-									"roles": ["admin"]
+									"email": "jc@jc21.com",
+									"name": "jamiec",
+									"nickname": "jamiec",
+									"avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm",
+									"roles": [
+										"admin"
+									]
 								},
 								"access_list": null
 							}
--- a/backend/schema/paths/nginx/redirection-hosts/get.json
+++ b/backend/schema/paths/nginx/redirection-hosts/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "getRedirectionHosts",
 	"summary": "Get all Redirection hosts",
-	"tags": ["Redirection Hosts"],
+	"tags": ["redirection-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["redirection_hosts"]
+			"bearerAuth": ["redirection_hosts.view"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/paths/nginx/redirection-hosts/hostID/delete.json
+++ b/backend/schema/paths/nginx/redirection-hosts/hostID/delete.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "deleteRedirectionHost",
 	"summary": "Delete a Redirection Host",
-	"tags": ["Redirection Hosts"],
+	"tags": ["redirection-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["redirection_hosts"]
+			"bearerAuth": ["redirection_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Redirection Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/redirection-hosts/hostID/disable/post.json
+++ b/backend/schema/paths/nginx/redirection-hosts/hostID/disable/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "disableRedirectionHost",
 	"summary": "Disable a Redirection Host",
-	"tags": ["Redirection Hosts"],
+	"tags": ["redirection-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["redirection_hosts"]
+			"bearerAuth": ["redirection_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Redirection Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/redirection-hosts/hostID/enable/post.json
+++ b/backend/schema/paths/nginx/redirection-hosts/hostID/enable/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "enableRedirectionHost",
 	"summary": "Enable a Redirection Host",
-	"tags": ["Redirection Hosts"],
+	"tags": ["redirection-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["redirection_hosts"]
+			"bearerAuth": ["redirection_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Redirection Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/redirection-hosts/hostID/get.json
+++ b/backend/schema/paths/nginx/redirection-hosts/hostID/get.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "getRedirectionHost",
 	"summary": "Get a Redirection Host",
-	"tags": ["Redirection Hosts"],
+	"tags": ["redirection-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["redirection_hosts"]
+			"bearerAuth": ["redirection_hosts.view"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Redirection Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/redirection-hosts/hostID/put.json
+++ b/backend/schema/paths/nginx/redirection-hosts/hostID/put.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "updateRedirectionHost",
 	"summary": "Update a Redirection Host",
-	"tags": ["Redirection Hosts"],
+	"tags": ["redirection-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["redirection_hosts"]
+			"bearerAuth": ["redirection_hosts.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "hostID",
+			"description": "The ID of the Redirection Host",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
@@ -106,7 +107,6 @@
 									"id": 1,
 									"created_on": "2024-10-09T00:59:56.000Z",
 									"modified_on": "2024-10-09T00:59:56.000Z",
-									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
--- a/backend/schema/paths/nginx/redirection-hosts/post.json
+++ b/backend/schema/paths/nginx/redirection-hosts/post.json
@@ -1,10 +1,12 @@
 {
 	"operationId": "createRedirectionHost",
 	"summary": "Create a Redirection Host",
-	"tags": ["Redirection Hosts"],
+	"tags": ["redirection-hosts"],
 	"security": [
 		{
-			"BearerAuth": ["redirection_hosts"]
+			"bearerAuth": [
+				"redirection_hosts.manage"
+			]
 		}
 	],
 	"requestBody": {
@@ -15,7 +17,12 @@
 				"schema": {
 					"type": "object",
 					"additionalProperties": false,
-					"required": ["domain_names", "forward_scheme", "forward_http_code", "forward_domain_name"],
+					"required": [
+						"domain_names",
+						"forward_scheme",
+						"forward_http_code",
+						"forward_domain_name"
+					],
 					"properties": {
 						"domain_names": {
 							"$ref": "../../../components/redirection-host-object.json#/properties/domain_names"
@@ -57,6 +64,23 @@
 							"$ref": "../../../components/redirection-host-object.json#/properties/meta"
 						}
 					}
+				},
+				"example": {
+					"domain_names": [
+						"test.example.com"
+					],
+					"forward_domain_name": "example.com",
+					"forward_scheme": "auto",
+					"forward_http_code": 301,
+					"preserve_path": false,
+					"block_exploits": false,
+					"certificate_id": 0,
+					"ssl_forced": false,
+					"http2_support": false,
+					"hsts_enabled": false,
+					"hsts_subdomains": false,
+					"advanced_config": "",
+					"meta": {}
 				}
 			}
 		}
@@ -69,12 +93,14 @@
 					"examples": {
 						"default": {
 							"value": {
-								"id": 1,
-								"created_on": "2024-10-09T01:13:12.000Z",
-								"modified_on": "2024-10-09T01:13:12.000Z",
+								"id": 2,
+								"created_on": "2025-10-30T01:27:04.000Z",
+								"modified_on": "2025-10-30T01:27:04.000Z",
 								"owner_user_id": 1,
-								"domain_names": ["test.example.com"],
-								"forward_domain_name": "something-else.com",
+								"domain_names": [
+									"test.example.com"
+								],
+								"forward_domain_name": "example.com",
 								"preserve_path": false,
 								"certificate_id": 0,
 								"ssl_forced": false,
@@ -85,20 +111,21 @@
 								"enabled": true,
 								"hsts_enabled": false,
 								"hsts_subdomains": false,
-								"forward_scheme": "http",
+								"forward_scheme": "auto",
 								"forward_http_code": 301,
 								"certificate": null,
 								"owner": {
 									"id": 1,
-									"created_on": "2024-10-09T00:59:56.000Z",
-									"modified_on": "2024-10-09T00:59:56.000Z",
-									"is_deleted": false,
+									"created_on": "2025-10-28T00:50:24.000Z",
+									"modified_on": "2025-10-28T00:50:24.000Z",
 									"is_disabled": false,
-									"email": "admin@example.com",
-									"name": "Administrator",
-									"nickname": "Admin",
-									"avatar": "",
-									"roles": ["admin"]
+									"email": "jc@jc21.com",
+									"name": "jamiec",
+									"nickname": "jamiec",
+									"avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm",
+									"roles": [
+										"admin"
+									]
 								}
 							}
 						}
--- a/backend/schema/paths/nginx/streams/get.json
+++ b/backend/schema/paths/nginx/streams/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "getStreams",
 	"summary": "Get all streams",
-	"tags": ["Streams"],
+	"tags": ["streams"],
 	"security": [
 		{
-			"BearerAuth": ["streams"]
+			"bearerAuth": ["streams.view"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/paths/nginx/streams/post.json
+++ b/backend/schema/paths/nginx/streams/post.json
@@ -1,10 +1,12 @@
 {
 	"operationId": "createStream",
 	"summary": "Create a Stream",
-	"tags": ["Streams"],
+	"tags": ["streams"],
 	"security": [
 		{
-			"BearerAuth": ["streams"]
+			"bearerAuth": [
+				"streams.manage"
+			]
 		}
 	],
 	"requestBody": {
@@ -15,7 +17,11 @@
 				"schema": {
 					"type": "object",
 					"additionalProperties": false,
-					"required": ["incoming_port", "forwarding_host", "forwarding_port"],
+					"required": [
+						"incoming_port",
+						"forwarding_host",
+						"forwarding_port"
+					],
 					"properties": {
 						"incoming_port": {
 							"$ref": "../../../components/stream-object.json#/properties/incoming_port"
@@ -42,6 +48,15 @@
 							"$ref": "../../../components/dead-host-object.json#/properties/domain_names"
 						}
 					}
+				},
+				"example": {
+					"incoming_port": 8888,
+					"forwarding_host": "127.0.0.1",
+					"forwarding_port": 8080,
+					"tcp_forwarding": true,
+					"udp_forwarding": false,
+					"certificate_id": 0,
+					"meta": {}
 				}
 			}
 		}
@@ -72,13 +87,14 @@
 									"id": 1,
 									"created_on": "2024-10-09T02:33:16.000Z",
 									"modified_on": "2024-10-09T02:33:16.000Z",
-									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
 									"nickname": "Admin",
 									"avatar": "",
-									"roles": ["admin"]
+									"roles": [
+										"admin"
+									]
 								},
 								"certificate_id": 0
 							}
--- a/backend/schema/paths/nginx/streams/streamID/delete.json
+++ b/backend/schema/paths/nginx/streams/streamID/delete.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "deleteStream",
 	"summary": "Delete a Stream",
-	"tags": ["Streams"],
+	"tags": ["streams"],
 	"security": [
 		{
-			"BearerAuth": ["streams"]
+			"bearerAuth": ["streams.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "streamID",
+			"description": "The ID of the Stream",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/streams/streamID/disable/post.json
+++ b/backend/schema/paths/nginx/streams/streamID/disable/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "disableStream",
 	"summary": "Disable a Stream",
-	"tags": ["Streams"],
+	"tags": ["streams"],
 	"security": [
 		{
-			"BearerAuth": ["streams"]
+			"bearerAuth": ["streams.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "streamID",
+			"description": "The ID of the Stream",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/streams/streamID/enable/post.json
+++ b/backend/schema/paths/nginx/streams/streamID/enable/post.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "enableStream",
 	"summary": "Enable a Stream",
-	"tags": ["Streams"],
+	"tags": ["streams"],
 	"security": [
 		{
-			"BearerAuth": ["streams"]
+			"bearerAuth": ["streams.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "streamID",
+			"description": "The ID of the Stream",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/streams/streamID/get.json
+++ b/backend/schema/paths/nginx/streams/streamID/get.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "getStream",
 	"summary": "Get a Stream",
-	"tags": ["Streams"],
+	"tags": ["streams"],
 	"security": [
 		{
-			"BearerAuth": ["streams"]
+			"bearerAuth": ["streams.view"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "streamID",
+			"description": "The ID of the Stream",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
--- a/backend/schema/paths/nginx/streams/streamID/put.json
+++ b/backend/schema/paths/nginx/streams/streamID/put.json
@@ -1,16 +1,17 @@
 {
 	"operationId": "updateStream",
 	"summary": "Update a Stream",
-	"tags": ["Streams"],
+	"tags": ["streams"],
 	"security": [
 		{
-			"BearerAuth": ["streams"]
+			"bearerAuth": ["streams.manage"]
 		}
 	],
 	"parameters": [
 		{
 			"in": "path",
 			"name": "streamID",
+			"description": "The ID of the Stream",
 			"schema": {
 				"type": "integer",
 				"minimum": 1
@@ -81,7 +82,6 @@
 									"id": 1,
 									"created_on": "2024-10-09T02:33:16.000Z",
 									"modified_on": "2024-10-09T02:33:16.000Z",
-									"is_deleted": false,
 									"is_disabled": false,
 									"email": "admin@example.com",
 									"name": "Administrator",
--- a/backend/schema/paths/reports/hosts/get.json
+++ b/backend/schema/paths/reports/hosts/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "reportsHosts",
 	"summary": "Report on Host Statistics",
-	"tags": ["Reports"],
+	"tags": ["reports"],
 	"security": [
 		{
-			"BearerAuth": ["reports"]
+			"bearerAuth": []
 		}
 	],
 	"responses": {
@@ -27,19 +27,23 @@
 						"properties": {
 							"proxy": {
 								"type": "integer",
-								"description": "Proxy Hosts Count"
+								"description": "Proxy Hosts Count",
+								"example": 20
 							},
 							"redirection": {
 								"type": "integer",
-								"description": "Redirection Hosts Count"
+								"description": "Redirection Hosts Count",
+								"example": 2
 							},
 							"stream": {
 								"type": "integer",
-								"description": "Streams Count"
+								"description": "Streams Count",
+								"example": 0
 							},
 							"dead": {
 								"type": "integer",
-								"description": "404 Hosts Count"
+								"description": "404 Hosts Count",
+								"example": 3
 							}
 						}
 					}
--- a/backend/schema/paths/schema/get.json
+++ b/backend/schema/paths/schema/get.json
@@ -1,7 +1,7 @@
 {
 	"operationId": "schema",
 	"summary": "Returns this swagger API schema",
-	"tags": ["Public"],
+	"tags": ["public"],
 	"responses": {
 		"200": {
 			"description": "200 response"
--- a/backend/schema/paths/settings/get.json
+++ b/backend/schema/paths/settings/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "getSettings",
 	"summary": "Get all settings",
-	"tags": ["Settings"],
+	"tags": ["settings"],
 	"security": [
 		{
-			"BearerAuth": ["settings"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"responses": {
--- a/backend/schema/paths/settings/settingID/get.json
+++ b/backend/schema/paths/settings/settingID/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "getSetting",
 	"summary": "Get a setting",
-	"tags": ["Settings"],
+	"tags": ["settings"],
 	"security": [
 		{
-			"BearerAuth": ["settings"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/paths/settings/settingID/put.json
+++ b/backend/schema/paths/settings/settingID/put.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "updateSetting",
 	"summary": "Update a setting",
-	"tags": ["Settings"],
+	"tags": ["settings"],
 	"security": [
 		{
-			"BearerAuth": ["settings"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"parameters": [
@@ -34,7 +34,8 @@
 						"value": {
 							"type": "string",
 							"minLength": 1,
-							"enum": ["congratulations", "404", "444", "redirect", "html"]
+							"enum": ["congratulations", "404", "444", "redirect", "html"],
+							"example": "html"
 						},
 						"meta": {
 							"type": "object",
@@ -46,9 +47,16 @@
 								"html": {
 									"type": "string"
 								}
+							},
+							"example": {
+								"html": "<p>hello world</p>"
 							}
 						}
 					}
+				},
+				"example": {
+					"value": "congratulations",
+					"meta": {}
 				}
 			}
 		}
--- a/backend/schema/paths/tokens/get.json
+++ b/backend/schema/paths/tokens/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "refreshToken",
 	"summary": "Refresh your access token",
-	"tags": ["Tokens"],
+	"tags": ["tokens"],
 	"security": [
 		{
-			"BearerAuth": ["tokens"]
+			"bearerAuth": []
 		}
 	],
 	"responses": {
--- a/backend/schema/paths/tokens/post.json
+++ b/backend/schema/paths/tokens/post.json
@@ -1,7 +1,7 @@
 {
 	"operationId": "requestToken",
 	"summary": "Request a new access token from credentials",
-	"tags": ["Tokens"],
+	"tags": ["tokens"],
 	"requestBody": {
 		"description": "Credentials Payload",
 		"required": true,
@@ -12,20 +12,27 @@
 					"properties": {
 						"identity": {
 							"minLength": 1,
-							"type": "string"
+							"type": "string",
+							"example": "me@example.com"
 						},
 						"scope": {
 							"minLength": 1,
 							"type": "string",
-							"enum": ["user"]
+							"enum": ["user"],
+							"example": "user"
 						},
 						"secret": {
 							"minLength": 1,
-							"type": "string"
+							"type": "string",
+							"example": "bigredhorsebanana"
 						}
 					},
 					"required": ["identity", "secret"],
 					"type": "object"
+				},
+				"example": {
+					"identity": "me@example.com",
+					"secret": "bigredhorsebanana"
 				}
 			}
 		}
@@ -37,10 +44,8 @@
 					"examples": {
 						"default": {
 							"value": {
-								"result": {
-									"expires": "2025-02-04T20:40:46.340Z",
-									"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
-								}
+								"expires": "2025-02-04T20:40:46.340Z",
+								"token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
 							}
 						}
 					},
--- a/backend/schema/paths/users/get.json
+++ b/backend/schema/paths/users/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "getUsers",
 	"summary": "Get all users",
-	"tags": ["Users"],
+	"tags": ["users"],
 	"security": [
 		{
-			"BearerAuth": ["users"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/paths/users/post.json
+++ b/backend/schema/paths/users/post.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "createUser",
 	"summary": "Create a User",
-	"tags": ["Users"],
+	"tags": ["users"],
 	"security": [
 		{
-			"BearerAuth": ["users"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"requestBody": {
--- a/backend/schema/paths/users/userID/auth/put.json
+++ b/backend/schema/paths/users/userID/auth/put.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "updateUserAuth",
 	"summary": "Update a User's Authentication",
-	"tags": ["Users"],
+	"tags": ["users"],
 	"security": [
 		{
-			"BearerAuth": ["users"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/paths/users/userID/delete.json
+++ b/backend/schema/paths/users/userID/delete.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "deleteUser",
 	"summary": "Delete a User",
-	"tags": ["Users"],
+	"tags": ["users"],
 	"security": [
 		{
-			"BearerAuth": ["users"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/paths/users/userID/get.json
+++ b/backend/schema/paths/users/userID/get.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "getUser",
 	"summary": "Get a user",
-	"tags": ["Users"],
+	"tags": ["users"],
 	"security": [
 		{
-			"BearerAuth": ["users"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/paths/users/userID/login/post.json
+++ b/backend/schema/paths/users/userID/login/post.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "loginAsUser",
 	"summary": "Login as this user",
-	"tags": ["Users"],
+	"tags": ["users"],
 	"security": [
 		{
-			"BearerAuth": ["users"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"parameters": [
@@ -35,11 +35,11 @@
 									"created_on": "2020-01-30T10:43:44.000Z",
 									"modified_on": "2020-01-30T10:43:44.000Z",
 									"is_disabled": false,
-									"email": "jc@jc21.com",
-									"name": "Jamie Curnow",
-									"nickname": "James",
+									"email": "user2@example.com",
+									"name": "John Doe",
+									"nickname": "Jonny",
 									"avatar": "//www.gravatar.com/avatar/3c8d73f45fd8763f827b964c76e6032a?default=mm",
-									"roles": ["admin"]
+									"roles": []
 								}
 							}
 						}
@@ -50,16 +50,15 @@
 						"required": ["expires", "token", "user"],
 						"additionalProperties": false,
 						"properties": {
-							"expires": {
-								"description": "Token Expiry Unix Time",
-								"example": 1566540249,
-								"minimum": 1,
-								"type": "number"
-							},
 							"token": {
 								"description": "JWT Token",
-								"example": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4",
-								"type": "string"
+								"type": "string",
+								"example": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4"
+							},
+							"expires": {
+								"description": "Token Expiry Timestamp",
+								"type": "string",
+								"example": "2020-01-30T10:43:44.000Z"
 							},
 							"user": {
 								"$ref": "../../../../components/user-object.json"
--- a/backend/schema/paths/users/userID/permissions/put.json
+++ b/backend/schema/paths/users/userID/permissions/put.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "updateUserPermissions",
 	"summary": "Update a User's Permissions",
-	"tags": ["Users"],
+	"tags": ["users"],
 	"security": [
 		{
-			"BearerAuth": ["users"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"parameters": [
@@ -27,6 +27,15 @@
 			"application/json": {
 				"schema": {
 					"$ref": "../../../../components/permission-object.json"
+				},
+				"example": {
+					"visibility": "all",
+					"access_lists": "view",
+					"certificates": "hidden",
+					"dead_hosts": "hidden",
+					"proxy_hosts": "manage",
+					"redirection_hosts": "hidden",
+					"streams": "hidden"
 				}
 			}
 		}
--- a/backend/schema/paths/users/userID/put.json
+++ b/backend/schema/paths/users/userID/put.json
@@ -1,10 +1,10 @@
 {
 	"operationId": "updateUser",
 	"summary": "Update a User",
-	"tags": ["Users"],
+	"tags": ["users"],
 	"security": [
 		{
-			"BearerAuth": ["users"]
+			"bearerAuth": ["admin"]
 		}
 	],
 	"parameters": [
--- a/backend/schema/swagger.json
+++ b/backend/schema/swagger.json
@@ -2,7 +2,8 @@
 	"openapi": "3.1.0",
 	"info": {
 		"title": "Nginx Proxy Manager API",
-		"version": "2.x.x"
+		"version": "2.x.x",
+		"description": "This is the official API documentation for Nginx Proxy Manager.\n\nMost endpoints require authentication via Bearer Token (JWT). You can generate a token by logging in via the `POST /tokens` endpoint.\n\nFor more information, visit the [Nginx Proxy Manager Documentation](https://nginxproxymanager.com)."
 	},
 	"servers": [
 		{
@@ -11,13 +12,59 @@
 	],
 	"components": {
 		"securitySchemes": {
-			"bearerAuth": {
-				"type": "http",
-				"scheme": "bearer",
-				"bearerFormat": "JWT"
-			}
+			"$ref": "./components/security-schemes.json"
 		}
 	},
+	"tags": [
+		{
+			"name": "public",
+			"description": "Endpoints that do not require authentication"
+		},
+		{
+			"name": "audit-log",
+			"description": "Endpoints related to Audit Logs"
+		},
+		{
+			"name": "access-lists",
+			"description": "Endpoints related to Access Lists"
+		},
+		{
+			"name": "certificates",
+			"description": "Endpoints related to Certificates"
+		},
+		{
+			"name": "404-hosts",
+			"description": "Endpoints related to 404 Hosts"
+		},
+		{
+			"name": "proxy-hosts",
+			"description": "Endpoints related to Proxy Hosts"
+		},
+		{
+			"name": "redirection-hosts",
+			"description": "Endpoints related to Redirection Hosts"
+		},
+		{
+			"name": "streams",
+			"description": "Endpoints related to Streams"
+		},
+		{
+			"name": "reports",
+			"description": "Endpoints for viewing reports"
+		},
+		{
+			"name": "settings",
+			"description": "Endpoints for managing application settings"
+		},
+		{
+			"name": "tokens",
+			"description": "Endpoints for managing authentication tokens"
+		},
+		{
+			"name": "users",
+			"description": "Endpoints for managing users"
+		}
+	],
 	"paths": {
 		"/": {
 			"get": {
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -43,59 +43,59 @@
    ajv-draft-04 "^1.0.0"
    call-me-maybe "^1.0.2"

-"@biomejs/biome@^2.3.0":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@biomejs/biome/-/biome-2.3.0.tgz#80030b68d94bd0a0761ac2cd22cc4f2c0f23f4f9"
-  integrity sha512-shdUY5H3S3tJVUWoVWo5ua+GdPW5lRHf+b0IwZ4OC1o2zOKQECZ6l2KbU6t89FNhtd3Qx5eg5N7/UsQWGQbAFw==
+"@biomejs/biome@^2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/biome/-/biome-2.3.2.tgz#aeeb5f12c39571a18f36a919be63ba7dbc7b290a"
+  integrity sha512-8e9tzamuDycx7fdrcJ/F/GDZ8SYukc5ud6tDicjjFqURKYFSWMl0H0iXNXZEGmcmNUmABgGuHThPykcM41INgg==
  optionalDependencies:
-    "@biomejs/cli-darwin-arm64" "2.3.0"
-    "@biomejs/cli-darwin-x64" "2.3.0"
-    "@biomejs/cli-linux-arm64" "2.3.0"
-    "@biomejs/cli-linux-arm64-musl" "2.3.0"
-    "@biomejs/cli-linux-x64" "2.3.0"
-    "@biomejs/cli-linux-x64-musl" "2.3.0"
-    "@biomejs/cli-win32-arm64" "2.3.0"
-    "@biomejs/cli-win32-x64" "2.3.0"
+    "@biomejs/cli-darwin-arm64" "2.3.2"
+    "@biomejs/cli-darwin-x64" "2.3.2"
+    "@biomejs/cli-linux-arm64" "2.3.2"
+    "@biomejs/cli-linux-arm64-musl" "2.3.2"
+    "@biomejs/cli-linux-x64" "2.3.2"
+    "@biomejs/cli-linux-x64-musl" "2.3.2"
+    "@biomejs/cli-win32-arm64" "2.3.2"
+    "@biomejs/cli-win32-x64" "2.3.2"

-"@biomejs/cli-darwin-arm64@2.3.0":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.0.tgz#78cef4d7415adbf0718c7854e7160e181d916652"
-  integrity sha512-3cJVT0Z5pbTkoBmbjmDZTDFYxIkRcrs9sYVJbIBHU8E6qQxgXAaBfSVjjCreG56rfDuQBr43GzwzmaHPcu4vlw==
+"@biomejs/cli-darwin-arm64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.2.tgz#93f866161abe32e702987ccbddf492c1aabe016f"
+  integrity sha512-4LECm4kc3If0JISai4c3KWQzukoUdpxy4fRzlrPcrdMSRFksR9ZoXK7JBcPuLBmd2SoT4/d7CQS33VnZpgBjew==

-"@biomejs/cli-darwin-x64@2.3.0":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.0.tgz#068baf1f0f748c01658ba9bb511d8d18461d922b"
-  integrity sha512-6LIkhglh3UGjuDqJXsK42qCA0XkD1Ke4K/raFOii7QQPbM8Pia7Qj2Hji4XuF2/R78hRmEx7uKJH3t/Y9UahtQ==
+"@biomejs/cli-darwin-x64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.2.tgz#9c3dffdac12e4f4d8db7680ca20f58ace1f38c23"
+  integrity sha512-jNMnfwHT4N3wi+ypRfMTjLGnDmKYGzxVr1EYAPBcauRcDnICFXN81wD6wxJcSUrLynoyyYCdfW6vJHS/IAoTDA==

-"@biomejs/cli-linux-arm64-musl@2.3.0":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.0.tgz#9a1350184abcea8092957a9519098cac7629705a"
-  integrity sha512-nDksoFdwZ2YrE7NiYDhtMhL2UgFn8Kb7Y0bYvnTAakHnqEdb4lKindtBc1f+xg2Snz0JQhJUYO7r9CDBosRU5w==
+"@biomejs/cli-linux-arm64-musl@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.2.tgz#a0424d2fe355cc43c375b3fbf3e42d39b7221d0e"
+  integrity sha512-2Zz4usDG1GTTPQnliIeNx6eVGGP2ry5vE/v39nT73a3cKN6t5H5XxjcEoZZh62uVZvED7hXXikclvI64vZkYqw==

-"@biomejs/cli-linux-arm64@2.3.0":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.0.tgz#f322daebb32fe0b18f7981c8cdbe84a06852bfee"
-  integrity sha512-uhAsbXySX7xsXahegDg5h3CDgfMcRsJvWLFPG0pjkylgBb9lErbK2C0UINW52zhwg0cPISB09lxHPxCau4e2xA==
+"@biomejs/cli-linux-arm64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.2.tgz#f85717c04d420ede20523d173a1fc10df60d4d37"
+  integrity sha512-amnqvk+gWybbQleRRq8TMe0rIv7GHss8mFJEaGuEZYWg1Tw14YKOkeo8h6pf1c+d3qR+JU4iT9KXnBKGON4klw==

-"@biomejs/cli-linux-x64-musl@2.3.0":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.0.tgz#ce441d5c00eda977b74e4116f9723f2edc579485"
-  integrity sha512-+i9UcJwl99uAhtRQDz9jUAh+Xkb097eekxs/D9j4deWDg5/yB/jPWzISe1nBHvlzTXsdUSj0VvB4Go2DSpKIMw==
+"@biomejs/cli-linux-x64-musl@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.2.tgz#d3e114c744c32d2c50a77c13476bd941819c92d8"
+  integrity sha512-gzB19MpRdTuOuLtPpFBGrV3Lq424gHyq2lFj8wfX9tvLMLdmA/R9C7k/mqBp/spcbWuHeIEKgEs3RviOPcWGBA==

-"@biomejs/cli-linux-x64@2.3.0":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.0.tgz#da7ea904307b3211df62a4b42e5a022f8f583009"
-  integrity sha512-uxa8reA2s1VgoH8MhbGlCmMOt3JuSE1vJBifkh1ulaPiuk0SPx8cCdpnm9NWnTe2x/LfWInWx4sZ7muaXTPGGw==
+"@biomejs/cli-linux-x64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.2.tgz#f66ce85d2d757d45e6edecce04753a805bd816f0"
+  integrity sha512-8BG/vRAhFz1pmuyd24FQPhNeueLqPtwvZk6yblABY2gzL2H8fLQAF/Z2OPIc+BPIVPld+8cSiKY/KFh6k81xfA==

-"@biomejs/cli-win32-arm64@2.3.0":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.0.tgz#cdc0f8bbf025fb28c5b03b326128cce363ecffa5"
-  integrity sha512-ynjmsJLIKrAjC3CCnKMMhzcnNy8dbQWjKfSU5YA0mIruTxBNMbkAJp+Pr2iV7/hFou+66ZSD/WV8hmLEmhUaXA==
+"@biomejs/cli-win32-arm64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.2.tgz#b46f8b47a3d97e766cc5ad5eb67d90eeb230b2cb"
+  integrity sha512-lCruqQlfWjhMlOdyf5pDHOxoNm4WoyY2vZ4YN33/nuZBRstVDuqPPjS0yBkbUlLEte11FbpW+wWSlfnZfSIZvg==

-"@biomejs/cli-win32-x64@2.3.0":
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.0.tgz#10e1de6222e272a1e3e395b3d845ee66cb6febd8"
-  integrity sha512-zOCYmCRVkWXc9v8P7OLbLlGGMxQTKMvi+5IC4v7O8DkjLCOHRzRVK/Lno2pGZNo0lzKM60pcQOhH8HVkXMQdFg==
+"@biomejs/cli-win32-x64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.2.tgz#a14f5e220dd496705278315ee3e5e028dd657344"
+  integrity sha512-6Ee9P26DTb4D8sN9nXxgbi9Dw5vSOfH98M7UlmkjKB2vtUbrRqCbZiNfryGiwnPIpd6YUoTl7rLVD2/x1CyEHQ==

 "@gar/promisify@^1.0.1":
  version "1.1.3"
@@ -861,7 +861,7 @@ expand-template@^2.0.3:
  resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c"
  integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==

-express-fileupload@^1.1.9:
+express-fileupload@^1.5.2:
  version "1.5.2"
  resolved "https://registry.yarnpkg.com/express-fileupload/-/express-fileupload-1.5.2.tgz#4da70ba6f2ffd4c736eab0776445865a9dbd9bfa"
  integrity sha512-wxUJn2vTHvj/kZCVmc5/bJO15C7aSMyHeuXYY3geKpeKibaAoQGcEv5+sM6nHS2T7VF+QHS4hTWPiY2mKofEdg==
@@ -1108,7 +1108,7 @@ graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.2.0, graceful-fs@^4.2.6:
  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3"
  integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==

-gravatar@^1.8.0:
+gravatar@^1.8.2:
  version "1.8.2"
  resolved "https://registry.yarnpkg.com/gravatar/-/gravatar-1.8.2.tgz#f298642b1562ed685af2ae938dbe31ec0c542cc1"
  integrity sha512-GdRwLM3oYpFQKy47MKuluw9hZ2gaCtiKPbDGdcDEuYDKlc8eNnW27KYL9LVbIDzEsx88WtDWQm2ClBcsgBnj6w==
@@ -1352,7 +1352,7 @@ json-schema-traverse@^1.0.0:
  resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz#ae7bcb3656ab77a73ba5c49bf654f38e6b6860e2"
  integrity sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==

-jsonwebtoken@^9.0.0:
+jsonwebtoken@^9.0.2:
  version "9.0.2"
  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz#65ff91f4abef1784697d40952bb1998c504caaf3"
  integrity sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==
--- a/docker/docker-compose.ci.postgres.yml
+++ b/docker/docker-compose.ci.postgres.yml
@@ -1,17 +1,16 @@
 # WARNING: This is a CI docker-compose file used for building and testing of the entire app, it should not be used for production.
 services:
-
  cypress:
    environment:
-      CYPRESS_stack: 'postgres'
+      CYPRESS_stack: "postgres"

  fullstack:
    environment:
-      DB_POSTGRES_HOST: 'db-postgres'
-      DB_POSTGRES_PORT: '5432'
-      DB_POSTGRES_USER: 'npm'
-      DB_POSTGRES_PASSWORD: 'npmpass'
-      DB_POSTGRES_NAME: 'npm'
+      DB_POSTGRES_HOST: "db-postgres"
+      DB_POSTGRES_PORT: "5432"
+      DB_POSTGRES_USER: "npm"
+      DB_POSTGRES_PASSWORD: "npmpass"
+      DB_POSTGRES_NAME: "npm"
    depends_on:
      - db-postgres
      - authentik
@@ -19,11 +18,11 @@ services:
      - authentik-ldap

  db-postgres:
-    image: postgres:latest
+    image: postgres:17
    environment:
-      POSTGRES_USER: 'npm'
-      POSTGRES_PASSWORD: 'npmpass'
-      POSTGRES_DB: 'npm'
+      POSTGRES_USER: "npm"
+      POSTGRES_PASSWORD: "npmpass"
+      POSTGRES_DB: "npm"
    volumes:
      - psql_vol:/var/lib/postgresql/data
      - ./ci/postgres:/docker-entrypoint-initdb.d
@@ -31,11 +30,11 @@ services:
      - fulltest

  authentik-redis:
-    image: 'redis:alpine'
+    image: "redis:alpine"
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
-      test: ['CMD-SHELL', 'redis-cli ping | grep PONG']
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
@@ -66,9 +65,9 @@ services:
  authentik-ldap:
    image: ghcr.io/goauthentik/ldap:2024.10.1
    environment:
-      AUTHENTIK_HOST: 'http://authentik:9000'
-      AUTHENTIK_INSECURE: 'true'
-      AUTHENTIK_TOKEN: 'wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp'
+      AUTHENTIK_HOST: "http://authentik:9000"
+      AUTHENTIK_INSECURE: "true"
+      AUTHENTIK_TOKEN: "wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp"
    restart: unless-stopped
    depends_on:
      - authentik
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -79,7 +79,7 @@ services:
      - "/etc/localtime:/etc/localtime:ro"

  db-postgres:
-    image: postgres:latest
+    image: postgres:17
    container_name: npm2dev.db-postgres
    networks:
      - nginx_proxy_manager
--- a/docs/src/setup/index.md
+++ b/docs/src/setup/index.md
@@ -135,7 +135,7 @@ services:
      - db

  db:
-    image: postgres:latest
+    image: postgres:17
    environment:
      POSTGRES_USER: 'npm'
      POSTGRES_PASSWORD: 'npmpass'
--- a/frontend/biome.json
+++ b/frontend/biome.json
@@ -1,5 +1,5 @@
 {
-    "$schema": "https://biomejs.dev/schemas/2.2.4/schema.json",
+    "$schema": "https://biomejs.dev/schemas/2.3.1/schema.json",
    "vcs": {
        "enabled": true,
        "clientKind": "git",
--- a/frontend/check-locales.cjs
+++ b/frontend/check-locales.cjs
@@ -8,14 +8,11 @@

 const allLocales = [
 	["en", "en-US"],
-	["de", "de-DE"],
 	["fa", "fa-IR"],
 ];

 const ignoreUnused = [
-	/^capability\..*$/,
-	/^status\..*$/,
-	/^type\..*$/,
+	/^.*$/,
 ];

 const { spawnSync } = require("child_process");
@@ -119,19 +116,9 @@ const compareLocale = (locale) => {
 const checkForMissing = (locale) => {
 	allKeys.forEach((key) => {
 		if (typeof locale.data[key] === "undefined") {
-			let ignored = false;
-			ignoreMissing.map((regex) => {
-				if (key.match(regex)) {
-					ignored = true;
-				}
-				return null;
-			});
-
-			if (!ignored) {
-				allWarnings.push(
-					"WARN: `" + locale[0] + "` does not contain item: `" + key + "`",
-				);
-			}
+			allWarnings.push(
+				"WARN: `" + locale[0] + "` does not contain item: `" + key + "`",
+			);
 		}
 		return null;
 	});
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -33,13 +33,14 @@
 		"react-bootstrap": "^2.10.10",
 		"react-dom": "^19.2.0",
 		"react-intl": "^7.1.14",
+		"react-markdown": "^10.1.0",
 		"react-router-dom": "^7.9.4",
 		"react-select": "^5.10.2",
 		"react-toastify": "^11.0.5",
 		"rooks": "^9.3.0"
 	},
 	"devDependencies": {
-		"@biomejs/biome": "^2.3.0",
+		"@biomejs/biome": "^2.3.1",
 		"@formatjs/cli": "^6.7.4",
 		"@tanstack/react-query-devtools": "^5.90.2",
 		"@testing-library/dom": "^10.4.1",
--- a/frontend/src/api/backend/base.ts
+++ b/frontend/src/api/backend/base.ts
@@ -80,8 +80,16 @@ export async function get(args: GetArgs, abortController?: AbortController) {
 	return processResponse(await baseGet(args, abortController));
 }

-export async function download(args: GetArgs, abortController?: AbortController) {
-	return (await baseGet(args, abortController)).text();
+export async function download({ url, params }: GetArgs, filename = "download.file") {
+	const headers = buildAuthHeader();
+	const res = await fetch(buildUrl({ url, params }), { headers });
+	const bl = await res.blob();
+	const u = window.URL.createObjectURL(bl);
+	const a = document.createElement("a");
+	a.href = u;
+	a.download = filename;
+	a.click();
+	window.URL.revokeObjectURL(url);
 }

 interface PostArgs {
--- a/frontend/src/api/backend/createAccessList.ts
+++ b/frontend/src/api/backend/createAccessList.ts
@@ -4,7 +4,6 @@ import type { AccessList } from "./models";
 export async function createAccessList(item: AccessList): Promise<AccessList> {
 	return await api.post({
 		url: "/nginx/access-lists",
-		// todo: only use whitelist of fields for this data
 		data: item,
 	});
 }
--- a/frontend/src/api/backend/createDeadHost.ts
+++ b/frontend/src/api/backend/createDeadHost.ts
@@ -4,7 +4,6 @@ import type { DeadHost } from "./models";
 export async function createDeadHost(item: DeadHost): Promise<DeadHost> {
 	return await api.post({
 		url: "/nginx/dead-hosts",
-		// todo: only use whitelist of fields for this data
 		data: item,
 	});
 }
--- a/frontend/src/api/backend/createProxyHost.ts
+++ b/frontend/src/api/backend/createProxyHost.ts
@@ -4,7 +4,6 @@ import type { ProxyHost } from "./models";
 export async function createProxyHost(item: ProxyHost): Promise<ProxyHost> {
 	return await api.post({
 		url: "/nginx/proxy-hosts",
-		// todo: only use whitelist of fields for this data
 		data: item,
 	});
 }
--- a/frontend/src/api/backend/createRedirectionHost.ts
+++ b/frontend/src/api/backend/createRedirectionHost.ts
@@ -4,7 +4,6 @@ import type { RedirectionHost } from "./models";
 export async function createRedirectionHost(item: RedirectionHost): Promise<RedirectionHost> {
 	return await api.post({
 		url: "/nginx/redirection-hosts",
-		// todo: only use whitelist of fields for this data
 		data: item,
 	});
 }
--- a/frontend/src/api/backend/createStream.ts
+++ b/frontend/src/api/backend/createStream.ts
@@ -4,7 +4,6 @@ import type { Stream } from "./models";
 export async function createStream(item: Stream): Promise<Stream> {
 	return await api.post({
 		url: "/nginx/streams",
-		// todo: only use whitelist of fields for this data
 		data: item,
 	});
 }
--- a/frontend/src/api/backend/createUser.ts
+++ b/frontend/src/api/backend/createUser.ts
@@ -18,7 +18,6 @@ export interface NewUser {
 export async function createUser(item: NewUser, noAuth?: boolean): Promise<User> {
 	return await api.post({
 		url: "/users",
-		// todo: only use whitelist of fields for this data
 		data: item,
 		noAuth,
 	});
--- a/frontend/src/api/backend/downloadCertificate.ts
+++ b/frontend/src/api/backend/downloadCertificate.ts
@@ -1,8 +1,10 @@
 import * as api from "./base";
-import type { Binary } from "./responseTypes";

-export async function downloadCertificate(id: number): Promise<Binary> {
-	return await api.get({
-		url: `/nginx/certificates/${id}/download`,
-	});
+export async function downloadCertificate(id: number): Promise<void> {
+	await api.download(
+		{
+			url: `/nginx/certificates/${id}/download`,
+		},
+		`certificate-${id}.zip`,
+	);
 }
--- a/frontend/src/api/backend/expansions.ts
+++ b/frontend/src/api/backend/expansions.ts
@@ -1,6 +1,6 @@
 export type AccessListExpansion = "owner" | "items" | "clients";
 export type AuditLogExpansion = "user";
-export type CertificateExpansion = "owner" | "proxy_hosts" | "redirection_hosts" | "dead_hosts";
+export type CertificateExpansion = "owner" | "proxy_hosts" | "redirection_hosts" | "dead_hosts" | "streams";
 export type HostExpansion = "owner" | "certificate";
 export type ProxyHostExpansion = "owner" | "access_list" | "certificate";
 export type UserExpansion = "permissions";
--- a/frontend/src/api/backend/index.ts
+++ b/frontend/src/api/backend/index.ts
@@ -37,6 +37,7 @@ export * from "./getToken";
 export * from "./getUser";
 export * from "./getUsers";
 export * from "./helpers";
+export * from "./loginAsUser";
 export * from "./models";
 export * from "./refreshToken";
 export * from "./renewCertificate";
--- a/frontend/src/api/backend/loginAsUser.ts
+++ b/frontend/src/api/backend/loginAsUser.ts
@@ -0,0 +1,8 @@
+import * as api from "./base";
+import type { LoginAsTokenResponse } from "./responseTypes";
+
+export async function loginAsUser(id: number): Promise<LoginAsTokenResponse> {
+	return await api.post({
+		url: `/users/${id}/login`,
+	});
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jamie Curnow	32208f3864	More Persian lang updates	2025-11-03 08:12:52 +10:00
Jamie Curnow	52ab4844dc	Persian Locale	2025-11-02 22:52:43 +10:00
jc21	24216f1f2f	Merge pull request #4785 from NginxProxyManager/react v2.13.0 React UI	2025-11-02 22:48:16 +10:00
Jamie Curnow	52e528f217	Remove incomplete languages and cleanup	2025-11-02 21:28:25 +10:00
Jamie Curnow	4709f9826c	Permissions polish for restricted users	2025-10-31 12:50:54 +10:00
Jamie Curnow	74a8c5d806	Fix app crash when do unautorized things	2025-10-30 15:03:01 +10:00
Jamie Curnow	82a1a86c3a	Log in as user support	2025-10-30 14:45:22 +10:00
Jamie Curnow	95957a192c	Re-add dns_provider_credentials to swagger schema	2025-10-30 12:24:17 +10:00
Jamie Curnow	906ce8ced2	Swagger/openapi schema mega fixes and Cypress validation/enforcement	2025-10-30 11:50:51 +10:00
Jamie Curnow	89abb9d559	Fix bugs from feedback	2025-10-29 08:48:29 +10:00
Jamie Curnow	5d6916dcf0	Tidy up - Add help docs for most sections - Add translations documentation - Fix up todos - Remove german translation	2025-10-28 15:41:11 +10:00
Jamie Curnow	0f718570d6	Use status components for true/false things	2025-10-28 14:18:52 +10:00
Jamie Curnow	fac5f2cbc5	Cert column provider tweaks	2025-10-28 11:51:27 +10:00
Jamie Curnow	3b9beaeae5	Various tweaks and backend improvements	2025-10-28 11:38:26 +10:00
Jamie Curnow	7331cb3675	Audit log tweaks for certificates	2025-10-28 10:38:05 +10:00
Jamie Curnow	678593111e	Settings polish	2025-10-28 08:53:01 +10:00
Jamie Curnow	c08b1be3cb	Use code edit for dns provider config dialog	2025-10-27 19:42:58 +10:00
Jamie Curnow	ca3c9aa39a	Show cert expiry date in yellow when < 30 days	2025-10-27 19:34:25 +10:00
Jamie Curnow	e4e5fb3b58	Update biome	2025-10-27 19:29:14 +10:00
Jamie Curnow	83a2c79e16	Custom certificate upload	2025-10-27 19:26:33 +10:00
Jamie Curnow	0de26f2950	Certificates react work - renewal and download - table columns rendering - searching - deleting	2025-10-27 18:08:37 +10:00
Jamie Curnow	7b5c70ed35	Fix cert renewal backend bug after refactor	2025-10-27 18:04:58 +10:00
Jamie Curnow	e4d9f48870	Fix creating wrong cert type when trying dns	2025-10-27 18:04:29 +10:00
jc21	2893ffb1e4	Merge pull request #4801 from sopex/react QoL: Link to dashboard 2.13	2025-10-27 09:52:50 +10:00
Jamie Curnow	1a117a267c	Fix to postgres 17	2025-10-27 08:13:03 +10:00
Konstantinos Spartalis	b8e3e594fb	;)	2025-10-17 16:00:59 +03:00
Konstantinos Spartalis	71251d2a0d	:)	2025-10-17 13:51:06 +03:00