From 3335f16ad1a6ec114058a8b7e6e71c2cae33c33d Mon Sep 17 00:00:00 2001
From: Puyodead1 <puyodead@proton.me>
Date: Thu, 23 Mar 2023 11:01:38 -0400
Subject: [PATCH] applications

---
 assets/schemas.json                           | Bin 2417674 -> 3951834 bytes
 src/api/routes/applications/#id/bot/index.ts  | 124 +++++++++++-------
 .../routes/applications/#id/entitlements.ts   |  22 +++-
 src/api/routes/applications/#id/index.ts      |  91 +++++++++----
 src/api/routes/applications/#id/skus.ts       |  18 ++-
 src/api/routes/applications/detectable.ts     |  20 ++-
 src/api/routes/applications/index.ts          |  37 ++++--
 src/api/util/handlers/route.ts                |   3 +-
 .../ApplicationDetectableResponse.ts          |   1 +
 .../ApplicationEntitlementsResponse.ts        |   1 +
 .../responses/ApplicationSkusResponse.ts      |   1 +
 .../schemas/responses/ApplicationsResponse.ts |   3 +
 src/util/schemas/responses/index.ts           |   4 +
 13 files changed, 227 insertions(+), 98 deletions(-)
 create mode 100644 src/util/schemas/responses/ApplicationDetectableResponse.ts
 create mode 100644 src/util/schemas/responses/ApplicationEntitlementsResponse.ts
 create mode 100644 src/util/schemas/responses/ApplicationSkusResponse.ts
 create mode 100644 src/util/schemas/responses/ApplicationsResponse.ts

diff --git a/assets/schemas.json b/assets/schemas.json
index 923ddd89ef9303f52b0592603972e85944a9df80..db47e1fc5544fc8a7f6039b32e61a86c5a683ca4 100644
GIT binary patch
delta 214904
zcmeI*dvILkdB^cNd-m)_T1l&2NxQn((ptU|*Ve`6Vww<%-~?i9OSZWb8?V;V!QNQX
zF1ssVN^N9l!S%rSvcykm!N|l(hY)+@2C}3sgFPLXf<us}%;2%(V6|yOGX$g-I>8CJ
z=OSU@X*1~`K7W1xU<U2=?4I{M=Y0Ho-e-6JQ(igy<hU|?^8=ptbh<a$EhqPQYouXK
z={IC#gSt-AyH&RgeoLDrZL`b%+LImV>q}(v$39z-AKN=yMn5fU$`5)xGW5QuQTA${
zX4zlri%7@U6;D1rS|u;IlooYkDkVFYDNWK4b={diUsW#+N5bWD;z`%K{Ffs0?7xOp
zB`)c8nx<@%(Q8W9xl&u?*b+4+W5r69>yE6nT=cZai5;F+8F|yYDv;58k{P`_7azzZ
z^ZOoqKbT2(#}n3PNaT{K{<!S>U0~k+9cx0_Tq>jgZ+Fd?!@qV_Nyp*RYUvtLHCZw4
z@lHI=zAqnaiSDmhAVcjHONx{IIekOMdhz^)sychK+n!Uq{FiT^ADKIGd(hQYmdtji
zHtU(h`ebi1w{3EZCf>GfPI-03#3Q!F_1@%$r2RM<zq@3S3{@$!)YjHTa{8dU;J|t9
z@)vRP-`p)St-B;@zf<#x;)9y?K2n}j8}mc|c$0Lz5^{Tcd*kUuCXqk(NWBd13w}xV
z{wzFS#_GeGtlX~5ks*JXwXuE~410FS;Ad*RG&T8)WcA-`(`B$J+9JdM5Y(jk1@8g-
zjzzC))|>k6S4lkYy)FM})iu`FlfR+TcuC`Xa_96!pNzllTjXAC{@=-<C!23;-7F_k
z4FP%WVklD4bHx{v%_VYjdP}G-WPOe=ejBl`Y18v3MyFZB==2|{QCYD#P#c=EH{$7m
z_2$rx-KbXAUEWFYjDG)sF-GFusUAIU?74nPJX={S!B1Q@YHCZr>}ytQzA%oYe3q*w
ze8o7jHg3FCt*y9n7+Lr1Y;o0S)~pa^x4+sP!X9fNxvjeoJ)~H-X)a^`cc%T<%P)TE
zuCymu!=2jeg^~ZRnWM<1CS^^&;i)<M--^l5iQ)y)_EdPOq(4@ou8k=feMYM{_Ul(X
zJ$iOiE+xtvp*dns7<XT4eKOzji@DZcGB!`~O3S@9YvjU`zy@Q`w8+RF<t_<^!p+uv
zjkT3D$)$0RCd#jB|3bPJ`Q4s)qPN$WYvX0gBWmA$2}#_fJ?`D2uTKo*HcI)Rf356o
zjV|=1a_M+h@6Jf)8Leq@@;Cd8TYD4PTwG$SwT0Hr%6mmk()Nxq-G`eRy3K7mV16mL
zOWRWKbouzt{g1eN^j<yRvU8U#@2Re_28|5=m#fu$y3#D;+KeXYn6E6hCb~a8km=r-
z$m%`zyf7!f`Jz7eKsK>K+UG=P$%!|;-R?|sgR#BiF5|n<W7o=wJ;r`8MsiBVo)1M-
zJ)4!WKl4`GLwav#U_p`IYt7~C#$<l<&AD=-M_m_KdHKe)j0e28%1=(k=GYU>e1O!q
zyMog2lUQj!s0Zv_wYs^o+J1y_09+o}oajyV#B-@ldVf~--Jvy_A24csHsi2*B<z>q
zb*^h<_?+UChJLj{H9nf$ztsQT1Dn((<x`&<&nEl3W#>WfZT|a`{TuX5I+K)^X@P5G
z@MqrF<lRGIpZv#5o(lU_&7-9B9SYY-x<_p&(zoXH{vN$2o|Vy;Jav<sFx&OOb}<J*
zk=|__H;rS`COzL?6S@2W{i`PKSt{d4v<iDetr0o+UgZ*N9uMvdU1xqRVL2XEBF1zI
z6ifDKQB>r{%8;a=E-rTU>JqzIo2Hqg)%YHd)z{`P<lUkV8IxhpmtC{`pKqW1{7^U|
zT}NX@zRy2o=gnHJIpd{caiGQ;lc!(T8Yag2shTeg+wwZ4#vb>lV-*egu_HIj;2xjX
z9vq#Gu6o(~k}`A3ATkdp#-#sz->0ofubP9W{RQKAV2ts}Z)TgcEYWK0kz^eDs_ktZ
zsa1;XIdrmCiAs8*;+NSQj4#3%<bJ8BQzE4kv!_3<_b1l(%FdUID`YTMUT==V{CJmf
z3^mWMZRaAIjP0+B*fYR*A-8Nj6*CSF<}jH&?H!w~v`X`DTuWu-7US60@ow>X`ON3@
zs>%NQ<n-glfxsMf=1rdbcaBz?J1i(;h0roNtN4rq|HNUu)_&FJ&qV9&hYUSf@~ZVL
zdFZ2(1|^lh{|Wop?l#U?6LV#-!Z=s7?FuZAuFYDXOpJi7(!AL3m+)^xQMqKit+gd5
zZ&RzS{Uv+f@y|H$n18zY&A27sY;3goN%N0S3&{I*;YfaXNm=ofc_yO^E9>)Z-?>S>
zFO!nkpQ<tQQ0F%Ou+Jjqx!*YDwaT%xu6vc7w0|>nt$ADQZ;eZfWcMZ+{n&lrixYR}
zZvw5>)=F@Xwna5xsq<*8MloK#NUOEZAI1xro9r@<rY)biR($dKvGeZhCH=m#K!$%?
zc8_$OGKSIc{?OV#aF-o=#nmDm7XrF;d{_0!x^~yZsXDk@yVky}`c=EjzJNIJQQ$gh
ze%s@g;^pczdmdU3+uQ87z6k5snIF0#B0pYcoS==d@%70a@i+OdC%p2<Z@5Cze4{#7
zMxx<}meDt-Hi<PY(qC!R%$N0xy4xSg2Ys4+b&0D~j1la=V(-YzUA5&CcT5gr^9_sT
z)y4ku!f;zzq;bljVYE^;jv4>2LENlv(zjXr(43K8`4{6FPfZQ<%dy$Ug~o-t`kV}x
zm#&q;xg}d&#?75uL$&q+z<i#uk80(@(m<X4<Y$i<yYcsoFZ;^lP{_A-$^~r0H+|QN
zXNG^`%FR5Sd(118WxAaFWuWHsGsApq7kP{;1U(a%p*CYrnb$SeCBx2~aV0!uYBo>q
zi_O-yy8HCL_4$+g?QQkhFEL=82Fxps$-j(OP0DCpc!oI>eD)Uft(TKaOV$;e&o`#u
z#$?*MT5Po5t90@)dS;b%rIa?#lFd!V95l{ve<jArY<_;U+}_G7uf95Wc^Cdc2bn8A
zN!gSwu`Xnk{h=EBP0d50{WgczmQ}m-ggvWL3l;7En(k9RfSf#Qo&-K}PnV&Wm1JS;
zcI`|^7F=fxiBFfS;UCUF*1Q6XU=b{WMX-qZFB#_90E=J|EP_R_2o}L2SJff~!y;J-
zLL5RILL5RIGMSM;5aJNx5aJNx5aJNx5V^Vp$sAXHw44-#6oeFn6oeFn6vV96q9V&I
z1R(_>1tA3?1tA5wssxevGS&M?o9jny>c$I51c@LKB!Wbc2okYY%^(rhhOjn-wIQqx
zF_!LLRf!Z9-|2pkdMxU(sK=rni+U{Tv8?6Ugdv0>EKg^7I?K~po^Gy*zq$nZ%X992
z>aidQ1c4wB1cE>iyLT8V2q_3D2q_3D$kipt!UQE)lweVUMF|!qSd?H<f<+0I*~*&y
zgZzX1gZ$&F=O6ObZ+W!BC;zGqbl?yif<tf!4#6Qf1c%@dekO#U3E^i#j2|qy`acs=
zFdXtUby(D4QHMnx7Ij$EVNr)g9hUX0o<t!;Aw(fWAr3_$fA@js(rTg*q7b4Gq7b4G
zq7b4Gq7b4Gq7b4Gq7X--5W6Jn(QV#`J8=jO!67&Vhu{z#f<tf!4#6Qf#1V(Qc+OYe
zjX)3x0zn`M1c4wB1cE>i2m(PMjtHdi@{_)H)}^y3ghe4N3Sm(Qi$Yiw!lDosg`^<}
z1c4yV5ag|T|BDa=f<O=m0zn`M1c4wB1cLk+f<O>w2y(~w{Lk<!=@0~hKoAH5K_CbO
zfglhBf@C0wBLtBT?rQWDPR%R2n<xZ_;1C>wLvRQV!67&Vhu{z#ve7|@Ts&5EBY6l8
z!67&Vhu{z#f<tf!4#6Qf#2JSawCjtT__aa^0zn`M1c4wB1cE>i2m(PMh*JbPUOcph
z_Pn&`r9Ch0d1=o}dtTb}(w>+0y!6ImVLGcq9I3`CY`#5k7X%>%Aq61?Aq61?Aq61?
zAq61?Aq61?aVP~jcs{U(LM#XZK_CbOfglhBf<O=m0zn{%Lj-vvQSxP$qeBn~0zn`M
z1c4wB1cE>i2m(PIBFH=cUXmgOfglhBf<O=m0zn`M1c4wB1cEq3kjSReZU_QFAP5A3
zAP@wCKoAH5K_CbOafl#GKP-K?la5$)#G)e>9kJ+$MMo?;V$l(cj#zZWq9Ya^v7G6M
z^~~n7he$z4K}bPJK}bPJK}bPJK}bPJK}bPJL7YiJ#2`pX;nKyj)i?x);1C>wLvRQV
z!67&Vhu{z#;*dkWchoaY#)6^iWyNb%Go<4d*Q~-T4+fuDNre^_T2yFJp+$uj6<Sni
zQK3bJ78P1lXi=f%NQIUh@VaJNEGazbD}R=Zgp7oYgp7oYgp7oYgp7oYgp7oYgp9<Q
zjHK|NkCnS22n2y35Cnoi5C{T6AP5A3AP~d}g1qjPw{`^YtVpMOlik+o_ZB^;cjpr8
zdv&?LIy_wl?@@ws{`(b0%61w3dEnv?n_rrLD-~Q+a8bcU1s4@uRB%zjMFkfXTvTvT
z!9@j^0~K5oVyU_;mL>hUWUg25)BAH-%wk@U#AV;_0`vCom@kKa?W&TF!==^IHA2cl
z%0kLQ%0kLQ%0kLQ%0kLQ%0kNGV9HW@*(|Fz4PX`PLIkU<+^)=#A%EFiX*d%0%V5~E
zLk2&?Dp&=pU=^%_Rj>+H!75nAL8}yBw#pSyiORvw;>eWyXXH;uD<$=ViVvv`BWJ-b
z#ub}j7wm#vunTs<F4zUTU>7Isawe3&AzD#57YyZCR8P4V5ef`}Aut4nzz`S$LtqFD
zafTs<hHr<`5Cnoi5C{T6AP5A3AP@wCKoAJx5J3{v;Z!G$x@gozqb?eC(Wr|?T{P;V
zQ5TK6Xw*fcE*f<?(5UN7sBmZ~yqy$;6oeFn6oeFn6oeFn6oeFn6oeFn6vUwv<inX2
z@2(&PAq61?Aq61?Aq61?Aq61?Aq61?Aq8<J1$pNC73WDoNI^(JNI^(JNI^(JNI^(J
zNI^(JNI@J*L6$XD?z)>4gcO7ngcO7ngcO7ngcO7ngcO7ngcQV)6hubat9*r{FIRRF
zg%E`hg%E`hg%E`hg%E`hg%E`hg%E`}6onWL`4b2NK_CbOfglhBf<O=m0zn`M1aXKU
z7hkRNLl6i8K_CbOfglhBf<O=m0zn{%Lj-yIw#Y#U0zn`M1c4wB1cE>i2m(PM2n2D6
zAYc1wWEY)zAqWJ4AP@wCKoAH5K_CbOfglbM<f&EBQc@5I0zn`M1c4wB1cE>i2m(PM
zh(iQ<;GO8eDmwGhnU~JIbmpZqFP(Ym%u8opI`h(*m(IL&=5?eqZ{cKD_0ydY1cE>i
z2m(PM2n2y35Cnoi5D4N7L7LvHey#(8KoAH5K_CbOfglhBf<O=m0zsT1$aDQQKfMQn
zKoAH5K_CbOfglhBf<O=m0zsT1$gP)ZDp-!ra&(rXvmBk}=qyKPIXcVHS&q(fbe5yD
z9Nn4a=+aeOrxjWsuDy39Q3z28Q3z28Q3z28Q3z28Q3z28Q3z3pGf{})kew_DAqpW1
zAqpW1AqpW1AqpW1AqpW1AqsIa3MuTXJ99Tt2vG=82vG=82vG=82vG=82vG=82vLYb
zQAoqI7^^~vLWn|$LWn|$LWn|$LWn|$LWn|$LY#?03M&s!I}1S|2n2y35Cnoi5C{T6
zAP5A3APy1a)49{<KoAH5K_CbOfglhBf<O=m0zn{%GXxQXAilz<KbYQyLvRQV!67&V
zhu{z#f<tf!4#6SLIHa(kr9KBiAP5A3AP@wCKoAH5K_CbOfglbMB>Q6h76<}CAP5A3
zAP@wCKoAH5K_CbOafTp|9$(yG{1+=6Up%9!hYr1T=%qt19eU}|ONU-M^wOc14!v~f
zr9&?rdY$Red;FhgtS1d24IvF74IvF74IvF74IvF74IvF74RIz7DSU8OV<`lIAP@wC
zKoAH5K_CbOfglhBf;dEwH_tV?AqWJ4AP@wCKoAH5K_CbOfgljXA%Z*`pZOF7fglhB
bf<O=m0zn`M1c4wB1cEq0kkcVo(f0oVJ{(3?

delta 850
zcmcaL^CM%|iOGx`oT|5PNHo7_y1k#7(aRsgo(^QQZ`Zxem;)8q{%jM|Hb1DO|8y4i
z_79!R+dp)&WITZCUiyi(9;UeP6k8rt@phes?9njxm2!@%0I2%e0i1JT;;rgjETK^G
zYb@Lyfl&79d)$J_P&Vf&9!Hqo>5F)`!q_vb`R2o1ZJ;B-vwdPPe-KO(DBu8d)Lv#m
zeV7k`Z1(LAw*+TKLrk9z7SP=%6aW?2erlmG+}TAHA~rBne*25&!<@ZcO)MG4PX8;`
z40E>mb@3*cO+Ys9cHwmrAuxfo?@Y4O9kk@lr}uYBvQ9guCObL6QFMC4X&%At0j-jg
zgP{I3NRavqGrY=Nngz<9Y#|}CU0X}O1j^s~Mxg+vY~^)@e3%<jH!9Y`#PvIr?!(+4
zouGUdCf;hU(h&i%ZrXcQj_E4`IHzr&_g;0kFGO(Ld(}vo+GR)8IAQERv(@Lp*w2eJ
zI>2UMHQj!|OOp#M4rEI!Y83{9i~+Lm{?VEVcGn%#?dPs(&jZH}P<-!tol{Xz?_Qat
zD*`jqG*d4L77S0E^&4Taxk<+0F4Vo-@BB4TgsJzsVt5P2E?jM-4r4!UG|qsrXGNI6
zf^2)VzG*pF{HkfYGMgC?n{QWUv(Qd~x@Gn!izKMN>A)1kwmsmaB?ru)rSq*|ak2ed
Osr4MN_$gB+u37*B=!F6R

diff --git a/src/api/routes/applications/#id/bot/index.ts b/src/api/routes/applications/#id/bot/index.ts
index e3f1832c..1df7fba0 100644
--- a/src/api/routes/applications/#id/bot/index.ts
+++ b/src/api/routes/applications/#id/bot/index.ts
@@ -16,78 +16,114 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
-import { Request, Response, Router } from "express";
 import { route } from "@spacebar/api";
 import {
 	Application,
-	generateToken,
-	User,
 	BotModifySchema,
-	handleFile,
 	DiscordApiErrors,
+	User,
+	generateToken,
+	handleFile,
 } from "@spacebar/util";
+import { Request, Response, Router } from "express";
 import { HTTPError } from "lambert-server";
 import { verifyToken } from "node-2fa";
 
 const router: Router = Router();
 
-router.post("/", route({}), async (req: Request, res: Response) => {
-	const app = await Application.findOneOrFail({
-		where: { id: req.params.id },
-		relations: ["owner"],
-	});
+router.post(
+	"/",
+	route({
+		responses: {
+			200: {
+				body: "TokenResponse",
+			},
+			400: {
+				body: "APIErrorResponse",
+			},
+		},
+	}),
+	async (req: Request, res: Response) => {
+		const app = await Application.findOneOrFail({
+			where: { id: req.params.id },
+			relations: ["owner"],
+		});
 
-	if (app.owner.id != req.user_id)
-		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+		if (app.owner.id != req.user_id)
+			throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
 
-	const user = await User.register({
-		username: app.name,
-		password: undefined,
-		id: app.id,
-		req,
-	});
+		const user = await User.register({
+			username: app.name,
+			password: undefined,
+			id: app.id,
+			req,
+		});
 
-	user.id = app.id;
-	user.premium_since = new Date();
-	user.bot = true;
+		user.id = app.id;
+		user.premium_since = new Date();
+		user.bot = true;
 
-	await user.save();
+		await user.save();
 
-	// flags is NaN here?
-	app.assign({ bot: user, flags: app.flags || 0 });
+		// flags is NaN here?
+		app.assign({ bot: user, flags: app.flags || 0 });
 
-	await app.save();
+		await app.save();
 
-	res.send({
-		token: await generateToken(user.id),
-	}).status(204);
-});
+		res.send({
+			token: await generateToken(user.id),
+		}).status(204);
+	},
+);
 
-router.post("/reset", route({}), async (req: Request, res: Response) => {
-	const bot = await User.findOneOrFail({ where: { id: req.params.id } });
-	const owner = await User.findOneOrFail({ where: { id: req.user_id } });
+router.post(
+	"/reset",
+	route({
+		responses: {
+			200: {
+				body: "TokenResponse",
+			},
+			400: {
+				body: "APIErrorResponse",
+			},
+		},
+	}),
+	async (req: Request, res: Response) => {
+		const bot = await User.findOneOrFail({ where: { id: req.params.id } });
+		const owner = await User.findOneOrFail({ where: { id: req.user_id } });
 
-	if (owner.id != req.user_id)
-		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+		if (owner.id != req.user_id)
+			throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
 
-	if (
-		owner.totp_secret &&
-		(!req.body.code || verifyToken(owner.totp_secret, req.body.code))
-	)
-		throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
+		if (
+			owner.totp_secret &&
+			(!req.body.code || verifyToken(owner.totp_secret, req.body.code))
+		)
+			throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
 
-	bot.data = { hash: undefined, valid_tokens_since: new Date() };
+		bot.data = { hash: undefined, valid_tokens_since: new Date() };
 
-	await bot.save();
+		await bot.save();
 
-	const token = await generateToken(bot.id);
+		const token = await generateToken(bot.id);
 
-	res.json({ token }).status(200);
-});
+		res.json({ token }).status(200);
+	},
+);
 
 router.patch(
 	"/",
-	route({ body: "BotModifySchema" }),
+	route({
+		body: "BotModifySchema",
+		responses: {
+			200: {
+				body: "Application",
+			},
+			400: {
+				body: "APIErrorResponse",
+			},
+		},
+	}),
 	async (req: Request, res: Response) => {
 		const body = req.body as BotModifySchema;
 		if (!body.avatar?.trim()) delete body.avatar;
diff --git a/src/api/routes/applications/#id/entitlements.ts b/src/api/routes/applications/#id/entitlements.ts
index e88fb7f7..6388e6b3 100644
--- a/src/api/routes/applications/#id/entitlements.ts
+++ b/src/api/routes/applications/#id/entitlements.ts
@@ -16,15 +16,25 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
-import { Router, Response, Request } from "express";
 import { route } from "@spacebar/api";
+import { Request, Response, Router } from "express";
 
 const router = Router();
 
-router.get("/", route({}), (req: Request, res: Response) => {
-	// TODO:
-	//const { exclude_consumed } = req.query;
-	res.status(200).send([]);
-});
+router.get(
+	"/",
+	route({
+		responses: {
+			200: {
+				body: "ApplicationEntitlementsResponse",
+			},
+		},
+	}),
+	(req: Request, res: Response) => {
+		// TODO:
+		//const { exclude_consumed } = req.query;
+		res.status(200).send([]);
+	},
+);
 
 export default router;
diff --git a/src/api/routes/applications/#id/index.ts b/src/api/routes/applications/#id/index.ts
index 067f5dad..dec2a9b1 100644
--- a/src/api/routes/applications/#id/index.ts
+++ b/src/api/routes/applications/#id/index.ts
@@ -16,32 +16,55 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
-import { Request, Response, Router } from "express";
 import { route } from "@spacebar/api";
 import {
 	Application,
-	DiscordApiErrors,
 	ApplicationModifySchema,
+	DiscordApiErrors,
 } from "@spacebar/util";
-import { verifyToken } from "node-2fa";
+import { Request, Response, Router } from "express";
 import { HTTPError } from "lambert-server";
+import { verifyToken } from "node-2fa";
 
 const router: Router = Router();
 
-router.get("/", route({}), async (req: Request, res: Response) => {
-	const app = await Application.findOneOrFail({
-		where: { id: req.params.id },
-		relations: ["owner", "bot"],
-	});
-	if (app.owner.id != req.user_id)
-		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+router.get(
+	"/",
+	route({
+		responses: {
+			200: {
+				body: "Application",
+			},
+			400: {
+				body: "APIErrorResponse",
+			},
+		},
+	}),
+	async (req: Request, res: Response) => {
+		const app = await Application.findOneOrFail({
+			where: { id: req.params.id },
+			relations: ["owner", "bot"],
+		});
+		if (app.owner.id != req.user_id)
+			throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
 
-	return res.json(app);
-});
+		return res.json(app);
+	},
+);
 
 router.patch(
 	"/",
-	route({ body: "ApplicationModifySchema" }),
+	route({
+		body: "ApplicationModifySchema",
+		responses: {
+			200: {
+				body: "Application",
+			},
+			400: {
+				body: "APIErrorResponse",
+			},
+		},
+	}),
 	async (req: Request, res: Response) => {
 		const body = req.body as ApplicationModifySchema;
 
@@ -73,23 +96,35 @@ router.patch(
 	},
 );
 
-router.post("/delete", route({}), async (req: Request, res: Response) => {
-	const app = await Application.findOneOrFail({
-		where: { id: req.params.id },
-		relations: ["bot", "owner"],
-	});
-	if (app.owner.id != req.user_id)
-		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+router.post(
+	"/delete",
+	route({
+		responses: {
+			200: {},
+			400: {
+				body: "APIErrorResponse",
+			},
+		},
+	}),
+	async (req: Request, res: Response) => {
+		const app = await Application.findOneOrFail({
+			where: { id: req.params.id },
+			relations: ["bot", "owner"],
+		});
+		if (app.owner.id != req.user_id)
+			throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
 
-	if (
-		app.owner.totp_secret &&
-		(!req.body.code || verifyToken(app.owner.totp_secret, req.body.code))
-	)
-		throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
+		if (
+			app.owner.totp_secret &&
+			(!req.body.code ||
+				verifyToken(app.owner.totp_secret, req.body.code))
+		)
+			throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
 
-	await Application.delete({ id: app.id });
+		await Application.delete({ id: app.id });
 
-	res.send().status(200);
-});
+		res.send().status(200);
+	},
+);
 
 export default router;
diff --git a/src/api/routes/applications/#id/skus.ts b/src/api/routes/applications/#id/skus.ts
index fcb75423..dc4fad23 100644
--- a/src/api/routes/applications/#id/skus.ts
+++ b/src/api/routes/applications/#id/skus.ts
@@ -16,13 +16,23 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
-import { Request, Response, Router } from "express";
 import { route } from "@spacebar/api";
+import { Request, Response, Router } from "express";
 
 const router: Router = Router();
 
-router.get("/", route({}), async (req: Request, res: Response) => {
-	res.json([]).status(200);
-});
+router.get(
+	"/",
+	route({
+		responses: {
+			200: {
+				body: "ApplicationSkusResponse",
+			},
+		},
+	}),
+	async (req: Request, res: Response) => {
+		res.json([]).status(200);
+	},
+);
 
 export default router;
diff --git a/src/api/routes/applications/detectable.ts b/src/api/routes/applications/detectable.ts
index a8e30894..5cf9d171 100644
--- a/src/api/routes/applications/detectable.ts
+++ b/src/api/routes/applications/detectable.ts
@@ -16,14 +16,24 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
-import { Request, Response, Router } from "express";
 import { route } from "@spacebar/api";
+import { Request, Response, Router } from "express";
 
 const router: Router = Router();
 
-router.get("/", route({}), async (req: Request, res: Response) => {
-	//TODO
-	res.send([]).status(200);
-});
+router.get(
+	"/",
+	route({
+		responses: {
+			200: {
+				body: "ApplicationDetectableResponse",
+			},
+		},
+	}),
+	async (req: Request, res: Response) => {
+		//TODO
+		res.send([]).status(200);
+	},
+);
 
 export default router;
diff --git a/src/api/routes/applications/index.ts b/src/api/routes/applications/index.ts
index 80a19aa8..2290414c 100644
--- a/src/api/routes/applications/index.ts
+++ b/src/api/routes/applications/index.ts
@@ -16,28 +16,45 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
-import { Request, Response, Router } from "express";
 import { route } from "@spacebar/api";
 import {
 	Application,
 	ApplicationCreateSchema,
-	trimSpecial,
 	User,
+	trimSpecial,
 } from "@spacebar/util";
+import { Request, Response, Router } from "express";
 
 const router: Router = Router();
 
-router.get("/", route({}), async (req: Request, res: Response) => {
-	const results = await Application.find({
-		where: { owner: { id: req.user_id } },
-		relations: ["owner", "bot"],
-	});
-	res.json(results).status(200);
-});
+router.get(
+	"/",
+	route({
+		responses: {
+			200: {
+				body: "ApplicationsResponse",
+			},
+		},
+	}),
+	async (req: Request, res: Response) => {
+		const results = await Application.find({
+			where: { owner: { id: req.user_id } },
+			relations: ["owner", "bot"],
+		});
+		res.json(results).status(200);
+	},
+);
 
 router.post(
 	"/",
-	route({ body: "ApplicationCreateSchema" }),
+	route({
+		body: "ApplicationCreateSchema",
+		responses: {
+			200: {
+				body: "Application",
+			},
+		},
+	}),
 	async (req: Request, res: Response) => {
 		const body = req.body as ApplicationCreateSchema;
 		const user = await User.findOneOrFail({ where: { id: req.user_id } });
diff --git a/src/api/util/handlers/route.ts b/src/api/util/handlers/route.ts
index 66bd2890..04910ed4 100644
--- a/src/api/util/handlers/route.ts
+++ b/src/api/util/handlers/route.ts
@@ -55,7 +55,8 @@ export interface RouteOptions {
 	body?: `${string}Schema`; // typescript interface name
 	responses?: {
 		[status: number]: {
-			body?: `${string}Response`;
+			// body?: `${string}Response`;
+			body?: string;
 		};
 	};
 	test?: {
diff --git a/src/util/schemas/responses/ApplicationDetectableResponse.ts b/src/util/schemas/responses/ApplicationDetectableResponse.ts
new file mode 100644
index 00000000..958b8d43
--- /dev/null
+++ b/src/util/schemas/responses/ApplicationDetectableResponse.ts
@@ -0,0 +1 @@
+export type ApplicationDetectableResponse = unknown[];
diff --git a/src/util/schemas/responses/ApplicationEntitlementsResponse.ts b/src/util/schemas/responses/ApplicationEntitlementsResponse.ts
new file mode 100644
index 00000000..1d2b349e
--- /dev/null
+++ b/src/util/schemas/responses/ApplicationEntitlementsResponse.ts
@@ -0,0 +1 @@
+export type ApplicationEntitlementsResponse = unknown[];
diff --git a/src/util/schemas/responses/ApplicationSkusResponse.ts b/src/util/schemas/responses/ApplicationSkusResponse.ts
new file mode 100644
index 00000000..8d577c92
--- /dev/null
+++ b/src/util/schemas/responses/ApplicationSkusResponse.ts
@@ -0,0 +1 @@
+export type ApplicationSkusResponse = unknown[];
diff --git a/src/util/schemas/responses/ApplicationsResponse.ts b/src/util/schemas/responses/ApplicationsResponse.ts
new file mode 100644
index 00000000..fef3fbde
--- /dev/null
+++ b/src/util/schemas/responses/ApplicationsResponse.ts
@@ -0,0 +1,3 @@
+import { Application } from "../../entities";
+
+export type ApplicationsResponse = Application[];
diff --git a/src/util/schemas/responses/index.ts b/src/util/schemas/responses/index.ts
index ed91b866..6dde4d24 100644
--- a/src/util/schemas/responses/index.ts
+++ b/src/util/schemas/responses/index.ts
@@ -1,5 +1,9 @@
 export * from "./APIErrorOrCaptchaResponse";
 export * from "./APIErrorResponse";
+export * from "./ApplicationDetectableResponse";
+export * from "./ApplicationEntitlementsResponse";
+export * from "./ApplicationSkusResponse";
+export * from "./ApplicationsResponse";
 export * from "./BackupCodesChallengeResponse";
 export * from "./CaptchaRequiredResponse";
 export * from "./GenerateRegistrationTokensResponse";