refactor: Fix psalm issues

- Add typing for most of the services, controllers and mappers
- Add api doc for mappers
- Use vendor-bin for psalm
- Use attributes for controllers
- Fix upload of attachments

Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>

lib/Controller/AttachmentApiController.php

@@ -6,9 +6,13 @@
  */
 namespace OCA\Deck\Controller;
 
+use OCA\Deck\Db\Attachment;
 use OCA\Deck\Service\AttachmentService;
 use OCP\AppFramework\ApiController;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\CORS;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\IRequest;
 
@@ -21,72 +25,52 @@ class AttachmentApiController extends ApiController {
 		parent::__construct($appName, $request);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 */
-	public function getAll($apiVersion) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function getAll(string $apiVersion): DataResponse {
 		$attachment = $this->attachmentService->findAll($this->request->getParam('cardId'), true);
 		if ($apiVersion === '1.0') {
-			$attachment = array_filter($attachment, function ($attachment) {
-				return $attachment->getType() === 'deck_file';
-			});
+			$attachment = array_filter($attachment, fn (Attachment $attachment): bool => $attachment->getType() === 'deck_file');
 		}
 		return new DataResponse($attachment, HTTP::STATUS_OK);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 */
-	public function display($cardId, $attachmentId, $type = 'deck_file') {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function display(int $cardId, int $attachmentId, string $type = 'deck_file') {
 		return $this->attachmentService->display($cardId, $attachmentId, $type);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 */
-	public function create($cardId, $type, $data) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function create(int $cardId, string $type, string $data): DataResponse {
 		$attachment = $this->attachmentService->create($cardId, $type, $data);
 		return new DataResponse($attachment, HTTP::STATUS_OK);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 */
-	public function update($cardId, $attachmentId, $data, $type = 'deck_file') {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function update(int $cardId, int $attachmentId, string $data, string $type = 'deck_file'): DataResponse {
 		$attachment = $this->attachmentService->update($cardId, $attachmentId, $data, $type);
 		return new DataResponse($attachment, HTTP::STATUS_OK);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 */
-	public function delete($cardId, $attachmentId, $type = 'deck_file') {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function delete(int $cardId, int $attachmentId, string $type = 'deck_file'): DataResponse {
 		$attachment = $this->attachmentService->delete($cardId, $attachmentId, $type);
 		return new DataResponse($attachment, HTTP::STATUS_OK);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 */
-	public function restore($cardId, $attachmentId, $type = 'deck_file') {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function restore(int $cardId, int $attachmentId, string $type = 'deck_file'): DataResponse {
 		$attachment = $this->attachmentService->restore($cardId, $attachmentId, $type);
 		return new DataResponse($attachment, HTTP::STATUS_OK);
 	}

lib/Controller/AttachmentController.php

@@ -7,8 +7,13 @@
 
 namespace OCA\Deck\Controller;
 
+use OCA\Deck\BadRequestException;
+use OCA\Deck\Db\Attachment;
 use OCA\Deck\Service\AttachmentService;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Response;
 use OCP\IRequest;
 
 class AttachmentController extends Controller {
@@ -20,74 +25,66 @@ class AttachmentController extends Controller {
 		parent::__construct($appName, $request);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
-	public function getAll($cardId) {
+	#[NoAdminRequired]
+	public function getAll(int $cardId): array {
 		return $this->attachmentService->findAll($cardId, true);
 	}
 
 	/**
-	 * @param $cardId
-	 * @param $attachmentId
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
-	 * @return \OCP\AppFramework\Http\Response
 	 * @throws \OCA\Deck\NotFoundException
 	 */
-	public function display($cardId, $attachmentId) {
-		if (!str_contains($attachmentId, ':')) {
-			$type = 'deck_file';
-		} else {
-			[$type, $attachmentId] = explode(':', $attachmentId);
-		}
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	public function display(int $cardId, string $attachmentId): Response {
+		['type' => $type, 'attachmentId' => $attachmentId] = $this->extractTypeAndAttachmentId($attachmentId);
 		return $this->attachmentService->display($cardId, $attachmentId, $type);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
-	public function create($cardId) {
+	#[NoAdminRequired]
+	public function create(int $cardId): Attachment {
 		return $this->attachmentService->create(
 			$cardId,
 			$this->request->getParam('type'),
-			$this->request->getParam('data')
+			$this->request->getParam('data') ?? '',
 		);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
-	public function update($cardId, $attachmentId) {
-		if (!str_contains($attachmentId, ':')) {
-			$type = 'deck_file';
-		} else {
-			[$type, $attachmentId] = explode(':', $attachmentId);
-		}
-		return $this->attachmentService->update($cardId, $attachmentId, $this->request->getParam('data'), $type);
+	#[NoAdminRequired]
+	public function update(int $cardId, string $attachmentId): Attachment {
+		['type' => $type, 'attachmentId' => $attachmentId] = $this->extractTypeAndAttachmentId($attachmentId);
+		return $this->attachmentService->update($cardId, $attachmentId, $this->request->getParam('data') ?? '', $type);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
-	public function delete($cardId, $attachmentId) {
-		if (!str_contains($attachmentId, ':')) {
-			$type = 'deck_file';
-		} else {
-			[$type, $attachmentId] = explode(':', $attachmentId);
-		}
+	#[NoAdminRequired]
+	public function delete(int $cardId, string $attachmentId): Attachment {
+		['type' => $type, 'attachmentId' => $attachmentId] = $this->extractTypeAndAttachmentId($attachmentId);
 		return $this->attachmentService->delete($cardId, $attachmentId, $type);
 	}
 
+	#[NoAdminRequired]
+	public function restore(int $cardId, string $attachmentId): Attachment {
+		['type' => $type, 'attachmentId' => $attachmentId] = $this->extractTypeAndAttachmentId($attachmentId);
+		return $this->attachmentService->restore($cardId, $attachmentId, $type);
+	}
+
 	/**
-	 * @NoAdminRequired
+	 * @return array{type: string, attachmentId: int}
+	 * @throws BadRequestException
 	 */
-	public function restore($cardId, $attachmentId) {
+	private function extractTypeAndAttachmentId(string $attachmentId): array {
 		if (!str_contains($attachmentId, ':')) {
 			$type = 'deck_file';
 		} else {
-			[$type, $attachmentId] = explode(':', $attachmentId);
+			[$type, $attachmentId] = [...explode(':', $attachmentId), '', ''];
 		}
-		return $this->attachmentService->restore($cardId, $attachmentId, $type);
+
+		if ($type === '' || !is_numeric($attachmentId)) {
+			throw new BadRequestException('Invalid attachment id');
+		}
+
+		return [
+			'type' => $type,
+			'attachmentId' => (int)$attachmentId,
+		];
 	}
 }

lib/Controller/BoardApiController.php

@@ -12,10 +12,13 @@ use OCA\Deck\Service\BoardService;
 use OCA\Deck\StatusException;
 use OCP\AppFramework\ApiController;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\CORS;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\DataResponse;
-
 use OCP\IRequest;
-use Sabre\HTTP\Util;
+
+use function Sabre\HTTP\parseDate;
 
 /**
  * Class BoardApiController
@@ -36,21 +39,18 @@ class BoardApiController extends ApiController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * Return all of the boards that the current user has access to.
-	 *
-	 * @param bool $details
+	 * Return all the boards that the current user has access to.
 	 * @throws StatusException
 	 */
-	public function index(bool $details = false) {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function index(bool $details = false): DataResponse {
 		$modified = $this->request->getHeader('If-Modified-Since');
-		if ($modified === null || $modified === '') {
+		if ($modified === '') {
 			$boards = $this->boardService->findAll(0, $details === true);
 		} else {
-			$date = Util::parseHTTPDate($modified);
+			$date = parseDate($modified);
 			if (!$date) {
 				throw new StatusException('Invalid If-Modified-Since header provided.');
 			}
@@ -64,14 +64,12 @@ class BoardApiController extends ApiController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 *
 	 * Return the board specified by $this->request->getParam('boardId').
 	 */
-	public function get() {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function get(): DataResponse {
 		$board = $this->boardService->find($this->request->getParam('boardId'));
 		$response = new DataResponse($board, HTTP::STATUS_OK);
 		$response->setETag($board->getEtag());
@@ -79,68 +77,53 @@ class BoardApiController extends ApiController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * @params $title
-	 * @params $color
-	 *
 	 * Create a board with the specified title and color.
 	 */
-	public function create($title, $color) {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function create(string $title, string $color): DataResponse {
 		$board = $this->boardService->create($title, $this->userId, $color);
 		return new DataResponse($board, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * @params $title
-	 * @params $color
-	 * @params $archived
-	 *
 	 * Update a board with the specified boardId, title and color, and archived state.
 	 */
-	public function update($title, $color, $archived = false) {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function update(string $title, string $color, bool $archived = false): DataResponse {
 		$board = $this->boardService->update($this->request->getParam('boardId'), $title, $color, $archived);
 		return new DataResponse($board, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 *
 	 * Delete the board specified by $boardId.  Return the board that was deleted.
 	 */
-	public function delete() {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function delete(): DataResponse {
 		$board = $this->boardService->delete($this->request->getParam('boardId'));
 		return new DataResponse($board, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 *
 	 * Undo the deletion of the board specified by $boardId.
 	 */
-	public function undoDelete() {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function undoDelete(): DataResponse {
 		$board = $this->boardService->deleteUndo($this->request->getParam('boardId'));
 		return new DataResponse($board, HTTP::STATUS_OK);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 */
-	public function addAcl($boardId, $type, $participant, $permissionEdit, $permissionShare, $permissionManage) {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function addAcl(int $boardId, $type, $participant, $permissionEdit, $permissionShare, $permissionManage) {
 		$acl = $this->boardService->addAcl($boardId, $type, $participant, $permissionEdit, $permissionShare, $permissionManage);
 		return new DataResponse($acl, HTTP::STATUS_OK);
 	}

lib/Controller/BoardController.php

@@ -14,6 +14,7 @@ use OCA\Deck\Service\Importer\BoardImportService;
 use OCA\Deck\Service\PermissionService;
 use OCP\AppFramework\ApiController;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\IL10N;
 use OCP\IRequest;
@@ -31,68 +32,38 @@ class BoardController extends ApiController {
 		parent::__construct($appName, $request);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
+	#[NoAdminRequired]
 	public function index() {
 		return $this->boardService->findAll();
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $boardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function read(int $boardId) {
+	#[NoAdminRequired]
+	public function read(int $boardId): Board {
 		return $this->boardService->find($boardId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $title
-	 * @param $color
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function create($title, $color) {
+	#[NoAdminRequired]
+	public function create(string $title, string $color): Board {
 		return $this->boardService->create($title, $this->userId, $color);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $id
-	 * @param $title
-	 * @param $color
-	 * @param $archived
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function update($id, $title, $color, $archived) {
+	#[NoAdminRequired]
+	public function update(int $id, string $title, string $color, bool $archived): Board {
 		return $this->boardService->update($id, $title, $color, $archived);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $boardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function delete($boardId) {
+	#[NoAdminRequired]
+	public function delete(int $boardId): Board {
 		return $this->boardService->delete($boardId);
 	}
-	/**
-	 * @NoAdminRequired
-	 * @param $boardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function deleteUndo($boardId) {
+
+	#[NoAdminRequired]
+	public function deleteUndo(int $boardId): Board {
 		return $this->boardService->deleteUndo($boardId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $boardId
-	 * @return array|bool
-	 * @internal param $userId
-	 */
-	public function getUserPermissions($boardId) {
+	#[NoAdminRequired]
+	public function getUserPermissions(int $boardId): array {
 		$permissions = $this->permissionService->getPermissions($boardId);
 		return [
 			'PERMISSION_READ' => $permissions[Acl::PERMISSION_READ],
@@ -103,16 +74,10 @@ class BoardController extends ApiController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @param $boardId
-	 * @param $type
 	 * @param $participant
-	 * @param $permissionEdit
-	 * @param $permissionShare
-	 * @param $permissionManage
-	 * @return \OCP\AppFramework\Db\Entity
 	 */
-	public function addAcl($boardId, $type, $participant, $permissionEdit, $permissionShare, $permissionManage) {
+	#[NoAdminRequired]
+	public function addAcl(int $boardId, int $type, $participant, bool $permissionEdit, bool $permissionShare, bool $permissionManage): Acl {
 		return $this->boardService->addAcl($boardId, $type, $participant, $permissionEdit, $permissionShare, $permissionManage);
 	}
 

lib/Controller/BoardImportApiController.php

@@ -9,6 +9,9 @@ namespace OCA\Deck\Controller;
 
 use OCA\Deck\Service\Importer\BoardImportService;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\CORS;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\IRequest;
@@ -23,11 +26,9 @@ class BoardImportApiController extends OCSController {
 		parent::__construct($appName, $request);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 */
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
 	public function import(string $system, array $config, array $data): DataResponse {
 		$this->boardImportService->setSystem($system);
 		$config = json_decode(json_encode($config));
@@ -38,21 +39,17 @@ class BoardImportApiController extends OCSController {
 		return new DataResponse($this->boardImportService->getBoard(), Http::STATUS_OK);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 */
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
 	public function getAllowedSystems(): DataResponse {
 		$allowedSystems = $this->boardImportService->getAllowedImportSystems();
 		return new DataResponse($allowedSystems, Http::STATUS_OK);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 */
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
 	public function getConfigSchema(string $name): DataResponse {
 		$this->boardImportService->setSystem($name);
 		$this->boardImportService->validateSystem();

lib/Controller/CardApiController.php

@@ -12,6 +12,9 @@ use OCA\Deck\Service\AssignmentService;
 use OCA\Deck\Service\CardService;
 use OCP\AppFramework\ApiController;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\CORS;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\IRequest;
 
@@ -27,7 +30,7 @@ class CardApiController extends ApiController {
 	 * @param IRequest $request
 	 * @param CardService $cardService
 	 * @param AssignmentService $assignmentService
-	 * @param $userId
+	 * @param string $userId
 	 */
 	public function __construct(
 		string $appName,
@@ -80,112 +83,102 @@ class CardApiController extends ApiController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 *
 	 * Update a card
 	 */
-	public function update($title, $type, $owner, $description = '', $order = 0, $duedate = null, $archived = null) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function update(string $title, $type, string $owner, string $description = '', int $order = 0, $duedate = null, $archived = null): DataResponse {
 		$done = array_key_exists('done', $this->request->getParams()) ? new OptionalNullableValue($this->request->getParam('done', null)) : null;
 		$card = $this->cardService->update($this->request->getParam('cardId'), $title, $this->request->getParam('stackId'), $type, $owner, $description, $order, $duedate, 0, $archived, $done);
 		return new DataResponse($card, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Delete a specific card.
 	 */
-	public function delete() {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function delete(): DataResponse {
 		$card = $this->cardService->delete($this->request->getParam('cardId'));
 		return new DataResponse($card, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Assign a label to a card.
 	 */
-	public function assignLabel($labelId) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function assignLabel(int $labelId): DataResponse {
 		$card = $this->cardService->assignLabel($this->request->getParam('cardId'), $labelId);
 		return new DataResponse($card, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Assign a label to a card.
 	 */
-	public function removeLabel($labelId) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function removeLabel(int $labelId): DataResponse {
 		$card = $this->cardService->removeLabel($this->request->getParam('cardId'), $labelId);
 		return new DataResponse($card, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Assign a user to a card
 	 */
-	public function assignUser($cardId, $userId, $type = 0) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function assignUser(int $cardId, string $userId, int $type = 0): DataResponse {
 		$card = $this->assignmentService->assignUser($cardId, $userId, $type);
 		return new DataResponse($card, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Unassign a user from a card
 	 */
-	public function unassignUser($cardId, $userId, $type = 0) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function unassignUser(int $cardId, string $userId, int $type = 0): DataResponse {
 		$card = $this->assignmentService->unassignUser($cardId, $userId, $type);
 		return new DataResponse($card, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Archive card
 	 */
-	public function archive($cardId) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function archive(int $cardId): DataResponse {
 		$card = $this->cardService->archive($cardId);
 		return new DataResponse($card, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Unarchive card
 	 */
-	public function unarchive($cardId) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function unarchive(int $cardId): DataResponse {
 		$card = $this->cardService->unarchive($cardId);
 		return new DataResponse($card, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Reorder cards
 	 */
-	public function reorder($stackId, $order) {
-		$card = $this->cardService->reorder((int)$this->request->getParam('cardId'), (int)$stackId, (int)$order);
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function reorder(int $stackId, int $order): DataResponse {
+		$card = $this->cardService->reorder((int)$this->request->getParam('cardId'), $stackId, $order);
 		return new DataResponse($card, HTTP::STATUS_OK);
 	}
 }

lib/Controller/CardController.php

@@ -7,9 +7,12 @@
 
 namespace OCA\Deck\Controller;
 
+use OCA\Deck\Db\Assignment;
+use OCA\Deck\Db\Card;
 use OCA\Deck\Service\AssignmentService;
 use OCA\Deck\Service\CardService;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\IRequest;
 
 class CardController extends Controller {
@@ -23,45 +26,26 @@ class CardController extends Controller {
 		parent::__construct($appName, $request);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function read($cardId) {
+	#[NoAdminRequired]
+	public function read(int $cardId): Card {
 		return $this->cardService->find($cardId);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @param $stackId
-	 * @param $order
-	 * @return array
+	 * @return Card[]
 	 */
-	public function reorder($cardId, $stackId, $order) {
-		return $this->cardService->reorder((int)$cardId, (int)$stackId, (int)$order);
+	#[NoAdminRequired]
+	public function reorder(int $cardId, int $stackId, int $order): array {
+		return $this->cardService->reorder($cardId, $stackId, $order);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @param $title
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function rename($cardId, $title) {
+	#[NoAdminRequired]
+	public function rename(int $cardId, string $title): Card {
 		return $this->cardService->rename($cardId, $title);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $title
-	 * @param $stackId
-	 * @param $type
-	 * @param int $order
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function create($title, $stackId, $type = 'plain', $order = 999, string $description = '', $duedate = null, $labels = [], $users = []) {
+	#[NoAdminRequired]
+	public function create(string $title, int $stackId, string $type = 'plain', int $order = 999, string $description = '', $duedate = null, array $labels = [], array $users = []): Card {
 		$card = $this->cardService->create($title, $stackId, $type, $order, $this->userId, $description, $duedate);
 
 		foreach ($labels as $label) {
@@ -76,113 +60,68 @@ class CardController extends Controller {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @param $id
-	 * @param $title
-	 * @param $stackId
-	 * @param $type
-	 * @param $order
-	 * @param $description
 	 * @param $duedate
-	 * @param $deletedAt
-	 * @return \OCP\AppFramework\Db\Entity
 	 */
-	public function update($id, $title, $stackId, $type, $order, $description, $duedate, $deletedAt) {
+	#[NoAdminRequired]
+	public function update(int $id, string $title, int $stackId, string $type, int $order, string $description, $duedate, $deletedAt): Card {
 		return $this->cardService->update($id, $title, $stackId, $type, $this->userId, $description, $order, $duedate, $deletedAt);
 	}
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @param $targetStackId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function clone(int $cardId, ?int $targetStackId = null) {
+
+	#[NoAdminRequired]
+	public function clone(int $cardId, ?int $targetStackId = null): Card {
 		return $this->cardService->cloneCard($cardId, $targetStackId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function delete($cardId) {
+	#[NoAdminRequired]
+	public function delete(int $cardId): Card {
 		return $this->cardService->delete($cardId);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @param $boardId
-	 * @return \OCP\AppFramework\Db\Entity
+	 * @return Card[]
 	 */
-	public function deleted($boardId) {
+	#[NoAdminRequired]
+	public function deleted(int $boardId): array {
 		return $this->cardService->fetchDeleted($boardId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
+	#[NoAdminRequired]
 	public function archive($cardId) {
 		return $this->cardService->archive($cardId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function unarchive($cardId) {
+	#[NoAdminRequired]
+	public function unarchive(int $cardId): Card {
 		return $this->cardService->unarchive($cardId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function done(int $cardId) {
+	#[NoAdminRequired]
+	public function done(int $cardId): Card {
 		return $this->cardService->done($cardId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function undone(int $cardId) {
+	#[NoAdminRequired]
+	public function undone(int $cardId): Card {
 		return $this->cardService->undone($cardId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @param $labelId
-	 */
-	public function assignLabel($cardId, $labelId) {
+	#[NoAdminRequired]
+	public function assignLabel(int $cardId, int $labelId): void {
 		$this->cardService->assignLabel($cardId, $labelId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $cardId
-	 * @param $labelId
-	 */
-	public function removeLabel($cardId, $labelId) {
+	#[NoAdminRequired]
+	public function removeLabel(int $cardId, int $labelId): void {
 		$this->cardService->removeLabel($cardId, $labelId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
-	public function assignUser($cardId, $userId, $type = 0) {
+	#[NoAdminRequired]
+	public function assignUser(int $cardId, string $userId, int $type = 0): Assignment {
 		return $this->assignmentService->assignUser($cardId, $userId, $type);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
-	public function unassignUser($cardId, $userId, $type = 0) {
+	#[NoAdminRequired]
+	public function unassignUser(int $cardId, string $userId, int $type = 0): Assignment {
 		return $this->assignmentService->unassignUser($cardId, $userId, $type);
 	}
 }

lib/Controller/CommentsApiController.php

@@ -9,11 +9,15 @@ namespace OCA\Deck\Controller;
 
 use OCA\Deck\Service\CommentService;
 use OCA\Deck\StatusException;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 
 use OCP\AppFramework\OCSController;
 use OCP\IRequest;
 
+/**
+ * @psalm-api
+ */
 class CommentsApiController extends OCSController {
 	public function __construct(
 		string $appName,
@@ -27,33 +31,33 @@ class CommentsApiController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @throws StatusException
 	 */
-	public function list(string $cardId, int $limit = 20, int $offset = 0): DataResponse {
+	#[NoAdminRequired]
+	public function list(int $cardId, int $limit = 20, int $offset = 0): DataResponse {
 		return $this->commentService->list($cardId, $limit, $offset);
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @throws StatusException
 	 */
+	#[NoAdminRequired]
 	public function create(int $cardId, string $message, int $parentId = 0): DataResponse {
 		return $this->commentService->create($cardId, $message, $parentId);
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @throws StatusException
 	 */
+	#[NoAdminRequired]
 	public function update(int $cardId, int $commentId, string $message): DataResponse {
 		return $this->commentService->update($cardId, $commentId, $message);
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @throws StatusException
 	 */
+	#[NoAdminRequired]
 	public function delete(int $cardId, int $commentId): DataResponse {
 		return $this->commentService->delete($cardId, $commentId);
 	}

lib/Controller/ConfigController.php

@@ -8,6 +8,8 @@
 namespace OCA\Deck\Controller;
 
 use OCA\Deck\Service\ConfigService;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\NotFoundResponse;
 use OCP\AppFramework\OCSController;
@@ -22,19 +24,15 @@ class ConfigController extends OCSController {
 		parent::__construct($AppName, $request);
 	}
 
-	/**
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
-	 */
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
 	public function get(): DataResponse {
 		return new DataResponse($this->configService->getAll());
 	}
 
-	/**
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
-	 */
-	public function setValue(string $key, $value) {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	public function setValue(string $key, mixed $value): DataResponse|NotFoundResponse {
 		$result = $this->configService->set($key, $value);
 		if ($result === null) {
 			return new NotFoundResponse();

lib/Controller/LabelApiController.php

@@ -10,6 +10,9 @@ namespace OCA\Deck\Controller;
 use OCA\Deck\Service\LabelService;
 use OCP\AppFramework\ApiController;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\CORS;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\IRequest;
 
@@ -26,59 +29,50 @@ class LabelApiController extends ApiController {
 		$appName,
 		IRequest $request,
 		private LabelService $labelService,
-		private $userId,
 	) {
 		parent::__construct($appName, $request);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Get a specific label.
 	 */
-	public function get() {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function get(): DataResponse {
 		$label = $this->labelService->find($this->request->getParam('labelId'));
 		return new DataResponse($label, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * @params $title
-	 * @params $color
 	 * Create a new label
 	 */
-	public function create($title, $color) {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function create(string $title, string $color): DataResponse {
 		$label = $this->labelService->create($title, $color, $this->request->getParam('boardId'));
 		return new DataResponse($label, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * @params $title
-	 * @params $color
 	 * Update a specific label
 	 */
-	public function update($title, $color) {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function update(string $title, string $color): DataResponse {
 		$label = $this->labelService->update($this->request->getParam('labelId'), $title, $color);
 		return new DataResponse($label, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Delete a specific label
 	 */
-	public function delete() {
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[CORS]
+	public function delete(): DataResponse {
 		$label = $this->labelService->delete($this->request->getParam('labelId'));
 		return new DataResponse($label, HTTP::STATUS_OK);
 	}

lib/Controller/LabelController.php

@@ -7,8 +7,10 @@
 
 namespace OCA\Deck\Controller;
 
+use OCA\Deck\Db\Label;
 use OCA\Deck\Service\LabelService;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\IRequest;
 
 class LabelController extends Controller {
@@ -20,34 +22,18 @@ class LabelController extends Controller {
 		parent::__construct($appName, $request);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $title
-	 * @param $color
-	 * @param $boardId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function create($title, $color, $boardId) {
+	#[NoAdminRequired]
+	public function create(string $title, string $color, int $boardId): Label {
 		return $this->labelService->create($title, $color, $boardId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $id
-	 * @param $title
-	 * @param $color
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function update($id, $title, $color) {
+	#[NoAdminRequired]
+	public function update(int $id, string $title, string $color): Label {
 		return $this->labelService->update($id, $title, $color);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $labelId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function delete($labelId) {
+	#[NoAdminRequired]
+	public function delete(int $labelId): Label {
 		return $this->labelService->delete($labelId);
 	}
 }

lib/Controller/OverviewApiController.php

@@ -10,6 +10,7 @@ declare(strict_types=1);
 namespace OCA\Deck\Controller;
 
 use OCA\Deck\Service\OverviewService;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\IRequest;
@@ -24,9 +25,7 @@ class OverviewApiController extends OCSController {
 		parent::__construct($appName, $request);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
+	#[NoAdminRequired]
 	public function upcomingCards(): DataResponse {
 		return new DataResponse($this->dashboardService->findUpcomingCards($this->userId));
 	}

lib/Controller/SearchController.php

@@ -13,6 +13,7 @@ namespace OCA\Deck\Controller;
 use OCA\Deck\Db\Card;
 use OCA\Deck\Model\CardDetails;
 use OCA\Deck\Service\SearchService;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\IRequest;
@@ -26,9 +27,7 @@ class SearchController extends OCSController {
 		parent::__construct($appName, $request);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
+	#[NoAdminRequired]
 	public function search(string $term, ?int $limit = null, ?int $cursor = null): DataResponse {
 		$cards = $this->searchService->searchCards($term, $limit, $cursor);
 		return new DataResponse(array_map(function (Card $card) {

lib/Controller/StackApiController.php

@@ -7,14 +7,16 @@
 
 namespace OCA\Deck\Controller;
 
-use OCA\Deck\Service\BoardService;
 use OCA\Deck\Service\StackService;
 use OCA\Deck\StatusException;
 use OCP\AppFramework\ApiController;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\CORS;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\IRequest;
-use Sabre\HTTP\Util;
+use function Sabre\HTTP\parseDate;
 
 /**
  * Class StackApiController
@@ -29,23 +31,21 @@ class StackApiController extends ApiController {
 		$appName,
 		IRequest $request,
 		private StackService $stackService,
-		private BoardService $boardService,
 	) {
 		parent::__construct($appName, $request);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * Return all of the stacks in the specified board.
+	 * Return all the stacks in the specified board.
 	 */
-	public function index() {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function index(): DataResponse {
 		$since = 0;
 		$modified = $this->request->getHeader('If-Modified-Since');
-		if ($modified !== null && $modified !== '') {
-			$date = Util::parseHTTPDate($modified);
+		if ($modified !== '') {
+			$date = parseDate($modified);
 			if (!$date) {
 				throw new StatusException('Invalid If-Modified-Since header provided.');
 			}
@@ -56,13 +56,12 @@ class StackApiController extends ApiController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * Return all of the stacks in the specified board.
+	 * Return all the stacks in the specified board.
 	 */
-	public function get() {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function get(): DataResponse {
 		$stack = $this->stackService->find($this->request->getParam('stackId'));
 		$response = new DataResponse($stack, HTTP::STATUS_OK);
 		$response->setETag($stack->getETag());
@@ -70,55 +69,45 @@ class StackApiController extends ApiController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * @params $title
-	 * @params $order
-	 *
 	 * Create a stack with the specified title and order.
 	 */
-	public function create($title, $order) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function create(string $title, int $order): DataResponse {
 		$stack = $this->stackService->create($title, $this->request->getParam('boardId'), $order);
 		return new DataResponse($stack, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * @params $title
-	 * @params $order
-	 *
 	 * Update a stack by the specified stackId and boardId with the values that were put.
 	 */
-	public function update($title, $order) {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function update(string $title, int $order) {
 		$stack = $this->stackService->update($this->request->getParam('stackId'), $title, $this->request->getParam('boardId'), $order, 0);
 		return new DataResponse($stack, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
 	 * Delete the stack specified by $this->request->getParam('stackId').
 	 */
-	public function delete() {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function delete(): DataResponse {
 		$stack = $this->stackService->delete($this->request->getParam('stackId'));
 		return new DataResponse($stack, HTTP::STATUS_OK);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @CORS
-	 * @NoCSRFRequired
-	 *
-	 * get the stacks that have been archived.
+	 * Get the stacks that have been archived.
 	 */
-	public function getArchived() {
+	#[NoAdminRequired]
+	#[CORS]
+	#[NoCSRFRequired]
+	public function getArchived(): DataResponse {
 		$stacks = $this->stackService->findAllArchived($this->request->getParam('boardId'));
 		return new DataResponse($stacks, HTTP::STATUS_OK);
 	}

lib/Controller/StackController.php

@@ -7,10 +7,12 @@
 
 namespace OCA\Deck\Controller;
 
+use OCA\Deck\Db\Stack;
 use OCA\Deck\Service\StackService;
 
 use OCP\AppFramework\Controller;
 
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\IRequest;
 
 class StackController extends Controller {
@@ -18,78 +20,54 @@ class StackController extends Controller {
 		string $appName,
 		IRequest $request,
 		private StackService $stackService,
-		private $userId,
 	) {
 		parent::__construct($appName, $request);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @param $boardId
-	 * @return array
+	 * @return Stack[]
 	 */
-	public function index($boardId) {
+	#[NoAdminRequired]
+	public function index(int $boardId): array {
 		return $this->stackService->findAll($boardId);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @param $boardId
-	 * @return array
+	 * @return Stack[]
 	 */
-	public function archived($boardId) {
+	#[NoAdminRequired]
+	public function archived(int $boardId): array {
 		return $this->stackService->findAllArchived($boardId);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $title
-	 * @param $boardId
-	 * @param int $order
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function create($title, $boardId, $order = 999) {
+	#[NoAdminRequired]
+	public function create(string $title, int $boardId, int $order = 999): Stack {
 		return $this->stackService->create($title, $boardId, $order);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $id
-	 * @param $title
-	 * @param $boardId
-	 * @param $order
-	 * @param $deletedAt
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function update($id, $title, $boardId, $order, $deletedAt) {
+	#[NoAdminRequired]
+	public function update(int $id, string $title, int $boardId, int $order, ?int $deletedAt = null): Stack {
 		return $this->stackService->update($id, $title, $boardId, $order, $deletedAt);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @param $stackId
-	 * @param $order
-	 * @return array
+	 * @return array<int, Stack>
 	 */
-	public function reorder($stackId, $order) {
-		return $this->stackService->reorder((int)$stackId, (int)$order);
+	#[NoAdminRequired]
+	public function reorder(int $stackId, int $order): array {
+		return $this->stackService->reorder($stackId, $order);
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @param $stackId
-	 * @return \OCP\AppFramework\Db\Entity
-	 */
-	public function delete($stackId) {
+	#[NoAdminRequired]
+	public function delete(int $stackId): Stack {
 		return $this->stackService->delete($stackId);
 	}
 
 	/**
-	 * @NoAdminRequired
-	 * @param $boardId
-	 * @return \OCP\AppFramework\Db\Entity
+	 * @return Stack[]
 	 */
-	public function deleted($boardId) {
+	#[NoAdminRequired]
+	public function deleted(int $boardId): array {
 		return $this->stackService->fetchDeleted($boardId);
 	}
 }