Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Ajith66310/task-manager-full/llms.txt

Use this file to discover all available pages before exploring further.

TaskFlow uses a two-role model — user and admin — to control what actions each account can perform. New user accounts are unverified by default and must be approved by an admin before they can create tasks. This page explains the account lifecycle, verification requirements, and password management.

User model fields

FieldTypeConstraintsDefault
namestringRequired. 2–50 characters.
emailstringRequired. Unique, stored in lowercase.
passwordstringRequired. Minimum 6 characters. Never returned in API responses.
rolestringadmin or user.user
isVerifiedbooleanWhether the account has been verified by an admin.false

Roles

user (default)

Standard accounts created through the public signup endpoint. Users can:
  • Create, update, and delete their own tasks (once verified).
  • View and filter their own task list.
  • Update their password via the reset endpoint.

admin

Admin accounts have elevated access. Admins can:
  • View and manage tasks across all users.
  • Verify and delete user accounts.
  • Assign tasks directly to users.
  • Review and verify tasks pending admin approval.
  • Mark tasks as completed.

Signup and the default admin

All accounts are created via POST /api/auth/signup: 
POST /api/auth/signup
Content-Type: application/json

{
  "name": "Ada Lovelace",
  "email": "ada@example.com",
  "password": "securepassword"
}
During signup, TaskFlow checks whether the submitted email matches the ADMIN_EMAIL environment variable. If it matches, the new account is granted role: admin and isVerified: true automatically, bypassing the manual verification step. All other emails receive role: user and isVerified: false.

Account verification workflow

Unverified users cannot create tasks. The checkVerified middleware blocks all task-creation requests with 403 Forbidden until an admin verifies the account.
1

User signs up

The user registers via POST /api/auth/signup. Their account is created with isVerified: false.
2

Admin reviews the account

An admin opens the User Management page in the Admin Dashboard (port 3000) or calls GET /api/admin/users to list unverified users.
3

Admin verifies the user

The admin calls PATCH /api/admin/users/:id/verify. The user’s isVerified field is set to true.
4

User can now create tasks

On their next request, the checkVerified middleware passes and the user can create and manage tasks normally.

Password reset

TaskFlow provides a simple reset endpoint. No email token is required — provide the account’s email along with the new password: 
POST /api/auth/reset-password
Content-Type: application/json

{
  "email": "ada@example.com",
  "newPassword": "newpassword123",
  "confirmPassword": "newpassword123"
}
Validation rules:
  • email, newPassword, and confirmPassword are all required.
  • newPassword and confirmPassword must match.
  • The new password must be at least 6 characters.
This endpoint does not require authentication. Anyone who knows a user’s email address can change their password. In production, consider adding a verification token step before accepting a reset.

Login

POST /api/auth/login
Content-Type: application/json

{
  "email": "ada@example.com",
  "password": "securepassword"
}
A successful response returns a JWT valid for 7 days (configurable via the JWT_EXPIRES_IN environment variable) along with the user’s id, name, email, role, and isVerified status. Pass this token as Authorization: Bearer <token> on all protected endpoints.

Build docs developers (and LLMs) love

Get started for freeTalk to us