The Users API covers the full lifecycle of a Blackterz account — from reading your own profile after login, through uploading a profile picture, completing the onboarding questionnaire, updating biometric data, changing your password, and eventually soft-deleting your account. All endpoints require a valid Bearer token; theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Blackterz2/Proyecto_5to_Semestre/llms.txt
Use this file to discover all available pages before exploring further.
verificarToken middleware extracts usuario_id from the JWT before every request reaches the controller.
The route prefix
/api/usuario (singular) is registered as an alias for /api/usuarios (plural). Both paths resolve to the same controllers and behave identically.GET /api/usuarios/me
Returns the authenticated user’s public profile. Excludes the password hash. Auth required: Yes —Authorization: Bearer <token>
Response
"ok" on success.PUT /api/usuarios/me
Updates the authenticated user’s display name. On success, issues a new JWT with the updated name embedded in the payload so the frontend stays in sync without requiring a new login. Auth required: Yes —Authorization: Bearer <token>
Request body
New display name. Must be a non-empty string of at most 50 characters.
Response
"ok" on success.The trimmed name that was saved.
A fresh JWT (
expiresIn: "7d") with the updated nombre in its payload. Replace the stored token on the client with this value.DELETE /api/usuarios/me
Soft-deletes the authenticated user’s account by settingactivo = 0 in the database. The row is preserved for data-integrity purposes; the user simply cannot log in afterwards.
Auth required: Yes — Authorization: Bearer <token>
Response
"ok" on success.Human-readable confirmation, e.g.
"Cuenta desactivada correctamente".POST /api/usuarios/avatar
Uploads a new profile picture for the authenticated user. The file is stored on the server atpublic/images/avatars/ under the filename avatar-{userId}.{ext}, overwriting any previously uploaded photo for that user.
Auth required: Yes — Authorization: Bearer <token>Content-Type:
multipart/form-data
The form field must be named
avatar. Any other field name will result in a 400 error because Multer will not find the file on req.file. Allowed extensions are .jpg, .jpeg, .png, .gif, and .webp. Maximum file size is 2 MB.Request
The image file. Accepted MIME types:
image/jpeg, image/png, image/gif, image/webp. Max size: 2 MB.Response
"ok" on success.Public path to the saved image, e.g.
"/images/avatars/avatar-5.jpg". Use this value wherever the avatar is displayed in the UI.PUT /api/usuarios/contrasena
Changes the authenticated user’s password. The current password must be provided and verified before the new password is accepted. Auth required: Yes —Authorization: Bearer <token>
Request body
The user’s current password in plain text. Required when
passwordNueva is supplied.The desired new password. If omitted or empty, the endpoint returns
200 ok without making any changes. When provided, must satisfy all of the following:- Minimum 8 characters
- At least one lowercase letter
- At least one uppercase letter
- At least one digit
- At least one special character (e.g.
!,@,#,$,%)
Response
"ok" on success."Contraseña actualizada" when the password was changed, or "Sin cambios en la contraseña" when passwordNueva was absent.Error responses
Error responses
| Status | Condition |
|---|---|
400 | passwordNueva provided but passwordActual is missing |
400 | passwordNueva fails format validation |
401 | passwordActual does not match the stored bcrypt hash |
404 | Authenticated user not found in the database |
POST /api/usuarios/onboarding
Completes the onboarding flow for the authenticated user. Stores experience level and optional biometric data, then setsonboarding_completado = TRUE on the account.
Auth required: Yes — Authorization: Bearer <token>
If quiere_recomendacion is true and nivel_experiencia is "Principiante", the server will automatically create a starter routine for the user. The routine is selected based on BMI (calculated from peso_actual and estatura_cm) and sexo:
Auto-routine assignment logic
Auto-routine assignment logic
| Condition | Routine |
|---|---|
| IMC ≥ 25 (any sex) | "Adaptación: Bajo Impacto" — mobility and low-impact exercises |
| IMC < 25, Masculino | "Adaptación: Fuerza Base" — upper-body strength compound lifts |
| IMC < 25, Femenino | "Adaptación: Tonificación" — glutes and lower-body tonification |
| Missing weight/height | "Adaptación - Cuerpo Completo" — generic full-body routine |
200 ok.Request body
Must be one of:
"Principiante", "Intermedio", "Avanzado".Biological sex. Must be one of:
"Masculino", "Femenino", "Otro". Defaults to "Otro" if omitted.Current body weight in kilograms. Must be a positive number if provided.
Height in centimetres. Must be a positive number if provided.
When
true and the user is "Principiante", triggers automatic routine creation. Ignored for other experience levels.Response
"ok" on success."Onboarding completado".GET /api/usuarios/perfil
Returns the biometric and experience data for the authenticated user. This is the data displayed in the “Mis Datos” section of the profile screen. Auth required: Yes —Authorization: Bearer <token>
Response
"ok" on success.PATCH /api/usuarios/perfil
Updates any combination of profile fields in a single request: name, email, weight, height, and experience level. Fields not present in the body are left unchanged (fetched from the database before the update). Ifnombre or email changes, the endpoint issues a new JWT reflecting the updated values so the frontend token stays in sync.
Auth required: Yes — Authorization: Bearer <token>
Request body
New display name. Max 50 characters, cannot be empty if provided.
New email address. Must be valid format and not already in use by another account.
New body weight in kilograms. Must be a positive number.
New height in centimetres. Must be a positive number.
Must be one of:
"Principiante", "Intermedio", "Avanzado".Response
"ok" on success.The full set of saved profile values (merged with unchanged fields from the database).
New JWT. Only present in the response when
nombre or email actually changed.Error responses
Error responses
| Status | Condition |
|---|---|
400 | nombre is empty or exceeds 50 characters |
400 | email format is invalid |
400 | nivel_experiencia is not one of the allowed values |
400 | peso_actual or estatura_cm is not a positive number |
409 | email is already registered by another user |
