Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Blackterz2/Proyecto_5to_Semestre/llms.txt

Use this file to discover all available pages before exploring further.

The Users API covers the full lifecycle of a Blackterz account — from reading your own profile after login, through uploading a profile picture, completing the onboarding questionnaire, updating biometric data, changing your password, and eventually soft-deleting your account. All endpoints require a valid Bearer token; the verificarToken middleware extracts usuario_id from the JWT before every request reaches the controller.
The route prefix /api/usuario (singular) is registered as an alias for /api/usuarios (plural). Both paths resolve to the same controllers and behave identically.

GET /api/usuarios/me

Returns the authenticated user’s public profile. Excludes the password hash. Auth required: Yes — Authorization: Bearer <token>

Response

status
string
"ok" on success.
data
object
curl -X GET https://api.blackterzgym.com/api/usuarios/me \
  -H "Authorization: Bearer <your_token>"

PUT /api/usuarios/me

Updates the authenticated user’s display name. On success, issues a new JWT with the updated name embedded in the payload so the frontend stays in sync without requiring a new login. Auth required: Yes — Authorization: Bearer <token>

Request body

nombre
string
required
New display name. Must be a non-empty string of at most 50 characters.

Response

status
string
"ok" on success.
data.nombre
string
The trimmed name that was saved.
token
string
A fresh JWT (expiresIn: "7d") with the updated nombre in its payload. Replace the stored token on the client with this value.
curl -X PUT https://api.blackterzgym.com/api/usuarios/me \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{"nombre": "Laura G. Martínez"}'

DELETE /api/usuarios/me

Soft-deletes the authenticated user’s account by setting activo = 0 in the database. The row is preserved for data-integrity purposes; the user simply cannot log in afterwards. Auth required: Yes — Authorization: Bearer <token>
This action is not reversible through the API. Once activo is set to 0, any login attempt for that email will be rejected. No request body is required.

Response

status
string
"ok" on success.
message
string
Human-readable confirmation, e.g. "Cuenta desactivada correctamente".
curl -X DELETE https://api.blackterzgym.com/api/usuarios/me \
  -H "Authorization: Bearer <your_token>"

POST /api/usuarios/avatar

Uploads a new profile picture for the authenticated user. The file is stored on the server at public/images/avatars/ under the filename avatar-{userId}.{ext}, overwriting any previously uploaded photo for that user. Auth required: Yes — Authorization: Bearer <token>
Content-Type: multipart/form-data
The form field must be named avatar. Any other field name will result in a 400 error because Multer will not find the file on req.file. Allowed extensions are .jpg, .jpeg, .png, .gif, and .webp. Maximum file size is 2 MB.

Request

avatar
file
required
The image file. Accepted MIME types: image/jpeg, image/png, image/gif, image/webp. Max size: 2 MB.

Response

status
string
"ok" on success.
data.avatar_url
string
Public path to the saved image, e.g. "/images/avatars/avatar-5.jpg". Use this value wherever the avatar is displayed in the UI.
curl -X POST https://api.blackterzgym.com/api/usuarios/avatar \
  -H "Authorization: Bearer <your_token>" \
  -F "avatar=@/path/to/photo.jpg"

PUT /api/usuarios/contrasena

Changes the authenticated user’s password. The current password must be provided and verified before the new password is accepted. Auth required: Yes — Authorization: Bearer <token>

Request body

passwordActual
string
required
The user’s current password in plain text. Required when passwordNueva is supplied.
passwordNueva
string
The desired new password. If omitted or empty, the endpoint returns 200 ok without making any changes. When provided, must satisfy all of the following:
  • Minimum 8 characters
  • At least one lowercase letter
  • At least one uppercase letter
  • At least one digit
  • At least one special character (e.g. !, @, #, $, %)

Response

status
string
"ok" on success.
message
string
"Contraseña actualizada" when the password was changed, or "Sin cambios en la contraseña" when passwordNueva was absent.
StatusCondition
400passwordNueva provided but passwordActual is missing
400passwordNueva fails format validation
401passwordActual does not match the stored bcrypt hash
404Authenticated user not found in the database
// 401 — wrong current password
{
  "status": "error",
  "message": "Contraseña actual incorrecta"
}
curl -X PUT https://api.blackterzgym.com/api/usuarios/contrasena \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "passwordActual": "OldPass1!",
    "passwordNueva": "NewSecure2@"
  }'

POST /api/usuarios/onboarding

Completes the onboarding flow for the authenticated user. Stores experience level and optional biometric data, then sets onboarding_completado = TRUE on the account. Auth required: Yes — Authorization: Bearer <token> If quiere_recomendacion is true and nivel_experiencia is "Principiante", the server will automatically create a starter routine for the user. The routine is selected based on BMI (calculated from peso_actual and estatura_cm) and sexo:
ConditionRoutine
IMC ≥ 25 (any sex)"Adaptación: Bajo Impacto" — mobility and low-impact exercises
IMC < 25, Masculino"Adaptación: Fuerza Base" — upper-body strength compound lifts
IMC < 25, Femenino"Adaptación: Tonificación" — glutes and lower-body tonification
Missing weight/height"Adaptación - Cuerpo Completo" — generic full-body routine
The auto-routine assignment runs inside a database transaction. If it fails, the onboarding data is still saved and the response remains 200 ok.

Request body

nivel_experiencia
string
required
Must be one of: "Principiante", "Intermedio", "Avanzado".
sexo
string
Biological sex. Must be one of: "Masculino", "Femenino", "Otro". Defaults to "Otro" if omitted.
peso_actual
number
Current body weight in kilograms. Must be a positive number if provided.
estatura_cm
number
Height in centimetres. Must be a positive number if provided.
quiere_recomendacion
boolean
When true and the user is "Principiante", triggers automatic routine creation. Ignored for other experience levels.

Response

status
string
"ok" on success.
message
string
"Onboarding completado".
curl -X POST https://api.blackterzgym.com/api/usuarios/onboarding \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "nivel_experiencia": "Principiante",
    "sexo": "Femenino",
    "peso_actual": 62,
    "estatura_cm": 165,
    "quiere_recomendacion": true
  }'

GET /api/usuarios/perfil

Returns the biometric and experience data for the authenticated user. This is the data displayed in the “Mis Datos” section of the profile screen. Auth required: Yes — Authorization: Bearer <token>

Response

status
string
"ok" on success.
data
object
curl -X GET https://api.blackterzgym.com/api/usuarios/perfil \
  -H "Authorization: Bearer <your_token>"

PATCH /api/usuarios/perfil

Updates any combination of profile fields in a single request: name, email, weight, height, and experience level. Fields not present in the body are left unchanged (fetched from the database before the update). If nombre or email changes, the endpoint issues a new JWT reflecting the updated values so the frontend token stays in sync. Auth required: Yes — Authorization: Bearer <token>

Request body

nombre
string
New display name. Max 50 characters, cannot be empty if provided.
email
string
New email address. Must be valid format and not already in use by another account.
peso_actual
number
New body weight in kilograms. Must be a positive number.
estatura_cm
number
New height in centimetres. Must be a positive number.
nivel_experiencia
string
Must be one of: "Principiante", "Intermedio", "Avanzado".

Response

status
string
"ok" on success.
data
object
The full set of saved profile values (merged with unchanged fields from the database).
token
string
New JWT. Only present in the response when nombre or email actually changed.
StatusCondition
400nombre is empty or exceeds 50 characters
400email format is invalid
400nivel_experiencia is not one of the allowed values
400peso_actual or estatura_cm is not a positive number
409email is already registered by another user
curl -X PATCH https://api.blackterzgym.com/api/usuarios/perfil \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "peso_actual": 64,
    "nivel_experiencia": "Intermedio"
  }'

Build docs developers (and LLMs) love