The Users API handles the full lifecycle of system accounts in the Sistema de Inventario Tecnológico. It covers registration, authentication, profile retrieval, profile updates, and soft-deletion. Most mutating endpoints require a valid JWT, which is issued byDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Danielings/Pasantia-Proyecto/llms.txt
Use this file to discover all available pages before exploring further.
POST /api/login and stored in an acceso_token HTTP-only cookie. The GET /api/usuarios endpoint is additionally restricted to users holding the Superadministrador role.
POST /api/usuarios
Create a new user account. Location fields are normalized and stored both inside the user document (denormalized) and in the sharedubicaciones collection.
Auth: Not required.
Request
Unique display name for the user. Stored in lowercase-normalized form for duplicate checks.
Plain-text password. Hashed with bcrypt (10 salt rounds) before storage.
Role assigned to the user. Defaults to
"usuario" if omitted. Use "Superadministrador" for full access.National ID number. Must be unique across all users.
First name of the user.
Last name of the user.
Email address. Used as the login credential identifier.
Contact phone number.
Account status. Defaults to
"activo" if omitted.Geographic region for the user’s office location.
State/province within the region.
City within the state.
Office building or branch name.
Floor number within the building.
Wing or section on the floor. Optional.
Response
Human-readable confirmation:
"Usuario creado exitosamente."Firestore document ID of the newly created user.
Example
GET /api/usuarios
List all active users in the system. Each user object includes flattened location fields sourced from the embeddedubicacion sub-document.
Auth: Required. Role: Superadministrador.
Request
No request body or query parameters.Response
Returns a JSON array. Each element contains:Firestore document ID.
National ID number.
First name.
Last name.
Email address.
Contact phone number.
Account status (
"activo" for all results since the query filters by active state).Display name.
User role.
Geographic region.
State/province.
City.
Office building or branch name.
Floor number.
Wing or section.
Example
PUT /api/usuarios/:id
Update an existing user’s profile. Thepassword field is optional — if omitted or blank, the current hash is preserved. The account status is always reset to "activo" on update; estado_persona is not an accepted body field here. Any detected field changes are automatically written to the bitácora as an "Actualización de usuario" event.
Auth: Required.
Request
Firestore document ID of the user to update.
New display name.
New plain-text password. Leave blank or omit to keep the existing password.
Updated role assignment.
Updated national ID.
Updated first name.
Updated last name.
Updated email address.
Updated phone number.
Updated region (location field).
Updated state/province (location field). Note: the user account status (
estado) is always reset to "activo" on update regardless of this field.Updated city.
Updated office building.
Updated floor.
Updated wing.
Response
"Usuario actualizado y cambios registrados en bitácora."Example
PUT /api/usuarios/eliminado/:id
Soft-delete a user by setting theirestado field to "inactivo". The user record is preserved in Firestore. A "Eliminar usuario" entry is written to the bitácora.
Auth: Required.
Request
Firestore document ID of the user to deactivate.
Response
"Usuario eliminado (lógicamente)."Example
GET /api/usuarios/me
Returns the complete Firestore profile of the currently authenticated user, looked up by thecorreo claim embedded in the JWT. Unlike GET /api/me, this endpoint returns all stored fields — including cedula, telefono, ubicacion, and timestamps.
Auth: Required.
The route
/api/usuarios/me must be registered before /api/usuarios/:id in the router to avoid Express treating "me" as a document ID. This is already handled in the source routing order.Request
No request body or query parameters.Response
Always
true when the user is found.Full Firestore document. Includes
id (document ID), username, correo, rol, cedula, nombre, apellido, telefono, estado, ubicacion, id_ubicacion, createdAt, and updatedAt.Example
GET /api/me
Returns the lightweight JWT payload fields for the authenticated user. Useful for quickly checking the caller’s role and sede without a Firestore lookup. Auth: Required.Request
No request body or query parameters.Response
Always
true.Email address from the JWT payload.
Display name from the JWT payload.
Role from the JWT payload.
Office sede from the JWT payload.
Example
POST /api/login
Authenticate a user with their email and password. On success, a signed JWT is returned in the response body and set as an HTTP-only cookie namedacceso_token (expires in 1 hour). A "Login" event is written to the bitácora.
Auth: Not required.
Request
Registered email address.
Account password (plain text — transmitted over HTTPS in production).
Response
"Login exitoso"Signed JWT containing
id, rol, sede, username, and correo claims. Valid for 1 hour.Authenticated user’s email.
Authenticated user’s display name.
Authenticated user’s office sede.
Authenticated user’s role.
Example
POST /api/logout
Clears theacceso_token session cookie. After this call the browser will no longer send the token with subsequent requests.
Auth: Not required (the cookie is simply cleared regardless of its validity).
Request
No request body.Response
"Sesión cerrada"