The bitácora is the system’s immutable audit trail. Every significant state change — user logins, account creations, profile updates, role changes, password resets, and location soft-deletes — writes a structured document to theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Danielings/Pasantia-Proyecto/llms.txt
Use this file to discover all available pages before exploring further.
bitacora Firestore collection. These records are append-only: no endpoint exists to delete or overwrite them, making the bitácora a reliable compliance and debugging tool.
Document Structure
Each bitácora document contains the following fields:| Field | Type | Description |
|---|---|---|
usuario | string | Username of the person who performed the action |
id_modificado | string | Firestore document ID of the affected record |
accion | string | Human-readable label for the event type |
detalles | string[] | Array of strings describing each individual change |
fecha | Timestamp | Server-side Firestore timestamp of the event |
sede | string | Office (sede) of the actor at the time of the action |
Events Captured
Login
Recorded when a user authenticates successfully. The
detalles array typically contains a single entry confirming the session start.User Creation
Recorded when an administrator creates a new user account. Lists the initial field values in
detalles.User Update
Recorded when any user profile field changes. The
generarCambios() controller diffs the old and new values and populates detalles with one entry per changed field.User Deletion
Recorded when a user account is deactivated or removed. Includes the affected username in
detalles.Location Soft-Delete
Recorded by
PUT /api/ubicaciones/eliminadas/:id. Confirms which location was set to inactivo.Password Reset
Recorded when an administrator resets another user’s password. The new password value is never logged — only the event itself.
The generarCambios() Controller
When a user profile is updated, the system calls generarCambios(oldData, newData) to produce the detalles array. The function iterates over every field in the new data object and compares it to the corresponding field in the old snapshot. For each field where the value has changed, it appends a descriptive string to the changes list:
detalles, making it straightforward to see exactly what changed in any given event.
Retrieving the Audit Log
GET /api/bitacora
Returns all bitácora entries ordered by fecha descending (most recent first).
This endpoint does not require authentication. The
bitacora router exports a bare Express route with no verificarToken middleware. If your deployment requires restricting access to the audit log, you should add the middleware or move the endpoint behind an API gateway rule.fecha field is converted from a Firestore Timestamp to an ISO 8601 string by the API handler before being sent in the response:
"Sin acción", [], "N/A", "Desconocido") so the response shape is always consistent.
Writing to the Bitácora
Any backend module can write an audit entry by creating a document directly in thebitacora collection. The pattern used throughout the codebase is:
FieldValue.serverTimestamp() ensures the timestamp is set by Firestore’s servers, not the application server, which provides a consistent ordering guarantee for entries written within the same millisecond window.