The inventory module is the operational core of AutoPart Pro. It gives administrators complete control over the parts catalog — creating new SKUs, editing prices and descriptions, adjusting stock levels, and removing discontinued parts — while exposing a read-only catalog view to any visitor browsing the storefront. Every write operation is protected by theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/JFKoryy/autopart-pro/llms.txt
Use this file to discover all available pages before exploring further.
authorize('admin') middleware so that only accounts with the admin role can mutate inventory data.
Product Fields
Every product record in theproducts table carries the following fields:
| Field | Type | Notes |
|---|---|---|
id | INT (PK) | Auto-incremented primary key |
sku | VARCHAR (unique) | Auto-uppercased and trimmed by validateProductData middleware |
name | VARCHAR | Display name of the part |
brand | VARCHAR | Manufacturer brand (e.g. Bosch, NGK) |
compatible_cars | TEXT | Free-text vehicle compatibility string (e.g. “Toyota Corolla 2018-2022”) |
price | DECIMAL | Must be ≥ 0; validated by middleware |
stock | INT | Current units on hand; must be a non-negative integer |
min_stock | INT | Low-stock threshold, defaults to 5 |
image_url | VARCHAR | Optional product photo URL |
category | VARCHAR | Optional category label (e.g. “Filtros”, “Frenos”) |
description | TEXT | Optional long-form description |
SKU Validation
ThevalidateProductData middleware runs before every POST /api/products and PUT /api/products/:id request. It enforces three rules:
sku,name, andbrandare required on creation (POST).price, if provided, must be a non-negative number.stock, if provided, must be a non-negative integer.
ER_DUP_ENTRY and the controller returns a 400 response:
Access Control
Route-level protection is applied inproductRoutes.js using the protect (JWT auth) and authorize (role check) middleware:
GET /api/products is intentionally unauthenticated so that the public storefront can load the catalog without requiring a login. All mutation endpoints require both a valid JWT and the admin role.API Operations
| Method | Endpoint | Auth Required | Role | Description |
|---|---|---|---|---|
GET | /api/products | No | — | List all products ordered by created_at DESC |
GET | /api/products/:id | Yes | Any | Fetch a single product by ID |
GET | /api/products/low-stock | Yes | Any | List products where stock <= min_stock |
POST | /api/products | Yes | admin | Create a new product |
PUT | /api/products/:id | Yes | admin | Partial update — only provided fields are changed |
DELETE | /api/products/:id | Yes | admin | Permanently remove a product |
Creating a Product
Updating a Product (Stock Adjustment)
Only the fields included in the request body are changed. Partial updates are fully supported — you can updatestock alone without touching the price or description:
Frontend Views
The frontend renders different inventory experiences depending on the authenticated user’s role:Inventory Page (Admin / Employee)
Located at
/admin/inventario, the Inventory.jsx page renders a searchable product table with SKU, name, compatibility, price, and a stock badge. Admins see Edit and Delete action buttons. Employees can click the stock badge to open a quick-edit modal but cannot create or delete products.Catalog Page (Client)
Located at
/catalogo, the Catalog.jsx page renders the same product data as a filterable card grid. Clients can filter by brand, vehicle compatibility, category, and sort by price or stock level. An Add to Cart button on each card triggers CartContext.addItem().Related Pages
Stock Alerts
Learn how the low-stock EventEmitter fires when stock drops to or below
min_stock.User Roles
Understand how
authorize('admin') protects every write endpoint.