Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/JuseAR27/Unisierra-eats/llms.txt

Use this file to discover all available pages before exploring further.

The Users API manages accounts for both students and administrators on the UniSierra Eats platform. Registration is restricted to institutional email addresses ending in @unisierra.edu.mx. There is no session middleware — after login the caller is responsible for persisting the returned user object in localStorage and passing identity data in subsequent requests where needed.
Passwords are stored and compared as plain text. There is no hashing or salting applied at any layer of this API. This is a known limitation of the current implementation and should be addressed before any production deployment.

POST /api/registro

Registers a new student account with rol_id = 2. The email address must belong to the @unisierra.edu.mx domain; the check is case-insensitive.

Request Body

nombre
string
required
Full name of the student.
correo
string
required
Institutional email address. Must end with @unisierra.edu.mx (case-insensitive).
password
string
required
Account password stored as plain text.

Response — 200 OK

mensaje
string
Confirmation message: "Usuario registrado con éxito".
id
integer
The lastID of the newly created user row.

Response — 400 Bad Request (invalid email domain)

{ "error": "Solo se permite el registro con correos institucionales (@unisierra.edu.mx)." }

Response — 400 Bad Request (duplicate email)

{ "error": "Error al registrar: Es posible que el correo ya esté en uso." }

Example

curl -X POST http://localhost:3000/api/registro \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "Ana López",
    "correo": "ana.lopez@unisierra.edu.mx",
    "password": "miContrasena123"
  }'

{ "mensaje": "Usuario registrado con éxito", "id": 5 }

POST /api/admin/registro

Registers a new administrator account with rol_id = 1. Shares the same institutional email restriction as POST /api/registro.
This endpoint has no server-side authorization check. Any caller can create an administrator account as long as they supply a valid @unisierra.edu.mx email.

Request Body

nombre
string
required
Full name of the administrator.
correo
string
required
Institutional email address. Must end with @unisierra.edu.mx (case-insensitive).
password
string
required
Account password stored as plain text.

Response — 200 OK

message
string
Confirmation message: "Nuevo administrador registrado con éxito.".

Response — 400 Bad Request (invalid email domain)

{ "error": "Solo se permite registrar correos institucionales (@unisierra.edu.mx)." }

Response — 400 Bad Request (duplicate email)

{ "error": "Error: Es posible que este correo ya esté registrado en el sistema." }

Example

curl -X POST http://localhost:3000/api/admin/registro \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "Carlos Ruiz",
    "correo": "carlos.ruiz@unisierra.edu.mx",
    "password": "adminPass456"
  }'

{ "message": "Nuevo administrador registrado con éxito." }

POST /api/login

Authenticates a user by matching correo and password against the Usuarios table. Returns the user object on success so the frontend can persist it in localStorage.

Request Body

correo
string
required
The user’s registered email address.
password
string
required
The user’s plain-text password.

Response — 200 OK

mensaje
string
Confirmation message: "Inicio de sesión exitoso".
usuario
object
The authenticated user object.

Response — 401 Unauthorized

{ "error": "Correo o contraseña incorrectos" }

Response — 500 Internal Server Error

{ "error": "<sqlite error message>" }

Example

curl -X POST http://localhost:3000/api/login \
  -H "Content-Type: application/json" \
  -d '{
    "correo": "ana.lopez@unisierra.edu.mx",
    "password": "miContrasena123"
  }'

{
  "mensaje": "Inicio de sesión exitoso",
  "usuario": {
    "id": 5,
    "nombre": "Ana López",
    "correo": "ana.lopez@unisierra.edu.mx",
    "rol_id": 2
  }
}

PUT /api/usuarios/:id

Updates a user’s display name, and optionally their password, identified by the user’s id. If password is an empty string or contains only whitespace, only nombre is updated.

Path Parameter

ParameterTypeDescription
idintegerThe id of the user to update.

Request Body

nombre
string
required
The user’s updated display name.
password
string
The user’s new plain-text password. If empty or whitespace-only, the existing password is left unchanged and only nombre is updated.

Update Logic

The endpoint branches internally based on the password value: 
if (password && password.trim() !== "") {
  // UPDATE Usuarios SET nombre = ?, password = ? WHERE id = ?
} else {
  // UPDATE Usuarios SET nombre = ? WHERE id = ?
}

Response — 200 OK

mensaje
string
Confirmation message: "Perfil actualizado correctamente".

Response — 500 Internal Server Error

{ "error": "<sqlite error message>" }

Examples

Update name only (empty password): 
curl -X PUT http://localhost:3000/api/usuarios/5 \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "Ana María López",
    "password": ""
  }'
Update both name and password: 
curl -X PUT http://localhost:3000/api/usuarios/5 \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "Ana María López",
    "password": "nuevaContrasena789"
  }'

{ "mensaje": "Perfil actualizado correctamente" }

DELETE /api/usuarios/:id

Permanently deletes a user account. To avoid foreign-key constraint errors, the endpoint first removes all reviews authored by the user, then deletes the user record itself.

Path Parameter

ParameterTypeDescription
idintegerThe id of the user to delete.

Request Body

None required.

Deletion Order

The server executes two sequential DELETE statements: 
DELETE FROM Resenas WHERE usuario_id = ?;
DELETE FROM Usuarios WHERE id = ?;

Response — 200 OK

mensaje
string
Confirmation message: "Cuenta eliminada correctamente".

Response — 500 Internal Server Error

{ "error": "<sqlite error message>" }

Example

curl -X DELETE http://localhost:3000/api/usuarios/5

{ "mensaje": "Cuenta eliminada correctamente" }

Build docs developers (and LLMs) love

Get started for freeTalk to us