Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Renzo717/Aula-Virtual-Universidad-Radiolocucion/llms.txt

Use this file to discover all available pages before exploring further.

The authentication system in NuestraVoz — Campus Virtual is built on Supabase Auth and uses an HTTP-only session cookie (nuestravoz_session) to persist login state. All public endpoints (/register, /login, /logout) require no credentials. Endpoints marked requireAuth validate the session cookie on every request and reject unauthenticated calls with 401 Unauthorized. Profile management is handled through the separate /api/perfil route, which shares the same auth middleware.

POST /api/auth/register

Registers a new user account. estudiante accounts are immediately set to activo; docente accounts are created with status: pendiente and must be approved by an administrator before they can log in. Auth: Public — no cookie required.

Request body

nombre
string
required
First name. Minimum 2 characters.
apellido
string
required
Last name. Minimum 2 characters.
email
string
required
Valid email address. Used as the Supabase Auth login identifier.
password
string
required
Password. Minimum 6 characters.
rol
string
required
Role for the new account. Must be estudiante or docente.

Response — 201 Created

data
object

Error responses

StatusMeaning
400Validation error — details field contains Zod flatten output.
400Email already registered in Supabase Auth.

Example

curl -X POST https://api.nuestravoz.edu.ar/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "Valentina",
    "apellido": "Giménez",
    "email": "vgimenez@radio.edu.ar",
    "password": "secreto123",
    "rol": "estudiante"
  }'
{
  "data": {
    "message": "Cuenta creada. Inicia sesión para continuar."
  }
}

POST /api/auth/login

Authenticates the user with email and password. On success, writes an HTTP-only session cookie that subsequent authenticated requests must include. The cookie TTL is 30 days when remember: true and 24 hours otherwise. Auth: Public — no cookie required.

Request body

email
string
required
Registered email address.
password
string
required
Account password. Minimum 6 characters.
remember
boolean
When true, the session cookie TTL extends to 30 days instead of 24 hours.

Response — 200 OK

Sets Set-Cookie: nuestravoz_session=<jwt>; HttpOnly; SameSite=Lax.
data
object

Error responses

StatusMeaning
400Validation error on request body.
401Invalid email or password.
403Account is inactivo, or a docente account with status: pendiente.

Example

const res = await fetch("https://api.nuestravoz.edu.ar/api/auth/login", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  credentials: "include", // required to store and send the session cookie
  body: JSON.stringify({
    email: "vgimenez@radio.edu.ar",
    password: "secreto123",
    remember: true,
  }),
});
const { data } = await res.json();
console.log(data.rol); // "estudiante"

POST /api/auth/logout

Clears the session cookie, effectively ending the user’s session. This endpoint always returns 200 regardless of whether a valid session was present. Auth: Public — the cookie is cleared whether or not it was valid.

Response — 200 OK

data
object

Example

curl -X POST https://api.nuestravoz.edu.ar/api/auth/logout \
  --cookie "nuestravoz_session=<token>"
{
  "data": {
    "message": "Sesión cerrada"
  }
}

GET /api/auth/me

Returns the full profile of the currently authenticated user. Includes all profile fields stored in the profiles table. Auth: requireAuth — valid session cookie required.

Response — 200 OK

data
object

Error responses

StatusMeaning
401No valid session cookie.
404Profile record not found for the authenticated user ID.

Example

const res = await fetch("https://api.nuestravoz.edu.ar/api/auth/me", {
  credentials: "include",
});
const { data } = await res.json();
console.log(data.last_login); // "2025-03-12T14:22:10.000Z"

GET /api/perfil

Returns the complete profile record for the currently authenticated user. Identical in shape to GET /api/auth/me but sourced from the /api/perfil router and intended for profile-page use. Auth: requireAuth — valid session cookie required.

Response — 200 OK

data
object
Returns the full Profile record. See GET /api/auth/me for field descriptions.

Example

curl https://api.nuestravoz.edu.ar/api/perfil \
  --cookie "nuestravoz_session=<token>"

PATCH /api/perfil

Updates one or more mutable profile fields for the authenticated user. All fields are optional; send only the fields you wish to change. If email is included, the Supabase Auth identity is also updated. Auth: requireAuth — valid session cookie required.

Request body

nombre
string
Updated first name. Minimum 2 characters.
apellido
string
Updated last name. Minimum 2 characters.
dni
string
National ID number.
celular
string
Phone / mobile number.
email
string
Updated email address. Must be a valid email format. Triggers a Supabase Auth email update as well.

Response — 200 OK

data
object
Returns the updated Profile record. See GET /api/auth/me for field descriptions.

Error responses

StatusMeaning
400Validation error on request body.
400Database-level error (e.g., duplicate email).
401No valid session cookie.

Example

const res = await fetch("https://api.nuestravoz.edu.ar/api/perfil", {
  method: "PATCH",
  headers: { "Content-Type": "application/json" },
  credentials: "include",
  body: JSON.stringify({
    celular: "+54 9 11 1234-5678",
    dni: "38456789",
  }),
});
const { data } = await res.json();

POST /api/perfil/avatar

Uploads a new avatar image for the authenticated user. The file is stored in the avatars Supabase Storage bucket and the resulting public URL is written to the avatar_url field of the profile. Accepts any common image format; maximum file size is 5 MB. The request must use multipart/form-data encoding. Auth: requireAuth — valid session cookie required.

Request body

Send as multipart/form-data.
avatar
file
required
The image file to upload. Maximum size: 5 MB.

Response — 200 OK

data
object
Returns the updated Profile record with the new avatar_url populated.

Error responses

StatusMeaning
400No file included in the request.
400Supabase Storage upload error.
401No valid session cookie.

Example

curl -X POST https://api.nuestravoz.edu.ar/api/perfil/avatar \
  --cookie "nuestravoz_session=<token>" \
  -F "avatar=@/path/to/photo.jpg"
{
  "data": {
    "id": "e3c1a4f0-...",
    "avatar_url": "https://<project>.supabase.co/storage/v1/object/public/avatars/e3c1a4f0-.../avatar.jpg"
  }
}

POST /api/perfil/password

Changes the password for the authenticated user. The request must supply the current password (password) for schema validation context and the desired new password (newPassword). The actual update is applied via the Supabase Auth admin API. Auth: requireAuth — valid session cookie required.

Request body

password
string
required
Current password. Minimum 6 characters.
newPassword
string
required
New password. Minimum 6 characters.

Response — 200 OK

data
object

Error responses

StatusMeaning
400Validation error on request body.
400Supabase Auth error (e.g., password too weak).
401No valid session cookie.

Example

curl -X POST https://api.nuestravoz.edu.ar/api/perfil/password \
  -H "Content-Type: application/json" \
  --cookie "nuestravoz_session=<token>" \
  -d '{
    "password": "secreto123",
    "newPassword": "nuevoSecreto456"
  }'
{
  "data": {
    "message": "Contraseña actualizada"
  }
}

Build docs developers (and LLMs) love