Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Renzo717/Aula-Virtual-Universidad-Radiolocucion/llms.txt

Use this file to discover all available pages before exploring further.

The NuestraVoz — Campus Virtual REST API is an Express.js service written in TypeScript, backed by Supabase for both authentication and data persistence. Every route lives under the /api prefix and always responds with JSON. A successful response wraps its payload in a data key; any error is surfaced through an error key with an optional details field containing structured validation information.

Base URL

EnvironmentBase URL
Developmenthttp://localhost:3001
Productionhttps://<your-domain>
All endpoints are relative to this base URL and share the /api prefix.
# Development health check
curl http://localhost:3001/api/health

Response Envelope

Every response from the API conforms to one of two shapes, defined by the shared ApiSuccess and ApiError TypeScript types: Success
{
  "data": { }
}
Error
{
  "error": "Descripción del error",
  "details": { }
}
The details field is optional and appears primarily on 400 Bad Request responses from Zod validation failures. It contains the flattened error tree produced by zod’s .flatten() method.

Health Check

A lightweight liveness endpoint is available without authentication. It is useful for load-balancer health probes and uptime monitors.
GET /api/health
Response
{
  "status": "ok",
  "service": "nuestravoz-api"
}

Authentication

The API uses session cookies for authentication. After a successful POST /api/auth/login the server sets an httpOnly cookie named nv_session containing a Supabase JWT access token. This cookie must be present on every subsequent request to protected routes.
Because the cookie is httpOnly it cannot be read by JavaScript running in the browser — it is sent automatically by the browser on every same-origin (or credentialed cross-origin) request.
When making requests from a JavaScript client, always pass credentials: 'include' (Fetch API) or withCredentials: true (Axios) so that the browser includes the cookie. See the Authentication page for the full login flow, cookie properties, and middleware details.

Content Types

ScenarioContent-Type
All standard requestsapplication/json
File uploads (resources, avatars)multipart/form-data

HTTP Status Codes

CodeMeaning
200 OKRequest succeeded
201 CreatedResource was created
400 Bad RequestValidation error — check details
401 UnauthorizedMissing or expired session cookie
403 ForbiddenAuthenticated but insufficient permissions (role or inactive account)
404 Not FoundRoute or resource does not exist

CORS

The API is configured with cors and only accepts requests from the origin defined by the CORS_ORIGIN environment variable (default: http://localhost:4321). The credentials: true CORS option is always enabled, which is required for cookie-based authentication to work across origins.

Route Groups

Authentication

Register, log in, log out, and inspect the current session. All other routes depend on a valid session established here.

Users

Full user CRUD. Restricted to administrators. Create, update, activate, deactivate, and delete platform users.

Carreras

Manage academic careers (carreras) and their associated subjects (materias). Includes subject assignment to teachers and schedule management.

Aula Virtual

Per-subject virtual classroom: announcements, activities, file submissions, quick-access links, and class resources.

Foro

Discussion forums scoped to each subject. Threads, nested replies, reactions, and moderation actions.

Finales

Final grade management per subject and academic year. Bulk upsert of grades, recovery exam scores, and free/regular attendance flags.

Cursos

Standalone course management independent of academic careers. Create, update, assign teachers, and manage enrollment in open-format courses.

Inscripciones

Enrollment management. Enroll students in careers or individual subjects, change enrollment status, and query enrolled students per subject.

Dashboard

Role-aware statistics. Returns different data shapes for administrators, teachers, and students.

Boletines

Grade bulletin PDF generation. Produces a per-student PDF report with all subject grades for a given academic year.

Perfil

Current-user profile management. Update personal information, change password, and upload a profile picture.

Environment Variables

The following variables are read by apps/api/src/lib/config.ts at startup:
VariableDefaultDescription
PORT3001TCP port the Express server listens on
CORS_ORIGINhttp://localhost:4321Allowed origin for CORS
SESSION_COOKIE_NAMEnv_sessionName of the session cookie
NODE_ENVSet to production to enable secure cookies and other prod-only behaviour
SUPABASE_URLYour Supabase project URL
SUPABASE_SERVICE_ROLE_KEYService-role key for the Supabase admin client
Never expose SUPABASE_SERVICE_ROLE_KEY in a client-side bundle. It bypasses Row Level Security and has full database access.

Build docs developers (and LLMs) love