Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/giangartun/Tis-GOAT-Frontend/llms.txt

Use this file to discover all available pages before exploring further.

GOAT Portfolio uses email and password authentication backed by JWT Bearer tokens. After a successful login the server returns a signed token that is stored in localStorage under the key token. Every subsequent request to a protected endpoint must include the header Authorization: Bearer <token>. The logged-in user object and the portfolio ID are also persisted in localStorage under the keys usuario and id_portafolio respectively.

Registration

To create a new account, submit a POST request to /api/usuario/pre-registro with all six required fields.
FieldTypeDescription
nombrestringFirst name. Letters only (including accented characters).
apellido_paternostringPaternal surname. Letters only.
apellido_maternostringMaternal surname. Letters only.
emailstringValid email address (name@domain.tld format).
contrasenastringPassword — minimum 6 characters.
contrasena_confirmationstringMust match contrasena exactly.
Validation rules applied on the client before the request is sent:
  • Name fields (nombre, apellido_paterno, apellido_materno) are stripped of digits and validated against /^[a-zA-ZáéíóúüñÁÉÍÓÚÜÑ\s]*$/.
  • Password must be at least 6 characters.
  • contrasena and contrasena_confirmation must be identical.
  • Email must match /^[^\s@]+@[^\s@]+\.[^\s@]+$/.
Example request body:
{
  "nombre": "María",
  "apellido_paterno": "García",
  "apellido_materno": "López",
  "email": "maria.garcia@example.com",
  "contrasena": "s3cur3P4ss",
  "contrasena_confirmation": "s3cur3P4ss"
}
1

Fill in the registration form

Navigate to /register and complete all required fields. Name fields automatically strip any digits as you type.
2

Submit the form

Click the Register button. The form calls POST /api/usuario/pre-registro. On success, a confirmation message asks you to check your email.
3

Wait for redirect

After 7 seconds, you are automatically redirected to /login with a prompt to verify your email before signing in.

Email Verification

After registration, a verification email is sent to the address you provided. The email contains a unique link that calls:
GET /api/usuario/verificar-email/:token
The :token parameter is extracted from the URL path by the VerificarEmail page. Once the API responds with HTTP 200 the user sees a success screen and is redirected to /login. If the token is invalid or already used, an error is shown and the user is prompted to register again.

Login

Send a POST request to /api/usuario/login with the user’s credentials:
{
  "email": "maria.garcia@example.com",
  "contrasena": "s3cur3P4ss"
}
On success the server responds with 200 OK and a JSON body like the following:
{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
  "usuario": {
    "id_usuario": "01JXYZ...",
    "nombre": "María",
    "apellido_paterno": "García",
    "email": "maria.garcia@example.com",
    "tipo_usuario": "usuario"
  },
  "id_portafolio": "01KABC...",
  "tipo_usuario": "usuario"
}
The client stores token, usuario, and id_portafolio in localStorage. All subsequent API calls pass Authorization: Bearer <token> in the request header.
The tipo_usuario field may appear both at the top level of the response and nested inside the usuario object. The client reads data.tipo_usuario ?? data.usuario?.tipo_usuario to handle either shape. Admin users (tipo_usuario === 'admin') are redirected to /admin/usuarios after login. Regular users are redirected to / (the home discovery feed).

Password Recovery

If a user forgets their password, they can trigger a reset email from the login screen by clicking Forgot your password?. Step 1 — Request a reset link:
POST /api/usuario/contrasena/olvido
{ "email": "maria.garcia@example.com" }
A recovery email is sent containing a link to /reset-password?token=<reset_token>. Step 2 — Submit a new password: The reset page (/reset-password?token=<reset_token>) handles:
POST /api/usuario/contrasena/resetear
with the body:
{
  "token": "<reset_token>",
  "email": "maria.garcia@example.com",
  "password": "newP4ssword",
  "password_confirmation": "newP4ssword",
  "contrasena": "newP4ssword",
  "contrasena_confirmation": "newP4ssword"
}
On success, the user is redirected to /login after 1.5 seconds with a confirmation message.

Suspended Accounts

If the login endpoint returns HTTP 403, your account has been suspended by an administrator. The error message will read: “Tu cuenta ha sido suspendida. Contacta al administrador.” You will not be able to log in until an administrator restores your access.

Build docs developers (and LLMs) love