Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/scoria02/marbes2021_backend/llms.txt

Use this file to discover all available pages before exploring further.

The update profile endpoint lets an authenticated user modify their own profile data, change their password, and upload a new avatar image — all in a single request. The endpoint accepts multipart/form-data so that a file upload can be included alongside text fields. At least one field must be provided per request. Fields you omit are left unchanged.

Request

Method: PUT
Path: /api/auth/profile
Authentication: Required — Authorization: Bearer <token>
Content-Type: multipart/form-data

Body parameters

nombre
string
User’s first name. Whitespace is trimmed and the value is title-cased automatically. Must not be blank if included.
apellido
string
User’s last name. Whitespace is trimmed and the value is title-cased automatically. Must not be blank if included.
telefono
string
Phone number. Formatted automatically before storage.
password
string
New password. Must be at least 6 characters. Hashed with bcrypt (10 salt rounds) before storage.
avatar
file
Profile picture file. Accepted formats: JPEG, PNG, GIF, WebP. Maximum size: 5 MB. The image is automatically resized to 300 × 300 px after upload.
You must send at least one of the fields above. Sending a request body with none of them returns a 400 error.

Middleware pipeline

This endpoint runs the following middleware before reaching the controller:
  1. authMiddleware — verifies the Authorization: Bearer <token> header and decodes the JWT. Returns 401 if the token is missing, invalid, or expired.
  2. validate — checks express-validator results from any upstream validation rules.
  3. uploadAvatar — handles the multipart/form-data parsing and saves the file to a temporary location via Multer.
  4. validateAvatar — enforces file type (JPEG/PNG/GIF/WebP) and size (max 5 MB) constraints. Rejects disallowed files before they reach the controller.

Response

200 — success

success
boolean
required
Always true on a successful update.
message
string
required
Human-readable confirmation message (e.g. "Perfil actualizado exitosamente").
data
object
required
The updated user record as returned by the database. Contains the same fields as the login user object, reflecting any changes just applied.

Examples

curl --request PUT \
  --url http://localhost:7780/api/auth/profile \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' \
  --form 'nombre=María' \
  --form 'apellido=González' \
  --form 'telefono=+58 412 555 0100' \
  --form 'avatar=@/path/to/photo.jpg'

Success response

200
{
  "success": true,
  "message": "Perfil actualizado exitosamente",
  "data": {
    "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "nombre": "María",
    "apellido": "González",
    "email": "[email protected]",
    "cedula_rif": "V-12345678",
    "telefono": "+58 412 555 0100",
    "cargo": "Analista",
    "departamento": "Tecnología",
    "avatar": "uploads/avatars/a1b2c3d4.jpg",
    "estatus": "active",
    "created_at": "2023-01-15T08:00:00.000Z",
    "updated_at": "2024-06-01T12:45:00.000Z"
  }
}

Error responses

400
{
  "success": false,
  "message": "Debe enviar al menos un campo para actualizar"
}
400
{
  "success": false,
  "message": "La contraseña debe tener al menos 6 caracteres"
}
401
{
  "message": "Acceso denegado. No se proveyó token."
}
401
{
  "message": "Token inválido o expirado."
}
404
{
  "success": false,
  "message": "Usuario no encontrado o inactivo"
}

Build docs developers (and LLMs) love

Get started for freeTalk to us