Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/scoria02/marbes2021_backend/llms.txt

Use this file to discover all available pages before exploring further.

Marbes uses multer for all file uploads. Every upload middleware stores files in memory first (multer.memoryStorage()), then the relevant service layer processes and writes them to the uploads/ directory on disk. All uploads are validated by MIME type and file size before being accepted. Uploaded files are then served as static assets via GET /uploads/{path}.
All upload endpoints require a valid Authorization: Bearer <token> header. File requests without authentication are rejected with 401 before the upload middleware even runs.

Static file serving

Once uploaded, files are accessible at: 
GET /uploads/{path}
The server maps this directly to the uploads/ directory at the project root using Express static middleware: 
app.use('/uploads', express.static(path.join(process.cwd(), 'uploads')));
No authentication is required to retrieve a file if you know the path, so file paths should be treated as access-controlled secrets by the application layer.

Avatar uploads

Employee avatars are uploaded via PUT /api/rrhh/user/editar. The endpoint accepts a single image file in the avatar field of a multipart/form-data request. Accepted types: image/jpeg, image/jpg, image/png, image/gif, image/webp
Max size: 5 MB
Max files: 1 After upload, the image is processed with sharp:
  • Resized to 300 × 300 px using cover fit (center-aligned)
  • Re-encoded as JPEG at 85% quality
  • Saved to uploads/{userId}/avatar_{timestamp}.jpg
  • Any previous avatar_* file in the user’s directory is deleted automatically
curl -X PUT https://api.example.com/api/rrhh/user/editar \
  -H "Authorization: Bearer <token>" \
  -F "avatar=@/path/to/photo.png"
The response includes the stored relative path, e.g. uploads/abc123/avatar_1716000000000.jpg.

Contract PDF uploads

Signed contract PDFs are uploaded via POST /api/rrhh/contrato/cliente/:id. The middleware uploadContratoPDFMiddleware accepts a single PDF in the contrato_pdf field. Accepted types: application/pdf only
Max size: 10 MB
Max files: 1 Files are saved to: 
uploads/contratos/clientes/{contratoId}/contrato_firmado_{timestamp}.pdf
The same middleware (uploadContratoPDFMiddleware) is also used for signed vínculo PDFs via POST /api/rrhh/vinculo/cliente/:id, which saves to: 
uploads/contratos/vinculos/{clienteId}/vinculo_firmado_{timestamp}.pdf

curl -X POST https://api.example.com/api/rrhh/contrato/cliente/CONTRACT_ID \
  -H "Authorization: Bearer <token>" \
  -F "contrato_pdf=@/path/to/signed_contract.pdf"
Both contract and vínculo PDF endpoints use the same contrato_pdf field name. Make sure you are POSTing to the correct endpoint for each document type.

Guarantee file uploads

Guarantee documents are attached to contracts (via POST /api/negocios/contratos/actualizar/:id) and to TPROD loan products (via POST /api/negocios/tprod). Both use uploadGarantiaFiles, which calls multer.any() and accepts files under any field name. Accepted types: PDF, Word (.doc/.docx), Excel (.xls/.xlsx), plain text, JPEG, PNG, GIF, WebP
Max size per file: 10 MB
Max files: 10 Images are resized (max width 1600 px, no enlargement) and re-encoded as JPEG at 85% quality. Non-image documents are written to disk as-is. Storage paths:
ContextPath pattern
Contract guaranteeuploads/{idAportante}/{idContrato}/garantias/garantia_{name}_{timestamp}{ext}
TPROD guaranteeuploads/{idCliente}/tprod/{idTprod}/garantias/garantia_{name}_{timestamp}{ext}
curl -X POST https://api.example.com/api/negocios/contratos/actualizar/CONTRACT_ID \
  -H "Authorization: Bearer <token>" \
  -F "garantia_doc=@/path/to/guarantee.pdf" \
  -F "garantia_img=@/path/to/property_photo.jpg"
File names are sanitized before saving: any character that is not alphanumeric, _, ., or - is replaced with _. Do not rely on the original filename being preserved on disk.

Excel and CSV uploads

Bank statement files are uploaded for processing via uploadExcelMiddleware, which calls multer.any() and accepts files under any field name (common names: archivo, file, excel, estadoCuenta). Accepted types: .xls, .xlsx, .csv (validated by both MIME type and file extension)
Max size: 15 MB
Max files: 1 Accepted MIME types:
  • application/vnd.ms-excel
  • application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
  • application/vnd.oasis.opendocument.spreadsheet
  • text/csv
  • text/plain (CSV sometimes detected as this)
  • application/csv
curl -X POST http://localhost:7780/api/conta/estadoscuenta \
  -H "Authorization: Bearer <token>" \
  -F "archivo=@/path/to/statement.xlsx" \
  -F "banco=Banco de Venezuela" \
  -F "numero=6452"

Credit application document uploads

Credit application documents are handled by uploadSolicitudCreditoDocs, which calls multer.any() and accepts files under any field name. This allows the front end to send fields like doc_cedula_url, doc_rif_url, doc_acta_constitutiva_url, declaracion_jurada, and logo without triggering a multer Unexpected field error. Accepted types: PDF (including application/octet-stream with .pdf extension), JPEG, PNG
Max size per file: 15 MB
Max files: 30 
curl -X POST http://localhost:7780/api/report/solicitud-credito \
  -H "X-Solicitud-Token: <link-token>" \
  -F "doc_cedula_url=@/path/to/cedula.pdf" \
  -F "doc_rif_url=@/path/to/rif.pdf" \
  -F "declaracion_jurada=@/path/to/declaration.pdf" \
  -F "logo=@/path/to/company_logo.png"
Credit application endpoints accept either a standard JWT (Authorization: Bearer) or a one-time link token (X-Solicitud-Token header or token body field). See Roles and permissions for details on authOrSolicitudToken.

Client credit document uploads (n8n integration)

Documents for credit clients can be uploaded by n8n automations via POST /api/rrhh/clientes-creditos/:id/documentos. This endpoint supports two delivery modes: Mode A — multipart/form-data with fields data, doc_empresa[], registro_mercantil[], or doc_representante[] (up to 10 files each, 30 total). Mode B — raw binary body with Content-Type: application/pdf or application/octet-stream. The rawPdfBodyMiddleware reads the body into a buffer before multer runs. The filename is resolved from Content-Disposition, X-File-Name, or X-Original-Filename headers, falling back to documento_{timestamp}.pdf. Accepted types (multipart): application/pdf, image/jpeg, image/jpg, image/png, application/octet-stream
Max size per file: 15 MB
Max files: 30 Files are stored at: 
uploads/clientes_creditos/{idClienteCredito}/{tipo_documento_slug}/{basename}_{timestamp}{ext}
Where tipo_documento_slug is derived from the document type label by lowercasing, replacing spaces with _, and stripping special characters. 
curl -X POST https://api.example.com/api/rrhh/clientes-creditos/CLIENT_ID/documentos \
  -H "Authorization: Bearer <token>" \
  -F "data=@/path/to/document.pdf"

Upload limits summary

MiddlewareField name(s)TypesMax sizeMax files
uploadAvataravatarJPEG, PNG, GIF, WebP5 MB1
uploadContratoPDFMiddlewarecontrato_pdfPDF10 MB1
uploadGarantiaFilesanyPDF, Word, Excel, TXT, images10 MB10
uploadExcelMiddlewareanyXLS, XLSX, CSV15 MB1
uploadSolicitudCreditoDocsanyPDF, JPEG, PNG15 MB30
cpUploaddata, doc_empresa[], registro_mercantil[], doc_representante[]PDF, JPEG, PNG15 MB30
uploadReferenciareferencia_imgany10 MB1

Build docs developers (and LLMs) love

Get started for freeTalk to us