Introduction
The Construction Backend API uses a secure authentication system based on email and password credentials. User passwords are hashed using bcrypt before storage to ensure maximum security.Key Concepts
User Model Schema
The User model consists of the following fields:| Field | Type | Required | Unique | Description |
|---|---|---|---|---|
document | String | Yes | Yes | User’s identification document (e.g., national ID) |
email | String | Yes | Yes | User’s email address |
password | String | Yes | No | Hashed password (bcrypt) |
name | String | Yes | No | User’s first name |
last_name | String | Yes | No | User’s last name |
cellphone | String | Yes | No | User’s phone number |
user_type | String | Yes | No | Type/role of user in the system |
Password Security
Authentication Flow
User Registration
New users register with their credentials and personal information. The system validates uniqueness of email and document.
Password Hashing
The plain-text password is hashed using bcrypt before being stored in the database.
User Login
Users authenticate by providing email and password. The system compares the hashed password using bcrypt.
Security Features
The authentication system includes the following security measures:
- Bcrypt password hashing (salt rounds: 10)
- Email uniqueness validation
- Document uniqueness validation
- Secure password comparison
- No password exposure in API responses
Available Endpoints
- POST /register - Register a new user account
- POST /login - Authenticate and login existing users
Error Handling
The API returns appropriate HTTP status codes:200- Successful login201- Successful registration400- Bad request (missing fields, duplicate email/document)401- Unauthorized (invalid credentials, user not found)500- Server error
Next Steps
User Registration
Learn how to register new users
User Login
Learn how to authenticate users