Overview The user registration endpoint allows new users to create accounts in the system. All passwords are securely hashed using bcrypt before storage.
Endpoint Request Body Field Type Required Description documentstring Yes User’s identification document emailstring Yes User’s email address (must be unique) passwordstring Yes User’s password (will be hashed) namestring Yes User’s first name last_namestring Yes User’s last name cellphonestring Yes User’s phone number user_typestring Yes User type or role
Both email and document must be unique in the system. Registration will fail if either already exists.
Implementation Details Password Hashing The system uses bcrypt to hash passwords before storage:
const hashedPassword = await bcrypt . hash ( password , 10 );
The bcrypt salt round is set to 10, providing a strong balance between security and performance.
Validation Process
Required Fields Check
The system validates that email and password are provided. if ( ! email || ! password ) { return res . status ( 400 ). json ({ message: 'Email y contraseña son obligatorios' }); }
Email Uniqueness
Check if the email is already registered in the system. const existingUser = await User . findOne ({ email }); if ( existingUser ) { return res . status ( 400 ). json ({ message: 'El correo electrónico ya está registrado' }); }
Document Uniqueness
Verify that the document number is not already in use. const existingDocument = await User . findOne ({ document }); if ( existingDocument ) { return res . status ( 400 ). json ({ message: 'La cédula ya está registrada' }); }
User Creation
Create and save the new user with hashed password. const newUser = new User ({ document , email , password: hashedPassword , name , last_name , cellphone , user_type , }); await newUser . save ();
Examples JavaScript (Fetch)
Python (Requests)
cURL
const response = await fetch ( 'http://localhost:3000/register' , { method: 'POST' , headers: { 'Content-Type' : 'application/json' , }, body: JSON . stringify ({ document: '1234567890' , email: '[email protected] ' , password: 'SecurePassword123!' , name: 'John' , last_name: 'Doe' , cellphone: '+1234567890' , user_type: 'contractor' }) }); const data = await response . json (); console . log ( data );
Response Success Response (201 Created) { "message" : "Usuario registrado correctamente" , "user" : { "document" : "1234567890" , "email" : "[email protected] " , "password" : "$2a$10$XxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXx" , "name" : "John" , "last_name" : "Doe" , "cellphone" : "+1234567890" , "user_type" : "contractor" , "_id" : "507f1f77bcf86cd799439011" , "__v" : 0 } }
The password in the response is the hashed version. However, in production, it’s recommended to exclude the password field from API responses entirely.
Error Responses Missing Required Fields (400 Bad Request) { "message" : "Email y contraseña son obligatorios" }
Duplicate Email (400 Bad Request) { "message" : "El correo electrónico ya está registrado" }
Duplicate Document (400 Bad Request) { "message" : "La cédula ya está registrada" }
Server Error (500 Internal Server Error) { "message" : "Error al registrar el usuario" , "error" : "Detailed error message" }
Edge Cases Important edge cases to handle:
Empty strings : While fields may be provided, empty strings will pass the basic validation but may cause issues. Consider adding length validation.Invalid email format : The current implementation doesn’t validate email format. Consider adding email validation.Weak passwords : No password strength requirements are enforced. Consider implementing password policies.Document format : No validation on document format or length. Best Practices
Client-side validation : Validate input on the client side before sending requestsPassword requirements : Implement minimum password length and complexity rulesEmail verification : Consider adding email verification flow after registrationRate limiting : Implement rate limiting to prevent abuseSanitization : Sanitize user input to prevent injection attacks