Skip to main content

Endpoint

POST /api/register
Creates a new user account in the Mueve system. Passwords are automatically hashed using bcrypt before storage.
This is a public endpoint that does not require authentication.

Request Body

name
string
required
The full name of the user
email
string
required
A valid email address. Must be unique in the system.
password
string
required
The user’s password. Will be hashed using bcrypt with 10 salt rounds.

Validation Rules

The registration endpoint performs the following validations:
1

Required Fields Check

All three fields (name, email, password) must be provided. Missing fields result in a 400 error.
2

Email Uniqueness

The email must not already exist in the database. Duplicate emails return a 400 error.
3

Password Hashing

The password is hashed using bcrypt with 10 salt rounds before database storage.

Request Example

curl -X POST http://localhost:3001/api/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John Doe",
    "email": "[email protected]",
    "password": "securePassword123"
  }'

Response

message
string
Success message confirming user registration

Success Response (201 Created)

{
  "message": "Usuario registrado con éxito"
}

Error Responses

Returned when required fields are not provided.
{
  "message": "Todos los campos son obligatorios"
}
Cause: One or more required fields (name, email, password) are missing from the request body.
Returned when the email is already registered in the system.
{
  "message": "El email ya está registrado"
}
Cause: A user with this email address already exists in the database.
Returned when an unexpected server error occurs.
{
  "message": "Error en el servidor"
}
Cause: Database connection issues or other server-side errors.

Implementation Details

The registration endpoint is implemented in the authController.js file: 
import bcrypt from "bcrypt";
import pool from "../db/db.js";

export const registerUser = async (req, res) => {
  try {
    const { name, email, password } = req.body;

    // Validate required fields
    if (!name || !email || !password) {
      return res.status(400).json({ message: "Todos los campos son obligatorios" });
    }

    // Check if email already exists
    const [existingUser] = await pool.query("SELECT * FROM users WHERE email = ?", [email]);
    if (existingUser.length > 0) {
      return res.status(400).json({ message: "El email ya está registrado" });
    }

    // Hash the password with 10 salt rounds
    const hashedPassword = await bcrypt.hash(password, 10);

    // Insert new user into database
    await pool.query("INSERT INTO users (name, email, password) VALUES (?, ?, ?)", [
      name,
      email,
      hashedPassword,
    ]);

    res.status(201).json({ message: "Usuario registrado con éxito" });
  } catch (error) {
    console.error(error);
    res.status(500).json({ message: "Error en el servidor" });
  }
};
The implementation is located at src/controllers/authController.js:9 in the source repository.

Security Considerations

Password Security:
  • Passwords are hashed using bcrypt with 10 salt rounds
  • Original passwords are never stored in the database
  • Bcrypt automatically generates a unique salt for each password

Bcrypt Hashing Process

The registration process uses bcrypt to hash passwords: 
// Hash password with 10 salt rounds
const hashedPassword = await bcrypt.hash(password, 10);
Bcrypt features:
  • Adaptive hashing: Computational cost can be increased over time
  • Salt generation: Automatic random salt for each password
  • Collision resistant: One-way function that cannot be reversed
Best Practices for Client Applications:
  • Validate email format on the client side before submission
  • Enforce minimum password length requirements (8+ characters)
  • Consider password strength indicators
  • Use HTTPS to encrypt credentials in transit

Database Schema

The user record is stored in the users table with the following structure:
ColumnTypeDescription
idINTEGERAuto-incrementing primary key
nameVARCHARUser’s full name
emailVARCHARUnique email address
passwordVARCHARBcrypt hashed password

Next Steps

After successful registration, users can authenticate using the login endpoint:

Login

Learn how to authenticate and receive a JWT token

Build docs developers (and LLMs) love

Get started for freeTalk to us