Skip to main content

Get started with DEMET Backend

This guide will help you set up the DEMET Backend API locally and make your first authenticated request. You’ll be up and running in less than 10 minutes.
This quickstart assumes you have Node.js (v14+), PostgreSQL, and npm installed on your system.

Setup steps

1

Clone the repository

First, clone the DEMET Backend repository to your local machine:
git clone https://github.com/ProyectoDemet/Backend-DEMET.git
cd Backend-DEMET
2

Install dependencies

Install all required npm packages:
npm install
This will install the following key dependencies:
  • express - Web framework
  • pg - PostgreSQL client
  • jsonwebtoken - JWT authentication
  • bcrypt - Password hashing
  • zod - Schema validation
  • cookie-parser - Cookie handling
  • nodemailer - Email sending
  • exceljs - Excel report generation
3

Configure environment variables

Create a .env file in the root directory with the following variables:
.env
# Database connection
DATABASE_URL=postgresql://username:password@localhost:5432/demet_db

# JWT configuration
ACCESS_SECRET=your_access_token_secret_here
ACCESS_EXPIRE_IN=1h
REFRESH_SECRET=your_refresh_token_secret_here
REFRESH_EXPIRE_IN=7d

# Server configuration
PORT=3002

# Email configuration (Gmail)
GOOGLE_USER=[email protected]
GOOGLE_PWD=your_app_password
EMAIL_ADMIN=[email protected]
Make sure to use strong, unique secrets for ACCESS_SECRET and REFRESH_SECRET. Never commit your .env file to version control.
4

Set up the database

Ensure your PostgreSQL database is running and create the necessary tables and stored procedures. The database should have the following main tables:
  • employee - Employee accounts
  • partner - Hotel partners
  • space - Available spaces/rooms
  • rate - Pricing information
  • extra - Additional services
  • reservation - Booking records
The API uses stored procedures (e.g., p_insert_employee, p_update_employee) for database operations. Make sure these are properly set up in your PostgreSQL instance.
5

Start the server

Launch the development server:
npm run dev
Or for production:
npm start
You should see:
Servidor escuchando en http://localhost:3002

Make your first API call

Now that the server is running, let’s make your first authenticated requests.

Register an employee account

Create your first employee account with administrator privileges: 
curl -X POST http://localhost:3002/intern/signup \
  -H "Content-Type: application/json" \
  -H "Cookie: access_token=ADMIN_TOKEN_HERE" \
  -d '{
    "name": "Juan Pérez",
    "email": "[email protected]",
    "password": "123456",
    "rol": "Administrador"
  }'
The /intern/signup endpoint requires authentication from an existing administrator. For the first account, you’ll need to create it directly in the database or modify the verifyRol middleware temporarily.
Response (201 Created): 
{
  "mensaje": "Registro Exitoso"
}

Login and receive tokens

Authenticate with your newly created account: 
curl -X POST http://localhost:3002/intern/login \
  -H "Content-Type: application/json" \
  -c cookies.txt \
  -d '{
    "email": "[email protected]",
    "password": "123456"
  }'
Response (200 OK): 
{
  "auth": true
}
The server will set two HTTP-only cookies in the response:
  • access_token - Valid for 1 hour (default)
  • refresh_token - Valid for 7 days (default)

Make an authenticated request

Use the cookies from login to access protected endpoints: 
curl -X GET http://localhost:3002/intern/me \
  -b cookies.txt
Response (201 Created): 
{
  "role": "Administrador"
}

Get all spaces (public endpoint)

Some endpoints don’t require authentication. Try fetching all available spaces: 
curl -X GET http://localhost:3002/space/get
Response (200 OK): 
[
  {
    "id_rate": 3,
    "name": "Salón Principal",
    "descrip": "Espacio amplio con sonido y sillas incluidas",
    "pax": 80,
    "value4": 250000,
    "value8": 400000,
    "value_extra": 60000
  }
]

Working with reservations

Create a new reservation with the authenticated session: 
curl -X POST http://localhost:3002/reserve/register \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{
    "v_id_reservation": "RSV00123",
    "v_name": "María García",
    "v_email": "[email protected]",
    "v_phone_number": "3104567890",
    "v_init_date": "2025-06-10T10:00:00Z",
    "v_end_date": "2025-06-10T15:00:00Z",
    "v_pax": 20,
    "v_status": "EN PROGRESO",
    "v_extras": "[{\"id_extra\":1, \"quantity\":2, \"value_add\":5000}]",
    "v_amount": 85000,
    "v_total_value": 90000,
    "v_fk_rate": 2
  }'
Response (200 OK): 
{
  "message": "Reserva Registrada Exitosamente"
}

Token refresh flow

When your access token expires (after 1 hour), you can refresh it without logging in again: 
curl -X GET http://localhost:3002/intern/refresh \
  -b cookies.txt \
  -c cookies.txt
Response (200 OK): 
{
  "message": "Access token renovado"
}
The server will issue a new access_token cookie while keeping the refresh_token unchanged.

Error handling

The API returns standard HTTP status codes and JSON error messages: 
// 401 Unauthorized - No token provided
{
  "auth": false,
  "message": "Token No Enviado"
}

// 401 Unauthorized - Invalid or expired token
{
  "auth": false,
  "message": "Token Invalido o Expirado"
}

// 401 Unauthorized - Insufficient permissions
{
  "auth": false,
  "message": "Usuario/Rol No Autorizado",
  "role": "Asistente de Gerencia"
}

// 400 Bad Request - Validation error
{
  "error": "Email en Uso"
}

Next steps

Authentication deep dive

Learn about the JWT authentication system, token lifecycle, and security best practices

API reference

Explore all available endpoints, request schemas, and response formats

Explore documentation

View the interactive Scalar API documentation at http://localhost:3002/reference

Build docs developers (and LLMs) love

Get started for freeTalk to us