- Introduction
- Routes
- Register route
- Login route
- Refresh token route
- Forgot password route
- Reset password route
- Verify email route
- Change password route
- Change email route
- Remove user route
- Get all users route
- Pagination route
- Update email route
- Update email url route
- Verify email URL route
- Create profile route
- Update profile route
- Disable account route
- Delete account route
- Get profile route
- Download user data route
- Create profile picture route
- Update profile picture route
- Remove profile picutre route
- TOTP verification test route
- Change role route
- Protected route
This application uses Express.js and Node.js for web development. It utilizes Prisma ORM with PostgreSQL, making database operations with PostgreSQL easier.
npm install - to download all dependencies
npm run dev - to start application
This is an example of working .env:
sudo docker run -it --name=miniotest -p 9000:9000 -p 9001:9001 minio/minio server /data --console-address ":9001"
If container is already running use "docker container rm bc0ecf8cd9fc0c54a3d5e71b32d29bbb13ef6c79cc217722b7c5f59f052f3bed" to remove container and then run command above.
- Migrations
- src
- controllers
- admin.controllers
- auth.controllers
- user.controllers
- entities
- response
- api.response
- response
- middlewares
- auth.middleware
- generic-error.handler
- node-error.handler
- not-found.handler
- resources
- consts
- constants
- enums
- errors.json
- consts
- routes
- index
- types
- user.type
- util
- array
- chechkrefreshtoken
- context
- logger
- object
- sendemails
- string
- validations
- controllers
- app.ts
- config.ts
base URL: "http://localhost:3000/api"
POST
/register: This route allows a new user to register for the app using their email, password, and other required fields.
http://localhost:3000/api/register
Description:
To register new user you should send email, password and username in request body. Email should be unique, password should be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character. Username should be unique. If you send wrong data you will get error message.
Bycrypt will be used to hash password.
Speakeasy will be used to generate secret key for OTP generation. (OTP - One-time password algorithm)
When you register, your user will be "user" role. You can change your role to "admin" in database. With route for that.
When you register email will be sent to your email address. You should click on link in email to verify your email address. If you don't verify your email address your account will be limited.
When you register you will get secret key . It will be saved in your database. You will need this key to generate OTP.
It is planned to implement QR code for OTP generation. TOTP - Time-based One-time Password Algorithm will be used for OTP generation.
For testing purposes you can use Google Authenticator app to generate OTP. It can be generated from "base32" key in your database. Google Authenticator app can be downloaded from Google Play Store. It will use base32 key and give you Token for 30 seconds. You should use this token to login.
JWT token will be generated with email, id and SECRET from .env file. This token will be used for email verification. It will be sent to your email address. You should click on link in email to verify your email address. If you don't verify your email address your account will be limited.
Function that sends emails sendEmail(email, "Verify your email", null, emailContent); can send text and html.
If you want to send html you should use last parameter in function. If you want to send text you should use null as last parameter and write text as third parameter.
Request: request body:
{
"email": "joe@hotmail.com",
"password": "joe12345!",
"username": "joe"
}Response:
{
"message": "User registered successfully and email sent to your email address",
"user": {
"id": 28,
"username": "joe",
"email": "joe@hotmail.com",
"emailVerified": false,
"verificationToken": null, //possibly usless
"password": "$2b$10$nrfE/z321XhbGIqOM2B4Bexf7cdeDz846dbohKpVP/GCdxCjyNpke",
"role": "user",
"profileStatus": "active",
"secret": {
"hex": "6b2445744d69324e737d5b295e6b342e21497d75",
"ascii": "k$EtMi2Ns}[)^k4.!I}u",
"base32": "NMSEK5CNNEZE4435LMUV42ZUFYQUS7LV",
"otpauth_url": "otpauth://totp/SecretKey?secret=NMSEK5CNNEZE4435LMUV42ZUFYQUS7LV"
}
}
}POST
/login: This route allows a user to log in to the app using their email and password.
http://localhost:3000/api/login
Description:
To login you should send email, password and token in request body. If you send wrong data you will get error message.
Token(TOTP) is generated with speakeasy. It is generated with secret key from your database. You can generate token with Google Authenticator app. It can be downloaded from Google Play Store. It will use base32 key and give you Token for 30 seconds. You should use this token to login.
If your credentials are correct you will get JWT token access and refresh token. You should use access token to access protected routes. You should use refresh token to get new access token.
Access token will expire in 30 minutes. Refresh token will expire in 25 hours. If you want to change expiration time you should change it in .env file.
Request: request body:
{
"email": "joe@hotmail.com",
"password": "joe12345!",
"token": "335954"
}Response:
{
"username": "joe",
"status": "Logged in",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im1haGlyLmNzQGhvdG1haWwuY29tIiwicm9sZSI6InVzZXIiLCJpYXQiOjE2NzMwMTIyMzYsImV4cCI6MTY3MzAxMjI2Nn0.1hMOa5ASYgdp9Tk86Y_QYXIxh9862UULErZX5U293gU",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im1haGlyLmNzQGhvdG1haWwuY29tIiwicm9sZSI6InVzZXIiLCJpYXQiOjE2NzMwMTIyMzYsImV4cCI6MTY3MzAxMzczNn0.FaCEwKsamAiFn0w0ttBSP691_27X8wnUXdbYShOCsnc"
}GET
/refreshtoken: This route allows a user to refresh their access token, which is required for authenticated requests.
http://localhost:3000/api/refreshtoken
Description:
To refresh your access token you should send refresh token in request headers. If you send wrong data you will get error message.
You will get new access token and refresh token. You should use new access token to access protected routes. You should use new refresh token to get new access token.
To change expiration time you should change it in .env file.
Access token and refresh token can be aquired from login route.
Request: request headers:
GET http://localhost:3000/api/refreshtoken
Host: http://localhost:3000
Content-Type: application/json
refresh-token: eyJhbGciOi..
access-token: eyJhbGciOi..
Response:
{
"status": "Logged in, new token generated",
"access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im1haGlyLmNzQGhvdG1haWwuY29tIiwicm9sZSI6InVzZXIiLCJpYXQiOjE2NzMwMTM0NzIsImV4cCI6MTY3MzAxMzUwMn0.2r-RXEg5HkmvaDKy7S10ZCIBOgEFxPISWrvXT5RX_qk",
"refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im1haGlyLmNzQGhvdG1haWwuY29tIiwicm9sZSI6InVzZXIiLCJpYXQiOjE2NzMwMTM0NzIsImV4cCI6MTY3MzAxNDk3Mn0.DtwwK6SObyxXlz2--M562LXc9jp1Ujh-08bHif3QzC0"
}POST
/forgotpassword: This route allows a user to request a password reset by providing their email address.
http://localhost:3000/api/forgotpassword
Description:
If you forgot your password you can reset your password with this route.
You should send email and newpassword in request body.
When you send email it will check if your email is in database. If it is in database it will then validate newpassword. If email is in database, and new password pass validation, the email will be sent to your address.
When you click on the lin in the email it will change your password.
Link is created with JWT token. JWT token contains your email and newpassword.
It uses resetpassword route to verify email and change password.
Request: request body:
{
"email": "joe@hotmail.com",
"newpassword": "joe12345!"
}Response:
{
"message": "Email sent successfully, please confirm your new password"
}POST
/resetpassword/:id/:token: This route allows a user to reset their password using a unique user ID and token that were sent to their email address.
http://localhost:3000/api/refreshtoken
Description:
This route is used to reset passoword. It will be sent to your email. You should click on the link to reset your password.
When you click, it will verify that email address is in database and it will validate new password. If it is in database and new password pass validation it will change your password.
Request: request body:
GET http://localhost:3000/api/resetpassword/:id/:token
Host: http://localhost:3000
Content-Type: application/json
Response:
{
"message": "Password changed successfuly"
}POST
/changepassword: This route allows a user to change their password after successfully logging in.
http://localhost:3000/api/refreshtoken
Description:
This route is used to change your password. You should send old password and new password in request body.
It will check if your old password is correct. If it is correct it will validate new password. If old password is correct and new password pass validation it will send an email to your address containg your id and JWT token.
JWT token contains your new password.
If you click on the link in the email it will change your password.
Request: request body:
{
"email": "joe@hotmail.com",
"oldpassword": "joe12345!",
"newpassword": "Joe12345!"
}Response:
{
"message": "Email sent successfully, click on the link to verify your action."
}GET
/removeuser/:id/This route allows an admin to remove a user from the database.
http://localhost:3000/api/removeuser/:id/
Description:
This route is used to remove user from database. You should send user id in request body.
Request: request body:
GET http://localhost:3000/api/removeuser/:id/
Host: http://localhost:3000
Content-Type: application/json
Response:
{
"message": "User deleted successfully"
}GET
/getallusersThis route allows an admin to get all users from the database.
http://localhost:3000/api/getallusers
Description:
This route is used to get all users from database.
Request: request body:
GET http://localhost:3000/api/getallusers
Host: http://localhost:3000
Content-Type: application/jsonResponse:
[
{
"id": 1,
"username": "joe",
"email": "joe.cs@gmail.com",
"emailVerified": false,
"verificationToken": null,
"password": "$2b$10$yggSRTjelNlsApuUCCdjNOLBXw3iYoVWz9J5DcQmHdgjaUzODf30y",
"role": "user",
"profileStatus": "active",
"secret": null
},
{
"id": 4,
"username": "james",
"email": "james@gmail.com",
"emailVerified": false,
"verificationToken": null,
"password": "$2b$10$.sMvuQ0UnKLsg/1hmuHWPeCAL4q6ac6jY5na5EuK0hyYtfw34Mfl2",
"role": "user",
"profileStatus": "active",
"secret": null
},
{
"id": 9,
"username": "Iah",
"email": "bob.cs@gmail.com",
"emailVerified": false,
"verificationToken": null,
"password": "$2b$10$n68IKyOrePcTCwCvQEcAx.XT3pNUVCByXNGfB6fdhghYgbRnKKrom",
"role": "user",
"profileStatus": "active",
"secret": {
"hex": "5b3b614c3057557447553972333c442a352c7b72",
"ascii": "[;aL0WUtGU9r3<D*5,{r",
"base32": "LM5WCTBQK5KXIR2VHFZDGPCEFI2SY63S",
"otpauth_url": "otpauth://totp/SecretKey?secret=LM5WCTBQK5KXIR2VHFZDGPCEFI2SY63S"
}
},
{
"id": 30,
"username": "Joe",
"email": "joe@hotmail.com",
"emailVerified": false,
"verificationToken": null,
"password": "$2b$10$lfHX1wkdmJV6.O.BZQ92sum8POOcViLNMYYLNsEPpqSgd2qR0Vnvq",
"role": "user",
"profileStatus": "active",
"secret": {
"hex": "3c4633294b4d556e3f773846382a256c2c29792c",
"ascii": "<F3)KMUn?w8F8*%l,)y,",
"base32": "HRDDGKKLJVKW4P3XHBDDQKRFNQWCS6JM",
"otpauth_url": "otpauth://totp/SecretKey?secret=HRDDGKKLJVKW4P3XHBDDQKRFNQWCS6JM"
}
}
]GET
/pagination/:pageNumber/:limitNumberThis route allows an admin to get all users from the database.
http://localhost:3000/api/getallusers
Description:
This route is used to get all users from database.
You should send page number and limit number in request body.
Request: request body:
GET http://localhost:3000/api/pagination/1/5
Host: http://localhost:3000
Content-Type: application/jsonResponse:
[
{
"id": 4,
"username": "james",
"email": "james@gmail.com",
"emailVerified": false,
"verificationToken": null,
"password": "$2b$10$.sMvuQ0UnKLsg/1hmuHWPeCAL4q6ac6jY5na5EuK0hyYtfw34Mfl2",
"role": "user",
"profileStatus": "active",
"secret": null
},
{
"id": 9,
"username": "Iah",
"email": "bob.cs@gmail.com",
"emailVerified": false,
"verificationToken": null,
"password": "$2b$10$n68IKyOrePcTCwCvQEcAx.XT3pNUVCByXNGfB6fdhghYgbRnKKrom",
"role": "user",
"profileStatus": "active",
"secret": {
"hex": "5b3b614c3057557447553972333c442a352c7b72",
"ascii": "[;aL0WUtGU9r3<D*5,{r",
"base32": "LM5WCTBQK5KXIR2VHFZDGPCEFI2SY63S",
"otpauth_url": "otpauth://totp/SecretKey?secret=LM5WCTBQK5KXIR2VHFZDGPCEFI2SY63S"
}
},
{
"id": 30,
"username": "Joe",
"email": "joe@hotmail.com",
"emailVerified": false,
"verificationToken": null,
"password": "$2b$10$lfHX1wkdmJV6.O.BZQ92sum8POOcViLNMYYLNsEPpqSgd2qR0Vnvq",
"role": "user",
"profileStatus": "active",
"secret": {
"hex": "3c4633294b4d556e3f773846382a256c2c29792c",
"ascii": "<F3)KMUn?w8F8*%l,)y,",
"base32": "HRDDGKKLJVKW4P3XHBDDQKRFNQWCS6JM",
"otpauth_url": "otpauth://totp/SecretKey?secret=HRDDGKKLJVKW4P3XHBDDQKRFNQWCS6JM"
}
}
]GET
/updateemail/:idThis route allows a user to update his email address.
Description:
This route is used to update email address.
You should send email address and password in request body. Your id should be in params.</br
It will check password if it is correct, then it will check if email address is already in use or not.
If email address is not in use, it will send an email to your new email address with a link to verify your new email address.
When you click on the link, your new email address will be changed and verified.
You can not use your old email address anymore.
Request: request body:
{
"email": "joe@hotmail.com",
"password": "Joe12345!"
}Response:
{
"message": "Email sent successfully, your new email address is joe@hotmail.com, you can not use your old email Masa99284@outlook.com anymore!"
}GET
/updateemailurl/:id/:tokenThis route allows a user to update his email address by clicking on the link in the email.
http://localhost:3000/api//updateemailurl/:id/:token
Description:
This route is used to update email address by clicking on the link in the email.
Request: request body:
GET http://localhost:3000/api/updateemailurl/:id/:token
Host: http://localhost:3000
Content-Type: application/jsonResponse:
{
"message": "Email changed successfully, your new email is joe@hotmail.com"
}GET
/verifyemail/:id"This route allows a user to verify his email address by clicking on the link in the email.
http://localhost:3000/api/verifyemail/:id"
Description:
This route is used to verify email address by clicking on the link in the email.
You should send id in params, it will check if your email address is in database or not.
If your email address is in database, it will check if your email address is verified or not.
If your email address is not verified, it will send you a link on your email address to click on it.
When you click on the link, your email address will be verified.
Request: request body:
GET http://localhost:3000/api/verifyemail/:id
Host: http://localhost:3000
Content-Type: application/jsonResponse:
{
"message": "Email sent successfully"
}GET
/verifyemailurl/:id/:tokenThis route allows a user to verify his email address by clicking on the link in the email.
http://localhost:3000/api/verifyemailurl/:id/:token
Description:
This route is used to verify email address by clicking on the link in the email.
This link will be sent by sending request to /verifyemail/:id route.
Request: request body:
GET http://localhost:3000/api/verifyemailurl/:id/:token
Host: http://localhost:3000
Content-Type: application/jsonResponse:
{ "message": "Email verified successfully" }GET
/createprofileThis route allows a user to create his profile.
http://localhost:3000/api/getallusers
Description:
This route is used to create profile.
It will check if user exists in database or not.
Then if the user has profile or not.
If the user has profile, it will not allow you to create profile.
It will create profile if user has no profile.
Then, it will change hasProfile to true.
Request: request body:
{
"id": 37,
"firstname": "joeaga",
"lastname": "joeagic",
"phonenumber": "123-456-7890",
"country": "United States",
"state": "California",
"city": "Los Angeles",
"address": "123 Main St",
"zipcode": "90001"
}Response:
{ "message": "Profile created successfully", {
"id": 5,
"firstname": "joeaga",
"lastname": "joeagic",
"phoneNumber": "123-456-7890",
"country": "United States",
"state": "California",
"city": "Los Angeles",
"address": "123 Main St",
"zipCode": "90001",
"profileId": 37
}
}
GET
/updatepersonalinfo/:idThis route allows a user to update his personal info.
Description:
This route is used to update personal info.
You can update firstname, lastname, phonenumber, country, state, city, address, zipcode.
It will check if user exists in database or not.
Then if the user has profile or not.
If the user has no profile, it will not allow you to update personal info.
Request: request body:
{
"lastname": "Traver"
}Response:
{
"message": "Personal information updated successfully",
"user": {
"id": 35,
"username": "dedo",
"email": "dedo.cs@hotmail.com",
"emailVerified": false,
"verificationToken": null,
"password": "$2b$10$Y2dv.3R7Sa91vxoOa7czQuV6AsmbKmzAUzKydROxW5.dNwoLjtVLq",
"role": "user",
"profileStatus": "active",
"hasProfile": false,
"secret": {
"hex": "6c71562367484d544e31383c414372754f77763b",
"ascii": "lqV#gHMTN18<ACruOwv;",
"base32": "NRYVMI3HJBGVITRRHA6ECQ3SOVHXO5R3",
"otpauth_url": "otpauth://totp/SecretKey?secret=NRYVMI3HJBGVITRRHA6ECQ3SOVHXO5R3"
}
},
"profile": {
"id": 5,
"firstname": "joeaga",
"lastname": "Traver",
"phoneNumber": "123-456-7890",
"country": "United States",
"state": "California",
"city": "Los Angeles",
"address": "123 Main St",
"zipCode": "90001",
"profileId": 35
}
}GET
/disableaccountThis route allows a user to disable his account.
http://localhost:3000/api/disableaccount
Description:
This route is used to disable account.
You need to send username and password in request body.
Request: request body:
{
"username": "fuke",
"password": "joe12345!"
}Response:
{
"message": "Account disabled successfully"
}GET
/deleteaccountThis route allows a user to delete his account, his profile.
http://localhost:3000/api/deleteaccount
Description:
This route is used to delete account.
You need to send username and password in request body.
Request: request body:
{
"username": "fuke",
"password": "joe12345!"
}Response:
{
"message": "Account deleted successfully",
"deleteProfile": {
"id": 8,
"firstname": "joeaga",
"lastname": "joeagic",
"phoneNumber": "123-456-7890",
"country": "United States",
"state": "California",
"city": "Los Angeles",
"address": "123 Main St",
"zipCode": "90001",
"profileId": 37
}
}GET
/getallprofilesThis route allows a user to get all profiles.
http://localhost:3000/api/getallprofiles
Description:
This route is used to get all profiles.
Request: request body:
GET http://localhost:3000/api/getallprofiles
Host: http://localhost:3000
Content-Type: application/json
Response:
[
{
"id": 1,
"firstname": "John",
"lastname": "Bimbo",
"phoneNumber": "123-456-7890",
"country": "United States",
"state": "California",
"city": "Los Angeles",
"address": "123 Main St",
"zipCode": "90001",
"profileId": 9
},
{
"id": 2,
"firstname": "Masa",
"lastname": "Memac",
"phoneNumber": "123-456-7890",
"country": "United States",
"state": "California",
"city": "Los Angeles",
"address": "123 Main St",
"zipCode": "90001",
"profileId": 30
}
]GET
/downloaduserdata/:idThis route allows a user to download his data.
http://localhost:3000/api/downloaduserdata/34
Description:
This route is used to download user data.
You need to send user id in request params.
It sill send you PDF file with user and profile data.
Request: request body:
GET http://localhost:3000/api/downloaduserdata/:id
Host: http://localhost:3000
Content-Type: application/jsonResponse:
PDF
user-data.pdfGET
/createprofilepicture/:idThis route allows a user to create profile picture.
http://localhost:3000/api/createprofilepicture/:id
Description:
This route is used to create profile picture.
You need to send user id in request params and in body, form-data, KEY = profilPicture, VALUE = image.
If you have error in Node, that usually means that bucket in minIO is not created.
You need to create bucket in minIO with name of your user id.
Request: request body:
POST http://localhost:3000/api/createprofilepicture/:id
Host: http://localhost:3000
Content-Type: application/json
Response:
{
"message": "Successfully uploaded image to testbucket/image.jpg with ETag [object Object]"
}GET
/updateprofilepicture/:idThis route allows a user to update profile picture.
http://localhost:3000/api/updateprofilepicture/:id
Description:
This route is used to update profile picture.
You need to send user id in request params and in body, form-data, KEY = profilPicture, VALUE = image.
Request: request body:
POST http://localhost:3000/api/updateprofilepicutre/:id
Host: http://localhost:3000
Content-Type: application/jsonResponse:
{
"message": "Successfully updated image to testbucket/image.jpg with ETag [object Object]"
}GET
/removeprofilepicture/:idThis route allows a user to remove profile picture.
http://localhost:3000/api/removeprofilepicture/:id
Description:
This route is used to remove profile picture.
You need to send user id in request params.
Request: request body:
POST http://localhost:3000/api/removeprofilepicture/:id
Host: http://localhost:3000
Content-Type: application/jsonResponse:
{
"message": "Successfully removed image from testbucket/image.jpg"
}GET
/verifyusertwofactor/:id/:tokenThis route allows a user to test TOTP verification.
http://localhost:3000/api/verifyusertwofactor/:id/:token
Description:
Goal of this route is to test verification function, how to verify with two factor authentication.
You should send your id and token in params.
Token should be generated with Authenticator app.
Use ID from user (using getallusers route) and base32 from secret field.
Request: request body:
GET http://localhost:3000/api//verifyusertwofactor/:id/:token
Host: http://localhost:3000
Content-Type: application/jsonResponse:
{
"message": "Token is valid"
}
GET
/changeroleThis route allows a user to change role.
http://localhost:3000/api/changerole
Description:
For this route to work you need to send email of user you want to change role and new role in request body.
In headers you need to send token of user that is admin.
This token can be acquired by logging in with admin account.
This route is using auth-middleware, so you need to send token in headers. This can be found in middleware folder.
Request: Headers: access-token: token of admin user refresh-token: token of admin user request body:
{
"role":"admin",
"email":"dedo.cs@hotmail.com"
}Response:
{
"message": "Role changed successfully"
}GET
/dashboard/:idThis route is an example of protected route.
http://localhost:3000/api//dashboard/:id
Description:
This route is an example of protected route.
First login as user using autheticator app to get token. This will give you access token and refresh token.
Then you send request and you will get new refresh token.
You send an id in params.
This route is using auth-middleware, so you need to send token in headers. This can be found in middleware folder.
Request: Headers: access-token: token of user, login as user to get token refresh-token: token of user request body:
GET http://localhost:3000/api/dashboard/:id
Host: http://localhost:3000
Content-Type: application/json
Response:
{
"message": "New access-token generated",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im1haGlyLmNzQGhvdG1haWwuY29tIiwicm9sZSI6ImFkbWluIiwiaWF0IjoxNjczMzM3MDQ3LCJleHAiOjE2NzMzMzcwNzd9.KNxjg1JNVPiGkc3-V_0_AVXJtFGRDu_3sQnqz8NWA0o"
}POST
/updateemail/:id:This route allows a user to update their email address after successfully logging in.
GET
/updateemailurl/:id/:token:This route allows a user to access the email update page using a unique user ID and token that were sent to their current email address.
POST
/verifyemail/:id:This route allows a user to verify their new email address by sending a verification email to the new address.
GET
/verifyemailurl/:id/:token:This route allows a user to verify their new email address by clicking on a unique verification link sent to their new email address.
GET
/verifyusertwofactor/:userId/:token:This route allows a user to verify their two-factor authentication using a unique user ID and token that were sent to their email address.
POST
/updateprofilepicture/:id:This route allows a user to update their profile picture after successfully logging in.
POST
/createprofilepicture/:id:This route allows a user to create a profile picture after successfully logging in.
POST
/removeprofilepicture/:id:This route allows a user to remove their profile picture after successfully logging in.
POST
/createprofileThis route allows a user to create a profile after successfully logging in.
POST
/updatepersonalinfo/:id:This route allows a user to update their personal information after successfully logging in.
POST
/disableaccount:This route allows a user to disable their account after successfully logging in.
POST
/deleteaccount:This route allows a user to delete their account after successfully logging in.
GET
/downloaduserdata/:id:This route allows a user to download all of their user data after successfully logging in.
POST
/changerole:This route allows an admin to change the role of another user.
GET
/getallusers:This route allows an admin to retrieve a list of all users.
GET
/getallprofiles: This route allows an admin to retrieve a list of all profiles.