🚀 Saraha App Documentation

📖 Brief Description

Saraha App is a backend RESTful API inspired by the Saraha concept, allowing users to receive anonymous messages securely.
Built with Node.js and Express, it follows a modular architecture, separating concerns into:

• Controllers – Handle incoming requests
• Services – Business logic and database operations
• Utilities – Helper functions and encryption
• Validators – Input validation with schemas

The app provides authentication, user management, and anonymous messaging functionality.

---

🌟 Main Features

👤 User Registration & Authentication

• ✅ Secure signup & signin
• 🔑 JWT-based access & refresh tokens
• 🚪 Logout from single or all devices

📱 Multi-Device Session Management

• 📋 Track all logged-in devices
• ❌ Terminate a specific device session
• 🔒 Logout from all active devices at once

✉️ Email Verification & Recovery

• ✅ Confirm email after registration
• 🔄 Resend confirmation email
• 🔑 Forgot & reset password flows
• 🔄 Resend password reset emails

🔒 Password Management

• 🔐 Secure password hashing
• 🔄 Change password for authenticated users
• ⏳ Reset password using time-limited tokens

🌐 Third-Party Authentication

• 🔵 Google OAuth login & registration

📝 User Profile Management

• 👤 Retrieve authenticated user profile
• ✏️ Update user account information
• ❌ Delete account permanently

🖼️ Profile Media Management

• 📤 Upload / update profile pictures
• ☁️ Cloudinary integration for file storage
• 🗑️ Delete files or folders from cloud storage

💬 Anonymous Messaging System

• ✉️ Send anonymous messages
• 👀 Receive messages privately
• 🔄 Control message visibility (public / private)
• 🌍 View public messages

🛡️ Administrative Controls

• 📋 Retrieve all users (Admin-only)
• 📄 Retrieve all messages (Admin-only)
• 🎛️ Role-based authorization

🔐 Security & Validation

• 🛡️ Authentication & authorization middlewares
• ✅ Input validation using schema validators
• 🌱 Environment-based configuration for sensitive data

---

🗂️ API Overview

The API is organized into two main modules:

• Users Module – Handles authentication and user operations
• Messages Module – Handles anonymous messaging

All endpoints are REST APIs returning JSON responses.

Legend:
🟢 Public | 🔒 Auth-required | ⚠️ Admin-only

---

🔐 Authentication & Authorization (/api/users)

Method	Endpoint	Description	Access
POST	/api/users/signup	Register a new user account	Public
POST	/api/users/signin	Authenticate user & return access/refresh tokens	Public
POST	/api/users/logout	Logout from current device	Auth
PUT	/api/users/confirmemail	Confirm user email via token	Public
POST	/api/users/refreshtoken	Generate new access token using refresh token	Auth
POST	/api/users/auth-gmail	Login/Register via Google OAuth	Public
POST	/api/users/forgotpassword	Send password reset email	Public
PUT	/api/users/resetpassword	Reset password using reset token	Public
PUT	/api/users/changePassword	Change password (authenticated user)	Auth
POST	/api/users/resend-confirmation	Resend email confirmation	Public
POST	/api/users/resend-reset-password	Resend password reset email	Public

---

👤 User Profile & Management (/api/users)

Method	Endpoint	Description	Access
PUT	/api/users/update	Update user profile info	Auth
DELETE	/api/users/delete	Delete user account	Auth
GET	/api/users/getall	Retrieve all users	Admin
GET	/api/users/getprofile	Retrieve authenticated user profile	Auth
GET	/api/users/getalldevices	Retrieve all active devices	Auth
PUT	/api/users/terminateDevice	Terminate a specific device	Auth
PUT	/api/users/logoutalldevices	Logout from all devices	Auth

---

🖼️ User Media & Files

Method	Endpoint	Description	Access
POST	/api/users/profilepicture	Upload/Update profile picture	Auth
DELETE	/api/users/deletefilefromcloudinary	Delete a specific file	Auth
DELETE	/api/users/deletefolderfromcloudinary	Delete a folder	Auth

---

💬 Messaging (/api/messages)

Method	Endpoint	Description	Access
POST	/api/messages/sendmessage/{receiverId}	Send anonymous message	Auth
GET	/api/messages/usermessages	Retrieve messages received by user	Auth
PATCH	/api/messages/messagevisibility/{messageId}	Change message visibility	Auth
GET	/api/messages/getpublicmessages	Retrieve all public messages	Public
GET	/api/messages/getallmessages	Retrieve all messages	Admin

---

🗺️ Quick API Reference

Users Module

Authentication

• POST /api/users/signup Public – Register new user
• POST /api/users/signin Public – Login user
• POST /api/users/logout Auth – Logout current session
• PUT /api/users/confirmemail Public – Confirm email
• POST /api/users/refreshtoken Auth – Refresh access token
• POST /api/users/auth-gmail Public – Google OAuth login

Password Recovery

• POST /api/users/forgotpassword Public – Send reset email
• PUT /api/users/resetpassword Public – Reset password
• PUT /api/users/changePassword Auth – Change password

User Profile

• PUT /api/users/update Auth – Update profile
• DELETE /api/users/delete Auth – Delete account
• GET /api/users/getprofile Auth – Get profile
• GET /api/users/getall Admin – Get all users

Device Management

• GET /api/users/getalldevices Auth – Get active devices
• PUT /api/users/terminateDevice Auth – Terminate device
• PUT /api/users/logoutalldevices Auth – Logout all devices

Media

• POST /api/users/profilepicture Auth – Upload profile picture
• DELETE /api/users/deletefilefromcloudinary Auth – Delete a file
• DELETE /api/users/deletefolderfromcloudinary Auth – Delete a folder

Messages Module

• POST /api/messages/sendmessage/{receiverId} Auth – Send anonymous message
• GET /api/messages/usermessages Auth – Get received messages
• PATCH /api/messages/messagevisibility/{messageId} Auth – Change visibility
• GET /api/messages/getpublicmessages Public – Get public messages
• GET /api/messages/getallmessages Admin – Get all messages

---

🏃 How to Use

1️⃣ Install Dependencies

npm install

2️⃣ Set Up Environment Variables

Create a .env file in the root directory with values as described above.

3️⃣ Run the Server

npm run dev

⚡ The server will start and expose all API endpoints for use.