USERRROUTES.

JS
Ayush Gupta
April 2025

1 File: userRoutes.js
This file defines API endpoints related to users. It connects specific URL paths (routes) to controller functions
that contain the business logic.
1 import express from " express ";

You’re importing Express.js, the web framework you’re using to build APIs.
1 import prote ctedRout e from ’../ Middleware / protected . js ’;

This imports your custom middleware that likely checks whether a request is coming from an authenticated
(logged-in) user. Though it’s not used in this file directly, it’s ready to be used for protected routes (like
getUserProfile, if needed). Think of it as a security gate.
1 import {
2 getUserProfile ,
3 login ,
4 logout ,
5 register ,
6 g e t U s e r I nc i d e n t s
7 } from "../ Controllers / u se rC o nt ro ll e rs . js ";

This line imports the actual logic for each route from the controller file. You are separating route definitions
from logic — this is a good architecture practice called the MVC pattern (Model-View-Controller).
1 const router = express . Router () ;

Creates a new Router instance from Express. It allows you to define routes related to users in a modular
way and export them to be used in the main index.js.

Now, defining your API endpoints:

POST /api/users/register
1 router . post ("/ register " , register ) ;

When a user sends a POST request to /api/users/register with their signup info, this calls the register
controller. It handles:
• Validation
• Hashing passwords
• Storing user in DB

POST /api/users/login
1 router . post ("/ login " , login ) ;

Logs the user in. Likely validates credentials, creates a token or session, and returns user data + authenti-
cation cookie/token.

1
 POST /api/users/logout
1 router . post ("/ logout " , logout ) ;

Logs the user out. Typically clears the cookie or session.

GET /api/users/profile/:userId
1 router . get ("/ profile /: userId " , getU serProfi le ) ;

Fetches a user’s profile using their userId from the URL.

GET /api/users/my-incidents/:userId
1 router . get ( ’/ my - incidents /: userId ’ , g e t U s e r I n c i d en t s ) ;

Gets all incidents reported by that user. Useful for a user dashboard or history view.
1 export default router ;

Makes this router available for use in other files. In index.js, you use this line:
1 app . use ("/ api / users " , userRoutes ) ;

So when someone accesses /api/users/login, this router handles it.

Flow Diagram (When to Use)

Yes — creating a simple flow diagram can help you visually explain:
• The journey of a request from frontend → backend → database

• The components involved (Route → Controller → Model → Response)

Suggestion: Create one diagram for user login like this:

[Frontend Login Form]

↓ (POST /api/users/login)
[Express Route (userRoutes.js)]
↓
[login() in userControllers.js]
↓
[User Model (MongoDB using Mongoose)]
↓
[Token/Cookie created → Sent as Response]
↓
[Frontend receives user info + token]

I can generate this diagram for you if you’d like — just say "yes, show me the flow diagram".

Summary for Interview:

“This file defines the API routes for user operations like registration, login, logout, viewing a profile, and
checking incidents reported by a user. Each route is mapped to a controller function that contains the
logic. The routes are modular and imported into the main server file using Express Router. I’ve also used
middleware to protect sensitive routes.”