User Management
Looping Binary uses a centralized user system that serves all connected platforms. Every user has a single account that works across LMS, E-commerce, Tournaments, and Community platforms.
One Account, All Platforms
Users register once and get automatic access to all platforms. Their profile, wallet, and preferences are synchronized everywhere.
User Model
Each user account contains the following information:
| Field | Type | Description |
|---|---|---|
| id | Integer | Unique user identifier |
| String | User's email address (unique) | |
| fullName | String | User's full name |
| password | String | Encrypted password (bcrypt) |
| role | Enum | USER, DEVELOPER, ADMIN, SUPERADMIN |
| isVerified | Boolean | Email verification status |
| googleId | String? | Google OAuth ID (optional) |
| githubId | String? | GitHub OAuth ID (optional) |
| wallet | Relation | User's coin wallet (1:1) |
User Roles & Permissions
LoopingBinary uses role-based access control (RBAC) with four distinct roles:
USER
DefaultStandard user account with basic permissions for all platforms.
Permissions:
- Register and login
- View own profile and balance
- Transfer coins to other users
- Purchase courses, products, services
- Participate in tournaments
- Access community features
DEVELOPER
Platform IntegrationDevelopers building platform integrations with API access and OAuth capabilities.
Additional Permissions:
- Generate and manage API keys
- Create OAuth client applications
- Access developer documentation
- View platform analytics
- Manage platform integrations
- Access webhook configuration
ADMIN
ElevatedPlatform administrators with extended management capabilities.
Additional Permissions:
- View all users
- Mint and burn coins
- Manage treasuries
- Generate API keys
- View transaction history
- Manage platform content
SUPERADMIN
Full AccessSystem administrators with complete control over the platform.
Additional Permissions:
- Delete users
- Manage user roles (including DEVELOPER, ADMIN, SUPERADMIN)
- Access system logs and audit trails
- Modify system settings
- Manage all treasuries and mint coins
- Full database access
User Registration
Users can register using email/password or LoopingBinary OAuth:
Email Registration
fetch('https://api.loopingbinary.com/api/auth/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(({
email: 'user@example.com',
password: 'SecurePass123!',
fullName: 'John Doe'
})
})What Happens:
- User account is created with USER role
- Password is encrypted with bcrypt (12 rounds)
- A wallet is automatically created with 0 balance
- Verification email is sent to user's email
- User receives JWT token for immediate login
Email Verification
New users must verify their email address to access certain features:
Unverified Account Limitations
- Cannot transfer coins
- Cannot purchase courses or products
- Limited community access
- Cannot generate API keys
fetch('https://api.loopingbinary.com/api/auth/verify-email', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(({
token: 'verification_token_from_email'
})
})Get User Profile
Retrieve the authenticated user's profile information:
fetch('https://api.loopingbinary.com/api/auth/me', {
headers: {
'Authorization': 'Bearer ' + token
}
})Response Example:
{
"user": {
"id": 123,
"email": "user@example.com",
"fullName": "John Doe",
"role": "USER",
"isVerified": true,
"createdAt": "2025-01-15T10:30:00Z",
"wallet": {
"balance": 250.50
}
}
}Admin Operations
Admins can perform advanced user management operations:
Get All Users
Retrieve a list of all users with pagination
GET /api/admin/usersGet User by ID
Get detailed information about a specific user
GET /api/admin/users/:idUpdate User Role
Change a user's role (SUPERADMIN only)
PATCH /api/admin/users/:id/roleDelete User
Permanently delete a user account (SUPERADMIN only)
DELETE /api/admin/users/:idUser Management Best Practices
- Always verify user identity before role changes
- Log all admin actions for audit trails
- Never store passwords in plaintext
- Implement rate limiting on registration endpoints
- Require strong passwords (8+ chars, mixed case, numbers)
- Use email verification for all new accounts
- Regularly review admin access logs