{
  "_endpoints": [
    "/api/dr/user/verify-user/{userId}",
    "/api/dr/user/verify-user/{userId}?reCaptchaToken={token}",
    "/api/dr/rgtrUser/verify-user/{userId}",
    "/api/dr/user/getCheck/{userId}",
    "/api/dr/user/delete/verify-user/{userId}"
  ],
  "_auth_required": false,
  "_collection": "User Existence & Verification — Pre-Auth User Enumeration",
  "_critical": "All endpoints confirm whether an email/userId exists in the system. Can be used for automated user enumeration without any authentication.",
  "fields": {
    "response_type": "string[] (non-empty array if user exists, empty or null if not)",
    "note": "verifyUserWhileLogin wraps this with a reCaptchaToken query param — but the base endpoint has no captcha requirement.",
    "endpoints_detail": {
      "/dr/user/verify-user/{userId}": {
        "source": "login.service.ts",
        "description": "Returns user info array if email exists in the RgntUser table",
        "auth": "None",
        "usage": "Called during login to check if user email exists before proceeding"
      },
      "/dr/user/verify-user/{userId}?reCaptchaToken=": {
        "source": "login.service.ts",
        "description": "Same as above but with reCAPTCHA token parameter. The captcha is enforced client-side only.",
        "auth": "None",
        "usage": "Login flow — reCAPTCHA token sent as query param, no server-side verification visible"
      },
      "/dr/rgtrUser/verify-user/{userId}": {
        "source": "rgtr-login.service.ts",
        "description": "Registrar user email existence check (parallel to the rgnt user endpoint)",
        "auth": "None",
        "usage": "Registrar login flow"
      },
      "/dr/user/getCheck/{userId}": {
        "source": "Registration.service.ts",
        "description": "Registration-time existence check — returns user data if already registered",
        "auth": "None",
        "usage": "Registration flow — prevents duplicate registration"
      },
      "/dr/user/delete/verify-user/{userId}": {
        "source": "user.service.ts",
        "description": "Verify user under the deleteUserUrl base path (odd URL design — /delete/verify-user/)",
        "auth": "None",
        "usage": "User verification during delete flow"
      },
      "/dr/user/get/{userId}": {
        "source": "login.service.ts",
        "description": "Returns full user record by userId/email. No auth header despite being used post-login in the app.",
        "auth": "None",
        "usage": "Post-login user info retrieval — should have auth guard"
      }
    }
  }
}