Unblock a User
Remove a previously blocked user from the caller's block list. Returns 404 if no block row exists for this pair.
DELETE /api/v1/users/block/:userId — 🔑 Bearer
Removes the BlockList row for the (ownerId, blockedId) pair. Not idempotent — if no row exists, returns 404 user.block.not_blocked so the caller knows nothing changed. The opposite direction (other user blocking this user) is unaffected.
The path mirrors POST /users/block/:userId exactly — same param, same auth. Method (POST vs DELETE) is the only differentiator.
Request
Path parameters
| Param | Type | Validation | Notes |
|---|---|---|---|
userId | string (UUID) | ParseUUIDPipe | The user to unblock |
No body.
| Header | Required | Notes |
|---|---|---|
Authorization: Bearer <accessToken> | ✓ | JWT from POST /auth/login |
Response
200 OK — SuccessOnlyResponseDto
{
"success": true
}| Field | Type | Notes |
|---|---|---|
success | boolean | Always true on 200 |
Errors
| HTTP | code / i18nKey | Reason |
|---|---|---|
400 | (validation) | userId not a valid UUID |
401 | (guard) | Missing / invalid bearer token |
404 | user.block.not_blocked | No BlockList row exists for this owner/blocked pair |
Side effects
prisma.blockList.findFirst({ where: { ownerId, blockedId } }). If absent →not_blocked.prisma.blockList.delete({ where: { id: existing.id } }).- Audit log (info level):
[block] User {ownerId} unblocked {blockedId}.
Code samples
curl -X DELETE https://api.bio.re/api/v1/users/block/f0e1d2c3-b4a5-6789-0123-456789abcdef \
-H "Authorization: Bearer $ACCESS_TOKEN"async function unblockUser(accessToken: string, blockedUserId: string): Promise<void> {
const res = await fetch(`https://api.bio.re/api/v1/users/block/${blockedUserId}`, {
method: 'DELETE',
headers: { Authorization: `Bearer ${accessToken}` },
});
const json = await res.json();
if (!res.ok || !json.success) {
throw Object.assign(new Error(json?.error?.message ?? 'Unblock failed'), {
code: json?.error?.code,
});
}
}import { useMutation, useQueryClient } from '@tanstack/react-query';
export function useUnblockUser() {
const qc = useQueryClient();
return useMutation({
mutationFn: async (blockedUserId: string) => {
const res = await fetch(`/api/v1/users/block/${blockedUserId}`, { method: 'DELETE' });
const json = await res.json();
if (!res.ok || !json.success) {
throw Object.assign(new Error(json?.error?.message ?? 'Unblock failed'), {
code: json?.error?.code,
i18nKey: json?.error?.i18nKey,
});
}
},
onSuccess: () => {
qc.invalidateQueries({ queryKey: ['users', 'blocked'] });
},
});
}Try it
Authorization
bearer In: header
Path Parameters
Response Body
application/json
application/json
application/json
curl -X DELETE "https://loading/api/v1/users/block/string"{
"success": true
}{
"success": false,
"error": {
"code": "AUTH_UNAUTHORIZED",
"message": "Invalid credentials",
"i18nKey": "auth.login.invalid_credentials",
"i18nVars": {
"field": "email"
},
"details": [
{
"message": "email must be an email"
}
],
"correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
}{
"success": false,
"error": {
"code": "AUTH_UNAUTHORIZED",
"message": "Invalid credentials",
"i18nKey": "auth.login.invalid_credentials",
"i18nVars": {
"field": "email"
},
"details": [
{
"message": "email must be an email"
}
],
"correlationId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}
}Source
| Source | Path | Lines |
|---|---|---|
| Controller | apps/api-core/src/modules/user/user.controller.ts | 298–306 (unblockUser) |
| DTO (response) | apps/api-core/src/common/dto/common-response.dto.ts | SuccessOnlyResponseDto |
| Service | apps/api-core/src/modules/user/user.service.ts | 779–786 (unblockUser) |
| Prisma model | packages/prisma/prisma/schema.prisma | BlockList |
Block a User
Add a target user to the caller's block list. Self-block is rejected; double-block is a 409. Audit-logged for moderation review.
List Blocked Users
Read the caller's block list. Returns up to 50 most recently blocked users plus the total count. Pagination is not exposed by the controller (fixed at page 1, limit 50).