# ๐Ÿ“‹ Profile Page Improvements - Implementation Plan ## โœ… **Completed:** 1. Avatar download and local storage (fixes Google rate limit) 2. WhatsApp OTP full implementation ## โณ **TODO:** --- ## 1. Avatar Download & Storage โœ… DONE ### **Implementation:** - Downloads Google avatar and stores in `/public/avatars/` - Serves from `http://localhost:3001/avatars/{userId}.jpg` - No more rate limits! ### **Files Modified:** - `apps/api/src/auth/auth.service.ts` - Added `downloadAndStoreAvatar()` method - `apps/api/src/main.ts` - Configured static file serving ### **Testing:** 1. Login with Google 2. Avatar downloads to `apps/api/public/avatars/{userId}.jpg` 3. Avatar URL in database: `/avatars/{userId}.jpg` 4. Accessible at: `http://localhost:3001/avatars/{userId}.jpg` --- ## 2. Profile Page Redesign with Tabs ### **Current Structure:** ``` Profile Page โ”œโ”€โ”€ Account Information Card โ”œโ”€โ”€ Password Change Card โ””โ”€โ”€ OTP Security Card (all methods together) ``` ### **New Structure:** ``` Profile Page โ”œโ”€โ”€ Profile Card (with tabs) โ”‚ โ”œโ”€โ”€ Edit Profile Tab โ”‚ โ”‚ โ”œโ”€โ”€ Avatar Upload โ”‚ โ”‚ โ”œโ”€โ”€ Name โ”‚ โ”‚ โ”œโ”€โ”€ Email (readonly) โ”‚ โ”‚ โ””โ”€โ”€ Phone โ”‚ โ””โ”€โ”€ Security Tab โ”‚ โ”œโ”€โ”€ Change Password Card โ”‚ โ”‚ โ”œโ”€โ”€ Current Password โ”‚ โ”‚ โ”œโ”€โ”€ New Password โ”‚ โ”‚ โ””โ”€โ”€ Confirm Password โ”‚ โ””โ”€โ”€ Two-Factor Authentication Card โ”‚ โ”œโ”€โ”€ Phone Number โ”‚ โ”œโ”€โ”€ WhatsApp OTP โ”‚ โ”œโ”€โ”€ Email OTP โ”‚ โ””โ”€โ”€ TOTP ``` ### **Implementation Steps:** #### **A. Add Avatar Upload** **Backend:** 1. Create upload endpoint: `POST /api/users/avatar` 2. Use `multer` for file upload 3. Save to `/public/avatars/{userId}.jpg` 4. Update user's `avatarUrl` **Frontend:** 1. Add file input with preview 2. Show current avatar 3. Upload button 4. Loading state #### **B. Reorganize Profile Page** **Create Tabs:** ```tsx Edit Profile Security {/* Avatar, Name, Email, Phone */} {/* Password Change + 2FA */} ``` --- ## 3. Account Deletion ### **Backend Implementation:** **Endpoint:** `DELETE /api/users/account` **Steps:** 1. Verify user password 2. Delete related data (transactions, categories, etc.) 3. Delete user account 4. Return success **Code:** ```typescript // users.controller.ts @Delete('account') async deleteAccount( @Req() req: RequestWithUser, @Body() body: { password: string } ) { return this.users.deleteAccount(req.user.userId, body.password) } // users.service.ts async deleteAccount(userId: string, password: string) { // 1. Get user and verify password const user = await this.prisma.user.findUnique({ where: { id: userId }, select: { passwordHash: true } }) if (user?.passwordHash) { const isValid = await bcrypt.compare(password, user.passwordHash) if (!isValid) { throw new UnauthorizedException('Invalid password') } } // 2. Delete related data await this.prisma.$transaction([ this.prisma.transaction.deleteMany({ where: { userId } }), this.prisma.category.deleteMany({ where: { userId } }), this.prisma.authAccount.deleteMany({ where: { userId } }), this.prisma.user.delete({ where: { id: userId } }) ]) return { success: true, message: 'Account deleted successfully' } } ``` ### **Frontend Implementation:** **Add to Security Tab:** ```tsx Danger Zone Permanently delete your account and all data {/* Confirmation Dialog */} Are you absolutely sure? This action cannot be undone. This will permanently delete your account and remove all your data from our servers.
setDeletePassword(e.target.value)} />
Cancel Delete Account ``` --- ## 4. WhatsApp OTP Resend ### **Backend Implementation:** **Endpoint:** `POST /api/otp/whatsapp/resend` **Code:** ```typescript // otp.controller.ts @Public() @Post('whatsapp/resend') async resendWhatsappOtp(@Body() body: { tempToken: string }) { try { // Verify temp token const payload = this.jwtService.verify(body.tempToken) as { temp?: boolean; userId?: string; sub?: string; }; if (!payload.temp) { throw new UnauthorizedException('Invalid token type'); } const userId = payload.userId || payload.sub; if (!userId) { throw new UnauthorizedException('Invalid token payload'); } // Send WhatsApp OTP (live mode for login) return this.otpService.sendWhatsappOtp(userId, 'live'); } catch { throw new UnauthorizedException('Invalid or expired token'); } } ``` ### **Frontend Implementation:** **Update OTP Verification Page:** ```tsx // Add resend handler for WhatsApp const handleResendWhatsApp = async () => { setResendLoading(true) setError('') try { await axios.post(`${API_URL}/api/otp/whatsapp/resend`, { tempToken }) setResendTimer(30) setCanResend(false) setError('') } catch (err) { setError('Failed to resend code. Please try again.') } finally { setResendLoading(false) } } // Add resend button in WhatsApp tab {/* ... existing code ... */} ``` --- ## 5. Auth Pages Design Restoration ### **Check Git History:** ```bash # Find commits that modified Login/Register pages git log --all --full-history -- "apps/web/src/components/pages/Login.tsx" git log --all --full-history -- "apps/web/src/components/pages/Register.tsx" # View specific commit git show :apps/web/src/components/pages/Login.tsx ``` ### **Steps:** 1. Find the preferred design commit 2. Compare with current version 3. Restore styling and layout 4. Keep current functionality (OTP, Google OAuth) 5. Test responsiveness --- ## ๐Ÿ“Š **Implementation Priority:** ### **Phase 1: Critical** (Do First) 1. โœ… Avatar download & storage - DONE 2. โณ WhatsApp OTP resend 3. โณ Profile page tabs reorganization ### **Phase 2: Important** (Do Next) 4. โณ Avatar upload functionality 5. โณ Account deletion ### **Phase 3: Nice to Have** (Do Last) 6. โณ Auth pages design restoration --- ## ๐Ÿ“ **Files to Modify:** ### **Backend:** 1. โœ… `apps/api/src/auth/auth.service.ts` - Avatar download (DONE) 2. โœ… `apps/api/src/main.ts` - Static files (DONE) 3. โณ `apps/api/src/otp/otp.controller.ts` - WhatsApp resend 4. โณ `apps/api/src/users/users.controller.ts` - Avatar upload, delete account 5. โณ `apps/api/src/users/users.service.ts` - Delete account logic ### **Frontend:** 1. โณ `apps/web/src/components/pages/Profile.tsx` - Tabs, avatar upload 2. โณ `apps/web/src/components/pages/OtpVerification.tsx` - WhatsApp resend 3. โณ `apps/web/src/components/pages/Login.tsx` - Design restoration 4. โณ `apps/web/src/components/pages/Register.tsx` - Design restoration --- ## ๐Ÿงช **Testing Checklist:** ### **Avatar Download:** - [ ] Login with Google - [ ] Check `apps/api/public/avatars/` folder - [ ] Avatar file exists - [ ] Avatar loads in Profile page - [ ] No rate limit errors ### **WhatsApp Resend:** - [ ] Login triggers WhatsApp OTP - [ ] Wait 30 seconds - [ ] Click "Resend Code" - [ ] New code received - [ ] Timer resets ### **Profile Tabs:** - [ ] See "Edit Profile" and "Security" tabs - [ ] Edit Profile shows avatar, name, email, phone - [ ] Security shows password change and 2FA - [ ] Tab switching works ### **Account Deletion:** - [ ] Click "Delete Account" - [ ] Confirmation dialog appears - [ ] Enter password - [ ] Account deleted - [ ] Redirected to login - [ ] Cannot login with deleted account --- **Ready to implement! Start with WhatsApp resend, then profile tabs!** ๐Ÿš€