Skip to content

targetcursor profile cursor#6

Open
amormousa wants to merge 8 commits into
Majoramari:mainfrom
amormousa:blackboxai/targetcursor-profile-cursor
Open

targetcursor profile cursor#6
amormousa wants to merge 8 commits into
Majoramari:mainfrom
amormousa:blackboxai/targetcursor-profile-cursor

Conversation

@amormousa

Copy link
Copy Markdown
Collaborator

Pull Request: Profile Page (Backend + Frontend) + Swagger Docs

Overview

This PR adds the full Profile page (backend + frontend) to the Seismic project, along with Swagger documentation updates and a few unrelated UI/auth-flow changes bundled in.


1. Database Migrations (5 new files)

Migration Description
006_extend_users.sql Adds new columns to users: first_name, role, location, university, time_zone, last_active_at, gender, languages (array)
007_profile_stats.sql New user_profile_stats table — cached aggregate coding stats (total seconds, active days, current/max streak) to avoid recomputing on every profile view
008_achievements.sql New achievements system: achievement_types (badge definitions) + user_achievements (links a user to an earned badge + timestamp)
009_activity_log.sql New activity_log table for the recent-activity feed, plus indexes on sessions and heartbeats for query performance
010_problem_stats_placeholder.sql Placeholder only — creates user_problem_stats with no real logic behind it yet, all zero values. Added purely so the Profile API can already support this shape; there is no actual problem-solving feature in Seismic yet

Also includes two seed files (seed_dummy_data.sql, seed_profile.sql) that generate fake data for four full users (profile + streaks + achievements + activity) and one simple test-user seed — these are for local testing only, not production.


2. Backend (Go / Fiber)

New files

  • handlers/profile.go — main profile handler:

    • GetProfile (GET /api/profile): aggregates everything about the user (basic info, coding stats, heatmap, achievements, activity, placeholder problem stats, profile-completion percentage) into a single response.
    • UpdateProfile (PATCH /api/profile): updates only whitelisted fields, with validation on bio (max 280 chars) and website (must be a valid URL).
    • Helper functions: computeMemberFor (human-readable "member for X years/months"), computeLastActive ("Online now" if <5 min, otherwise relative time), computeInfoCompletion (calculates profile completion % across 5 fields: fullName, bio, location, gender, languages), buildHeatmapGrid (converts flat daily data into a 52-week × 7-day grid with levels 0–4 based on seconds coded).
  • models/profile.go — all profile-related structs and DB queries:

    • ProfileResponse, HeatmapCell, ProfileInfoField, Achievement, ActivityLogItem, UpdateProfileRequest
    • GetProfileStats, UpdateProfileStats (recomputes stats from the sessions table and upserts)
    • GetProblemStats (returns zero values if no row exists, without inserting one — table is placeholder as noted above)
    • GetProfileAchievements, GetRecentActivity
    • UpdateUserProfile — only updates fields that were actually sent (pointer-based), query built with an explicit whitelist of columns (no risky string concatenation)

Modified files

  • models/user.go — all query functions (FindUserByEmail, FindUserByUsername, FindUserByID, FindUserByAPIKey, CreateUser) updated to fetch the new columns (display_name, first_name, role, location, university, time_zone, gender, languages, last_active_at)

  • routes/routes.go — new /api/profile route group (GET + PATCH), protected by RequireAuth

  • main.go — added PATCH to the allowed CORS methods

  • handlers/auth.go ⚠️important change to flag: in RequestMagicLink, the code now:

    • swallows the error if sending the email fails (instead of returning a 500)
    • returns the magic-link token directly in the response (devToken)

    This is explicitly commented as a TEMP DEV BYPASS to make local login testing easier without actually sending an email. This must be removed/reverted before any real deployment — it's a clear security risk, since anyone could log in as any email without ever receiving it.


3. Swagger (docs/swagger.json)

  • Added definitions for the new /api/profile endpoints (GET + PATCH) with full response schemas
  • Added new model definitions: models.Achievement, models.ActivityLogItem, models.HeatmapCell, models.ProfileInfoField, models.ProfileMetric, models.ProfileResponse, models.UpdateProfileRequest
  • Minor update to models.Heartbeat (added timezone)

4. Frontend (Angular)

New Profile page (pages/profile/)

  • profile.ts (434 lines) — component that uses ProfileService to fetch and display profile data, and allows editing
  • profile.html (419 lines) — template: profile card, metrics, heatmap, achievements, activity feed, info-completion widget
  • profile.css (914 lines) — full styling
  • profile.service.ts — defines all interfaces matching the backend response (ProfileResponse, HeatmapCell, Achievement, etc.) and exposes getProfile() / updateProfile() via ApiService

Related changes

  • core/api/api.service.ts — added a new patch<T>() method (previously only get/post/delete existed)
  • app.routes.ts — added /profile route, protected by authGuard
  • auth/login.ts and auth/verify.ts — after login/verify, users are now redirected to /profile instead of /dashboard (login also now reads the devToken introduced in auth.go to auto-navigate to the verify page — this is an extension of the same dev bypass and should be removed together with it)

Unrelated UI changes bundled in

  • app.htmlstill contains unresolved merge conflict markers (<<<<<<< HEAD / ======= / >>>>>>>) that must be resolved before merging, plus the addition of a new <app-target-cursor> component
  • app.ts — imports and enables a new TargetCursorComponent
  • shared/components/target-cursor/ (new file, 473 lines) and shared/components/magic-bento/ (directive + CSS, ~640 lines) — new UI components for visual effects (custom cursor + bento grid glow effect); not clear from this diff where else they're actually used besides being wired up in app.ts/app.html
  • angular.json — added an analytics ID (inside the same merge conflict)
  • package.json — added dependencies: fdir, gsap (likely for the new animation components)

⚠️ Must be fixed before merging

  1. app.html has unresolved merge conflict markers — the file is currently broken
  2. auth.go has a dev bypass that returns the magic-link token in the API response and swallows email-send failures — a security issue if this ships to production
  3. 010_problem_stats_placeholder.sql and everything wired to it (GetProblemStats, Solved/TotalProblems/Attempting in the response) are explicit placeholders — values are always empty/zero until a real problem-solving feature exists

amormousa added 8 commits July 7, 2026 06:32
- Add UpdateProfileStats to upsert cached aggregate stats after session processing
- Add GetProfileStats model function for reading cached profile stats
- Add RevokeAllUserRefreshTokens and CleanupExpiredRefreshTokens for token management
- Add POST /api/auth/logout endpoint to revoke refresh token and clear cookie
- Add periodic cleanup of expired refresh tokens on token refresh
- Populate user_profile_stats table from session processor background job
- Extend User model with all profile fields from migrations
@vercel

vercel Bot commented Jul 8, 2026

Copy link
Copy Markdown

@amormousa is attempting to deploy a commit to the Majoramari Team on Vercel.

A member of the Team first needs to authorize it.

@amormousa amormousa changed the title Blackboxai/targetcursor profile cursor targetcursor profile cursor Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant