logicspike/docs

Settings

User Settings Page — Technical Specification

Overview

The User Settings page is a global, workspace-agnostic preferences hub. Unlike Workspace Settings (which are scoped to the active tenant), changes here apply across every workspace the user belongs to.

This page is accessible to all authenticated users regardless of role and must remain reachable even if the user has zero active workspaces.

Architecture Decision: Where Does It Live?

Since it is workspace-independent, this page should live outside the dashboard layout (which requires an active workspace context):

/settings                   ← New top-level route (not under /dashboard)
/settings/profile           ← Personal Info (may be merged into /settings)
/settings/security          ← Password, 2FA, Sessions
/settings/notifications     ← Email & push preferences
/settings/appearance        ← Theme, language
/settings/account           ← Danger zone: delete your entire account

The sidebar should show a "Settings" link in the bottom user-menu area that routes to /settings (not /dashboard/settings).

Page Sections

1. Personal Information

Already partially built in /dashboard/settings/profile. This gets migrated/linked here.

  • Display Name — editable, synced across all workspaces
  • Email — read-only (bound to OAuth provider)
  • Avatar — upload, crop, sync globally
  • Phone Number — optional; used for 2FA fallback

2. Security

  • Password Management
    • Link password to account (if OAuth-only user)
    • Change existing password (requires current password verification)
  • Two-Factor Authentication (2FA)
    • TOTP setup via QR code (Authenticator app)
    • Generate and display one-time recovery codes
    • Status badge: Enabled / Disabled
  • Active Sessions
    • List of recent device logins (browser, IP, country, last seen)
    • "Revoke All Other Sessions" button
    • Individual session revocation

3. Notification Preferences

  • Email Notifications
    • Security alerts (always on, dimmed toggle)
    • Workspace invitations (on/off)
    • Billing alerts (on/off)
    • Product updates & marketing (on/off)
  • (Future) In-app notification preferences

4. Appearance

  • Theme — Light / Dark / System (auto)
    • Stored locally via next-themes for instant switching
    • Optionally saved in DB on the users table (for multi-device sync)
  • Language(Future, placeholder) UI locale selection

5. Connected Workspaces (Read-only Overview)

  • A read-only card listing all workspaces the user belongs to across the platform
  • Shows workspace name, role badge, and joined date
  • Links to each workspace dashboard (switches context)
  • This replaces/complements the sidebar workspace switcher for a clear unified view

6. Account Deletion (Danger Zone)

  • Delete My Account button
    • Pre-condition check: If the user is the sole owner of any workspace, deletion is blocked with a prompt to transfer or delete those workspaces first.
    • Shows which workspaces must be resolved.
    • Requires typing DELETE MY ACCOUNT in a confirmation input.
    • On success: Signs the user out, destroys all session tokens, drops the users row and associated auth providers.

Key Edge Cases

Case Handling
User has no active workspace /settings still works and is fully accessible
User deletes only workspace Redirect to /onboarding, NOT to /settings — they need a workspace to use the platform
User tries to delete account while sole owner of workspace Block with actionable message: "You must transfer or delete WorkspaceName before deleting your account"
2FA recovery codes lost Must contact admin support (no self-serve bypass)
Revoking sessions Forces logout on all other devices immediately; current session preserved

Implementation Steps

Phase A: Route & Layout

  1. Create apps/seller-dashboard/src/app/settings/layout.tsx — minimal nav header with user avatar and "Back to Dashboard" link.
  2. Create apps/seller-dashboard/src/app/settings/page.tsx — the main hub with section cards & links.

Phase B: Profile & Security

  1. Migrate the existing profile content from /dashboard/settings/profile/settings/profile.
  2. Create /settings/security/page.tsx with 2FA UI, session list, and password management.

Phase C: Notifications & Appearance

  1. Create /settings/notifications/page.tsx with granular toggle cards.
  2. Create /settings/appearance/page.tsx with theme switcher. Wire next-themes.

Phase D: Connected Workspaces Panel

  1. Add a "Your Workspaces" overview card in /settings/page.tsx using the useWorkspaces hook.

Phase E: Account Deletion (Danger Zone)

  1. Add the Account Deletion section with pre-condition check and type-to-confirm dialog.
  2. Backend: DELETE /manager/profile/account endpoint — validates, cascades deletions, and invalidates tokens.
Settings