Accounts Phase 4: prefs sync + account/settings panel

- Prefs sync: GET/PUT /api/prefs store Calm Filters/Boundaries on the account.
  On sign-in the client adopts the account's prefs if present, else seeds them
  from the device; every change PUTs to the account so tuning follows you across
  devices. (Login side-effects run under untrack so browsing doesn't re-trigger.)
- Account panel: GET /api/account (email, connected sign-in methods, saved count,
  active sessions); Export my data (GET /api/account/export → JSON download);
  Sign out everywhere (revoke all sessions); Delete account (cascades to all
  account data) with an inline confirm. Reachable from You → Account.

Deferred to a follow-up: link/unlink a provider (OAuth link-mode) and per-session
revoke. 118 tests pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
jay
2026-06-03 14:02:38 +00:00
parent 1aa250ca67
commit bb008cfaa5
6 changed files with 345 additions and 14 deletions
+8 -2
View File
@@ -59,7 +59,13 @@ export async function logout() {
try {
await postJSON('/api/auth/logout', {});
} finally {
auth.user = null;
savedIds.clear();
clearLocal();
}
}
// Clear client auth state without a logout call (cookie already cleared server-side,
// e.g. after delete-account or sign-out-everywhere).
export function clearLocal() {
auth.user = null;
savedIds.clear();
}