feat: implement user profiles with achievements and primary badge system (#58)

## Summary This PR implements comprehensive user profile enhancements including: - User profile pages showing stats, badges, social links, and bio - Achievement system with 62 achievements across 5 categories - Primary badge selection allowing users to display their preferred badge - Admin profile editing capabilities ## Changes ### User Profiles (#45) - **Frontend**: User profile pages with stats display - Profile cards showing avatar, display name, username, and bio - Social links section (Website, GitHub, Bluesky, LinkedIn, Twitch, YouTube, Discord) - Stats display (suggestions, accepted suggestions, likes, comments) - Recent achievements section - Badge display - Report button for other users' profiles - **Backend**: Profile API endpoints - Get user profile by username or ID - Profile includes stats, badges, and achievement points ### Achievement System (#48) - **Database**: UserAchievement model for tracking progress - **62 Total Achievements** across 5 categories: - **Suggestions (15)**: First suggestion through ultimate curator - **Likes (12)**: First like through legendary fan - **Comments (12)**: First comment through review legend - **Engagement (15)**: Login streaks and activity milestones - **Reports (8)**: Valid reports and accuracy tracking - **Backend**: AchievementService with real-time checking - Integrated into all user interaction points - API endpoints for achievement data - Progress tracking to avoid recalculation - **Frontend**: Achievements page and profile integration - Full achievements page with category filtering - Tier-based styling (Bronze, Silver, Gold, Platinum, Diamond) - Progress indicators for in-progress achievements - Recent achievements on profile pages ### Primary Badge System (#49) - **Database**: Add primaryBadge field to User model - **Backend**: Update profile endpoints to include primary badge - **Frontend**: Primary badge selection in settings - Only shows badges the user has earned - Displayed on profile page - Displayed in comments (next to username) - Falls back to no badge if selection is invalid - **Admin Features**: Admin can edit any user's primary badge ### Admin Enhancements - Comprehensive profile editing modal for admins - Edit display name, bio, slug, social links - Set primary badge for users - Visual feedback for save/error states - Admin action buttons in report review modals - Ban user, delete comment, edit profile - Integrated with report workflow ### Quality Improvements - Improved dropdown option contrast for readability - Hide all badges when no primary badge is selected - "View All" achievements link only shown on own profile - Improved achievement text readability ## Testing - ✅ User profiles display correctly with stats and badges - ✅ Achievement checking works for all interaction types - ✅ Primary badge selection persists and displays correctly - ✅ Admin profile editing saves successfully - ✅ Report workflow integrated with admin actions - ✅ Achievements page shows all 62 achievements with filtering - ✅ Text readability improved across components Closes #45 Closes #48 Closes #49 Co-authored-by: Hikari <hikari@nhcarrigan.com> Reviewed-on: #58 Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com> Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>
2026-02-19 22:21:17 -08:00
parent 7579f1ec97
commit 86404497f0
58 changed files with 8325 additions and 449 deletions
@@ -0,0 +1,122 @@
+/**
+ * @copyright 2026 NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import type { FastifyPluginAsync } from "fastify";
+import {
+  ACHIEVEMENT_LIST,
+  ACHIEVEMENTS,
+  AchievementProgress,
+  UserAchievementSummary,
+} from "@library/shared-types";
+import { AchievementService } from "../../services/achievement.service";
+
+const achievementsRoutes: FastifyPluginAsync = async (app) => {
+  const achievementService = new AchievementService();
+
+  /**
+   * Get all achievement definitions (public route).
+   */
+  app.get("/definitions", async () => {
+    return ACHIEVEMENT_LIST;
+  });
+
+  /**
+   * Get a specific achievement definition by key (public route).
+   */
+  app.get<{ Params: { key: string } }>(
+    "/definitions/:key",
+    async (request, reply) => {
+      const { key } = request.params;
+      const achievement = ACHIEVEMENTS[key];
+
+      if (!achievement) {
+        return reply.notFound("Achievement not found");
+      }
+
+      return achievement;
+    },
+  );
+
+  /**
+   * Get current user's achievement summary (authenticated users).
+   */
+  app.get<{ Reply: UserAchievementSummary }>(
+    "/summary",
+    {
+      preValidation: [app.authenticate],
+    },
+    async (request) => {
+      const userId = request.user.id;
+      const summary = await achievementService.getUserAchievementSummary(
+        userId,
+      );
+      return summary;
+    },
+  );
+
+  /**
+   * Get current user's achievement progress (authenticated users).
+   */
+  app.get<{ Reply: AchievementProgress[] }>(
+    "/progress",
+    {
+      preValidation: [app.authenticate],
+    },
+    async (request) => {
+      const userId = request.user.id;
+      const progress = await achievementService.getUserAchievementProgress(
+        userId,
+      );
+      return progress;
+    },
+  );
+
+  /**
+   * Get another user's achievement summary by ID (authenticated users).
+   */
+  app.get<{ Params: { userId: string }; Reply: UserAchievementSummary }>(
+    "/users/:userId/summary",
+    {
+      preValidation: [app.authenticate],
+    },
+    async (request, reply) => {
+      const { userId } = request.params;
+
+      try {
+        const summary = await achievementService.getUserAchievementSummary(
+          userId,
+        );
+        return summary;
+      } catch (error) {
+        return reply.notFound("User not found");
+      }
+    },
+  );
+
+  /**
+   * Get another user's achievement progress by ID (authenticated users).
+   */
+  app.get<{ Params: { userId: string }; Reply: AchievementProgress[] }>(
+    "/users/:userId/progress",
+    {
+      preValidation: [app.authenticate],
+    },
+    async (request, reply) => {
+      const { userId } = request.params;
+
+      try {
+        const progress = await achievementService.getUserAchievementProgress(
+          userId,
+        );
+        return progress;
+      } catch (error) {
+        return reply.notFound("User not found");
+      }
+    },
+  );
+};
+
+export default achievementsRoutes;
@@ -5,10 +5,11 @@
 */

 import { FastifyPluginAsync } from "fastify";
-import { Art, CreateArtDto, UpdateArtDto, Comment, CreateCommentDto, AuditAction, AuditCategory } from "@library/shared-types";
+import { Art, CreateArtDto, UpdateArtDto, Comment, CreateCommentDto, AuditAction, AuditCategory, AchievementCategory } from "@library/shared-types";
 import { ArtService } from "../../services/art.service";
 import { CommentService } from "../../services/comment.service";
 import { AuditService } from "../../services/audit.service";
+import { AchievementService } from "../../services/achievement.service";
 import { adminGuard } from "../../middleware/admin-guard";
 import { bannedGuard } from "../../middleware/banned-guard";

@@ -139,6 +140,15 @@ const artRoutes: FastifyPluginAsync = async (app) => {
        resourceId: id,
        details: `Added comment to art`,
      });
+
+      // Check for comment achievements
+      const achievementService = new AchievementService();
+      await achievementService.checkAchievements(
+        userId,
+        AchievementCategory.Comment,
+        request
+      );
+
      return comment;
    }
  );
@@ -1,7 +1,8 @@
 import { FastifyPluginAsync } from "fastify";
 import { AuthService } from "../../services/auth.service";
 import { AuditService } from "../../services/audit.service";
-import { AuthResponse, AuditAction, AuditCategory } from "@library/shared-types";
+import { AchievementService } from "../../services/achievement.service";
+import { AuthResponse, AuditAction, AuditCategory, AchievementCategory } from "@library/shared-types";

 const authRoutes: FastifyPluginAsync = async (app) => {
  const authService = new AuthService(app);
@@ -92,6 +93,15 @@ const authRoutes: FastifyPluginAsync = async (app) => {
        success: true,
      }, request);

+      // Update login streak and check engagement achievements
+      const achievementService = new AchievementService();
+      await achievementService.updateLoginStreak(user.id);
+      await achievementService.checkAchievements(
+        user.id,
+        AchievementCategory.Engagement,
+        request
+      );
+
      // Set signed cookies and redirect to frontend
      reply
        .setCookie("auth-token", accessToken, {
@@ -5,10 +5,11 @@
 */

 import { FastifyPluginAsync } from "fastify";
-import { Book, CreateBookDto, UpdateBookDto, Comment, CreateCommentDto, AuditAction, AuditCategory } from "@library/shared-types";
+import { Book, CreateBookDto, UpdateBookDto, Comment, CreateCommentDto, AuditAction, AuditCategory, AchievementCategory } from "@library/shared-types";
 import { BookService } from "../../services/book.service";
 import { CommentService } from "../../services/comment.service";
 import { AuditService } from "../../services/audit.service";
+import { AchievementService } from "../../services/achievement.service";
 import { adminGuard } from "../../middleware/admin-guard";
 import { bannedGuard } from "../../middleware/banned-guard";

@@ -139,6 +140,15 @@ const booksRoutes: FastifyPluginAsync = async (app) => {
        resourceId: id,
        details: `Added comment to book`,
      });
+
+      // Check for comment achievements
+      const achievementService = new AchievementService();
+      await achievementService.checkAchievements(
+        userId,
+        AchievementCategory.Comment,
+        request
+      );
+
      return comment;
    }
  );
@@ -0,0 +1,152 @@
+/**
+ * @copyright NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+import type { FastifyPluginAsync } from "fastify";
+import type {
+  CreateCommentReportDto,
+  CommentReportWithDetails,
+  ReportStatus,
+  UpdateCommentReportDto,
+} from "@library/shared-types";
+import { ReportReason, AchievementCategory } from "@library/shared-types";
+
+import { CommentReportService } from "../../services/comment-report.service.js";
+import { AchievementService } from "../../services/achievement.service";
+import { adminGuard } from "../../middleware/admin-guard.js";
+
+const commentReportsRoutes: FastifyPluginAsync = async (fastify) => {
+  const commentReportService = new CommentReportService();
+
+  // Create a new comment report (authenticated users)
+  fastify.post<{
+    Body: CreateCommentReportDto;
+    Reply: CommentReportWithDetails | { error: string };
+  }>(
+    "/",
+    {
+      preValidation: [fastify.authenticate],
+      schema: {
+        body: {
+          type: "object",
+          required: ["reportedCommentId", "reason", "details"],
+          properties: {
+            reportedCommentId: { type: "string" },
+            reason: {
+              type: "string",
+              enum: Object.values(ReportReason),
+            },
+            details: { type: "string", minLength: 10, maxLength: 1000 },
+          },
+        },
+      },
+    },
+    async (request, reply) => {
+      try {
+        const report = await commentReportService.createReport(
+          request.user.id,
+          request.body,
+        );
+        return reply.status(201).send(report);
+      } catch (error) {
+        if (
+          error instanceof Error &&
+          (error.message.includes("already have a pending report") ||
+            error.message.includes("maximum number of pending reports"))
+        ) {
+          return reply.status(409).send({ error: error.message });
+        }
+        throw error;
+      }
+    },
+  );
+
+  // Get all comment reports (admin only)
+  fastify.get<{
+    Querystring: { status?: ReportStatus };
+    Reply: CommentReportWithDetails[];
+  }>(
+    "/",
+    {
+      preValidation: [fastify.authenticate, adminGuard],
+      schema: {
+        querystring: {
+          type: "object",
+          properties: {
+            status: { type: "string" },
+          },
+        },
+      },
+    },
+    async (request, reply) => {
+      const reports = await commentReportService.getAllReports(
+        request.query.status,
+      );
+      return reply.send(reports);
+    },
+  );
+
+  // Get a single comment report by ID (admin only)
+  fastify.get<{
+    Params: { id: string };
+    Reply: CommentReportWithDetails | { error: string };
+  }>(
+    "/:id",
+    {
+      preValidation: [fastify.authenticate, adminGuard],
+    },
+    async (request, reply) => {
+      const report = await commentReportService.getReportById(request.params.id);
+
+      if (!report) {
+        return reply.status(404).send({ error: "Report not found" });
+      }
+
+      return reply.send(report);
+    },
+  );
+
+  // Update a comment report (admin only)
+  fastify.put<{
+    Params: { id: string };
+    Body: UpdateCommentReportDto;
+    Reply: CommentReportWithDetails;
+  }>(
+    "/:id",
+    {
+      preValidation: [fastify.authenticate, adminGuard],
+      schema: {
+        body: {
+          type: "object",
+          required: ["status"],
+          properties: {
+            status: { type: "string" },
+            reviewNotes: { type: "string", maxLength: 1000 },
+          },
+        },
+      },
+    },
+    async (request, reply) => {
+      const report = await commentReportService.updateReport(
+        request.params.id,
+        request.user.id,
+        request.body,
+      );
+
+      // Check for report achievements for the original reporter
+      if (report.status === "ACTION_TAKEN" || report.status === "DISMISSED") {
+        const achievementService = new AchievementService();
+        await achievementService.checkAchievements(
+          report.reporterId,
+          AchievementCategory.Report,
+          request
+        );
+      }
+
+      return reply.send(report);
+    },
+  );
+};
+
+export default commentReportsRoutes;
@@ -0,0 +1,72 @@
+/**
+ * @copyright 2026 NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import { FastifyPluginAsync } from "fastify";
+import { Comment, AuditAction, AuditCategory } from "@library/shared-types";
+import { CommentService } from "../../services/comment.service";
+import { AuditService } from "../../services/audit.service";
+import { adminGuard } from "../../middleware/admin-guard";
+
+interface UpdateCommentBody {
+  content: string;
+}
+
+const commentsRoutes: FastifyPluginAsync = async (app) => {
+  const commentService = new CommentService();
+
+  // Admin: Update any comment by ID
+  app.put<{ Params: { id: string }; Body: UpdateCommentBody; Reply: Comment | { error: string } }>(
+    "/:id",
+    {
+      preValidation: [app.authenticate, adminGuard],
+      preHandler: [app.csrfProtection],
+    },
+    async (request, reply) => {
+      const { id } = request.params;
+      const { content } = request.body;
+
+      const existingComment = await commentService.getCommentById(id);
+      if (!existingComment) {
+        return reply.code(404).send({ error: "Comment not found" });
+      }
+
+      const comment = await commentService.updateComment(id, content);
+      await AuditService.logFromRequest(request, {
+        action: AuditAction.commentUpdate,
+        category: AuditCategory.admin,
+        details: `Admin updated comment ${id}`,
+      });
+      return comment;
+    }
+  );
+
+  // Admin: Delete any comment by ID
+  app.delete<{ Params: { id: string }; Reply: { success: boolean } | { error: string } }>(
+    "/:id",
+    {
+      preValidation: [app.authenticate, adminGuard],
+      preHandler: [app.csrfProtection],
+    },
+    async (request, reply) => {
+      const { id } = request.params;
+
+      const existingComment = await commentService.getCommentById(id);
+      if (!existingComment) {
+        return reply.code(404).send({ error: "Comment not found" });
+      }
+
+      await commentService.deleteComment(id);
+      await AuditService.logFromRequest(request, {
+        action: AuditAction.commentDelete,
+        category: AuditCategory.admin,
+        details: `Admin deleted comment ${id}`,
+      });
+      return { success: true };
+    }
+  );
+};
+
+export default commentsRoutes;
@@ -5,10 +5,11 @@
 */

 import { FastifyPluginAsync } from "fastify";
-import { Game, CreateGameDto, UpdateGameDto, Comment, CreateCommentDto, AuditAction, AuditCategory } from "@library/shared-types";
+import { Game, CreateGameDto, UpdateGameDto, Comment, CreateCommentDto, AuditAction, AuditCategory, AchievementCategory } from "@library/shared-types";
 import { GameService } from "../../services/game.service";
 import { CommentService } from "../../services/comment.service";
 import { AuditService } from "../../services/audit.service";
+import { AchievementService } from "../../services/achievement.service";
 import { adminGuard } from "../../middleware/admin-guard";
 import { bannedGuard } from "../../middleware/banned-guard";

@@ -125,6 +126,15 @@ const gamesRoutes: FastifyPluginAsync = async (app) => {
        resourceId: id,
        details: `Added comment to game`,
      });
+
+      // Check for comment achievements
+      const achievementService = new AchievementService();
+      await achievementService.checkAchievements(
+        userId,
+        AchievementCategory.Comment,
+        request
+      );
+
      return comment;
    }
  );
@@ -19,7 +19,7 @@ interface LogBody {
 }

 export default async function (fastify: FastifyInstance) {
-  fastify.post('/log', async function (request: FastifyRequest<{ Body: LogBody }>) {
+  fastify.post('/', async function (request: FastifyRequest<{ Body: LogBody }>) {
    const { level, message, context, error } = request.body;

    if (level === 'error' && error) {
@@ -30,9 +30,10 @@ export default async function (fastify: FastifyInstance) {
      }
      await logger.error(context || 'Frontend', errorObj);
    } else if (level === 'error') {
-      await logger.log('warn', `[Frontend Error] ${message}`);
+      await logger.error('Frontend', new Error(message));
    } else {
-      await logger.log(level, `[Frontend] ${message}`);
+      const logMessage = context ? `[${context}] ${message}` : message;
+      await logger.log(level, logMessage);
    }

    return { success: true };
@@ -5,10 +5,11 @@
 */

 import { FastifyPluginAsync } from "fastify";
-import { Manga, CreateMangaDto, UpdateMangaDto, Comment, CreateCommentDto, AuditAction, AuditCategory } from "@library/shared-types";
+import { Manga, CreateMangaDto, UpdateMangaDto, Comment, CreateCommentDto, AuditAction, AuditCategory, AchievementCategory } from "@library/shared-types";
 import { MangaService } from "../../services/manga.service";
 import { CommentService } from "../../services/comment.service";
 import { AuditService } from "../../services/audit.service";
+import { AchievementService } from "../../services/achievement.service";
 import { adminGuard } from "../../middleware/admin-guard";
 import { bannedGuard } from "../../middleware/banned-guard";

@@ -118,6 +119,15 @@ const mangaRoutes: FastifyPluginAsync = async (app) => {
        resourceId: id,
        details: `Added comment to manga`,
      });
+
+      // Check for comment achievements
+      const achievementService = new AchievementService();
+      await achievementService.checkAchievements(
+        userId,
+        AchievementCategory.Comment,
+        request
+      );
+
      return comment;
    }
  );
@@ -5,10 +5,11 @@
 */

 import { FastifyPluginAsync } from "fastify";
-import { Music, CreateMusicDto, UpdateMusicDto, Comment, CreateCommentDto, AuditAction, AuditCategory } from "@library/shared-types";
+import { Music, CreateMusicDto, UpdateMusicDto, Comment, CreateCommentDto, AuditAction, AuditCategory, AchievementCategory } from "@library/shared-types";
 import { MusicService } from "../../services/music.service";
 import { CommentService } from "../../services/comment.service";
 import { AuditService } from "../../services/audit.service";
+import { AchievementService } from "../../services/achievement.service";
 import { adminGuard } from "../../middleware/admin-guard";
 import { bannedGuard } from "../../middleware/banned-guard";

@@ -139,6 +140,15 @@ const musicRoutes: FastifyPluginAsync = async (app) => {
        resourceId: id,
        details: `Added comment to music`,
      });
+
+      // Check for comment achievements
+      const achievementService = new AchievementService();
+      await achievementService.checkAchievements(
+        userId,
+        AchievementCategory.Comment,
+        request
+      );
+
      return comment;
    }
  );
@@ -0,0 +1,151 @@
+/**
+ * @copyright NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+import type { FastifyPluginAsync } from "fastify";
+import type {
+  CreateReportDto,
+  ProfileReportWithUsers,
+  ReportStatus,
+  UpdateReportDto,
+} from "@library/shared-types";
+import { ReportReason, AchievementCategory } from "@library/shared-types";
+
+import { ReportService } from "../../services/report.service.js";
+import { AchievementService } from "../../services/achievement.service";
+import { adminGuard } from "../../middleware/admin-guard.js";
+
+const reportsRoutes: FastifyPluginAsync = async (fastify) => {
+  const reportService = new ReportService();
+
+  // Create a new report (authenticated users)
+  fastify.post<{
+    Body: CreateReportDto;
+    Reply: ProfileReportWithUsers | { error: string };
+  }>(
+    "/",
+    {
+      preValidation: [fastify.authenticate],
+      schema: {
+        body: {
+          type: "object",
+          required: ["reportedUserId", "reason", "details"],
+          properties: {
+            reportedUserId: { type: "string" },
+            reason: {
+              type: "string",
+              enum: Object.values(ReportReason),
+            },
+            details: { type: "string", minLength: 10, maxLength: 1000 },
+          },
+        },
+      },
+    },
+    async (request, reply) => {
+      try {
+        const report = await reportService.createReport(
+          request.user.id,
+          request.body,
+        );
+        return reply.status(201).send(report);
+      } catch (error) {
+        if (
+          error instanceof Error &&
+          error.message.includes("already have a pending report")
+        ) {
+          return reply.status(409).send({ error: error.message });
+        }
+        throw error;
+      }
+    },
+  );
+
+  // Get all reports (admin only)
+  fastify.get<{
+    Querystring: { status?: ReportStatus };
+    Reply: ProfileReportWithUsers[];
+  }>(
+    "/",
+    {
+      preValidation: [fastify.authenticate, adminGuard],
+      schema: {
+        querystring: {
+          type: "object",
+          properties: {
+            status: { type: "string" },
+          },
+        },
+      },
+    },
+    async (request, reply) => {
+      const reports = await reportService.getAllReports(
+        request.query.status,
+      );
+      return reply.send(reports);
+    },
+  );
+
+  // Get a single report by ID (admin only)
+  fastify.get<{
+    Params: { id: string };
+    Reply: ProfileReportWithUsers | { error: string };
+  }>(
+    "/:id",
+    {
+      preValidation: [fastify.authenticate, adminGuard],
+    },
+    async (request, reply) => {
+      const report = await reportService.getReportById(request.params.id);
+
+      if (!report) {
+        return reply.status(404).send({ error: "Report not found" });
+      }
+
+      return reply.send(report);
+    },
+  );
+
+  // Update a report (admin only)
+  fastify.put<{
+    Params: { id: string };
+    Body: UpdateReportDto;
+    Reply: ProfileReportWithUsers;
+  }>(
+    "/:id",
+    {
+      preValidation: [fastify.authenticate, adminGuard],
+      schema: {
+        body: {
+          type: "object",
+          required: ["status"],
+          properties: {
+            status: { type: "string" },
+            reviewNotes: { type: "string", maxLength: 1000 },
+          },
+        },
+      },
+    },
+    async (request, reply) => {
+      const report = await reportService.updateReport(
+        request.params.id,
+        request.user.id,
+        request.body,
+      );
+
+      // Check for report achievements for the original reporter
+      if (report.status === "ACTION_TAKEN" || report.status === "DISMISSED") {
+        const achievementService = new AchievementService();
+        await achievementService.checkAchievements(
+          report.reporterId,
+          AchievementCategory.Report,
+          request
+        );
+      }
+
+      return reply.send(report);
+    },
+  );
+};
+
+export default reportsRoutes;
@@ -5,10 +5,11 @@
 */

 import { FastifyPluginAsync } from "fastify";
-import { Show, CreateShowDto, UpdateShowDto, Comment, CreateCommentDto, AuditAction, AuditCategory } from "@library/shared-types";
+import { Show, CreateShowDto, UpdateShowDto, Comment, CreateCommentDto, AuditAction, AuditCategory, AchievementCategory } from "@library/shared-types";
 import { ShowService } from "../../services/show.service";
 import { CommentService } from "../../services/comment.service";
 import { AuditService } from "../../services/audit.service";
+import { AchievementService } from "../../services/achievement.service";
 import { adminGuard } from "../../middleware/admin-guard";
 import { bannedGuard } from "../../middleware/banned-guard";

@@ -118,6 +119,15 @@ const showsRoutes: FastifyPluginAsync = async (app) => {
        resourceId: id,
        details: `Added comment to show`,
      });
+
+      // Check for comment achievements
+      const achievementService = new AchievementService();
+      await achievementService.checkAchievements(
+        userId,
+        AchievementCategory.Comment,
+        request
+      );
+
      return comment;
    }
  );
@@ -1,7 +1,8 @@
 import type { FastifyInstance } from "fastify";
 import { SuggestionService } from "../../services/suggestion.service";
 import { AuditService } from "../../services/audit.service";
-import { AuditAction, AuditCategory } from "@library/shared-types";
+import { AchievementService } from "../../services/achievement.service";
+import { AuditAction, AuditCategory, AchievementCategory } from "@library/shared-types";
 import type {
  SuggestionStatus,
  SuggestionEntity,
@@ -93,6 +94,14 @@ export default async function (app: FastifyInstance): Promise<void> {
          success: true,
        });

+        // Check for suggestion achievements
+        const achievementService = new AchievementService();
+        await achievementService.checkAchievements(
+          userId,
+          AchievementCategory.Suggestion,
+          request
+        );
+
        reply.send(suggestion);
      } catch (error) {
        return reply.badRequest(
@@ -123,6 +132,14 @@ export default async function (app: FastifyInstance): Promise<void> {
          success: true,
        });

+        // Check for suggestion achievements for the user who made the suggestion
+        const achievementService = new AchievementService();
+        await achievementService.checkAchievements(
+          suggestion.userId,
+          AchievementCategory.Suggestion,
+          request
+        );
+
        reply.send(suggestion);
      } catch (error) {
        return reply.badRequest(
@@ -154,6 +171,14 @@ export default async function (app: FastifyInstance): Promise<void> {
          success: true,
        });

+        // Check for suggestion achievements for the user who made the suggestion
+        const achievementService = new AchievementService();
+        await achievementService.checkAchievements(
+          suggestion.userId,
+          AchievementCategory.Suggestion,
+          request
+        );
+
        reply.send(suggestion);
      } catch (error) {
        return reply.badRequest(
@@ -5,11 +5,56 @@
 */

 import { FastifyPluginAsync } from "fastify";
-import { User, AuditAction, AuditCategory } from "@library/shared-types";
+import { User, AuditAction, AuditCategory, PrimaryBadge } from "@library/shared-types";
 import { UserService } from "../../services/user.service";
 import { AuditService } from "../../services/audit.service";
 import { adminGuard } from "../../middleware/admin-guard";

+interface UpdateUserSettingsBody {
+  slug?: string;
+  displayName?: string;
+  bio?: string;
+  profilePublic?: boolean;
+  primaryBadge?: PrimaryBadge;
+  website?: string;
+  discordServer?: string;
+  bluesky?: string;
+  github?: string;
+  linkedin?: string;
+  twitch?: string;
+  youtube?: string;
+}
+
+interface UserProfileResponse {
+  id: string;
+  username: string;
+  displayName?: string;
+  avatar?: string;
+  bio?: string;
+  slug?: string;
+  primaryBadge?: PrimaryBadge;
+  website?: string;
+  discordServer?: string;
+  bluesky?: string;
+  github?: string;
+  linkedin?: string;
+  twitch?: string;
+  youtube?: string;
+  badges: {
+    isStaff: boolean;
+    isMod: boolean;
+    isVip: boolean;
+    inDiscord: boolean;
+  };
+  stats: {
+    suggestionsCount: number;
+    suggestionsAcceptedCount: number;
+    likesCount: number;
+    commentsCount: number;
+  };
+  createdAt: Date;
+}
+
 const usersRoutes: FastifyPluginAsync = async (app) => {
  const userService = new UserService();

@@ -23,6 +68,108 @@ const usersRoutes: FastifyPluginAsync = async (app) => {
    }
  );

+  app.get<{ Reply: User }>(
+    "/me",
+    {
+      preValidation: [app.authenticate],
+    },
+    async (request) => {
+      const currentUser = request.user as { id: string };
+      const user = await userService.getUserById(currentUser.id);
+      if (!user) {
+        throw new Error("User not found");
+      }
+      return user;
+    }
+  );
+
+  app.put<{ Body: UpdateUserSettingsBody; Reply: User | { error: string } }>(
+    "/me",
+    {
+      preValidation: [app.authenticate],
+      preHandler: [app.csrfProtection],
+    },
+    async (request, reply) => {
+      const currentUser = request.user as { id: string };
+      const updates = request.body;
+
+      // If slug is being updated, check if it's unique
+      if (updates.slug) {
+        const existingUser = await userService.getUserBySlug(updates.slug);
+        if (existingUser && existingUser.id !== currentUser.id) {
+          return reply.code(400).send({ error: "Slug already taken" });
+        }
+      }
+
+      const updatedUser = await userService.updateUserSettings(
+        currentUser.id,
+        updates
+      );
+
+      if (!updatedUser) {
+        return reply.code(404).send({ error: "User not found" });
+      }
+
+      return updatedUser;
+    }
+  );
+
+  app.get<{
+    Params: { identifier: string };
+    Reply: UserProfileResponse | { error: string };
+  }>(
+    "/profile/:identifier",
+    async (request, reply) => {
+      const { identifier } = request.params;
+
+      try {
+        const profile = await userService.getUserProfile(identifier);
+
+        if (!profile) {
+          return reply.code(404).send({ error: "User not found" });
+        }
+
+      if (!profile.profilePublic) {
+        // Check if the requesting user is viewing their own profile
+        const currentUser = request.user as { id: string } | undefined;
+        if (!currentUser || currentUser.id !== profile.id) {
+          return reply
+            .code(403)
+            .send({ error: "This profile is private" });
+        }
+      }
+
+      return {
+        id: profile.id,
+        username: profile.username,
+        displayName: profile.displayName,
+        avatar: profile.avatar,
+        bio: profile.bio,
+        slug: profile.slug,
+        primaryBadge: profile.primaryBadge,
+        website: profile.website,
+        discordServer: profile.discordServer,
+        bluesky: profile.bluesky,
+        github: profile.github,
+        linkedin: profile.linkedin,
+        twitch: profile.twitch,
+        youtube: profile.youtube,
+        badges: {
+          isStaff: profile.isStaff,
+          isMod: profile.isMod,
+          isVip: profile.isVip,
+          inDiscord: profile.inDiscord,
+        },
+        stats: profile.stats,
+        createdAt: profile.createdAt,
+      };
+      } catch (error) {
+        console.error("Error fetching profile:", error);
+        return reply.code(500).send({ error: "Failed to fetch profile" });
+      }
+    }
+  );
+
  app.get<{ Params: { id: string }; Reply: User | null }>(
    "/:id",
    {
@@ -87,6 +234,64 @@ const usersRoutes: FastifyPluginAsync = async (app) => {
      return user;
    }
  );
+
+  app.post<{ Params: { id: string }; Reply: User | { error: string } }>(
+    "/:id/make-private",
+    {
+      preValidation: [app.authenticate, adminGuard],
+      preHandler: [app.csrfProtection],
+    },
+    async (request, reply) => {
+      const { id } = request.params;
+      const user = await userService.updateUserSettings(id, { profilePublic: false });
+      if (!user) {
+        return reply.code(404).send({ error: "User not found" });
+      }
+
+      await AuditService.logFromRequest(request, {
+        action: AuditAction.entryUpdate,
+        category: AuditCategory.admin,
+        targetUserId: id,
+        details: `Admin made profile private for user: ${user.username}`,
+      });
+
+      return user;
+    }
+  );
+
+  app.put<{ Params: { id: string }; Body: UpdateUserSettingsBody; Reply: User | { error: string } }>(
+    "/:id",
+    {
+      preValidation: [app.authenticate, adminGuard],
+      preHandler: [app.csrfProtection],
+    },
+    async (request, reply) => {
+      const { id } = request.params;
+      const updates = request.body;
+
+      // If slug is being updated, check if it's unique
+      if (updates.slug) {
+        const existingUser = await userService.getUserBySlug(updates.slug);
+        if (existingUser && existingUser.id !== id) {
+          return reply.code(400).send({ error: "Slug already taken" });
+        }
+      }
+
+      const updatedUser = await userService.updateUserSettings(id, updates);
+      if (!updatedUser) {
+        return reply.code(404).send({ error: "User not found" });
+      }
+
+      await AuditService.logFromRequest(request, {
+        action: AuditAction.entryUpdate,
+        category: AuditCategory.admin,
+        targetUserId: id,
+        details: `Admin updated profile for user: ${updatedUser.username}`,
+      });
+
+      return updatedUser;
+    }
+  );
 };

 export default usersRoutes;