📌 Feature Request: Implement Settings Page with Theme Customization & Email Verification : Issue Type: Enhancement 🔧 | Security Improvement 🔒

[ShubhamModi032006]

This feature request includes two major implementations:

• Settings Page with Theme Customization

Users should be able to customize their preferences, including theme selection (dark mode, light mode, and custom color themes).
A change password option should be available.

• Additional profile management options should be added for a better user experience.

• Email Verification for Authentication

• The login and signup system currently uses JWT authentication but does not verify whether a user's email is valid.

• We need to implement email verification to enhance security and prevent fake accounts.

• Users cannot log in until they verify their email.
  Feature Scope
  1️⃣ Settings Page Enhancements
  ✅ User Preferences:

• Update personal details (name, email, etc.).

• Change password securely.

• Enable/disable notifications.
  ✅ Theme Customization:

  • Support for dark mode and light mode.

  • Allow users to pick a custom color theme.

  • Save theme preferences persistently.
    ✅ Privacy & Security Settings:

  • Control who can view the user's finance tracker (public/private).

  • Toggle data-sharing preferences.
    ✅ Admin-Specific Settings:

    • Manage default visibility settings for all users.

    • Set finance tracking rules and investment permissions.
      2️⃣ Email Verification for Secure Authentication
      ✅ Signup Verification:

    • After registration, users receive a verification email with a unique link/token.

    • Users must verify their email before logging in.
      ✅ Login Restriction (Until Verified):

  • Users cannot log in until they verify their email.

  • If a user attempts login without verification, show an appropriate error message.
    ✅ Resend Verification Email:

  • Users should have an option to resend the verification email if they didn’t receive it.
    Technical Considerations

• Implement role-based access control (for both public users and admins).

• Store settings persistently in the database.

• Use JWT or UUID-based email verification tokens.

• Implement an email-sending service (e.g., Nodemailer, SendGrid).

• Ensure UI is intuitive and responsive.
  Acceptance Criteria
  ✅ Users can update their settings easily.
  ✅ Theme preferences persist after a page refresh.
  ✅ Users receive a verification email upon signup.
  ✅ Clicking the verification link successfully activates their account.
  ✅ Users can resend the verification email if needed.
  ✅ Users cannot log in until they verify their email.

🛠 Task Breakdown
📝 Settings Page Implementation:

• Create Settings page UI with customization options.
• Implement theme selection with persistent storage.
• Add change password functionality.
• Add finance & privacy controls.
• Ensure admin-specific settings are available.
• Connect to backend API (if necessary).
  📧 Email Verification System:
• Generate verification token upon user signup.
• Create API endpoint to send verification emails.
• Implement verification link handling (update user status in the database).
• Restrict login for unverified users.
• Add resend verification email functionality.