feat(backend): Implement enhanced profile management

Phase 2.4 - Enhanced Profile Management

Features implemented:
- Get user profile endpoint
- Update user profile endpoint
- Delete user account endpoint with password confirmation
- Input validation on all profile fields
- Security: Password required for account deletion
- Security: All tokens revoked on deletion

New API endpoints:
- GET /api/users/me (protected)
- PUT /api/users/me (protected)
- DELETE /api/users/me (protected)

Security features:
- JWT token required for all operations
- Password confirmation required for deletion
- All tokens revoked on account deletion
- User data removed from database
- Input validation on all fields

Files modified:
- backend/src/handlers/users.rs
- backend/src/main.rs

Testing:
- backend/test-profile-management.sh
- backend/PROFILE-MANAGEMENT-IMPLEMENTED.md

backend/test-profile-management.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+# Enhanced Profile Management Test Script
+
+BASE_URL="http://10.0.10.30:6500"
+
+echo "🧪 Enhanced Profile Management Test"
+echo "===================================="
+echo ""
+
+EMAIL="profiletest@example.com"
+USERNAME="profiletest"
+PASSWORD="SecurePassword123!"
+NEW_USERNAME="updateduser"
+
+echo "0. Register test user..."
+REGISTER=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/register \
+  -H "Content-Type: application/json" \
+  -d "{
+    \"email\": \"$EMAIL\",
+    \"username\": \"$USERNAME\",
+    \"password\": \"$PASSWORD\",
+    \"recovery_phrase\": \"test-recovery-phrase\"
+  }")
+echo "$REGISTER"
+echo ""
+
+echo "1. Login to get access token..."
+LOGIN_RESPONSE=$(curl -s -X POST $BASE_URL/api/auth/login \
+  -H "Content-Type: application/json" \
+  -d "{
+    \"email\": \"$EMAIL\",
+    \"password\": \"$PASSWORD\"
+  }")
+
+echo "$LOGIN_RESPONSE" | jq .
+
+ACCESS_TOKEN=$(echo "$LOGIN_RESPONSE" | jq -r '.access_token // empty')
+
+if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" = "null" ]; then
+    echo "❌ Failed to get access token"
+    exit 1
+fi
+
+echo "✅ Access token obtained"
+echo ""
+
+echo "2. Get user profile..."
+GET_PROFILE=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X GET $BASE_URL/api/users/me \
+  -H "Authorization: Bearer $ACCESS_TOKEN")
+echo "$GET_PROFILE"
+echo ""
+
+echo "3. Update profile (change username)..."
+UPDATE_PROFILE=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X PUT $BASE_URL/api/users/me \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $ACCESS_TOKEN" \
+  -d "{
+    \"username\": \"$NEW_USERNAME\"
+  }")
+echo "$UPDATE_PROFILE"
+echo ""
+
+echo "4. Get profile again to verify update..."
+GET_PROFILE_UPDATED=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X GET $BASE_URL/api/users/me \
+  -H "Authorization: Bearer $ACCESS_TOKEN")
+echo "$GET_PROFILE_UPDATED"
+echo ""
+
+echo "5. Try to access protected endpoint without token (should fail)..."
+NO_TOKEN=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X GET $BASE_URL/api/users/me)
+echo "$NO_TOKEN"
+echo ""
+
+echo "6. Try to delete account with wrong password (should fail)..."
+WRONG_PASSWORD=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X DELETE $BASE_URL/api/users/me \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $ACCESS_TOKEN" \
+  -d '{
+    "password": "WrongPassword123!"
+  }')
+echo "$WRONG_PASSWORD"
+echo ""
+
+echo "7. Delete account with correct password..."
+DELETE_ACCOUNT=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X DELETE $BASE_URL/api/users/me \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $ACCESS_TOKEN" \
+  -d "{
+    \"password\": \"$PASSWORD\"
+  }")
+echo "$DELETE_ACCOUNT"
+echo ""
+
+echo "8. Try to access profile after deletion (should fail)..."
+AFTER_DELETE=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X GET $BASE_URL/api/users/me \
+  -H "Authorization: Bearer $ACCESS_TOKEN")
+echo "$AFTER_DELETE"
+echo ""
+
+echo "✅ All profile management tests complete!"