From 61ca5b6380f2830ae9e869ff1075ddfd39fc381b Mon Sep 17 00:00:00 2001
From: Kaustav Halder <kaustavhalder2706@gmail.com>
Date: Fri, 22 May 2026 12:03:53 +0530
Subject: [PATCH 1/3] Implemented profile integration and QR improvements

---
 apps/backend/prisma/schema.prisma             |    5 +-
 apps/backend/src/app.ts                       |   12 +-
 apps/backend/src/plugins/redis.ts             |    4 +
 apps/backend/src/routes/auth.ts               |   52 +
 apps/web/src/app.css                          |   15 +-
 apps/web/src/app.html                         |    7 +
 apps/web/src/lib/api.ts                       |   30 +
 apps/web/src/routes/+layout.svelte            |   10 +
 apps/web/src/routes/+page.svelte              |   68 +-
 apps/web/src/routes/api/[...path]/+server.ts  |   68 +
 apps/web/src/routes/dashboard/+page.server.ts |   38 +
 apps/web/src/routes/dashboard/+page.svelte    | 1196 +++++++++++++++++
 apps/web/src/routes/login/+page.svelte        |  335 +++++
 apps/web/src/routes/u/[username]/+page.svelte |   33 +-
 apps/web/svelte.config.js                     |    2 +-
 package.json                                  |    1 +
 packages/shared/src/platforms.ts              |   26 +
 17 files changed, 1845 insertions(+), 57 deletions(-)
 create mode 100644 apps/web/src/lib/api.ts
 create mode 100644 apps/web/src/routes/api/[...path]/+server.ts
 create mode 100644 apps/web/src/routes/dashboard/+page.server.ts
 create mode 100644 apps/web/src/routes/dashboard/+page.svelte
 create mode 100644 apps/web/src/routes/login/+page.svelte

diff --git a/apps/backend/prisma/schema.prisma b/apps/backend/prisma/schema.prisma
index f2d3afe..ebf6dbf 100644
--- a/apps/backend/prisma/schema.prisma
+++ b/apps/backend/prisma/schema.prisma
@@ -2,9 +2,8 @@ generator client {
   provider = "prisma-client-js"
 }
 datasource db {
-  provider = "postgresql"
-  url      = env("DATABASE_URL")
-
+  provider = "sqlite"
+  url      = "file:./dev.db"
 }
 
 model User {
diff --git a/apps/backend/src/app.ts b/apps/backend/src/app.ts
index 5f45001..f472d42 100644
--- a/apps/backend/src/app.ts
+++ b/apps/backend/src/app.ts
@@ -34,8 +34,18 @@ export async function buildApp() {
   });
 
   // ─── Core Plugins ───
+  const allowedOrigins = [
+    'http://localhost:5173',
+    'http://localhost:5174',
+    'http://127.0.0.1:5173',
+    'http://127.0.0.1:5174'
+  ];
+  if (process.env.PUBLIC_APP_URL) {
+    allowedOrigins.push(process.env.PUBLIC_APP_URL);
+  }
+
   await app.register(cors, {
-    origin: process.env.PUBLIC_APP_URL || 'http://localhost:5173',
+    origin: allowedOrigins,
     credentials: true,
   });
 
diff --git a/apps/backend/src/plugins/redis.ts b/apps/backend/src/plugins/redis.ts
index c7b6f94..976fb42 100644
--- a/apps/backend/src/plugins/redis.ts
+++ b/apps/backend/src/plugins/redis.ts
@@ -14,6 +14,10 @@ export const redisPlugin = fp(async (app: FastifyInstance) => {
     lazyConnect: true,
   });
 
+  redis.on('error', (err) => {
+    app.log.debug(`Redis connection state: offline (${err.message})`);
+  });
+
   try {
     await redis.connect();
     app.log.info('🔴 Redis connected');
diff --git a/apps/backend/src/routes/auth.ts b/apps/backend/src/routes/auth.ts
index febc41d..29fb6e0 100644
--- a/apps/backend/src/routes/auth.ts
+++ b/apps/backend/src/routes/auth.ts
@@ -278,6 +278,58 @@ export async function authRoutes(app: FastifyInstance) {
     };
   });
 
+  // ─── Local Developer Bypass Auth ───
+
+  app.post('/bypass', async (request: FastifyRequest, reply: FastifyReply) => {
+    const { username } = request.body as { username: string };
+    if (!username) {
+      return reply.status(400).send({ error: 'Missing username' });
+    }
+
+    const cleanUsername = username.trim().toLowerCase().replace(/[^a-zA-Z0-9_-]/g, '');
+    if (!cleanUsername) {
+      return reply.status(400).send({ error: 'Invalid username format' });
+    }
+
+    try {
+      const user = await app.prisma.user.upsert({
+        where: {
+          username: cleanUsername,
+        },
+        update: {},
+        create: {
+          email: `${cleanUsername}@devcard.local`,
+          username: cleanUsername,
+          displayName: username.trim(),
+          bio: 'Full-stack developer building outstanding interfaces.',
+          role: 'Software Engineer',
+          company: 'DevCard Team',
+          avatarUrl: `https://api.dicebear.com/7.x/bottts/svg?seed=${cleanUsername}`,
+          provider: 'dev_bypass',
+          providerId: `bypass_${cleanUsername}`,
+        },
+      });
+
+      const token = app.jwt.sign(
+        { id: user.id, username: user.username },
+        { expiresIn: '30d' }
+      );
+
+      reply.setCookie('token', token, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'lax',
+        path: '/',
+        maxAge: 30 * 24 * 60 * 60,
+      });
+
+      return { token, user };
+    } catch (err) {
+      app.log.error('Bypass login error:', err);
+      return reply.status(500).send({ error: 'Authentication bypass failed' });
+    }
+  });
+
   // ─── Logout ───
 
   app.post('/logout', async (request: FastifyRequest, reply: FastifyReply) => {
diff --git a/apps/web/src/app.css b/apps/web/src/app.css
index c775623..120b922 100644
--- a/apps/web/src/app.css
+++ b/apps/web/src/app.css
@@ -19,6 +19,11 @@
   --text-secondary: #475569;
   --text-muted: #64748b;
 
+  /* Secondary Button & Inputs */
+  --btn-secondary-bg: rgba(15, 23, 42, 0.05);
+  --btn-secondary-border: rgba(15, 23, 42, 0.08);
+  --btn-secondary-hover-bg: rgba(15, 23, 42, 0.09);
+
   /* Effects */
   --border: rgba(226, 232, 240, 0.9);
   --border-glass: rgba(255, 255, 255, 0.35);
@@ -44,6 +49,10 @@ html.dark {
   --text-secondary: #cbd5e1;
   --text-muted: #64748b;
 
+  --btn-secondary-bg: rgba(255, 255, 255, 0.08);
+  --btn-secondary-border: rgba(255, 255, 255, 0.14);
+  --btn-secondary-hover-bg: rgba(255, 255, 255, 0.14);
+
   --border: rgba(30, 41, 59, 0.85);
   --border-glass: rgba(255, 255, 255, 0.12);
 }
@@ -131,14 +140,14 @@ button {
   padding: 0.85rem 1.75rem;
   border-radius: calc(var(--radius) * 1.2);
   font-weight: 700;
-  border: 1px solid rgba(255, 255, 255, 0.14);
-  background: rgba(255, 255, 255, 0.08);
+  border: 1px solid var(--btn-secondary-border);
+  background: var(--btn-secondary-bg);
   color: var(--text-primary);
   cursor: pointer;
 }
 
 .btn-secondary:hover {
-  background: rgba(255, 255, 255, 0.14);
+  background: var(--btn-secondary-hover-bg);
   border-color: rgba(99, 102, 241, 0.45);
 }
 
diff --git a/apps/web/src/app.html b/apps/web/src/app.html
index f273cc5..ee910ff 100644
--- a/apps/web/src/app.html
+++ b/apps/web/src/app.html
@@ -3,6 +3,13 @@
 	<head>
 		<meta charset="utf-8" />
 		<meta name="viewport" content="width=device-width, initial-scale=1" />
+		<script>
+			try {
+				const saved = localStorage.getItem('devcard-theme');
+				const theme = saved || (window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
+				document.documentElement.classList.toggle('dark', theme === 'dark');
+			} catch (e) {}
+		</script>
 		%sveltekit.head%
 	</head>
 	<body data-sveltekit-preload-data="hover">
diff --git a/apps/web/src/lib/api.ts b/apps/web/src/lib/api.ts
new file mode 100644
index 0000000..c861162
--- /dev/null
+++ b/apps/web/src/lib/api.ts
@@ -0,0 +1,30 @@
+export async function apiFetch(path: string, options: RequestInit = {}) {
+  // Route all browser fetches through the SvelteKit /api/ proxy gateway
+  const cleanPath = path.startsWith('/') ? path.substring(1) : path;
+  const url = `/api/${cleanPath}`;
+
+  const headers = new Headers(options.headers);
+  if (options.body && !(options.body instanceof FormData) && !headers.has('Content-Type')) {
+    headers.set('Content-Type', 'application/json');
+  }
+
+  const response = await fetch(url, {
+    ...options,
+    headers,
+  });
+
+  if (!response.ok) {
+    let errorMsg = 'An error occurred';
+    try {
+      const data = await response.json();
+      errorMsg = data.error || errorMsg;
+    } catch {}
+    throw new Error(errorMsg);
+  }
+
+  if (response.status === 204) {
+    return null;
+  }
+
+  return response.json();
+}
diff --git a/apps/web/src/routes/+layout.svelte b/apps/web/src/routes/+layout.svelte
index ac6dd12..ea7edec 100644
--- a/apps/web/src/routes/+layout.svelte
+++ b/apps/web/src/routes/+layout.svelte
@@ -1,6 +1,16 @@
 <script>
   import '../app.css';
+  import { onMount } from 'svelte';
   let { children } = $props();
+
+  onMount(() => {
+    try {
+      const saved = localStorage.getItem('devcard-theme');
+      const prefersDark = window.matchMedia('(prefers-color-scheme: dark)').matches;
+      const theme = saved || (prefersDark ? 'dark' : 'light');
+      document.documentElement.classList.toggle('dark', theme === 'dark');
+    } catch (e) {}
+  });
 </script>
 
 <svelte:head>
diff --git a/apps/web/src/routes/+page.svelte b/apps/web/src/routes/+page.svelte
index 11f8085..cab348b 100644
--- a/apps/web/src/routes/+page.svelte
+++ b/apps/web/src/routes/+page.svelte
@@ -34,14 +34,17 @@
   <nav class="glass">
     <div class="nav-content">
       <div class="logo">⚡ <span class="gradient-text">DevCard</span></div>
-      <button
-        id="theme-toggle"
-        class="theme-toggle"
-        on:click={toggleTheme}
-        aria-label="Toggle theme"
-      >
-        {theme === 'light' ? '🌙' : '☀️'}
-      </button>
+      <div style="display: flex; align-items: center; gap: 1rem;">
+        <a href="/login" class="btn-primary" style="padding: 0.6rem 1.1rem; font-size: 0.88rem; border-radius: var(--radius); text-decoration: none;">Creator Studio ⚡</a>
+        <button
+          id="theme-toggle"
+          class="theme-toggle"
+          on:click={toggleTheme}
+          aria-label="Toggle theme"
+        >
+          {theme === 'light' ? '🌙' : '☀️'}
+        </button>
+      </div>
     </div>
   </nav>
 
@@ -52,15 +55,10 @@
       The open-source standard for developer networking. Put all your profiles—GitHub, LinkedIn, LeetCode, and more—into a single, high-impact digital card.
     </p>
     <div class="cta-group">
-      <a
-        href="https://github.com/Dev-Card/DevCard"
-        class="btn-primary"
-        target="_blank"
-        rel="noopener"
-      >
-        ⭐ Star on GitHub
+      <a href="/login" class="btn-primary" style="text-decoration: none;">
+        Create Your DevCard ⚡
       </a>
-      <a href="/u/devcard-demo" class="btn-secondary">View Demo Profile →</a>
+      <a href="/u/devcard-demo" class="btn-secondary" style="text-decoration: none;">View Demo Profile →</a>
     </div>
   </section>
 
@@ -130,8 +128,8 @@
   .theme-toggle {
     width: 46px;
     height: 46px;
-    background: rgba(255, 255, 255, 0.08);
-    border: 1px solid rgba(255, 255, 255, 0.12);
+    background: var(--btn-secondary-bg);
+    border: 1px solid var(--btn-secondary-border);
     border-radius: 50%;
     cursor: pointer;
     display: inline-flex;
@@ -143,7 +141,7 @@
 
   .theme-toggle:hover {
     transform: scale(1.05);
-    background: rgba(255, 255, 255, 0.14);
+    background: var(--btn-secondary-hover-bg);
   }
 
   .theme-toggle:focus-visible {
@@ -203,13 +201,13 @@
     padding: 0.92rem 1.75rem;
     border-radius: calc(var(--radius) * 1.15);
     font-weight: 700;
-    border: 1px solid rgba(255, 255, 255, 0.18);
-    background: rgba(255, 255, 255, 0.08);
+    border: 1px solid var(--btn-secondary-border);
+    background: var(--btn-secondary-bg);
     color: var(--text-primary);
   }
 
   .btn-secondary:hover {
-    background: rgba(255, 255, 255, 0.14);
+    background: var(--btn-secondary-hover-bg);
     border-color: rgba(99, 102, 241, 0.45);
   }
 
@@ -230,23 +228,25 @@
 }
 
   .feature-card {
-    padding: 2.4rem;
+    padding: 2rem;
     border-radius: var(--radius-xl);
-    box-shadow: var(--shadow-lg);
-    background: linear-gradient(180deg, rgba(15, 23, 42, 0.75), rgba(15, 23, 42, 0.5));
-    border: 1px solid rgba(255, 255, 255, 0.08);
+    box-shadow: var(--shadow-md);
+    background: var(--bg-glass);
+    backdrop-filter: blur(18px);
+    -webkit-backdrop-filter: blur(18px);
+    border: 1px solid var(--border-glass);
     transition: transform 0.35s ease, border-color 0.35s ease, box-shadow 0.35s ease;
+    min-height: 180px;
+    display: flex;
+    flex-direction: column;
   }
 
-  .feature-card {
-  min-height: 140px;
-  padding: 16px;
-}
-@media (max-width: 640px) {
-  .feature-card {
-    margin-bottom: 12px;
+  @media (max-width: 640px) {
+    .feature-card {
+      margin-bottom: 12px;
+      padding: 1.5rem;
+    }
   }
-}
 
   .feature-card:hover {
     transform: translateY(-8px);
diff --git a/apps/web/src/routes/api/[...path]/+server.ts b/apps/web/src/routes/api/[...path]/+server.ts
new file mode 100644
index 0000000..c926bb7
--- /dev/null
+++ b/apps/web/src/routes/api/[...path]/+server.ts
@@ -0,0 +1,68 @@
+import { error } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+
+const API_BASE = process.env.BACKEND_URL || 'http://localhost:3000';
+
+export const fallback: RequestHandler = async ({ params, request, cookies, url }) => {
+  const path = params.path;
+  const token = cookies.get('token');
+
+  // Build headers
+  const headers = new Headers(request.headers);
+  if (token) {
+    headers.set('Authorization', `Bearer ${token}`);
+  }
+  
+  // Suppress headers that could conflict during local proxying
+  headers.delete('host');
+  headers.delete('connection');
+
+  // Fastify route resolution: strip any duplicate leading api/ prefixes
+  let cleanPath = path;
+  if (cleanPath.startsWith('api/')) {
+    cleanPath = cleanPath.substring(4);
+  }
+  const targetPath = cleanPath.startsWith('auth/') ? cleanPath : `api/${cleanPath}`;
+  const targetUrl = new URL(`${API_BASE}/${targetPath}${url.search}`);
+
+  try {
+    let requestBody: any = undefined;
+    if (request.method !== 'GET' && request.method !== 'HEAD') {
+      const blob = await request.blob();
+      if (blob.size > 0) {
+        requestBody = blob;
+      } else {
+        headers.delete('content-type');
+      }
+    }
+
+    const res = await fetch(targetUrl.toString(), {
+      method: request.method,
+      headers,
+      body: requestBody,
+    });
+
+    const responseHeaders = new Headers();
+    const contentType = res.headers.get('Content-Type');
+    if (contentType) {
+      responseHeaders.set('Content-Type', contentType);
+    }
+
+    // Forward cookies set by the backend (like token set on login)
+    const setCookie = res.headers.get('Set-Cookie');
+    if (setCookie) {
+      responseHeaders.set('Set-Cookie', setCookie);
+    }
+
+    return new Response(res.body, {
+      status: res.status,
+      headers: responseHeaders,
+    });
+  } catch (err: any) {
+    console.error('DevCard Proxy Error:', err);
+    return new Response(JSON.stringify({ error: 'Backend API is currently offline.' }), {
+      status: 502,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+};
diff --git a/apps/web/src/routes/dashboard/+page.server.ts b/apps/web/src/routes/dashboard/+page.server.ts
new file mode 100644
index 0000000..40e5d90
--- /dev/null
+++ b/apps/web/src/routes/dashboard/+page.server.ts
@@ -0,0 +1,38 @@
+import { redirect } from '@sveltejs/kit';
+import type { PageServerLoad } from './$types';
+
+const API_BASE = process.env.BACKEND_URL || 'http://localhost:3000';
+
+export const load: PageServerLoad = async ({ cookies, fetch }) => {
+  const token = cookies.get('token');
+  if (!token) {
+    throw redirect(302, '/login');
+  }
+
+  try {
+    const res = await fetch(`${API_BASE}/api/profiles/me`, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    });
+
+    if (!res.ok) {
+      // Token is invalid or expired, clear and redirect
+      cookies.delete('token', { path: '/' });
+      throw redirect(302, '/login');
+    }
+
+    const user = await res.json();
+    return { user };
+  } catch (err: any) {
+    // If the error is a SvelteKit redirect instruction, forward it
+    if (err.status && err.status >= 300 && err.status < 400) {
+      throw err;
+    }
+    
+    return {
+      user: null,
+      error: 'Backend API is currently unreachable. Please make sure the backend server is running.',
+    };
+  }
+};
diff --git a/apps/web/src/routes/dashboard/+page.svelte b/apps/web/src/routes/dashboard/+page.svelte
new file mode 100644
index 0000000..87a6db0
--- /dev/null
+++ b/apps/web/src/routes/dashboard/+page.svelte
@@ -0,0 +1,1196 @@
+<script lang="ts">
+  import { PLATFORMS, getAllPlatforms, getProfileUrl } from '@devcard/shared';
+  import { apiFetch } from '$lib/api';
+  import { onMount } from 'svelte';
+
+  let { data } = $props();
+  const initialUser = data.user;
+
+  // ─── Reactive Runes State ───
+  let user = $state({ ...initialUser });
+  let links = $state([...(initialUser?.platformLinks || [])]);
+  let isSavingUser = $state(false);
+  let isSavingLinks = $state(false);
+  
+  // Platform Add Dialog Form
+  let isModalOpen = $state(false);
+  let selectedPlatform = $state('github');
+  let linkUsername = $state('');
+  let linkCustomUrl = $state('');
+  let addError = $state('');
+
+  // Toast System
+  let toasts = $state<{ id: number; message: string; type: 'success' | 'error' }[]>([]);
+  let toastId = 0;
+
+  function showToast(message: string, type: 'success' | 'error' = 'success') {
+    const id = toastId++;
+    toasts = [...toasts, { id, message, type }];
+    setTimeout(() => {
+      toasts = toasts.filter((t) => t.id !== id);
+    }, 4000);
+  }
+
+  // Derived Computed Values
+  const availablePlatforms = $derived(
+    getAllPlatforms().filter((p) => {
+      if (p.id === 'custom') return true;
+      // Filter out platforms already added (duplicate prevention)
+      return !links.some((l) => l.platform === p.id);
+    })
+  );
+
+  const selectedPlatformDef = $derived(PLATFORMS[selectedPlatform]);
+
+  // Accent glow variables
+  const accentGlow = $derived(`radial-gradient(circle at 50% 50%, ${user.accentColor}25, transparent 65%)`);
+
+  // ─── Profile Customs Saving ───
+  async function handleProfileSave(e: SubmitEvent) {
+    e.preventDefault();
+    isSavingUser = true;
+    try {
+      const updated = await apiFetch('/api/profiles/me', {
+        method: 'PUT',
+        body: JSON.stringify({
+          displayName: user.displayName,
+          role: user.role,
+          company: user.company,
+          bio: user.bio,
+          avatarUrl: user.avatarUrl,
+          accentColor: user.accentColor,
+          pronouns: user.pronouns || ''
+        }),
+      });
+      user = { ...user, ...updated };
+      showToast('Profile information successfully saved!');
+    } catch (err: any) {
+      showToast(err.message || 'Failed to update profile details', 'error');
+    } finally {
+      isSavingUser = false;
+    }
+  }
+
+  // ─── Platform Links Manager ───
+  async function handleAddLink(e: SubmitEvent) {
+    e.preventDefault();
+    addError = '';
+
+    if (!linkUsername.trim() && !selectedPlatformDef.usesFullUrl) {
+      addError = 'Please specify a profile username or handle.';
+      return;
+    }
+
+    if (selectedPlatformDef.usesFullUrl && !linkCustomUrl.trim()) {
+      addError = 'Please specify a profile URL.';
+      return;
+    }
+
+    isSavingLinks = true;
+    try {
+      const payload: any = {
+        platform: selectedPlatform,
+        username: selectedPlatformDef.usesFullUrl ? 'link' : linkUsername.trim(),
+      };
+
+      if (selectedPlatformDef.usesFullUrl) {
+        payload.url = linkCustomUrl.trim();
+        // Fallback username for display
+        payload.username = linkCustomUrl.trim().replace(/^https?:\/\/(www\.)?/, '').split('/')[0];
+      }
+
+      const newLink = await apiFetch('/api/profiles/me/links', {
+        method: 'POST',
+        body: JSON.stringify(payload),
+      });
+
+      links = [...links, newLink].sort((a, b) => a.displayOrder - b.displayOrder);
+      showToast(`${selectedPlatformDef.name} link registered!`);
+      
+      // Reset form
+      linkUsername = '';
+      linkCustomUrl = '';
+      isModalOpen = false;
+    } catch (err: any) {
+      addError = err.message || 'Failed to add platform link';
+      showToast(addError, 'error');
+    } finally {
+      isSavingLinks = false;
+    }
+  }
+
+  async function handleDeleteLink(id: string, platformName: string) {
+    if (!confirm(`Are you sure you want to remove the ${platformName} link?`)) return;
+
+    try {
+      await apiFetch(`/api/profiles/me/links/${id}`, {
+        method: 'DELETE',
+      });
+      links = links.filter((l) => l.id !== id);
+      showToast(`${platformName} link successfully deleted.`);
+    } catch (err: any) {
+      showToast(err.message || 'Failed to delete link', 'error');
+    }
+  }
+
+  async function moveLink(index: number, direction: 'up' | 'down') {
+    const targetIndex = direction === 'up' ? index - 1 : index + 1;
+    if (targetIndex < 0 || targetIndex >= links.length) return;
+
+    // Swap elements
+    const listCopy = [...links];
+    const temp = listCopy[index];
+    listCopy[index] = listCopy[targetIndex];
+    listCopy[targetIndex] = temp;
+
+    // Update display orders locally
+    const reordered = listCopy.map((link, i) => ({
+      ...link,
+      displayOrder: i,
+    }));
+
+    // Optimistic UI state update
+    links = reordered;
+
+    try {
+      await apiFetch('/api/profiles/me/links/reorder', {
+        method: 'PUT',
+        body: JSON.stringify({
+          links: reordered.map((l) => ({ id: l.id, displayOrder: l.displayOrder })),
+        }),
+      });
+      showToast('Profile order updated.');
+    } catch (err: any) {
+      showToast(err.message || 'Failed to persist order change', 'error');
+    }
+  }
+
+  // ─── Sharing & Exporters ───
+  function copyPublicLink() {
+    const profileUrl = `${window.location.origin}/u/${user.username}`;
+    navigator.clipboard.writeText(profileUrl)
+      .then(() => showToast('Public DevCard URL copied to clipboard!'))
+      .catch(() => showToast('Failed to copy. URL: ' + profileUrl, 'error'));
+  }
+
+  function downloadQRCode(format: 'png' | 'svg') {
+    const qrUrl = `/api/u/${user.username}/qr?format=${format}&size=500`;
+    showToast(`Downloading QR code in ${format.toUpperCase()} format...`);
+    
+    // Create direct download trigger
+    const a = document.createElement('a');
+    a.href = qrUrl;
+    a.download = `devcard-${user.username}.${format}`;
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+  }
+</script>
+
+<div class="bg-gradient" style="--accent: {user.accentColor}"></div>
+
+<div class="toasts-container">
+  {#each toasts as toast (toast.id)}
+    <div class="toast glass {toast.type}">
+      <span class="toast-icon">{toast.type === 'success' ? '⚡' : '⚠️'}</span>
+      <span class="toast-message">{toast.message}</span>
+    </div>
+  {/each}
+</div>
+
+<main class="dashboard-container">
+  <!-- Nav Header -->
+  <nav class="nav-glass glass">
+    <div class="nav-content">
+      <div class="logo">⚡ <span class="gradient-text">DevCard Studio</span></div>
+      <div class="user-pill glass">
+        {#if user.avatarUrl}
+          <img src={user.avatarUrl} alt={user.displayName} class="nav-avatar" />
+        {:else}
+          <div class="nav-avatar-placeholder" style="background: {user.accentColor}">
+            {user.displayName.charAt(0).toUpperCase()}
+          </div>
+        {/if}
+        <span class="nav-username">@{user.username}</span>
+        <a href="/" class="logout-btn">Exit</a>
+      </div>
+    </div>
+  </nav>
+
+  <!-- Workspace Grid Layout -->
+  <div class="workspace-grid">
+    
+    <!-- LEFT PANEL: CUSTOMIZER -->
+    <section class="panel-card glass customizer-panel">
+      <div class="panel-header">
+        <span class="panel-icon">🎨</span>
+        <h2>Card Customizer</h2>
+      </div>
+      <p class="panel-desc">Fine-tune your brand colors and professional details.</p>
+      
+      <form onsubmit={handleProfileSave} class="studio-form">
+        <div class="form-row">
+          <div class="form-group">
+            <label for="displayName">Display Name</label>
+            <input type="text" id="displayName" bind:value={user.displayName} required placeholder="Jane Doe" />
+          </div>
+          <div class="form-group">
+            <label for="accentColor">Glow Color</label>
+            <div class="color-picker-wrapper">
+              <input type="color" id="accentColor" bind:value={user.accentColor} />
+              <input type="text" bind:value={user.accentColor} class="color-hex" uppercase minlength="7" maxlength="7" />
+            </div>
+          </div>
+        </div>
+
+        <div class="form-row">
+          <div class="form-group">
+            <label for="role">Role / Headline</label>
+            <input type="text" id="role" bind:value={user.role} placeholder="Senior React Native Developer" />
+          </div>
+          <div class="form-group">
+            <label for="company">Company</label>
+            <input type="text" id="company" bind:value={user.company} placeholder="Google" />
+          </div>
+        </div>
+
+        <div class="form-group">
+          <label for="avatarUrl">Avatar Image URL</label>
+          <input type="url" id="avatarUrl" bind:value={user.avatarUrl} placeholder="https://images.unsplash.com/... or dicebear svg" />
+        </div>
+
+        <div class="form-group">
+          <label for="bio">Profile Bio</label>
+          <textarea id="bio" bind:value={user.bio} rows="4" placeholder="Brief developer manifesto..."></textarea>
+        </div>
+
+        <button type="submit" class="btn-primary form-submit" disabled={isSavingUser}>
+          {#if isSavingUser}Saving Profile...{:else}Update Profile ⚡{/if}
+        </button>
+      </form>
+    </section>
+
+    <!-- CENTER PANEL: LINK MANAGER -->
+    <section class="panel-card glass link-manager-panel">
+      <div class="panel-header">
+        <span class="panel-icon">🔗</span>
+        <h2>Unified Link Manager</h2>
+      </div>
+      <p class="panel-desc">Register or reorder profiles linked directly to your smart card.</p>
+
+      <div class="link-manager-actions">
+        <button class="btn-primary add-link-trigger" onclick={() => isModalOpen = true}>
+          + Register Platform Link
+        </button>
+      </div>
+
+      <div class="links-list-container">
+        {#if links.length === 0}
+          <div class="empty-state glass">
+            <div class="empty-icon">📭</div>
+            <h3>No profiles linked yet</h3>
+            <p>Add your LeetCode, GitHub, or LinkedIn pages to get started.</p>
+          </div>
+        {:else}
+          <div class="links-list">
+            {#each links as link, index (link.id)}
+              {@const platform = PLATFORMS[link.platform]}
+              <div class="link-item glass" style="border-left: 3px solid {platform?.color || '#6366f1'}">
+                <div class="link-badge" style="background: {platform?.color || '#6366f1'}">
+                  {platform?.name.charAt(0) || link.platform.charAt(0)}
+                </div>
+                <div class="link-details">
+                  <h4 class="link-platform-name">{platform?.name || link.platform}</h4>
+                  <span class="link-username-text">@{link.username}</span>
+                </div>
+                
+                <div class="link-controls">
+                  <!-- Reordering buttons -->
+                  <button class="control-btn" disabled={index === 0} onclick={() => moveLink(index, 'up')} aria-label="Move Up">▲</button>
+                  <button class="control-btn" disabled={index === links.length - 1} onclick={() => moveLink(index, 'down')} aria-label="Move Down">▼</button>
+                  <button class="control-btn delete-btn" onclick={() => handleDeleteLink(link.id, platform?.name || link.platform)} aria-label="Delete">🗑️</button>
+                </div>
+              </div>
+            {/each}
+          </div>
+        {/if}
+      </div>
+    </section>
+
+    <!-- RIGHT PANEL: LIVE CARD PREVIEW & SHARE -->
+    <section class="panel-card glass preview-panel">
+      <div class="panel-header">
+        <span class="panel-icon">📱</span>
+        <h2>Dynamic Card Live View</h2>
+      </div>
+      <p class="panel-desc">Real-time preview of your public identity page.</p>
+
+      <!-- Reactive Mini DevCard Mockup -->
+      <div class="mini-devcard-wrapper">
+        <div class="mini-devcard glass" style="--accent: {user.accentColor}">
+          <div class="card-glow" style="background: {accentGlow}"></div>
+          
+          <div class="card-identity">
+            {#if user.avatarUrl}
+              <img src={user.avatarUrl} alt={user.displayName} class="card-avatar" />
+            {:else}
+              <div class="card-avatar-placeholder" style="background: {user.accentColor}">
+                {user.displayName.charAt(0).toUpperCase()}
+              </div>
+            {/if}
+            <h3 class="card-displayName">{user.displayName}</h3>
+            {#if user.role}
+              <span class="card-role">{user.role}{user.company ? ` @ ${user.company}` : ''}</span>
+            {/if}
+            {#if user.bio}
+              <p class="card-bio">{user.bio}</p>
+            {/if}
+          </div>
+
+          <div class="card-links-scroll font-sans">
+            {#if links.length === 0}
+              <div class="card-empty-hint">Linked platforms will float here</div>
+            {:else}
+              {#each links as link (link.id)}
+                {@const platform = PLATFORMS[link.platform]}
+                <div class="card-mini-tile glass" style="border-left: 2px solid {platform?.color || '#6366f1'}">
+                  <span class="tile-icon-circle" style="background: {platform?.color || '#6366f1'}"></span>
+                  <span class="tile-label">{platform?.name || link.platform}</span>
+                </div>
+              {/each}
+            {/if}
+          </div>
+        </div>
+      </div>
+
+      <!-- Sharing Panel / QR Exporters -->
+      <div class="sharing-controls-box glass">
+        <h3>Share & Download</h3>
+        <p>Copy your direct profile link or export high-resolution QR graphics for printing.</p>
+        
+        <div class="export-actions">
+          <button class="btn-primary outline" onclick={copyPublicLink}>
+            🔗 Copy DevCard Link
+          </button>
+          
+          <div class="qr-export-group">
+            <span class="qr-label">Download QR Code:</span>
+            <div class="qr-buttons">
+              <button onclick={() => downloadQRCode('png')} class="btn-secondary">PNG Image</button>
+              <button onclick={() => downloadQRCode('svg')} class="btn-secondary">Vector SVG</button>
+            </div>
+          </div>
+        </div>
+      </div>
+    </section>
+
+  </div>
+</main>
+
+<!-- Platform Link Creator Dialog Modal -->
+{#if isModalOpen}
+  <div class="modal-backdrop" onclick={() => isModalOpen = false}>
+    <div class="modal-content glass" onclick={(e) => e.stopPropagation()}>
+      <header class="modal-header">
+        <h3>Link Platform Profile</h3>
+        <button class="close-modal-btn" onclick={() => isModalOpen = false}>×</button>
+      </header>
+      
+      <form onsubmit={handleAddLink} class="modal-form">
+        <div class="form-group">
+          <label for="platformSelect">Select Developer Service</label>
+          <select id="platformSelect" bind:value={selectedPlatform}>
+            {#each availablePlatforms as p}
+              <option value={p.id}>{p.name}</option>
+            {/each}
+          </select>
+        </div>
+
+        {#if selectedPlatformDef}
+          {#if selectedPlatformDef.usesFullUrl}
+            <div class="form-group">
+              <label for="customUrl">Profile Website Address (URL)</label>
+              <input
+                type="url"
+                id="customUrl"
+                placeholder={selectedPlatformDef.usernamePlaceholder}
+                bind:value={linkCustomUrl}
+                required
+              />
+            </div>
+          {:else}
+            <div class="form-group">
+              <label for="platformUsername">{selectedPlatformDef.name} Handle / Username</label>
+              <div class="modal-input-wrapper">
+                {#if selectedPlatformDef.urlPattern}
+                  <span class="url-pattern-prefix">
+                    {selectedPlatformDef.urlPattern.split('{username}')[0]}
+                  </span>
+                {/if}
+                <input
+                  type="text"
+                  id="platformUsername"
+                  placeholder={selectedPlatformDef.usernamePlaceholder}
+                  bind:value={linkUsername}
+                  required
+                />
+              </div>
+            </div>
+          {/if}
+        {/if}
+
+        {#if addError}
+          <div class="alert alert-error">{addError}</div>
+        {/if}
+
+        <div class="modal-actions">
+          <button type="button" class="btn-secondary" onclick={() => isModalOpen = false}>Cancel</button>
+          <button type="submit" class="btn-primary" disabled={isSavingLinks}>
+            {#if isSavingLinks}Registering...{:else}Connect Profile ⚡{/if}
+          </button>
+        </div>
+      </form>
+    </div>
+  </div>
+{/if}
+
+<style>
+  .bg-gradient {
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    background: radial-gradient(circle at 50% 0%, var(--accent), transparent 50%),
+                radial-gradient(circle at 100% 100%, var(--accent-glow), transparent 40%),
+                var(--bg-page);
+    opacity: 0.16;
+    z-index: -1;
+    transition: background 0.8s ease-in-out;
+  }
+
+  .toasts-container {
+    position: fixed;
+    top: 2rem;
+    right: 2rem;
+    display: flex;
+    flex-direction: column;
+    gap: 0.75rem;
+    z-index: 9999;
+  }
+
+  .toast {
+    display: flex;
+    align-items: center;
+    gap: 0.8rem;
+    padding: 0.85rem 1.25rem;
+    border-radius: var(--radius);
+    border: 1px solid rgba(255, 255, 255, 0.08);
+    box-shadow: 0 16px 40px -15px rgba(0, 0, 0, 0.5);
+    background: rgba(15, 23, 42, 0.94);
+    animation: toastSlideIn 0.3s cubic-bezier(0.16, 1, 0.3, 1) forwards;
+  }
+
+  .toast.error {
+    border-left: 3px solid #ef4444;
+  }
+
+  .toast.success {
+    border-left: 3px solid #6366f1;
+  }
+
+  @keyframes toastSlideIn {
+    from { opacity: 0; transform: translateX(30px) scale(0.95); }
+    to { opacity: 1; transform: translateX(0) scale(1); }
+  }
+
+  .toast-icon {
+    font-size: 1.15rem;
+  }
+
+  .toast-message {
+    font-size: 0.88rem;
+    font-weight: 600;
+    color: var(--text-primary);
+  }
+
+  .dashboard-container {
+    max-width: 1400px;
+    margin: 0 auto;
+    padding: 1.5rem 1.25rem 3rem;
+  }
+
+  .nav-glass {
+    border-radius: var(--radius-xl);
+    padding: 0.85rem 1.75rem;
+    margin-bottom: 2rem;
+  }
+
+  .nav-content {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+  }
+
+  .logo {
+    font-family: 'Outfit', sans-serif;
+    font-weight: 800;
+    font-size: 1.35rem;
+  }
+
+  .user-pill {
+    display: flex;
+    align-items: center;
+    gap: 0.75rem;
+    padding: 0.45rem 1rem;
+    border-radius: 999px;
+    background: var(--btn-secondary-bg);
+    border: 1px solid var(--btn-secondary-border);
+  }
+
+  .nav-avatar {
+    width: 28px;
+    height: 28px;
+    border-radius: 50%;
+    object-fit: cover;
+  }
+
+  .nav-avatar-placeholder {
+    width: 28px;
+    height: 28px;
+    border-radius: 50%;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-size: 0.75rem;
+    font-weight: 800;
+    color: white;
+  }
+
+  .nav-username {
+    font-size: 0.85rem;
+    font-weight: 700;
+    color: var(--text-secondary);
+  }
+
+  .logout-btn {
+    font-size: 0.82rem;
+    font-weight: 700;
+    color: #ef4444;
+    padding-left: 0.5rem;
+    border-left: 1px solid rgba(255,255,255,0.12);
+  }
+
+  .workspace-grid {
+    display: grid;
+    grid-template-columns: 1fr 1fr 1fr;
+    gap: 1.75rem;
+    align-items: start;
+  }
+
+  @media (max-width: 1200px) {
+    .workspace-grid {
+      grid-template-columns: 1fr 1fr;
+    }
+    .preview-panel {
+      grid-column: span 2;
+    }
+  }
+
+  @media (max-width: 800px) {
+    .workspace-grid {
+      grid-template-columns: 1fr;
+    }
+    .preview-panel {
+      grid-column: span 1;
+    }
+  }
+
+  .panel-card {
+    border-radius: var(--radius-xl);
+    padding: 2.25rem 1.75rem;
+    min-height: 520px;
+    display: flex;
+    flex-direction: column;
+  }
+
+  .panel-header {
+    display: flex;
+    align-items: center;
+    gap: 0.75rem;
+    margin-bottom: 0.5rem;
+  }
+
+  .panel-icon {
+    font-size: 1.6rem;
+  }
+
+  h2 {
+    font-size: 1.35rem;
+    font-weight: 800;
+  }
+
+  .panel-desc {
+    font-size: 0.88rem;
+    color: var(--text-muted);
+    line-height: 1.5;
+    margin-bottom: 2rem;
+  }
+
+  .studio-form {
+    display: flex;
+    flex-direction: column;
+    gap: 1.25rem;
+    flex: 1;
+  }
+
+  .form-row {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: 1.1rem;
+  }
+
+  @media (max-width: 480px) {
+    .form-row {
+      grid-template-columns: 1fr;
+    }
+  }
+
+  .form-group {
+    display: flex;
+    flex-direction: column;
+    gap: 0.45rem;
+  }
+
+  label {
+    font-size: 0.78rem;
+    font-weight: 700;
+    color: var(--text-secondary);
+    text-transform: uppercase;
+    letter-spacing: 0.5px;
+  }
+
+  input, select, textarea {
+    background: var(--bg-secondary);
+    border: 1px solid var(--border);
+    color: var(--text-primary);
+    padding: 0.8rem 0.95rem;
+    border-radius: var(--radius);
+    font: inherit;
+    transition: all 0.2s ease;
+  }
+
+  input:focus, select:focus, textarea:focus {
+    outline: none;
+    border-color: var(--primary);
+    background: var(--bg-primary);
+    box-shadow: 0 0 0 3px var(--primary-glow);
+  }
+
+  .color-picker-wrapper {
+    display: flex;
+    gap: 0.75rem;
+    align-items: center;
+  }
+
+  input[type="color"] {
+    width: 44px;
+    height: 44px;
+    padding: 0;
+    border: 1px solid rgba(255,255,255,0.12);
+    border-radius: 50%;
+    cursor: pointer;
+    background: transparent;
+  }
+
+  .color-hex {
+    font-family: monospace;
+    text-align: center;
+    flex: 1;
+  }
+
+  textarea {
+    resize: none;
+  }
+
+  .btn-primary {
+    padding: 0.85rem 1.25rem;
+    font-weight: 700;
+    border: none;
+    border-radius: var(--radius);
+    cursor: pointer;
+    transition: all 0.2s ease;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+  }
+
+  .btn-primary:hover {
+    transform: translateY(-1px);
+    box-shadow: 0 6px 18px -8px #6366f1;
+  }
+
+  .btn-primary.outline {
+    background: rgba(255,255,255,0.06);
+    border: 1px solid rgba(255,255,255,0.12);
+    color: var(--text-primary);
+  }
+
+  .btn-primary.outline:hover {
+    background: rgba(255,255,255,0.1);
+    border-color: #6366f1;
+  }
+
+  .form-submit {
+    margin-top: auto;
+  }
+
+  /* LINK MANAGER STYLING */
+  .add-link-trigger {
+    width: 100%;
+    padding: 0.95rem;
+    font-size: 0.92rem;
+    margin-bottom: 1.5rem;
+  }
+
+  .links-list-container {
+    flex: 1;
+    overflow-y: auto;
+    max-height: 480px;
+    padding-right: 0.35rem;
+  }
+
+  .links-list-container::-webkit-scrollbar {
+    width: 4px;
+  }
+
+  .links-list-container::-webkit-scrollbar-thumb {
+    background: rgba(255,255,255,0.1);
+    border-radius: 99px;
+  }
+
+  .empty-state {
+    text-align: center;
+    padding: 3rem 1.5rem;
+    border-radius: var(--radius);
+    border: 1px dashed rgba(255,255,255,0.08);
+  }
+
+  .empty-icon {
+    font-size: 2.5rem;
+    margin-bottom: 1rem;
+  }
+
+  .empty-state h3 {
+    font-size: 1.05rem;
+    margin-bottom: 0.4rem;
+  }
+
+  .empty-state p {
+    font-size: 0.82rem;
+    color: var(--text-muted);
+    line-height: 1.45;
+  }
+
+  .links-list {
+    display: flex;
+    flex-direction: column;
+    gap: 0.75rem;
+  }
+
+  .link-item {
+    display: flex;
+    align-items: center;
+    padding: 0.85rem 1.1rem;
+    border-radius: var(--radius);
+    background: var(--bg-secondary);
+    border: 1px solid var(--border);
+    transition: all 0.2s ease;
+  }
+
+  .link-item:hover {
+    background: var(--bg-primary);
+    border-color: var(--primary);
+  }
+
+  .link-badge {
+    width: 32px;
+    height: 32px;
+    border-radius: 9px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    color: white;
+    font-weight: 800;
+    font-size: 0.95rem;
+    box-shadow: 0 4px 10px rgba(0,0,0,0.3);
+  }
+
+  .link-details {
+    flex: 1;
+    margin-left: 0.85rem;
+    min-width: 0;
+  }
+
+  .link-platform-name {
+    font-weight: 700;
+    font-size: 0.92rem;
+    margin-bottom: 0.1rem;
+  }
+
+  .link-username-text {
+    font-size: 0.78rem;
+    color: var(--text-muted);
+    display: block;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+  }
+
+  .link-controls {
+    display: flex;
+    align-items: center;
+    gap: 0.35rem;
+  }
+
+  .control-btn {
+    width: 30px;
+    height: 30px;
+    border-radius: 50%;
+    border: 1px solid var(--btn-secondary-border);
+    background: var(--btn-secondary-bg);
+    color: var(--text-secondary);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    cursor: pointer;
+    font-size: 0.75rem;
+    transition: all 0.2s ease;
+  }
+
+  .control-btn:hover:not(:disabled) {
+    background: var(--btn-secondary-hover-bg);
+    color: var(--text-primary);
+  }
+
+  .control-btn:disabled {
+    opacity: 0.3;
+    cursor: not-allowed;
+  }
+
+  .control-btn.delete-btn {
+    border-color: rgba(239, 68, 68, 0.15);
+    background: rgba(239, 68, 68, 0.05);
+    color: #ef4444;
+  }
+
+  .control-btn.delete-btn:hover {
+    background: rgba(239, 68, 68, 0.18);
+    color: #f87171;
+  }
+
+  /* PREVIEW PANEL STYLING */
+  .mini-devcard-wrapper {
+    display: flex;
+    justify-content: center;
+    margin-bottom: 2rem;
+  }
+
+  .mini-devcard {
+    width: 290px;
+    height: 380px;
+    border-radius: 20px;
+    background: var(--bg-glass);
+    backdrop-filter: blur(18px);
+    -webkit-backdrop-filter: blur(18px);
+    border: 1px solid var(--border-glass);
+    padding: 1.75rem;
+    position: relative;
+    overflow: hidden;
+    display: flex;
+    flex-direction: column;
+    box-shadow: var(--shadow-lg);
+  }
+
+  .card-glow {
+    position: absolute;
+    top: -60px;
+    left: -20px;
+    right: -20px;
+    height: 200px;
+    pointer-events: none;
+    z-index: 0;
+    transition: background 0.8s ease;
+  }
+
+  .card-identity {
+    position: relative;
+    z-index: 1;
+    text-align: center;
+    margin-bottom: 1.25rem;
+  }
+
+  .card-avatar {
+    width: 60px;
+    height: 60px;
+    border-radius: 50%;
+    object-fit: cover;
+    border: 2px solid var(--border-glass);
+    margin: 0 auto 0.6rem;
+  }
+
+  .card-avatar-placeholder {
+    width: 60px;
+    height: 60px;
+    border-radius: 50%;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-size: 1.5rem;
+    font-weight: 800;
+    color: white;
+    margin: 0 auto 0.6rem;
+  }
+
+  .card-displayName {
+    font-size: 1.1rem;
+    font-weight: 800;
+    margin-bottom: 0.15rem;
+  }
+
+  .card-role {
+    font-size: 0.72rem;
+    color: var(--text-secondary);
+    background: var(--btn-secondary-bg);
+    padding: 0.25rem 0.6rem;
+    border-radius: 99px;
+    border: 1px solid var(--btn-secondary-border);
+  }
+
+  .card-bio {
+    font-size: 0.72rem;
+    color: var(--text-muted);
+    line-height: 1.45;
+    margin-top: 0.65rem;
+    overflow: hidden;
+    display: -webkit-box;
+    -webkit-line-clamp: 2;
+    -webkit-box-orient: vertical;
+  }
+
+  .card-links-scroll {
+    position: relative;
+    z-index: 1;
+    flex: 1;
+    overflow-y: auto;
+    display: flex;
+    flex-direction: column;
+    gap: 0.5rem;
+    padding-right: 0.2rem;
+  }
+
+  .card-links-scroll::-webkit-scrollbar {
+    width: 3px;
+  }
+
+  .card-links-scroll::-webkit-scrollbar-thumb {
+    background: rgba(255,255,255,0.08);
+    border-radius: 99px;
+  }
+
+  .card-empty-hint {
+    text-align: center;
+    font-size: 0.7rem;
+    color: var(--text-muted);
+    margin: auto 0;
+  }
+
+  .card-mini-tile {
+    display: flex;
+    align-items: center;
+    padding: 0.55rem 0.75rem;
+    border-radius: 9px;
+    background: var(--btn-secondary-bg);
+    border: 1px solid var(--btn-secondary-border);
+  }
+
+  .tile-icon-circle {
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+  }
+
+  .tile-label {
+    font-size: 0.75rem;
+    font-weight: 700;
+    margin-left: 0.6rem;
+  }
+
+  .sharing-controls-box {
+    border-radius: var(--radius);
+    padding: 1.5rem;
+    background: var(--bg-secondary);
+    border: 1px solid var(--border);
+    text-align: center;
+  }
+
+  .sharing-controls-box h3 {
+    font-size: 0.98rem;
+    font-weight: 700;
+    margin-bottom: 0.35rem;
+  }
+
+  .sharing-controls-box p {
+    font-size: 0.78rem;
+    color: var(--text-muted);
+    line-height: 1.45;
+    margin-bottom: 1.25rem;
+  }
+
+  .export-actions {
+    display: flex;
+    flex-direction: column;
+    gap: 1.1rem;
+  }
+
+  .qr-export-group {
+    display: flex;
+    flex-direction: column;
+    gap: 0.45rem;
+    text-align: left;
+    border-top: 1px solid rgba(255,255,255,0.08);
+    padding-top: 1rem;
+  }
+
+  .qr-label {
+    font-size: 0.75rem;
+    font-weight: 700;
+    color: var(--text-muted);
+    text-transform: uppercase;
+  }
+
+  .qr-buttons {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: 0.75rem;
+  }
+
+  .btn-secondary {
+    padding: 0.65rem 1rem;
+    border-radius: var(--radius);
+    border: 1px solid rgba(255,255,255,0.1);
+    background: rgba(255,255,255,0.05);
+    color: var(--text-secondary);
+    font-weight: 700;
+    font-size: 0.8rem;
+    cursor: pointer;
+    transition: all 0.2s ease;
+  }
+
+  .btn-secondary:hover {
+    background: rgba(255,255,255,0.12);
+    color: var(--text-primary);
+  }
+
+  /* MODAL STYLING */
+  .modal-backdrop {
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    background: rgba(2, 6, 23, 0.4);
+    backdrop-filter: blur(8px);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    z-index: 9999;
+    padding: 1.25rem;
+  }
+  
+  :global(html.dark) .modal-backdrop {
+    background: rgba(2, 6, 23, 0.75);
+  }
+
+  .modal-content {
+    width: 100%;
+    max-width: 480px;
+    border-radius: var(--radius-xl);
+    padding: 2.25rem 2rem;
+    background: var(--bg-glass);
+    backdrop-filter: blur(20px);
+    -webkit-backdrop-filter: blur(20px);
+    border: 1px solid var(--border-glass);
+    box-shadow: var(--shadow-lg);
+  }
+
+  .modal-header {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    margin-bottom: 1.75rem;
+  }
+
+  .modal-header h3 {
+    font-size: 1.2rem;
+    font-weight: 800;
+  }
+
+  .close-modal-btn {
+    background: transparent;
+    border: none;
+    color: var(--text-muted);
+    font-size: 1.75rem;
+    cursor: pointer;
+    line-height: 0.8;
+  }
+
+  .modal-form {
+    display: flex;
+    flex-direction: column;
+    gap: 1.25rem;
+  }
+
+  .modal-input-wrapper {
+    display: flex;
+    align-items: stretch;
+    border-radius: var(--radius);
+    border: 1px solid var(--border);
+    background: var(--bg-secondary);
+    overflow: hidden;
+  }
+
+  .url-pattern-prefix {
+    padding: 0.75rem 0.95rem;
+    font-size: 0.8rem;
+    color: var(--text-muted);
+    background: var(--bg-primary);
+    border-right: 1px solid var(--border);
+    display: flex;
+    align-items: center;
+    white-space: nowrap;
+    user-select: none;
+  }
+
+  .modal-input-wrapper input {
+    border: none;
+    border-radius: 0;
+    flex: 1;
+    background: transparent;
+  }
+
+  .modal-input-wrapper input:focus {
+    box-shadow: none;
+  }
+
+  .modal-actions {
+    display: flex;
+    justify-content: flex-end;
+    gap: 0.75rem;
+    margin-top: 0.75rem;
+  }
+
+  .modal-actions button {
+    padding: 0.75rem 1.25rem;
+  }
+</style>
diff --git a/apps/web/src/routes/login/+page.svelte b/apps/web/src/routes/login/+page.svelte
new file mode 100644
index 0000000..6b63775
--- /dev/null
+++ b/apps/web/src/routes/login/+page.svelte
@@ -0,0 +1,335 @@
+<script lang="ts">
+  import { apiFetch } from '$lib/api';
+  import { onMount } from 'svelte';
+
+  let username = $state('');
+  let loading = $state(false);
+  let errorMessage = $state('');
+  let successMessage = $state('');
+  let mounted = $state(false);
+
+  onMount(() => {
+    mounted = true;
+  });
+
+  async function handleBypassLogin(e: SubmitEvent) {
+    e.preventDefault();
+    if (!username.trim()) {
+      errorMessage = 'Please provide a username to begin.';
+      return;
+    }
+
+    loading = true;
+    errorMessage = '';
+    successMessage = '';
+
+    try {
+      const res = await apiFetch('/auth/bypass', {
+        method: 'POST',
+        body: JSON.stringify({ username: username.trim() }),
+      });
+      successMessage = `Welcome back, ${res.user.displayName}! Redirecting to studio...`;
+      setTimeout(() => {
+        window.location.href = '/dashboard';
+      }, 1000);
+    } catch (err: any) {
+      errorMessage = err.message || 'Authentication failed. Please verify the backend is running.';
+    } finally {
+      loading = false;
+    }
+  }
+</script>
+
+<svelte:head>
+  <title>Login | DevCard Studio ⚡</title>
+</svelte:head>
+
+<div class="bg-glow"></div>
+
+<main class="login-container {mounted ? 'loaded' : ''}">
+  <div class="login-card glass">
+    <header class="login-header">
+      <div class="logo">⚡ <span class="gradient-text">DevCard</span></div>
+      <h1>Creator Studio</h1>
+      <p class="tagline">Manage your digital developer identity in real time.</p>
+    </header>
+
+    <form onsubmit={handleBypassLogin} class="login-form">
+      <div class="form-group">
+        <label for="username">Local Developer Bypass</label>
+        <div class="input-wrapper">
+          <span class="at-prefix">@</span>
+          <input
+            type="text"
+            id="username"
+            placeholder="e.g. janesmith"
+            bind:value={username}
+            disabled={loading}
+            required
+            autocomplete="off"
+            autocorrect="off"
+            autocapitalize="none"
+          />
+        </div>
+        <p class="field-hint">Enter any username to create or log into a local profile instantly.</p>
+      </div>
+
+      {#if errorMessage}
+        <div class="alert alert-error">
+          <span class="icon">⚠️</span> {errorMessage}
+        </div>
+      {/if}
+
+      {#if successMessage}
+        <div class="alert alert-success">
+          <span class="icon">✨</span> {successMessage}
+        </div>
+      {/if}
+
+      <button type="submit" class="btn-primary" disabled={loading}>
+        {#if loading}
+          <span class="spinner"></span> Logging you in...
+        {:else}
+          Enter Creator Studio ⚡
+        {/if}
+      </button>
+    </form>
+    
+    <div class="oauth-section">
+      <div class="divider">
+        <span>Local Development Mode</span>
+      </div>
+      <p class="oauth-hint">External Google & GitHub OAuth secrets are bypassable in localhost environments for seamless setup.</p>
+    </div>
+  </div>
+</main>
+
+<style>
+  .bg-glow {
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    background: radial-gradient(circle at 50% 30%, var(--primary-glow), transparent 45%),
+                radial-gradient(circle at 10% 80%, var(--accent-glow), transparent 35%);
+    pointer-events: none;
+    z-index: -1;
+    background-color: var(--bg-page);
+  }
+
+  .login-container {
+    min-height: 100vh;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    padding: 1.5rem;
+    opacity: 0;
+    transform: translateY(12px);
+    transition: opacity 0.5s ease-out, transform 0.5s ease-out;
+  }
+
+  .login-container.loaded {
+    opacity: 1;
+    transform: translateY(0);
+  }
+
+  .login-card {
+    width: 100%;
+    max-width: 440px;
+    border-radius: var(--radius-xl);
+    padding: 2.5rem 2.25rem;
+    box-shadow: var(--shadow-lg);
+    background: var(--bg-glass);
+    backdrop-filter: blur(18px);
+    -webkit-backdrop-filter: blur(18px);
+    border: 1px solid var(--border-glass);
+    text-align: center;
+  }
+
+  .login-header {
+    margin-bottom: 2.25rem;
+  }
+
+  .logo {
+    font-family: 'Outfit', sans-serif;
+    font-weight: 800;
+    font-size: 1.6rem;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 0.5rem;
+    margin-bottom: 1rem;
+  }
+
+  h1 {
+    font-size: 1.85rem;
+    font-weight: 800;
+    margin-bottom: 0.4rem;
+    color: var(--text-primary);
+  }
+
+  .tagline {
+    color: var(--text-muted);
+    font-size: 0.92rem;
+    line-height: 1.5;
+  }
+
+  .login-form {
+    display: flex;
+    flex-direction: column;
+    gap: 1.25rem;
+    text-align: left;
+  }
+
+  .form-group {
+    display: flex;
+    flex-direction: column;
+    gap: 0.5rem;
+  }
+
+  label {
+    font-size: 0.85rem;
+    font-weight: 700;
+    color: var(--text-secondary);
+    letter-spacing: 0.5px;
+    text-transform: uppercase;
+  }
+
+  .input-wrapper {
+    position: relative;
+    display: flex;
+    align-items: center;
+  }
+
+  .at-prefix {
+    position: absolute;
+    left: 1.1rem;
+    color: var(--text-muted);
+    font-weight: 600;
+    font-size: 1.05rem;
+    pointer-events: none;
+  }
+
+  input {
+    width: 100%;
+    padding: 0.85rem 1rem 0.85rem 2.2rem;
+    border-radius: var(--radius);
+    background: var(--bg-secondary);
+    border: 1px solid var(--border);
+    color: var(--text-primary);
+    font: inherit;
+    transition: all 0.2s ease;
+  }
+
+  input:focus {
+    outline: none;
+    border-color: var(--primary);
+    background: var(--bg-primary);
+    box-shadow: 0 0 0 3px var(--primary-glow);
+  }
+
+  input:disabled {
+    opacity: 0.6;
+    cursor: not-allowed;
+  }
+
+  .field-hint {
+    font-size: 0.78rem;
+    color: var(--text-muted);
+    line-height: 1.4;
+  }
+
+  .alert {
+    padding: 0.85rem 1rem;
+    border-radius: var(--radius);
+    font-size: 0.85rem;
+    line-height: 1.45;
+    display: flex;
+    align-items: flex-start;
+    gap: 0.6rem;
+  }
+
+  .alert-error {
+    background: rgba(239, 68, 68, 0.08);
+    border: 1px solid rgba(239, 68, 68, 0.2);
+    color: #f87171;
+  }
+
+  .alert-success {
+    background: rgba(16, 185, 129, 0.08);
+    border: 1px solid rgba(16, 185, 129, 0.2);
+    color: #34d399;
+  }
+
+  .btn-primary {
+    width: 100%;
+    padding: 0.9rem;
+    font-weight: 700;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 0.5rem;
+    border: none;
+    border-radius: var(--radius);
+    cursor: pointer;
+    transition: all 0.2s ease;
+  }
+
+  .btn-primary:hover {
+    transform: translateY(-1px);
+    box-shadow: 0 8px 24px -10px #6366f1;
+  }
+
+  .btn-primary:disabled {
+    opacity: 0.7;
+    cursor: not-allowed;
+    transform: none;
+  }
+
+  .oauth-section {
+    margin-top: 2rem;
+  }
+
+  .divider {
+    display: flex;
+    align-items: center;
+    margin-bottom: 1rem;
+  }
+
+  .divider::before,
+  .divider::after {
+    content: '';
+    flex: 1;
+    height: 1px;
+    background: var(--border);
+  }
+
+  .divider span {
+    padding: 0 0.75rem;
+    font-size: 0.75rem;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.5px;
+    color: var(--text-muted);
+  }
+
+  .oauth-hint {
+    font-size: 0.78rem;
+    color: var(--text-muted);
+    line-height: 1.5;
+  }
+
+  .spinner {
+    width: 16px;
+    height: 16px;
+    border: 2px solid rgba(255, 255, 255, 0.3);
+    border-top-color: white;
+    border-radius: 50%;
+    animation: spin 0.8s linear infinite;
+  }
+
+  @keyframes spin {
+    to { transform: rotate(360deg); }
+  }
+</style>
diff --git a/apps/web/src/routes/u/[username]/+page.svelte b/apps/web/src/routes/u/[username]/+page.svelte
index bb23cca..000c4c8 100644
--- a/apps/web/src/routes/u/[username]/+page.svelte
+++ b/apps/web/src/routes/u/[username]/+page.svelte
@@ -154,7 +154,7 @@
     right: 0;
     bottom: 0;
     background: radial-gradient(circle at 50% 0%, var(--accent), transparent 50%),
-                #020617;
+                var(--bg-page);
     opacity: 0.18;
     z-index: -1;
   }
@@ -180,11 +180,13 @@
     max-width: 540px;
     border-radius: var(--radius-xl);
     padding: 2.5rem 2rem;
-    box-shadow: 0 26px 60px -20px rgba(0, 0, 0, 0.55);
+    box-shadow: var(--shadow-lg);
     position: relative;
     overflow: hidden;
-    border: 1px solid rgba(255, 255, 255, 0.08);
-    background: rgba(15, 23, 42, 0.96);
+    border: 1px solid var(--border-glass);
+    background: var(--bg-glass);
+    backdrop-filter: blur(20px);
+    -webkit-backdrop-filter: blur(20px);
   }
 
   .profile-header {
@@ -233,8 +235,8 @@
     align-items: center;
     justify-content: center;
     padding: 0.45rem 1rem;
-    background: rgba(255, 255, 255, 0.08);
-    border: 1px solid rgba(255, 255, 255, 0.12);
+    background: var(--btn-secondary-bg);
+    border: 1px solid var(--btn-secondary-border);
     border-radius: 999px;
     font-size: 0.9rem;
     font-weight: 700;
@@ -261,9 +263,9 @@
     align-items: center;
     padding: 1rem;
     border-radius: calc(var(--radius) * 1.1);
-    border: 1px solid rgba(255, 255, 255, 0.1);
-    background: rgba(255, 255, 255, 0.06);
-    box-shadow: 0 12px 30px -18px rgba(0, 0, 0, 0.35);
+    border: 1px solid var(--border);
+    background: var(--bg-secondary);
+    box-shadow: var(--shadow-sm);
     transition: transform 0.25s ease, background 0.25s ease, border-color 0.25s ease;
     animation: slideIn 0.5s ease-out forwards;
     animation-delay: var(--delay);
@@ -272,9 +274,10 @@
 
   .link-tile:hover,
   .link-tile:focus-visible {
-    background: rgba(255, 255, 255, 0.13);
+    background: var(--bg-primary);
     transform: translateY(-2px);
-    border-color: rgba(99, 102, 241, 0.35);
+    border-color: var(--primary);
+    box-shadow: var(--shadow-md);
   }
 
   .link-tile:focus-visible {
@@ -332,7 +335,7 @@
   .card-footer {
     margin-top: 2.5rem;
     padding-top: 1.75rem;
-    border-top: 1px solid rgba(255,255,255,0.08);
+    border-top: 1px solid var(--border);
     display: flex;
     justify-content: space-between;
     align-items: center;
@@ -373,9 +376,9 @@
   }
 
   .copy-link-button {
-    border: 1px solid var(--border-glass);
+    border: 1px solid var(--btn-secondary-border);
     border-radius: var(--radius);
-    background: rgba(255, 255, 255, 0.08);
+    background: var(--btn-secondary-bg);
     color: var(--text-primary);
     cursor: pointer;
     font: inherit;
@@ -385,7 +388,7 @@
   }
 
   .copy-link-button:hover {
-    background: rgba(255, 255, 255, 0.15);
+    background: var(--btn-secondary-hover-bg);
     transform: translateY(-1px);
   }
 
diff --git a/apps/web/svelte.config.js b/apps/web/svelte.config.js
index 55c3bd2..38b2fca 100644
--- a/apps/web/svelte.config.js
+++ b/apps/web/svelte.config.js
@@ -14,7 +14,7 @@ const config = {
 				'script-src': ['self', 'unsafe-inline'],
 				'style-src': ['self', 'unsafe-inline', 'https://fonts.googleapis.com'],
 				'img-src': ['self', 'data:', 'https:'],
-				'connect-src': ['self'],
+				'connect-src': ['self', 'http://localhost:3000', 'ws://localhost:5173'],
 				'font-src': ['self', 'data:', 'https:', 'https://fonts.gstatic.com'],
 				'object-src': ['none'],
 				'base-uri': ['self'],
diff --git a/package.json b/package.json
index bbe44f7..77d8e64 100644
--- a/package.json
+++ b/package.json
@@ -5,6 +5,7 @@
   "description": "One Tap. Every Profile. Every Platform. Open Source Developer Profile Exchange Platform.",
   "license": "Apache-2.0",
   "scripts": {
+    "dev": "concurrently \"pnpm dev:backend\" \"pnpm dev:web\"",
     "dev:backend": "pnpm --filter @devcard/backend dev",
     "dev:mobile": "pnpm --filter @devcard/mobile start",
     "dev:web": "pnpm --filter @devcard/web dev",
diff --git a/packages/shared/src/platforms.ts b/packages/shared/src/platforms.ts
index a218957..c0de90f 100644
--- a/packages/shared/src/platforms.ts
+++ b/packages/shared/src/platforms.ts
@@ -162,6 +162,32 @@ export const PLATFORMS: Record<string, PlatformDef> = {
     usernamePlaceholder: 'e.g. coder',
     usesFullUrl: false,
   },
+  geeksforgeeks: {
+    id: 'geeksforgeeks',
+    name: 'GeeksforGeeks',
+    icon: 'code',
+    color: '#2F8D46',
+    urlPattern: 'https://www.geeksforgeeks.org/user/{username}',
+    deepLinkPattern: null,
+    webViewUrlPattern: null,
+    followStrategy: 'link',
+    oauthScopes: [],
+    usernamePlaceholder: 'e.g. gfg_user',
+    usesFullUrl: false,
+  },
+  codeforces: {
+    id: 'codeforces',
+    name: 'Codeforces',
+    icon: 'award',
+    color: '#1A8FFF',
+    urlPattern: 'https://codeforces.com/profile/{username}',
+    deepLinkPattern: null,
+    webViewUrlPattern: null,
+    followStrategy: 'link',
+    oauthScopes: [],
+    usernamePlaceholder: 'e.g. tourist',
+    usesFullUrl: false,
+  },
   hackerrank: {
     id: 'hackerrank',
     name: 'HackerRank',

From 5e2ad94e458396a3ece676de65f5ee09f7d56b8a Mon Sep 17 00:00:00 2001
From: Kaustav Halder <kaustavhalder2706@gmail.com>
Date: Sat, 23 May 2026 22:33:07 +0530
Subject: [PATCH 2/3] Resolved merge conflicts

---
 apps/web/src/app.html            |  5 ++++
 apps/web/src/routes/+page.svelte | 45 ++++++++++++++++++--------------
 2 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/apps/web/src/app.html b/apps/web/src/app.html
index ee910ff..2165b44 100644
--- a/apps/web/src/app.html
+++ b/apps/web/src/app.html
@@ -3,6 +3,11 @@
 	<head>
 		<meta charset="utf-8" />
 		<meta name="viewport" content="width=device-width, initial-scale=1" />
+		<meta name="theme-color" media="(prefers-color-scheme: light)" content="#ffffff" />
+		<meta name="theme-color" media="(prefers-color-scheme: dark)" content="#0f0f1a" />
+		<meta property="og:type" content="website" />
+		<meta property="og:site_name" content="DevCard" />
+		<meta name="twitter:card" content="summary_large_image" />
 		<script>
 			try {
 				const saved = localStorage.getItem('devcard-theme');
diff --git a/apps/web/src/routes/+page.svelte b/apps/web/src/routes/+page.svelte
index cab348b..dadde1c 100644
--- a/apps/web/src/routes/+page.svelte
+++ b/apps/web/src/routes/+page.svelte
@@ -26,6 +26,13 @@
     name="description"
     content="Open source developer profile exchange platform. Share all your developer profiles with one QR code."
   />
+  <meta property="og:title" content="DevCard — One Tap. Every Profile. Every Platform." />
+  <meta property="og:description" content="Open source developer profile exchange platform. Share all your developer profiles with one QR code." />
+  <meta property="og:url" content="https://devcard.example.com/" />
+  <meta property="og:image" content="https://devcard.example.com/og-image.jpg" />
+  <meta name="twitter:title" content="DevCard" />
+  <meta name="twitter:description" content="Open source developer profile exchange platform." />
+  <meta name="twitter:image" content="https://devcard.example.com/og-image.jpg" />
 </svelte:head>
 
 <div class="bg-glow"></div>
@@ -96,6 +103,8 @@
                 radial-gradient(circle at 0% 100%, var(--accent-glow), transparent 30%);
     pointer-events: none;
     z-index: -1;
+    will-change: transform, opacity;
+    transform: translateZ(0);
   }
 
   nav {
@@ -211,6 +220,11 @@
     border-color: rgba(99, 102, 241, 0.45);
   }
 
+  .btn-secondary:focus-visible {
+    outline: 3px solid rgba(99, 102, 241, 0.18);
+    outline-offset: 3px;
+  }
+
   .features {
     display: grid;
     grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
@@ -218,15 +232,6 @@
     padding: 4rem 0 5rem;
   }
 
-  @media (max-width: 640px) {
-  .features {
-    display: grid;
-    grid-template-columns: 1fr; /* single column */
-    gap: 16px;
-    padding: 0 12px;
-  }
-}
-
   .feature-card {
     padding: 2rem;
     border-radius: var(--radius-xl);
@@ -241,13 +246,6 @@
     flex-direction: column;
   }
 
-  @media (max-width: 640px) {
-    .feature-card {
-      margin-bottom: 12px;
-      padding: 1.5rem;
-    }
-  }
-
   .feature-card:hover {
     transform: translateY(-8px);
     border-color: rgba(99, 102, 241, 0.4);
@@ -297,16 +295,23 @@
       align-items: stretch;
     }
 
-    .feature-card {
-      padding: 1.8rem;
+    .features {
+      grid-template-columns: 1fr;
+      gap: 1rem;
+      padding: 2rem 1rem;
     }
 
-    .features {
-      gap: 1.2rem;
+    .feature-card {
+      padding: 1.8rem;
+      margin-bottom: 0;
     }
 
     .footer {
       padding: 2rem 0 1.25rem;
     }
+
+    .bg-glow {
+      opacity: 0.6;
+    }
   }
 </style>

From 719093a1a1ba726f289a71ec8094c2d99ea25cea Mon Sep 17 00:00:00 2001
From: Kaustav Halder <kaustavhalder2706@gmail.com>
Date: Sun, 24 May 2026 10:56:33 +0530
Subject: [PATCH 3/3] Fixed PR review comments and backend validations

---
 apps/backend/prisma/schema.prisma        |  4 ++--
 apps/backend/src/__tests__/event.test.ts |  6 ++++++
 apps/backend/src/app.ts                  | 15 +++++++++------
 apps/backend/src/routes/auth.ts          | 19 +++++++++----------
 apps/backend/src/utils/validators.ts     |  9 +++++++++
 5 files changed, 35 insertions(+), 18 deletions(-)

diff --git a/apps/backend/prisma/schema.prisma b/apps/backend/prisma/schema.prisma
index ebf6dbf..5ba4c6f 100644
--- a/apps/backend/prisma/schema.prisma
+++ b/apps/backend/prisma/schema.prisma
@@ -2,8 +2,8 @@ generator client {
   provider = "prisma-client-js"
 }
 datasource db {
-  provider = "sqlite"
-  url      = "file:./dev.db"
+  provider = "postgresql"
+  url      = env("DATABASE_URL")
 }
 
 model User {
diff --git a/apps/backend/src/__tests__/event.test.ts b/apps/backend/src/__tests__/event.test.ts
index 44806af..1e71cb6 100644
--- a/apps/backend/src/__tests__/event.test.ts
+++ b/apps/backend/src/__tests__/event.test.ts
@@ -495,6 +495,7 @@ describe('Events API', () => {
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: attendeeRows,
+        _count: { attendees: attendeeRows.length },
       });
 
       const res = await app.inject({
@@ -523,6 +524,7 @@ describe('Events API', () => {
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [makeAttendeeRow(MOCK_OTHER_USER_PROFILE)],
+        _count: { attendees: 1 },
       });
 
       const res = await app.inject({
@@ -545,6 +547,7 @@ describe('Events API', () => {
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [],
+        _count: { attendees: 0 },
       });
 
       const res = await app.inject({
@@ -561,6 +564,7 @@ describe('Events API', () => {
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [],
+        _count: { attendees: 0 },
       });
 
       const res = await app.inject({
@@ -577,6 +581,7 @@ describe('Events API', () => {
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [],
+        _count: { attendees: 0 },
       });
 
       const res = await app.inject({
@@ -594,6 +599,7 @@ describe('Events API', () => {
       prismaMock.event.findUnique.mockResolvedValue({
         ...MOCK_EVENT,
         attendees: [makeAttendeeRow(MOCK_USER_PROFILE)],
+        _count: { attendees: 1 },
       });
 
       const res = await app.inject({
diff --git a/apps/backend/src/app.ts b/apps/backend/src/app.ts
index 0ca3584..d9c2391 100644
--- a/apps/backend/src/app.ts
+++ b/apps/backend/src/app.ts
@@ -35,12 +35,15 @@ export async function buildApp() {
   });
 
   // ─── Core Plugins ───
-  const allowedOrigins = [
-    'http://localhost:5173',
-    'http://localhost:5174',
-    'http://127.0.0.1:5173',
-    'http://127.0.0.1:5174'
-  ];
+  const allowedOrigins: string[] = [];
+  if (process.env.NODE_ENV !== 'production') {
+    allowedOrigins.push(
+      'http://localhost:5173',
+      'http://localhost:5174',
+      'http://127.0.0.1:5173',
+      'http://127.0.0.1:5174'
+    );
+  }
   if (process.env.PUBLIC_APP_URL) {
     allowedOrigins.push(process.env.PUBLIC_APP_URL);
   }
diff --git a/apps/backend/src/routes/auth.ts b/apps/backend/src/routes/auth.ts
index c781c67..810ddb5 100644
--- a/apps/backend/src/routes/auth.ts
+++ b/apps/backend/src/routes/auth.ts
@@ -1,6 +1,7 @@
 import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
 import { randomBytes } from 'crypto';
 import { encrypt } from '../utils/encryption.js';
+import { bypassAuthSchema } from '../utils/validators.js';
 
 const GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize';
 const GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token';
@@ -348,15 +349,13 @@ app.get('/github/callback', async (request: FastifyRequest<{ Querystring: OAuthC
   // ─── Local Developer Bypass Auth ───
 
   app.post('/bypass', async (request: FastifyRequest, reply: FastifyReply) => {
-    const { username } = request.body as { username: string };
-    if (!username) {
-      return reply.status(400).send({ error: 'Missing username' });
+    const parsed = bypassAuthSchema.safeParse(request.body);
+    if (!parsed.success) {
+      return reply.status(400).send({ error: 'Validation failed', details: parsed.error.flatten() });
     }
 
-    const cleanUsername = username.trim().toLowerCase().replace(/[^a-zA-Z0-9_-]/g, '');
-    if (!cleanUsername) {
-      return reply.status(400).send({ error: 'Invalid username format' });
-    }
+    const { username } = parsed.data;
+    const cleanUsername = username.toLowerCase();
 
     try {
       const user = await app.prisma.user.upsert({
@@ -367,7 +366,7 @@ app.get('/github/callback', async (request: FastifyRequest<{ Querystring: OAuthC
         create: {
           email: `${cleanUsername}@devcard.local`,
           username: cleanUsername,
-          displayName: username.trim(),
+          displayName: username,
           bio: 'Full-stack developer building outstanding interfaces.',
           role: 'Software Engineer',
           company: 'DevCard Team',
@@ -390,9 +389,9 @@ app.get('/github/callback', async (request: FastifyRequest<{ Querystring: OAuthC
         maxAge: 30 * 24 * 60 * 60,
       });
 
-      return { token, user };
+      return { user };
     } catch (err) {
-      app.log.error('Bypass login error:', err);
+      app.log.error({ err }, 'Bypass login error');
       return reply.status(500).send({ error: 'Authentication bypass failed' });
     }
   });
diff --git a/apps/backend/src/utils/validators.ts b/apps/backend/src/utils/validators.ts
index 80d2caa..de107cc 100644
--- a/apps/backend/src/utils/validators.ts
+++ b/apps/backend/src/utils/validators.ts
@@ -42,3 +42,12 @@ export const updateCardSchema = z.object({
   title: z.string().min(1).max(100).optional(),
   linkIds: z.array(z.string().uuid()).optional(),
 });
+
+export const bypassAuthSchema = z.object({
+  username: z
+    .string()
+    .min(1, 'Username is required')
+    .max(50, 'Username must not exceed 50 characters')
+    .regex(/^[a-zA-Z0-9_-]+$/, 'Username can only contain letters, numbers, hyphens, and underscores'),
+});
+