Add full profile management features (avatar, inline edit, delete account)

.gitignore

@@ -45,6 +45,7 @@ download_imp/*.pt
 download_imp/*.pkl
 download_imp/*.onnx
 
+push_to_hf.sh
 # download_imp/*
 # Local downloaded artifacts
 download/

auth_routes.py

@@ -524,3 +524,162 @@ def change_password():
         log_audit('password_change_error', user_id=current_user.id, 
                  status='failure', details=str(e))
         return jsonify({'error': 'Password change failed'}), 500
+
+# ── Profile Management Routes ───────────────────────────────────────────────
+
+@auth_bp.route('/profile/update-name', methods=['POST'])
+@login_required
+def update_name():
+    if not request.is_json:
+        return jsonify({'error': 'JSON required'}), 400
+    full_name = request.json.get('full_name', '').strip()
+    if not full_name:
+        return jsonify({'error': 'Name cannot be empty'}), 400
+    
+    current_user.full_name = full_name
+    db.session.commit()
+    return jsonify({'message': 'Name updated successfully', 'full_name': full_name})
+
+
+@auth_bp.route('/profile/request-username-change', methods=['POST'])
+@login_required
+def request_username_change():
+    if not request.is_json:
+        return jsonify({'error': 'JSON required'}), 400
+    new_username = request.json.get('new_username', '').strip()
+    valid, msg = validate_username(new_username)
+    if not valid:
+        return jsonify({'error': msg}), 400
+    if User.query.filter_by(username=new_username).first():
+        return jsonify({'error': 'Username already taken'}), 400
+
+    code, token = _store_otp(email=current_user.email, purpose="change_username", 
+                             user_id=current_user.id, pending_value=new_username)
+    sent = _send_email(current_user.email, "Verify username change", _otp_body(code, "change_username"))
+    if not sent:
+        return jsonify({'error': 'Failed to send OTP email'}), 500
+    return jsonify({'message': 'OTP sent to your current email', 'otp_token': token})
+
+
+@auth_bp.route('/profile/request-email-change', methods=['POST'])
+@login_required
+def request_email_change():
+    if not request.is_json:
+        return jsonify({'error': 'JSON required'}), 400
+    new_email = request.json.get('new_email', '').strip().lower()
+    valid, msg = validate_email(new_email)
+    if not valid:
+        return jsonify({'error': msg}), 400
+    if User.query.filter_by(email=new_email).first():
+        return jsonify({'error': 'Email already registered'}), 400
+
+    code, token = _store_otp(email=new_email, purpose="change_email", 
+                             user_id=current_user.id, pending_value=new_email)
+    sent = _send_email(new_email, "Verify your new email address", _otp_body(code, "change_email"))
+    if not sent:
+        return jsonify({'error': 'Failed to send OTP to new email'}), 500
+    return jsonify({'message': 'OTP sent to your NEW email address', 'otp_token': token})
+
+
+@auth_bp.route('/profile/confirm-change', methods=['POST'])
+@login_required
+def confirm_profile_change():
+    if not request.is_json:
+        return jsonify({'error': 'JSON required'}), 400
+    
+    otp = request.json.get('otp', '').strip()
+    otp_token = request.json.get('otp_token', '').strip()
+    purpose = request.json.get('purpose', '').strip()
+
+    if purpose not in ("change_username", "change_email"):
+        return jsonify({'error': 'Invalid purpose'}), 400
+
+    ok, msg, row = _validate_otp(otp, purpose, otp_token)
+    if not ok:
+        return jsonify({'error': msg}), 400
+    
+    if not row.pending_value:
+        _clear_otp_row(row)
+        return jsonify({'error': 'No pending value found in OTP session'}), 400
+
+    if purpose == "change_username":
+        if User.query.filter_by(username=row.pending_value).first():
+            _clear_otp_row(row)
+            return jsonify({'error': 'Username was taken in the meantime'}), 400
+        current_user.username = row.pending_value
+    
+    elif purpose == "change_email":
+        if User.query.filter_by(email=row.pending_value).first():
+            _clear_otp_row(row)
+            return jsonify({'error': 'Email was taken in the meantime'}), 400
+        current_user.email = row.pending_value
+
+    db.session.commit()
+    _clear_otp_row(row)
+    log_audit(purpose, user_id=current_user.id, status='success')
+    return jsonify({'message': 'Profile updated successfully'})
+
+
+@auth_bp.route('/profile/upload-avatar', methods=['POST'])
+@login_required
+def upload_avatar():
+    if 'avatar' not in request.files:
+        return jsonify({'error': 'No file uploaded'}), 400
+    file = request.files['avatar']
+    if not file.filename:
+        return jsonify({'error': 'No selected file'}), 400
+    
+    try:
+        import cloudinary
+        import cloudinary.uploader
+        res = cloudinary.uploader.upload(file, folder="ich_avatars", 
+                                         transformation=[{'width': 256, 'height': 256, 'crop': 'fill', 'gravity': 'face'}])
+        
+        # Delete old avatar if exists
+        if current_user.avatar_public_id:
+            try:
+                cloudinary.uploader.destroy(current_user.avatar_public_id)
+            except Exception as exc:
+                logger.warning("Failed to destroy old avatar: %s", exc)
+
+        current_user.avatar_url = res.get('secure_url')
+        current_user.avatar_public_id = res.get('public_id')
+        db.session.commit()
+        return jsonify({'message': 'Avatar updated', 'avatar_url': current_user.avatar_url})
+    except ImportError:
+        return jsonify({'error': 'Cloudinary package not installed'}), 500
+    except Exception as exc:
+        logger.error("Avatar upload failed: %s", exc)
+        return jsonify({'error': 'Failed to upload image'}), 500
+
+
+@auth_bp.route('/delete-account', methods=['POST'])
+@login_required
+def delete_account():
+    password = request.form.get('password', '')
+    if not current_user.check_password(password):
+        flash('Incorrect password. Account deletion cancelled.', 'error')
+        return redirect(url_for('auth.profile'))
+    
+    try:
+        user_id = current_user.id
+        
+        # Cloudinary cleanup: delete avatar if exists
+        if current_user.avatar_public_id:
+            try:
+                import cloudinary.uploader
+                cloudinary.uploader.destroy(current_user.avatar_public_id)
+            except Exception as exc:
+                logger.warning("Failed to delete avatar during account deletion: %s", exc)
+
+        db.session.delete(current_user)
+        db.session.commit()
+        log_audit('account_deleted', user_id=user_id, status='success')
+        logout_user()
+        flash('Your account has been successfully deleted.', 'success')
+        return redirect(url_for('home'))
+    except Exception as exc:
+        db.session.rollback()
+        logger.error("Error deleting account: %s", exc)
+        flash('An error occurred while deleting your account.', 'error')
+        return redirect(url_for('auth.profile'))

start.sh

@@ -2,7 +2,7 @@
 
 # Start Celery worker in background
 # We use concurrency=2 to avoid memory overload on the 16GB free tier
-celery -A tasks worker --loglevel=info --concurrency=2 &
+celery -A tasks worker --loglevel=info --concurrency=2 -B &
 CELERY_PID=$!
 
 # Trap SIGTERM and SIGINT for graceful shutdown

static/css/auth.css

@@ -377,3 +377,102 @@
   .auth-form-panel { padding:32px 18px; }
   .auth-card-header h2 { font-size:1.45rem; }
 }
+
+/* ── Profile Modals & Inline Edit ── */
+
+.profile-avatar-wrapper {
+  position: relative;
+  display: inline-block;
+  margin-right: 20px;
+}
+.profile-avatar-img {
+  width: 72px;
+  height: 72px;
+  border-radius: 50%;
+  object-fit: cover;
+  border: 2px solid #334155;
+  background: #0f172a;
+}
+.avatar-upload-btn {
+  position: absolute;
+  bottom: 0;
+  right: -4px;
+  width: 28px;
+  height: 28px;
+  border-radius: 50%;
+  background: #3b82f6;
+  border: 2px solid #1e293b;
+  color: #fff;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  cursor: pointer;
+  transition: all 0.2s;
+}
+.avatar-upload-btn:hover {
+  background: #2563eb;
+  transform: scale(1.1);
+}
+
+.btn-inline-edit {
+  background: transparent;
+  border: 1px solid #334155;
+  color: #94a3b8;
+  padding: 4px 12px;
+  border-radius: 4px;
+  font-size: 13px;
+  font-weight: 500;
+  cursor: pointer;
+  transition: all 0.2s;
+  margin-left: auto;
+}
+.btn-inline-edit:hover {
+  background: #1e293b;
+  color: #f8fafc;
+  border-color: #475569;
+}
+
+.profile-row {
+  display: flex;
+  align-items: center;
+  padding: 12px 0;
+  border-bottom: 1px solid #1e293b;
+}
+.profile-row:last-child {
+  border-bottom: none;
+}
+.pr-label {
+  width: 140px;
+  color: #64748b;
+  font-size: 14px;
+}
+.pr-value {
+  color: #f8fafc;
+  font-size: 15px;
+  font-weight: 500;
+}
+
+.modal-overlay {
+  position: fixed;
+  top: 0; left: 0; right: 0; bottom: 0;
+  background: rgba(2, 6, 23, 0.8);
+  backdrop-filter: blur(4px);
+  z-index: 1000;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 20px;
+}
+.modal-content {
+  width: 100%;
+  max-width: 400px;
+  animation: modal-pop 0.3s cubic-bezier(0.16, 1, 0.3, 1);
+}
+@keyframes modal-pop {
+  0% { transform: scale(0.95) translateY(10px); opacity: 0; }
+  100% { transform: scale(1) translateY(0); opacity: 1; }
+}
+
+.profile-message-container {
+  margin-bottom: 24px;
+}

static/js/profile-actions.js

@@ -0,0 +1,174 @@
+/**
+ * Profile Actions - Handle inline editing, modals, and avatar upload
+ */
+
+// Avatar Upload
+document.getElementById('avatarUpload')?.addEventListener('change', async function(e) {
+  const file = e.target.files[0];
+  if (!file) return;
+
+  const btn = document.querySelector('.avatar-upload-btn');
+  const originalHtml = btn.innerHTML;
+  btn.innerHTML = '<span style="width:14px;height:14px;border:2px solid transparent;border-top-color:#fff;border-radius:50%;animation:spin 1s linear infinite;display:inline-block;"></span>';
+  btn.disabled = true;
+
+  const formData = new FormData();
+  formData.append('avatar', file);
+
+  try {
+    const response = await fetch('/auth/profile/upload-avatar', {
+      method: 'POST',
+      body: formData
+    });
+    
+    const data = await response.json();
+    if (response.ok) {
+      // Reload to show new avatar everywhere
+      window.location.reload();
+    } else {
+      showProfileMessage(data.error || 'Failed to upload avatar', 'error');
+      btn.innerHTML = originalHtml;
+      btn.disabled = false;
+    }
+  } catch (err) {
+    showProfileMessage('Network error occurred', 'error');
+    btn.innerHTML = originalHtml;
+    btn.disabled = false;
+  }
+});
+
+// Modals
+function openEditModal(field, currentValue) {
+  document.getElementById('editFieldType').value = field;
+  document.getElementById('editFieldValue').value = currentValue;
+  
+  let label = 'New Value';
+  let title = 'Edit Field';
+  if (field === 'username') { label = 'New Username'; title = 'Change Username'; }
+  if (field === 'email') { label = 'New Email Address'; title = 'Change Email'; }
+  if (field === 'full_name') { label = 'New Full Name'; title = 'Update Name'; }
+  
+  document.getElementById('editFieldLabel').innerText = label;
+  document.getElementById('editModalTitle').innerText = title;
+  
+  document.getElementById('editStep1').style.display = 'block';
+  document.getElementById('editStep2').style.display = 'none';
+  document.getElementById('editFieldOtpToken').value = '';
+  document.getElementById('editFieldOtp').value = '';
+  
+  document.getElementById('editModal').style.display = 'flex';
+}
+
+function closeEditModal() {
+  document.getElementById('editModal').style.display = 'none';
+}
+
+function openDeleteModal() {
+  document.getElementById('deleteModal').style.display = 'flex';
+}
+
+function closeDeleteModal() {
+  document.getElementById('deleteModal').style.display = 'none';
+}
+
+// Edit Form Submission
+document.getElementById('editFieldForm')?.addEventListener('submit', async function(e) {
+  e.preventDefault();
+  
+  const field = document.getElementById('editFieldType').value;
+  const value = document.getElementById('editFieldValue').value.trim();
+  const btn = document.getElementById('btnRequestChange');
+  
+  if (!value) return;
+  
+  const originalText = btn.innerText;
+  btn.innerText = 'Saving...';
+  btn.disabled = true;
+  
+  let endpoint = '';
+  let payload = {};
+  
+  if (field === 'full_name') {
+    endpoint = '/auth/profile/update-name';
+    payload = { full_name: value };
+  } else if (field === 'username') {
+    endpoint = '/auth/profile/request-username-change';
+    payload = { new_username: value };
+  } else if (field === 'email') {
+    endpoint = '/auth/profile/request-email-change';
+    payload = { new_email: value };
+  }
+  
+  try {
+    const res = await fetch(endpoint, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(payload)
+    });
+    const data = await res.json();
+    
+    if (res.ok) {
+      if (field === 'full_name') {
+        document.getElementById('val-full_name').innerText = data.full_name;
+        closeEditModal();
+        showProfileMessage('Name updated successfully', 'success');
+      } else {
+        // Show OTP step
+        document.getElementById('editStep1').style.display = 'none';
+        document.getElementById('editStep2').style.display = 'block';
+        document.getElementById('editFieldOtpToken').value = data.otp_token;
+      }
+    } else {
+      showProfileMessage(data.error || 'Failed to request change', 'error');
+    }
+  } catch (err) {
+    showProfileMessage('Network error occurred', 'error');
+  } finally {
+    btn.innerText = originalText;
+    btn.disabled = false;
+  }
+});
+
+// Confirm OTP (Username/Email)
+document.getElementById('btnConfirmChange')?.addEventListener('click', async function() {
+  const otp = document.getElementById('editFieldOtp').value.trim();
+  const token = document.getElementById('editFieldOtpToken').value;
+  const field = document.getElementById('editFieldType').value;
+  const btn = this;
+  
+  if (otp.length !== 6) return;
+  
+  const originalText = btn.innerText;
+  btn.innerText = 'Verifying...';
+  btn.disabled = true;
+  
+  const purpose = field === 'username' ? 'change_username' : 'change_email';
+  
+  try {
+    const res = await fetch('/auth/profile/confirm-change', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ otp: otp, otp_token: token, purpose: purpose })
+    });
+    const data = await res.json();
+    
+    if (res.ok) {
+      // Reload to reflect changes
+      window.location.reload();
+    } else {
+      showProfileMessage(data.error || 'Failed to verify OTP', 'error');
+    }
+  } catch (err) {
+    showProfileMessage('Network error occurred', 'error');
+  } finally {
+    btn.innerText = originalText;
+    btn.disabled = false;
+  }
+});
+
+function showProfileMessage(msg, type) {
+  const container = document.getElementById('profileMessage');
+  if (!container) return;
+  container.innerHTML = `<div class="alert alert-${type}">${msg}</div>`;
+  setTimeout(() => { container.innerHTML = ''; }, 5000);
+}

tasks.py

@@ -450,3 +450,26 @@ def process_dicom_batch(
 def health_check() -> str:
     """Simple health check task for monitoring."""
     return "Celery worker is healthy"
+
+@celery_app.task
+def cleanup_expired_otps():
+    """Periodic task to delete expired OTPs from the database."""
+    from app_new import app
+    from models import db, PendingOtp, now_ist
+    
+    with app.app_context():
+        try:
+            deleted = PendingOtp.query.filter(PendingOtp.expires_at < now_ist()).delete()
+            db.session.commit()
+            if deleted > 0:
+                logger.info("Cleaned up %d expired OTP rows.", deleted)
+        except Exception as exc:
+            db.session.rollback()
+            logger.error("Error cleaning up OTPs: %s", exc)
+
+celery_app.conf.beat_schedule = {
+    'cleanup-expired-otps-every-15-mins': {
+        'task': 'tasks.cleanup_expired_otps',
+        'schedule': 900.0,  # 15 minutes in seconds
+    },
+}

templates/auth/profile.html

@@ -7,8 +7,18 @@
 
   <!-- ── Profile hero ── -->
   <div class="profile-hero">
-    <div class="profile-avatar" aria-label="User avatar">
-      {{ user.username[0].upper() }}
+    <div class="profile-avatar-wrapper">
+      {% if user.avatar_url %}
+        <img src="{{ user.avatar_url }}" alt="User avatar" class="profile-avatar-img">
+      {% else %}
+        <div class="profile-avatar" aria-label="User avatar">
+          {{ user.username[0].upper() }}
+        </div>
+      {% endif %}
+      <button class="avatar-upload-btn" onclick="document.getElementById('avatarUpload').click()" title="Change Avatar">
+        <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M23 19a2 2 0 0 1-2 2H3a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h4l2-3h6l2 3h4a2 2 0 0 1 2 2z"/><circle cx="12" cy="13" r="4"/></svg>
+      </button>
+      <input type="file" id="avatarUpload" accept="image/*" style="display: none;">
     </div>
     <div class="profile-identity">
       <h2>{{ user.full_name or user.username }}</h2>
@@ -20,26 +30,33 @@
     </div>
   </div>
 
+  <div id="profileMessage" class="profile-message-container"></div>
+
   <!-- ── Account info ── -->
   <div class="profile-section">
     <h3>
       <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/><circle cx="12" cy="7" r="4"/></svg>
       Account Information
     </h3>
+    
     <div class="profile-row">
       <span class="pr-label">Username</span>
-      <span class="pr-value">{{ user.username }}</span>
+      <span class="pr-value" id="val-username">{{ user.username }}</span>
+      <button class="btn-inline-edit" onclick="openEditModal('username', '{{ user.username }}')">Edit</button>
     </div>
+
     <div class="profile-row">
       <span class="pr-label">Email</span>
-      <span class="pr-value">{{ user.email }}</span>
+      <span class="pr-value" id="val-email">{{ user.email }}</span>
+      <button class="btn-inline-edit" onclick="openEditModal('email', '{{ user.email }}')">Edit</button>
     </div>
-    {% if user.full_name %}
+    
     <div class="profile-row">
       <span class="pr-label">Full Name</span>
-      <span class="pr-value">{{ user.full_name }}</span>
+      <span class="pr-value" id="val-full_name">{{ user.full_name or '' }}</span>
+      <button class="btn-inline-edit" onclick="openEditModal('full_name', '{{ user.full_name or '' }}')">Edit</button>
     </div>
-    {% endif %}
+    
     <div class="profile-row">
       <span class="pr-label">Account Status</span>
       <span class="pr-value" style="color:#34d399;">
@@ -47,6 +64,7 @@
         Active
       </span>
     </div>
+    
     <div class="profile-row">
       <span class="pr-label">Member Since</span>
       <span class="pr-value">{{ user.created_at.strftime('%B %d, %Y') }}</span>
@@ -118,20 +136,94 @@
       <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5"><path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"/><line x1="12" y1="9" x2="12" y2="13"/><line x1="12" y1="17" x2="12.01" y2="17"/></svg>
       Account Actions
     </h3>
-    <form method="POST" action="{{ url_for('auth.logout') }}">
-      <button type="submit" class="btn-logout-danger">
+    <form method="POST" action="{{ url_for('auth.logout') }}" style="display:inline-block; margin-right: 12px;">
+      <button type="submit" class="btn-logout-danger" style="background:#1e293b; border-color:#334155; color:#f8fafc;">
         <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4"/><polyline points="16 17 21 12 16 7"/><line x1="21" y1="12" x2="9" y2="12"/></svg>
         Sign Out
       </button>
     </form>
+    
+    <button class="btn-logout-danger" onclick="openDeleteModal()" style="display:inline-block;">
+      <svg width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M3 6h18"/><path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"/></svg>
+      Delete Account
+    </button>
   </div>
 
 </div>
+
+<!-- ── Modals ── -->
+
+<!-- Edit Profile Field Modal -->
+<div class="modal-overlay" id="editModal" style="display: none;">
+  <div class="modal-content auth-card">
+    <div class="auth-card-header" style="margin-bottom:20px;">
+      <h2 id="editModalTitle">Edit Field</h2>
+    </div>
+    
+    <form id="editFieldForm" class="auth-form">
+      <input type="hidden" id="editFieldType">
+      
+      <!-- Step 1: Request Change -->
+      <div id="editStep1">
+        <div class="form-group">
+          <label id="editFieldLabel">New Value</label>
+          <div class="input-wrap">
+            <input type="text" id="editFieldValue" required>
+          </div>
+        </div>
+        <div class="pw-action-row" style="margin-top:20px;">
+          <button type="submit" class="btn-save-pw" id="btnRequestChange">Save Changes</button>
+          <button type="button" class="btn-cancel-pw" onclick="closeEditModal()">Cancel</button>
+        </div>
+      </div>
+
+      <!-- Step 2: Confirm OTP (only for email/username) -->
+      <div id="editStep2" style="display: none;">
+        <p style="color:#94a3b8;font-size:14px;margin-bottom:16px;">We've sent a verification code to confirm this change.</p>
+        <div class="form-group">
+          <label>6-Digit Code</label>
+          <div class="input-wrap">
+            <input type="text" id="editFieldOtp" maxlength="6" inputmode="numeric" placeholder="123456">
+          </div>
+        </div>
+        <input type="hidden" id="editFieldOtpToken">
+        <div class="pw-action-row" style="margin-top:20px;">
+          <button type="button" class="btn-save-pw" id="btnConfirmChange">Verify & Update</button>
+          <button type="button" class="btn-cancel-pw" onclick="closeEditModal()">Cancel</button>
+        </div>
+      </div>
+    </form>
+  </div>
+</div>
+
+<!-- Delete Account Modal -->
+<div class="modal-overlay" id="deleteModal" style="display: none;">
+  <div class="modal-content auth-card">
+    <div class="auth-card-header" style="margin-bottom:20px;">
+      <h2 style="color:#ef4444;">Delete Account</h2>
+      <p style="color:#fca5a5; font-size:13px; margin-top:8px;">This action is permanent and cannot be undone.</p>
+    </div>
+    <form method="POST" action="{{ url_for('auth.delete_account') }}" class="auth-form">
+      <div class="form-group">
+        <label>Enter your password to confirm</label>
+        <div class="input-wrap">
+          <svg class="input-icon" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="11" width="18" height="11" rx="2"/><path d="M7 11V7a5 5 0 0 1 10 0v4"/></svg>
+          <input type="password" name="password" required>
+        </div>
+      </div>
+      <div class="pw-action-row" style="margin-top:20px;">
+        <button type="submit" class="btn-save-pw" style="background:#dc2626; border-color:#b91c1c;">Permanently Delete</button>
+        <button type="button" class="btn-cancel-pw" onclick="closeDeleteModal()">Cancel</button>
+      </div>
+    </form>
+  </div>
+</div>
+
 {% endblock %}
 
 {% block scripts %}
 <script src="{{ url_for('static', filename='js/auth-shared.js') }}" defer></script>
 <script src="{{ url_for('static', filename='js/profile.js') }}" defer></script>
 <script src="{{ url_for('static', filename='js/profile-page.js') }}" defer></script>
+<script src="{{ url_for('static', filename='js/profile-actions.js') }}" defer></script>
 {% endblock %}
-