'use strict'; const express = require('express'); const router = express.Router(); const { getUserSettings, setUserSettings } = require('../services/userSettings'); // GET /api/settings — returns only user-facing app preferences router.get('/', (req, res) => { res.json(getUserSettings(req.user.id)); }); // PUT /api/settings — updates only allowed user-facing keys for this user router.put('/', (req, res) => { res.json(setUserSettings(req.user.id, req.body)); }); module.exports = router;