Implement lightweight auth system with SQLite

Added SQLite database for session management and user preferences storage,
allowing users to have consistent settings across different sessions and devices.

Backend changes:
- Added SQLite database with users, sessions, and preferences tables
- Implemented session-based authentication alongside JWT tokens
- Created preference storage/retrieval API endpoints
- Database migrations for schema setup
- Session validation and cleanup functionality

Frontend changes:
- Added "Remember server" and "Remember username" checkboxes to login
- Created preferences service for syncing settings with backend
- Updated auth flow to handle session tokens and preferences
- Store remembered values in LocalStorage (not database) for convenience

Key features:
- User preferences persist across sessions and devices
- CalDAV passwords never stored, only passed through
- Sessions expire after 24 hours
- Remember checkboxes only affect local browser storage

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

backend/Cargo.toml

@@ -34,6 +34,10 @@ base64 = "0.21"
 thiserror = "1.0"
 lazy_static = "1.4"
 
+# Database dependencies
+sqlx = { version = "0.7", features = ["runtime-tokio", "sqlite", "uuid", "chrono", "json"] }
+tokio-rusqlite = "0.5"
+
 [dev-dependencies]
 tokio = { version = "1.0", features = ["macros", "rt"] }
 reqwest = { version = "0.11", features = ["json"] }

backend/migrations/001_create_users_table.sql

@@ -0,0 +1,8 @@
+-- Create users table
+CREATE TABLE IF NOT EXISTS users (
+    id TEXT PRIMARY KEY,
+    username TEXT NOT NULL,
+    server_url TEXT NOT NULL,
+    created_at TEXT NOT NULL,
+    UNIQUE(username, server_url)
+);

backend/migrations/002_create_sessions_table.sql

@@ -0,0 +1,16 @@
+-- Create sessions table
+CREATE TABLE IF NOT EXISTS sessions (
+    id TEXT PRIMARY KEY,
+    user_id TEXT NOT NULL,
+    token TEXT NOT NULL UNIQUE,
+    created_at TEXT NOT NULL,
+    expires_at TEXT NOT NULL,
+    last_accessed TEXT NOT NULL,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+-- Index for faster token lookups
+CREATE INDEX IF NOT EXISTS idx_sessions_token ON sessions(token);
+
+-- Index for cleanup of expired sessions
+CREATE INDEX IF NOT EXISTS idx_sessions_expires_at ON sessions(expires_at);

backend/migrations/003_create_user_preferences_table.sql

@@ -0,0 +1,11 @@
+-- Create user preferences table
+CREATE TABLE IF NOT EXISTS user_preferences (
+    user_id TEXT PRIMARY KEY,
+    calendar_selected_date TEXT,
+    calendar_time_increment INTEGER,
+    calendar_view_mode TEXT,
+    calendar_theme TEXT,
+    calendar_colors TEXT, -- JSON string for calendar color mappings
+    updated_at TEXT NOT NULL,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);

backend/src/auth.rs

@@ -1,10 +1,12 @@
 use chrono::{Duration, Utc};
 use jsonwebtoken::{decode, encode, Algorithm, DecodingKey, EncodingKey, Header, Validation};
 use serde::{Deserialize, Serialize};
+use uuid::Uuid;
 
 use crate::calendar::CalDAVClient;
 use crate::config::CalDAVConfig;
-use crate::models::{ApiError, AuthResponse, CalDAVLoginRequest};
+use crate::db::{Database, PreferencesRepository, Session, SessionRepository, UserRepository};
+use crate::models::{ApiError, AuthResponse, CalDAVLoginRequest, UserPreferencesResponse};
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct Claims {
@@ -17,11 +19,12 @@ pub struct Claims {
 #[derive(Clone)]
 pub struct AuthService {
     jwt_secret: String,
+    db: Database,
 }
 
 impl AuthService {
-    pub fn new(jwt_secret: String) -> Self {
-        Self { jwt_secret }
+    pub fn new(jwt_secret: String, db: Database) -> Self {
+        Self { jwt_secret, db }
     }
 
     /// Authenticate user directly against CalDAV server
@@ -49,13 +52,47 @@ impl AuthService {
                     "✅ Authentication successful! Found {} calendars",
                     calendars.len()
                 );
-                // Authentication successful, generate JWT token
-                let token = self.generate_token(&request.username, &request.server_url)?;
-
+                
+                // Find or create user in database
+                let user_repo = UserRepository::new(&self.db);
+                let user = user_repo
+                    .find_or_create(&request.username, &request.server_url)
+                    .await
+                    .map_err(|e| ApiError::Database(format!("Failed to create user: {}", e)))?;
+                
+                // Generate JWT token
+                let jwt_token = self.generate_token(&request.username, &request.server_url)?;
+                
+                // Generate session token
+                let session_token = format!("sess_{}", Uuid::new_v4());
+                
+                // Create session in database
+                let session = Session::new(user.id.clone(), session_token.clone(), 24);
+                let session_repo = SessionRepository::new(&self.db);
+                session_repo
+                    .create(&session)
+                    .await
+                    .map_err(|e| ApiError::Database(format!("Failed to create session: {}", e)))?;
+                
+                // Get or create user preferences
+                let prefs_repo = PreferencesRepository::new(&self.db);
+                let preferences = prefs_repo
+                    .get_or_create(&user.id)
+                    .await
+                    .map_err(|e| ApiError::Database(format!("Failed to get preferences: {}", e)))?;
+                
                 Ok(AuthResponse {
-                    token,
+                    token: jwt_token,
+                    session_token,
                     username: request.username,
                     server_url: request.server_url,
+                    preferences: UserPreferencesResponse {
+                        calendar_selected_date: preferences.calendar_selected_date,
+                        calendar_time_increment: preferences.calendar_time_increment,
+                        calendar_view_mode: preferences.calendar_view_mode,
+                        calendar_theme: preferences.calendar_theme,
+                        calendar_colors: preferences.calendar_colors,
+                    },
                 })
             }
             Err(err) => {
@@ -143,4 +180,33 @@ impl AuthService {
 
         Ok(token_data.claims)
     }
+    
+    /// Validate session token
+    pub async fn validate_session(&self, session_token: &str) -> Result<String, ApiError> {
+        let session_repo = SessionRepository::new(&self.db);
+        
+        let session = session_repo
+            .find_by_token(session_token)
+            .await
+            .map_err(|e| ApiError::Database(format!("Failed to find session: {}", e)))?
+            .ok_or_else(|| ApiError::Unauthorized("Invalid session token".to_string()))?;
+        
+        if session.is_expired() {
+            return Err(ApiError::Unauthorized("Session expired".to_string()));
+        }
+        
+        Ok(session.user_id)
+    }
+    
+    /// Logout user by deleting session
+    pub async fn logout(&self, session_token: &str) -> Result<(), ApiError> {
+        let session_repo = SessionRepository::new(&self.db);
+        
+        session_repo
+            .delete(session_token)
+            .await
+            .map_err(|e| ApiError::Database(format!("Failed to delete session: {}", e)))?;
+        
+        Ok(())
+    }
 }

backend/src/db.rs

@@ -0,0 +1,305 @@
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use sqlx::sqlite::{SqlitePool, SqlitePoolOptions};
+use sqlx::{FromRow, Result};
+use std::sync::Arc;
+use uuid::Uuid;
+
+/// Database connection pool wrapper
+#[derive(Clone)]
+pub struct Database {
+    pool: Arc<SqlitePool>,
+}
+
+impl Database {
+    /// Create a new database connection pool
+    pub async fn new(database_url: &str) -> Result<Self> {
+        let pool = SqlitePoolOptions::new()
+            .max_connections(5)
+            .connect(database_url)
+            .await?;
+
+        // Run migrations
+        sqlx::migrate!("./migrations").run(&pool).await?;
+
+        Ok(Self {
+            pool: Arc::new(pool),
+        })
+    }
+
+    /// Get a reference to the connection pool
+    pub fn pool(&self) -> &SqlitePool {
+        &self.pool
+    }
+}
+
+/// User model representing a CalDAV user
+#[derive(Debug, Clone, Serialize, Deserialize, FromRow)]
+pub struct User {
+    pub id: String, // UUID as string for SQLite
+    pub username: String,
+    pub server_url: String,
+    pub created_at: DateTime<Utc>,
+}
+
+impl User {
+    /// Create a new user with generated UUID
+    pub fn new(username: String, server_url: String) -> Self {
+        Self {
+            id: Uuid::new_v4().to_string(),
+            username,
+            server_url,
+            created_at: Utc::now(),
+        }
+    }
+}
+
+/// Session model for user sessions
+#[derive(Debug, Clone, Serialize, Deserialize, FromRow)]
+pub struct Session {
+    pub id: String,      // UUID as string
+    pub user_id: String, // Foreign key to User
+    pub token: String,   // Session token
+    pub created_at: DateTime<Utc>,
+    pub expires_at: DateTime<Utc>,
+    pub last_accessed: DateTime<Utc>,
+}
+
+impl Session {
+    /// Create a new session for a user
+    pub fn new(user_id: String, token: String, expires_in_hours: i64) -> Self {
+        let now = Utc::now();
+        Self {
+            id: Uuid::new_v4().to_string(),
+            user_id,
+            token,
+            created_at: now,
+            expires_at: now + chrono::Duration::hours(expires_in_hours),
+            last_accessed: now,
+        }
+    }
+
+    /// Check if the session has expired
+    pub fn is_expired(&self) -> bool {
+        Utc::now() > self.expires_at
+    }
+}
+
+/// User preferences model
+#[derive(Debug, Clone, Serialize, Deserialize, FromRow)]
+pub struct UserPreferences {
+    pub user_id: String,
+    pub calendar_selected_date: Option<String>,
+    pub calendar_time_increment: Option<i32>,
+    pub calendar_view_mode: Option<String>,
+    pub calendar_theme: Option<String>,
+    pub calendar_colors: Option<String>, // JSON string
+    pub updated_at: DateTime<Utc>,
+}
+
+impl UserPreferences {
+    /// Create default preferences for a new user
+    pub fn default_for_user(user_id: String) -> Self {
+        Self {
+            user_id,
+            calendar_selected_date: None,
+            calendar_time_increment: Some(15),
+            calendar_view_mode: Some("month".to_string()),
+            calendar_theme: Some("light".to_string()),
+            calendar_colors: None,
+            updated_at: Utc::now(),
+        }
+    }
+}
+
+/// Repository for User operations
+pub struct UserRepository<'a> {
+    db: &'a Database,
+}
+
+impl<'a> UserRepository<'a> {
+    pub fn new(db: &'a Database) -> Self {
+        Self { db }
+    }
+
+    /// Find or create a user by username and server URL
+    pub async fn find_or_create(
+        &self,
+        username: &str,
+        server_url: &str,
+    ) -> Result<User> {
+        // Try to find existing user
+        let existing = sqlx::query_as::<_, User>(
+            "SELECT * FROM users WHERE username = ? AND server_url = ?",
+        )
+        .bind(username)
+        .bind(server_url)
+        .fetch_optional(self.db.pool())
+        .await?;
+
+        if let Some(user) = existing {
+            Ok(user)
+        } else {
+            // Create new user
+            let user = User::new(username.to_string(), server_url.to_string());
+            
+            sqlx::query(
+                "INSERT INTO users (id, username, server_url, created_at) VALUES (?, ?, ?, ?)",
+            )
+            .bind(&user.id)
+            .bind(&user.username)
+            .bind(&user.server_url)
+            .bind(&user.created_at)
+            .execute(self.db.pool())
+            .await?;
+
+            Ok(user)
+        }
+    }
+
+    /// Find a user by ID
+    pub async fn find_by_id(&self, user_id: &str) -> Result<Option<User>> {
+        sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = ?")
+            .bind(user_id)
+            .fetch_optional(self.db.pool())
+            .await
+    }
+}
+
+/// Repository for Session operations
+pub struct SessionRepository<'a> {
+    db: &'a Database,
+}
+
+impl<'a> SessionRepository<'a> {
+    pub fn new(db: &'a Database) -> Self {
+        Self { db }
+    }
+
+    /// Create a new session
+    pub async fn create(&self, session: &Session) -> Result<()> {
+        sqlx::query(
+            "INSERT INTO sessions (id, user_id, token, created_at, expires_at, last_accessed) 
+             VALUES (?, ?, ?, ?, ?, ?)",
+        )
+        .bind(&session.id)
+        .bind(&session.user_id)
+        .bind(&session.token)
+        .bind(&session.created_at)
+        .bind(&session.expires_at)
+        .bind(&session.last_accessed)
+        .execute(self.db.pool())
+        .await?;
+
+        Ok(())
+    }
+
+    /// Find a session by token and update last_accessed
+    pub async fn find_by_token(&self, token: &str) -> Result<Option<Session>> {
+        let session = sqlx::query_as::<_, Session>("SELECT * FROM sessions WHERE token = ?")
+            .bind(token)
+            .fetch_optional(self.db.pool())
+            .await?;
+
+        if let Some(ref s) = session {
+            if !s.is_expired() {
+                // Update last_accessed time
+                sqlx::query("UPDATE sessions SET last_accessed = ? WHERE id = ?")
+                    .bind(Utc::now())
+                    .bind(&s.id)
+                    .execute(self.db.pool())
+                    .await?;
+            }
+        }
+
+        Ok(session)
+    }
+
+    /// Delete a session (logout)
+    pub async fn delete(&self, token: &str) -> Result<()> {
+        sqlx::query("DELETE FROM sessions WHERE token = ?")
+            .bind(token)
+            .execute(self.db.pool())
+            .await?;
+
+        Ok(())
+    }
+
+    /// Clean up expired sessions
+    pub async fn cleanup_expired(&self) -> Result<u64> {
+        let result = sqlx::query("DELETE FROM sessions WHERE expires_at < ?")
+            .bind(Utc::now())
+            .execute(self.db.pool())
+            .await?;
+
+        Ok(result.rows_affected())
+    }
+}
+
+/// Repository for UserPreferences operations
+pub struct PreferencesRepository<'a> {
+    db: &'a Database,
+}
+
+impl<'a> PreferencesRepository<'a> {
+    pub fn new(db: &'a Database) -> Self {
+        Self { db }
+    }
+
+    /// Get user preferences, creating defaults if not exist
+    pub async fn get_or_create(&self, user_id: &str) -> Result<UserPreferences> {
+        let existing = sqlx::query_as::<_, UserPreferences>(
+            "SELECT * FROM user_preferences WHERE user_id = ?",
+        )
+        .bind(user_id)
+        .fetch_optional(self.db.pool())
+        .await?;
+
+        if let Some(prefs) = existing {
+            Ok(prefs)
+        } else {
+            // Create default preferences
+            let prefs = UserPreferences::default_for_user(user_id.to_string());
+            
+            sqlx::query(
+                "INSERT INTO user_preferences 
+                 (user_id, calendar_selected_date, calendar_time_increment, 
+                  calendar_view_mode, calendar_theme, calendar_colors, updated_at) 
+                 VALUES (?, ?, ?, ?, ?, ?, ?)",
+            )
+            .bind(&prefs.user_id)
+            .bind(&prefs.calendar_selected_date)
+            .bind(&prefs.calendar_time_increment)
+            .bind(&prefs.calendar_view_mode)
+            .bind(&prefs.calendar_theme)
+            .bind(&prefs.calendar_colors)
+            .bind(&prefs.updated_at)
+            .execute(self.db.pool())
+            .await?;
+
+            Ok(prefs)
+        }
+    }
+
+    /// Update user preferences
+    pub async fn update(&self, prefs: &UserPreferences) -> Result<()> {
+        sqlx::query(
+            "UPDATE user_preferences 
+             SET calendar_selected_date = ?, calendar_time_increment = ?, 
+                 calendar_view_mode = ?, calendar_theme = ?, 
+                 calendar_colors = ?, updated_at = ?
+             WHERE user_id = ?",
+        )
+        .bind(&prefs.calendar_selected_date)
+        .bind(&prefs.calendar_time_increment)
+        .bind(&prefs.calendar_view_mode)
+        .bind(&prefs.calendar_theme)
+        .bind(&prefs.calendar_colors)
+        .bind(Utc::now())
+        .bind(&prefs.user_id)
+        .execute(self.db.pool())
+        .await?;
+
+        Ok(())
+    }
+}

backend/src/handlers.rs

@@ -2,9 +2,11 @@
 mod auth;
 mod calendar;
 mod events;
+mod preferences;
 mod series;
 
 pub use auth::{get_user_info, login, verify_token};
 pub use calendar::{create_calendar, delete_calendar};
 pub use events::{create_event, delete_event, get_calendar_events, refresh_event, update_event};
+pub use preferences::{get_preferences, logout, update_preferences};
 pub use series::{create_event_series, delete_event_series, update_event_series};

backend/src/handlers/auth.rs

@@ -46,41 +46,12 @@ pub async fn login(
     println!("  Username: {}", request.username);
     println!("  Password length: {}", request.password.len());
 
-    // Basic validation
-    if request.username.is_empty() || request.password.is_empty() || request.server_url.is_empty() {
-        return Err(ApiError::BadRequest(
-            "Username, password, and server URL are required".to_string(),
-        ));
-    }
+    // Use the auth service login method which now handles database, sessions, and preferences
+    let response = state.auth_service.login(request).await?;
 
-    println!("✅ Input validation passed");
+    println!("✅ Login successful with session management");
 
-    // Create a token using the auth service
-    println!("📝 Created CalDAV config");
-
-    // First verify the credentials are valid by attempting to discover calendars
-    let config = CalDAVConfig::new(
-        request.server_url.clone(),
-        request.username.clone(),
-        request.password.clone(),
-    );
-    let client = CalDAVClient::new(config);
-    client
-        .discover_calendars()
-        .await
-        .map_err(|e| ApiError::Unauthorized(format!("Authentication failed: {}", e)))?;
-
-    let token = state
-        .auth_service
-        .generate_token(&request.username, &request.server_url)?;
-
-    println!("🔗 Created CalDAV client, attempting to discover calendars...");
-
-    Ok(Json(AuthResponse {
-        token,
-        username: request.username,
-        server_url: request.server_url,
-    }))
+    Ok(Json(response))
 }
 
 pub async fn verify_token(

backend/src/handlers/preferences.rs

@@ -0,0 +1,123 @@
+use axum::{
+    extract::State,
+    http::{HeaderMap, StatusCode},
+    response::IntoResponse,
+    Json,
+};
+use std::sync::Arc;
+
+use crate::{
+    db::PreferencesRepository,
+    models::{ApiError, UpdatePreferencesRequest, UserPreferencesResponse},
+    AppState,
+};
+
+/// Get user preferences
+pub async fn get_preferences(
+    State(state): State<Arc<AppState>>,
+    headers: HeaderMap,
+) -> Result<impl IntoResponse, ApiError> {
+    // Extract session token from headers
+    let session_token = headers
+        .get("X-Session-Token")
+        .and_then(|h| h.to_str().ok())
+        .ok_or_else(|| ApiError::Unauthorized("Missing session token".to_string()))?;
+
+    // Validate session and get user ID
+    let user_id = state.auth_service.validate_session(session_token).await?;
+
+    // Get preferences from database
+    let prefs_repo = PreferencesRepository::new(&state.db);
+    let preferences = prefs_repo
+        .get_or_create(&user_id)
+        .await
+        .map_err(|e| ApiError::Database(format!("Failed to get preferences: {}", e)))?;
+
+    Ok(Json(UserPreferencesResponse {
+        calendar_selected_date: preferences.calendar_selected_date,
+        calendar_time_increment: preferences.calendar_time_increment,
+        calendar_view_mode: preferences.calendar_view_mode,
+        calendar_theme: preferences.calendar_theme,
+        calendar_colors: preferences.calendar_colors,
+    }))
+}
+
+/// Update user preferences
+pub async fn update_preferences(
+    State(state): State<Arc<AppState>>,
+    headers: HeaderMap,
+    Json(request): Json<UpdatePreferencesRequest>,
+) -> Result<impl IntoResponse, ApiError> {
+    // Extract session token from headers
+    let session_token = headers
+        .get("X-Session-Token")
+        .and_then(|h| h.to_str().ok())
+        .ok_or_else(|| ApiError::Unauthorized("Missing session token".to_string()))?;
+
+    // Validate session and get user ID
+    let user_id = state.auth_service.validate_session(session_token).await?;
+
+    // Update preferences in database
+    let prefs_repo = PreferencesRepository::new(&state.db);
+    
+    let mut preferences = prefs_repo
+        .get_or_create(&user_id)
+        .await
+        .map_err(|e| ApiError::Database(format!("Failed to get preferences: {}", e)))?;
+
+    // Update only provided fields
+    if request.calendar_selected_date.is_some() {
+        preferences.calendar_selected_date = request.calendar_selected_date;
+    }
+    if request.calendar_time_increment.is_some() {
+        preferences.calendar_time_increment = request.calendar_time_increment;
+    }
+    if request.calendar_view_mode.is_some() {
+        preferences.calendar_view_mode = request.calendar_view_mode;
+    }
+    if request.calendar_theme.is_some() {
+        preferences.calendar_theme = request.calendar_theme;
+    }
+    if request.calendar_colors.is_some() {
+        preferences.calendar_colors = request.calendar_colors;
+    }
+
+    prefs_repo
+        .update(&preferences)
+        .await
+        .map_err(|e| ApiError::Database(format!("Failed to update preferences: {}", e)))?;
+
+    Ok((
+        StatusCode::OK,
+        Json(UserPreferencesResponse {
+            calendar_selected_date: preferences.calendar_selected_date,
+            calendar_time_increment: preferences.calendar_time_increment,
+            calendar_view_mode: preferences.calendar_view_mode,
+            calendar_theme: preferences.calendar_theme,
+            calendar_colors: preferences.calendar_colors,
+        }),
+    ))
+}
+
+/// Logout user
+pub async fn logout(
+    State(state): State<Arc<AppState>>,
+    headers: HeaderMap,
+) -> Result<impl IntoResponse, ApiError> {
+    // Extract session token from headers
+    let session_token = headers
+        .get("X-Session-Token")
+        .and_then(|h| h.to_str().ok())
+        .ok_or_else(|| ApiError::Unauthorized("Missing session token".to_string()))?;
+
+    // Delete session
+    state.auth_service.logout(session_token).await?;
+
+    Ok((
+        StatusCode::OK,
+        Json(serde_json::json!({
+            "success": true,
+            "message": "Logged out successfully"
+        })),
+    ))
+}

backend/src/lib.rs

@@ -9,27 +9,37 @@ use tower_http::cors::{Any, CorsLayer};
 pub mod auth;
 pub mod calendar;
 pub mod config;
+pub mod db;
 pub mod handlers;
 pub mod models;
 
 use auth::AuthService;
+use db::Database;
 
 #[derive(Clone)]
 pub struct AppState {
     pub auth_service: AuthService,
+    pub db: Database,
 }
 
 pub async fn run_server() -> Result<(), Box<dyn std::error::Error>> {
     // Initialize logging
     println!("🚀 Starting Calendar Backend Server");
 
+    // Initialize database
+    let database_url = std::env::var("DATABASE_URL")
+        .unwrap_or_else(|_| "sqlite:calendar.db".to_string());
+    
+    let db = Database::new(&database_url).await?;
+    println!("✅ Database initialized");
+
     // Create auth service
     let jwt_secret = std::env::var("JWT_SECRET")
         .unwrap_or_else(|_| "your-super-secret-jwt-key-change-in-production".to_string());
 
-    let auth_service = AuthService::new(jwt_secret);
+    let auth_service = AuthService::new(jwt_secret, db.clone());
 
-    let app_state = AppState { auth_service };
+    let app_state = AppState { auth_service, db };
 
     // Build our application with routes
     let app = Router::new()
@@ -58,6 +68,10 @@ pub async fn run_server() -> Result<(), Box<dyn std::error::Error>> {
             "/api/calendar/events/series/delete",
             post(handlers::delete_event_series),
         )
+        // User preferences endpoints
+        .route("/api/preferences", get(handlers::get_preferences))
+        .route("/api/preferences", post(handlers::update_preferences))
+        .route("/api/auth/logout", post(handlers::logout))
         .layer(
             CorsLayer::new()
                 .allow_origin(Any)

backend/src/models.rs

@@ -16,8 +16,28 @@ pub struct CalDAVLoginRequest {
 #[derive(Debug, Serialize)]
 pub struct AuthResponse {
     pub token: String,
+    pub session_token: String,
     pub username: String,
     pub server_url: String,
+    pub preferences: UserPreferencesResponse,
+}
+
+#[derive(Debug, Serialize, Deserialize, Clone)]
+pub struct UserPreferencesResponse {
+    pub calendar_selected_date: Option<String>,
+    pub calendar_time_increment: Option<i32>,
+    pub calendar_view_mode: Option<String>,
+    pub calendar_theme: Option<String>,
+    pub calendar_colors: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct UpdatePreferencesRequest {
+    pub calendar_selected_date: Option<String>,
+    pub calendar_time_increment: Option<i32>,
+    pub calendar_view_mode: Option<String>,
+    pub calendar_theme: Option<String>,
+    pub calendar_colors: Option<String>,
 }
 
 #[derive(Debug, Serialize)]