Without dynamic profile routing, every user points to the same static page or a 404, which kills the social graph before it forms. No shareable profile URLs means no inbound links, no SEO authority on user-generated content, no deep-linking from emails or notifications, and no way for followers to actually view who they follow. The platform degrades into a feed with no identity layer, and retention collapses because users cannot find or remember each other.
High because the identity layer is foundational — every social feature (follow, mention, notify) depends on routable profiles.
Add a dynamic segment to the profile route so each user resolves to their own page, and fetch profile data server-side so the HTML ships with avatar, bio, and counts intact for crawlers. Use app/users/[id]/page.tsx (App Router) or pages/users/[id].tsx with getServerSideProps (Pages Router), and call notFound() when the user does not exist:
// app/users/[id]/page.tsx
export default async function ProfilePage({ params }: { params: { id: string } }) {
const user = await getUserProfile(params.id)
if (!user) return notFound()
return <Profile user={user} />
}
ID: community-social-engagement.profiles-identity.dynamic-profile-routing
Severity: high
What to look for: Enumerate all relevant files and Examine the routing structure for user profiles. Look for dynamic route files (e.g., /app/users/[id]/page.tsx, /app/profiles/[username]/page.tsx, or Pages Router equivalent /pages/profile/[username].js). Verify that these routes exist and handle fetching profile data (avatar, bio, display name, follower/following counts) from the database. Quote the exact code pattern or configuration value found.
Pass criteria: At least 1 conforming pattern must exist. At least one dynamic user profile route exists and fetches profile data from the database. The route successfully renders a user's profile page.
Fail criteria: No dynamic profile routing found, or the only profile page is a static page (not handling user-specific data). A partial or incomplete implementation does not count as pass.
Skip (N/A) when: The project is not a community platform or has no user profiles (API-only, no user-facing pages).
Cross-reference: For security evaluation of user-generated content and social features, the Auth & Session Security audit covers session management and CSRF protection.
Detail on fail: "No dynamic user profile routing found. Only static profile page at /profile or no profile feature exists." or "Profile route exists at /profiles/[id] but does not query user data from database"
Remediation: User profiles must be dynamically routed based on the user ID or username. In Next.js App Router:
// app/users/[id]/page.tsx
import { getUserProfile } from '@/lib/db'
export default async function ProfilePage({ params }: { params: { id: string } }) {
const user = await getUserProfile(params.id)
if (!user) return notFound()
return (
<div>
<img src={user.avatar} alt={user.name} />
<h1>{user.name}</h1>
<p>{user.bio}</p>
<p>Followers: {user.followers_count} | Following: {user.following_count}</p>
</div>
)
}
In Pages Router:
// pages/users/[id].tsx
import { getUserProfile } from '@/lib/db'
export async function getServerSideProps({ params }) {
const user = await getUserProfile(params.id)
if (!user) return { notFound: true }
return { props: { user } }
}
export default function ProfilePage({ user }) {
return (
// ... render profile
)
}