refactor: reorganize feature modules with consistent naming conventions and flattened structure

2026-04-22 14:12:15 -04:00
parent 256df9102c
commit 61388f04a6
41 changed files with 0 additions and 824 deletions
@@ -1,10 +0,0 @@
 /**
 * Admin Server Actions
 *
 * Exported separately from admin/index.js to avoid bundling
 * server-side code (which includes database imports) into client components.
 *
 * Usage: import { getDashboardStats } from '@zen/core/features/admin/actions';
 */
 export { getDashboardStats } from './actions/statsActions.js';
@@ -1,27 +0,0 @@
 /**
 * Admin Stats Actions
 *
 * @deprecated Utiliser collectAllDashboardData() de serverRegistry à la place.
 * Ce fichier est conservé pour la rétrocompatibilité avec les projets qui
 * appellent getDashboardStats() directement depuis leur page admin.
 */
 'use server';
 import { query } from '@zen/core/database';
 import { fail } from '@zen/core/shared/logger';
 /**
 * @deprecated Utiliser collectAllDashboardData() de serverRegistry à la place.
 * @returns {Promise<{ success: boolean, stats?: { totalUsers: number }, error?: string }>}
 */
 export async function getDashboardStats() {
  try {
    const result = await query(`SELECT COUNT(*) as count FROM zen_auth_users`);
    const totalUsers = parseInt(result.rows[0].count) || 0;
    return { success: true, stats: { totalUsers } };
  } catch (error) {
    fail(`Error getting dashboard stats: ${error.message}`);
    return { success: false, error: error.message || 'Failed to get dashboard statistics' };
  }
 }
@@ -1,35 +0,0 @@
 'use client';
 import DashboardPage from './pages/DashboardPage.js';
 import UsersPage from './pages/UsersPage.js';
 import UserEditPage from './pages/UserEditPage.js';
 import ProfilePage from './pages/ProfilePage.js';
 import RolesPage from './pages/RolesPage.js';
 import RoleEditPage from './pages/RoleEditPage.js';
 export default function AdminPagesClient({ params, user, dashboardStats = null }) {
  const parts = params?.admin || [];
  const page = parts[0] || 'dashboard';
  if (page === 'users' && parts[1] === 'edit' && parts[2]) {
    return <UserEditPage userId={parts[2]} user={user} />;
  }
  if (page === 'roles' && parts[1] === 'edit' && parts[2]) {
    return <RoleEditPage roleId={parts[2]} user={user} />;
  }
  if (page === 'roles' && parts[1] === 'new') {
    return <RoleEditPage roleId="new" user={user} />;
  }
  const corePages = {
    dashboard: () => <DashboardPage user={user} stats={dashboardStats} />,
    users: () => <UsersPage user={user} />,
    profile: () => <ProfilePage user={user} />,
    roles: () => <RolesPage user={user} />,
  };
  const CorePageComponent = corePages[page];
  return CorePageComponent ? <CorePageComponent /> : <DashboardPage user={user} stats={dashboardStats} />;
 }
@@ -1,30 +0,0 @@
 'use client';
 /**
 * Dashboard Client Registry — API générique
 *
 * Les features s'enregistrent ici via registerClientWidget().
 * Ce fichier ne doit jamais importer une feature directement.
 * Les features dépendent de ce fichier, pas l'inverse.
 */
 const widgets = [];
 /**
 * Enregistre un composant React pour le tableau de bord.
 * Appelé en side effect par chaque feature (ex: auth/dashboard.widget.js).
 * @param {string} id - Identifiant unique de la feature (doit correspondre à l'id serveur)
 * @param {React.ComponentType} Component - Composant avec props { data, loading }
 * @param {number} order - Ordre d'affichage (croissant). Utiliser des intervalles de 10.
 */
 export function registerClientWidget(id, Component, order) {
  widgets.push({ id, Component, order });
 }
 /**
 * Retourne tous les widgets enregistrés, triés par order croissant.
 * @returns {Array<{ id: string, Component: React.ComponentType, order: number }>}
 */
 export function getClientWidgets() {
  return [...widgets].sort((a, b) => a.order - b.order);
 }
@@ -1,39 +0,0 @@
 /**
 * Dashboard Server Registry — API générique
 *
 * Les features s'enregistrent ici via registerServerWidget().
 * Ce fichier ne doit jamais importer une feature directement.
 * Les features dépendent de ce fichier, pas l'inverse.
 */
 const widgets = new Map(); // id → fetcher
 /**
 * Enregistre une fonction de fetch pour le tableau de bord.
 * Appelé en side effect par chaque feature (ex: auth/dashboard.server.js).
 * @param {string} id - Identifiant unique de la feature
 * @param {() => Promise<any>} fetcher - Fonction async retournant des données sérialisables
 */
 export function registerServerWidget(id, fetcher) {
  widgets.set(id, fetcher);
 }
 /**
 * Exécute tous les fetchers enregistrés en parallèle.
 * Un fetcher qui échoue n'empêche pas les autres (Promise.allSettled).
 * @returns {Promise<Record<string, any>>} Map featureId → données
 */
 export async function collectAllDashboardData() {
  const results = await Promise.allSettled(
    Array.from(widgets.entries()).map(([id, fetcher]) =>
      fetcher().then(data => ({ id, data }))
    )
  );
  return results.reduce((acc, result) => {
    if (result.status === 'fulfilled') {
      acc[result.value.id] = result.value.data;
    }
    return acc;
  }, {});
 }
@@ -1,16 +0,0 @@
 /**
 * Dashboard Server Registry — Point d'entrée
 *
 * Ré-exporte l'API du registre pur et déclenche le câblage des features
 * via un import side-effect de features/dashboard.server.js.
 *
 * Ne jamais importer une feature directement ici.
 * Pour ajouter une feature : éditer src/features/dashboard.server.js.
 */
 export { collectAllDashboardData } from './registry.js';
 // Side effect : initialise le registre, enregistre les widgets core, puis les features
 import './registry.js';
 import './widgets/index.server.js';
 import '../../dashboard.server.js';
@@ -1,10 +0,0 @@
 'use client';
 /**
 * Widgets core — Câblage client
 *
 * Ce fichier est le SEUL à modifier pour ajouter un widget core côté client.
 * Les widgets core sont auto-enregistrés au démarrage de l'admin, sans module externe.
 */
 import './users.widget.js';
@@ -1,8 +0,0 @@
 /**
 * Widgets core — Câblage serveur
 *
 * Ce fichier est le SEUL à modifier pour ajouter un widget core côté serveur.
 * Les widgets core sont auto-enregistrés au démarrage de l'admin, sans module externe.
 */
 import './users.server.js';
@@ -1,53 +0,0 @@
 /**
 * Admin Navigation Builder (Server-Only)
 *
 * IMPORTANT: Navigation data must be serializable (no functions/components).
 * Icons are passed as string names and resolved on the client.
 */
 /**
 * Build complete navigation sections
 * @param {string} pathname - Current pathname
 * @returns {Array} Navigation sections (serializable, icons as strings)
 */
 export function buildNavigationSections(pathname) {
  const coreNavigation = [
    {
      id: 'Dashboard',
      title: 'Tableau de bord',
      icon: 'DashboardSquare03Icon',
      items: [
        {
          name: 'Tableau de bord',
          href: '/admin/dashboard',
          icon: 'DashboardSquare03Icon',
          current: pathname === '/admin/dashboard'
        },
      ]
    }
  ];
  const systemNavigation = [
    {
      id: 'users',
      title: 'Utilisateurs',
      icon: 'UserMultiple02Icon',
      items: [
        {
          name: 'Utilisateurs',
          href: '/admin/users',
          icon: 'UserMultiple02Icon',
          current: pathname.startsWith('/admin/users')
        },
        {
          name: 'Rôles',
          href: '/admin/roles',
          icon: 'Crown03Icon',
          current: pathname.startsWith('/admin/roles')
        },
      ]
    }
  ];
  return [...coreNavigation, ...systemNavigation];
 }
@@ -1,434 +0,0 @@
 /**
 * Server Actions for Next.js
 * Authentication actions for login, register, password reset, etc.
 */
 'use server';
 import { register, login, requestPasswordReset, resetPassword, verifyUserEmail } from '../lib/auth.js';
 import { validateSession, deleteSession } from '../lib/session.js';
 import { verifyEmailToken, verifyResetToken, sendVerificationEmail, sendPasswordResetEmail } from '../lib/email.js';
 import { fail } from '@zen/core/shared/logger';
 import { cookies, headers } from 'next/headers';
 import { getSessionCookieName, getPublicBaseUrl } from '@zen/core/shared/config';
 import { checkRateLimit, getIpFromHeaders, formatRetryAfter } from '@zen/core/shared/rate-limit';
 /**
 * Errors that are safe to surface verbatim to the client (e.g. "token expired").
 * All other errors — including library-layer and database errors — must be caught,
 * logged server-side only, and replaced with a generic message to prevent internal
 * detail disclosure.
 */
 class UserFacingError extends Error {
  constructor(message) {
    super(message);
    this.name = 'UserFacingError';
  }
 }
 /**
 * Get the client IP from the current server action context.
 */
 async function getClientIp() {
  const h = await headers();
  return getIpFromHeaders(h);
 }
 // Emitted at most once per process lifetime to avoid log flooding while still
 // alerting operators that per-IP rate limiting is inactive for server actions.
 let _rateLimitUnavailableWarned = false;
 /**
 * Apply per-IP rate limiting only when a real IP address is available.
 *
 * When IP resolves to 'unknown' (no trusted proxy configured), every caller
 * shares the single bucket keyed '<action>:unknown'. A single attacker can
 * exhaust that bucket in 5 requests and impose a 30-minute denial-of-service
 * on every legitimate user. Rate limiting is therefore suspended for the
 * 'unknown' case and a one-time operator warning is emitted instead,
 * mirroring the identical policy applied to API routes in router.js.
 *
 * Set ZEN_TRUST_PROXY=true only behind a verified reverse proxy (Nginx,
 * Cloudflare, AWS ALB, …) that strips and rewrites forwarding headers.
 *
 * @param {string} ip
 * @param {string} action
 * @returns {{ allowed: boolean, retryAfterMs?: number } | null} null = suspended
 */
 function enforceRateLimit(ip, action) {
  if (ip === 'unknown') {
    if (!_rateLimitUnavailableWarned) {
      _rateLimitUnavailableWarned = true;
      fail(
        'Rate limiting inactive (server actions): client IP cannot be determined. ' +
        'Set ZEN_TRUST_PROXY=true behind a verified reverse proxy to enable per-IP rate limiting.'
      );
    }
    return null;
  }
  return checkRateLimit(ip, action);
 }
 /**
 * Validate anti-bot fields submitted with forms.
 * - _hp  : honeypot field — must be empty
 * - _t   : form load timestamp (ms) — submission must be at least 1.5 s after page
 *          load AND no more than MAX_FORM_AGE_MS in the past. Both a lower bound
 *          (prevents instant automated submission) and an upper bound (prevents the
 *          trivial bypass of supplying an arbitrary past timestamp such as _t=1) are
 *          enforced. Future timestamps are also rejected.
 *
 * @param {FormData} formData
 * @returns {{ valid: boolean, error?: string }}
 */
 function validateAntiBotFields(formData) {
  const honeypot = formData.get('_hp');
  if (honeypot && honeypot.length > 0) {
    return { valid: false, error: 'Requête invalide' };
  }
  const MIN_ELAPSED_MS  = 1_500;
  const MAX_FORM_AGE_MS = 10 * 60 * 1_000; // 10 minutes — rejects epoch-era timestamps
  const now = Date.now();
  const t   = parseInt(formData.get('_t') || '0', 10);
  const elapsed = now - t;
  if (t === 0 || t > now || elapsed < MIN_ELAPSED_MS || elapsed > MAX_FORM_AGE_MS) {
    return { valid: false, error: 'Requête invalide' };
  }
  return { valid: true };
 }
 // Get cookie name from environment or use default
 export const COOKIE_NAME = getSessionCookieName();
 /**
 * Register a new user
 * @param {FormData} formData - Form data with email, password, name
 * @returns {Promise<Object>} Result object
 */
 export async function registerAction(formData) {
  try {
    const botCheck = validateAntiBotFields(formData);
    if (!botCheck.valid) return { success: false, error: botCheck.error };
    const ip = await getClientIp();
    const rl = enforceRateLimit(ip, 'register');
    if (rl && !rl.allowed) {
      return { success: false, error: `Trop de tentatives. Réessayez dans ${formatRetryAfter(rl.retryAfterMs)}.` };
    }
    const email = formData.get('email');
    const password = formData.get('password');
    const name = formData.get('name');
    const result = await register({ email, password, name });
    // Send verification email
    await sendVerificationEmail(result.user.email, result.verificationToken, getPublicBaseUrl());
    return {
      success: true,
      message: 'Compte créé avec succès. Consultez votre e-mail pour vérifier votre compte.',
      user: result.user
    };
  } catch (error) {
    // Never return raw error.message to the client — library and database errors
    // (e.g. unique-constraint violations) expose internal table names and schema.
    fail(`Auth: registerAction error: ${error.message}`);
    return { success: false, error: 'Une erreur interne est survenue. Veuillez réessayer.' };
  }
 }
 /**
 * Login a user
 * @param {FormData} formData - Form data with email and password
 * @returns {Promise<Object>} Result object
 */
 export async function loginAction(formData) {
  try {
    const botCheck = validateAntiBotFields(formData);
    if (!botCheck.valid) return { success: false, error: botCheck.error };
    const ip = await getClientIp();
    const rl = enforceRateLimit(ip, 'login');
    if (rl && !rl.allowed) {
      return { success: false, error: `Trop de tentatives. Réessayez dans ${formatRetryAfter(rl.retryAfterMs)}.` };
    }
    const email = formData.get('email');
    const password = formData.get('password');
    const result = await login({ email, password });
    // Set the session cookie directly inside this server action so the token
    // never travels through JavaScript-readable response payload.
    // An HttpOnly cookie is the only safe transport for session tokens.
    const cookieStore = await cookies();
    cookieStore.set(COOKIE_NAME, result.session.token, {
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'lax',
      maxAge: 60 * 60 * 24 * 30,
      path: '/'
    });
    return {
      success: true,
      message: 'Connexion réussie',
      user: result.user
      // sessionToken intentionally omitted — it must never appear in a
      // JavaScript-accessible response body.
    };
  } catch (error) {
    fail(`Auth: loginAction error: ${error.message}`);
    return { success: false, error: 'Identifiants invalides ou erreur interne. Veuillez réessayer.' };
  }
 }
 /**
 * Set session cookie after verifying the token is a genuine live session.
 *
 * This server action is client-callable. Without server-side token validation an
 * attacker could supply any arbitrary string (including a stolen token for another
 * user) and have it written as the HttpOnly session cookie, completely bypassing
 * the protection that HttpOnly is intended to provide. The token is therefore
 * validated against the session store before the cookie is written.
 *
 * @param {string} token - Session token obtained from a trusted server-side flow
 * @returns {Promise<Object>} Result object
 */
 export async function setSessionCookie(token) {
  try {
    if (!token || typeof token !== 'string' || token.trim() === '') {
      return { success: false, error: 'Jeton de session invalide' };
    }
    const session = await validateSession(token);
    if (!session) {
      return { success: false, error: 'Session invalide ou expirée' };
    }
    const cookieStore = await cookies();
    cookieStore.set(COOKIE_NAME, token, {
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'lax',
      maxAge: 60 * 60 * 24 * 30, // 30 days
      path: '/'
    });
    return { success: true };
  } catch (error) {
    fail(`Auth: setSessionCookie error: ${error.message}`);
    return { success: false, error: 'Une erreur interne est survenue' };
  }
 }
 /**
 * Refresh session cookie (extend expiration).
 *
 * Re-validates the token before extending its cookie lifetime so that expired
 * or revoked tokens cannot have their cookie window reopened by replaying this
 * server action.
 *
 * @param {string} token - Session token
 * @returns {Promise<Object>} Result object
 */
 export async function refreshSessionCookie(token) {
  try {
    if (!token || typeof token !== 'string' || token.trim() === '') {
      return { success: false, error: 'Jeton de session invalide' };
    }
    const session = await validateSession(token);
    if (!session) {
      return { success: false, error: 'Session invalide ou expirée' };
    }
    const cookieStore = await cookies();
    cookieStore.set(COOKIE_NAME, token, {
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'lax',
      maxAge: 60 * 60 * 24 * 30, // 30 days
      path: '/'
    });
    return { success: true };
  } catch (error) {
    fail(`Auth: refreshSessionCookie error: ${error.message}`);
    return { success: false, error: 'Une erreur interne est survenue' };
  }
 }
 /**
 * Logout a user
 * @returns {Promise<Object>} Result object
 */
 export async function logoutAction() {
  try {
    const cookieStore = await cookies();
    const token = cookieStore.get(COOKIE_NAME)?.value;
    if (token) {
      await deleteSession(token);
    }
    cookieStore.delete(COOKIE_NAME);
    return {
      success: true,
      message: 'Déconnexion réussie'
    };
  } catch (error) {
    fail(`Auth: logoutAction error: ${error.message}`);
    return { success: false, error: 'Une erreur interne est survenue. Veuillez réessayer.' };
  }
 }
 /**
 * Get current user session
 * @returns {Promise<Object|null>} Session and user data or null
 */
 export async function getSession() {
  try {
    const cookieStore = await cookies();
    const token = cookieStore.get(COOKIE_NAME)?.value;
    if (!token) return null;
    const result = await validateSession(token);
    // If session was refreshed, also refresh the cookie
    if (result && result.sessionRefreshed) {
      await refreshSessionCookie(token);
    }
    return result;
  } catch (error) {
    fail(`Auth: session validation error: ${error.message}`);
    return null;
  }
 }
 /**
 * Request password reset
 * @param {FormData} formData - Form data with email
 * @returns {Promise<Object>} Result object
 */
 export async function forgotPasswordAction(formData) {
  try {
    const botCheck = validateAntiBotFields(formData);
    if (!botCheck.valid) return { success: false, error: botCheck.error };
    const ip = await getClientIp();
    const rl = enforceRateLimit(ip, 'forgot_password');
    if (rl && !rl.allowed) {
      return { success: false, error: `Trop de tentatives. Réessayez dans ${formatRetryAfter(rl.retryAfterMs)}.` };
    }
    const email = formData.get('email');
    const result = await requestPasswordReset(email);
    if (result.token) {
      await sendPasswordResetEmail(email, result.token, getPublicBaseUrl());
    }
    return {
      success: true,
      message: 'Si un compte existe avec cet e-mail, vous recevrez un lien pour réinitialiser votre mot de passe.'
    };
  } catch (error) {
    fail(`Auth: forgotPasswordAction error: ${error.message}`);
    return { success: false, error: 'Une erreur interne est survenue. Veuillez réessayer.' };
  }
 }
 /**
 * Reset password with token
 * @param {FormData} formData - Form data with email, token, and newPassword
 * @returns {Promise<Object>} Result object
 */
 export async function resetPasswordAction(formData) {
  try {
    const ip = await getClientIp();
    const rl = enforceRateLimit(ip, 'reset_password');
    if (rl && !rl.allowed) {
      return { success: false, error: `Trop de tentatives. Réessayez dans ${formatRetryAfter(rl.retryAfterMs)}.` };
    }
    const email = formData.get('email');
    const token = formData.get('token');
    const newPassword = formData.get('newPassword');
    // Verify token first — throw UserFacingError so the specific message reaches
    // the client while unexpected system errors are sanitized in the catch below.
    const isValid = await verifyResetToken(email, token);
    if (!isValid) {
      throw new UserFacingError('Jeton de réinitialisation invalide ou expiré');
    }
    await resetPassword({ email, token, newPassword });
    return {
      success: true,
      message: 'Mot de passe réinitialisé avec succès. Vous pouvez maintenant vous connecter avec votre nouveau mot de passe.'
    };
  } catch (error) {
    if (error instanceof UserFacingError) {
      return { success: false, error: error.message };
    }
    fail(`Auth: resetPasswordAction error: ${error.message}`);
    return { success: false, error: 'Une erreur interne est survenue. Veuillez réessayer.' };
  }
 }
 /**
 * Verify email with token
 * @param {FormData} formData - Form data with email and token
 * @returns {Promise<Object>} Result object
 */
 export async function verifyEmailAction(formData) {
  try {
    const ip = await getClientIp();
    const rl = enforceRateLimit(ip, 'verify_email');
    if (rl && !rl.allowed) {
      return { success: false, error: `Trop de tentatives. Réessayez dans ${formatRetryAfter(rl.retryAfterMs)}.` };
    }
    const email = formData.get('email');
    const token = formData.get('token');
    // Verify token — throw UserFacingError so validation messages surface to the
    // client while unexpected system errors remain sanitized in the catch below.
    const isValid = await verifyEmailToken(email, token);
    if (!isValid) {
      throw new UserFacingError('Jeton de vérification invalide ou expiré');
    }
    // Find user and verify
    const { findOne } = await import('../../../core/database/crud.js');
    const user = await findOne('zen_auth_users', { email });
    if (!user) {
      throw new UserFacingError('Utilisateur introuvable');
    }
    await verifyUserEmail(user.id);
    return {
      success: true,
      message: 'E-mail vérifié avec succès. Vous pouvez maintenant vous connecter.'
    };
  } catch (error) {
    if (error instanceof UserFacingError) {
      return { success: false, error: error.message };
    }
    fail(`Auth: verifyEmailAction error: ${error.message}`);
    return { success: false, error: 'Une erreur interne est survenue. Veuillez réessayer.' };
  }
 }
@@ -1,104 +0,0 @@
 'use client';
 /**
 * Auth Pages Component - Catch-all route for Next.js App Router
 * This component handles all authentication routes: login, register, forgot, reset, confirm
 */
 import { useRouter } from 'next/navigation';
 import { useEffect, useState } from 'react';
 import LoginPage from './pages/LoginPage.js';
 import RegisterPage from './pages/RegisterPage.js';
 import ForgotPasswordPage from './pages/ForgotPasswordPage.js';
 import ResetPasswordPage from './pages/ResetPasswordPage.js';
 import ConfirmEmailPage from './pages/ConfirmEmailPage.js';
 import LogoutPage from './pages/LogoutPage.js';
 export default function AuthPagesClient({ 
  params, 
  searchParams, 
  registerAction,
  loginAction,
  forgotPasswordAction,
  resetPasswordAction,
  verifyEmailAction,
  logoutAction,
  setSessionCookieAction,
  redirectAfterLogin = '/',
  currentUser = null
 }) {
  const router = useRouter();
  const [currentPage, setCurrentPage] = useState(null); // null = loading
  const [isLoading, setIsLoading] = useState(true);
  const [email, setEmail] = useState('');
  const [token, setToken] = useState('');
  useEffect(() => {
    // Get page from params or URL
    const getPageFromParams = () => {
      if (params?.auth?.[0]) {
        return params.auth[0];
      }
      // Fallback: read from URL
      if (typeof window !== 'undefined') {
        const pathname = window.location.pathname;
        const match = pathname.match(/\/auth\/([^\/\?]+)/);
        return match ? match[1] : 'login';
      }
      return 'login';
    };
    const page = getPageFromParams();
    setCurrentPage(page);
    setIsLoading(false);
  }, [params]);
  // Extract email and token from searchParams (handles both Promise and regular object)
  useEffect(() => {
    const extractSearchParams = async () => {
      let resolvedParams = searchParams;
      // Check if searchParams is a Promise (Next.js 15+)
      if (searchParams && typeof searchParams.then === 'function') {
        resolvedParams = await searchParams;
      }
      // Extract email and token from URL if not in searchParams
      if (typeof window !== 'undefined') {
        const urlParams = new URLSearchParams(window.location.search);
        setEmail(resolvedParams?.email || urlParams.get('email') || '');
        setToken(resolvedParams?.token || urlParams.get('token') || '');
      } else {
        setEmail(resolvedParams?.email || '');
        setToken(resolvedParams?.token || '');
      }
    };
    extractSearchParams();
  }, [searchParams]);
  const navigate = (page) => {
    router.push(`/auth/${page}`);
  };
  // Don't render anything while determining the correct page
  if (isLoading || !currentPage) {
    return null;
  }
  // Page components mapping
  const pageComponents = {
    login: () => <LoginPage onSubmit={loginAction} onNavigate={navigate} onSetSessionCookie={setSessionCookieAction} redirectAfterLogin={redirectAfterLogin} currentUser={currentUser} />,
    register: () => <RegisterPage onSubmit={registerAction} onNavigate={navigate} currentUser={currentUser} />,
    forgot: () => <ForgotPasswordPage onSubmit={forgotPasswordAction} onNavigate={navigate} currentUser={currentUser} />,
    reset: () => <ResetPasswordPage onSubmit={resetPasswordAction} onNavigate={navigate} email={email} token={token} />,
    confirm: () => <ConfirmEmailPage onSubmit={verifyEmailAction} onNavigate={navigate} email={email} token={token} />,
    logout: () => <LogoutPage onLogout={logoutAction} onSetSessionCookie={setSessionCookieAction} />
  };
  // Render the appropriate page
  const PageComponent = pageComponents[currentPage];
  return PageComponent ? <PageComponent /> : <LoginPage onSubmit={loginAction} onNavigate={navigate} onSetSessionCookie={setSessionCookieAction} redirectAfterLogin={redirectAfterLogin} currentUser={currentUser} />;
 }
@@ -1,19 +0,0 @@
 /**
 * Auth Pages Layout - Server Component
 * Provides the layout structure for authentication pages
 * 
 * Usage:
 * <AuthPagesLayout>
 *   <AuthPagesClient {...props} />
 * </AuthPagesLayout>
 */
 export default function AuthPagesLayout({ children }) {
  return (
    <div className="min-h-screen flex items-center justify-center p-4 md:p-8">
      <div className="max-w-md w-full">
        {children}
      </div>
    </div>
  );
 }
@@ -1,14 +0,0 @@
 'use client';
 /**
 * Câblage client des widgets du tableau de bord — Features externes
 *
 * Ce fichier est le SEUL à modifier pour ajouter le widget client
 * d'une nouvelle feature au tableau de bord.
 *
 * L'import suffit : chaque module s'enregistre lui-même en side effect
 * via registerClientWidget() de admin/dashboard/clientRegistry.js.
 *
 * Exemple pour une feature 'blog' :
 *   import './blog/dashboard.widget.js';
 */
@@ -1,12 +0,0 @@
 /**
 * Câblage serveur des widgets du tableau de bord — Features externes
 *
 * Ce fichier est le SEUL à modifier pour ajouter la contribution serveur
 * d'une nouvelle feature au tableau de bord.
 *
 * L'import suffit : chaque module s'enregistre lui-même en side effect
 * via registerServerWidget() de admin/dashboard/registry.js.
 *
 * Exemple pour une feature 'blog' :
 *   import './blog/dashboard.server.js';
 */
@@ -1,13 +0,0 @@
 /**
 * Core Features Registry
 *
 * Lists all built-in features that are always initialized when running `zen-db init`.
 * Unlike optional modules (src/modules), core features are not gated by env vars —
 * they are required for the application to function.
 *
 * Each name must correspond to a directory under src/features/ that exposes a db.js
 * with createTables() and optionally dropTables().
 */
 export const CORE_FEATURES = [
  'auth',
 ];