feat: integrate authentication and password management features, including bcrypt for hashing and NextAuth for session handling

2025-11-30 08:04:06 +01:00
parent 7cb1d5f433
commit d663fbcbd0
30 changed files with 3287 additions and 4164 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -20,6 +20,7 @@ dist
 prisma/*.db
 prisma/*.db-journal
 prisma/backups
 prisma/password.json
 # Debug
 npm-debug.log*
--- a/README.md
+++ b/README.md
@@ -23,6 +23,9 @@ Application web moderne de gestion personnelle de comptes bancaires avec import
 - **Graphiques** : Recharts
 - **Formulaires** : React Hook Form + Zod
 - **Thème** : next-themes
 - **Base de données** : Prisma + SQLite
 - **Authentification** : NextAuth.js v4
 - **Hashing** : bcryptjs
 ## 📋 Prérequis
@@ -44,13 +47,57 @@ cd bank-account-management-app
 pnpm install
 ```
-3. Lancez le serveur de développement :
+3. Configurez les variables d'environnement :
 Créez un fichier `.env.local` à la racine du projet :
 ```bash
 # NextAuth Configuration
 NEXTAUTH_URL=http://localhost:3000
 NEXTAUTH_SECRET=votre-secret-genere-ici
 # Database
 DATABASE_URL="file:./prisma/dev.db"
 ```
 **Génération d'un secret sécurisé** :
 ```bash
 openssl rand -base64 32
 ```
 Ou en Node.js :
 ```bash
 node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
 ```
 4. Initialisez la base de données :
 ```bash
 pnpm prisma db push
 pnpm prisma generate
 ```
 5. Créez le fichier de mot de passe initial :
 Le fichier `prisma/password.json` sera créé automatiquement au premier lancement avec le mot de passe par défaut `admin`. Vous pouvez aussi le créer manuellement :
 ```bash
 node -e "const bcrypt = require('bcryptjs'); bcrypt.hash('admin', 10).then(hash => { const data = { hash, createdAt: new Date().toISOString(), updatedAt: new Date().toISOString() }; require('fs').promises.writeFile('prisma/password.json', JSON.stringify(data, null, 2)).then(() => console.log('✅ password.json created')); });"
 ```
 6. Lancez le serveur de développement :
 ```bash
 pnpm dev
 ```
-4. Ouvrez [http://localhost:3000](http://localhost:3000) dans votre navigateur
+7. Ouvrez [http://localhost:3000](http://localhost:3000) dans votre navigateur
 8. Connectez-vous avec le mot de passe par défaut : `admin`
 **⚠️ Important** : Changez le mot de passe par défaut dès la première connexion dans les paramètres !
 ## 📦 Scripts disponibles
@@ -58,6 +105,10 @@ pnpm dev
 - `pnpm build` : Compile l'application pour la production
 - `pnpm start` : Lance le serveur de production
 - `pnpm lint` : Vérifie le code avec ESLint
 - `pnpm db:push` : Synchronise le schéma Prisma avec la base de données
 - `pnpm db:migrate` : Crée une nouvelle migration
 - `pnpm db:seed` : Exécute le script de seed
 - `pnpm db:studio` : Ouvre Prisma Studio pour visualiser la base de données
 ## 📁 Structure du projet
@@ -76,17 +127,45 @@ pnpm dev
 ├── lib/                  # Utilitaires et logique métier
 │   ├── hooks.ts          # Hooks personnalisés
 │   ├── ofx-parser.tsx    # Parser de fichiers OFX
 │   ├── store.ts          # Gestion du stockage local
 │   ├── types.ts          # Types TypeScript
-│   └── utils.ts          # Fonctions utilitaires
+│   ├── utils.ts          # Fonctions utilitaires
 │   ├── prisma.ts         # Client Prisma
 │   └── auth.ts           # Configuration NextAuth
 ├── services/             # Services métier
 │   ├── banking.service.ts
 │   ├── account.service.ts
 │   ├── category.service.ts
 │   ├── folder.service.ts
 │   ├── transaction.service.ts
 │   ├── backup.service.ts
 │   └── auth.service.ts
 ├── prisma/               # Base de données
 │   ├── schema.prisma     # Schéma Prisma
 │   ├── dev.db            # Base de données SQLite (non versionné)
 │   ├── password.json     # Hash du mot de passe (non versionné)
 │   └── backups/          # Sauvegardes automatiques (non versionné)
 └── public/               # Assets statiques
 ```
 ## 💾 Stockage des données
-L'application utilise `localStorage` pour stocker toutes les données localement dans le navigateur. Les données sont sauvegardées automatiquement à chaque modification.
+L'application utilise **Prisma** avec **SQLite** pour stocker toutes les données dans un fichier local (`prisma/dev.db`). Les données sont sauvegardées automatiquement à chaque modification.
-**Note** : Les données sont stockées uniquement dans votre navigateur. Si vous supprimez les données du navigateur ou changez d'appareil, vous devrez réimporter vos fichiers OFX.
+### Base de données
 - **Fichier** : `prisma/dev.db` (SQLite)
 - **Schéma** : Défini dans `prisma/schema.prisma`
 - **Migrations** : Gérées avec Prisma Migrate
 ### Authentification
 L'application est protégée par un **mot de passe global** stocké dans `prisma/password.json` (hashé avec bcrypt).
 - **Mot de passe par défaut** : `admin` (à changer dès la première connexion)
 - **Fichier** : `prisma/password.json` (créé automatiquement au premier lancement)
 - **Changement de mot de passe** : Disponible dans les paramètres
 **Note** : Les fichiers `prisma/password.json` et `prisma/dev.db` sont dans `.gitignore` et ne seront pas versionnés.
 ## 📥 Import de fichiers OFX
@@ -120,9 +199,19 @@ Le thème sombre/clair peut être changé dans les paramètres. L'application d
 ## 🔒 Sécurité et confidentialité
- **100% local** : Toutes vos données restent dans votre navigateur
+- **100% local** : Toutes vos données sont stockées localement dans un fichier SQLite
 - **Authentification** : Protection par mot de passe global (hashé avec bcrypt)
 - **Aucune connexion externe** : Aucune donnée n'est envoyée à des serveurs externes
 - **Pas de tracking** : Aucun service d'analytics tiers (sauf Vercel Analytics optionnel)
 - **Sauvegardes automatiques** : Système de sauvegarde automatique configurable (horaire, quotidienne, hebdomadaire, mensuelle)
 ### Variables d'environnement
 Le fichier `.env.local` contient des secrets sensibles et ne doit **jamais** être versionné. En production, configurez ces variables dans votre plateforme de déploiement :
 - `NEXTAUTH_SECRET` : Secret pour signer les tokens JWT (générez un secret sécurisé)
 - `NEXTAUTH_URL` : URL de base de l'application
 - `DATABASE_URL` : Chemin vers la base de données SQLite
 ## 🚧 Développement
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -0,0 +1,7 @@
 import NextAuth from "next-auth";
 import { authOptions } from "@/lib/auth";
 const handler = NextAuth(authOptions);
 export { handler as GET, handler as POST };
--- a/app/api/auth/change-password/route.ts
+++ b/app/api/auth/change-password/route.ts
@@ -0,0 +1,52 @@
 import { NextRequest, NextResponse } from "next/server";
 import { getServerSession } from "next-auth";
 import { authOptions } from "@/lib/auth";
 import { authService } from "@/services/auth.service";
 export async function POST(request: NextRequest) {
  try {
    // Verify user is authenticated
    const session = await getServerSession(authOptions);
    if (!session) {
      return NextResponse.json(
        { success: false, error: "Non authentifié" },
        { status: 401 }
      );
    }
    const body = await request.json();
    const { oldPassword, newPassword } = body;
    if (!oldPassword || !newPassword) {
      return NextResponse.json(
        { success: false, error: "Mot de passe requis" },
        { status: 400 }
      );
    }
    if (newPassword.length < 4) {
      return NextResponse.json(
        { success: false, error: "Le mot de passe doit contenir au moins 4 caractères" },
        { status: 400 }
      );
    }
    const result = await authService.changePassword(oldPassword, newPassword);
    if (!result.success) {
      return NextResponse.json(
        { success: false, error: result.error },
        { status: 400 }
      );
    }
    return NextResponse.json({ success: true });
  } catch (error) {
    console.error("Error changing password:", error);
    return NextResponse.json(
      { success: false, error: "Erreur lors du changement de mot de passe" },
      { status: 500 }
    );
  }
 }
--- a/app/api/backups/[id]/restore/route.ts
+++ b/app/api/backups/[id]/restore/route.ts
@@ -1,10 +1,13 @@
 import { NextRequest, NextResponse } from "next/server";
 import { backupService } from "@/services/backup.service";
 import { requireAuth } from "@/lib/auth-utils";
 export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> | { id: string } }
 ) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const resolvedParams = params instanceof Promise ? await params : params;
    await backupService.restoreBackup(resolvedParams.id);
--- a/app/api/backups/[id]/route.ts
+++ b/app/api/backups/[id]/route.ts
@@ -1,10 +1,13 @@
 import { NextRequest, NextResponse } from "next/server";
 import { backupService } from "@/services/backup.service";
 import { requireAuth } from "@/lib/auth-utils";
 export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> | { id: string } }
 ) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const resolvedParams = params instanceof Promise ? await params : params;
    await backupService.deleteBackup(resolvedParams.id);
--- a/app/api/backups/auto/route.ts
+++ b/app/api/backups/auto/route.ts
@@ -1,7 +1,10 @@
 import { NextRequest, NextResponse } from "next/server";
 import { backupService } from "@/services/backup.service";
 import { requireAuth } from "@/lib/auth-utils";
 export async function POST(_request: NextRequest) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    // Check if automatic backup should run
    const shouldRun = await backupService.shouldRunAutomaticBackup();
--- a/app/api/backups/route.ts
+++ b/app/api/backups/route.ts
@@ -1,7 +1,11 @@
 import { NextRequest, NextResponse } from "next/server";
 import { backupService } from "@/services/backup.service";
 import { requireAuth } from "@/lib/auth-utils";
 export async function GET() {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const backups = await backupService.getAllBackups();
    return NextResponse.json({ success: true, data: backups });
@@ -15,6 +19,9 @@ export async function GET() {
 }
 export async function POST(request: NextRequest) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const body = await request.json().catch(() => ({}));
    const force = body.force === true; // Only allow force for manual backups
--- a/app/api/backups/settings/route.ts
+++ b/app/api/backups/settings/route.ts
@@ -1,7 +1,10 @@
 import { NextRequest, NextResponse } from "next/server";
 import { backupService } from "@/services/backup.service";
 import { requireAuth } from "@/lib/auth-utils";
 export async function GET() {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const settings = await backupService.getSettings();
    return NextResponse.json({ success: true, data: settings });
@@ -15,6 +18,9 @@ export async function GET() {
 }
 export async function PUT(request: NextRequest) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const body = await request.json();
    const settings = await backupService.updateSettings(body);
--- a/app/api/banking/accounts/route.ts
+++ b/app/api/banking/accounts/route.ts
@@ -1,8 +1,12 @@
 import { NextResponse } from "next/server";
 import { accountService } from "@/services/account.service";
 import { requireAuth } from "@/lib/auth-utils";
 import type { Account } from "@/lib/types";
 export async function POST(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const data: Omit<Account, "id"> = await request.json();
    const created = await accountService.create(data);
@@ -17,6 +21,9 @@ export async function POST(request: Request) {
 }
 export async function PUT(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const account: Account = await request.json();
    const updated = await accountService.update(account.id, account);
@@ -31,6 +38,9 @@ export async function PUT(request: Request) {
 }
 export async function DELETE(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const { searchParams } = new URL(request.url);
    const id = searchParams.get("id");
--- a/app/api/banking/categories/route.ts
+++ b/app/api/banking/categories/route.ts
@@ -1,8 +1,11 @@
 import { NextResponse } from "next/server";
 import { categoryService } from "@/services/category.service";
 import { requireAuth } from "@/lib/auth-utils";
 import type { Category } from "@/lib/types";
 export async function POST(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const data: Omit<Category, "id"> = await request.json();
    const created = await categoryService.create(data);
@@ -17,6 +20,9 @@ export async function POST(request: Request) {
 }
 export async function PUT(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const category: Category = await request.json();
    const updated = await categoryService.update(category.id, category);
@@ -31,6 +37,9 @@ export async function PUT(request: Request) {
 }
 export async function DELETE(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const { searchParams } = new URL(request.url);
    const id = searchParams.get("id");
--- a/app/api/banking/folders/route.ts
+++ b/app/api/banking/folders/route.ts
@@ -1,8 +1,11 @@
 import { NextResponse } from "next/server";
 import { folderService, FolderNotFoundError } from "@/services/folder.service";
 import { requireAuth } from "@/lib/auth-utils";
 import type { Folder } from "@/lib/types";
 export async function POST(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const data: Omit<Folder, "id"> = await request.json();
    const created = await folderService.create(data);
@@ -17,6 +20,9 @@ export async function POST(request: Request) {
 }
 export async function PUT(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const folder: Folder = await request.json();
    const updated = await folderService.update(folder.id, folder);
@@ -31,6 +37,9 @@ export async function PUT(request: Request) {
 }
 export async function DELETE(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const { searchParams } = new URL(request.url);
    const id = searchParams.get("id");
--- a/app/api/banking/route.ts
+++ b/app/api/banking/route.ts
@@ -1,7 +1,11 @@
 import { NextResponse } from "next/server";
 import { bankingService } from "@/services/banking.service";
 import { requireAuth } from "@/lib/auth-utils";
 export async function GET() {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const data = await bankingService.getAllData();
    return NextResponse.json(data);
--- a/app/api/banking/transactions/clear-categories/route.ts
+++ b/app/api/banking/transactions/clear-categories/route.ts
@@ -1,7 +1,10 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
 import { requireAuth } from "@/lib/auth-utils";
 export async function POST() {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const result = await prisma.transaction.updateMany({
      where: {
--- a/app/api/banking/transactions/route.ts
+++ b/app/api/banking/transactions/route.ts
@@ -1,8 +1,11 @@
 import { NextResponse } from "next/server";
 import { transactionService } from "@/services/transaction.service";
 import { requireAuth } from "@/lib/auth-utils";
 import type { Transaction } from "@/lib/types";
 export async function POST(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const transactions: Transaction[] = await request.json();
    const result = await transactionService.createMany(transactions);
@@ -17,6 +20,9 @@ export async function POST(request: Request) {
 }
 export async function PUT(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const transaction: Transaction = await request.json();
    const updated = await transactionService.update(
@@ -34,6 +40,9 @@ export async function PUT(request: Request) {
 }
 export async function DELETE(request: Request) {
  const authError = await requireAuth();
  if (authError) return authError;
  try {
    const { searchParams } = new URL(request.url);
    const id = searchParams.get("id");
--- a/app/layout.tsx
+++ b/app/layout.tsx
@@ -2,6 +2,7 @@ import type React from "react";
 import type { Metadata } from "next";
 import { Geist, Geist_Mono } from "next/font/google";
 import "./globals.css";
 import { AuthSessionProvider } from "@/components/providers/session-provider";
 const _geist = Geist({ subsets: ["latin"] });
 const _geistMono = Geist_Mono({ subsets: ["latin"] });
@@ -20,7 +21,9 @@ export default function RootLayout({
 }>) {
  return (
    <html lang="fr">
-      <body className="font-sans antialiased">{children}</body>
+      <body className="font-sans antialiased">
        <AuthSessionProvider>{children}</AuthSessionProvider>
      </body>
    </html>
  );
 }
--- a/app/login/page.tsx
+++ b/app/login/page.tsx
@@ -0,0 +1,95 @@
 "use client";
 import { useState } from "react";
 import { signIn } from "next-auth/react";
 import { useRouter } from "next/navigation";
 import { Button } from "@/components/ui/button";
 import { Input } from "@/components/ui/input";
 import { Label } from "@/components/ui/label";
 import {
  Card,
  CardContent,
  CardDescription,
  CardHeader,
  CardTitle,
 } from "@/components/ui/card";
 import { Lock } from "lucide-react";
 import { toast } from "sonner";
 export default function LoginPage() {
  const [password, setPassword] = useState("");
  const [loading, setLoading] = useState(false);
  const router = useRouter();
  const handleSubmit = async (e: React.FormEvent) => {
    e.preventDefault();
    setLoading(true);
    try {
      const result = await signIn("credentials", {
        password,
        redirect: false,
      });
      if (result?.error) {
        toast.error("Mot de passe incorrect");
        setPassword("");
      } else {
        toast.success("Connexion réussie");
        router.push("/");
        router.refresh();
      }
    } catch {
      toast.error("Erreur lors de la connexion");
    } finally {
      setLoading(false);
    }
  };
  return (
    <div className="min-h-screen flex items-center justify-center bg-[var(--background)] p-4">
      <Card className="w-full max-w-md">
        <CardHeader className="space-y-1">
          <div className="flex items-center justify-center mb-4">
            <Lock className="w-12 h-12 text-[var(--primary)]" />
          </div>
          <CardTitle className="text-2xl text-center">
            Accès protégé
          </CardTitle>
          <CardDescription className="text-center">
            Entrez le mot de passe pour accéder à l'application
          </CardDescription>
        </CardHeader>
        <CardContent>
          <form onSubmit={handleSubmit} className="space-y-4">
            <div className="space-y-2">
              <Label htmlFor="password">Mot de passe</Label>
              <Input
                id="password"
                type="password"
                value={password}
                onChange={(e) => setPassword(e.target.value)}
                placeholder="Entrez le mot de passe"
                disabled={loading}
                autoFocus
                onKeyDown={(e) => {
                  if (e.key === "Enter") {
                    handleSubmit(e);
                  }
                }}
              />
            </div>
            <Button
              type="submit"
              className="w-full"
              disabled={loading || !password}
            >
              {loading ? "Connexion..." : "Se connecter"}
            </Button>
          </form>
        </CardContent>
      </Card>
    </div>
  );
 }
--- a/app/settings/page.tsx
+++ b/app/settings/page.tsx
@@ -7,6 +7,7 @@ import {
  DangerZoneCard,
  OFXInfoCard,
  BackupCard,
  PasswordCard,
 } from "@/components/settings";
 import { useBankingData } from "@/lib/hooks";
 import type { BankingData } from "@/lib/types";
@@ -107,6 +108,8 @@ export default function SettingsPage() {
        <BackupCard />
        <PasswordCard />
        <DangerZoneCard
          categorizedCount={categorizedCount}
          onClearCategories={clearAllCategories}
--- a/components/dashboard/sidebar.tsx
+++ b/components/dashboard/sidebar.tsx
@@ -2,7 +2,8 @@
 import { useState } from "react";
 import Link from "next/link";
-import { usePathname } from "next/navigation";
+import { usePathname, useRouter } from "next/navigation";
 import { signOut } from "next-auth/react";
 import { cn } from "@/lib/utils";
 import { Button } from "@/components/ui/button";
 import {
@@ -16,7 +17,9 @@ import {
  ChevronRight,
  Settings,
  Wand2,
  LogOut,
 } from "lucide-react";
 import { toast } from "sonner";
 const navItems = [
  { href: "/", label: "Tableau de bord", icon: LayoutDashboard },
@@ -30,8 +33,21 @@ const navItems = [
 export function Sidebar() {
  const pathname = usePathname();
  const router = useRouter();
  const [collapsed, setCollapsed] = useState(false);
  const handleSignOut = async () => {
    try {
      await signOut({ redirect: false });
      toast.success("Déconnexion réussie");
      router.push("/login");
      router.refresh();
    } catch (error) {
      console.error("Error signing out:", error);
      toast.error("Erreur lors de la déconnexion");
    }
  };
  return (
    <aside
      className={cn(
@@ -82,7 +98,7 @@ export function Sidebar() {
        })}
      </nav>
-      <div className="p-2 border-t border-border">
+      <div className="p-2 border-t border-border space-y-1">
        <Link href="/settings">
          <Button
            variant="ghost"
@@ -95,6 +111,17 @@ export function Sidebar() {
            {!collapsed && <span>Paramètres</span>}
          </Button>
        </Link>
        <Button
          variant="ghost"
          onClick={handleSignOut}
          className={cn(
            "w-full justify-start gap-3 text-destructive hover:text-destructive hover:bg-destructive/10",
            collapsed && "justify-center px-2",
          )}
        >
          <LogOut className="w-5 h-5 shrink-0" />
          {!collapsed && <span>Déconnexion</span>}
        </Button>
      </div>
    </aside>
  );
--- a/components/providers/session-provider.tsx
+++ b/components/providers/session-provider.tsx
@@ -0,0 +1,9 @@
 "use client";
 import { SessionProvider } from "next-auth/react";
 import type { ReactNode } from "react";
 export function AuthSessionProvider({ children }: { children: ReactNode }) {
  return <SessionProvider>{children}</SessionProvider>;
 }
--- a/components/settings/index.ts
+++ b/components/settings/index.ts
@@ -2,4 +2,5 @@ export { DataCard } from "./data-card";
 export { DangerZoneCard } from "./danger-zone-card";
 export { OFXInfoCard } from "./ofx-info-card";
 export { BackupCard } from "./backup-card";
 export { PasswordCard } from "./password-card";
--- a/components/settings/password-card.tsx
+++ b/components/settings/password-card.tsx
@@ -0,0 +1,202 @@
 "use client";
 import { useState } from "react";
 import { Button } from "@/components/ui/button";
 import {
  Card,
  CardContent,
  CardDescription,
  CardHeader,
  CardTitle,
 } from "@/components/ui/card";
 import { Input } from "@/components/ui/input";
 import { Label } from "@/components/ui/label";
 import {
  AlertDialog,
  AlertDialogAction,
  AlertDialogCancel,
  AlertDialogContent,
  AlertDialogDescription,
  AlertDialogFooter,
  AlertDialogHeader,
  AlertDialogTitle,
  AlertDialogTrigger,
 } from "@/components/ui/alert-dialog";
 import { Lock, Eye, EyeOff } from "lucide-react";
 import { toast } from "sonner";
 export function PasswordCard() {
  const [oldPassword, setOldPassword] = useState("");
  const [newPassword, setNewPassword] = useState("");
  const [confirmPassword, setConfirmPassword] = useState("");
  const [showOldPassword, setShowOldPassword] = useState(false);
  const [showNewPassword, setShowNewPassword] = useState(false);
  const [showConfirmPassword, setShowConfirmPassword] = useState(false);
  const [loading, setLoading] = useState(false);
  const [open, setOpen] = useState(false);
  const handleChangePassword = async () => {
    if (!oldPassword || !newPassword || !confirmPassword) {
      toast.error("Veuillez remplir tous les champs");
      return;
    }
    if (newPassword.length < 4) {
      toast.error("Le mot de passe doit contenir au moins 4 caractères");
      return;
    }
    if (newPassword !== confirmPassword) {
      toast.error("Les mots de passe ne correspondent pas");
      return;
    }
    setLoading(true);
    try {
      const response = await fetch("/api/auth/change-password", {
        method: "POST",
        headers: { "Content-Type": "application/json" },
        body: JSON.stringify({
          oldPassword,
          newPassword,
        }),
      });
      const data = await response.json();
      if (data.success) {
        toast.success("Mot de passe modifié avec succès");
        setOldPassword("");
        setNewPassword("");
        setConfirmPassword("");
        setOpen(false);
      } else {
        toast.error(data.error || "Erreur lors du changement de mot de passe");
      }
    } catch (error) {
      console.error("Error changing password:", error);
      toast.error("Erreur lors du changement de mot de passe");
    } finally {
      setLoading(false);
    }
  };
  return (
    <Card>
      <CardHeader>
        <CardTitle className="flex items-center gap-2">
          <Lock className="w-5 h-5" />
          Mot de passe
        </CardTitle>
        <CardDescription>
          Modifiez le mot de passe d'accès à l'application
        </CardDescription>
      </CardHeader>
      <CardContent>
        <AlertDialog open={open} onOpenChange={setOpen}>
          <AlertDialogTrigger asChild>
            <Button variant="outline">Changer le mot de passe</Button>
          </AlertDialogTrigger>
          <AlertDialogContent className="sm:max-w-md">
            <AlertDialogHeader>
              <AlertDialogTitle>Changer le mot de passe</AlertDialogTitle>
              <AlertDialogDescription>
                Entrez votre mot de passe actuel et le nouveau mot de passe.
              </AlertDialogDescription>
            </AlertDialogHeader>
            <div className="space-y-4 py-4">
              <div className="space-y-2">
                <Label htmlFor="old-password">Mot de passe actuel</Label>
                <div className="relative">
                  <Input
                    id="old-password"
                    type={showOldPassword ? "text" : "password"}
                    value={oldPassword}
                    onChange={(e) => setOldPassword(e.target.value)}
                    placeholder="Mot de passe actuel"
                    disabled={loading}
                  />
                  <Button
                    type="button"
                    variant="ghost"
                    size="sm"
                    className="absolute right-0 top-0 h-full px-3 py-2 hover:bg-transparent"
                    onClick={() => setShowOldPassword(!showOldPassword)}
                  >
                    {showOldPassword ? (
                      <EyeOff className="h-4 w-4" />
                    ) : (
                      <Eye className="h-4 w-4" />
                    )}
                  </Button>
                </div>
              </div>
              <div className="space-y-2">
                <Label htmlFor="new-password">Nouveau mot de passe</Label>
                <div className="relative">
                  <Input
                    id="new-password"
                    type={showNewPassword ? "text" : "password"}
                    value={newPassword}
                    onChange={(e) => setNewPassword(e.target.value)}
                    placeholder="Nouveau mot de passe"
                    disabled={loading}
                  />
                  <Button
                    type="button"
                    variant="ghost"
                    size="sm"
                    className="absolute right-0 top-0 h-full px-3 py-2 hover:bg-transparent"
                    onClick={() => setShowNewPassword(!showNewPassword)}
                  >
                    {showNewPassword ? (
                      <EyeOff className="h-4 w-4" />
                    ) : (
                      <Eye className="h-4 w-4" />
                    )}
                  </Button>
                </div>
              </div>
              <div className="space-y-2">
                <Label htmlFor="confirm-password">Confirmer le mot de passe</Label>
                <div className="relative">
                  <Input
                    id="confirm-password"
                    type={showConfirmPassword ? "text" : "password"}
                    value={confirmPassword}
                    onChange={(e) => setConfirmPassword(e.target.value)}
                    placeholder="Confirmer le mot de passe"
                    disabled={loading}
                  />
                  <Button
                    type="button"
                    variant="ghost"
                    size="sm"
                    className="absolute right-0 top-0 h-full px-3 py-2 hover:bg-transparent"
                    onClick={() => setShowConfirmPassword(!showConfirmPassword)}
                  >
                    {showConfirmPassword ? (
                      <EyeOff className="h-4 w-4" />
                    ) : (
                      <Eye className="h-4 w-4" />
                    )}
                  </Button>
                </div>
              </div>
            </div>
            <AlertDialogFooter>
              <AlertDialogCancel disabled={loading}>Annuler</AlertDialogCancel>
              <AlertDialogAction
                onClick={handleChangePassword}
                disabled={loading}
              >
                {loading ? "Modification..." : "Modifier"}
              </AlertDialogAction>
            </AlertDialogFooter>
          </AlertDialogContent>
        </AlertDialog>
      </CardContent>
    </Card>
  );
 }
--- a/dev.db
+++ b/dev.db
--- a/lib/auth-utils.ts
+++ b/lib/auth-utils.ts
@@ -0,0 +1,21 @@
 import { getServerSession } from "next-auth";
 import { authOptions } from "@/lib/auth";
 import { NextResponse } from "next/server";
 /**
 * Verify that the user is authenticated
 * Returns null if authenticated, or a NextResponse with 401 if not
 */
 export async function requireAuth(): Promise<NextResponse | null> {
  const session = await getServerSession(authOptions);
  if (!session) {
    return NextResponse.json(
      { error: "Non authentifié" },
      { status: 401 }
    );
  }
  return null;
 }
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -0,0 +1,72 @@
 import { NextAuthOptions } from "next-auth";
 import CredentialsProvider from "next-auth/providers/credentials";
 import { authService } from "@/services/auth.service";
 // Get secret with fallback for development
 const secret = process.env.NEXTAUTH_SECRET || "dev-secret-key-change-in-production";
 // Debug: log secret status (remove in production)
 if (process.env.NODE_ENV === "development") {
  console.log("🔐 NextAuth secret:", process.env.NEXTAUTH_SECRET ? "✅ Loaded from .env.local" : "⚠️ Using fallback");
 }
 if (!process.env.NEXTAUTH_SECRET && process.env.NODE_ENV === "production") {
  throw new Error(
    "NEXTAUTH_SECRET is required in production. Please set it in your environment variables."
  );
 }
 export const authOptions: NextAuthOptions = {
  providers: [
    CredentialsProvider({
      name: "Credentials",
      credentials: {
        password: { label: "Mot de passe", type: "password" },
      },
      async authorize(credentials) {
        try {
          if (!credentials?.password) {
            return null;
          }
          const isValid = await authService.verifyPassword(credentials.password);
          if (!isValid) {
            return null;
          }
          // Return a user object (we don't need a real user, just authentication)
          return {
            id: "admin",
            email: "admin@local",
          };
        } catch (error) {
          console.error("Error in authorize:", error);
          return null;
        }
      },
    }),
  ],
  pages: {
    signIn: "/login",
  },
  session: {
    strategy: "jwt",
    maxAge: 30 * 24 * 60 * 60, // 30 days
  },
  callbacks: {
    async jwt({ token, user }) {
      if (user) {
        token.id = user.id;
      }
      return token;
    },
    async session({ session, token }) {
      if (session.user && token.id) {
        session.user.id = token.id;
      }
      return session;
    },
  },
  secret,
 };
--- a/middleware.ts
+++ b/middleware.ts
@@ -0,0 +1,22 @@
 import { withAuth } from "next-auth/middleware";
 export default withAuth({
  pages: {
    signIn: "/login",
  },
 });
 export const config = {
  matcher: [
    /*
     * Match all request paths except for the ones starting with:
     * - api/auth (authentication routes)
     * - login (login page)
     * - _next/static (static files)
     * - _next/image (image optimization files)
     * - favicon.ico (favicon file)
     */
    "/((?!api/auth|login|_next/static|_next/image|favicon.ico).*)",
  ],
 };
--- a/package.json
+++ b/package.json
@@ -48,6 +48,7 @@
    "@radix-ui/react-tooltip": "1.1.6",
    "@vercel/analytics": "1.3.1",
    "autoprefixer": "^10.4.20",
    "bcryptjs": "^3.0.3",
    "class-variance-authority": "^0.7.1",
    "clsx": "^2.1.1",
    "cmdk": "1.0.4",
@@ -56,6 +57,7 @@
    "input-otp": "1.4.1",
    "lucide-react": "^0.454.0",
    "next": "16.0.3",
    "next-auth": "^4.24.13",
    "next-themes": "^0.4.6",
    "prisma": "^5.22.0",
    "react": "19.2.0",
@@ -75,6 +77,7 @@
    "@eslint/eslintrc": "^3.3.1",
    "@next/eslint-plugin-next": "^16.0.5",
    "@tailwindcss/postcss": "^4.1.9",
    "@types/bcryptjs": "^3.0.0",
    "@types/node": "^22",
    "@types/react": "^19",
    "@types/react-dom": "^19",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/services/auth.service.ts
+++ b/services/auth.service.ts
@@ -0,0 +1,82 @@
 import { promises as fs } from "fs";
 import path from "path";
 import { existsSync } from "fs";
 import bcrypt from "bcryptjs";
 const PASSWORD_FILE = path.join(process.cwd(), "prisma", "password.json");
 interface PasswordData {
  hash: string;
  createdAt: string;
  updatedAt: string;
 }
 async function ensurePasswordFile(): Promise<void> {
  if (!existsSync(PASSWORD_FILE)) {
    // Create default password "admin" if file doesn't exist
    const defaultHash = await bcrypt.hash("admin", 10);
    const defaultData: PasswordData = {
      hash: defaultHash,
      createdAt: new Date().toISOString(),
      updatedAt: new Date().toISOString(),
    };
    await fs.writeFile(PASSWORD_FILE, JSON.stringify(defaultData, null, 2), "utf-8");
  }
 }
 async function loadPasswordData(): Promise<PasswordData> {
  await ensurePasswordFile();
  const content = await fs.readFile(PASSWORD_FILE, "utf-8");
  return JSON.parse(content);
 }
 async function savePasswordData(data: PasswordData): Promise<void> {
  await fs.writeFile(PASSWORD_FILE, JSON.stringify(data, null, 2), "utf-8");
 }
 export const authService = {
  async verifyPassword(password: string): Promise<boolean> {
    try {
      const data = await loadPasswordData();
      return await bcrypt.compare(password, data.hash);
    } catch (error) {
      console.error("Error verifying password:", error);
      return false;
    }
  },
  async changePassword(oldPassword: string, newPassword: string): Promise<{ success: boolean; error?: string }> {
    try {
      // Verify old password
      const isValid = await this.verifyPassword(oldPassword);
      if (!isValid) {
        return { success: false, error: "Mot de passe actuel incorrect" };
      }
      // Hash new password
      const newHash = await bcrypt.hash(newPassword, 10);
      const data = await loadPasswordData();
      // Update password
      data.hash = newHash;
      data.updatedAt = new Date().toISOString();
      await savePasswordData(data);
      return { success: true };
    } catch (error) {
      console.error("Error changing password:", error);
      return { success: false, error: "Erreur lors du changement de mot de passe" };
    }
  },
  async hasPassword(): Promise<boolean> {
    try {
      await ensurePasswordFile();
      return existsSync(PASSWORD_FILE);
    } catch {
      return false;
    }
  },
 };
--- a/types/next-auth.d.ts
+++ b/types/next-auth.d.ts
@@ -0,0 +1,23 @@
 import "next-auth";
 declare module "next-auth" {
  interface User {
    id: string;
  }
  interface Session {
    user: {
      id: string;
      email?: string | null;
      name?: string | null;
      image?: string | null;
    };
  }
 }
 declare module "next-auth/jwt" {
  interface JWT {
    id: string;
  }
 }