chore: bump version to v0.1.16

- components/ui/SidebarLink.vue and AppTopNav.vue
- infra/prod/maintenance.html
- Remove useRoute() call in useApi onResponseError (fixes middleware warning)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/auto-tag-develop.yml

@@ -13,7 +13,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ secrets.RELEASE_TOKEN || gitea.token }}
+          token: ${{ secrets.REGISTRY_TOKEN }}
           persist-credentials: true
 
       - name: Create next tag from config/version.yaml

.nvmrc

@@ -0,0 +1 @@
+24

CLAUDE.md

@@ -1,6 +1,69 @@
 # Coltura
 
-CRM/ERP. Monorepo Symfony 8 (API Platform 4) + Nuxt 4.
+CRM/ERP. Monorepo Symfony 8 (API Platform 4) + Nuxt 4. **Architecture DDD (Domain-Driven Design).**
+
+## Architecture DDD
+
+Le projet suit une architecture DDD cote backend ET frontend. Le code est organise par **domaine metier** (Bounded Context), pas par type technique.
+
+### Backend — Organisation par domaine
+
+```
+src/
+  Domain/                        # Couche domaine (logique metier pure, aucune dependance framework)
+    {BoundedContext}/             # Ex: Customer, Sales, Catalog, Invoice...
+      Entity/                    # Entites et Aggregates du domaine
+      ValueObject/               # Value Objects (Money, Address, Email...)
+      Repository/                # Interfaces des repositories (ports)
+      Service/                   # Services domaine (logique metier)
+      Event/                     # Domain Events
+      Exception/                 # Exceptions metier
+  Application/                   # Couche application (cas d'usage, orchestration)
+    {BoundedContext}/
+      Command/                   # Commands (write) + Handlers
+      Query/                     # Queries (read) + Handlers
+      DTO/                       # Data Transfer Objects
+  Infrastructure/                # Couche infrastructure (implementations techniques)
+    {BoundedContext}/
+      Repository/                # Implementations Doctrine des repositories
+      Persistence/               # Mapping Doctrine (si XML/YAML)
+    Shared/                      # Services techniques partages (mail, storage, etc.)
+  Api/                           # Couche API (exposition HTTP)
+    {BoundedContext}/
+      Resource/                  # ApiResource API Platform
+      State/                     # Providers & Processors API Platform
+```
+
+**Regles DDD backend :**
+- Le domaine (`Domain/`) ne depend de RIEN (pas de Doctrine, pas de Symfony, pas d'API Platform)
+- Les repositories dans `Domain/` sont des **interfaces** ; les implementations Doctrine sont dans `Infrastructure/`
+- Les entites API Platform (`Api/Resource/`) sont decouples des entites domaine si necessaire
+- Chaque Bounded Context est autonome — pas d'import croise entre contextes (communiquer via events ou services application)
+- `User` et `Auth` restent dans `src/` (hors DDD) car c'est du framework pur (Security Bundle)
+
+### Frontend — Organisation par domaine
+
+```
+frontend/
+  domains/                       # Modules metier
+    {bounded-context}/           # Ex: customer, sales, catalog, invoice...
+      components/                # Composants Vue specifiques au domaine
+      composables/               # Composables specifiques au domaine
+      services/                  # Services API du domaine
+      dto/                       # Types TypeScript du domaine
+      pages/                     # Pages du domaine (optionnel, ou dans pages/)
+      stores/                    # Store Pinia du domaine (si necessaire)
+  components/                    # Composants UI partages (non lies a un domaine)
+  composables/                   # Composables partages (useApi, useAppVersion)
+  stores/                        # Stores globaux (auth, ui)
+  services/                      # Services partages
+```
+
+**Regles DDD frontend :**
+- Chaque domaine est un dossier autonome dans `frontend/domains/`
+- Un domaine ne doit pas importer depuis un autre domaine — utiliser les composables/stores partages
+- Les composants, services et types partages restent a la racine (`components/`, `composables/`, etc.)
+- Les pages peuvent etre dans `frontend/pages/` (routing Nuxt) et importer les composants du domaine
 
 ## Stack
 
@@ -12,26 +75,37 @@ CRM/ERP. Monorepo Symfony 8 (API Platform 4) + Nuxt 4.
 ## Structure
 
 ```
-src/Entity/          # Entites Doctrine (User)
-src/ApiResource/     # Ressources API Platform decouples (AppVersion)
-src/State/           # Providers et Processors API Platform (MeProvider, AppVersionProvider, UserPasswordHasherProcessor)
-src/Service/         # Services metier
-src/Repository/      # Repositories Doctrine
-src/DataFixtures/    # Fixtures
-config/              # Config Symfony (security, api_platform, lexik_jwt, nelmio_cors, doctrine)
-config/jwt/          # Cles JWT (private.pem, public.pem)
-migrations/          # Migrations Doctrine
-infra/dev/           # Config Docker dev (Dockerfile, nginx, php.ini, xdebug)
-infra/prod/          # Config Docker prod (Dockerfile multi-stage, nginx, php-prod.ini)
-frontend/            # App Nuxt 4
-frontend/pages/      # Pages (index, login)
-frontend/layouts/    # Layouts (default)
-frontend/components/ # Composants Vue
-frontend/composables/# Composables (useApi, useAppVersion)
-frontend/stores/     # Stores Pinia (auth, ui)
-frontend/services/   # Services API (auth)
-frontend/services/dto/ # Types TypeScript
-frontend/i18n/locales/ # Fichiers de traduction
+src/
+  Domain/{Context}/Entity/       # Entites domaine
+  Domain/{Context}/ValueObject/  # Value Objects
+  Domain/{Context}/Repository/   # Interfaces repositories
+  Domain/{Context}/Service/      # Services domaine
+  Domain/{Context}/Event/        # Domain Events
+  Application/{Context}/Command/ # Commands + Handlers
+  Application/{Context}/Query/   # Queries + Handlers
+  Application/{Context}/DTO/     # Data Transfer Objects
+  Infrastructure/{Context}/Repository/ # Implementations Doctrine
+  Api/{Context}/Resource/        # ApiResource API Platform
+  Api/{Context}/State/           # Providers & Processors
+  Entity/                        # Entites framework (User)
+  DataFixtures/                  # Fixtures
+config/                          # Config Symfony
+config/jwt/                      # Cles JWT
+migrations/                      # Migrations Doctrine
+infra/dev/                       # Docker dev
+infra/prod/                      # Docker prod (multi-stage)
+frontend/
+  domains/{context}/components/  # Composants du domaine
+  domains/{context}/composables/ # Composables du domaine
+  domains/{context}/services/    # Services API du domaine
+  domains/{context}/dto/         # Types TS du domaine
+  domains/{context}/stores/      # Store Pinia du domaine
+  components/                    # Composants UI partages
+  composables/                   # Composables partages (useApi, useAppVersion)
+  stores/                        # Stores globaux (auth, ui)
+  pages/                         # Pages (routing Nuxt)
+  layouts/                       # Layouts
+  i18n/locales/                  # Traductions
 ```
 
 ## Commandes

README.md

@@ -1,26 +1,103 @@
 # Coltura
 
-CRM/ERP - Symfony 8 + API Platform 4 + Nuxt 4
+CRM/ERP — Symfony 8 (API Platform 4) + Nuxt 4
+
+## Stack
+
+- **Backend** : PHP 8.4, Symfony 8, API Platform 4, Doctrine ORM, PostgreSQL 16
+- **Frontend** : Nuxt 4 (SPA), Vue 3, Pinia, Tailwind CSS, @malio/layer-ui
+- **Auth** : JWT HTTP-only cookie (Lexik)
+- **Infra** : Docker Compose (dev + prod multi-stage)
+- **CI/CD** : Gitea Actions (auto-tag + build Docker)
 
 ## Quick Start
 
 ```bash
-make start    # Start Docker containers
-make install  # Install dependencies, run migrations, build frontend
+make start           # Demarrer les containers Docker
+make install         # Composer, migrations, fixtures, build Nuxt
 ```
 
-Dev frontend: `make dev-nuxt` (hot reload on port 3003)
+Dev frontend (hot reload) :
+
+```bash
+make dev-nuxt        # Port 3003
+```
 
 ## Ports
 
-| Service  | Port |
-|----------|------|
-| API      | 8083 |
-| Frontend | 3003 |
+| Service    | Port |
+|------------|------|
+| API (Nginx)| 8083 |
+| Frontend   | 3003 |
 | PostgreSQL | 5436 |
 
+## Commandes
+
+| Commande | Description |
+|----------|-------------|
+| `make start` | Demarrer les containers |
+| `make stop` | Arreter les containers |
+| `make restart` | Redemarrer les containers |
+| `make install` | Install complet |
+| `make reset` | Tout supprimer et reinstaller |
+| `make dev-nuxt` | Serveur dev Nuxt (hot reload) |
+| `make shell` | Shell dans le container PHP |
+| `make cache-clear` | Vider le cache Symfony |
+| `make migration-migrate` | Lancer les migrations |
+| `make fixtures` | Charger les fixtures |
+| `make db-reset` | Reset BDD + migrations + fixtures |
+| `make test` | PHPUnit |
+| `make php-cs-fixer-allow-risky` | Fix code style PHP |
+| `make logs-dev` | Tail logs Symfony |
+
+## Structure
+
+```
+src/                 # Backend Symfony
+  Entity/            # Entites Doctrine
+  ApiResource/       # Ressources API Platform
+  State/             # Providers & Processors
+  Repository/        # Repositories Doctrine
+  DataFixtures/      # Fixtures
+config/              # Config Symfony
+migrations/          # Migrations Doctrine
+frontend/            # App Nuxt 4
+  pages/             # Pages Vue
+  layouts/           # Layouts
+  components/        # Composants
+  composables/       # Composables (useApi, useAppVersion)
+  stores/            # Stores Pinia (auth, ui)
+  services/          # Services API + DTOs
+  i18n/              # Traductions
+infra/
+  dev/               # Docker dev (Dockerfile, nginx, php.ini, xdebug)
+  prod/              # Docker prod (multi-stage, nginx, php-prod.ini)
+.gitea/workflows/    # CI Gitea (auto-tag, build Docker)
+```
+
+## CI/CD
+
+- **Auto Tag** : push sur `develop` → bump `config/version.yaml` → tag `vX.Y.Z`
+- **Build Docker** : push tag `v*` → build image multi-stage → push Gitea Registry
+
+Secrets requis dans Gitea :
+- `RELEASE_TOKEN` — PAT avec droits `write:repository`
+- `REGISTRY_TOKEN` — token pour le registry Docker
+
 ## Credentials (dev)
 
-- admin / admin (ROLE_ADMIN)
-- alice / alice (ROLE_USER)
-- bob / bob (ROLE_USER)
+| Username | Password | Role |
+|----------|----------|------|
+| admin | admin | ROLE_ADMIN |
+| alice | alice | ROLE_USER |
+| bob | bob | ROLE_USER |
+
+## Conventions
+
+### Commits
+
+```
+<type>(<scope optionnel>) : <message>
+```
+
+Types : `build`, `chore`, `ci`, `docs`, `feat`, `fix`, `perf`, `refactor`, `revert`, `style`, `test`

config/routes.yaml

@@ -2,3 +2,9 @@
 
 controllers:
     resource: routing.controllers
+
+login_check:
+    path: /login_check
+
+api_logout:
+    path: /api/logout

config/version.yaml

@@ -1,2 +1,2 @@
 parameters:
-    app.version: '0.1.0'
+    app.version: '0.1.16'

doc/deployment-docker.md

@@ -0,0 +1,314 @@
+# Deploiement Docker — Coltura
+
+## Pre-requis
+
+### Docker
+
+```bash
+# Ubuntu
+sudo apt update
+sudo apt install -y ca-certificates curl gnupg
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt update
+sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+sudo usermod -aG docker $USER
+```
+
+Se deconnecter/reconnecter pour que le groupe `docker` prenne effet.
+
+### Nginx
+
+```bash
+sudo apt install -y nginx
+sudo systemctl enable nginx
+sudo systemctl start nginx
+```
+
+### PostgreSQL
+
+PostgreSQL tourne dans un conteneur Docker separe (voir le repo `infra-postgres`).
+Il doit etre installe et accessible avant de deployer Coltura.
+
+Creer la base de donnees pour Coltura :
+
+```bash
+cd /var/www/postgres
+docker compose exec postgres psql -U admin
+```
+
+```sql
+-- Si le user n'existe pas encore
+CREATE USER malio WITH PASSWORD 'motdepasse';
+
+-- Creer la base
+CREATE DATABASE coltura_prod OWNER malio;
+\q
+```
+
+---
+
+## Premiere installation (nouvelle machine)
+
+Guide complet pour mettre en ligne Coltura sur une machine vierge. Inclut les pre-requis, la BDD et l'app.
+
+### 1. Installer les pre-requis
+
+Installer Docker, Nginx et PostgreSQL (voir section Pre-requis ci-dessus).
+
+### 2. Creer le dossier de deploiement
+
+```bash
+sudo mkdir -p /var/www/coltura
+sudo chown -R $(whoami):$(whoami) /var/www/coltura
+cd /var/www/coltura
+```
+
+### 3. Se connecter au registry Docker de Gitea
+
+```bash
+docker login gitea.malio.fr
+```
+
+- **Username** : le nom d'utilisateur du compte organisation Gitea `MALIO`
+- **Password** : le token REGISTRY_TOKEN dispo dans le bitwarden
+
+Le login est sauvegarde dans `~/.docker/config.json`, pas besoin de le refaire a chaque deploiement.
+
+### 4. Creer les fichiers de deploiement
+
+Creer `docker-compose.yml` :
+
+```yaml
+services:
+  app:
+    image: gitea.malio.fr/malio-dev/coltura:${COLTURA_IMAGE_TAG:-latest}
+    container_name: coltura-app
+    env_file: .env
+    ports:
+      - "8083:80"
+    volumes:
+      - ./config/jwt:/var/www/html/config/jwt:ro
+      - ./uploads:/var/www/html/var/uploads
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    restart: unless-stopped
+```
+
+Creer `deploy.sh` :
+
+```bash
+#!/usr/bin/env bash
+set -euo pipefail
+
+cd "$(dirname "$0")"
+
+TAG="${1:-latest}"
+export COLTURA_IMAGE_TAG="$TAG"
+
+echo "==> Deploying coltura:${TAG}..."
+
+echo "==> Pulling image..."
+docker compose pull
+
+echo "==> Starting container..."
+docker compose up -d
+
+echo "==> Waiting for container to be ready..."
+sleep 3
+
+echo "==> Running migrations..."
+docker compose exec -T -u www-data app php bin/console doctrine:migrations:migrate --no-interaction
+
+echo "==> Clearing cache..."
+docker compose exec -T -u www-data app php bin/console cache:clear --env=prod
+docker compose exec -T -u www-data app php bin/console cache:warmup --env=prod
+
+VERSION=$(docker compose exec -T app cat config/version.yaml | grep 'app.version' | awk -F"'" '{print $2}')
+echo "==> Deployed v${VERSION}"
+```
+
+Rendre executable :
+
+```bash
+chmod +x deploy.sh
+```
+
+### 5. Configurer l'environnement
+
+Creer `.env` avec les variables suivantes :
+
+```env
+# Symfony
+APP_ENV=prod
+APP_DEBUG=0
+APP_SECRET=<generer avec: openssl rand -hex 32>
+
+# Database (host.docker.internal = la machine hote, ou le PG tourne en Docker)
+DATABASE_URL="postgresql://malio:password@host.docker.internal:5432/coltura_prod?serverVersion=16&charset=utf8"
+
+# JWT
+JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
+JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
+JWT_PASSPHRASE=<generer avec: openssl rand -hex 32>
+JWT_COOKIE_SECURE=1
+JWT_COOKIE_SAMESITE=lax
+JWT_TOKEN_TTL=86400
+JWT_COOKIE_TTL=86400
+
+# CORS
+CORS_ALLOW_ORIGIN='^https?://coltura\.malio-dev\.fr$'
+
+# App
+DEFAULT_URI=https://coltura.malio-dev.fr
+```
+
+### 6. Generer les cles JWT
+
+```bash
+mkdir -p config/jwt
+openssl genpkey -algorithm RSA -out config/jwt/private.pem -pkeyopt rsa_keygen_bits:4096
+openssl rsa -pubout -in config/jwt/private.pem -out config/jwt/public.pem
+```
+
+Rendre les cles lisibles par le conteneur (www-data = uid 33) :
+
+```bash
+sudo chown 33:33 config/jwt/private.pem config/jwt/public.pem
+sudo chmod 644 config/jwt/private.pem config/jwt/public.pem
+```
+
+### 7. Creer le dossier uploads
+
+```bash
+mkdir -p uploads
+```
+
+### 8. Configurer Nginx systeme (reverse proxy + maintenance)
+
+Copier la config reverse proxy depuis le repo :
+
+```bash
+sudo cp infra/prod/nginx-proxy.conf /etc/nginx/sites-available/coltura.conf
+```
+
+Ou creer `/etc/nginx/sites-available/coltura.conf` manuellement (voir `infra/prod/nginx-proxy.conf`).
+
+La config inclut le **mode maintenance** : si le fichier `/var/www/coltura/maintenance.on` existe, Nginx renvoie une 503 avec `maintenance.html`.
+
+Activer le site :
+
+```bash
+sudo ln -sf /etc/nginx/sites-available/coltura.conf /etc/nginx/sites-enabled/coltura.conf
+sudo nginx -t && sudo systemctl reload nginx
+```
+
+### Mode maintenance
+
+```bash
+# Activer la maintenance
+touch /var/www/coltura/maintenance.on
+
+# Desactiver la maintenance
+rm /var/www/coltura/maintenance.on
+```
+
+Optionnel : creer une page `/var/www/coltura/public/maintenance.html` personnalisee.
+
+### 9. Deployer
+
+```bash
+./deploy.sh
+```
+
+### 10. Creer le premier user admin
+
+```bash
+docker compose exec -T -u www-data app php bin/console security:hash-password --env=prod
+```
+
+Choisir `App\Entity\User`, taper le mdp, copier le hash. Puis :
+
+```bash
+cd /var/www/postgres
+docker compose exec -T postgres psql -U malio coltura_prod -c "INSERT INTO \"user\" (username, roles, password, created_at) VALUES ('admin', '[\"ROLE_ADMIN\"]', '<le-hash>', NOW());"
+```
+
+Ou charger les fixtures (dev uniquement) :
+
+```bash
+docker compose exec -T -u www-data app php bin/console doctrine:fixtures:load --no-interaction --env=prod
+```
+
+### Structure finale du dossier
+
+```
+/var/www/coltura/
+├── docker-compose.yml
+├── deploy.sh
+├── .env
+├── config/jwt/
+│   ├── private.pem
+│   └── public.pem
+└── uploads/
+```
+
+---
+
+## Deployer une nouvelle version
+
+Quand l'app est deja installee, deployer une mise a jour :
+
+```bash
+cd /var/www/coltura
+./deploy.sh           # deploie la derniere version (latest)
+./deploy.sh v0.2.0    # deploie une version specifique
+```
+
+C'est tout. Le script pull l'image, redemarre le conteneur, lance les migrations et vide le cache.
+
+---
+
+## Rollback
+
+### Image seule (pas de changement de schema BDD)
+
+```bash
+./deploy.sh v0.1.9
+```
+
+### Avec rollback de migration
+
+```bash
+# 1. Rollback schema (pendant que la version actuelle tourne encore)
+docker compose exec -T -u www-data app php bin/console doctrine:migrations:migrate prev --no-interaction
+# 2. Deployer l'ancienne version
+./deploy.sh v0.1.9
+```
+
+---
+
+## CI/CD
+
+Le workflow `.gitea/workflows/build-docker.yml` se declenche automatiquement sur push de tag `v*` :
+1. Build l'image multi-stage
+2. Push vers `gitea.malio.fr/malio-dev/coltura:<tag>` et `:latest`
+
+Combine avec `auto-tag-develop.yml`, chaque push sur `develop` cree automatiquement un tag → build → image disponible.
+
+---
+
+## Voir les logs
+
+```bash
+cd /var/www/coltura
+docker compose logs -f            # tous les logs
+docker compose logs -f --tail=100 # 100 dernieres lignes
+```
+
+Logs Symfony :
+
+```bash
+docker compose exec app cat var/log/prod.log
+```

frontend/.npmrc

@@ -0,0 +1 @@
+@malio:registry=https://gitea.malio.fr/api/packages/MALIO-DEV/npm/

frontend/components/ui/AppTopNav.vue

@@ -0,0 +1,48 @@
+<template>
+    <header class="border-b border-neutral-200 bg-primary-500 px-3 py-2 text-white sm:px-5 sm:py-2 max-h-[60px]">
+        <div class="flex h-full items-center justify-between">
+            <MalioButtonIcon
+                icon="mdi:menu"
+                aria-label="Menu"
+                variant="ghost"
+                icon-size="24"
+                button-class="lg:hidden text-white hover:bg-primary-600"
+                @click="ui.openMobileSidebar()"
+            />
+            <div class="hidden items-center gap-2 lg:flex">
+                <h1 class="text-lg font-bold tracking-tight">Coltura</h1>
+            </div>
+            <div class="ml-auto flex items-center gap-4 text-xl text-white sm:gap-8">
+                <div class="group relative flex gap-2 sm:gap-4">
+                    <Icon name="mdi:account-circle-outline" class="self-center cursor-pointer" size="36" />
+                    <p class="hidden self-center cursor-pointer sm:block">{{ user?.username }}</p>
+                    <div class="invisible absolute right-0 top-full z-50 mt-2 w-44 rounded-md border border-neutral-200 bg-white py-1 text-sm text-neutral-800 opacity-0 shadow-lg transition-all group-hover:visible group-hover:opacity-100">
+                        <button
+                            type="button"
+                            class="block w-full px-3 py-2 text-left hover:bg-neutral-100"
+                            @click="handleLogout"
+                        >
+                            Deconnexion
+                        </button>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </header>
+</template>
+
+<script setup lang="ts">
+import type { UserData } from '~/services/dto/user-data'
+
+defineProps<{
+    user?: UserData | null
+}>()
+
+const auth = useAuthStore()
+const ui = useUiStore()
+
+async function handleLogout() {
+    await auth.logout()
+    await navigateTo('/login')
+}
+</script>

frontend/components/ui/SidebarLink.vue

@@ -0,0 +1,52 @@
+<template>
+    <NuxtLink
+        :to="to"
+        class="group/link relative flex items-center transition-colors hover:text-primary-500"
+        :class="linkClasses"
+        :active-class="exact ? '' : activeClass"
+        :exact-active-class="exact ? activeClass : ''"
+    >
+        <Icon :name="icon" :size="sub ? '20' : '24'" class="flex-shrink-0" />
+        <span
+            v-if="!collapsed"
+            class="self-baseline whitespace-nowrap overflow-hidden transition-opacity duration-300"
+            :class="sub ? 'text-sm' : 'text-md'"
+        >
+            {{ label }}
+        </span>
+        <div
+            v-if="collapsed"
+            class="pointer-events-none absolute left-full z-50 ml-2 rounded-md bg-neutral-800 px-2 py-1 text-xs text-white opacity-0 shadow-lg transition-opacity group-hover/link:pointer-events-auto group-hover/link:opacity-100 whitespace-nowrap"
+        >
+            {{ label }}
+        </div>
+    </NuxtLink>
+</template>
+
+<script setup lang="ts">
+const props = defineProps<{
+    to: string
+    icon: string
+    label: string
+    collapsed: boolean
+    sub?: boolean
+    exact?: boolean
+}>()
+
+const activeClass = computed(() => {
+    if (props.collapsed) {
+        return '!text-primary-500 bg-primary-500/10'
+    }
+    return '!text-primary-500 bg-tertiary-500'
+})
+
+const linkClasses = computed(() => {
+    if (props.collapsed) {
+        return 'justify-center w-10 h-10 mx-auto my-1 p-2 rounded-lg text-neutral-600 hover:text-primary-500 hover:bg-primary-500/10'
+    }
+    if (props.sub) {
+        return 'gap-3 px-4 py-2 pl-12 text-sm font-semibold text-neutral-700'
+    }
+    return 'gap-3 px-4 py-3 text-md font-semibold text-neutral-700'
+})
+</script>

frontend/composables/useApi.ts

@@ -126,10 +126,7 @@ export function useApi(): ApiClient {
           if (!isHandlingUnauthorized) {
             isHandlingUnauthorized = true
             auth.clearSession()
-            const route = useRoute()
-            if (route.path !== '/login') {
-              await navigateTo('/login')
-            }
+            await navigateTo('/login')
             isHandlingUnauthorized = false
           }
         }

frontend/layouts/auth.vue

@@ -0,0 +1,7 @@
+<template>
+  <div class="min-h-screen bg-tertiary-500 from-tertiary-500 via-white to-neutral-100 text-neutral-900">
+    <main class="mx-auto flex min-h-screen w-full max-w-[720px] items-center px-6 py-12">
+      <slot />
+    </main>
+  </div>
+</template>

frontend/public/robots.txt

@@ -0,0 +1,2 @@
+User-Agent: *
+Disallow:

infra/prod/Dockerfile

@@ -74,13 +74,13 @@ RUN cd frontend && npm ci && npm run build:dist && rm -rf node_modules
 RUN chown -R www-data:www-data /var/www/html/var /var/www/html/frontend/dist
 
 # PHP prod config
-COPY infra/deploy/php-prod.ini /usr/local/etc/php/php.ini
+COPY infra/prod/php-prod.ini /usr/local/etc/php/php.ini
 
 EXPOSE 9000
 
 # ── Nginx stage ──
 FROM nginx:1.27-alpine AS nginx
 
-COPY infra/deploy/nginx.conf /etc/nginx/conf.d/default.conf
+COPY infra/prod/nginx.conf /etc/nginx/conf.d/default.conf
 COPY --from=php-base /var/www/html/public /var/www/html/public
 COPY --from=php-base /var/www/html/frontend/dist /var/www/html/frontend/dist

infra/prod/maintenance.html

@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Maintenance en cours</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background-color: #f3f4f6;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            min-height: 100vh;
+            margin: 0;
+        }
+        .container {
+            background: #fff;
+            border-radius: 12px;
+            box-shadow: 0 4px 24px rgba(0,0,0,0.10);
+            padding: 48px 40px;
+            max-width: 480px;
+            text-align: center;
+        }
+        .icon {
+            font-size: 48px;
+            margin-bottom: 16px;
+        }
+        h1 {
+            font-size: 24px;
+            color: #111827;
+            margin: 0 0 12px;
+        }
+        p {
+            font-size: 16px;
+            color: #6b7280;
+            margin: 0;
+            line-height: 1.6;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="icon">&#128736;</div>
+        <h1>Maintenance en cours</h1>
+        <p>L'application est temporairement indisponible pour mise a jour. Elle sera de retour dans quelques instants.</p>
+    </div>
+</body>
+</html>

infra/prod/nginx-proxy.conf

@@ -0,0 +1,31 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name coltura.malio-dev.fr;
+
+    root /var/www/coltura/public;
+
+    # Maintenance mode
+    if (-f /var/www/coltura/maintenance.on) {
+        return 503;
+    }
+
+    error_page 503 @maintenance;
+
+    location @maintenance {
+        rewrite ^(.*)$ /maintenance.html break;
+    }
+
+    location = /maintenance.html {
+        internal;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:8083;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        client_max_body_size 55m;
+    }
+}

migrations/Version20260407095546.php

@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20260407095546 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql('CREATE TABLE "user" (id INT GENERATED BY DEFAULT AS IDENTITY NOT NULL, username VARCHAR(180) NOT NULL, roles JSON NOT NULL, password VARCHAR(255) NOT NULL, created_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL, PRIMARY KEY (id))');
+        $this->addSql('CREATE UNIQUE INDEX UNIQ_8D93D649F85E0677 ON "user" (username)');
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql('DROP TABLE "user"');
+    }
+}

src/Api/Auth/State/MeProvider.php

@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace App\State;
+namespace App\Api\Auth\State;
 
 use ApiPlatform\Metadata\Operation;
 use ApiPlatform\State\ProviderInterface;

src/Api/Auth/State/UserPasswordHasherProcessor.php

@@ -2,11 +2,12 @@
 
 declare(strict_types=1);
 
-namespace App\State;
+namespace App\Api\Auth\State;
 
 use ApiPlatform\Metadata\Operation;
 use ApiPlatform\State\ProcessorInterface;
 use App\Entity\User;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 
 /**
@@ -15,7 +16,7 @@ use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 class UserPasswordHasherProcessor implements ProcessorInterface
 {
     public function __construct(
-        /** @var ProcessorInterface<User, User> */
+        #[Autowire(service: 'api_platform.doctrine.orm.state.persist_processor')]
         private readonly ProcessorInterface $persistProcessor,
         private readonly UserPasswordHasherInterface $passwordHasher,
     ) {}

src/Api/Shared/Resource/AppVersion.php

@@ -2,11 +2,11 @@
 
 declare(strict_types=1);
 
-namespace App\ApiResource;
+namespace App\Api\Shared\Resource;
 
 use ApiPlatform\Metadata\ApiResource;
 use ApiPlatform\Metadata\Get;
-use App\State\AppVersionProvider;
+use App\Api\Shared\State\AppVersionProvider;
 
 #[ApiResource(
     operations: [

src/Api/Shared/State/AppVersionProvider.php

@@ -2,10 +2,11 @@
 
 declare(strict_types=1);
 
-namespace App\State;
+namespace App\Api\Shared\State;
 
 use ApiPlatform\Metadata\Operation;
 use ApiPlatform\State\ProviderInterface;
+use App\Api\Shared\Resource\AppVersion;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 
 /**
@@ -20,6 +21,6 @@ class AppVersionProvider implements ProviderInterface
 
     public function provide(Operation $operation, array $uriVariables = [], array $context = []): object
     {
-        return new \App\ApiResource\AppVersion($this->appVersion);
+        return new AppVersion($this->appVersion);
     }
 }

src/Entity/User.php

@@ -10,9 +10,9 @@ use ApiPlatform\Metadata\Get;
 use ApiPlatform\Metadata\GetCollection;
 use ApiPlatform\Metadata\Patch;
 use ApiPlatform\Metadata\Post;
+use App\Api\Auth\State\MeProvider;
+use App\Api\Auth\State\UserPasswordHasherProcessor;
 use App\Repository\UserRepository;
-use App\State\MeProvider;
-use App\State\UserPasswordHasherProcessor;
 use DateTimeImmutable;
 use Doctrine\ORM\Mapping as ORM;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;