chore: bump version to 1.4.0

refactor(content-card): fix indentation and improve readability
- Fixed inconsistent indentation in `content-card` component. - Enhanced code readability by restructuring JSX elements properly.
2026-01-21 13:49:15 +01:00 · 2026-01-21 13:48:29 +01:00 · 2026-01-21 13:44:10 +01:00 · 2026-01-21 13:42:56 +01:00 · 2026-01-21 13:42:24 +01:00 · 2026-01-21 13:42:17 +01:00
75 changed files with 4335 additions and 290 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -70,7 +70,7 @@ jobs:
    needs: validate
    # Déclenchement uniquement sur push sur main ou tag de version
    # Gitea supporte le contexte 'github' pour la compatibilité
-    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
+    if: gitea.event_name == 'push' && (gitea.ref == 'refs/heads/main' || startsWith(gitea.ref, 'refs/tags/v'))
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
@@ -83,7 +83,7 @@ jobs:

      - name: Déployer avec Docker Compose
        run: |
-          docker compose -f docker-compose.prod.yml up -d --build
+          docker compose -f docker-compose.prod.yml up -d --build --remove-orphans
        env:
          BACKEND_PORT: ${{ secrets.BACKEND_PORT }}
          FRONTEND_PORT: ${{ secrets.FRONTEND_PORT }}
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -47,4 +47,4 @@ Ce document définit les objectifs, les critères techniques et les fonctionnali
 - [ ] Tests d'intégration et E2E
 - [x] Gestion centralisée des erreurs (Filters NestJS)
 - [ ] Monitoring et centralisation des logs (ex: Sentry, ELK/Loki)
- [ ] Performance : Cache (Redis) pour les tendances et recherches fréquentes
+- [x] Performance : Cache (Redis) pour les tendances et recherches fréquentes
--- a/backend/biome.json
+++ b/backend/biome.json
@@ -24,7 +24,8 @@
 		"rules": {
 			"recommended": true,
 			"suspicious": {
-				"noUnknownAtRules": "off"
+				"noUnknownAtRules": "off",
+				"noExplicitAny": "off"
 			},
 			"style": {
 				"useImportType": "off"
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@memegoat/backend",
-	"version": "0.1.0",
+	"version": "1.4.0",
 	"description": "",
 	"author": "",
 	"private": true,
@@ -13,7 +13,7 @@
 	"scripts": {
 		"build": "nest build",
 		"lint": "biome check",
-		"lint:write": "biome check --write",
+		"lint:write": "biome check --write --unsafe",
 		"format": "biome format --write",
 		"start": "nest start",
 		"start:dev": "nest start --watch",
@@ -107,7 +107,7 @@
 		"coverageDirectory": "../coverage",
 		"testEnvironment": "node",
 		"transformIgnorePatterns": [
-			"node_modules/(?!(.pnpm/)?(jose|@noble|uuid)/)"
+			"node_modules/(?!(.pnpm/)?(jose|@noble|uuid))"
 		],
 		"transform": {
 			"^.+\\.(t|j)sx?$": "ts-jest"
--- a/backend/src/admin/admin.controller.spec.ts
+++ b/backend/src/admin/admin.controller.spec.ts
@@ -0,0 +1,62 @@
+jest.mock("uuid", () => ({
+	v4: jest.fn(() => "mocked-uuid"),
+}));
+
+jest.mock("@noble/post-quantum/ml-kem.js", () => ({
+	ml_kem768: {
+		keygen: jest.fn(),
+		encapsulate: jest.fn(),
+		decapsulate: jest.fn(),
+	},
+}));
+
+jest.mock("jose", () => ({
+	SignJWT: jest.fn().mockReturnValue({
+		setProtectedHeader: jest.fn().mockReturnThis(),
+		setIssuedAt: jest.fn().mockReturnThis(),
+		setExpirationTime: jest.fn().mockReturnThis(),
+		sign: jest.fn().mockResolvedValue("mocked-jwt"),
+	}),
+	jwtVerify: jest.fn(),
+}));
+
+import { Test, TestingModule } from "@nestjs/testing";
+import { AuthGuard } from "../auth/guards/auth.guard";
+import { RolesGuard } from "../auth/guards/roles.guard";
+import { AdminController } from "./admin.controller";
+import { AdminService } from "./admin.service";
+
+describe("AdminController", () => {
+	let controller: AdminController;
+	let service: AdminService;
+
+	const mockAdminService = {
+		getStats: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [AdminController],
+			providers: [{ provide: AdminService, useValue: mockAdminService }],
+		})
+			.overrideGuard(AuthGuard)
+			.useValue({ canActivate: () => true })
+			.overrideGuard(RolesGuard)
+			.useValue({ canActivate: () => true })
+			.compile();
+
+		controller = module.get<AdminController>(AdminController);
+		service = module.get<AdminService>(AdminService);
+	});
+
+	it("should be defined", () => {
+		expect(controller).toBeDefined();
+	});
+
+	describe("getStats", () => {
+		it("should call service.getStats", async () => {
+			await controller.getStats();
+			expect(service.getStats).toHaveBeenCalled();
+		});
+	});
+});
--- a/backend/src/admin/admin.service.spec.ts
+++ b/backend/src/admin/admin.service.spec.ts
@@ -0,0 +1,58 @@
+import { Test, TestingModule } from "@nestjs/testing";
+import { CategoriesRepository } from "../categories/repositories/categories.repository";
+import { ContentsRepository } from "../contents/repositories/contents.repository";
+import { UsersRepository } from "../users/repositories/users.repository";
+import { AdminService } from "./admin.service";
+
+describe("AdminService", () => {
+	let service: AdminService;
+	let _usersRepository: UsersRepository;
+	let _contentsRepository: ContentsRepository;
+	let _categoriesRepository: CategoriesRepository;
+
+	const mockUsersRepository = {
+		countAll: jest.fn(),
+	};
+
+	const mockContentsRepository = {
+		count: jest.fn(),
+	};
+
+	const mockCategoriesRepository = {
+		countAll: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				AdminService,
+				{ provide: UsersRepository, useValue: mockUsersRepository },
+				{ provide: ContentsRepository, useValue: mockContentsRepository },
+				{ provide: CategoriesRepository, useValue: mockCategoriesRepository },
+			],
+		}).compile();
+
+		service = module.get<AdminService>(AdminService);
+		_usersRepository = module.get<UsersRepository>(UsersRepository);
+		_contentsRepository = module.get<ContentsRepository>(ContentsRepository);
+		_categoriesRepository =
+			module.get<CategoriesRepository>(CategoriesRepository);
+	});
+
+	it("should return stats", async () => {
+		mockUsersRepository.countAll.mockResolvedValue(10);
+		mockContentsRepository.count.mockResolvedValue(20);
+		mockCategoriesRepository.countAll.mockResolvedValue(5);
+
+		const result = await service.getStats();
+
+		expect(result).toEqual({
+			users: 10,
+			contents: 20,
+			categories: 5,
+		});
+		expect(mockUsersRepository.countAll).toHaveBeenCalled();
+		expect(mockContentsRepository.count).toHaveBeenCalledWith({});
+		expect(mockCategoriesRepository.countAll).toHaveBeenCalled();
+	});
+});
--- a/backend/src/api-keys/api-keys.controller.spec.ts
+++ b/backend/src/api-keys/api-keys.controller.spec.ts
@@ -0,0 +1,95 @@
+jest.mock("uuid", () => ({
+	v4: jest.fn(() => "mocked-uuid"),
+}));
+
+jest.mock("@noble/post-quantum/ml-kem.js", () => ({
+	ml_kem768: {
+		keygen: jest.fn(),
+		encapsulate: jest.fn(),
+		decapsulate: jest.fn(),
+	},
+}));
+
+jest.mock("jose", () => ({
+	SignJWT: jest.fn().mockReturnValue({
+		setProtectedHeader: jest.fn().mockReturnThis(),
+		setIssuedAt: jest.fn().mockReturnThis(),
+		setExpirationTime: jest.fn().mockReturnThis(),
+		sign: jest.fn().mockResolvedValue("mocked-jwt"),
+	}),
+	jwtVerify: jest.fn(),
+}));
+
+import { Test, TestingModule } from "@nestjs/testing";
+import { AuthGuard } from "../auth/guards/auth.guard";
+import { AuthenticatedRequest } from "../common/interfaces/request.interface";
+import { ApiKeysController } from "./api-keys.controller";
+import { ApiKeysService } from "./api-keys.service";
+
+describe("ApiKeysController", () => {
+	let controller: ApiKeysController;
+	let service: ApiKeysService;
+
+	const mockApiKeysService = {
+		create: jest.fn(),
+		findAll: jest.fn(),
+		revoke: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [ApiKeysController],
+			providers: [{ provide: ApiKeysService, useValue: mockApiKeysService }],
+		})
+			.overrideGuard(AuthGuard)
+			.useValue({ canActivate: () => true })
+			.compile();
+
+		controller = module.get<ApiKeysController>(ApiKeysController);
+		service = module.get<ApiKeysService>(ApiKeysService);
+	});
+
+	it("should be defined", () => {
+		expect(controller).toBeDefined();
+	});
+
+	describe("create", () => {
+		it("should call service.create", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			const dto = { name: "Key Name", expiresAt: "2026-01-20T12:00:00Z" };
+			await controller.create(req, dto);
+			expect(service.create).toHaveBeenCalledWith(
+				"user-uuid",
+				"Key Name",
+				new Date(dto.expiresAt),
+			);
+		});
+
+		it("should call service.create without expiresAt", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			const dto = { name: "Key Name" };
+			await controller.create(req, dto);
+			expect(service.create).toHaveBeenCalledWith(
+				"user-uuid",
+				"Key Name",
+				undefined,
+			);
+		});
+	});
+
+	describe("findAll", () => {
+		it("should call service.findAll", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.findAll(req);
+			expect(service.findAll).toHaveBeenCalledWith("user-uuid");
+		});
+	});
+
+	describe("revoke", () => {
+		it("should call service.revoke", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.revoke(req, "key-id");
+			expect(service.revoke).toHaveBeenCalledWith("user-uuid", "key-id");
+		});
+	});
+});
--- a/backend/src/api-keys/repositories/api-keys.repository.spec.ts
+++ b/backend/src/api-keys/repositories/api-keys.repository.spec.ts
@@ -0,0 +1,83 @@
+import { Test, TestingModule } from "@nestjs/testing";
+import { DatabaseService } from "../../database/database.service";
+import { ApiKeysRepository } from "./api-keys.repository";
+
+describe("ApiKeysRepository", () => {
+	let repository: ApiKeysRepository;
+	let _databaseService: DatabaseService;
+
+	const mockDb = {
+		insert: jest.fn().mockReturnThis(),
+		values: jest.fn().mockReturnThis(),
+		select: jest.fn().mockReturnThis(),
+		from: jest.fn().mockReturnThis(),
+		where: jest.fn().mockReturnThis(),
+		update: jest.fn().mockReturnThis(),
+		set: jest.fn().mockReturnThis(),
+		returning: jest.fn().mockReturnThis(),
+		limit: jest.fn().mockReturnThis(),
+		execute: jest.fn(),
+	};
+
+	const wrapWithThen = (obj: unknown) => {
+		// biome-ignore lint/suspicious/noThenProperty: Necessary to mock Drizzle's awaitable query builder
+		Object.defineProperty(obj, "then", {
+			value: function (onFulfilled: (arg0: unknown) => void) {
+				const result = (this as Record<string, unknown>).execute();
+				return Promise.resolve(result).then(onFulfilled);
+			},
+			configurable: true,
+		});
+		return obj;
+	};
+	wrapWithThen(mockDb);
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				ApiKeysRepository,
+				{ provide: DatabaseService, useValue: { db: mockDb } },
+			],
+		}).compile();
+
+		repository = module.get<ApiKeysRepository>(ApiKeysRepository);
+		_databaseService = module.get<DatabaseService>(DatabaseService);
+	});
+
+	it("should create an api key", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		await repository.create({
+			userId: "u1",
+			name: "n",
+			prefix: "p",
+			keyHash: "h",
+		});
+		expect(mockDb.insert).toHaveBeenCalled();
+	});
+
+	it("should find all keys for user", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		const result = await repository.findAll("u1");
+		expect(result).toHaveLength(1);
+	});
+
+	it("should revoke a key", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([
+			{ id: "1", isActive: false },
+		]);
+		const result = await repository.revoke("u1", "k1");
+		expect(result[0].isActive).toBe(false);
+	});
+
+	it("should find active by hash", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		const result = await repository.findActiveByKeyHash("h");
+		expect(result.id).toBe("1");
+	});
+
+	it("should update last used", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		await repository.updateLastUsed("1");
+		expect(mockDb.update).toHaveBeenCalled();
+	});
+});
--- a/backend/src/auth/auth.controller.spec.ts
+++ b/backend/src/auth/auth.controller.spec.ts
@@ -0,0 +1,190 @@
+jest.mock("uuid", () => ({
+	v4: jest.fn(() => "mocked-uuid"),
+}));
+
+jest.mock("@noble/post-quantum/ml-kem.js", () => ({
+	ml_kem768: {
+		keygen: jest.fn(),
+		encapsulate: jest.fn(),
+		decapsulate: jest.fn(),
+	},
+}));
+
+jest.mock("jose", () => ({
+	SignJWT: jest.fn().mockReturnValue({
+		setProtectedHeader: jest.fn().mockReturnThis(),
+		setIssuedAt: jest.fn().mockReturnThis(),
+		setExpirationTime: jest.fn().mockReturnThis(),
+		sign: jest.fn().mockResolvedValue("mocked-jwt"),
+	}),
+	jwtVerify: jest.fn(),
+}));
+
+import { ConfigService } from "@nestjs/config";
+import { Test, TestingModule } from "@nestjs/testing";
+import { AuthController } from "./auth.controller";
+import { AuthService } from "./auth.service";
+import { BootstrapService } from "./bootstrap.service";
+
+jest.mock("iron-session", () => ({
+	getIronSession: jest.fn().mockResolvedValue({
+		save: jest.fn(),
+		destroy: jest.fn(),
+	}),
+}));
+
+describe("AuthController", () => {
+	let controller: AuthController;
+	let authService: AuthService;
+	let _configService: ConfigService;
+
+	const mockAuthService = {
+		register: jest.fn(),
+		login: jest.fn(),
+		verifyTwoFactorLogin: jest.fn(),
+		refresh: jest.fn(),
+	};
+
+	const mockBootstrapService = {
+		consumeToken: jest.fn(),
+	};
+
+	const mockConfigService = {
+		get: jest
+			.fn()
+			.mockReturnValue("complex_password_at_least_32_characters_long"),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [AuthController],
+			providers: [
+				{ provide: AuthService, useValue: mockAuthService },
+				{ provide: BootstrapService, useValue: mockBootstrapService },
+				{ provide: ConfigService, useValue: mockConfigService },
+			],
+		}).compile();
+
+		controller = module.get<AuthController>(AuthController);
+		authService = module.get<AuthService>(AuthService);
+		_configService = module.get<ConfigService>(ConfigService);
+	});
+
+	it("should be defined", () => {
+		expect(controller).toBeDefined();
+	});
+
+	describe("register", () => {
+		it("should call authService.register", async () => {
+			const dto = {
+				email: "test@example.com",
+				password: "password",
+				username: "test",
+			};
+			await controller.register(dto as any);
+			expect(authService.register).toHaveBeenCalledWith(dto);
+		});
+	});
+
+	describe("login", () => {
+		it("should call authService.login and setup session if success", async () => {
+			const dto = { email: "test@example.com", password: "password" };
+			const req = { ip: "127.0.0.1" } as any;
+			const res = { json: jest.fn() } as any;
+			const loginResult = {
+				access_token: "at",
+				refresh_token: "rt",
+				userId: "1",
+				message: "ok",
+			};
+			mockAuthService.login.mockResolvedValue(loginResult);
+
+			await controller.login(dto as any, "ua", req, res);
+
+			expect(authService.login).toHaveBeenCalledWith(dto, "ua", "127.0.0.1");
+			expect(res.json).toHaveBeenCalledWith({ message: "ok", userId: "1" });
+		});
+
+		it("should return result if no access_token", async () => {
+			const dto = { email: "test@example.com", password: "password" };
+			const req = { ip: "127.0.0.1" } as any;
+			const res = { json: jest.fn() } as any;
+			const loginResult = { message: "2fa_required", userId: "1" };
+			mockAuthService.login.mockResolvedValue(loginResult);
+
+			await controller.login(dto as any, "ua", req, res);
+
+			expect(res.json).toHaveBeenCalledWith(loginResult);
+		});
+	});
+
+	describe("verifyTwoFactor", () => {
+		it("should call authService.verifyTwoFactorLogin and setup session", async () => {
+			const dto = { userId: "1", token: "123456" };
+			const req = { ip: "127.0.0.1" } as any;
+			const res = { json: jest.fn() } as any;
+			const verifyResult = {
+				access_token: "at",
+				refresh_token: "rt",
+				message: "ok",
+			};
+			mockAuthService.verifyTwoFactorLogin.mockResolvedValue(verifyResult);
+
+			await controller.verifyTwoFactor(dto, "ua", req, res);
+
+			expect(authService.verifyTwoFactorLogin).toHaveBeenCalledWith(
+				"1",
+				"123456",
+				"ua",
+				"127.0.0.1",
+			);
+			expect(res.json).toHaveBeenCalledWith({ message: "ok" });
+		});
+	});
+
+	describe("refresh", () => {
+		it("should refresh token if session has refresh token", async () => {
+			const { getIronSession } = require("iron-session");
+			const session = { refreshToken: "rt", save: jest.fn() };
+			getIronSession.mockResolvedValue(session);
+			const req = {} as any;
+			const res = { json: jest.fn() } as any;
+			mockAuthService.refresh.mockResolvedValue({
+				access_token: "at2",
+				refresh_token: "rt2",
+			});
+
+			await controller.refresh(req, res);
+
+			expect(authService.refresh).toHaveBeenCalledWith("rt");
+			expect(res.json).toHaveBeenCalledWith({ message: "Token refreshed" });
+		});
+
+		it("should return 401 if no refresh token", async () => {
+			const { getIronSession } = require("iron-session");
+			const session = { save: jest.fn() };
+			getIronSession.mockResolvedValue(session);
+			const req = {} as any;
+			const res = { status: jest.fn().mockReturnThis(), json: jest.fn() } as any;
+
+			await controller.refresh(req, res);
+
+			expect(res.status).toHaveBeenCalledWith(401);
+		});
+	});
+
+	describe("logout", () => {
+		it("should destroy session", async () => {
+			const { getIronSession } = require("iron-session");
+			const session = { destroy: jest.fn() };
+			getIronSession.mockResolvedValue(session);
+			const req = {} as any;
+			const res = { json: jest.fn() } as any;
+
+			await controller.logout(req, res);
+
+			expect(session.destroy).toHaveBeenCalled();
+			expect(res.json).toHaveBeenCalledWith({ message: "User logged out" });
+		});
+	});
+});
--- a/backend/src/auth/auth.controller.ts
+++ b/backend/src/auth/auth.controller.ts
@@ -1,9 +1,19 @@
-import { Body, Controller, Headers, Post, Req, Res } from "@nestjs/common";
+import {
+	Body,
+	Controller,
+	Get,
+	Headers,
+	Post,
+	Query,
+	Req,
+	Res,
+} from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
 import { Throttle } from "@nestjs/throttler";
 import type { Request, Response } from "express";
 import { getIronSession } from "iron-session";
 import { AuthService } from "./auth.service";
+import { BootstrapService } from "./bootstrap.service";
 import { LoginDto } from "./dto/login.dto";
 import { RegisterDto } from "./dto/register.dto";
 import { Verify2faDto } from "./dto/verify-2fa.dto";
@@ -13,6 +23,7 @@ import { getSessionOptions, SessionData } from "./session.config";
 export class AuthController {
 	constructor(
 		private readonly authService: AuthService,
+		private readonly bootstrapService: BootstrapService,
 		private readonly configService: ConfigService,
 	) {}

@@ -120,4 +131,12 @@ export class AuthController {
 		session.destroy();
 		return res.json({ message: "User logged out" });
 	}
+
+	@Get("bootstrap-admin")
+	async bootstrapAdmin(
+		@Query("token") token: string,
+		@Query("username") username: string,
+	) {
+		return this.bootstrapService.consumeToken(token, username);
+	}
 }
--- a/backend/src/auth/auth.module.ts
+++ b/backend/src/auth/auth.module.ts
@@ -3,6 +3,7 @@ import { SessionsModule } from "../sessions/sessions.module";
 import { UsersModule } from "../users/users.module";
 import { AuthController } from "./auth.controller";
 import { AuthService } from "./auth.service";
+import { BootstrapService } from "./bootstrap.service";
 import { AuthGuard } from "./guards/auth.guard";
 import { OptionalAuthGuard } from "./guards/optional-auth.guard";
 import { RolesGuard } from "./guards/roles.guard";
@@ -15,6 +16,7 @@ import { RbacRepository } from "./repositories/rbac.repository";
 	providers: [
 		AuthService,
 		RbacService,
+		BootstrapService,
 		RbacRepository,
 		AuthGuard,
 		OptionalAuthGuard,
--- a/backend/src/auth/bootstrap.service.spec.ts
+++ b/backend/src/auth/bootstrap.service.spec.ts
@@ -0,0 +1,114 @@
+import { UnauthorizedException } from "@nestjs/common";
+import { ConfigService } from "@nestjs/config";
+import { Test, TestingModule } from "@nestjs/testing";
+import { UsersService } from "../users/users.service";
+import { BootstrapService } from "./bootstrap.service";
+import { RbacService } from "./rbac.service";
+
+describe("BootstrapService", () => {
+	let service: BootstrapService;
+	let rbacService: RbacService;
+	let _usersService: UsersService;
+
+	const mockRbacService = {
+		countAdmins: jest.fn(),
+		assignRoleToUser: jest.fn(),
+	};
+
+	const mockUsersService = {
+		findPublicProfile: jest.fn(),
+	};
+
+	const mockConfigService = {
+		get: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		jest.clearAllMocks();
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				BootstrapService,
+				{ provide: RbacService, useValue: mockRbacService },
+				{ provide: UsersService, useValue: mockUsersService },
+				{ provide: ConfigService, useValue: mockConfigService },
+			],
+		}).compile();
+
+		service = module.get<BootstrapService>(BootstrapService);
+		rbacService = module.get<RbacService>(RbacService);
+		_usersService = module.get<UsersService>(UsersService);
+	});
+
+	it("should be defined", () => {
+		expect(service).toBeDefined();
+	});
+
+	describe("onApplicationBootstrap", () => {
+		it("should generate a token if no admin exists", async () => {
+			mockRbacService.countAdmins.mockResolvedValue(0);
+			const generateTokenSpy = jest.spyOn(
+				service as any,
+				"generateBootstrapToken",
+			);
+
+			await service.onApplicationBootstrap();
+
+			expect(rbacService.countAdmins).toHaveBeenCalled();
+			expect(generateTokenSpy).toHaveBeenCalled();
+		});
+
+		it("should not generate a token if admin exists", async () => {
+			mockRbacService.countAdmins.mockResolvedValue(1);
+			const generateTokenSpy = jest.spyOn(
+				service as any,
+				"generateBootstrapToken",
+			);
+
+			await service.onApplicationBootstrap();
+
+			expect(rbacService.countAdmins).toHaveBeenCalled();
+			expect(generateTokenSpy).not.toHaveBeenCalled();
+		});
+	});
+
+	describe("consumeToken", () => {
+		it("should throw UnauthorizedException if token is invalid", async () => {
+			mockRbacService.countAdmins.mockResolvedValue(0);
+			await service.onApplicationBootstrap();
+
+			await expect(service.consumeToken("wrong-token", "user1")).rejects.toThrow(
+				UnauthorizedException,
+			);
+		});
+
+		it("should throw UnauthorizedException if user not found", async () => {
+			mockRbacService.countAdmins.mockResolvedValue(0);
+			await service.onApplicationBootstrap();
+			const token = (service as any).bootstrapToken;
+
+			mockUsersService.findPublicProfile.mockResolvedValue(null);
+
+			await expect(service.consumeToken(token, "user1")).rejects.toThrow(
+				UnauthorizedException,
+			);
+		});
+
+		it("should assign admin role and invalidate token on success", async () => {
+			mockRbacService.countAdmins.mockResolvedValue(0);
+			await service.onApplicationBootstrap();
+			const token = (service as any).bootstrapToken;
+
+			const mockUser = { uuid: "user-uuid", username: "user1" };
+			mockUsersService.findPublicProfile.mockResolvedValue(mockUser);
+
+			const result = await service.consumeToken(token, "user1");
+
+			expect(rbacService.assignRoleToUser).toHaveBeenCalledWith(
+				"user-uuid",
+				"admin",
+			);
+			expect((service as any).bootstrapToken).toBeNull();
+			expect(result.message).toContain("user1 is now an administrator");
+		});
+	});
+});
--- a/backend/src/auth/bootstrap.service.ts
+++ b/backend/src/auth/bootstrap.service.ts
@@ -0,0 +1,67 @@
+import * as crypto from "node:crypto";
+import {
+	Injectable,
+	Logger,
+	OnApplicationBootstrap,
+	UnauthorizedException,
+} from "@nestjs/common";
+import { ConfigService } from "@nestjs/config";
+import { UsersService } from "../users/users.service";
+import { RbacService } from "./rbac.service";
+
+@Injectable()
+export class BootstrapService implements OnApplicationBootstrap {
+	private readonly logger = new Logger(BootstrapService.name);
+	private bootstrapToken: string | null = null;
+
+	constructor(
+		private readonly rbacService: RbacService,
+		private readonly usersService: UsersService,
+		private readonly configService: ConfigService,
+	) {}
+
+	async onApplicationBootstrap() {
+		const adminCount = await this.rbacService.countAdmins();
+		if (adminCount === 0) {
+			this.generateBootstrapToken();
+		}
+	}
+
+	private generateBootstrapToken() {
+		this.bootstrapToken = crypto.randomBytes(32).toString("hex");
+		const domain = this.configService.get("DOMAIN_NAME") || "localhost";
+		const protocol = domain.includes("localhost") ? "http" : "https";
+		const url = `${protocol}://${domain}/auth/bootstrap-admin`;
+
+		this.logger.warn("SECURITY ALERT: No administrator found in database.");
+		this.logger.warn(
+			"To create the first administrator, use the following endpoint:",
+		);
+		this.logger.warn(
+			`Endpoint: GET ${url}?token=${this.bootstrapToken}&username=votre_nom_utilisateur`,
+		);
+		this.logger.warn(
+			'Exemple: curl -X GET "http://localhost/auth/bootstrap-admin?token=...&username=..."',
+		);
+		this.logger.warn("This token is one-time use only.");
+	}
+
+	async consumeToken(token: string, username: string) {
+		if (!this.bootstrapToken || token !== this.bootstrapToken) {
+			throw new UnauthorizedException("Invalid or expired bootstrap token");
+		}
+
+		const user = await this.usersService.findPublicProfile(username);
+		if (!user) {
+			throw new UnauthorizedException(`User ${username} not found`);
+		}
+
+		await this.rbacService.assignRoleToUser(user.uuid, "admin");
+		this.bootstrapToken = null; // One-time use
+
+		this.logger.log(
+			`User ${username} has been promoted to administrator via bootstrap token.`,
+		);
+		return { message: `User ${username} is now an administrator` };
+	}
+}
--- a/backend/src/auth/guards/auth.guard.spec.ts
+++ b/backend/src/auth/guards/auth.guard.spec.ts
@@ -0,0 +1,89 @@
+import { ExecutionContext, UnauthorizedException } from "@nestjs/common";
+import { ConfigService } from "@nestjs/config";
+import { Test, TestingModule } from "@nestjs/testing";
+import { getIronSession } from "iron-session";
+import { JwtService } from "../../crypto/services/jwt.service";
+import { AuthGuard } from "./auth.guard";
+
+jest.mock("jose", () => ({}));
+jest.mock("iron-session", () => ({
+	getIronSession: jest.fn(),
+}));
+
+describe("AuthGuard", () => {
+	let guard: AuthGuard;
+	let _jwtService: JwtService;
+	let _configService: ConfigService;
+
+	const mockJwtService = {
+		verifyJwt: jest.fn(),
+	};
+
+	const mockConfigService = {
+		get: jest.fn().mockReturnValue("session-password"),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				AuthGuard,
+				{ provide: JwtService, useValue: mockJwtService },
+				{ provide: ConfigService, useValue: mockConfigService },
+			],
+		}).compile();
+
+		guard = module.get<AuthGuard>(AuthGuard);
+		_jwtService = module.get<JwtService>(JwtService);
+		_configService = module.get<ConfigService>(ConfigService);
+	});
+
+	it("should return true for valid token", async () => {
+		const request = { user: null };
+		const context = {
+			switchToHttp: () => ({
+				getRequest: () => request,
+				getResponse: () => ({}),
+			}),
+		} as unknown as ExecutionContext;
+
+		(getIronSession as jest.Mock).mockResolvedValue({
+			accessToken: "valid-token",
+		});
+		mockJwtService.verifyJwt.mockResolvedValue({ sub: "user1" });
+
+		const result = await guard.canActivate(context);
+		expect(result).toBe(true);
+		expect(request.user).toEqual({ sub: "user1" });
+	});
+
+	it("should throw UnauthorizedException if no token", async () => {
+		const context = {
+			switchToHttp: () => ({
+				getRequest: () => ({}),
+				getResponse: () => ({}),
+			}),
+		} as ExecutionContext;
+
+		(getIronSession as jest.Mock).mockResolvedValue({});
+
+		await expect(guard.canActivate(context)).rejects.toThrow(
+			UnauthorizedException,
+		);
+	});
+
+	it("should throw UnauthorizedException if token invalid", async () => {
+		const context = {
+			switchToHttp: () => ({
+				getRequest: () => ({}),
+				getResponse: () => ({}),
+			}),
+		} as ExecutionContext;
+
+		(getIronSession as jest.Mock).mockResolvedValue({ accessToken: "invalid" });
+		mockJwtService.verifyJwt.mockRejectedValue(new Error("invalid"));
+
+		await expect(guard.canActivate(context)).rejects.toThrow(
+			UnauthorizedException,
+		);
+	});
+});
--- a/backend/src/auth/guards/optional-auth.guard.spec.ts
+++ b/backend/src/auth/guards/optional-auth.guard.spec.ts
@@ -0,0 +1,84 @@
+import { ExecutionContext } from "@nestjs/common";
+import { ConfigService } from "@nestjs/config";
+import { Test, TestingModule } from "@nestjs/testing";
+import { getIronSession } from "iron-session";
+import { JwtService } from "../../crypto/services/jwt.service";
+import { OptionalAuthGuard } from "./optional-auth.guard";
+
+jest.mock("jose", () => ({}));
+jest.mock("iron-session", () => ({
+	getIronSession: jest.fn(),
+}));
+
+describe("OptionalAuthGuard", () => {
+	let guard: OptionalAuthGuard;
+	let _jwtService: JwtService;
+
+	const mockJwtService = {
+		verifyJwt: jest.fn(),
+	};
+
+	const mockConfigService = {
+		get: jest.fn().mockReturnValue("session-password"),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				OptionalAuthGuard,
+				{ provide: JwtService, useValue: mockJwtService },
+				{ provide: ConfigService, useValue: mockConfigService },
+			],
+		}).compile();
+
+		guard = module.get<OptionalAuthGuard>(OptionalAuthGuard);
+		_jwtService = module.get<JwtService>(JwtService);
+	});
+
+	it("should return true and set user for valid token", async () => {
+		const request = { user: null };
+		const context = {
+			switchToHttp: () => ({
+				getRequest: () => request,
+				getResponse: () => ({}),
+			}),
+		} as unknown as ExecutionContext;
+
+		(getIronSession as jest.Mock).mockResolvedValue({ accessToken: "valid" });
+		mockJwtService.verifyJwt.mockResolvedValue({ sub: "u1" });
+
+		const result = await guard.canActivate(context);
+		expect(result).toBe(true);
+		expect(request.user).toEqual({ sub: "u1" });
+	});
+
+	it("should return true if no token", async () => {
+		const context = {
+			switchToHttp: () => ({
+				getRequest: () => ({}),
+				getResponse: () => ({}),
+			}),
+		} as ExecutionContext;
+
+		(getIronSession as jest.Mock).mockResolvedValue({});
+
+		const result = await guard.canActivate(context);
+		expect(result).toBe(true);
+	});
+
+	it("should return true even if token invalid", async () => {
+		const context = {
+			switchToHttp: () => ({
+				getRequest: () => ({ user: null }),
+				getResponse: () => ({}),
+			}),
+		} as ExecutionContext;
+
+		(getIronSession as jest.Mock).mockResolvedValue({ accessToken: "invalid" });
+		mockJwtService.verifyJwt.mockRejectedValue(new Error("invalid"));
+
+		const result = await guard.canActivate(context);
+		expect(result).toBe(true);
+		expect(context.switchToHttp().getRequest().user).toBeNull();
+	});
+});
--- a/backend/src/auth/guards/roles.guard.spec.ts
+++ b/backend/src/auth/guards/roles.guard.spec.ts
@@ -0,0 +1,90 @@
+import { ExecutionContext } from "@nestjs/common";
+import { Reflector } from "@nestjs/core";
+import { Test, TestingModule } from "@nestjs/testing";
+import { RbacService } from "../rbac.service";
+import { RolesGuard } from "./roles.guard";
+
+describe("RolesGuard", () => {
+	let guard: RolesGuard;
+	let _reflector: Reflector;
+	let _rbacService: RbacService;
+
+	const mockReflector = {
+		getAllAndOverride: jest.fn(),
+	};
+
+	const mockRbacService = {
+		getUserRoles: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				RolesGuard,
+				{ provide: Reflector, useValue: mockReflector },
+				{ provide: RbacService, useValue: mockRbacService },
+			],
+		}).compile();
+
+		guard = module.get<RolesGuard>(RolesGuard);
+		_reflector = module.get<Reflector>(Reflector);
+		_rbacService = module.get<RbacService>(RbacService);
+	});
+
+	it("should return true if no roles required", async () => {
+		mockReflector.getAllAndOverride.mockReturnValue(null);
+		const context = {
+			getHandler: () => ({}),
+			getClass: () => ({}),
+		} as ExecutionContext;
+
+		const result = await guard.canActivate(context);
+		expect(result).toBe(true);
+	});
+
+	it("should return false if no user in request", async () => {
+		mockReflector.getAllAndOverride.mockReturnValue(["admin"]);
+		const context = {
+			getHandler: () => ({}),
+			getClass: () => ({}),
+			switchToHttp: () => ({
+				getRequest: () => ({ user: null }),
+			}),
+		} as ExecutionContext;
+
+		const result = await guard.canActivate(context);
+		expect(result).toBe(false);
+	});
+
+	it("should return true if user has required role", async () => {
+		mockReflector.getAllAndOverride.mockReturnValue(["admin"]);
+		const context = {
+			getHandler: () => ({}),
+			getClass: () => ({}),
+			switchToHttp: () => ({
+				getRequest: () => ({ user: { sub: "u1" } }),
+			}),
+		} as ExecutionContext;
+
+		mockRbacService.getUserRoles.mockResolvedValue(["admin", "user"]);
+
+		const result = await guard.canActivate(context);
+		expect(result).toBe(true);
+	});
+
+	it("should return false if user doesn't have required role", async () => {
+		mockReflector.getAllAndOverride.mockReturnValue(["admin"]);
+		const context = {
+			getHandler: () => ({}),
+			getClass: () => ({}),
+			switchToHttp: () => ({
+				getRequest: () => ({ user: { sub: "u1" } }),
+			}),
+		} as ExecutionContext;
+
+		mockRbacService.getUserRoles.mockResolvedValue(["user"]);
+
+		const result = await guard.canActivate(context);
+		expect(result).toBe(false);
+	});
+});
--- a/backend/src/auth/rbac.service.spec.ts
+++ b/backend/src/auth/rbac.service.spec.ts
@@ -9,6 +9,8 @@ describe("RbacService", () => {
 	const mockRbacRepository = {
 		findRolesByUserId: jest.fn(),
 		findPermissionsByUserId: jest.fn(),
+		countRoles: jest.fn(),
+		createRole: jest.fn(),
 	};

 	beforeEach(async () => {
@@ -58,4 +60,35 @@ describe("RbacService", () => {
 			expect(repository.findPermissionsByUserId).toHaveBeenCalledWith(userId);
 		});
 	});
+
+	describe("seedRoles", () => {
+		it("should be called on application bootstrap", async () => {
+			const seedRolesSpy = jest.spyOn(service, "seedRoles");
+			await service.onApplicationBootstrap();
+			expect(seedRolesSpy).toHaveBeenCalled();
+		});
+
+		it("should seed roles if none exist", async () => {
+			mockRbacRepository.countRoles.mockResolvedValue(0);
+
+			await service.seedRoles();
+
+			expect(repository.countRoles).toHaveBeenCalled();
+			expect(repository.createRole).toHaveBeenCalledTimes(3);
+			expect(repository.createRole).toHaveBeenCalledWith(
+				"Administrator",
+				"admin",
+				"Full system access",
+			);
+		});
+
+		it("should not seed roles if some already exist", async () => {
+			mockRbacRepository.countRoles.mockResolvedValue(3);
+
+			await service.seedRoles();
+
+			expect(repository.countRoles).toHaveBeenCalled();
+			expect(repository.createRole).not.toHaveBeenCalled();
+		});
+	});
 });
--- a/backend/src/auth/rbac.service.ts
+++ b/backend/src/auth/rbac.service.ts
@@ -1,10 +1,53 @@
-import { Injectable } from "@nestjs/common";
+import { Injectable, Logger, OnApplicationBootstrap } from "@nestjs/common";
 import { RbacRepository } from "./repositories/rbac.repository";

@Injectable()
-export class RbacService {
+export class RbacService implements OnApplicationBootstrap {
+	private readonly logger = new Logger(RbacService.name);
+
 	constructor(private readonly rbacRepository: RbacRepository) {}

+	async onApplicationBootstrap() {
+		this.logger.log("RbacService initialized, checking roles...");
+		await this.seedRoles();
+	}
+
+	async seedRoles() {
+		try {
+			const count = await this.rbacRepository.countRoles();
+			if (count === 0) {
+				this.logger.log("No roles found, seeding default roles...");
+				const defaultRoles = [
+					{
+						name: "Administrator",
+						slug: "admin",
+						description: "Full system access",
+					},
+					{
+						name: "Moderator",
+						slug: "moderator",
+						description: "Access to moderation tools",
+					},
+					{ name: "User", slug: "user", description: "Standard user access" },
+				];
+
+				for (const role of defaultRoles) {
+					await this.rbacRepository.createRole(
+						role.name,
+						role.slug,
+						role.description,
+					);
+					this.logger.log(`Created role: ${role.slug}`);
+				}
+				this.logger.log("Default roles seeded successfully.");
+			} else {
+				this.logger.log(`${count} roles already exist, skipping seeding.`);
+			}
+		} catch (error) {
+			this.logger.error("Error during roles seeding:", error);
+		}
+	}
+
 	async getUserRoles(userId: string) {
 		return this.rbacRepository.findRolesByUserId(userId);
 	}
@@ -12,4 +55,12 @@ export class RbacService {
 	async getUserPermissions(userId: string) {
 		return this.rbacRepository.findPermissionsByUserId(userId);
 	}
+
+	async countAdmins() {
+		return this.rbacRepository.countAdmins();
+	}
+
+	async assignRoleToUser(userId: string, roleSlug: string) {
+		return this.rbacRepository.assignRole(userId, roleSlug);
+	}
 }
--- a/backend/src/auth/repositories/rbac.repository.ts
+++ b/backend/src/auth/repositories/rbac.repository.ts
@@ -39,4 +39,52 @@ export class RbacRepository {

 		return Array.from(new Set(result.map((p) => p.slug)));
 	}
+
+	async countRoles(): Promise<number> {
+		const result = await this.databaseService.db
+			.select({ count: roles.id })
+			.from(roles);
+		return result.length;
+	}
+
+	async countAdmins(): Promise<number> {
+		const result = await this.databaseService.db
+			.select({ count: usersToRoles.userId })
+			.from(usersToRoles)
+			.innerJoin(roles, eq(usersToRoles.roleId, roles.id))
+			.where(eq(roles.slug, "admin"));
+		return result.length;
+	}
+
+	async createRole(name: string, slug: string, description?: string) {
+		return this.databaseService.db
+			.insert(roles)
+			.values({
+				name,
+				slug,
+				description,
+			})
+			.returning();
+	}
+
+	async assignRole(userId: string, roleSlug: string) {
+		const role = await this.databaseService.db
+			.select()
+			.from(roles)
+			.where(eq(roles.slug, roleSlug))
+			.limit(1);
+
+		if (!role[0]) {
+			throw new Error(`Role with slug ${roleSlug} not found`);
+		}
+
+		return this.databaseService.db
+			.insert(usersToRoles)
+			.values({
+				userId,
+				roleId: role[0].id,
+			})
+			.onConflictDoNothing()
+			.returning();
+	}
 }
--- a/backend/src/categories/categories.controller.spec.ts
+++ b/backend/src/categories/categories.controller.spec.ts
@@ -0,0 +1,105 @@
+jest.mock("uuid", () => ({
+	v4: jest.fn(() => "mocked-uuid"),
+}));
+
+jest.mock("@noble/post-quantum/ml-kem.js", () => ({
+	ml_kem768: {
+		keygen: jest.fn(),
+		encapsulate: jest.fn(),
+		decapsulate: jest.fn(),
+	},
+}));
+
+jest.mock("jose", () => ({
+	SignJWT: jest.fn().mockReturnValue({
+		setProtectedHeader: jest.fn().mockReturnThis(),
+		setIssuedAt: jest.fn().mockReturnThis(),
+		setExpirationTime: jest.fn().mockReturnThis(),
+		sign: jest.fn().mockResolvedValue("mocked-jwt"),
+	}),
+	jwtVerify: jest.fn(),
+}));
+
+import { CACHE_MANAGER } from "@nestjs/cache-manager";
+import { Test, TestingModule } from "@nestjs/testing";
+import { AuthGuard } from "../auth/guards/auth.guard";
+import { RolesGuard } from "../auth/guards/roles.guard";
+import { CategoriesController } from "./categories.controller";
+import { CategoriesService } from "./categories.service";
+
+describe("CategoriesController", () => {
+	let controller: CategoriesController;
+	let service: CategoriesService;
+
+	const mockCategoriesService = {
+		findAll: jest.fn(),
+		findOne: jest.fn(),
+		create: jest.fn(),
+		update: jest.fn(),
+		remove: jest.fn(),
+	};
+
+	const mockCacheManager = {
+		get: jest.fn(),
+		set: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [CategoriesController],
+			providers: [
+				{ provide: CategoriesService, useValue: mockCategoriesService },
+				{ provide: CACHE_MANAGER, useValue: mockCacheManager },
+			],
+		})
+			.overrideGuard(AuthGuard)
+			.useValue({ canActivate: () => true })
+			.overrideGuard(RolesGuard)
+			.useValue({ canActivate: () => true })
+			.compile();
+
+		controller = module.get<CategoriesController>(CategoriesController);
+		service = module.get<CategoriesService>(CategoriesService);
+	});
+
+	it("should be defined", () => {
+		expect(controller).toBeDefined();
+	});
+
+	describe("findAll", () => {
+		it("should call service.findAll", async () => {
+			await controller.findAll();
+			expect(service.findAll).toHaveBeenCalled();
+		});
+	});
+
+	describe("findOne", () => {
+		it("should call service.findOne", async () => {
+			await controller.findOne("1");
+			expect(service.findOne).toHaveBeenCalledWith("1");
+		});
+	});
+
+	describe("create", () => {
+		it("should call service.create", async () => {
+			const dto = { name: "Cat", slug: "cat" };
+			await controller.create(dto);
+			expect(service.create).toHaveBeenCalledWith(dto);
+		});
+	});
+
+	describe("update", () => {
+		it("should call service.update", async () => {
+			const dto = { name: "New Name" };
+			await controller.update("1", dto);
+			expect(service.update).toHaveBeenCalledWith("1", dto);
+		});
+	});
+
+	describe("remove", () => {
+		it("should call service.remove", async () => {
+			await controller.remove("1");
+			expect(service.remove).toHaveBeenCalledWith("1");
+		});
+	});
+});
--- a/backend/src/categories/repositories/categories.repository.spec.ts
+++ b/backend/src/categories/repositories/categories.repository.spec.ts
@@ -0,0 +1,82 @@
+import { Test, TestingModule } from "@nestjs/testing";
+import { DatabaseService } from "../../database/database.service";
+import { CategoriesRepository } from "./categories.repository";
+
+describe("CategoriesRepository", () => {
+	let repository: CategoriesRepository;
+
+	const mockDb = {
+		select: jest.fn().mockReturnThis(),
+		from: jest.fn().mockReturnThis(),
+		orderBy: jest.fn().mockReturnThis(),
+		where: jest.fn().mockReturnThis(),
+		limit: jest.fn().mockReturnThis(),
+		insert: jest.fn().mockReturnThis(),
+		values: jest.fn().mockReturnThis(),
+		update: jest.fn().mockReturnThis(),
+		set: jest.fn().mockReturnThis(),
+		delete: jest.fn().mockReturnThis(),
+		returning: jest.fn().mockReturnThis(),
+		execute: jest.fn(),
+	};
+
+	const wrapWithThen = (obj: unknown) => {
+		// biome-ignore lint/suspicious/noThenProperty: Necessary to mock Drizzle's awaitable query builder
+		Object.defineProperty(obj, "then", {
+			value: function (onFulfilled: (arg0: unknown) => void) {
+				const result = (this as Record<string, unknown>).execute();
+				return Promise.resolve(result).then(onFulfilled);
+			},
+			configurable: true,
+		});
+		return obj;
+	};
+	wrapWithThen(mockDb);
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				CategoriesRepository,
+				{ provide: DatabaseService, useValue: { db: mockDb } },
+			],
+		}).compile();
+
+		repository = module.get<CategoriesRepository>(CategoriesRepository);
+	});
+
+	it("should find all", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		const result = await repository.findAll();
+		expect(result).toHaveLength(1);
+	});
+
+	it("should count all", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ count: 5 }]);
+		const result = await repository.countAll();
+		expect(result).toBe(5);
+	});
+
+	it("should find one", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		const result = await repository.findOne("1");
+		expect(result.id).toBe("1");
+	});
+
+	it("should create", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		await repository.create({ name: "C", slug: "s" });
+		expect(mockDb.insert).toHaveBeenCalled();
+	});
+
+	it("should update", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		await repository.update("1", { name: "N", updatedAt: new Date() });
+		expect(mockDb.update).toHaveBeenCalled();
+	});
+
+	it("should remove", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		await repository.remove("1");
+		expect(mockDb.delete).toHaveBeenCalled();
+	});
+});
--- a/backend/src/contents/contents.controller.spec.ts
+++ b/backend/src/contents/contents.controller.spec.ts
@@ -0,0 +1,230 @@
+jest.mock("uuid", () => ({
+	v4: jest.fn(() => "mocked-uuid"),
+}));
+
+jest.mock("@noble/post-quantum/ml-kem.js", () => ({
+	ml_kem768: {
+		keygen: jest.fn(),
+		encapsulate: jest.fn(),
+		decapsulate: jest.fn(),
+	},
+}));
+
+jest.mock("jose", () => ({
+	SignJWT: jest.fn().mockReturnValue({
+		setProtectedHeader: jest.fn().mockReturnThis(),
+		setIssuedAt: jest.fn().mockReturnThis(),
+		setExpirationTime: jest.fn().mockReturnThis(),
+		sign: jest.fn().mockResolvedValue("mocked-jwt"),
+	}),
+	jwtVerify: jest.fn(),
+}));
+
+import { CACHE_MANAGER } from "@nestjs/cache-manager";
+import { Test, TestingModule } from "@nestjs/testing";
+import { AuthGuard } from "../auth/guards/auth.guard";
+import { OptionalAuthGuard } from "../auth/guards/optional-auth.guard";
+import { RolesGuard } from "../auth/guards/roles.guard";
+import { AuthenticatedRequest } from "../common/interfaces/request.interface";
+import { ContentsController } from "./contents.controller";
+import { ContentsService } from "./contents.service";
+
+describe("ContentsController", () => {
+	let controller: ContentsController;
+	let service: ContentsService;
+
+	const mockContentsService = {
+		create: jest.fn(),
+		getUploadUrl: jest.fn(),
+		uploadAndProcess: jest.fn(),
+		findAll: jest.fn(),
+		findOne: jest.fn(),
+		incrementViews: jest.fn(),
+		incrementUsage: jest.fn(),
+		remove: jest.fn(),
+		removeAdmin: jest.fn(),
+		generateBotHtml: jest.fn(),
+	};
+
+	const mockCacheManager = {
+		get: jest.fn(),
+		set: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [ContentsController],
+			providers: [
+				{ provide: ContentsService, useValue: mockContentsService },
+				{ provide: CACHE_MANAGER, useValue: mockCacheManager },
+			],
+		})
+			.overrideGuard(AuthGuard)
+			.useValue({ canActivate: () => true })
+			.overrideGuard(RolesGuard)
+			.useValue({ canActivate: () => true })
+			.overrideGuard(OptionalAuthGuard)
+			.useValue({ canActivate: () => true })
+			.compile();
+
+		controller = module.get<ContentsController>(ContentsController);
+		service = module.get<ContentsService>(ContentsService);
+	});
+
+	it("should be defined", () => {
+		expect(controller).toBeDefined();
+	});
+
+	describe("create", () => {
+		it("should call service.create", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			const dto = { title: "Title", type: "image" as any };
+			await controller.create(req, dto as any);
+			expect(service.create).toHaveBeenCalledWith("user-uuid", dto);
+		});
+	});
+
+	describe("getUploadUrl", () => {
+		it("should call service.getUploadUrl", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.getUploadUrl(req, "test.jpg");
+			expect(service.getUploadUrl).toHaveBeenCalledWith("user-uuid", "test.jpg");
+		});
+	});
+
+	describe("upload", () => {
+		it("should call service.uploadAndProcess", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			const file = {} as Express.Multer.File;
+			const dto = { title: "Title" };
+			await controller.upload(req, file, dto as any);
+			expect(service.uploadAndProcess).toHaveBeenCalledWith(
+				"user-uuid",
+				file,
+				dto,
+			);
+		});
+	});
+
+	describe("explore", () => {
+		it("should call service.findAll", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.explore(
+				req,
+				10,
+				0,
+				"trend",
+				"tag",
+				"cat",
+				"auth",
+				"query",
+				false,
+				undefined,
+			);
+			expect(service.findAll).toHaveBeenCalledWith({
+				limit: 10,
+				offset: 0,
+				sortBy: "trend",
+				tag: "tag",
+				category: "cat",
+				author: "auth",
+				query: "query",
+				favoritesOnly: false,
+				userId: "user-uuid",
+			});
+		});
+	});
+
+	describe("trends", () => {
+		it("should call service.findAll with trend sort", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.trends(req, 10, 0);
+			expect(service.findAll).toHaveBeenCalledWith({
+				limit: 10,
+				offset: 0,
+				sortBy: "trend",
+				userId: "user-uuid",
+			});
+		});
+	});
+
+	describe("recent", () => {
+		it("should call service.findAll with recent sort", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.recent(req, 10, 0);
+			expect(service.findAll).toHaveBeenCalledWith({
+				limit: 10,
+				offset: 0,
+				sortBy: "recent",
+				userId: "user-uuid",
+			});
+		});
+	});
+
+	describe("findOne", () => {
+		it("should return json for normal user", async () => {
+			const req = { user: { sub: "user-uuid" }, headers: {} } as any;
+			const res = { json: jest.fn(), send: jest.fn() } as any;
+			const content = { id: "1" };
+			mockContentsService.findOne.mockResolvedValue(content);
+
+			await controller.findOne("1", req, res);
+
+			expect(res.json).toHaveBeenCalledWith(content);
+		});
+
+		it("should return html for bot", async () => {
+			const req = {
+				user: { sub: "user-uuid" },
+				headers: { "user-agent": "Googlebot" },
+			} as any;
+			const res = { json: jest.fn(), send: jest.fn() } as any;
+			const content = { id: "1" };
+			mockContentsService.findOne.mockResolvedValue(content);
+			mockContentsService.generateBotHtml.mockReturnValue("<html></html>");
+
+			await controller.findOne("1", req, res);
+
+			expect(res.send).toHaveBeenCalledWith("<html></html>");
+		});
+
+		it("should throw NotFoundException if not found", async () => {
+			const req = { user: { sub: "user-uuid" }, headers: {} } as any;
+			const res = { json: jest.fn(), send: jest.fn() } as any;
+			mockContentsService.findOne.mockResolvedValue(null);
+
+			await expect(controller.findOne("1", req, res)).rejects.toThrow(
+				"Contenu non trouvé",
+			);
+		});
+	});
+
+	describe("incrementViews", () => {
+		it("should call service.incrementViews", async () => {
+			await controller.incrementViews("1");
+			expect(service.incrementViews).toHaveBeenCalledWith("1");
+		});
+	});
+
+	describe("incrementUsage", () => {
+		it("should call service.incrementUsage", async () => {
+			await controller.incrementUsage("1");
+			expect(service.incrementUsage).toHaveBeenCalledWith("1");
+		});
+	});
+
+	describe("remove", () => {
+		it("should call service.remove", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.remove("1", req);
+			expect(service.remove).toHaveBeenCalledWith("1", "user-uuid");
+		});
+	});
+
+	describe("removeAdmin", () => {
+		it("should call service.removeAdmin", async () => {
+			await controller.removeAdmin("1");
+			expect(service.removeAdmin).toHaveBeenCalledWith("1");
+		});
+	});
+});
--- a/backend/src/contents/contents.controller.ts
+++ b/backend/src/contents/contents.controller.ts
@@ -10,6 +10,7 @@ import {
 	Param,
 	ParseBoolPipe,
 	ParseIntPipe,
+	Patch,
 	Post,
 	Query,
 	Req,
@@ -173,6 +174,16 @@ export class ContentsController {
 		return this.contentsService.incrementUsage(id);
 	}

+	@Patch(":id")
+	@UseGuards(AuthGuard)
+	update(
+		@Param("id") id: string,
+		@Req() req: AuthenticatedRequest,
+		@Body() updateContentDto: any,
+	) {
+		return this.contentsService.update(id, req.user.sub, updateContentDto);
+	}
+
 	@Delete(":id")
 	@UseGuards(AuthGuard)
 	remove(@Param("id") id: string, @Req() req: AuthenticatedRequest) {
@@ -185,4 +196,11 @@ export class ContentsController {
 	removeAdmin(@Param("id") id: string) {
 		return this.contentsService.removeAdmin(id);
 	}
+
+	@Patch(":id/admin")
+	@UseGuards(AuthGuard, RolesGuard)
+	@Roles("admin")
+	updateAdmin(@Param("id") id: string, @Body() updateContentDto: any) {
+		return this.contentsService.updateAdmin(id, updateContentDto);
+	}
 }
--- a/backend/src/contents/contents.service.spec.ts
+++ b/backend/src/contents/contents.service.spec.ts
@@ -23,6 +23,7 @@ describe("ContentsService", () => {
 		incrementViews: jest.fn(),
 		incrementUsage: jest.fn(),
 		softDelete: jest.fn(),
+		softDeleteAdmin: jest.fn(),
 		findOne: jest.fn(),
 		findBySlug: jest.fn(),
 	};
@@ -147,4 +148,81 @@ describe("ContentsService", () => {
 			expect(result[0].views).toBe(1);
 		});
 	});
+
+	describe("incrementUsage", () => {
+		it("should increment usage", async () => {
+			mockContentsRepository.incrementUsage.mockResolvedValue([
+				{ id: "1", usageCount: 1 },
+			]);
+			await service.incrementUsage("1");
+			expect(mockContentsRepository.incrementUsage).toHaveBeenCalledWith("1");
+		});
+	});
+
+	describe("remove", () => {
+		it("should soft delete content", async () => {
+			mockContentsRepository.softDelete.mockResolvedValue({ id: "1" });
+			await service.remove("1", "u1");
+			expect(mockContentsRepository.softDelete).toHaveBeenCalledWith("1", "u1");
+		});
+	});
+
+	describe("removeAdmin", () => {
+		it("should soft delete content without checking owner", async () => {
+			mockContentsRepository.softDeleteAdmin.mockResolvedValue({ id: "1" });
+			await service.removeAdmin("1");
+			expect(mockContentsRepository.softDeleteAdmin).toHaveBeenCalledWith("1");
+		});
+	});
+
+	describe("findOne", () => {
+		it("should return content by id", async () => {
+			mockContentsRepository.findOne.mockResolvedValue({
+				id: "1",
+				storageKey: "k",
+				author: { avatarUrl: "a" },
+			});
+			mockS3Service.getPublicUrl.mockReturnValue("url");
+			const result = await service.findOne("1");
+			expect(result.id).toBe("1");
+			expect(result.url).toBe("url");
+		});
+
+		it("should return content by slug", async () => {
+			mockContentsRepository.findOne.mockResolvedValue({
+				id: "1",
+				slug: "s",
+				storageKey: "k",
+			});
+			const result = await service.findOne("s");
+			expect(result.slug).toBe("s");
+		});
+	});
+
+	describe("generateBotHtml", () => {
+		it("should generate html with og tags", () => {
+			const content = { title: "Title", storageKey: "k" };
+			mockS3Service.getPublicUrl.mockReturnValue("url");
+			const html = service.generateBotHtml(content as any);
+			expect(html).toContain("<title>Title</title>");
+			expect(html).toContain('content="Title"');
+			expect(html).toContain('content="url"');
+		});
+	});
+
+	describe("ensureUniqueSlug", () => {
+		it("should return original slug if unique", async () => {
+			mockContentsRepository.findBySlug.mockResolvedValue(null);
+			const slug = (service as any).ensureUniqueSlug("My Title");
+			await expect(slug).resolves.toBe("my-title");
+		});
+
+		it("should append counter if not unique", async () => {
+			mockContentsRepository.findBySlug
+				.mockResolvedValueOnce({ id: "1" })
+				.mockResolvedValueOnce(null);
+			const slug = await (service as any).ensureUniqueSlug("My Title");
+			expect(slug).toBe("my-title-1");
+		});
+	});
 });
--- a/backend/src/contents/contents.service.ts
+++ b/backend/src/contents/contents.service.ts
@@ -184,6 +184,35 @@ export class ContentsService {
 		return deleted;
 	}

+	async updateAdmin(id: string, data: any) {
+		this.logger.log(`Updating content ${id} by admin`);
+		const updated = await this.contentsRepository.update(id, data);
+
+		if (updated) {
+			await this.clearContentsCache();
+		}
+		return updated;
+	}
+
+	async update(id: string, userId: string, data: any) {
+		this.logger.log(`Updating content ${id} for user ${userId}`);
+
+		// Vérifier que le contenu appartient à l'utilisateur
+		const existing = await this.contentsRepository.findOne(id, userId);
+		if (!existing || existing.userId !== userId) {
+			throw new BadRequestException(
+				"Contenu non trouvé ou vous n'avez pas la permission de le modifier.",
+			);
+		}
+
+		const updated = await this.contentsRepository.update(id, data);
+
+		if (updated) {
+			await this.clearContentsCache();
+		}
+		return updated;
+	}
+
 	async findOne(idOrSlug: string, userId?: string) {
 		const content = await this.contentsRepository.findOne(idOrSlug, userId);
 		if (!content) return null;
--- a/backend/src/contents/repositories/contents.repository.ts
+++ b/backend/src/contents/repositories/contents.repository.ts
@@ -404,6 +404,15 @@ export class ContentsRepository {
 		return deleted;
 	}

+	async update(id: string, data: Partial<typeof contents.$inferInsert>) {
+		const [updated] = await this.databaseService.db
+			.update(contents)
+			.set({ ...data, updatedAt: new Date() })
+			.where(eq(contents.id, id))
+			.returning();
+		return updated;
+	}
+
 	async findBySlug(slug: string) {
 		const [result] = await this.databaseService.db
 			.select()
--- a/backend/src/database/database.service.spec.ts
+++ b/backend/src/database/database.service.spec.ts
@@ -0,0 +1,67 @@
+import { ConfigService } from "@nestjs/config";
+import { Test, TestingModule } from "@nestjs/testing";
+import { DatabaseService } from "./database.service";
+
+jest.mock("pg", () => {
+	const mPool = {
+		connect: jest.fn(),
+		query: jest.fn(),
+		end: jest.fn(),
+		on: jest.fn(),
+	};
+	return { Pool: jest.fn(() => mPool) };
+});
+
+jest.mock("drizzle-orm/node-postgres", () => ({
+	drizzle: jest.fn().mockReturnValue({}),
+}));
+
+describe("DatabaseService", () => {
+	let service: DatabaseService;
+	let _configService: ConfigService;
+
+	const mockConfigService = {
+		get: jest.fn((key) => {
+			const config = {
+				POSTGRES_PASSWORD: "p",
+				POSTGRES_USER: "u",
+				POSTGRES_HOST: "h",
+				POSTGRES_PORT: "5432",
+				POSTGRES_DB: "db",
+				NODE_ENV: "development",
+			};
+			return config[key];
+		}),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				DatabaseService,
+				{ provide: ConfigService, useValue: mockConfigService },
+			],
+		}).compile();
+
+		service = module.get<DatabaseService>(DatabaseService);
+		_configService = module.get<ConfigService>(ConfigService);
+	});
+
+	it("should be defined", () => {
+		expect(service).toBeDefined();
+	});
+
+	describe("onModuleInit", () => {
+		it("should skip migrations in development", async () => {
+			await service.onModuleInit();
+			expect(mockConfigService.get).toHaveBeenCalledWith("NODE_ENV");
+		});
+	});
+
+	describe("onModuleDestroy", () => {
+		it("should close pool", async () => {
+			const pool = (service as any).pool;
+			await service.onModuleDestroy();
+			expect(pool.end).toHaveBeenCalled();
+		});
+	});
+});
--- a/backend/src/favorites/favorites.controller.spec.ts
+++ b/backend/src/favorites/favorites.controller.spec.ts
@@ -0,0 +1,82 @@
+jest.mock("uuid", () => ({
+	v4: jest.fn(() => "mocked-uuid"),
+}));
+
+jest.mock("@noble/post-quantum/ml-kem.js", () => ({
+	ml_kem768: {
+		keygen: jest.fn(),
+		encapsulate: jest.fn(),
+		decapsulate: jest.fn(),
+	},
+}));
+
+jest.mock("jose", () => ({
+	SignJWT: jest.fn().mockReturnValue({
+		setProtectedHeader: jest.fn().mockReturnThis(),
+		setIssuedAt: jest.fn().mockReturnThis(),
+		setExpirationTime: jest.fn().mockReturnThis(),
+		sign: jest.fn().mockResolvedValue("mocked-jwt"),
+	}),
+	jwtVerify: jest.fn(),
+}));
+
+import { Test, TestingModule } from "@nestjs/testing";
+import { AuthGuard } from "../auth/guards/auth.guard";
+import { AuthenticatedRequest } from "../common/interfaces/request.interface";
+import { FavoritesController } from "./favorites.controller";
+import { FavoritesService } from "./favorites.service";
+
+describe("FavoritesController", () => {
+	let controller: FavoritesController;
+	let service: FavoritesService;
+
+	const mockFavoritesService = {
+		addFavorite: jest.fn(),
+		removeFavorite: jest.fn(),
+		getUserFavorites: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [FavoritesController],
+			providers: [{ provide: FavoritesService, useValue: mockFavoritesService }],
+		})
+			.overrideGuard(AuthGuard)
+			.useValue({ canActivate: () => true })
+			.compile();
+
+		controller = module.get<FavoritesController>(FavoritesController);
+		service = module.get<FavoritesService>(FavoritesService);
+	});
+
+	it("should be defined", () => {
+		expect(controller).toBeDefined();
+	});
+
+	describe("add", () => {
+		it("should call service.addFavorite", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.add(req, "content-1");
+			expect(service.addFavorite).toHaveBeenCalledWith("user-uuid", "content-1");
+		});
+	});
+
+	describe("remove", () => {
+		it("should call service.removeFavorite", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.remove(req, "content-1");
+			expect(service.removeFavorite).toHaveBeenCalledWith(
+				"user-uuid",
+				"content-1",
+			);
+		});
+	});
+
+	describe("list", () => {
+		it("should call service.getUserFavorites", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.list(req, 10, 0);
+			expect(service.getUserFavorites).toHaveBeenCalledWith("user-uuid", 10, 0);
+		});
+	});
+});
--- a/backend/src/favorites/repositories/favorites.repository.spec.ts
+++ b/backend/src/favorites/repositories/favorites.repository.spec.ts
@@ -0,0 +1,72 @@
+import { Test, TestingModule } from "@nestjs/testing";
+import { DatabaseService } from "../../database/database.service";
+import { FavoritesRepository } from "./favorites.repository";
+
+describe("FavoritesRepository", () => {
+	let repository: FavoritesRepository;
+
+	const mockDb = {
+		select: jest.fn().mockReturnThis(),
+		from: jest.fn().mockReturnThis(),
+		innerJoin: jest.fn().mockReturnThis(),
+		where: jest.fn().mockReturnThis(),
+		limit: jest.fn().mockReturnThis(),
+		offset: jest.fn().mockReturnThis(),
+		insert: jest.fn().mockReturnThis(),
+		values: jest.fn().mockReturnThis(),
+		delete: jest.fn().mockReturnThis(),
+		returning: jest.fn().mockReturnThis(),
+		execute: jest.fn(),
+	};
+
+	const wrapWithThen = (obj: unknown) => {
+		// biome-ignore lint/suspicious/noThenProperty: Necessary to mock Drizzle's awaitable query builder
+		Object.defineProperty(obj, "then", {
+			value: function (onFulfilled: (arg0: unknown) => void) {
+				const result = (this as Record<string, unknown>).execute();
+				return Promise.resolve(result).then(onFulfilled);
+			},
+			configurable: true,
+		});
+		return obj;
+	};
+	wrapWithThen(mockDb);
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				FavoritesRepository,
+				{ provide: DatabaseService, useValue: { db: mockDb } },
+			],
+		}).compile();
+
+		repository = module.get<FavoritesRepository>(FavoritesRepository);
+	});
+
+	it("should find content by id", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		const result = await repository.findContentById("1");
+		expect(result.id).toBe("1");
+	});
+
+	it("should add favorite", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([
+			{ userId: "u", contentId: "c" },
+		]);
+		await repository.add("u", "c");
+		expect(mockDb.insert).toHaveBeenCalled();
+	});
+
+	it("should remove favorite", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		await repository.remove("u", "c");
+		expect(mockDb.delete).toHaveBeenCalled();
+	});
+
+	it("should find by user id", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ content: { id: "c1" } }]);
+		const result = await repository.findByUserId("u1", 10, 0);
+		expect(result).toHaveLength(1);
+		expect(result[0].id).toBe("c1");
+	});
+});
--- a/backend/src/health.controller.spec.ts
+++ b/backend/src/health.controller.spec.ts
@@ -1,3 +1,4 @@
+import { CACHE_MANAGER } from "@nestjs/cache-manager";
 import { Test, TestingModule } from "@nestjs/testing";
 import { DatabaseService } from "./database/database.service";
 import { HealthController } from "./health.controller";
@@ -9,6 +10,10 @@ describe("HealthController", () => {
 		execute: jest.fn().mockResolvedValue([]),
 	};

+	const mockCacheManager = {
+		set: jest.fn().mockResolvedValue(undefined),
+	};
+
 	beforeEach(async () => {
 		const module: TestingModule = await Test.createTestingModule({
 			controllers: [HealthController],
@@ -19,24 +24,42 @@ describe("HealthController", () => {
 						db: mockDb,
 					},
 				},
+				{
+					provide: CACHE_MANAGER,
+					useValue: mockCacheManager,
+				},
 			],
 		}).compile();

 		controller = module.get<HealthController>(HealthController);
 	});

-	it("should return ok if database is connected", async () => {
+	it("should return ok if database and redis are connected", async () => {
 		mockDb.execute.mockResolvedValue([]);
+		mockCacheManager.set.mockResolvedValue(undefined);
 		const result = await controller.check();
 		expect(result.status).toBe("ok");
 		expect(result.database).toBe("connected");
+		expect(result.redis).toBe("connected");
 	});

 	it("should return error if database is disconnected", async () => {
 		mockDb.execute.mockRejectedValue(new Error("DB Error"));
+		mockCacheManager.set.mockResolvedValue(undefined);
 		const result = await controller.check();
 		expect(result.status).toBe("error");
 		expect(result.database).toBe("disconnected");
-		expect(result.message).toBe("DB Error");
+		expect(result.databaseError).toBe("DB Error");
+		expect(result.redis).toBe("connected");
+	});
+
+	it("should return error if redis is disconnected", async () => {
+		mockDb.execute.mockResolvedValue([]);
+		mockCacheManager.set.mockRejectedValue(new Error("Redis Error"));
+		const result = await controller.check();
+		expect(result.status).toBe("error");
+		expect(result.database).toBe("connected");
+		expect(result.redis).toBe("disconnected");
+		expect(result.redisError).toBe("Redis Error");
 	});
 });
--- a/backend/src/health.controller.ts
+++ b/backend/src/health.controller.ts
@@ -1,28 +1,44 @@
-import { Controller, Get } from "@nestjs/common";
+import { CACHE_MANAGER } from "@nestjs/cache-manager";
+import { Controller, Get, Inject } from "@nestjs/common";
+import type { Cache } from "cache-manager";
 import { sql } from "drizzle-orm";
 import { DatabaseService } from "./database/database.service";

@Controller("health")
 export class HealthController {
-	constructor(private readonly databaseService: DatabaseService) {}
+	constructor(
+		private readonly databaseService: DatabaseService,
+		@Inject(CACHE_MANAGER) private cacheManager: Cache,
+	) {}

 	@Get()
 	async check() {
+		const health: any = {
+			status: "ok",
+			timestamp: new Date().toISOString(),
+		};
+
 		try {
 			// Check database connection
 			await this.databaseService.db.execute(sql`SELECT 1`);
-			return {
-				status: "ok",
-				database: "connected",
-				timestamp: new Date().toISOString(),
-			};
+			health.database = "connected";
 		} catch (error) {
-			return {
-				status: "error",
-				database: "disconnected",
-				message: error.message,
-				timestamp: new Date().toISOString(),
-			};
+			health.status = "error";
+			health.database = "disconnected";
+			health.databaseError = error.message;
 		}
+
+		try {
+			// Check Redis connection via cache-manager
+			// We try to set a temporary key to verify the connection
+			await this.cacheManager.set("health-check", "ok", 1000);
+			health.redis = "connected";
+		} catch (error) {
+			health.status = "error";
+			health.redis = "disconnected";
+			health.redisError = error.message;
+		}
+
+		return health;
 	}
 }
--- a/backend/src/media/media.controller.spec.ts
+++ b/backend/src/media/media.controller.spec.ts
@@ -49,6 +49,11 @@ describe("MediaController", () => {
 			expect(stream.pipe).toHaveBeenCalledWith(res);
 		});

+		it("should throw NotFoundException if path is missing", async () => {
+			const res = {} as unknown as Response;
+			await expect(controller.getFile("", res)).rejects.toThrow(NotFoundException);
+		});
+
 		it("should throw NotFoundException if file is not found", async () => {
 			mockS3Service.getFileInfo.mockRejectedValue(new Error("Not found"));
 			const res = {} as unknown as Response;
--- a/backend/src/media/media.controller.ts
+++ b/backend/src/media/media.controller.ts
@@ -1,21 +1,36 @@
-import { Controller, Get, NotFoundException, Param, Res } from "@nestjs/common";
+import {
+	Controller,
+	Get,
+	Logger,
+	NotFoundException,
+	Query,
+	Res,
+} from "@nestjs/common";
 import type { Response } from "express";
 import type { BucketItemStat } from "minio";
 import { S3Service } from "../s3/s3.service";

@Controller("media")
 export class MediaController {
+	private readonly logger = new Logger(MediaController.name);
+
 	constructor(private readonly s3Service: S3Service) {}

-	@Get("*key")
-	async getFile(@Param("key") key: string, @Res() res: Response) {
-		try {
-			const stats = (await this.s3Service.getFileInfo(key)) as BucketItemStat;
-			const stream = await this.s3Service.getFile(key);
+	@Get()
+	async getFile(@Query("path") path: string, @Res() res: Response) {
+		if (!path) {
+			this.logger.warn("Tentative d'accès à un média sans paramètre 'path'");
+			throw new NotFoundException("Paramètre 'path' manquant");
+		}

-			const contentType =
+		try {
+			this.logger.log(`Récupération du fichier : ${path}`);
+			const stats = (await this.s3Service.getFileInfo(path)) as BucketItemStat;
+			const stream = await this.s3Service.getFile(path);
+
+			const contentType: string =
 				stats.metaData?.["content-type"] ||
-				stats.metadata?.["content-type"] ||
+				stats.metaData?.["Content-Type"] ||
 				"application/octet-stream";

 			res.setHeader("Content-Type", contentType);
@@ -23,7 +38,10 @@ export class MediaController {
 			res.setHeader("Cache-Control", "public, max-age=31536000, immutable");

 			stream.pipe(res);
-		} catch (_error) {
+		} catch (error) {
+			this.logger.error(
+				`Erreur lors de la récupération du fichier ${path} : ${error.message}`,
+			);
 			throw new NotFoundException("Fichier non trouvé");
 		}
 	}
--- a/backend/src/media/media.service.spec.ts
+++ b/backend/src/media/media.service.spec.ts
@@ -96,4 +96,37 @@ describe("MediaService", () => {
 			expect(result.buffer).toEqual(Buffer.from("processed-video"));
 		});
 	});
+
+	describe("scanFile", () => {
+		it("should return false if clamav not initialized", async () => {
+			const result = await service.scanFile(Buffer.from(""), "test.txt");
+			expect(result.isInfected).toBe(false);
+		});
+
+		it("should handle virus detection", async () => {
+			// Mock private property to simulate initialized clamscan
+			(service as any).isClamAvInitialized = true;
+			(service as any).clamscan = {
+				scanStream: jest.fn().mockResolvedValue({
+					isInfected: true,
+					viruses: ["Eicar-Test-Signature"],
+				}),
+			};
+
+			const result = await service.scanFile(Buffer.from(""), "test.txt");
+			expect(result.isInfected).toBe(true);
+			expect(result.virusName).toBe("Eicar-Test-Signature");
+		});
+
+		it("should handle scan error", async () => {
+			(service as any).isClamAvInitialized = true;
+			(service as any).clamscan = {
+				scanStream: jest.fn().mockRejectedValue(new Error("Scan failed")),
+			};
+
+			await expect(
+				service.scanFile(Buffer.from(""), "test.txt"),
+			).rejects.toThrow();
+		});
+	});
 });
--- a/backend/src/reports/reports.controller.spec.ts
+++ b/backend/src/reports/reports.controller.spec.ts
@@ -0,0 +1,82 @@
+jest.mock("uuid", () => ({
+	v4: jest.fn(() => "mocked-uuid"),
+}));
+
+jest.mock("@noble/post-quantum/ml-kem.js", () => ({
+	ml_kem768: {
+		keygen: jest.fn(),
+		encapsulate: jest.fn(),
+		decapsulate: jest.fn(),
+	},
+}));
+
+jest.mock("jose", () => ({
+	SignJWT: jest.fn().mockReturnValue({
+		setProtectedHeader: jest.fn().mockReturnThis(),
+		setIssuedAt: jest.fn().mockReturnThis(),
+		setExpirationTime: jest.fn().mockReturnThis(),
+		sign: jest.fn().mockResolvedValue("mocked-jwt"),
+	}),
+	jwtVerify: jest.fn(),
+}));
+
+import { Test, TestingModule } from "@nestjs/testing";
+import { AuthGuard } from "../auth/guards/auth.guard";
+import { RolesGuard } from "../auth/guards/roles.guard";
+import { AuthenticatedRequest } from "../common/interfaces/request.interface";
+import { ReportsController } from "./reports.controller";
+import { ReportsService } from "./reports.service";
+
+describe("ReportsController", () => {
+	let controller: ReportsController;
+	let service: ReportsService;
+
+	const mockReportsService = {
+		create: jest.fn(),
+		findAll: jest.fn(),
+		updateStatus: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [ReportsController],
+			providers: [{ provide: ReportsService, useValue: mockReportsService }],
+		})
+			.overrideGuard(AuthGuard)
+			.useValue({ canActivate: () => true })
+			.overrideGuard(RolesGuard)
+			.useValue({ canActivate: () => true })
+			.compile();
+
+		controller = module.get<ReportsController>(ReportsController);
+		service = module.get<ReportsService>(ReportsService);
+	});
+
+	it("should be defined", () => {
+		expect(controller).toBeDefined();
+	});
+
+	describe("create", () => {
+		it("should call service.create", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			const dto = { contentId: "1", reason: "spam" };
+			await controller.create(req, dto as any);
+			expect(service.create).toHaveBeenCalledWith("user-uuid", dto);
+		});
+	});
+
+	describe("findAll", () => {
+		it("should call service.findAll", async () => {
+			await controller.findAll(10, 0);
+			expect(service.findAll).toHaveBeenCalledWith(10, 0);
+		});
+	});
+
+	describe("updateStatus", () => {
+		it("should call service.updateStatus", async () => {
+			const dto = { status: "resolved" as any };
+			await controller.updateStatus("1", dto);
+			expect(service.updateStatus).toHaveBeenCalledWith("1", "resolved");
+		});
+	});
+});
--- a/backend/src/reports/repositories/reports.repository.spec.ts
+++ b/backend/src/reports/repositories/reports.repository.spec.ts
@@ -0,0 +1,73 @@
+import { Test, TestingModule } from "@nestjs/testing";
+import { DatabaseService } from "../../database/database.service";
+import { ReportsRepository } from "./reports.repository";
+
+describe("ReportsRepository", () => {
+	let repository: ReportsRepository;
+
+	const mockDb = {
+		select: jest.fn().mockReturnThis(),
+		from: jest.fn().mockReturnThis(),
+		orderBy: jest.fn().mockReturnThis(),
+		where: jest.fn().mockReturnThis(),
+		limit: jest.fn().mockReturnThis(),
+		offset: jest.fn().mockReturnThis(),
+		insert: jest.fn().mockReturnThis(),
+		values: jest.fn().mockReturnThis(),
+		update: jest.fn().mockReturnThis(),
+		set: jest.fn().mockReturnThis(),
+		delete: jest.fn().mockReturnThis(),
+		returning: jest.fn().mockReturnThis(),
+		execute: jest.fn(),
+	};
+
+	const wrapWithThen = (obj: unknown) => {
+		// biome-ignore lint/suspicious/noThenProperty: Necessary to mock Drizzle's awaitable query builder
+		Object.defineProperty(obj, "then", {
+			value: function (onFulfilled: (arg0: unknown) => void) {
+				const result = (this as Record<string, unknown>).execute();
+				return Promise.resolve(result).then(onFulfilled);
+			},
+			configurable: true,
+		});
+		return obj;
+	};
+	wrapWithThen(mockDb);
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				ReportsRepository,
+				{ provide: DatabaseService, useValue: { db: mockDb } },
+			],
+		}).compile();
+
+		repository = module.get<ReportsRepository>(ReportsRepository);
+	});
+
+	it("should create report", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		const result = await repository.create({ reporterId: "u", reason: "spam" });
+		expect(result.id).toBe("1");
+	});
+
+	it("should find all", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		const result = await repository.findAll(10, 0);
+		expect(result).toHaveLength(1);
+	});
+
+	it("should update status", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([
+			{ id: "1", status: "resolved" },
+		]);
+		const result = await repository.updateStatus("1", "resolved");
+		expect(result[0].status).toBe("resolved");
+	});
+
+	it("should purge obsolete", async () => {
+		(mockDb.execute as jest.Mock).mockResolvedValue([{ id: "1" }]);
+		await repository.purgeObsolete(new Date());
+		expect(mockDb.delete).toHaveBeenCalled();
+	});
+});
--- a/backend/src/s3/s3.service.spec.ts
+++ b/backend/src/s3/s3.service.spec.ts
@@ -8,7 +8,6 @@ jest.mock("minio");
 describe("S3Service", () => {
 	let service: S3Service;
 	let configService: ConfigService;
-	// biome-ignore lint/suspicious/noExplicitAny: Fine for testing purposes
 	let minioClient: any;

 	beforeEach(async () => {
@@ -192,7 +191,7 @@ describe("S3Service", () => {
 				return null;
 			});
 			const url = service.getPublicUrl("test.webp");
-			expect(url).toBe("https://api.test.com/media/test.webp");
+			expect(url).toBe("https://api.test.com/media?path=test.webp");
 		});

 		it("should use DOMAIN_NAME and PORT for localhost", () => {
@@ -205,7 +204,7 @@ describe("S3Service", () => {
 				},
 			);
 			const url = service.getPublicUrl("test.webp");
-			expect(url).toBe("http://localhost:3000/media/test.webp");
+			expect(url).toBe("http://localhost:3000/media?path=test.webp");
 		});

 		it("should use api.DOMAIN_NAME for production", () => {
@@ -217,7 +216,7 @@ describe("S3Service", () => {
 				},
 			);
 			const url = service.getPublicUrl("test.webp");
-			expect(url).toBe("https://api.memegoat.fr/media/test.webp");
+			expect(url).toBe("https://api.memegoat.fr/media?path=test.webp");
 		});
 	});
 });
--- a/backend/src/s3/s3.service.ts
+++ b/backend/src/s3/s3.service.ts
@@ -173,6 +173,6 @@ export class S3Service implements OnModuleInit, IStorageService {
 			baseUrl = `https://api.${domain}`;
 		}

-		return `${baseUrl}/media/${storageKey}`;
+		return `${baseUrl}/media?path=${storageKey}`;
 	}
 }
--- a/backend/src/tags/tags.controller.spec.ts
+++ b/backend/src/tags/tags.controller.spec.ts
@@ -0,0 +1,69 @@
+jest.mock("uuid", () => ({
+	v4: jest.fn(() => "mocked-uuid"),
+}));
+
+jest.mock("@noble/post-quantum/ml-kem.js", () => ({
+	ml_kem768: {
+		keygen: jest.fn(),
+		encapsulate: jest.fn(),
+		decapsulate: jest.fn(),
+	},
+}));
+
+jest.mock("jose", () => ({
+	SignJWT: jest.fn().mockReturnValue({
+		setProtectedHeader: jest.fn().mockReturnThis(),
+		setIssuedAt: jest.fn().mockReturnThis(),
+		setExpirationTime: jest.fn().mockReturnThis(),
+		sign: jest.fn().mockResolvedValue("mocked-jwt"),
+	}),
+	jwtVerify: jest.fn(),
+}));
+
+import { CACHE_MANAGER } from "@nestjs/cache-manager";
+import { Test, TestingModule } from "@nestjs/testing";
+import { TagsController } from "./tags.controller";
+import { TagsService } from "./tags.service";
+
+describe("TagsController", () => {
+	let controller: TagsController;
+	let service: TagsService;
+
+	const mockTagsService = {
+		findAll: jest.fn(),
+	};
+
+	const mockCacheManager = {
+		get: jest.fn(),
+		set: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [TagsController],
+			providers: [
+				{ provide: TagsService, useValue: mockTagsService },
+				{ provide: CACHE_MANAGER, useValue: mockCacheManager },
+			],
+		}).compile();
+
+		controller = module.get<TagsController>(TagsController);
+		service = module.get<TagsService>(TagsService);
+	});
+
+	it("should be defined", () => {
+		expect(controller).toBeDefined();
+	});
+
+	describe("findAll", () => {
+		it("should call service.findAll", async () => {
+			await controller.findAll(10, 0, "test", "popular");
+			expect(service.findAll).toHaveBeenCalledWith({
+				limit: 10,
+				offset: 0,
+				query: "test",
+				sortBy: "popular",
+			});
+		});
+	});
+});
--- a/backend/src/users/dto/update-user.dto.ts
+++ b/backend/src/users/dto/update-user.dto.ts
@@ -14,4 +14,12 @@ export class UpdateUserDto {
 	@IsOptional()
 	@IsString()
 	avatarUrl?: string;
+
+	@IsOptional()
+	@IsString()
+	status?: "active" | "verification" | "suspended" | "pending" | "deleted";
+
+	@IsOptional()
+	@IsString()
+	role?: string;
 }
--- a/backend/src/users/repositories/users.repository.spec.ts
+++ b/backend/src/users/repositories/users.repository.spec.ts
@@ -0,0 +1,150 @@
+import { Test, TestingModule } from "@nestjs/testing";
+import { DatabaseService } from "../../database/database.service";
+import { UsersRepository } from "./users.repository";
+
+describe("UsersRepository", () => {
+	let repository: UsersRepository;
+	let _databaseService: DatabaseService;
+
+	const mockDb = {
+		insert: jest.fn().mockReturnThis(),
+		values: jest.fn().mockReturnThis(),
+		returning: jest.fn().mockResolvedValue([{ uuid: "u1" }]),
+		select: jest.fn().mockReturnThis(),
+		from: jest.fn().mockReturnThis(),
+		where: jest.fn().mockReturnThis(),
+		limit: jest.fn().mockReturnThis(),
+		offset: jest.fn().mockReturnThis(),
+		update: jest.fn().mockReturnThis(),
+		set: jest.fn().mockReturnThis(),
+		delete: jest.fn().mockReturnThis(),
+		transaction: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			providers: [
+				UsersRepository,
+				{
+					provide: DatabaseService,
+					useValue: { db: mockDb },
+				},
+			],
+		}).compile();
+
+		repository = module.get<UsersRepository>(UsersRepository);
+		_databaseService = module.get<DatabaseService>(DatabaseService);
+		jest.clearAllMocks();
+	});
+
+	it("should be defined", () => {
+		expect(repository).toBeDefined();
+	});
+
+	describe("create", () => {
+		it("should insert a user", async () => {
+			const data = {
+				username: "u",
+				email: "e",
+				passwordHash: "p",
+				emailHash: "eh",
+			};
+			await repository.create(data);
+			expect(mockDb.insert).toHaveBeenCalled();
+			expect(mockDb.values).toHaveBeenCalledWith(data);
+		});
+	});
+
+	describe("findByEmailHash", () => {
+		it("should select user by email hash", async () => {
+			mockDb.limit.mockResolvedValueOnce([{ uuid: "u1" }]);
+			const result = await repository.findByEmailHash("hash");
+			expect(result.uuid).toBe("u1");
+			expect(mockDb.select).toHaveBeenCalled();
+			expect(mockDb.where).toHaveBeenCalled();
+		});
+	});
+
+	describe("findOneWithPrivateData", () => {
+		it("should select user with private data", async () => {
+			mockDb.limit.mockResolvedValueOnce([{ uuid: "u1" }]);
+			const result = await repository.findOneWithPrivateData("u1");
+			expect(result.uuid).toBe("u1");
+		});
+	});
+
+	describe("countAll", () => {
+		it("should return count", async () => {
+			mockDb.from.mockResolvedValueOnce([{ count: 5 }]);
+			const result = await repository.countAll();
+			expect(result).toBe(5);
+		});
+	});
+
+	describe("findAll", () => {
+		it("should select users with limit and offset", async () => {
+			mockDb.offset.mockResolvedValueOnce([{ uuid: "u1" }]);
+			const result = await repository.findAll(10, 0);
+			expect(result[0].uuid).toBe("u1");
+			expect(mockDb.limit).toHaveBeenCalledWith(10);
+			expect(mockDb.offset).toHaveBeenCalledWith(0);
+		});
+	});
+
+	describe("findByUsername", () => {
+		it("should find by username", async () => {
+			mockDb.limit.mockResolvedValueOnce([{ uuid: "u1" }]);
+			const result = await repository.findByUsername("u");
+			expect(result.uuid).toBe("u1");
+		});
+	});
+
+	describe("update", () => {
+		it("should update user", async () => {
+			mockDb.returning.mockResolvedValueOnce([{ uuid: "u1" }]);
+			await repository.update("u1", { displayName: "New" });
+			expect(mockDb.update).toHaveBeenCalled();
+			expect(mockDb.set).toHaveBeenCalled();
+		});
+	});
+
+	describe("getTwoFactorSecret", () => {
+		it("should return secret", async () => {
+			mockDb.limit.mockResolvedValueOnce([{ secret: "s" }]);
+			const result = await repository.getTwoFactorSecret("u1");
+			expect(result).toBe("s");
+		});
+	});
+
+	describe("getUserContents", () => {
+		it("should return contents", async () => {
+			mockDb.where.mockResolvedValueOnce([{ id: "c1" }]);
+			const result = await repository.getUserContents("u1");
+			expect(result[0].id).toBe("c1");
+		});
+	});
+
+	describe("softDeleteUserAndContents", () => {
+		it("should run transaction", async () => {
+			const mockTx = {
+				update: jest.fn().mockReturnThis(),
+				set: jest.fn().mockReturnThis(),
+				where: jest.fn().mockReturnThis(),
+				returning: jest.fn().mockResolvedValue([{ uuid: "u1" }]),
+			};
+			mockDb.transaction.mockImplementation(async (cb) => cb(mockTx));
+
+			const result = await repository.softDeleteUserAndContents("u1");
+			expect(result[0].uuid).toBe("u1");
+			expect(mockTx.update).toHaveBeenCalledTimes(2);
+		});
+	});
+
+	describe("purgeDeleted", () => {
+		it("should delete old deleted users", async () => {
+			mockDb.returning.mockResolvedValueOnce([{ uuid: "u1" }]);
+			const _result = await repository.purgeDeleted(new Date());
+			expect(mockDb.delete).toHaveBeenCalled();
+		});
+	});
+});
--- a/backend/src/users/repositories/users.repository.ts
+++ b/backend/src/users/repositories/users.repository.ts
@@ -64,7 +64,7 @@ export class UsersRepository {
 	}

 	async findAll(limit: number, offset: number) {
-		return await this.databaseService.db
+		const result = await this.databaseService.db
 			.select({
 				uuid: users.uuid,
 				username: users.username,
@@ -77,6 +77,8 @@ export class UsersRepository {
 			.from(users)
 			.limit(limit)
 			.offset(offset);
+
+		return result;
 	}

 	async findByUsername(username: string) {
--- a/backend/src/users/users.controller.spec.ts
+++ b/backend/src/users/users.controller.spec.ts
@@ -0,0 +1,192 @@
+jest.mock("uuid", () => ({
+	v4: jest.fn(() => "mocked-uuid"),
+}));
+
+jest.mock("@noble/post-quantum/ml-kem.js", () => ({
+	ml_kem768: {
+		keygen: jest.fn(),
+		encapsulate: jest.fn(),
+		decapsulate: jest.fn(),
+	},
+}));
+
+jest.mock("jose", () => ({
+	SignJWT: jest.fn().mockReturnValue({
+		setProtectedHeader: jest.fn().mockReturnThis(),
+		setIssuedAt: jest.fn().mockReturnThis(),
+		setExpirationTime: jest.fn().mockReturnThis(),
+		sign: jest.fn().mockResolvedValue("mocked-jwt"),
+	}),
+	jwtVerify: jest.fn(),
+}));
+
+import { CACHE_MANAGER } from "@nestjs/cache-manager";
+import { Test, TestingModule } from "@nestjs/testing";
+import { AuthService } from "../auth/auth.service";
+import { AuthGuard } from "../auth/guards/auth.guard";
+import { RolesGuard } from "../auth/guards/roles.guard";
+import { AuthenticatedRequest } from "../common/interfaces/request.interface";
+import { UsersController } from "./users.controller";
+import { UsersService } from "./users.service";
+
+describe("UsersController", () => {
+	let controller: UsersController;
+	let usersService: UsersService;
+	let authService: AuthService;
+
+	const mockUsersService = {
+		findAll: jest.fn(),
+		findPublicProfile: jest.fn(),
+		findOneWithPrivateData: jest.fn(),
+		exportUserData: jest.fn(),
+		update: jest.fn(),
+		updateAvatar: jest.fn(),
+		updateConsent: jest.fn(),
+		remove: jest.fn(),
+	};
+
+	const mockAuthService = {
+		generateTwoFactorSecret: jest.fn(),
+		enableTwoFactor: jest.fn(),
+		disableTwoFactor: jest.fn(),
+	};
+
+	const mockCacheManager = {
+		get: jest.fn(),
+		set: jest.fn(),
+	};
+
+	beforeEach(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			controllers: [UsersController],
+			providers: [
+				{ provide: UsersService, useValue: mockUsersService },
+				{ provide: AuthService, useValue: mockAuthService },
+				{ provide: CACHE_MANAGER, useValue: mockCacheManager },
+			],
+		})
+			.overrideGuard(AuthGuard)
+			.useValue({ canActivate: () => true })
+			.overrideGuard(RolesGuard)
+			.useValue({ canActivate: () => true })
+			.compile();
+
+		controller = module.get<UsersController>(UsersController);
+		usersService = module.get<UsersService>(UsersService);
+		authService = module.get<AuthService>(AuthService);
+	});
+
+	it("should be defined", () => {
+		expect(controller).toBeDefined();
+	});
+
+	describe("findAll", () => {
+		it("should call usersService.findAll", async () => {
+			await controller.findAll(10, 0);
+			expect(usersService.findAll).toHaveBeenCalledWith(10, 0);
+		});
+	});
+
+	describe("findPublicProfile", () => {
+		it("should call usersService.findPublicProfile", async () => {
+			await controller.findPublicProfile("testuser");
+			expect(usersService.findPublicProfile).toHaveBeenCalledWith("testuser");
+		});
+	});
+
+	describe("findMe", () => {
+		it("should call usersService.findOneWithPrivateData", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.findMe(req);
+			expect(usersService.findOneWithPrivateData).toHaveBeenCalledWith(
+				"user-uuid",
+			);
+		});
+	});
+
+	describe("exportMe", () => {
+		it("should call usersService.exportUserData", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.exportMe(req);
+			expect(usersService.exportUserData).toHaveBeenCalledWith("user-uuid");
+		});
+	});
+
+	describe("updateMe", () => {
+		it("should call usersService.update", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			const dto = { displayName: "New Name" };
+			await controller.updateMe(req, dto);
+			expect(usersService.update).toHaveBeenCalledWith("user-uuid", dto);
+		});
+	});
+
+	describe("updateAvatar", () => {
+		it("should call usersService.updateAvatar", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			const file = {} as Express.Multer.File;
+			await controller.updateAvatar(req, file);
+			expect(usersService.updateAvatar).toHaveBeenCalledWith("user-uuid", file);
+		});
+	});
+
+	describe("updateConsent", () => {
+		it("should call usersService.updateConsent", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			const dto = { termsVersion: "1.0", privacyVersion: "1.0" };
+			await controller.updateConsent(req, dto);
+			expect(usersService.updateConsent).toHaveBeenCalledWith(
+				"user-uuid",
+				"1.0",
+				"1.0",
+			);
+		});
+	});
+
+	describe("removeMe", () => {
+		it("should call usersService.remove", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.removeMe(req);
+			expect(usersService.remove).toHaveBeenCalledWith("user-uuid");
+		});
+	});
+
+	describe("removeAdmin", () => {
+		it("should call usersService.remove", async () => {
+			await controller.removeAdmin("target-uuid");
+			expect(usersService.remove).toHaveBeenCalledWith("target-uuid");
+		});
+	});
+
+	describe("setup2fa", () => {
+		it("should call authService.generateTwoFactorSecret", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.setup2fa(req);
+			expect(authService.generateTwoFactorSecret).toHaveBeenCalledWith(
+				"user-uuid",
+			);
+		});
+	});
+
+	describe("enable2fa", () => {
+		it("should call authService.enableTwoFactor", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.enable2fa(req, "token123");
+			expect(authService.enableTwoFactor).toHaveBeenCalledWith(
+				"user-uuid",
+				"token123",
+			);
+		});
+	});
+
+	describe("disable2fa", () => {
+		it("should call authService.disableTwoFactor", async () => {
+			const req = { user: { sub: "user-uuid" } } as AuthenticatedRequest;
+			await controller.disable2fa(req, "token123");
+			expect(authService.disableTwoFactor).toHaveBeenCalledWith(
+				"user-uuid",
+				"token123",
+			);
+		});
+	});
+});
--- a/backend/src/users/users.controller.ts
+++ b/backend/src/users/users.controller.ts
@@ -112,6 +112,16 @@ export class UsersController {
 		return this.usersService.remove(uuid);
 	}

+	@Patch("admin/:uuid")
+	@UseGuards(AuthGuard, RolesGuard)
+	@Roles("admin")
+	updateAdmin(
+		@Param("uuid") uuid: string,
+		@Body() updateUserDto: UpdateUserDto,
+	) {
+		return this.usersService.update(uuid, updateUserDto);
+	}
+
 	// Double Authentification (2FA)
 	@Post("me/2fa/setup")
 	@UseGuards(AuthGuard)
--- a/backend/src/users/users.service.spec.ts
+++ b/backend/src/users/users.service.spec.ts
@@ -128,4 +128,112 @@ describe("UsersService", () => {
 			expect(result[0].displayName).toBe("New");
 		});
 	});
+
+	describe("clearUserCache", () => {
+		it("should delete cache", async () => {
+			await service.clearUserCache("u1");
+			expect(mockCacheManager.del).toHaveBeenCalledWith("users/profile/u1");
+		});
+	});
+
+	describe("findByEmailHash", () => {
+		it("should call repository.findByEmailHash", async () => {
+			mockUsersRepository.findByEmailHash.mockResolvedValue({ uuid: "u1" });
+			const result = await service.findByEmailHash("hash");
+			expect(result.uuid).toBe("u1");
+			expect(mockUsersRepository.findByEmailHash).toHaveBeenCalledWith("hash");
+		});
+	});
+
+	describe("findOneWithPrivateData", () => {
+		it("should return user with roles", async () => {
+			mockUsersRepository.findOneWithPrivateData.mockResolvedValue({ uuid: "u1" });
+			mockRbacService.getUserRoles.mockResolvedValue(["admin"]);
+			const result = await service.findOneWithPrivateData("u1");
+			expect(result.roles).toEqual(["admin"]);
+		});
+	});
+
+	describe("findAll", () => {
+		it("should return all users", async () => {
+			mockUsersRepository.findAll.mockResolvedValue([{ uuid: "u1" }]);
+			mockUsersRepository.countAll.mockResolvedValue(1);
+
+			const result = await service.findAll(10, 0);
+
+			expect(result.totalCount).toBe(1);
+			expect(result.data[0].uuid).toBe("u1");
+		});
+	});
+
+	describe("findPublicProfile", () => {
+		it("should return public profile", async () => {
+			mockUsersRepository.findByUsername.mockResolvedValue({
+				uuid: "u1",
+				username: "u1",
+			});
+			const result = await service.findPublicProfile("u1");
+			expect(result.username).toBe("u1");
+		});
+	});
+
+	describe("updateConsent", () => {
+		it("should update consent", async () => {
+			await service.updateConsent("u1", "v1", "v2");
+			expect(mockUsersRepository.update).toHaveBeenCalledWith("u1", {
+				termsVersion: "v1",
+				privacyVersion: "v2",
+				gdprAcceptedAt: expect.any(Date),
+			});
+		});
+	});
+
+	describe("setTwoFactorSecret", () => {
+		it("should set 2fa secret", async () => {
+			await service.setTwoFactorSecret("u1", "secret");
+			expect(mockUsersRepository.update).toHaveBeenCalledWith("u1", {
+				twoFactorSecret: "secret",
+			});
+		});
+	});
+
+	describe("toggleTwoFactor", () => {
+		it("should toggle 2fa", async () => {
+			await service.toggleTwoFactor("u1", true);
+			expect(mockUsersRepository.update).toHaveBeenCalledWith("u1", {
+				isTwoFactorEnabled: true,
+			});
+		});
+	});
+
+	describe("getTwoFactorSecret", () => {
+		it("should return 2fa secret", async () => {
+			mockUsersRepository.getTwoFactorSecret.mockResolvedValue("secret");
+			const result = await service.getTwoFactorSecret("u1");
+			expect(result).toBe("secret");
+		});
+	});
+
+	describe("exportUserData", () => {
+		it("should return all user data", async () => {
+			mockUsersRepository.findOneWithPrivateData.mockResolvedValue({ uuid: "u1" });
+			mockUsersRepository.getUserContents.mockResolvedValue([]);
+			mockUsersRepository.getUserFavorites.mockResolvedValue([]);
+
+			const result = await service.exportUserData("u1");
+
+			expect(result.profile).toBeDefined();
+			expect(result.contents).toBeDefined();
+			expect(result.favorites).toBeDefined();
+		});
+	});
+
+	describe("remove", () => {
+		it("should soft delete user", async () => {
+			await service.remove("u1");
+			expect(mockUsersRepository.softDeleteUserAndContents).toHaveBeenCalledWith(
+				"u1",
+			);
+		});
+	});
 });
--- a/backend/src/users/users.service.ts
+++ b/backend/src/users/users.service.ts
@@ -100,7 +100,14 @@ export class UsersService {

 	async update(uuid: string, data: UpdateUserDto) {
 		this.logger.log(`Updating user profile for ${uuid}`);
-		const result = await this.usersRepository.update(uuid, data);
+
+		const { role, ...userData } = data;
+
+		const result = await this.usersRepository.update(uuid, userData);
+
+		if (role) {
+			await this.rbacService.assignRoleToUser(uuid, role);
+		}

 		if (result[0]) {
 			await this.clearUserCache(result[0].username);
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -9,6 +9,8 @@ services:
      POSTGRES_DB: ${POSTGRES_DB:-app}
    networks:
      - nw_memegoat
+    ports:
+      - "127.0.0.1:5432:5432"    # not exposed to WAN, LAN only for administration checkup
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
@@ -35,6 +37,7 @@ services:
    restart: always
    networks:
      - nw_memegoat
+      - nw_caddy
    #ports:
    #  - "9000:9000"
    #  - "9001:9001"
--- a/documentation/content/docs/api-reference.mdx
+++ b/documentation/content/docs/api-reference.mdx
@@ -18,15 +18,21 @@ Cette page documente tous les points de terminaison disponibles sur l'API Memego
    Inscrit un nouvel utilisateur.

    **Corps de la requête (JSON) :**
-    - `username` (string) : Nom d'utilisateur unique.
+    - `username` (string, max: 32) : Nom d'utilisateur unique.
    - `email` (string) : Adresse email valide.
-    - `password` (string) : Mot de passe (min. 8 caractères).
+    - `password` (string, min: 8) : Mot de passe.
+    - `displayName` (string, optional, max: 32) : Nom d'affichage.
+
+    **Réponses :**
+    - `201 Created` : Utilisateur créé.
+    - `400 Bad Request` : Validation échouée ou utilisateur déjà existant.

    ```json
    {
      "username": "goat_user",
      "email": "user@memegoat.fr",
-      "password": "strong-password"
+      "password": "strong-password",
+      "displayName": "Le Bouc"
    }
    ```
  </Accordion>
@@ -38,23 +44,25 @@ Cette page documente tous les points de terminaison disponibles sur l'API Memego
    - `email` (string)
    - `password` (string)

-    **Réponse (Succès) :**
-    ```json
-    {
-      "message": "User logged in successfully",
-      "userId": "uuid-v4"
-    }
-    ```
-    *Note: L'access_token et le refresh_token sont stockés dans un cookie HttpOnly chiffré.*
+    **Réponses :**
+    - `200 OK` : Connexion réussie.
+      ```json
+      {
+        "message": "User logged in successfully",
+        "userId": "uuid-v4"
+      }
+      ```
+    - `200 OK` (2FA requise) :
+      ```json
+      {
+        "message": "2FA required",
+        "requires2FA": true,
+        "userId": "uuid-v4"
+      }
+      ```
+    - `401 Unauthorized` : Identifiants invalides.

-    **Réponse (2FA requise) :**
-    ```json
-    {
-      "message": "2FA required",
-      "requires2FA": true,
-      "userId": "uuid-v4"
-    }
-    ```
+    *Note: L'access_token et le refresh_token sont stockés dans un cookie HttpOnly chiffré.*
  </Accordion>

  <Accordion title="POST /auth/verify-2fa">
@@ -63,15 +71,41 @@ Cette page documente tous les points de terminaison disponibles sur l'API Memego
    **Corps de la requête :**
    - `userId` (uuid) : ID de l'utilisateur.
    - `token` (string) : Code TOTP à 6 chiffres.
+
+    **Réponses :**
+    - `200 OK` : Vérification réussie, session établie.
+    - `401 Unauthorized` : Token invalide ou utilisateur non autorisé.
  </Accordion>

  <Accordion title="POST /auth/refresh">
    Obtient un nouvel `access_token` à partir du `refresh_token` stocké dans la session.
    Met à jour automatiquement le cookie de session.
+
+    **Réponses :**
+    - `200 OK` : Token rafraîchi.
+    - `401 Unauthorized` : Refresh token absent ou invalide.
  </Accordion>

  <Accordion title="POST /auth/logout">
-    Invalide la session actuelle.
+    Invalide la session actuelle en détruisant le cookie de session.
+
+    **Réponses :**
+    - `200 OK` : Déconnexion réussie.
+  </Accordion>
+
+  <Accordion title="GET /auth/bootstrap-admin">
+    Élève les privilèges d'un utilisateur au rang d'administrateur. 
+    <Callout type="warn">
+      Cette route n'est active que si aucun administrateur n'existe en base de données. Le token est affiché dans les logs de la console au démarrage.
+    </Callout>
+
+    **Query Params :**
+    - `token` (string) : Token à usage unique généré par le système.
+    - `username` (string) : Nom de l'utilisateur à promouvoir.
+
+    **Réponses :**
+    - `200 OK` : Utilisateur promu.
+    - `401 Unauthorized` : Token invalide ou utilisateur non trouvé.
  </Accordion>
 </Accordions>

@@ -80,36 +114,62 @@ Cette page documente tous les points de terminaison disponibles sur l'API Memego
 <Accordions>
  <Accordion title="GET /users/me">
    Récupère les informations détaillées de l'utilisateur connecté. Requiert l'authentification.
+
+    **Réponses :**
+    - `200 OK` : Retourne l'objet utilisateur complet (incluant données privées).
+    - `401 Unauthorized` : Session invalide.
  </Accordion>

  <Accordion title="GET /users/public/:username">
-    Récupère le profil public d'un utilisateur par son nom d'utilisateur.
-    **Réponse :** `id`, `username`, `displayName`, `avatarUrl`, `createdAt`.
+    Récupère le profil public d'un utilisateur par son nom d'utilisateur. Mise en cache pendant 1 minute.
+
+    **Réponses :**
+    - `200 OK` : Profil public (id, username, displayName, bio, avatarUrl, createdAt).
+    - `404 Not Found` : Utilisateur non trouvé.
  </Accordion>

  <Accordion title="GET /users/me/export">
    Extrait l'intégralité des données de l'utilisateur au format JSON (Conformité RGPD).
-    Contient le profil, les contenus et les favoris.
+    Contient le profil, les contenus créés et les favoris.
+
+    **Réponses :**
+    - `200 OK` : Archive JSON des données.
+    - `401 Unauthorized` : Non authentifié.
  </Accordion>

  <Accordion title="PATCH /users/me">
    Met à jour les informations du profil.
-    **Corps :**
-    - `displayName` (string)
-    - `bio` (string)
+
+    **Corps de la requête :**
+    - `displayName` (string, optional, max: 32)
+    - `bio` (string, optional, max: 255)
+    - `avatarUrl` (string, optional) : URL directe de l'avatar.
+
+    **Réponses :**
+    - `200 OK` : Profil mis à jour.
+    - `400 Bad Request` : Validation échouée.
  </Accordion>

  <Accordion title="POST /users/me/avatar">
-    Met à jour l'avatar de l'utilisateur.
+    Met à jour l'avatar de l'utilisateur via upload de fichier.
+
    **Type :** `multipart/form-data`
-    **Champ :** `file` (Image)
+    **Champ :** `file` (Image: png, jpeg, webp)
+
+    **Réponses :**
+    - `201 Created` : Avatar téléchargé et mis à jour.
+    - `400 Bad Request` : Fichier invalide ou trop volumineux.
  </Accordion>

  <Accordion title="PATCH /users/me/consent">
-    Met à jour les consentements légaux de l'utilisateur.
-    **Corps :**
-    - `termsVersion` (string)
-    - `privacyVersion` (string)
+    Met à jour les consentements légaux de l'utilisateur (CGU/RGPD).
+
+    **Corps de la requête :**
+    - `termsVersion` (string, max: 16)
+    - `privacyVersion` (string, max: 16)
+
+    **Réponses :**
+    - `200 OK` : Consentements enregistrés.
  </Accordion>

  <Accordion title="DELETE /users/me">
@@ -117,132 +177,388 @@ Cette page documente tous les points de terminaison disponibles sur l'API Memego
    <Callout type="warn">
      Les données sont définitivement purgées après un délai légal de 30 jours.
    </Callout>
+
+    **Réponses :**
+    - `200 OK` : Suppression planifiée.
  </Accordion>

-  <Accordion title="Gestion 2FA">
-    - `POST /users/me/2fa/setup` : Génère un secret et QR Code.
-    - `POST /users/me/2fa/enable` : Active après vérification du jeton.
-    - `POST /users/me/2fa/disable` : Désactive avec jeton.
+  <Accordion title="POST /users/me/2fa/setup">
+    Génère un secret et un QR Code pour la configuration de la 2FA.
+
+    **Réponses :**
+    - `201 Created` :
+      ```json
+      {
+        "secret": "JBSWY3DPEHPK3PXP",
+        "qrCodeDataUrl": "data:image/png;base64,..."
+      }
+      ```
  </Accordion>

-  <Accordion title="Administration (Admin uniquement)">
-    - `GET /users/admin` : Liste tous les utilisateurs (avec pagination `limit`, `offset`).
-    - `DELETE /users/:uuid` : Supprime définitivement un utilisateur par son UUID.
+  <Accordion title="POST /users/me/2fa/enable">
+    Active la 2FA après vérification du jeton TOTP.
+
+    **Corps de la requête :**
+    - `token` (string) : Code TOTP généré par l'app.
+
+    **Réponses :**
+    - `200 OK` : 2FA activée.
+    - `400 Bad Request` : Token invalide ou 2FA non initiée.
+  </Accordion>
+
+  <Accordion title="POST /users/me/2fa/disable">
+    Désactive la 2FA en utilisant un jeton TOTP valide.
+
+    **Corps de la requête :**
+    - `token` (string) : Code TOTP.
+
+    **Réponses :**
+    - `200 OK` : 2FA désactivée.
+  </Accordion>
+
+  <Accordion title="GET /users/admin">
+    Liste tous les utilisateurs. **Réservé aux administrateurs.**
+
+    **Query Params :**
+    - `limit` (number) : Défaut 10.
+    - `offset` (number) : Défaut 0.
+
+    **Réponses :**
+    - `200 OK` : Liste paginée des utilisateurs.
+    - `403 Forbidden` : Droits insuffisants.
+  </Accordion>
+
+  <Accordion title="DELETE /users/:uuid">
+    Supprime définitivement un utilisateur par son UUID. **Réservé aux administrateurs.**
+
+    **Réponses :**
+    - `200 OK` : Utilisateur supprimé.
  </Accordion>
 </Accordions>

 ### 🖼️ Contenus (`/contents`)

 <Accordions>
-  <Accordion title="GET /contents/explore | /trends | /recent">
-    Recherche et filtre les contenus. Ces endpoints sont mis en cache (Redis + Navigateur).
+  <Accordion title="GET /contents/explore">
+    Recherche et filtre les contenus. Cet endpoint est mis en cache pendant 1 minute.
    
    **Query Params :**
    - `limit` (number) : Défaut 10.
    - `offset` (number) : Défaut 0.
-    - `sort` : `trend` | `recent` (uniquement sur `/explore`)
-    - `tag` (string) : Filtrer par tag.
-    - `category` (slug ou id) : Filtrer par catégorie.
+    - `sort` : `trend` | `recent`
+    - `tag` (string) : Filtrer par tag (nom).
+    - `category` (slug ou uuid) : Filtrer par catégorie.
    - `author` (username) : Filtrer par auteur.
-    - `query` (titre) : Recherche textuelle.
-    - `favoritesOnly` (bool) : Ne montrer que les favoris de l'utilisateur connecté.
-    - `userId` (uuid) : Filtrer les contenus d'un utilisateur spécifique.
+    - `query` (string) : Recherche textuelle dans le titre.
+    - `favoritesOnly` (boolean) : Ne montrer que les favoris de l'utilisateur (nécessite auth).
+    - `userId` (uuid) : Filtrer par ID utilisateur.
+
+    **Réponses :**
+    - `200 OK` : Liste paginée des contenus.
+  </Accordion>
+
+  <Accordion title="GET /contents/trends">
+    Récupère les contenus les plus populaires du moment. Cache de 5 minutes.
+
+    **Query Params :** `limit`, `offset`.
+
+    **Réponses :**
+    - `200 OK` : Liste des tendances.
+  </Accordion>
+
+  <Accordion title="GET /contents/recent">
+    Récupère les contenus les plus récents. Cache de 1 minute.
+
+    **Query Params :** `limit`, `offset`.
+
+    **Réponses :**
+    - `200 OK` : Liste des contenus récents.
  </Accordion>

  <Accordion title="GET /contents/:idOrSlug">
-    Récupère un contenu par son ID ou son Slug.
+    Récupère un contenu par son ID ou son Slug. Cache de 1 heure.
    
    **Détection de Bots (SEO) :**
-    Si l'User-Agent correspond à un robot d'indexation (Googlebot, Twitterbot, etc.), l'API retourne un rendu HTML minimal contenant les méta-tags **OpenGraph** et **Twitter Cards** pour un partage optimal. Pour les autres clients, les données sont retournées en JSON.
+    Si l'User-Agent correspond à un robot d'indexation (Googlebot, Twitterbot, etc.), l'API retourne un rendu HTML minimal contenant les méta-tags **OpenGraph** et **Twitter Cards**.
+
+    **Réponses :**
+    - `200 OK` : Objet Contenu ou Rendu HTML (Bots).
+    - `404 Not Found` : Contenu inexistant.
  </Accordion>

  <Accordion title="POST /contents">
-    Crée une entrée de contenu (sans upload de fichier direct). Utile pour référencer des URLs externes.
-    **Corps :** `title`, `description`, `url`, `type`, `categoryId`, `tags`.
+    Crée une entrée de contenu à partir d'une ressource déjà uploadée ou externe.
+
+    **Corps de la requête :**
+    - `type` : `meme` | `gif`
+    - `title` (string, max: 255)
+    - `storageKey` (string, max: 512) : Clé du fichier sur S3.
+    - `mimeType` (string, max: 128)
+    - `fileSize` (number)
+    - `categoryId` (uuid, optional)
+    - `tags` (string[], optional)
+
+    **Réponses :**
+    - `201 Created` : Contenu référencé.
+    - `401 Unauthorized` : Non authentifié.
  </Accordion>

  <Accordion title="POST /contents/upload">
-    Upload un fichier avec traitement automatique par le serveur.
-    **Type :** `multipart/form-data`
+    Upload un fichier et crée le contenu associé en une seule étape.

+    **Type :** `multipart/form-data`
    **Champs :**
    - `file` (binary) : png, jpeg, webp, webm, gif.
    - `type` : `meme` | `gif`
-    - `title` : string
-    - `categoryId`? : uuid
-    - `tags`? : string[]
+    - `title` (string)
+    - `categoryId` (uuid, optional)
+    - `tags` (string[], optional)
+
+    **Réponses :**
+    - `201 Created` : Upload réussi et contenu créé.
+    - `400 Bad Request` : Fichier non supporté ou données invalides.
  </Accordion>

  <Accordion title="POST /contents/upload-url">
    Génère une URL présignée pour un upload direct vers S3.
-    **Query Param :** `fileName` (string).
+
+    **Query Param :**
+    - `fileName` (string) : Nom du fichier avec extension.
+
+    **Réponses :**
+    - `201 Created` : Retourne l'URL présignée et les champs requis.
  </Accordion>

-  <Accordion title="POST /contents/:id/view | /use">
-    Incrémente les statistiques de vue ou d'utilisation.
+  <Accordion title="POST /contents/:id/view">
+    Incrémente le compteur de vues d'un contenu.
+
+    **Réponses :**
+    - `201 Created` : Compteur incrémenté.
+  </Accordion>
+
+  <Accordion title="POST /contents/:id/use">
+    Incrémente le compteur d'utilisation (clic sur "Utiliser").
+
+    **Réponses :**
+    - `201 Created` : Compteur incrémenté.
  </Accordion>

  <Accordion title="DELETE /contents/:id">
    Supprime un contenu (Soft Delete). Doit être l'auteur.
+
+    **Réponses :**
+    - `200 OK` : Contenu supprimé.
+    - `403 Forbidden` : Tentative de supprimer le contenu d'autrui.
  </Accordion>

  <Accordion title="DELETE /contents/:id/admin">
    Supprime définitivement un contenu. **Réservé aux administrateurs.**
+
+    **Réponses :**
+    - `200 OK` : Contenu supprimé définitivement.
  </Accordion>
 </Accordions>

-### 📂 Catégories, ⭐ Favoris, 🚩 Signalements
+### 📂 Catégories (`/categories`)

 <Accordions>
-  <Accordion title="Catégories (/categories)">
-    - `GET /categories` : Liste toutes les catégories.
-    - `GET /categories/:id` : Détails d'une catégorie.
-    - `POST /categories` : Création (Admin uniquement).
-    - `PATCH /categories/:id` : Mise à jour (Admin uniquement).
-    - `DELETE /categories/:id` : Suppression (Admin uniquement).
+  <Accordion title="GET /categories">
+    Liste toutes les catégories de mèmes disponibles. Cache de 1 heure.
+
+    **Réponses :**
+    - `200 OK` : Liste d'objets catégorie.
  </Accordion>

-  <Accordion title="Favoris (/favorites)">
-    Requiert l'authentification.
-    - `GET /favorites` : Liste les favoris de l'utilisateur (avec pagination `limit`, `offset`).
-    - `POST /favorites/:contentId` : Ajoute un favori.
-    - `DELETE /favorites/:contentId` : Retire un favori.
+  <Accordion title="GET /categories/:id">
+    Récupère les détails d'une catégorie spécifique.
+
+    **Réponses :**
+    - `200 OK` : Objet catégorie.
+    - `404 Not Found` : Catégorie non trouvée.
  </Accordion>

-  <Accordion title="Signalements (/reports)">
-    - `POST /reports` : Signale un contenu ou un tag.
-    - `GET /reports` : Liste des signalements (Pagination `limit`, `offset`). **Admin/Modérateurs**.
-    - `PATCH /reports/:id/status` : Change le statut (`pending`, `resolved`, `dismissed`). **Admin/Modérateurs**.
+  <Accordion title="POST /categories">
+    Crée une nouvelle catégorie. **Admin uniquement.**
+
+    **Corps de la requête :**
+    - `name` (string, max: 64)
+    - `description` (string, optional, max: 255)
+    - `iconUrl` (string, optional, max: 512)
+
+    **Réponses :**
+    - `201 Created` : Catégorie créée.
+  </Accordion>
+
+  <Accordion title="PATCH /categories/:id">
+    Met à jour une catégorie existante. **Admin uniquement.**
+
+    **Corps de la requête :** (Tous optionnels) `name`, `description`, `iconUrl`.
+
+    **Réponses :**
+    - `200 OK` : Catégorie mise à jour.
+  </Accordion>
+
+  <Accordion title="DELETE /categories/:id">
+    Supprime une catégorie. **Admin uniquement.**
+
+    **Réponses :**
+    - `200 OK` : Catégorie supprimée.
  </Accordion>
 </Accordions>

-### 🔑 Clés API & 🏷️ Tags
+### ⭐ Favoris (`/favorites`)

 <Accordions>
-  <Accordion title="Clés API (/api-keys)">
-    - `POST /api-keys` : Génère une clé `{ name, expiresAt? }`.
-    - `GET /api-keys` : Liste les clés actives.
-    - `DELETE /api-keys/:id` : Révoque une clé.
+  <Accordion title="GET /favorites">
+    Liste les favoris de l'utilisateur connecté.
+
+    **Query Params :**
+    - `limit` (number) : Défaut 10.
+    - `offset` (number) : Défaut 0.
+
+    **Réponses :**
+    - `200 OK` : Liste paginée des favoris.
+    - `401 Unauthorized` : Non authentifié.
  </Accordion>

-  <Accordion title="Tags (/tags)">
-    - `GET /tags` : Recherche de tags.
-    - **Params :** `query` (recherche), `sort` (`popular` | `recent`), `limit`, `offset`.
+  <Accordion title="POST /favorites/:contentId">
+    Ajoute un contenu aux favoris de l'utilisateur.
+
+    **Réponses :**
+    - `201 Created` : Favori ajouté.
+  </Accordion>
+
+  <Accordion title="DELETE /favorites/:contentId">
+    Retire un contenu des favoris de l'utilisateur.
+
+    **Réponses :**
+    - `200 OK` : Favori supprimé.
  </Accordion>
 </Accordions>

-### 🛠️ Système & Médias
+### 🚩 Signalements (`/reports`)

 <Accordions>
-  <Accordion title="Santé (/health)">
-    - `GET /health` : Vérifie l'état de l'API et de la connexion à la base de données.
+  <Accordion title="POST /reports">
+    Signale un contenu ou un tag pour modération.
+
+    **Corps de la requête :**
+    - `contentId` (uuid, optional) : ID du contenu à signaler.
+    - `tagId` (uuid, optional) : ID du tag à signaler.
+    - `reason` : `inappropriate` | `spam` | `copyright` | `other`
+    - `description` (string, optional, max: 1000)
+
+    **Réponses :**
+    - `201 Created` : Signalement enregistré.
  </Accordion>

-  <Accordion title="Médias (/media)">
-    - `GET /media/*key` : Accès direct aux fichiers stockés sur S3. Supporte la mise en cache agressive.
+  <Accordion title="GET /reports">
+    Liste les signalements. **Réservé aux administrateurs et modérateurs.**
+
+    **Query Params :**
+    - `limit` (number) : Défaut 10.
+    - `offset` (number) : Défaut 0.
+
+    **Réponses :**
+    - `200 OK` : Liste des signalements.
  </Accordion>

-  <Accordion title="Administration (/admin)">
-    - `GET /admin/stats` : Récupère les statistiques globales de la plateforme. **Admin uniquement**.
+  <Accordion title="PATCH /reports/:id/status">
+    Met à jour le statut d'un signalement. **Réservé aux administrateurs et modérateurs.**
+
+    **Corps de la requête :**
+    - `status` : `pending` | `reviewed` | `resolved` | `dismissed`
+
+    **Réponses :**
+    - `200 OK` : Statut mis à jour.
+  </Accordion>
+</Accordions>
+
+### 🔑 Clés API (`/api-keys`)
+
+<Accordions>
+  <Accordion title="POST /api-keys">
+    Génère une nouvelle clé API pour l'utilisateur.
+
+    **Corps de la requête :**
+    - `name` (string, max: 128) : Nom descriptif de la clé.
+    - `expiresAt` (date-string, optional) : Date d'expiration.
+
+    **Réponses :**
+    - `201 Created` : Clé générée. Retourne le token (à conserver précieusement, ne sera plus affiché).
+  </Accordion>
+
+  <Accordion title="GET /api-keys">
+    Liste toutes les clés API actives de l'utilisateur.
+
+    **Réponses :**
+    - `200 OK` : Liste des métadonnées des clés (nom, date de création, expiration).
+  </Accordion>
+
+  <Accordion title="DELETE /api-keys/:id">
+    Révoque une clé API spécifique.
+
+    **Réponses :**
+    - `200 OK` : Clé révoquée.
+  </Accordion>
+</Accordions>
+
+### 🏷️ Tags (`/tags`)
+
+<Accordions>
+  <Accordion title="GET /tags">
+    Liste les tags populaires ou recherchés. Cache de 5 minutes.
+
+    **Query Params :**
+    - `limit` (number) : Défaut 10.
+    - `offset` (number) : Défaut 0.
+    - `query` (string, optional) : Recherche par nom.
+    - `sort` : `popular` | `recent`
+
+    **Réponses :**
+    - `200 OK` : Liste paginée des tags.
+  </Accordion>
+</Accordions>
+
+### 🛠️ Système (`/health`)
+
+<Accordions>
+  <Accordion title="GET /health">
+    Vérifie l'état de santé de l'API et de ses dépendances (DB, Redis).
+
+    **Réponses :**
+    - `200 OK` : Système opérationnel.
+      ```json
+      {
+        "status": "ok",
+        "timestamp": "2024-01-21T10:00:00.000Z",
+        "database": "connected",
+        "redis": "connected"
+      }
+      ```
+    - `503 Service Unavailable` : Problème sur l'un des composants.
+  </Accordion>
+</Accordions>
+
+### 📁 Médias (`/media`)
+
+<Accordions>
+  <Accordion title="GET /media">
+    Sert un fichier média stocké sur S3 avec une gestion optimisée du cache.
+
+    **Query Params :**
+    - `path` (string) : Chemin relatif du fichier sur le bucket.
+
+    **Réponses :**
+    - `200 OK` : Flux binaire du fichier. Headers `Content-Type` et `Cache-Control` inclus.
+    - `404 Not Found` : Fichier introuvable.
+  </Accordion>
+</Accordions>
+
+### 📊 Administration (`/admin`)
+
+<Accordions>
+  <Accordion title="GET /admin/stats">
+    Récupère les statistiques globales d'utilisation de la plateforme (**Admin uniquement**).
  </Accordion>
 </Accordions>
--- a/documentation/content/docs/api.mdx
+++ b/documentation/content/docs/api.mdx
@@ -24,7 +24,7 @@ Le système utilise plusieurs méthodes d'authentification sécurisées pour ré

 Memegoat utilise une architecture de stockage d'objets compatible S3 (MinIO). Les interactions se font de deux manières :

-1.  **Proxification Backend** : Pour l'accès public via `/media/*`.
+1.  **Proxification Backend** : Pour l'accès public via `/media?path=...`.
 2.  **URLs Présignées** : Pour l'upload sécurisé direct depuis le client (via `/contents/upload-url`).

 ### Notifications (Mail)
--- a/frontend/next.config.ts
+++ b/frontend/next.config.ts
@@ -3,6 +3,18 @@ import type { NextConfig } from "next";
 const nextConfig: NextConfig = {
 	/* config options here */
 	reactCompiler: true,
+	images: {
+		remotePatterns: [
+			{
+				protocol: "https",
+				hostname: "memegoat.fr",
+			},
+			{
+				protocol: "https",
+				hostname: "api.memegoat.fr",
+			},
+		],
+	},
 	output: "standalone",
 };

--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,12 +1,13 @@
 {
 	"name": "@memegoat/frontend",
-	"version": "0.1.0",
+	"version": "1.4.0",
 	"private": true,
 	"scripts": {
 		"dev": "next dev",
 		"build": "next build",
 		"start": "next start",
 		"lint": "biome check",
+		"lint:write": "biome check --write",
 		"format": "biome format --write"
 	},
 	"dependencies": {
--- a/frontend/src/app/(dashboard)/admin/categories/category-dialog.tsx
+++ b/frontend/src/app/(dashboard)/admin/categories/category-dialog.tsx
@@ -0,0 +1,149 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { Button } from "@/components/ui/button";
+import {
+	Dialog,
+	DialogContent,
+	DialogFooter,
+	DialogHeader,
+	DialogTitle,
+} from "@/components/ui/dialog";
+import {
+	Form,
+	FormControl,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "@/components/ui/form";
+import { Input } from "@/components/ui/input";
+import { Textarea } from "@/components/ui/textarea";
+import { CategoryService } from "@/services/category.service";
+import type { Category } from "@/types/content";
+
+interface CategoryDialogProps {
+	category?: Category | null;
+	open: boolean;
+	onOpenChange: (open: boolean) => void;
+	onSuccess: () => void;
+}
+
+export function CategoryDialog({
+	category,
+	open,
+	onOpenChange,
+	onSuccess,
+}: CategoryDialogProps) {
+	const [loading, setLoading] = useState(false);
+
+	const form = useForm<Partial<Category>>({
+		defaultValues: {
+			name: "",
+			description: "",
+			iconUrl: "",
+		},
+	});
+
+	useEffect(() => {
+		if (category) {
+			form.reset({
+				name: category.name,
+				description: category.description || "",
+				iconUrl: category.iconUrl || "",
+			});
+		} else {
+			form.reset({
+				name: "",
+				description: "",
+				iconUrl: "",
+			});
+		}
+	}, [category, form]);
+
+	const onSubmit = async (values: Partial<Category>) => {
+		setLoading(true);
+		try {
+			if (category) {
+				await CategoryService.update(category.id, values);
+			} else {
+				await CategoryService.create(values);
+			}
+			onSuccess();
+			onOpenChange(false);
+		} catch (error) {
+			console.error(error);
+		} finally {
+			setLoading(false);
+		}
+	};
+
+	return (
+		<Dialog open={open} onOpenChange={onOpenChange}>
+			<DialogContent>
+				<DialogHeader>
+					<DialogTitle>
+						{category ? "Modifier la catégorie" : "Créer une catégorie"}
+					</DialogTitle>
+				</DialogHeader>
+				<Form {...form}>
+					<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
+						<FormField
+							control={form.control}
+							name="name"
+							rules={{ required: "Le nom est requis" }}
+							render={({ field }) => (
+								<FormItem>
+									<FormLabel>Nom</FormLabel>
+									<FormControl>
+										<Input {...field} placeholder="Nom de la catégorie" />
+									</FormControl>
+									<FormMessage />
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="description"
+							render={({ field }) => (
+								<FormItem>
+									<FormLabel>Description</FormLabel>
+									<FormControl>
+										<Textarea {...field} placeholder="Description (optionnel)" />
+									</FormControl>
+									<FormMessage />
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="iconUrl"
+							render={({ field }) => (
+								<FormItem>
+									<FormLabel>URL de l'icône</FormLabel>
+									<FormControl>
+										<Input {...field} placeholder="https://..." />
+									</FormControl>
+									<FormMessage />
+								</FormItem>
+							)}
+						/>
+						<DialogFooter>
+							<Button
+								type="button"
+								variant="outline"
+								onClick={() => onOpenChange(false)}
+							>
+								Annuler
+							</Button>
+							<Button type="submit" disabled={loading}>
+								{loading ? "Enregistrement..." : "Enregistrer"}
+							</Button>
+						</DialogFooter>
+					</form>
+				</Form>
+			</DialogContent>
+		</Dialog>
+	);
+}
--- a/frontend/src/app/(dashboard)/admin/categories/page.tsx
+++ b/frontend/src/app/(dashboard)/admin/categories/page.tsx
@@ -1,6 +1,9 @@
 "use client";

-import { useEffect, useState } from "react";
+import { Edit, Plus, Trash2 } from "lucide-react";
+import Image from "next/image";
+import { useCallback, useEffect, useState } from "react";
+import { Button } from "@/components/ui/button";
 import { Skeleton } from "@/components/ui/skeleton";
 import {
 	Table,
@@ -12,24 +15,57 @@ import {
 } from "@/components/ui/table";
 import { CategoryService } from "@/services/category.service";
 import type { Category } from "@/types/content";
+import { CategoryDialog } from "./category-dialog";

 export default function AdminCategoriesPage() {
 	const [categories, setCategories] = useState<Category[]>([]);
 	const [loading, setLoading] = useState(true);
+	const [dialogOpen, setDialogOpen] = useState(false);
+	const [selectedCategory, setSelectedCategory] = useState<Category | null>(
+		null,
+	);

-	useEffect(() => {
+	const fetchCategories = useCallback(() => {
+		setLoading(true);
 		CategoryService.getAll()
 			.then(setCategories)
 			.catch((err) => console.error(err))
 			.finally(() => setLoading(false));
 	}, []);

+	useEffect(() => {
+		fetchCategories();
+	}, [fetchCategories]);
+
+	const handleDelete = async (id: string) => {
+		if (!confirm("Êtes-vous sûr de vouloir supprimer cette catégorie ?")) return;
+		try {
+			await CategoryService.remove(id);
+			setCategories(categories.filter((c) => c.id !== id));
+		} catch (error) {
+			console.error(error);
+		}
+	};
+
+	const handleEdit = (category: Category) => {
+		setSelectedCategory(category);
+		setDialogOpen(true);
+	};
+
+	const handleCreate = () => {
+		setSelectedCategory(null);
+		setDialogOpen(true);
+	};
+
 	return (
 		<div className="flex-1 space-y-4 p-4 pt-6 md:p-8">
 			<div className="flex items-center justify-between">
 				<h2 className="text-3xl font-bold tracking-tight">
 					Catégories ({categories.length})
 				</h2>
+				<Button onClick={handleCreate}>
+					<Plus className="mr-2 h-4 w-4" /> Ajouter une catégorie
+				</Button>
 			</div>
 			<div className="rounded-md border bg-card">
 				<Table>
@@ -38,6 +74,7 @@ export default function AdminCategoriesPage() {
 							<TableHead>Nom</TableHead>
 							<TableHead>Slug</TableHead>
 							<TableHead>Description</TableHead>
+							<TableHead className="w-[100px]"></TableHead>
 						</TableRow>
 					</TableHeader>
 					<TableBody>
@@ -54,11 +91,14 @@ export default function AdminCategoriesPage() {
 									<TableCell>
 										<Skeleton className="h-4 w-[250px]" />
 									</TableCell>
+									<TableCell>
+										<Skeleton className="h-8 w-8 rounded-full" />
+									</TableCell>
 								</TableRow>
 							))
 						) : categories.length === 0 ? (
 							<TableRow>
-								<TableCell colSpan={3} className="text-center h-24">
+								<TableCell colSpan={4} className="text-center h-24">
 									Aucune catégorie trouvée.
 								</TableCell>
 							</TableRow>
@@ -66,18 +106,55 @@ export default function AdminCategoriesPage() {
 							categories.map((category) => (
 								<TableRow key={category.id}>
 									<TableCell className="font-medium whitespace-nowrap">
-										{category.name}
+										<div className="flex items-center gap-2">
+											{category.iconUrl && (
+												<div className="relative h-6 w-6">
+													<Image
+														src={category.iconUrl}
+														alt=""
+														fill
+														className="rounded object-cover"
+													/>
+												</div>
+											)}
+											{category.name}
+										</div>
 									</TableCell>
 									<TableCell className="whitespace-nowrap">{category.slug}</TableCell>
 									<TableCell className="text-muted-foreground">
 										{category.description || "Aucune description"}
 									</TableCell>
+									<TableCell>
+										<div className="flex items-center gap-2">
+											<Button
+												variant="ghost"
+												size="icon"
+												onClick={() => handleEdit(category)}
+											>
+												<Edit className="h-4 w-4" />
+											</Button>
+											<Button
+												variant="ghost"
+												size="icon"
+												onClick={() => handleDelete(category.id)}
+												className="text-destructive hover:text-destructive hover:bg-destructive/10"
+											>
+												<Trash2 className="h-4 w-4" />
+											</Button>
+										</div>
+									</TableCell>
 								</TableRow>
 							))
 						)}
 					</TableBody>
 				</Table>
 			</div>
+			<CategoryDialog
+				open={dialogOpen}
+				onOpenChange={setDialogOpen}
+				category={selectedCategory}
+				onSuccess={fetchCategories}
+			/>
 		</div>
 	);
 }
--- a/frontend/src/app/(dashboard)/admin/contents/content-edit-dialog.tsx
+++ b/frontend/src/app/(dashboard)/admin/contents/content-edit-dialog.tsx
@@ -0,0 +1,155 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { Button } from "@/components/ui/button";
+import {
+	Dialog,
+	DialogContent,
+	DialogFooter,
+	DialogHeader,
+	DialogTitle,
+} from "@/components/ui/dialog";
+import {
+	Form,
+	FormControl,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "@/components/ui/form";
+import { Input } from "@/components/ui/input";
+import {
+	Select,
+	SelectContent,
+	SelectItem,
+	SelectTrigger,
+	SelectValue,
+} from "@/components/ui/select";
+import { CategoryService } from "@/services/category.service";
+import { ContentService } from "@/services/content.service";
+import type { Category, Content } from "@/types/content";
+
+interface ContentEditDialogProps {
+	content: Content | null;
+	open: boolean;
+	onOpenChange: (open: boolean) => void;
+	onSuccess: () => void;
+}
+
+export function ContentEditDialog({
+	content,
+	open,
+	onOpenChange,
+	onSuccess,
+}: ContentEditDialogProps) {
+	const [loading, setLoading] = useState(false);
+	const [categories, setCategories] = useState<Category[]>([]);
+
+	const form = useForm<{ title: string; categoryId: string }>({
+		defaultValues: {
+			title: "",
+			categoryId: "",
+		},
+	});
+
+	useEffect(() => {
+		CategoryService.getAll().then(setCategories).catch(console.error);
+	}, []);
+
+	useEffect(() => {
+		if (content) {
+			form.reset({
+				title: content.title,
+				categoryId: content.categoryId || "none",
+			});
+		}
+	}, [content, form]);
+
+	const onSubmit = async (values: { title: string; categoryId: string }) => {
+		if (!content) return;
+		setLoading(true);
+		try {
+			const data = {
+				...values,
+				categoryId: values.categoryId === "none" ? null : values.categoryId,
+			};
+			await ContentService.updateAdmin(content.id, data);
+			onSuccess();
+			onOpenChange(false);
+		} catch (error) {
+			console.error(error);
+		} finally {
+			setLoading(false);
+		}
+	};
+
+	return (
+		<Dialog open={open} onOpenChange={onOpenChange}>
+			<DialogContent>
+				<DialogHeader>
+					<DialogTitle>Modifier le contenu</DialogTitle>
+				</DialogHeader>
+				<Form {...form}>
+					<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
+						<FormField
+							control={form.control}
+							name="title"
+							rules={{ required: "Le titre est requis" }}
+							render={({ field }) => (
+								<FormItem>
+									<FormLabel>Titre</FormLabel>
+									<FormControl>
+										<Input {...field} placeholder="Titre du contenu" />
+									</FormControl>
+									<FormMessage />
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="categoryId"
+							render={({ field }) => (
+								<FormItem>
+									<FormLabel>Catégorie</FormLabel>
+									<Select
+										onValueChange={field.onChange}
+										defaultValue={field.value}
+										value={field.value}
+									>
+										<FormControl>
+											<SelectTrigger>
+												<SelectValue placeholder="Sélectionner une catégorie" />
+											</SelectTrigger>
+										</FormControl>
+										<SelectContent>
+											<SelectItem value="none">Sans catégorie</SelectItem>
+											{categories.map((cat) => (
+												<SelectItem key={cat.id} value={cat.id}>
+													{cat.name}
+												</SelectItem>
+											))}
+										</SelectContent>
+									</Select>
+									<FormMessage />
+								</FormItem>
+							)}
+						/>
+						<DialogFooter>
+							<Button
+								type="button"
+								variant="outline"
+								onClick={() => onOpenChange(false)}
+							>
+								Annuler
+							</Button>
+							<Button type="submit" disabled={loading}>
+								{loading ? "Enregistrement..." : "Enregistrer"}
+							</Button>
+						</DialogFooter>
+					</form>
+				</Form>
+			</DialogContent>
+		</Dialog>
+	);
+}
--- a/frontend/src/app/(dashboard)/admin/contents/page.tsx
+++ b/frontend/src/app/(dashboard)/admin/contents/page.tsx
@@ -2,8 +2,15 @@

 import { format } from "date-fns";
 import { fr } from "date-fns/locale";
-import { Download, Eye, Image as ImageIcon, Trash2, Video } from "lucide-react";
-import { useEffect, useState } from "react";
+import {
+	Download,
+	Edit,
+	Eye,
+	Image as ImageIcon,
+	Trash2,
+	Video,
+} from "lucide-react";
+import { useCallback, useEffect, useState } from "react";
 import { Badge } from "@/components/ui/badge";
 import { Button } from "@/components/ui/button";
 import { Skeleton } from "@/components/ui/skeleton";
@@ -17,13 +24,17 @@ import {
 } from "@/components/ui/table";
 import { ContentService } from "@/services/content.service";
 import type { Content } from "@/types/content";
+import { ContentEditDialog } from "./content-edit-dialog";

 export default function AdminContentsPage() {
 	const [contents, setContents] = useState<Content[]>([]);
 	const [loading, setLoading] = useState(true);
 	const [totalCount, setTotalCount] = useState(0);
+	const [selectedContent, setSelectedContent] = useState<Content | null>(null);
+	const [dialogOpen, setDialogOpen] = useState(false);

-	useEffect(() => {
+	const fetchContents = useCallback(() => {
+		setLoading(true);
 		ContentService.getExplore({ limit: 20 })
 			.then((res) => {
 				setContents(res.data);
@@ -33,6 +44,10 @@ export default function AdminContentsPage() {
 			.finally(() => setLoading(false));
 	}, []);

+	useEffect(() => {
+		fetchContents();
+	}, [fetchContents]);
+
 	const handleDelete = async (id: string) => {
 		if (!confirm("Êtes-vous sûr de vouloir supprimer ce contenu ?")) return;

@@ -45,6 +60,11 @@ export default function AdminContentsPage() {
 		}
 	};

+	const handleEdit = (content: Content) => {
+		setSelectedContent(content);
+		setDialogOpen(true);
+	};
+
 	return (
 		<div className="flex-1 space-y-4 p-4 pt-6 md:p-8">
 			<div className="flex items-center justify-between">
@@ -61,7 +81,7 @@ export default function AdminContentsPage() {
 							<TableHead>Auteur</TableHead>
 							<TableHead>Stats</TableHead>
 							<TableHead>Date</TableHead>
-							<TableHead className="w-[50px]"></TableHead>
+							<TableHead className="w-[100px]"></TableHead>
 						</TableRow>
 					</TableHeader>
 					<TableBody>
@@ -84,11 +104,14 @@ export default function AdminContentsPage() {
 									<TableCell>
 										<Skeleton className="h-4 w-[100px]" />
 									</TableCell>
+									<TableCell>
+										<Skeleton className="h-8 w-8 rounded-full" />
+									</TableCell>
 								</TableRow>
 							))
 						) : contents.length === 0 ? (
 							<TableRow>
-								<TableCell colSpan={5} className="text-center h-24">
+								<TableCell colSpan={6} className="text-center h-24">
 									Aucun contenu trouvé.
 								</TableCell>
 							</TableRow>
@@ -98,7 +121,7 @@ export default function AdminContentsPage() {
 									<TableCell className="font-medium">
 										<div className="flex items-center gap-3">
 											<div className="flex h-10 w-10 items-center justify-center rounded bg-muted">
-												{content.type === "image" ? (
+												{content.mimeType.startsWith("image/") ? (
 													<ImageIcon className="h-5 w-5 text-muted-foreground" />
 												) : (
 													<Video className="h-5 w-5 text-muted-foreground" />
@@ -132,14 +155,23 @@ export default function AdminContentsPage() {
 										{format(new Date(content.createdAt), "dd/MM/yyyy", { locale: fr })}
 									</TableCell>
 									<TableCell>
-										<Button
-											variant="ghost"
-											size="icon"
-											onClick={() => handleDelete(content.id)}
-											className="text-destructive hover:text-destructive hover:bg-destructive/10"
-										>
-											<Trash2 className="h-4 w-4" />
-										</Button>
+										<div className="flex items-center gap-2">
+											<Button
+												variant="ghost"
+												size="icon"
+												onClick={() => handleEdit(content)}
+											>
+												<Edit className="h-4 w-4" />
+											</Button>
+											<Button
+												variant="ghost"
+												size="icon"
+												onClick={() => handleDelete(content.id)}
+												className="text-destructive hover:text-destructive hover:bg-destructive/10"
+											>
+												<Trash2 className="h-4 w-4" />
+											</Button>
+										</div>
 									</TableCell>
 								</TableRow>
 							))
@@ -147,6 +179,12 @@ export default function AdminContentsPage() {
 					</TableBody>
 				</Table>
 			</div>
+			<ContentEditDialog
+				content={selectedContent}
+				open={dialogOpen}
+				onOpenChange={setDialogOpen}
+				onSuccess={fetchContents}
+			/>
 		</div>
 	);
 }
--- a/frontend/src/app/(dashboard)/admin/users/page.tsx
+++ b/frontend/src/app/(dashboard)/admin/users/page.tsx
@@ -2,8 +2,8 @@

 import { format } from "date-fns";
 import { fr } from "date-fns/locale";
-import { Trash2 } from "lucide-react";
-import { useEffect, useState } from "react";
+import { Edit, Trash2 } from "lucide-react";
+import { useCallback, useEffect, useState } from "react";
 import { Badge } from "@/components/ui/badge";
 import { Button } from "@/components/ui/button";
 import { Skeleton } from "@/components/ui/skeleton";
@@ -17,13 +17,17 @@ import {
 } from "@/components/ui/table";
 import { UserService } from "@/services/user.service";
 import type { User } from "@/types/user";
+import { UserEditDialog } from "./user-edit-dialog";

 export default function AdminUsersPage() {
 	const [users, setUsers] = useState<User[]>([]);
 	const [loading, setLoading] = useState(true);
 	const [totalCount, setTotalCount] = useState(0);
+	const [selectedUser, setSelectedUser] = useState<User | null>(null);
+	const [dialogOpen, setDialogOpen] = useState(false);

-	useEffect(() => {
+	const fetchUsers = useCallback(() => {
+		setLoading(true);
 		UserService.getUsersAdmin()
 			.then((res) => {
 				setUsers(res.data);
@@ -35,6 +39,10 @@ export default function AdminUsersPage() {
 			.finally(() => setLoading(false));
 	}, []);

+	useEffect(() => {
+		fetchUsers();
+	}, [fetchUsers]);
+
 	const handleDelete = async (uuid: string) => {
 		if (
 			!confirm(
@@ -52,6 +60,11 @@ export default function AdminUsersPage() {
 		}
 	};

+	const handleEdit = (user: User) => {
+		setSelectedUser(user);
+		setDialogOpen(true);
+	};
+
 	return (
 		<div className="flex-1 space-y-4 p-4 pt-6 md:p-8">
 			<div className="flex items-center justify-between">
@@ -68,7 +81,7 @@ export default function AdminUsersPage() {
 							<TableHead>Rôle</TableHead>
 							<TableHead>Status</TableHead>
 							<TableHead>Date d'inscription</TableHead>
-							<TableHead className="w-[50px]"></TableHead>
+							<TableHead className="w-[100px]"></TableHead>
 						</TableRow>
 					</TableHeader>
 					<TableBody>
@@ -91,11 +104,14 @@ export default function AdminUsersPage() {
 									<TableCell>
 										<Skeleton className="h-4 w-[100px]" />
 									</TableCell>
+									<TableCell>
+										<Skeleton className="h-8 w-8 rounded-full" />
+									</TableCell>
 								</TableRow>
 							))
 						) : users.length === 0 ? (
 							<TableRow>
-								<TableCell colSpan={5} className="text-center h-24">
+								<TableCell colSpan={6} className="text-center h-24">
 									Aucun utilisateur trouvé.
 								</TableCell>
 							</TableRow>
@@ -113,7 +129,15 @@ export default function AdminUsersPage() {
 										</Badge>
 									</TableCell>
 									<TableCell>
-										<Badge variant={user.status === "active" ? "success" : "destructive"}>
+										<Badge
+											variant={
+												user.status === "active"
+													? "success"
+													: user.status === "suspended"
+														? "destructive"
+														: "secondary"
+											}
+										>
 											{user.status}
 										</Badge>
 									</TableCell>
@@ -121,14 +145,19 @@ export default function AdminUsersPage() {
 										{format(new Date(user.createdAt), "PPP", { locale: fr })}
 									</TableCell>
 									<TableCell>
-										<Button
-											variant="ghost"
-											size="icon"
-											onClick={() => handleDelete(user.uuid)}
-											className="text-destructive hover:text-destructive hover:bg-destructive/10"
-										>
-											<Trash2 className="h-4 w-4" />
-										</Button>
+										<div className="flex items-center gap-2">
+											<Button variant="ghost" size="icon" onClick={() => handleEdit(user)}>
+												<Edit className="h-4 w-4" />
+											</Button>
+											<Button
+												variant="ghost"
+												size="icon"
+												onClick={() => handleDelete(user.uuid)}
+												className="text-destructive hover:text-destructive hover:bg-destructive/10"
+											>
+												<Trash2 className="h-4 w-4" />
+											</Button>
+										</div>
 									</TableCell>
 								</TableRow>
 							))
@@ -136,6 +165,12 @@ export default function AdminUsersPage() {
 					</TableBody>
 				</Table>
 			</div>
+			<UserEditDialog
+				user={selectedUser}
+				open={dialogOpen}
+				onOpenChange={setDialogOpen}
+				onSuccess={fetchUsers}
+			/>
 		</div>
 	);
 }
--- a/frontend/src/app/(dashboard)/admin/users/user-edit-dialog.tsx
+++ b/frontend/src/app/(dashboard)/admin/users/user-edit-dialog.tsx
@@ -0,0 +1,153 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { Button } from "@/components/ui/button";
+import {
+	Dialog,
+	DialogContent,
+	DialogFooter,
+	DialogHeader,
+	DialogTitle,
+} from "@/components/ui/dialog";
+import {
+	Form,
+	FormControl,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "@/components/ui/form";
+import {
+	Select,
+	SelectContent,
+	SelectItem,
+	SelectTrigger,
+	SelectValue,
+} from "@/components/ui/select";
+import { UserService } from "@/services/user.service";
+import type { User } from "@/types/user";
+
+interface UserEditDialogProps {
+	user: User | null;
+	open: boolean;
+	onOpenChange: (open: boolean) => void;
+	onSuccess: () => void;
+}
+
+export function UserEditDialog({
+	user,
+	open,
+	onOpenChange,
+	onSuccess,
+}: UserEditDialogProps) {
+	const [loading, setLoading] = useState(false);
+
+	const form = useForm<Partial<User>>({
+		defaultValues: {
+			role: "user",
+			status: "active",
+		},
+	});
+
+	useEffect(() => {
+		if (user) {
+			form.reset({
+				role: user.role || "user",
+				status: user.status || "active",
+			});
+		}
+	}, [user, form]);
+
+	const onSubmit = async (values: Partial<User>) => {
+		if (!user) return;
+		setLoading(true);
+		try {
+			await UserService.updateAdmin(user.uuid, values);
+			onSuccess();
+			onOpenChange(false);
+		} catch (error) {
+			console.error(error);
+		} finally {
+			setLoading(false);
+		}
+	};
+
+	return (
+		<Dialog open={open} onOpenChange={onOpenChange}>
+			<DialogContent>
+				<DialogHeader>
+					<DialogTitle>Modifier l'utilisateur @{user?.username}</DialogTitle>
+				</DialogHeader>
+				<Form {...form}>
+					<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
+						<FormField
+							control={form.control}
+							name="role"
+							render={({ field }) => (
+								<FormItem>
+									<FormLabel>Rôle</FormLabel>
+									<Select
+										onValueChange={field.onChange}
+										defaultValue={field.value}
+										value={field.value}
+									>
+										<FormControl>
+											<SelectTrigger>
+												<SelectValue placeholder="Sélectionner un rôle" />
+											</SelectTrigger>
+										</FormControl>
+										<SelectContent>
+											<SelectItem value="user">Utilisateur</SelectItem>
+											<SelectItem value="moderator">Modérateur</SelectItem>
+											<SelectItem value="admin">Administrateur</SelectItem>
+										</SelectContent>
+									</Select>
+									<FormMessage />
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="status"
+							render={({ field }) => (
+								<FormItem>
+									<FormLabel>Statut</FormLabel>
+									<Select
+										onValueChange={field.onChange}
+										defaultValue={field.value}
+										value={field.value}
+									>
+										<FormControl>
+											<SelectTrigger>
+												<SelectValue placeholder="Sélectionner un statut" />
+											</SelectTrigger>
+										</FormControl>
+										<SelectContent>
+											<SelectItem value="active">Actif</SelectItem>
+											<SelectItem value="suspended">Suspendu</SelectItem>
+											<SelectItem value="pending">En attente</SelectItem>
+										</SelectContent>
+									</Select>
+									<FormMessage />
+								</FormItem>
+							)}
+						/>
+						<DialogFooter>
+							<Button
+								type="button"
+								variant="outline"
+								onClick={() => onOpenChange(false)}
+							>
+								Annuler
+							</Button>
+							<Button type="submit" disabled={loading}>
+								{loading ? "Enregistrement..." : "Enregistrer"}
+							</Button>
+						</DialogFooter>
+					</form>
+				</Form>
+			</DialogContent>
+		</Dialog>
+	);
+}
--- a/frontend/src/app/(dashboard)/layout.tsx
+++ b/frontend/src/app/(dashboard)/layout.tsx
@@ -1,6 +1,7 @@
 import * as React from "react";
 import { AppSidebar } from "@/components/app-sidebar";
 import { MobileFilters } from "@/components/mobile-filters";
+import { ModeToggle } from "@/components/mode-toggle";
 import { SearchSidebar } from "@/components/search-sidebar";
 import {
 	SidebarInset,
@@ -27,7 +28,10 @@ export default function DashboardLayout({
 							<div className="flex-1 flex justify-center">
 								<span className="font-bold text-primary text-lg">MemeGoat</span>
 							</div>
-							<UserNavMobile />
+							<div className="flex items-center gap-2">
+								<ModeToggle />
+								<UserNavMobile />
+							</div>
 						</header>
 						<main className="flex-1 overflow-y-auto bg-zinc-50 dark:bg-zinc-950">
 							{children}
--- a/frontend/src/app/(dashboard)/settings/page.tsx
+++ b/frontend/src/app/(dashboard)/settings/page.tsx
@@ -1,7 +1,16 @@
 "use client";

 import { zodResolver } from "@hookform/resolvers/zod";
-import { Loader2, Save, User as UserIcon } from "lucide-react";
+import {
+	Laptop,
+	Loader2,
+	Moon,
+	Palette,
+	Save,
+	Sun,
+	User as UserIcon,
+} from "lucide-react";
+import { useTheme } from "next-themes";
 import * as React from "react";
 import { useForm } from "react-hook-form";
 import { toast } from "sonner";
@@ -24,6 +33,8 @@ import {
 	FormMessage,
 } from "@/components/ui/form";
 import { Input } from "@/components/ui/input";
+import { Label } from "@/components/ui/label";
+import { RadioGroup, RadioGroupItem } from "@/components/ui/radio-group";
 import { Spinner } from "@/components/ui/spinner";
 import { Textarea } from "@/components/ui/textarea";
 import { useAuth } from "@/providers/auth-provider";
@@ -37,8 +48,14 @@ const settingsSchema = z.object({
 type SettingsFormValues = z.infer<typeof settingsSchema>;

 export default function SettingsPage() {
+	const { theme, setTheme } = useTheme();
 	const { user, isLoading, refreshUser } = useAuth();
 	const [isSaving, setIsSaving] = React.useState(false);
+	const [mounted, setMounted] = React.useState(false);
+
+	React.useEffect(() => {
+		setMounted(true);
+	}, []);

 	const form = useForm<SettingsFormValues>({
 		resolver: zodResolver(settingsSchema),
@@ -185,6 +202,55 @@ export default function SettingsPage() {
 					</Form>
 				</CardContent>
 			</Card>
+			<Card className="mt-8">
+				<CardHeader>
+					<div className="flex items-center gap-2">
+						<Palette className="h-5 w-5 text-primary" />
+						<CardTitle>Apparence</CardTitle>
+					</div>
+					<CardDescription>
+						Personnalisez l'apparence de l'application selon vos préférences.
+					</CardDescription>
+				</CardHeader>
+				<CardContent>
+					<RadioGroup
+						value={mounted ? theme : "system"}
+						onValueChange={(value) => setTheme(value)}
+						className="grid grid-cols-1 sm:grid-cols-3 gap-4"
+					>
+						<div>
+							<RadioGroupItem value="light" id="light" className="peer sr-only" />
+							<Label
+								htmlFor="light"
+								className="flex flex-col items-center justify-between rounded-md border-2 border-muted bg-popover p-4 hover:bg-accent hover:text-accent-foreground peer-data-[state=checked]:border-primary [&:has([data-state=checked])]:border-primary cursor-pointer"
+							>
+								<Sun className="mb-3 h-6 w-6" />
+								<span>Clair</span>
+							</Label>
+						</div>
+						<div>
+							<RadioGroupItem value="dark" id="dark" className="peer sr-only" />
+							<Label
+								htmlFor="dark"
+								className="flex flex-col items-center justify-between rounded-md border-2 border-muted bg-popover p-4 hover:bg-accent hover:text-accent-foreground peer-data-[state=checked]:border-primary [&:has([data-state=checked])]:border-primary cursor-pointer"
+							>
+								<Moon className="mb-3 h-6 w-6" />
+								<span>Sombre</span>
+							</Label>
+						</div>
+						<div>
+							<RadioGroupItem value="system" id="system" className="peer sr-only" />
+							<Label
+								htmlFor="system"
+								className="flex flex-col items-center justify-between rounded-md border-2 border-muted bg-popover p-4 hover:bg-accent hover:text-accent-foreground peer-data-[state=checked]:border-primary [&:has([data-state=checked])]:border-primary cursor-pointer"
+							>
+								<Laptop className="mb-3 h-6 w-6" />
+								<span>Système</span>
+							</Label>
+						</div>
+					</RadioGroup>
+				</CardContent>
+			</Card>
 		</div>
 	);
 }
--- a/frontend/src/app/layout.tsx
+++ b/frontend/src/app/layout.tsx
@@ -2,6 +2,7 @@ import type { Metadata } from "next";
 import { Ubuntu_Mono, Ubuntu_Sans } from "next/font/google";
 import { Toaster } from "@/components/ui/sonner";
 import { AuthProvider } from "@/providers/auth-provider";
+import { ThemeProvider } from "@/providers/theme-provider";
 import "./globals.css";

 const ubuntuSans = Ubuntu_Sans({
@@ -48,6 +49,9 @@ export const metadata: Metadata = {
 		images: ["/memegoat-og.png"],
 	},
 	icons: "/memegoat-color.svg",
+	metadataBase: new URL(
+		process.env.NEXT_PUBLIC_APP_URL || "https://memegoat.fr",
+	),
 };

 export default function RootLayout({
@@ -60,10 +64,17 @@ export default function RootLayout({
 			<body
 				className={`${ubuntuSans.variable} ${ubuntuMono.variable} antialiased`}
 			>
-				<AuthProvider>
-					{children}
-					<Toaster />
-				</AuthProvider>
+				<ThemeProvider
+					attribute="class"
+					defaultTheme="system"
+					enableSystem
+					disableTransitionOnChange
+				>
+					<AuthProvider>
+						{children}
+						<Toaster />
+					</AuthProvider>
+				</ThemeProvider>
 			</body>
 		</html>
 	);
--- a/frontend/src/components/app-sidebar.tsx
+++ b/frontend/src/components/app-sidebar.tsx
@@ -19,6 +19,7 @@ import {
 import Link from "next/link";
 import { usePathname, useSearchParams } from "next/navigation";
 import * as React from "react";
+import { ModeToggle } from "@/components/mode-toggle";
 import { Avatar, AvatarFallback, AvatarImage } from "@/components/ui/avatar";
 import {
 	Collapsible,
@@ -286,6 +287,14 @@ export function AppSidebar() {
 							</SidebarMenuButton>
 						</SidebarMenuItem>
 					)}
+					<SidebarMenuItem>
+						<div className="flex items-center justify-between px-2 py-2">
+							<span className="text-xs font-medium text-muted-foreground group-data-[collapsible=icon]:hidden">
+								Thème
+							</span>
+							<ModeToggle />
+						</div>
+					</SidebarMenuItem>
 					<SidebarMenuItem>
 						<SidebarMenuButton asChild tooltip="Aide">
 							<Link href="/help">
--- a/frontend/src/components/content-card.tsx
+++ b/frontend/src/components/content-card.tsx
@@ -1,6 +1,6 @@
 "use client";

-import { Eye, Heart, MoreHorizontal, Share2 } from "lucide-react";
+import { Edit, Eye, Heart, MoreHorizontal, Share2, Trash2 } from "lucide-react";
 import Image from "next/image";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
@@ -15,20 +15,31 @@ import {
 	CardFooter,
 	CardHeader,
 } from "@/components/ui/card";
+import {
+	DropdownMenu,
+	DropdownMenuContent,
+	DropdownMenuItem,
+	DropdownMenuTrigger,
+} from "@/components/ui/dropdown-menu";
 import { useAuth } from "@/providers/auth-provider";
 import { ContentService } from "@/services/content.service";
 import { FavoriteService } from "@/services/favorite.service";
 import type { Content } from "@/types/content";
+import { UserContentEditDialog } from "./user-content-edit-dialog";

 interface ContentCardProps {
 	content: Content;
+	onUpdate?: () => void;
 }

-export function ContentCard({ content }: ContentCardProps) {
-	const { isAuthenticated } = useAuth();
+export function ContentCard({ content, onUpdate }: ContentCardProps) {
+	const { isAuthenticated, user } = useAuth();
 	const router = useRouter();
 	const [isLiked, setIsLiked] = React.useState(content.isLiked || false);
 	const [likesCount, setLikesCount] = React.useState(content.favoritesCount);
+	const [editDialogOpen, setEditDialogOpen] = React.useState(false);
+
+	const isAuthor = user?.uuid === content.authorId;

 	React.useEffect(() => {
 		setIsLiked(content.isLiked || false);
@@ -71,95 +82,145 @@ export function ContentCard({ content }: ContentCardProps) {
 		}
 	};

-	return (
-		<Card className="overflow-hidden border-none shadow-sm hover:shadow-md transition-shadow">
-			<CardHeader className="p-4 flex flex-row items-center space-y-0 gap-3">
-				<Avatar className="h-8 w-8">
-					<AvatarImage src={content.author.avatarUrl} />
-					<AvatarFallback>{content.author.username[0].toUpperCase()}</AvatarFallback>
-				</Avatar>
-				<div className="flex flex-col">
-					<Link
-						href={`/user/${content.author.username}`}
-						className="text-sm font-semibold hover:underline"
-					>
-						{content.author.displayName || content.author.username}
-					</Link>
-					<span className="text-xs text-muted-foreground">
-						{new Date(content.createdAt).toLocaleDateString("fr-FR")}
-					</span>
-				</div>
-				<Button variant="ghost" size="icon" className="ml-auto h-8 w-8">
-					<MoreHorizontal className="h-4 w-4" />
-				</Button>
-			</CardHeader>
-			<CardContent className="p-0 relative bg-zinc-100 dark:bg-zinc-900 aspect-square flex items-center justify-center">
-				<Link href={`/meme/${content.slug}`} className="w-full h-full relative">
-					{content.type === "image" ? (
-						<Image
-							src={content.url}
-							alt={content.title}
-							fill
-							className="object-contain"
-							sizes="(max-width: 768px) 100vw, (max-width: 1200px) 50vw, 33vw"
-						/>
-					) : (
-						<video
-							src={content.url}
-							controls={false}
-							autoPlay
-							muted
-							loop
-							className="w-full h-full object-contain"
-						/>
-					)}
-				</Link>
-			</CardContent>
-			<CardFooter className="p-4 flex flex-col gap-4">
-				<div className="w-full flex items-center justify-between">
-					<div className="flex items-center gap-2">
-						<Button
-							variant="ghost"
-							size="sm"
-							className={`gap-1.5 h-8 ${isLiked ? "text-red-500 hover:text-red-600" : ""}`}
-							onClick={handleLike}
-						>
-							<Heart className={`h-4 w-4 ${isLiked ? "fill-current" : ""}`} />
-							<span className="text-xs">{likesCount}</span>
-						</Button>
-						<Button variant="ghost" size="sm" className="gap-1.5 h-8">
-							<Eye className="h-4 w-4" />
-							<span className="text-xs">{content.views}</span>
-						</Button>
-						<Button variant="ghost" size="sm" className="h-8 w-8 p-0">
-							<Share2 className="h-4 w-4" />
-						</Button>
-					</div>
-					<Button
-						size="sm"
-						variant="secondary"
-						className="text-xs h-8"
-						onClick={handleUse}
-					>
-						Utiliser
-					</Button>
-				</div>
+	const handleDelete = async () => {
+		if (!confirm("Êtes-vous sûr de vouloir supprimer ce mème ?")) return;

-				<div className="w-full space-y-2">
-					<h3 className="font-medium text-sm line-clamp-2">{content.title}</h3>
-					<div className="flex flex-wrap gap-1">
-						{content.tags.slice(0, 3).map((tag, _i) => (
-							<Badge
-								key={typeof tag === "string" ? tag : tag.id}
-								variant="secondary"
-								className="text-[10px] py-0 px-1.5"
-							>
-								#{typeof tag === "string" ? tag : tag.name}
-							</Badge>
-						))}
+		try {
+			await ContentService.remove(content.id);
+			toast.success("Mème supprimé !");
+			onUpdate?.();
+		} catch (_error) {
+			toast.error("Erreur lors de la suppression.");
+		}
+	};
+
+	return (
+		<>
+			<Card className="overflow-hidden border-none shadow-sm hover:shadow-md transition-shadow">
+				<CardHeader className="p-4 flex flex-row items-center space-y-0 gap-3">
+					<Avatar className="h-8 w-8">
+						<AvatarImage src={content.author.avatarUrl} />
+						<AvatarFallback>
+							{content.author.username[0].toUpperCase()}
+						</AvatarFallback>
+					</Avatar>
+					<div className="flex flex-col">
+						<Link
+							href={`/user/${content.author.username}`}
+							className="text-sm font-semibold hover:underline"
+						>
+							{content.author.displayName || content.author.username}
+						</Link>
+						<span className="text-xs text-muted-foreground">
+							{new Date(content.createdAt).toLocaleDateString("fr-FR")}
+						</span>
 					</div>
-				</div>
-			</CardFooter>
-		</Card>
+
+					<div className="ml-auto flex items-center gap-1">
+						<DropdownMenu>
+							<DropdownMenuTrigger asChild>
+								<Button variant="ghost" size="icon" className="h-8 w-8">
+									<MoreHorizontal className="h-4 w-4" />
+								</Button>
+							</DropdownMenuTrigger>
+							<DropdownMenuContent align="end">
+								{isAuthor && (
+									<>
+										<DropdownMenuItem onClick={() => setEditDialogOpen(true)}>
+											<Edit className="h-4 w-4 mr-2" />
+											Modifier
+										</DropdownMenuItem>
+										<DropdownMenuItem
+											onClick={handleDelete}
+											className="text-destructive focus:text-destructive"
+										>
+											<Trash2 className="h-4 w-4 mr-2" />
+											Supprimer
+										</DropdownMenuItem>
+									</>
+								)}
+								<DropdownMenuItem onClick={() => toast.success("Lien copié !")}>
+									<Share2 className="h-4 w-4 mr-2" />
+									Partager
+								</DropdownMenuItem>
+							</DropdownMenuContent>
+						</DropdownMenu>
+					</div>
+				</CardHeader>
+				<CardContent className="p-0 relative bg-zinc-200 dark:bg-zinc-900 aspect-square flex items-center justify-center">
+					<Link href={`/meme/${content.slug}`} className="w-full h-full relative">
+						{content.mimeType.startsWith("image/") ? (
+							<Image
+								src={content.url}
+								alt={content.title}
+								fill
+								className="object-contain"
+								sizes="(max-width: 768px) 100vw, (max-width: 1200px) 50vw, 33vw"
+							/>
+						) : (
+							<video
+								src={content.url}
+								controls={false}
+								autoPlay
+								muted
+								loop
+								className="w-full h-full object-contain"
+							/>
+						)}
+					</Link>
+				</CardContent>
+				<CardFooter className="p-4 flex flex-col gap-4">
+					<div className="w-full flex items-center justify-between">
+						<div className="flex items-center gap-2">
+							<Button
+								variant="ghost"
+								size="sm"
+								className={`gap-1.5 h-8 ${isLiked ? "text-red-500 hover:text-red-600" : ""}`}
+								onClick={handleLike}
+							>
+								<Heart className={`h-4 w-4 ${isLiked ? "fill-current" : ""}`} />
+								<span className="text-xs">{likesCount}</span>
+							</Button>
+							<Button variant="ghost" size="sm" className="gap-1.5 h-8">
+								<Eye className="h-4 w-4" />
+								<span className="text-xs">{content.views}</span>
+							</Button>
+							<Button variant="ghost" size="sm" className="h-8 w-8 p-0">
+								<Share2 className="h-4 w-4" />
+							</Button>
+						</div>
+						<Button
+							size="sm"
+							variant="secondary"
+							className="text-xs h-8"
+							onClick={handleUse}
+						>
+							Utiliser
+						</Button>
+					</div>
+
+					<div className="w-full space-y-2">
+						<h3 className="font-medium text-sm line-clamp-2">{content.title}</h3>
+						<div className="flex flex-wrap gap-1">
+							{content.tags.slice(0, 3).map((tag, _i) => (
+								<Badge
+									key={typeof tag === "string" ? tag : tag.id}
+									variant="secondary"
+									className="text-[10px] py-0 px-1.5"
+								>
+									#{typeof tag === "string" ? tag : tag.name}
+								</Badge>
+							))}
+						</div>
+					</div>
+				</CardFooter>
+			</Card>
+			<UserContentEditDialog
+				content={content}
+				open={editDialogOpen}
+				onOpenChange={setEditDialogOpen}
+				onSuccess={() => onUpdate?.()}
+			/>
+		</>
 	);
 }
--- a/frontend/src/components/content-list.tsx
+++ b/frontend/src/components/content-list.tsx
@@ -20,6 +20,27 @@ export function ContentList({ fetchFn, title }: ContentListProps) {
 	const [offset, setOffset] = React.useState(0);
 	const [hasMore, setHasMore] = React.useState(true);

+	const fetchInitial = React.useCallback(async () => {
+		setLoading(true);
+		try {
+			const response = await fetchFn({
+				limit: 10,
+				offset: 0,
+			});
+			setContents(response.data);
+			setOffset(0);
+			setHasMore(response.data.length === 10);
+		} catch (error) {
+			console.error("Failed to fetch contents:", error);
+		} finally {
+			setLoading(false);
+		}
+	}, [fetchFn]);
+
+	React.useEffect(() => {
+		fetchInitial();
+	}, [fetchInitial]);
+
 	const loadMore = React.useCallback(async () => {
 		if (!hasMore || loading) return;

@@ -46,32 +67,12 @@ export function ContentList({ fetchFn, title }: ContentListProps) {
 		onLoadMore: loadMore,
 	});

-	React.useEffect(() => {
-		const fetchInitial = async () => {
-			setLoading(true);
-			try {
-				const response = await fetchFn({
-					limit: 10,
-					offset: 0,
-				});
-				setContents(response.data);
-				setHasMore(response.data.length === 10);
-			} catch (error) {
-				console.error("Failed to fetch contents:", error);
-			} finally {
-				setLoading(false);
-			}
-		};
-
-		fetchInitial();
-	}, [fetchFn]);
-
 	return (
 		<div className="max-w-2xl mx-auto py-8 px-4 space-y-8">
 			{title && <h1 className="text-2xl font-bold">{title}</h1>}
 			<div className="flex flex-col gap-6">
 				{contents.map((content) => (
-					<ContentCard key={content.id} content={content} />
+					<ContentCard key={content.id} content={content} onUpdate={fetchInitial} />
 				))}
 			</div>

--- a/frontend/src/components/mode-toggle.tsx
+++ b/frontend/src/components/mode-toggle.tsx
@@ -0,0 +1,34 @@
+"use client";
+
+import { Moon, Sun } from "lucide-react";
+import { useTheme } from "next-themes";
+import { Button } from "@/components/ui/button";
+import {
+	DropdownMenu,
+	DropdownMenuContent,
+	DropdownMenuItem,
+	DropdownMenuTrigger,
+} from "@/components/ui/dropdown-menu";
+
+export function ModeToggle() {
+	const { setTheme } = useTheme();
+
+	return (
+		<DropdownMenu>
+			<DropdownMenuTrigger asChild>
+				<Button variant="ghost" size="icon" className="h-9 w-9">
+					<Sun className="h-[1.2rem] w-[1.2rem] rotate-0 scale-100 transition-all dark:-rotate-90 dark:scale-0" />
+					<Moon className="absolute h-[1.2rem] w-[1.2rem] rotate-90 scale-0 transition-all dark:rotate-0 dark:scale-100" />
+					<span className="sr-only">Changer le thème</span>
+				</Button>
+			</DropdownMenuTrigger>
+			<DropdownMenuContent align="end">
+				<DropdownMenuItem onClick={() => setTheme("light")}>Clair</DropdownMenuItem>
+				<DropdownMenuItem onClick={() => setTheme("dark")}>Sombre</DropdownMenuItem>
+				<DropdownMenuItem onClick={() => setTheme("system")}>
+					Système
+				</DropdownMenuItem>
+			</DropdownMenuContent>
+		</DropdownMenu>
+	);
+}
--- a/frontend/src/components/user-content-edit-dialog.tsx
+++ b/frontend/src/components/user-content-edit-dialog.tsx
@@ -0,0 +1,158 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { toast } from "sonner";
+import { Button } from "@/components/ui/button";
+import {
+	Dialog,
+	DialogContent,
+	DialogFooter,
+	DialogHeader,
+	DialogTitle,
+} from "@/components/ui/dialog";
+import {
+	Form,
+	FormControl,
+	FormField,
+	FormItem,
+	FormLabel,
+	FormMessage,
+} from "@/components/ui/form";
+import { Input } from "@/components/ui/input";
+import {
+	Select,
+	SelectContent,
+	SelectItem,
+	SelectTrigger,
+	SelectValue,
+} from "@/components/ui/select";
+import { CategoryService } from "@/services/category.service";
+import { ContentService } from "@/services/content.service";
+import type { Category, Content } from "@/types/content";
+
+interface UserContentEditDialogProps {
+	content: Content | null;
+	open: boolean;
+	onOpenChange: (open: boolean) => void;
+	onSuccess: () => void;
+}
+
+export function UserContentEditDialog({
+	content,
+	open,
+	onOpenChange,
+	onSuccess,
+}: UserContentEditDialogProps) {
+	const [loading, setLoading] = useState(false);
+	const [categories, setCategories] = useState<Category[]>([]);
+
+	const form = useForm<{ title: string; categoryId: string }>({
+		defaultValues: {
+			title: "",
+			categoryId: "",
+		},
+	});
+
+	useEffect(() => {
+		CategoryService.getAll().then(setCategories).catch(console.error);
+	}, []);
+
+	useEffect(() => {
+		if (content) {
+			form.reset({
+				title: content.title,
+				categoryId: content.categoryId || "none",
+			});
+		}
+	}, [content, form]);
+
+	const onSubmit = async (values: { title: string; categoryId: string }) => {
+		if (!content) return;
+		setLoading(true);
+		try {
+			const data = {
+				...values,
+				categoryId: values.categoryId === "none" ? null : values.categoryId,
+			};
+			await ContentService.update(content.id, data);
+			toast.success("Mème mis à jour !");
+			onSuccess();
+			onOpenChange(false);
+		} catch (error) {
+			console.error(error);
+			toast.error("Erreur lors de la mise à jour.");
+		} finally {
+			setLoading(false);
+		}
+	};
+
+	return (
+		<Dialog open={open} onOpenChange={onOpenChange}>
+			<DialogContent>
+				<DialogHeader>
+					<DialogTitle>Modifier mon mème</DialogTitle>
+				</DialogHeader>
+				<Form {...form}>
+					<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
+						<FormField
+							control={form.control}
+							name="title"
+							rules={{ required: "Le titre est requis" }}
+							render={({ field }) => (
+								<FormItem>
+									<FormLabel>Titre</FormLabel>
+									<FormControl>
+										<Input {...field} placeholder="Titre du mème" />
+									</FormControl>
+									<FormMessage />
+								</FormItem>
+							)}
+						/>
+						<FormField
+							control={form.control}
+							name="categoryId"
+							render={({ field }) => (
+								<FormItem>
+									<FormLabel>Catégorie</FormLabel>
+									<Select
+										onValueChange={field.onChange}
+										defaultValue={field.value}
+										value={field.value}
+									>
+										<FormControl>
+											<SelectTrigger>
+												<SelectValue placeholder="Sélectionner une catégorie" />
+											</SelectTrigger>
+										</FormControl>
+										<SelectContent>
+											<SelectItem value="none">Sans catégorie</SelectItem>
+											{categories.map((cat) => (
+												<SelectItem key={cat.id} value={cat.id}>
+													{cat.name}
+												</SelectItem>
+											))}
+										</SelectContent>
+									</Select>
+									<FormMessage />
+								</FormItem>
+							)}
+						/>
+						<DialogFooter>
+							<Button
+								type="button"
+								variant="outline"
+								onClick={() => onOpenChange(false)}
+							>
+								Annuler
+							</Button>
+							<Button type="submit" disabled={loading}>
+								{loading ? "Enregistrement..." : "Enregistrer"}
+							</Button>
+						</DialogFooter>
+					</form>
+				</Form>
+			</DialogContent>
+		</Dialog>
+	);
+}
--- a/frontend/src/lib/api.ts
+++ b/frontend/src/lib/api.ts
@@ -53,7 +53,10 @@ api.interceptors.response.use(
 			} catch (refreshError) {
 				// If refresh fails, we might want to redirect to login on the client
 				if (typeof window !== "undefined") {
-					window.location.href = "/login";
+					// On évite de rediriger vers login si on y est déjà pour éviter les boucles
+					if (!window.location.pathname.includes("/login")) {
+						window.location.href = "/login";
+					}
 				}
 				return Promise.reject(refreshError);
 			}
--- a/frontend/src/providers/auth-provider.tsx
+++ b/frontend/src/providers/auth-provider.tsx
@@ -26,6 +26,8 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
 	const router = useRouter();

 	const refreshUser = React.useCallback(async () => {
+		// Éviter de lancer plusieurs refresh en même temps
+		if (!isLoading) setIsLoading(true);
 		try {
 			const userData = await UserService.getMe();
 			setUser(userData);
@@ -34,11 +36,26 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
 		} finally {
 			setIsLoading(false);
 		}
-	}, []);
+	}, [isLoading]);

 	React.useEffect(() => {
-		refreshUser();
-	}, [refreshUser]);
+		let isMounted = true;
+		const initAuth = async () => {
+			try {
+				const userData = await UserService.getMe();
+				if (isMounted) setUser(userData);
+			} catch (_error) {
+				if (isMounted) setUser(null);
+			} finally {
+				if (isMounted) setIsLoading(false);
+			}
+		};
+
+		initAuth();
+		return () => {
+			isMounted = false;
+		};
+	}, []);

 	const login = async (email: string, password: string) => {
 		try {
--- a/frontend/src/providers/theme-provider.tsx
+++ b/frontend/src/providers/theme-provider.tsx
@@ -0,0 +1,11 @@
+"use client";
+
+import { ThemeProvider as NextThemesProvider } from "next-themes";
+import type * as React from "react";
+
+export function ThemeProvider({
+	children,
+	...props
+}: React.ComponentProps<typeof NextThemesProvider>) {
+	return <NextThemesProvider {...props}>{children}</NextThemesProvider>;
+}
--- a/frontend/src/services/category.service.ts
+++ b/frontend/src/services/category.service.ts
@@ -11,4 +11,18 @@ export const CategoryService = {
 		const { data } = await api.get<Category>(`/categories/${id}`);
 		return data;
 	},
+
+	async create(category: Partial<Category>): Promise<Category> {
+		const { data } = await api.post<Category>("/categories", category);
+		return data;
+	},
+
+	async update(id: string, category: Partial<Category>): Promise<Category> {
+		const { data } = await api.patch<Category>(`/categories/${id}`, category);
+		return data;
+	},
+
+	async remove(id: string): Promise<void> {
+		await api.delete(`/categories/${id}`);
+	},
 };
--- a/frontend/src/services/content.service.ts
+++ b/frontend/src/services/content.service.ts
@@ -65,4 +65,18 @@ export const ContentService = {
 	async removeAdmin(id: string): Promise<void> {
 		await api.delete(`/contents/${id}/admin`);
 	},
+
+	async update(id: string, update: Partial<Content>): Promise<Content> {
+		const { data } = await api.patch<Content>(`/contents/${id}`, update);
+		return data;
+	},
+
+	async remove(id: string): Promise<void> {
+		await api.delete(`/contents/${id}`);
+	},
+
+	async updateAdmin(id: string, update: Partial<Content>): Promise<Content> {
+		const { data } = await api.patch<Content>(`/contents/${id}/admin`, update);
+		return data;
+	},
 };
--- a/frontend/src/services/user.service.ts
+++ b/frontend/src/services/user.service.ts
@@ -34,6 +34,11 @@ export const UserService = {
 		await api.delete(`/users/${uuid}`);
 	},

+	async updateAdmin(uuid: string, update: Partial<User>): Promise<User> {
+		const { data } = await api.patch<User>(`/users/admin/${uuid}`, update);
+		return data;
+	},
+
 	async updateAvatar(file: File): Promise<User> {
 		const formData = new FormData();
 		formData.append("file", file);
--- a/frontend/src/types/content.ts
+++ b/frontend/src/types/content.ts
@@ -7,7 +7,7 @@ export interface Content {
 	description?: string;
 	url: string;
 	thumbnailUrl?: string;
-	type: "image" | "video";
+	type: "meme" | "gif";
 	mimeType: string;
 	size: number;
 	width?: number;
@@ -18,6 +18,7 @@ export interface Content {
 	favoritesCount: number;
 	isLiked?: boolean;
 	tags: (string | Tag)[];
+	categoryId?: string | null;
 	category?: Category;
 	authorId: string;
 	author: User;
@@ -36,6 +37,7 @@ export interface Category {
 	name: string;
 	slug: string;
 	description?: string;
+	iconUrl?: string;
 }

 export interface PaginatedResponse<T> {
--- a/frontend/src/types/user.ts
+++ b/frontend/src/types/user.ts
@@ -6,7 +6,7 @@ export interface User {
 	displayName?: string;
 	avatarUrl?: string;
 	bio?: string;
-	role?: "user" | "admin";
+	role?: "user" | "admin" | "moderator";
 	status?: "active" | "verification" | "suspended" | "pending" | "deleted";
 	createdAt: string;
 }
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@memegoat/source",
-  "version": "0.1.0",
+  "version": "1.4.0",
  "description": "",
  "scripts": {
    "version:get": "cmake -P version.cmake GET",
@@ -13,9 +13,13 @@
    "build:back": "pnpm run -F @memegoat/backend build",
    "build:docs": "pnpm run -F @memegoat/documentation build",
    "lint": "pnpm run lint:back && pnpm run lint:front && pnpm run lint:docs",
+    "lint:fix": "pnpm run lint:back:fix && pnpm run lint:front:fix && pnpm run lint:docs:fix",
    "lint:back": "pnpm run -F @memegoat/backend lint",
+    "lint:back:fix": "pnpm run -F @memegoat/backend lint:write",
    "lint:front": "pnpm run -F @memegoat/frontend lint",
+    "lint:front:fix": "pnpm run -F @memegoat/frontend lint:write",
    "lint:docs": "pnpm run -F @memegoat/documentation lint",
+    "lint:docs:fix": "pnpm run -F @memegoat/documentation lint:write",
    "test": "pnpm run test:back && pnpm run test:front",
    "test:back": "pnpm run -F @memegoat/backend test",
    "test:front": "pnpm run -F @memegoat/frontend test",
--- a/version.cmake
+++ b/version.cmake
@@ -39,6 +39,42 @@ function(increment_version CURRENT_VERSION TYPE OUT_VAR)
    set(${OUT_VAR} "${MAJOR}.${MINOR}.${PATCH}" PARENT_SCOPE)
 endfunction()

+# Fonction pour créer un commit git pour les changements de version
+function(commit_version_changes VERSION)
+    find_package(Git QUIET)
+    if(GIT_FOUND)
+        # On n'ajoute que les fichiers package.json modifiés
+        set(ADDED_ANY FALSE)
+        foreach(JSON_FILE ${PACKAGE_JSON_FILES})
+            if(EXISTS "${JSON_FILE}")
+                execute_process(
+                    COMMAND ${GIT_EXECUTABLE} add "${JSON_FILE}"
+                    WORKING_DIRECTORY "${CMAKE_CURRENT_LIST_DIR}"
+                )
+                set(ADDED_ANY TRUE)
+            endif()
+        endforeach()
+        
+        if(ADDED_ANY)
+            # On commit uniquement les fichiers qui ont été ajoutés (staged)
+            # L'utilisation de --only ou spécifier les fichiers à nouveau assure qu'on ne prend pas d'autres changements
+            execute_process(
+                COMMAND ${GIT_EXECUTABLE} commit -m "chore: bump version to ${VERSION}" -- ${PACKAGE_JSON_FILES}
+                WORKING_DIRECTORY "${CMAKE_CURRENT_LIST_DIR}"
+                RESULT_VARIABLE COMMIT_RESULT
+            )
+            
+            if(COMMIT_RESULT EQUAL 0)
+                message(STATUS "Changements commités avec succès pour la version ${VERSION}")
+            else()
+                message(WARNING "Échec du commit des changements. Il n'y a peut-être rien à commiter ou aucun changement sur les fichiers JSON.")
+            endif()
+        endif()
+    else()
+        message(WARNING "Git non trouvé, impossible de commiter les changements.")
+    endif()
+endfunction()
+
 # Fonction pour créer un tag git
 function(create_git_tag VERSION)
    find_package(Git QUIET)
@@ -73,6 +109,9 @@ function(set_new_version NEW_VERSION)
        endif()
    endforeach()
    
+    # Commiter les changements
+    commit_version_changes(${NEW_VERSION})
+    
    # Créer le tag git
    create_git_tag(${NEW_VERSION})
 endfunction()