chore: bump version to 1.9.6

feat(docs): add detailed features and business flow diagrams
- Introduced new interaction and community features, including comments and private messaging. - Added technical diagrams for critical workflows: authentication, content publication, and messaging. - Enhanced data model documentation with support for comments and messaging tables. - Updated API references with endpoints for comments, messaging, and user search. - Integrated post-quantum cryptography for improved data protection.
2026-02-01 20:27:58 +01:00 · 2026-02-01 20:27:46 +01:00 · 2026-01-29 21:42:34 +01:00 · 2026-01-29 21:42:05 +01:00 · 2026-01-29 20:49:07 +01:00 · 2026-01-29 20:48:57 +01:00
45 changed files with 5022 additions and 107 deletions
--- a/backend/.migrations/0009_add_privacy_settings.sql
+++ b/backend/.migrations/0009_add_privacy_settings.sql
@@ -0,0 +1,2 @@
+ALTER TABLE "users" ADD COLUMN "show_online_status" boolean DEFAULT true NOT NULL;--> statement-breakpoint
+ALTER TABLE "users" ADD COLUMN "show_read_receipts" boolean DEFAULT true NOT NULL;
--- a/backend/.migrations/0010_update_password_hash_length.sql
+++ b/backend/.migrations/0010_update_password_hash_length.sql
@@ -0,0 +1 @@
+ALTER TABLE "users" ALTER COLUMN "password_hash" SET DATA TYPE varchar(255);
--- a/backend/.migrations/meta/0009_snapshot.json
+++ b/backend/.migrations/meta/0009_snapshot.json
--- a/backend/.migrations/meta/0010_snapshot.json
+++ b/backend/.migrations/meta/0010_snapshot.json
--- a/backend/.migrations/meta/_journal.json
+++ b/backend/.migrations/meta/_journal.json
@@ -64,6 +64,20 @@
      "when": 1769696731978,
      "tag": "0008_bitter_darwin",
      "breakpoints": true
+    },
+    {
+      "idx": 9,
+      "version": "7",
+      "when": 1769717126917,
+      "tag": "0009_add_privacy_settings",
+      "breakpoints": true
+    },
+    {
+      "idx": 10,
+      "version": "7",
+      "when": 1769718997591,
+      "tag": "0010_update_password_hash_length",
+      "breakpoints": true
    }
  ]
 }
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@memegoat/backend",
-	"version": "1.9.0",
+	"version": "1.9.6",
 	"description": "",
 	"author": "",
 	"private": true,
--- a/backend/src/comments/comments.service.ts
+++ b/backend/src/comments/comments.service.ts
@@ -33,6 +33,7 @@ export class CommentsService {

 		// Récupérer le commentaire avec les infos utilisateur pour le WebSocket
 		const enrichedComment = await this.findOneEnriched(comment.id, userId);
+		if (!enrichedComment) return null;

 		// Notifier les autres utilisateurs sur ce contenu (room de contenu)
 		this.eventsGateway.sendToContent(contentId, "new_comment", enrichedComment);
--- a/backend/src/database/schemas/pgp.ts
+++ b/backend/src/database/schemas/pgp.ts
@@ -21,14 +21,19 @@ const getPgpKey = () => process.env.PGP_ENCRYPTION_KEY || "default-pgp-key";
 * withAutomaticPgpDecrypt(users.email);
 * ```
 */
-export const pgpEncrypted = customType<{ data: string; driverData: Buffer }>({
+export const pgpEncrypted = customType<{
+	data: string | null;
+	driverData: Buffer | string | null | SQL;
+}>({
 	dataType() {
 		return "bytea";
 	},
-	toDriver(value: string): SQL {
+	toDriver(value: string | null): SQL | null {
+		if (value === null) return null;
 		return sql`pgp_sym_encrypt(${value}, ${getPgpKey()})`;
 	},
-	fromDriver(value: Buffer | string): string {
+	fromDriver(value: Buffer | string | null | any): string | null {
+		if (value === null || value === undefined) return null;
 		if (typeof value === "string") return value;
 		return value.toString();
 	},
@@ -41,7 +46,9 @@ export const pgpEncrypted = customType<{ data: string; driverData: Buffer }>({
 export function withAutomaticPgpDecrypt<T extends AnyPgColumn>(column: T): T {
 	const originalGetSQL = column.getSQL.bind(column);
 	column.getSQL = () =>
-		sql`pgp_sym_decrypt(${originalGetSQL()}, ${getPgpKey()})`.mapWith(column);
+		sql`pgp_sym_decrypt(${originalGetSQL()}, ${getPgpKey()})::text`.mapWith(
+			column,
+		);
 	return column;
 }

@@ -59,5 +66,7 @@ export function pgpSymDecrypt(
 	column: AnyPgColumn,
 	key: string | SQL,
 ): SQL<string> {
-	return sql`pgp_sym_decrypt(${column}, ${key})`.mapWith(column) as SQL<string>;
+	return sql`pgp_sym_decrypt(${column}, ${key})::text`.mapWith(
+		column,
+	) as SQL<string>;
 }
--- a/backend/src/database/schemas/users.ts
+++ b/backend/src/database/schemas/users.ts
@@ -29,13 +29,15 @@ export const users = pgTable(
 		displayName: varchar("display_name", { length: 32 }),

 		username: varchar("username", { length: 32 }).notNull().unique(),
-		passwordHash: varchar("password_hash", { length: 100 }).notNull(),
+		passwordHash: varchar("password_hash", { length: 255 }).notNull(),
 		avatarUrl: varchar("avatar_url", { length: 512 }),
 		bio: varchar("bio", { length: 255 }),

 		// Sécurité
 		twoFactorSecret: pgpEncrypted("two_factor_secret"),
 		isTwoFactorEnabled: boolean("is_two_factor_enabled").notNull().default(false),
+		showOnlineStatus: boolean("show_online_status").notNull().default(true),
+		showReadReceipts: boolean("show_read_receipts").notNull().default(true),

 		// RGPD & Conformité
 		termsVersion: varchar("terms_version", { length: 16 }), // Version des CGU acceptées
--- a/backend/src/messages/messages.module.ts
+++ b/backend/src/messages/messages.module.ts
@@ -1,12 +1,13 @@
-import { Module } from "@nestjs/common";
+import { forwardRef, Module } from "@nestjs/common";
 import { AuthModule } from "../auth/auth.module";
 import { RealtimeModule } from "../realtime/realtime.module";
+import { UsersModule } from "../users/users.module";
 import { MessagesController } from "./messages.controller";
 import { MessagesService } from "./messages.service";
 import { MessagesRepository } from "./repositories/messages.repository";

@Module({
-	imports: [AuthModule, RealtimeModule],
+	imports: [AuthModule, RealtimeModule, forwardRef(() => UsersModule)],
 	controllers: [MessagesController],
 	providers: [MessagesService, MessagesRepository],
 	exports: [MessagesService],
--- a/backend/src/messages/messages.service.spec.ts
+++ b/backend/src/messages/messages.service.spec.ts
@@ -1,6 +1,7 @@
 import { ForbiddenException } from "@nestjs/common";
 import { Test, TestingModule } from "@nestjs/testing";
 import { EventsGateway } from "../realtime/events.gateway";
+import { UsersService } from "../users/users.service";
 import { MessagesService } from "./messages.service";
 import { MessagesRepository } from "./repositories/messages.repository";

@@ -16,6 +17,7 @@ describe("MessagesService", () => {
 		createMessage: jest.fn(),
 		findAllConversations: jest.fn(),
 		isParticipant: jest.fn(),
+		getParticipants: jest.fn(),
 		findMessagesByConversationId: jest.fn(),
 		markAsRead: jest.fn(),
 		countUnreadMessages: jest.fn(),
@@ -25,12 +27,17 @@ describe("MessagesService", () => {
 		sendToUser: jest.fn(),
 	};

+	const mockUsersService = {
+		findOne: jest.fn(),
+	};
+
 	beforeEach(async () => {
 		const module: TestingModule = await Test.createTestingModule({
 			providers: [
 				MessagesService,
 				{ provide: MessagesRepository, useValue: mockMessagesRepository },
 				{ provide: EventsGateway, useValue: mockEventsGateway },
+				{ provide: UsersService, useValue: mockUsersService },
 			],
 		}).compile();

--- a/backend/src/messages/messages.service.ts
+++ b/backend/src/messages/messages.service.ts
@@ -1,5 +1,11 @@
-import { ForbiddenException, Injectable } from "@nestjs/common";
+import {
+	ForbiddenException,
+	forwardRef,
+	Inject,
+	Injectable,
+} from "@nestjs/common";
 import { EventsGateway } from "../realtime/events.gateway";
+import { UsersService } from "../users/users.service";
 import type { CreateMessageDto } from "./dto/create-message.dto";
 import { MessagesRepository } from "./repositories/messages.repository";

@@ -8,6 +14,8 @@ export class MessagesService {
 	constructor(
 		private readonly messagesRepository: MessagesRepository,
 		private readonly eventsGateway: EventsGateway,
+		@Inject(forwardRef(() => UsersService))
+		private readonly usersService: UsersService,
 	) {}

 	async sendMessage(senderId: string, dto: CreateMessageDto) {
@@ -62,8 +70,24 @@ export class MessagesService {
 			throw new ForbiddenException("You are not part of this conversation");
 		}

-		// Marquer comme lus
-		await this.messagesRepository.markAsRead(conversationId, userId);
+		// Récupérer les préférences de l'utilisateur actuel
+		const user = await this.usersService.findOne(userId);
+
+		// Marquer comme lus seulement si l'utilisateur l'autorise
+		if (user?.showReadReceipts) {
+			await this.messagesRepository.markAsRead(conversationId, userId);
+
+			// Notifier l'expéditeur que les messages ont été lus
+			const participants =
+				await this.messagesRepository.getParticipants(conversationId);
+			const otherParticipant = participants.find((p) => p.userId !== userId);
+			if (otherParticipant) {
+				this.eventsGateway.sendToUser(otherParticipant.userId, "messages_read", {
+					conversationId,
+					readerId: userId,
+				});
+			}
+		}

 		return this.messagesRepository.findMessagesByConversationId(conversationId);
 	}
@@ -76,6 +100,26 @@ export class MessagesService {
 		if (!isParticipant) {
 			throw new ForbiddenException("You are not part of this conversation");
 		}
-		return this.messagesRepository.markAsRead(conversationId, userId);
+
+		const user = await this.usersService.findOne(userId);
+		if (!user?.showReadReceipts) return;
+
+		const result = await this.messagesRepository.markAsRead(
+			conversationId,
+			userId,
+		);
+
+		// Notifier l'autre participant
+		const participants =
+			await this.messagesRepository.getParticipants(conversationId);
+		const otherParticipant = participants.find((p) => p.userId !== userId);
+		if (otherParticipant) {
+			this.eventsGateway.sendToUser(otherParticipant.userId, "messages_read", {
+				conversationId,
+				readerId: userId,
+			});
+		}
+
+		return result;
 	}
 }
--- a/backend/src/realtime/events.gateway.spec.ts
+++ b/backend/src/realtime/events.gateway.spec.ts
@@ -1,6 +1,7 @@
 import { ConfigService } from "@nestjs/config";
 import { Test, TestingModule } from "@nestjs/testing";
 import { JwtService } from "../crypto/services/jwt.service";
+import { UsersService } from "../users/users.service";
 import { EventsGateway } from "./events.gateway";

 describe("EventsGateway", () => {
@@ -15,12 +16,17 @@ describe("EventsGateway", () => {
 		get: jest.fn().mockReturnValue("secret-password-32-chars-long-!!!"),
 	};

+	const mockUsersService = {
+		findOne: jest.fn(),
+	};
+
 	beforeEach(async () => {
 		const module: TestingModule = await Test.createTestingModule({
 			providers: [
 				EventsGateway,
 				{ provide: JwtService, useValue: mockJwtService },
 				{ provide: ConfigService, useValue: mockConfigService },
+				{ provide: UsersService, useValue: mockUsersService },
 			],
 		}).compile();

--- a/backend/src/realtime/events.gateway.ts
+++ b/backend/src/realtime/events.gateway.ts
@@ -1,4 +1,4 @@
-import { Logger } from "@nestjs/common";
+import { forwardRef, Inject, Logger } from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
 import {
 	ConnectedSocket,
@@ -14,16 +14,39 @@ import { getIronSession } from "iron-session";
 import { Server, Socket } from "socket.io";
 import { getSessionOptions, SessionData } from "../auth/session.config";
 import { JwtService } from "../crypto/services/jwt.service";
+import { UsersService } from "../users/users.service";

@WebSocketGateway({
+	transports: ["websocket"],
 	cors: {
 		origin: (
-			_origin: string,
+			origin: string,
 			callback: (err: Error | null, allow?: boolean) => void,
 		) => {
-			// En production, on pourrait restreindre ici
-			// Pour l'instant on autorise tout en mode credentials pour faciliter le déploiement multi-domaines
-			callback(null, true);
+			// Autoriser si pas d'origine (ex: app mobile ou serveur à serveur)
+			// ou si on est en développement local
+			if (
+				!origin ||
+				origin.includes("localhost") ||
+				origin.includes("127.0.0.1")
+			) {
+				callback(null, true);
+				return;
+			}
+
+			// En production, on peut restreindre via une variable d'environnement
+			const domainName = process.env.CORS_DOMAIN_NAME;
+			if (!domainName || domainName === "*") {
+				callback(null, true);
+				return;
+			}
+
+			const allowedOrigins = domainName.split(",").map((o) => o.trim());
+			if (allowedOrigins.includes(origin)) {
+				callback(null, true);
+			} else {
+				callback(new Error("Not allowed by CORS"));
+			}
 		},
 		credentials: true,
 		methods: ["GET", "POST"],
@@ -41,6 +64,8 @@ export class EventsGateway
 	constructor(
 		private readonly jwtService: JwtService,
 		private readonly configService: ConfigService,
+		@Inject(forwardRef(() => UsersService))
+		private readonly usersService: UsersService,
 	) {}

 	afterInit(_server: Server) {
@@ -73,17 +98,28 @@ export class EventsGateway
 			}

 			const payload = await this.jwtService.verifyJwt(session.accessToken);
+			if (!payload.sub) {
+				throw new Error("Invalid token payload: missing sub");
+			}
+
 			client.data.user = payload;

 			// Rejoindre une room personnelle pour les notifications
 			client.join(`user:${payload.sub}`);

 			// Gérer le statut en ligne
-			if (!this.onlineUsers.has(payload.sub)) {
-				this.onlineUsers.set(payload.sub, new Set());
-				this.server.emit("user_status", { userId: payload.sub, status: "online" });
+			const userId = payload.sub as string;
+
+			if (!this.onlineUsers.has(userId)) {
+				this.onlineUsers.set(userId, new Set());
+
+				// Vérifier les préférences de l'utilisateur
+				const user = await this.usersService.findOne(userId);
+				if (user?.showOnlineStatus) {
+					this.broadcastStatus(userId, "online");
+				}
 			}
-			this.onlineUsers.get(payload.sub)?.add(client.id);
+			this.onlineUsers.get(userId)?.add(client.id);

 			this.logger.log(`Client connected: ${client.id} (User: ${payload.sub})`);
 		} catch (error) {
@@ -92,19 +128,31 @@ export class EventsGateway
 		}
 	}

-	handleDisconnect(client: Socket) {
+	async handleDisconnect(client: Socket) {
 		const userId = client.data.user?.sub;
 		if (userId && this.onlineUsers.has(userId)) {
 			const sockets = this.onlineUsers.get(userId);
 			sockets?.delete(client.id);
 			if (sockets?.size === 0) {
 				this.onlineUsers.delete(userId);
-				this.server.emit("user_status", { userId, status: "offline" });
+
+				const user = await this.usersService.findOne(userId);
+				if (user?.showOnlineStatus) {
+					this.broadcastStatus(userId, "offline");
+				}
 			}
 		}
 		this.logger.log(`Client disconnected: ${client.id}`);
 	}

+	broadcastStatus(userId: string, status: "online" | "offline") {
+		this.server.emit("user_status", { userId, status });
+	}
+
+	isUserOnline(userId: string): boolean {
+		return this.onlineUsers.has(userId);
+	}
+
 	@SubscribeMessage("join_content")
 	handleJoinContent(
 		@ConnectedSocket() client: Socket,
@@ -124,13 +172,20 @@ export class EventsGateway
 	}

 	@SubscribeMessage("typing")
-	handleTyping(
+	async handleTyping(
 		@ConnectedSocket() client: Socket,
 		@MessageBody() data: { recipientId: string; isTyping: boolean },
 	) {
 		const userId = client.data.user?.sub;
 		if (!userId) return;

+		// Optionnel: vérifier si l'utilisateur autorise le statut en ligne avant d'émettre "typing"
+		// ou si on considère que typing est une interaction directe qui outrepasse le statut.
+		// Instagram affiche "Typing..." même si le statut en ligne est désactivé si on est dans le chat.
+		// Mais par souci de cohérence avec "showOnlineStatus", on peut le vérifier.
+		const user = await this.usersService.findOne(userId);
+		if (!user?.showOnlineStatus) return;
+
 		this.server.to(`user:${data.recipientId}`).emit("user_typing", {
 			userId,
 			isTyping: data.isTyping,
@@ -138,13 +193,19 @@ export class EventsGateway
 	}

 	@SubscribeMessage("check_status")
-	handleCheckStatus(
+	async handleCheckStatus(
 		@ConnectedSocket() _client: Socket,
 		@MessageBody() userId: string,
 	) {
+		const isOnline = this.onlineUsers.has(userId);
+		if (!isOnline) return { userId, status: "offline" };
+
+		const user = await this.usersService.findOne(userId);
+		if (!user?.showOnlineStatus) return { userId, status: "offline" };
+
 		return {
 			userId,
-			status: this.onlineUsers.has(userId) ? "online" : "offline",
+			status: "online",
 		};
 	}

--- a/backend/src/realtime/realtime.module.ts
+++ b/backend/src/realtime/realtime.module.ts
@@ -1,9 +1,11 @@
-import { Module } from "@nestjs/common";
+import { forwardRef, Module } from "@nestjs/common";
+import { ConfigModule } from "@nestjs/config";
 import { CryptoModule } from "../crypto/crypto.module";
+import { UsersModule } from "../users/users.module";
 import { EventsGateway } from "./events.gateway";

@Module({
-	imports: [CryptoModule],
+	imports: [CryptoModule, ConfigModule, forwardRef(() => UsersModule)],
 	providers: [EventsGateway],
 	exports: [EventsGateway],
 })
--- a/backend/src/users/dto/update-user.dto.ts
+++ b/backend/src/users/dto/update-user.dto.ts
@@ -1,4 +1,4 @@
-import { IsOptional, IsString, MaxLength } from "class-validator";
+import { IsBoolean, IsOptional, IsString, MaxLength } from "class-validator";

 export class UpdateUserDto {
 	@IsOptional()
@@ -22,4 +22,12 @@ export class UpdateUserDto {
 	@IsOptional()
 	@IsString()
 	role?: string;
+
+	@IsOptional()
+	@IsBoolean()
+	showOnlineStatus?: boolean;
+
+	@IsOptional()
+	@IsBoolean()
+	showReadReceipts?: boolean;
 }
--- a/backend/src/users/repositories/users.repository.ts
+++ b/backend/src/users/repositories/users.repository.ts
@@ -47,6 +47,8 @@ export class UsersRepository {
 				bio: users.bio,
 				status: users.status,
 				isTwoFactorEnabled: users.isTwoFactorEnabled,
+				showOnlineStatus: users.showOnlineStatus,
+				showReadReceipts: users.showReadReceipts,
 				createdAt: users.createdAt,
 				updatedAt: users.updatedAt,
 			})
--- a/backend/src/users/users.module.ts
+++ b/backend/src/users/users.module.ts
@@ -1,13 +1,19 @@
 import { forwardRef, Module } from "@nestjs/common";
 import { AuthModule } from "../auth/auth.module";
 import { MediaModule } from "../media/media.module";
+import { RealtimeModule } from "../realtime/realtime.module";
 import { S3Module } from "../s3/s3.module";
 import { UsersRepository } from "./repositories/users.repository";
 import { UsersController } from "./users.controller";
 import { UsersService } from "./users.service";

@Module({
-	imports: [forwardRef(() => AuthModule), MediaModule, S3Module],
+	imports: [
+		forwardRef(() => AuthModule),
+		MediaModule,
+		S3Module,
+		forwardRef(() => RealtimeModule),
+	],
 	controllers: [UsersController],
 	providers: [UsersService, UsersRepository],
 	exports: [UsersService, UsersRepository],
--- a/backend/src/users/users.service.spec.ts
+++ b/backend/src/users/users.service.spec.ts
@@ -20,6 +20,7 @@ import { ConfigService } from "@nestjs/config";
 import { Test, TestingModule } from "@nestjs/testing";
 import { RbacService } from "../auth/rbac.service";
 import { MediaService } from "../media/media.service";
+import { EventsGateway } from "../realtime/events.gateway";
 import { S3Service } from "../s3/s3.service";
 import { UsersRepository } from "./repositories/users.repository";
 import { UsersService } from "./users.service";
@@ -49,6 +50,7 @@ describe("UsersService", () => {

 	const mockRbacService = {
 		getUserRoles: jest.fn(),
+		assignRoleToUser: jest.fn(),
 	};

 	const mockMediaService = {
@@ -65,6 +67,11 @@ describe("UsersService", () => {
 		get: jest.fn(),
 	};

+	const mockEventsGateway = {
+		isUserOnline: jest.fn(),
+		broadcastStatus: jest.fn(),
+	};
+
 	beforeEach(async () => {
 		jest.clearAllMocks();

@@ -77,6 +84,7 @@ describe("UsersService", () => {
 				{ provide: MediaService, useValue: mockMediaService },
 				{ provide: S3Service, useValue: mockS3Service },
 				{ provide: ConfigService, useValue: mockConfigService },
+				{ provide: EventsGateway, useValue: mockEventsGateway },
 			],
 		}).compile();

--- a/backend/src/users/users.service.ts
+++ b/backend/src/users/users.service.ts
@@ -12,6 +12,7 @@ import { RbacService } from "../auth/rbac.service";
 import type { IMediaService } from "../common/interfaces/media.interface";
 import type { IStorageService } from "../common/interfaces/storage.interface";
 import { MediaService } from "../media/media.service";
+import { EventsGateway } from "../realtime/events.gateway";
 import { S3Service } from "../s3/s3.service";
 import { UpdateUserDto } from "./dto/update-user.dto";
 import { UsersRepository } from "./repositories/users.repository";
@@ -27,6 +28,8 @@ export class UsersService {
 		private readonly rbacService: RbacService,
 		@Inject(MediaService) private readonly mediaService: IMediaService,
 		@Inject(S3Service) private readonly s3Service: IStorageService,
+		@Inject(forwardRef(() => EventsGateway))
+		private readonly eventsGateway: EventsGateway,
 	) {}

 	private async clearUserCache(username?: string) {
@@ -137,6 +140,9 @@ export class UsersService {

 		const { role, ...userData } = data;

+		// On récupère l'utilisateur actuel avant mise à jour pour comparer les préférences
+		const oldUser = await this.usersRepository.findOne(uuid);
+
 		const result = await this.usersRepository.update(uuid, userData);

 		if (role) {
@@ -145,6 +151,21 @@ export class UsersService {

 		if (result[0]) {
 			await this.clearUserCache(result[0].username);
+
+			// Gérer le changement de préférence de statut en ligne
+			if (
+				data.showOnlineStatus !== undefined &&
+				data.showOnlineStatus !== oldUser?.showOnlineStatus
+			) {
+				const isOnline = this.eventsGateway.isUserOnline(uuid);
+				if (isOnline) {
+					if (data.showOnlineStatus) {
+						this.eventsGateway.broadcastStatus(uuid, "online");
+					} else {
+						this.eventsGateway.broadcastStatus(uuid, "offline");
+					}
+				}
+			}
 		}
 		return result;
 	}
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -131,6 +131,8 @@ services:
    environment:
      NODE_ENV: production
      NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-https://api.memegoat.fr}
+      NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL:-https://memegoat.fr}
+      NEXT_PUBLIC_CONTACT_EMAIL: ${MAIL_FROM:-noreply@memegoat.fr}
    depends_on:
      - backend

--- a/documentation/content/docs/_meta.json
+++ b/documentation/content/docs/_meta.json
@@ -7,6 +7,7 @@
 	"features": "Fonctionnalités",
 	"stack": "Stack Technologique",
 	"database": "Modèle de Données",
+	"flows": "Flux Métiers",
 	"---security---": {
 		"type": "separator",
 		"label": "Sécurité & Conformité"
--- a/documentation/content/docs/api-reference.mdx
+++ b/documentation/content/docs/api-reference.mdx
@@ -216,6 +216,16 @@ Cette page documente tous les points de terminaison disponibles sur l'API Memego
    - `200 OK` : 2FA désactivée.
  </Accordion>

+  <Accordion title="GET /users/search">
+    Recherche des utilisateurs par leur nom d'utilisateur ou nom d'affichage. Requiert l'authentification.
+
+    **Query Params :**
+    - `q` (string) : Terme de recherche.
+
+    **Réponses :**
+    - `200 OK` : Liste des utilisateurs correspondants.
+  </Accordion>
+
  <Accordion title="GET /users/admin">
    Liste tous les utilisateurs. **Réservé aux administrateurs.**

@@ -406,6 +416,92 @@ Cette page documente tous les points de terminaison disponibles sur l'API Memego
  </Accordion>
 </Accordions>

+### 💬 Commentaires (`/comments` & `/contents/:id/comments`)
+
+<Accordions>
+  <Accordion title="GET /contents/:contentId/comments">
+    Liste les commentaires d'un contenu.
+
+    **Réponses :**
+    - `200 OK` : Liste des commentaires, incluant l'auteur et si l'utilisateur actuel a aimé le commentaire.
+  </Accordion>
+
+  <Accordion title="POST /contents/:contentId/comments">
+    Ajoute un commentaire à un contenu. Requiert l'authentification.
+
+    **Corps de la requête :**
+    - `text` (string) : Contenu du commentaire.
+    - `parentId` (uuid, optional) : ID du commentaire parent pour les réponses.
+
+    **Réponses :**
+    - `201 Created` : Commentaire ajouté.
+  </Accordion>
+
+  <Accordion title="DELETE /comments/:id">
+    Supprime un commentaire. L'utilisateur doit être l'auteur ou un modérateur/admin.
+
+    **Réponses :**
+    - `200 OK` : Commentaire supprimé.
+  </Accordion>
+
+  <Accordion title="POST /comments/:id/like">
+    Ajoute un "like" à un commentaire. Requiert l'authentification.
+
+    **Réponses :**
+    - `201 Created` : Like ajouté.
+  </Accordion>
+
+  <Accordion title="DELETE /comments/:id/like">
+    Retire un "like" d'un commentaire. Requiert l'authentification.
+
+    **Réponses :**
+    - `200 OK` : Like retiré.
+  </Accordion>
+</Accordions>
+
+### ✉️ Messagerie (`/messages`)
+
+<Accordions>
+  <Accordion title="GET /messages/conversations">
+    Liste les conversations de l'utilisateur connecté. Requiert l'authentification.
+
+    **Réponses :**
+    - `200 OK` : Liste des conversations avec le dernier message et le nombre de messages non lus.
+  </Accordion>
+
+  <Accordion title="GET /messages/unread-count">
+    Récupère le nombre total de messages non lus pour l'utilisateur. Requiert l'authentification.
+
+    **Réponses :**
+    - `200 OK` : `{ "count": number }`.
+  </Accordion>
+
+  <Accordion title="GET /messages/conversations/with/:userId">
+    Récupère ou crée une conversation avec un utilisateur spécifique. Requiert l'authentification.
+
+    **Réponses :**
+    - `200 OK` : Objet conversation.
+  </Accordion>
+
+  <Accordion title="GET /messages/conversations/:id">
+    Récupère les messages d'une conversation. Marque les messages comme lus. Requiert l'authentification.
+
+    **Réponses :**
+    - `200 OK` : Liste des messages.
+  </Accordion>
+
+  <Accordion title="POST /messages">
+    Envoie un message. Requiert l'authentification.
+
+    **Corps de la requête :**
+    - `recipientId` (uuid) : ID du destinataire.
+    - `text` (string) : Contenu du message.
+
+    **Réponses :**
+    - `201 Created` : Message envoyé.
+  </Accordion>
+</Accordions>
+
 ### ⭐ Favoris (`/favorites`)

 <Accordions>
--- a/documentation/content/docs/api.mdx
+++ b/documentation/content/docs/api.mdx
@@ -29,4 +29,4 @@ Memegoat utilise une architecture de stockage d'objets compatible S3 (MinIO). Le

 ### Notifications (Mail)

-Le système intègre un service d'envoi d'emails (SMTP) pour les notifications critiques et la gestion des comptes.
+Le système intègre un service d'envoi d'emails (SMTP) via `@nestjs-modules/mailer` pour les notifications critiques, la validation des comptes et la réinitialisation de mots de passe.
--- a/documentation/content/docs/compliance.mdx
+++ b/documentation/content/docs/compliance.mdx
@@ -19,7 +19,8 @@ Le projet Memegoat s'inscrit dans une démarche de respect de la vie privée et

 Conformément à la section [Sécurité](/docs/security), les mesures suivantes sont appliquées :
 - **Chiffrement au repos** : Utilisation de **PGP (pgcrypto)** pour les données identifiantes.
- **Hachage aveugle** : Pour permettre les opérations sur données chiffrées sans compromettre la confidentialité.
+- **Cryptographie Post-Quantique** : Mise en œuvre de `@noble/post-quantum` pour protéger les données contre les futures capacités de calcul quantique.
+- **Hachage aveugle (Blind Indexing)** : Pour permettre les opérations d'unicité et de recherche sur données chiffrées sans compromettre la confidentialité.
 - **Hachage des mots de passe** : Utilisation de l'algorithme **Argon2id**.
 - **Communications sécurisées** : Utilisation de **TLS 1.3** via Caddy.
 - **Suivi des Erreurs (Sentry)** : Configuration conforme avec désactivation de l'envoi des PII (Personally Identifiable Information) et masquage des données sensibles.
--- a/documentation/content/docs/database.mdx
+++ b/documentation/content/docs/database.mdx
@@ -18,13 +18,24 @@ erDiagram
    USER ||--o{ API_KEY : "genere"
    USER ||--o{ AUDIT_LOG : "genere"
    USER ||--o{ FAVORITE : "ajoute"
+    USER ||--o{ COMMENT : "rédige"
+    USER ||--o{ COMMENT_LIKE : "aime"
+    USER ||--o{ CONVERSATION_PARTICIPANT : "participe"
+    USER ||--o{ MESSAGE : "envoie"
    
    CONTENT ||--o{ CONTENT_TAG : "possede"
    TAG ||--o{ CONTENT_TAG : "est_lie_a"
    CONTENT ||--o{ REPORT : "est_signale"
    CONTENT ||--o{ FAVORITE : "est_mis_en"
+    CONTENT ||--o{ COMMENT : "reçoit"
    TAG ||--o{ REPORT : "est_signale"

+    COMMENT ||--o{ COMMENT : "possède des réponses"
+    COMMENT ||--o{ COMMENT_LIKE : "est aimé par"
+
+    CONVERSATION ||--o{ CONVERSATION_PARTICIPANT : "regroupe"
+    CONVERSATION ||--o{ MESSAGE : "contient"
+
    CATEGORY ||--o{ CONTENT : "catégorise"

    ROLE ||--o{ USER_ROLE : "attribue_a"
@@ -45,6 +56,15 @@ erDiagram
        string type
        string storage_key
    }
+    COMMENT {
+        string text
+    }
+    CONVERSATION {
+        timestamp created_at
+    }
+    MESSAGE {
+        string text
+    }
    TAG {
        string name
        string slug
@@ -140,6 +160,39 @@ erDiagram
        uuid content_id PK, FK
        uuid tag_id PK, FK
    }
+    comments {
+        uuid id PK
+        uuid content_id FK
+        uuid user_id FK
+        uuid parent_id FK
+        text text
+        timestamp created_at
+        timestamp updated_at
+        timestamp deleted_at
+    }
+    comment_likes {
+        uuid comment_id PK, FK
+        uuid user_id PK, FK
+        timestamp created_at
+    }
+    conversations {
+        uuid id PK
+        timestamp created_at
+        timestamp updated_at
+    }
+    conversation_participants {
+        uuid conversation_id PK, FK
+        uuid user_id PK, FK
+        timestamp joined_at
+    }
+    messages {
+        uuid id PK
+        uuid conversation_id FK
+        uuid sender_id FK
+        text text
+        timestamp created_at
+        timestamp read_at
+    }
    roles {
        uuid id PK
        varchar name
@@ -225,6 +278,15 @@ erDiagram
    users ||--o{ sessions : "user_id"
    users ||--o{ api_keys : "user_id"
    users ||--o{ audit_logs : "user_id"
+    contents ||--o{ comments : "content_id"
+    users ||--o{ comments : "user_id"
+    comments ||--o{ comments : "parent_id"
+    comments ||--o{ comment_likes : "comment_id"
+    users ||--o{ comment_likes : "user_id"
+    conversations ||--o{ conversation_participants : "conversation_id"
+    users ||--o{ conversation_participants : "user_id"
+    conversations ||--o{ messages : "conversation_id"
+    users ||--o{ messages : "sender_id"
 ```

 ### Physique (MPD)
@@ -278,6 +340,7 @@ erDiagram

 #### Sécurité et Chiffrement
 - **Chiffrement PGP (Native)** : Les colonnes `email` et `two_factor_secret` sont stockées au format `bytea` et chiffrées/déchiffrées via les fonctions `pgp_sym_encrypt` et `pgp_sym_decrypt` de PostgreSQL (via l'extension `pgcrypto`).
+- **Cryptographie Post-Quantique** : Utilisation de la bibliothèque `@noble/post-quantum` pour anticiper les futures menaces cryptographiques.
 - **Hachage aveugle (Blind Indexing)** : La colonne `email_hash` stocke un hash (SHA-256) de l'email pour permettre les recherches d'unicité et les recherches rapides sans déchiffrer la donnée.

 #### Index et Optimisations
--- a/documentation/content/docs/deployment.mdx
+++ b/documentation/content/docs/deployment.mdx
@@ -12,10 +12,10 @@ Un conteneur **Caddy** est utilisé en tant que reverse proxy pour fournir le TL
 ### Pré-requis Système

 <Cards>
-  <Card title="Environnement" description="Node.js >= 20, pnpm >= 10." />
-  <Card title="Base de données" description="PostgreSQL >= 15 + pgcrypto et Redis." />
+  <Card title="Environnement" description="Node.js >= 22 (recommandé pour NestJS 11), pnpm >= 10." />
+  <Card title="Base de données" description="PostgreSQL >= 16 + pgcrypto et Redis 7+." />
  <Card title="Stockage" description="MinIO ou S3 Compatible." />
-  <Card title="Services" description="ClamAV (clamd) et FFmpeg." />
+  <Card title="Services" description="ClamAV (clamd), FFmpeg 6+ et Serveur SMTP." />
 </Cards>

 ### Procédure de Déploiement
--- a/documentation/content/docs/features.mdx
+++ b/documentation/content/docs/features.mdx
@@ -10,7 +10,7 @@ Le projet Memegoat intègre un ensemble de fonctionnalités avancées pour garan
 ## 🏗️ Infrastructure & Médias

 ### 📤 Publication & Traitement
-Le coeur de la plateforme permet la publication sécurisée de mèmes et de GIFs avec un pipeline de traitement complet :
+Le coeur de la plateforme permet la publication sécurisée de mèmes et de GIFs avec un pipeline de traitement complet (voir le [Flux de Publication](/docs/flows#-publication-de-contenu-pipeline-médía)) :

 <Cards>
  <Card icon="🛡️" title="Sécurité (Antivirus)" description="Chaque fichier uploadé est scanné en temps réel par ClamAV." />
@@ -64,6 +64,11 @@ Un système complet de gestion de profil permet aux utilisateurs de :
 - Configurer la **Double Authentification (2FA)**.
 - Consulter leurs sessions actives et révoquer des accès.

+### 💬 Interaction & Communauté
+Memegoat favorise l'interaction entre les utilisateurs via plusieurs fonctionnalités sociales :
+- **Système de Commentaires** : Les utilisateurs peuvent commenter les mèmes, répondre à d'autres commentaires et aimer les contributions.
+- **Messagerie Privée** : Un système de messagerie sécurisé permettant des conversations directes entre utilisateurs, avec gestion des conversations et compteurs de messages non lus.
+
 <Callout type="info">
  Toutes les données sensibles du profil sont protégées par **chiffrement PGP** au repos.
 </Callout>
--- a/documentation/content/docs/flows.mdx
+++ b/documentation/content/docs/flows.mdx
@@ -0,0 +1,177 @@
+---
+title: Flux Métiers
+description: Diagrammes de séquence et explications des flux critiques de Memegoat.
+---
+
+# 🔄 Flux Métiers
+
+Cette section détaille les processus critiques de la plateforme Memegoat à travers des diagrammes de séquence et des explications techniques étape par étape.
+
+## 🔐 Authentification & Sécurité
+
+### Inscription & Double Authentification (2FA)
+
+Le processus d'inscription intègre immédiatement les mesures de sécurité fortes (Argon2id, PGP). L'activation de la 2FA est optionnelle mais fortement recommandée.
+
+```mermaid
+sequenceDiagram
+    participant U as Utilisateur
+    participant F as Frontend
+    participant B as Backend
+    participant DB as PostgreSQL
+    participant M as Serveur SMTP
+
+    Note over U, DB: Flux d'Inscription
+    U->>F: Remplir formulaire (email, password)
+    F->>B: POST /auth/register
+    B->>B: Hash password (Argon2id)
+    B->>B: Chiffrement Email (PGP)
+    B->>B: Génération Email Hash (Blind Indexing)
+    B->>DB: INSERT INTO users
+    B->>M: Envoi email de validation
+    B-->>F: 201 Created
+    F-->>U: Succès (Redirection Login)
+
+    Note over U, DB: Activation 2FA
+    U->>F: Activer 2FA
+    F->>B: POST /users/me/2fa/setup
+    B->>B: Générer Secret TOTP
+    B->>B: Chiffrer Secret (PGP)
+    B->>DB: UPDATE users SET two_factor_secret
+    B-->>F: Secret + QR Code URL
+    F-->>U: Affiche QR Code
+    U->>F: Saisir code TOTP
+    F->>B: POST /users/me/2fa/enable (token)
+    B->>B: Déchiffrer Secret (PGP)
+    B->>B: Vérifier TOTP (otplib)
+    B->>DB: UPDATE users SET is_two_factor_enabled = true
+    B-->>F: 200 OK
+```
+
+---
+
+## 📤 Publication de Contenu (Pipeline Média)
+
+La publication d'un mème ou d'un GIF suit un pipeline rigoureux garantissant la sécurité (Antivirus) et l'optimisation (Transcodage).
+
+```mermaid
+sequenceDiagram
+    participant U as Utilisateur
+    participant F as Frontend
+    participant B as Backend
+    participant AV as ClamAV
+    participant S3 as MinIO (S3)
+    participant DB as PostgreSQL
+
+    U->>F: Sélectionner image/vidéo
+    F->>B: POST /contents/upload (multipart)
+    B->>B: Validation (Taille, MIME-Type)
+    B->>AV: Scan Antivirus (Stream)
+    AV-->>B: Verdict (Clean/Infected)
+    
+    alt Infecté
+        B-->>F: 400 Bad Request (Virus detected)
+    else Sain
+        B->>B: Transcodage (Sharp/FFmpeg)
+        Note right of B: WebP pour images, WebM pour vidéos
+        B->>S3: Upload fichier optimisé
+        S3-->>B: Storage Key
+        B->>DB: INSERT INTO contents
+        B->>DB: INSERT INTO audit_logs (Upload action)
+        B-->>F: 201 Created
+    end
+```
+
+---
+
+## 💬 Messagerie & Temps Réel
+
+Memegoat utilise **Socket.io** pour les interactions en temps réel, avec une validation de session robuste via `iron-session`.
+
+```mermaid
+sequenceDiagram
+    participant U1 as Utilisateur A
+    participant F1 as Frontend A
+    participant WS as WebSocket Gateway
+    participant B as Backend (API)
+    participant F2 as Frontend B
+    participant U2 as Utilisateur B
+
+    U1->>F1: Ouvre le chat
+    F1->>WS: Connexion (transports: websocket)
+    Note over WS: Authentification via iron-session cookie
+    WS->>WS: Vérifie Access Token (JWT)
+    WS->>WS: Rejoindre room "user:A"
+    WS-->>F1: Connected
+
+    U1->>F1: Tape un message
+    F1->>WS: Event "typing" { recipientId: B, isTyping: true }
+    WS->>F2: Event "user_typing" { userId: A, isTyping: true }
+    F2-->>U2: Affiche "A est en train d'écrire..."
+
+    U1->>F1: Envoyer message
+    F1->>B: POST /messages { recipientId: B, text: "Salut !" }
+    B->>DB: INSERT INTO messages
+    B-->>F1: 201 Created
+    B->>WS: Trigger Notify(B)
+    WS->>F2: Event "new_message" { senderId: A, text: "Salut !" }
+    F2-->>U2: Affiche message + Notification
+```
+
+---
+
+## ⚖️ Cycle de Vie & Conformité (RGPD)
+
+La gestion des données respecte le droit à l'oubli à travers un processus de suppression en deux étapes et une purge automatique.
+
+```mermaid
+sequenceDiagram
+    participant U as Utilisateur
+    participant B as Backend
+    participant DB as PostgreSQL
+    participant S3 as MinIO (S3)
+    participant C as Cron Job (PurgeService)
+
+    Note over U, DB: Droit à l'oubli (Phase 1)
+    U->>B: DELETE /users/me
+    B->>DB: UPDATE users SET deleted_at = NOW()
+    B->>DB: UPDATE contents SET deleted_at = NOW() WHERE user_id = U
+    B-->>U: 200 OK (Compte désactivé)
+
+    Note over C, S3: Purge Automatique (Phase 2 - après 30 jours)
+    C->>B: Execute purgeExpiredData()
+    B->>DB: SELECT users WHERE deleted_at < 30 days
+    B->>DB: DELETE FROM users (Hard Delete)
+    Note right of B: Cascade delete sur API keys, Sessions, etc.
+    B->>DB: DELETE FROM contents (Hard Delete)
+    B->>S3: DELETE objects (Storage Keys)
+    B->>DB: Purge Audit Logs / Reports expirés
+```
+
+---
+
+## 🚩 Modération
+
+Le flux de modération permet aux utilisateurs de signaler des abus, traités ensuite par les administrateurs.
+
+```mermaid
+sequenceDiagram
+    participant U as Utilisateur
+    participant B as Backend
+    participant DB as PostgreSQL
+    participant A as Administrateur
+
+    U->>B: POST /reports { contentId, reason, description }
+    B->>DB: INSERT INTO reports (status: pending)
+    B-->>U: 201 Created
+
+    A->>B: GET /reports (Admin Panel)
+    B->>DB: SELECT * FROM reports WHERE status = pending
+    B-->>A: Liste des signalements
+
+    A->>B: PATCH /reports/:id/status { status: resolved }
+    B->>DB: UPDATE reports SET status = resolved
+    Note right of B: Si contenu illicite, l'admin peut supprimer le contenu
+    B->>B: DELETE /contents/:id/admin (Hard Delete)
+    B-->>A: 200 OK
+```
--- a/documentation/content/docs/index.mdx
+++ b/documentation/content/docs/index.mdx
@@ -18,10 +18,11 @@ graph TD
    User([Utilisateur])
    Caddy[Reverse Proxy: Caddy]
    Frontend[Frontend: Next.js]
-    Backend[Backend: NestJS]
+    Backend[Backend: NestJS 11]
    DB[(Database: PostgreSQL)]
    Storage[Storage: S3/MinIO]
    Cache[(Cache: Redis)]
+    AV[Antivirus: ClamAV]
    Monitoring[Monitoring: Sentry]

    User <--> Caddy
@@ -30,6 +31,7 @@ graph TD
    Backend <--> DB
    Backend <--> Storage
    Backend <--> Cache
+    Backend <--> AV
    Backend --> Monitoring
 ```

@@ -43,6 +45,11 @@ Explorez les sections clés pour approfondir vos connaissances techniques :
    href="/docs/features"
    description="Détails des capacités techniques et du pipeline média haute performance."
  />
+  <Card
+    title="🔄 Flux Métiers"
+    href="/docs/flows"
+    description="Diagrammes de séquence des processus critiques (Publication, 2FA, Chat)."
+  />
  <Card
    title="🔐 Sécurité"
    href="/docs/security"
--- a/documentation/content/docs/security.mdx
+++ b/documentation/content/docs/security.mdx
@@ -7,6 +7,7 @@ description: Mesures de sécurité implémentées

 ### Protection des Données (At Rest)

+- **Cryptographie Post-Quantique** : Utilisation de la bibliothèque `@noble/post-quantum` pour anticiper les futures menaces cryptographiques et protéger les données sensibles contre les attaques "Harvest Now, Decrypt Later".
 - **Chiffrement PGP Natif** : Les données identifiantes (PII) comme l'email, le nom d'affichage et le **secret 2FA** sont chiffrées dans PostgreSQL via `pgcrypto` (`pgp_sym_encrypt`). 

 <Callout type="warn" title="Sécurité des Clés">
--- a/documentation/content/docs/stack.mdx
+++ b/documentation/content/docs/stack.mdx
@@ -17,9 +17,9 @@ description: Technologies utilisées dans le projet Memegoat
 ### Backend

 <Cards>
-  <Card title="NestJS" description="Framework Node.js modulaire et robuste." />
+  <Card title="NestJS 11" description="Framework Node.js modulaire et robuste (dernière version majeure)." />
  <Card title="PostgreSQL" description="Base de données relationnelle puissante." />
-  <Card title="Redis" description="Store clé-valeur pour le cache haute performance." />
+  <Card title="Redis" description="Store clé-valeur pour le cache haute performance (Cache Manager v5+)." />
  <Card title="Drizzle ORM" description="ORM TypeScript-first avec support des migrations." />
  <Card title="Sharp & FFmpeg" description="Traitement haute performance des images et vidéos." />
 </Cards>
@@ -28,8 +28,9 @@ description: Technologies utilisées dans le projet Memegoat

 <Cards>
  <Card title="ClamAV" description="Protection antivirus en temps réel." />
-  <Card title="Sentry" description="Reporting d'erreurs et profiling de performance." />
-  <Card title="Argon2id" description="Hachage de mots de passe de grade militaire." />
+  <Card title="Sentry" description="Reporting d'erreurs et profiling de performance (SDK v8+)." />
+  <Card title="Argon2id" description="Hachage de mots de passe de grade militaire via @node-rs/argon2." />
+  <Card title="Post-Quantum Crypto" description="Algorithmes résistants aux futurs ordinateurs quantiques via @noble/post-quantum." />
  <Card title="PGP (pgcrypto)" description="Chiffrement natif des données sensibles." />
  <Card title="otplib" description="Implémentation TOTP pour la 2FA." />
  <Card title="iron-session" description="Gestion sécurisée des sessions via cookies chiffrés." />
--- a/frontend/next.config.ts
+++ b/frontend/next.config.ts
@@ -1,5 +1,16 @@
 import type { NextConfig } from "next";

+const appUrl = process.env.NEXT_PUBLIC_APP_URL || "https://memegoat.fr";
+const apiUrl = process.env.NEXT_PUBLIC_API_URL || "https://api.memegoat.fr";
+
+const getHostname = (url: string) => {
+	try {
+		return new URL(url).hostname;
+	} catch {
+		return url;
+	}
+};
+
 const nextConfig: NextConfig = {
 	/* config options here */
 	reactCompiler: true,
@@ -7,11 +18,11 @@ const nextConfig: NextConfig = {
 		remotePatterns: [
 			{
 				protocol: "https",
-				hostname: "memegoat.fr",
+				hostname: getHostname(appUrl),
 			},
 			{
 				protocol: "https",
-				hostname: "api.memegoat.fr",
+				hostname: getHostname(apiUrl),
 			},
 		],
 	},
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@memegoat/frontend",
-	"version": "1.9.0",
+	"version": "1.9.6",
 	"private": true,
 	"scripts": {
 		"dev": "next dev",
--- a/frontend/src/app/(dashboard)/help/page.tsx
+++ b/frontend/src/app/(dashboard)/help/page.tsx
@@ -63,7 +63,9 @@ export default function HelpPage() {
 				<p className="text-muted-foreground">
 					N'hésitez pas à nous contacter sur nos réseaux sociaux ou par email.
 				</p>
-				<p className="font-semibold text-primary">contact@memegoat.fr</p>
+				<p className="font-semibold text-primary">
+					{process.env.NEXT_PUBLIC_CONTACT_EMAIL || "contact@memegoat.fr"}
+				</p>
 			</div>
 		</div>
 	);
--- a/frontend/src/app/(dashboard)/messages/page.tsx
+++ b/frontend/src/app/(dashboard)/messages/page.tsx
@@ -2,7 +2,15 @@

 import { formatDistanceToNow } from "date-fns";
 import { fr } from "date-fns/locale";
-import { Search, Send, UserPlus, X } from "lucide-react";
+import {
+	ArrowLeft,
+	Check,
+	CheckCheck,
+	Search,
+	Send,
+	UserPlus,
+	X,
+} from "lucide-react";
 import Link from "next/link";
 import { useRouter, useSearchParams } from "next/navigation";
 import * as React from "react";
@@ -142,6 +150,8 @@ export default function MessagesPage() {
 					if (activeConv?.id === data.conversationId) {
 						setMessages((prev) => [...prev, data.message]);
 						setIsOtherTyping(false); // S'il a envoyé un message, il ne tape plus
+						// Marquer comme lu immédiatement si on est sur la conversation
+						MessageService.markAsRead(data.conversationId).catch(console.error);
 					}
 					// Mettre à jour la liste des conversations
 					setConversations((prev) => {
@@ -184,10 +194,26 @@ export default function MessagesPage() {
 				}
 			});

+			socket.on(
+				"messages_read",
+				(data: { conversationId: string; readerId: string }) => {
+					if (activeConv?.id === data.conversationId) {
+						setMessages((prev) =>
+							prev.map((msg) =>
+								msg.senderId !== data.readerId && !msg.readAt
+									? { ...msg, readAt: new Date().toISOString() }
+									: msg,
+							),
+						);
+					}
+				},
+			);
+
 			return () => {
 				socket.off("new_message");
 				socket.off("user_status");
 				socket.off("user_typing");
+				socket.off("messages_read");
 			};
 		}
 	}, [socket, activeConv]);
@@ -238,7 +264,11 @@ export default function MessagesPage() {
 	return (
 		<div className="h-[calc(100vh-4rem)] flex overflow-hidden bg-white dark:bg-zinc-950">
 			{/* Sidebar - Liste des conversations */}
-			<div className="w-80 border-r flex flex-col">
+			<div
+				className={`w-full md:w-80 border-r flex flex-col ${
+					activeConv ? "hidden md:flex" : "flex"
+				}`}
+			>
 				<div className="p-4 border-b">
 					<div className="flex items-center justify-between mb-4">
 						<h2 className="text-xl font-bold">Messages</h2>
@@ -347,7 +377,7 @@ export default function MessagesPage() {
 											: "hover:bg-zinc-100 dark:hover:bg-zinc-900"
 									}`}
 								>
-									<Avatar>
+									<Avatar isOnline={onlineUsers.has(conv.recipient.uuid)}>
 										<AvatarImage src={conv.recipient.avatarUrl} />
 										<AvatarFallback>
 											{conv.recipient.username[0].toUpperCase()}
@@ -378,16 +408,31 @@ export default function MessagesPage() {
 			</div>

 			{/* Zone de chat */}
-			<div className="flex-1 flex flex-col">
+			<div
+				className={`flex-1 flex flex-col ${
+					!activeConv ? "hidden md:flex" : "flex"
+				}`}
+			>
 				{activeConv ? (
 					<>
 						{/* Header */}
-						<div className="p-4 border-b flex items-center justify-between">
+						<div className="p-4 border-b flex items-center gap-2">
+							<Button
+								variant="ghost"
+								size="icon"
+								className="md:hidden rounded-full"
+								onClick={() => setActiveConv(null)}
+							>
+								<ArrowLeft className="h-5 w-5" />
+							</Button>
 							<Link
 								href={`/user/${activeConv.recipient.username}`}
-								className="flex items-center gap-3 hover:opacity-80 transition-opacity"
+								className="flex-1 flex items-center gap-3 hover:opacity-80 transition-opacity"
 							>
-								<Avatar className="h-8 w-8">
+								<Avatar
+									className="h-8 w-8"
+									isOnline={onlineUsers.has(activeConv.recipient.uuid)}
+								>
 									<AvatarImage src={activeConv.recipient.avatarUrl} />
 									<AvatarFallback>
 										{activeConv.recipient.username[0].toUpperCase()}
@@ -449,8 +494,12 @@ export default function MessagesPage() {
 														})}
 													</span>
 													{msg.senderId === user?.uuid && (
-														<span className="font-bold">
-															{msg.readAt ? "• Lu" : "• Envoyé"}
+														<span className="flex items-center">
+															{msg.readAt ? (
+																<CheckCheck className="h-3 w-3" />
+															) : (
+																<Check className="h-3 w-3" />
+															)}
 														</span>
 													)}
 												</div>
--- a/frontend/src/app/(dashboard)/settings/page.tsx
+++ b/frontend/src/app/(dashboard)/settings/page.tsx
@@ -10,6 +10,7 @@ import {
 	Palette,
 	Save,
 	Settings,
+	Shield,
 	Sun,
 	Trash2,
 	User as UserIcon,
@@ -53,6 +54,7 @@ import { Input } from "@/components/ui/input";
 import { Label } from "@/components/ui/label";
 import { RadioGroup, RadioGroupItem } from "@/components/ui/radio-group";
 import { Spinner } from "@/components/ui/spinner";
+import { Switch } from "@/components/ui/switch";
 import { Textarea } from "@/components/ui/textarea";
 import { useAuth } from "@/providers/auth-provider";
 import { UserService } from "@/services/user.service";
@@ -60,6 +62,8 @@ import { UserService } from "@/services/user.service";
 const settingsSchema = z.object({
 	displayName: z.string().max(32, "Le nom d'affichage est trop long").optional(),
 	bio: z.string().max(255, "La bio est trop longue").optional(),
+	showOnlineStatus: z.boolean(),
+	showReadReceipts: z.boolean(),
 });

 type SettingsFormValues = z.infer<typeof settingsSchema>;
@@ -82,6 +86,8 @@ export default function SettingsPage() {
 		defaultValues: {
 			displayName: "",
 			bio: "",
+			showOnlineStatus: true,
+			showReadReceipts: true,
 		},
 	});

@@ -90,6 +96,8 @@ export default function SettingsPage() {
 			form.reset({
 				displayName: user.displayName || "",
 				bio: user.bio || "",
+				showOnlineStatus: user.showOnlineStatus ?? true,
+				showReadReceipts: user.showReadReceipts ?? true,
 			});
 		}
 	}, [user, form]);
@@ -265,6 +273,73 @@ export default function SettingsPage() {
 					</CardContent>
 				</Card>

+				{/* Confidentialité */}
+				<Card className="border-none shadow-sm">
+					<CardHeader className="pb-4">
+						<div className="flex items-center gap-2">
+							<Shield className="h-5 w-5 text-primary" />
+							<div>
+								<CardTitle>Confidentialité</CardTitle>
+								<CardDescription>Gérez la visibilité de vos activités.</CardDescription>
+							</div>
+						</div>
+					</CardHeader>
+					<CardContent>
+						<Form {...form}>
+							<form onSubmit={form.handleSubmit(onSubmit)} className="space-y-6">
+								<div className="space-y-4">
+									<FormField
+										control={form.control}
+										name="showOnlineStatus"
+										render={({ field }) => (
+											<FormItem className="flex flex-row items-center justify-between rounded-lg border p-4">
+												<div className="space-y-0.5">
+													<FormLabel className="text-base">Statut en ligne</FormLabel>
+													<FormDescription>
+														Affiche quand vous êtes actif sur le site.
+													</FormDescription>
+												</div>
+												<FormControl>
+													<Switch checked={field.value} onCheckedChange={field.onChange} />
+												</FormControl>
+											</FormItem>
+										)}
+									/>
+									<FormField
+										control={form.control}
+										name="showReadReceipts"
+										render={({ field }) => (
+											<FormItem className="flex flex-row items-center justify-between rounded-lg border p-4">
+												<div className="space-y-0.5">
+													<FormLabel className="text-base">
+														Confirmations de lecture
+													</FormLabel>
+													<FormDescription>
+														Permet aux autres de voir quand vous avez lu leurs messages.
+													</FormDescription>
+												</div>
+												<FormControl>
+													<Switch checked={field.value} onCheckedChange={field.onChange} />
+												</FormControl>
+											</FormItem>
+										)}
+									/>
+								</div>
+								<div className="flex justify-end pt-2">
+									<Button type="submit" disabled={isSaving} className="min-w-[150px]">
+										{isSaving ? (
+											<Loader2 className="mr-2 h-4 w-4 animate-spin" />
+										) : (
+											<Save className="mr-2 h-4 w-4" />
+										)}
+										Enregistrer
+									</Button>
+								</div>
+							</form>
+						</Form>
+					</CardContent>
+				</Card>
+
 				<TwoFactorSetup />

 				<Card className="border-none shadow-sm">
--- a/frontend/src/app/layout.tsx
+++ b/frontend/src/app/layout.tsx
@@ -32,7 +32,7 @@ export const metadata: Metadata = {
 	openGraph: {
 		type: "website",
 		locale: "fr_FR",
-		url: "https://memegoat.local",
+		url: "/",
 		siteName: "MemeGoat",
 		title: "MemeGoat | Partagez vos meilleurs mèmes",
 		description: "La plateforme ultime pour les mèmes. Rejoignez le troupeau !",
--- a/frontend/src/components/notification-handler.tsx
+++ b/frontend/src/components/notification-handler.tsx
@@ -30,10 +30,9 @@ export function NotificationHandler() {

 			toast.custom(
 				(t) => (
-					<div
-						role="button"
-						tabIndex={0}
-						className="flex items-start gap-3 bg-white dark:bg-zinc-900 p-4 rounded-xl shadow-lg border border-zinc-200 dark:border-zinc-800 w-full max-w-sm cursor-pointer hover:bg-zinc-50 dark:hover:bg-zinc-800 transition-colors"
+					<button
+						type="button"
+						className="flex items-start gap-3 bg-white dark:bg-zinc-900 p-4 rounded-xl shadow-lg border border-zinc-200 dark:border-zinc-800 w-full max-w-sm cursor-pointer hover:bg-zinc-50 dark:hover:bg-zinc-800 transition-colors text-left"
 						onClick={() => {
 							toast.dismiss(t);
 							if (data.type === "message") {
@@ -42,16 +41,6 @@ export function NotificationHandler() {
 								router.push(`/meme/${data.contentId}`);
 							}
 						}}
-						onKeyDown={(e) => {
-							if (e.key === "Enter" || e.key === " ") {
-								toast.dismiss(t);
-								if (data.type === "message") {
-									router.push("/messages");
-								} else if (data.contentId) {
-									router.push(`/meme/${data.contentId}`);
-								}
-							}
-						}}
 					>
 						<div className="bg-primary/10 p-2 rounded-full shrink-0">
 							{data.type === "comment" && (
@@ -71,15 +60,15 @@ export function NotificationHandler() {
 						</div>
 						<button
 							type="button"
+							className="text-muted-foreground hover:text-foreground p-1 rounded-full hover:bg-zinc-100 dark:hover:bg-zinc-800 transition-colors"
 							onClick={(e) => {
 								e.stopPropagation();
 								toast.dismiss(t);
 							}}
-							className="text-muted-foreground hover:text-foreground"
 						>
 							<Bell className="h-3 w-3" />
 						</button>
-					</div>
+					</button>
 				),
 				{
 					duration: 5000,
@@ -91,20 +80,23 @@ export function NotificationHandler() {
 		socket.on("notification", handleNotification);

 		// Aussi pour les nouveaux messages (si on veut un toast global)
-		socket.on("new_message", (data: { message: any }) => {
-			if (window.location.pathname !== "/messages") {
-				toast(
-					`Nouveau message de @${data.message.sender?.username || "un membre"}`,
-					{
-						description: data.message.text.substring(0, 50),
-						action: {
-							label: "Voir",
-							onClick: () => router.push("/messages"),
+		socket.on(
+			"new_message",
+			(data: { message: { text: string; sender?: { username: string } } }) => {
+				if (window.location.pathname !== "/messages") {
+					toast(
+						`Nouveau message de @${data.message.sender?.username || "un membre"}`,
+						{
+							description: data.message.text.substring(0, 50),
+							action: {
+								label: "Voir",
+								onClick: () => router.push("/messages"),
+							},
 						},
-					},
-				);
-			}
-		});
+					);
+				}
+			},
+		);

 		return () => {
 			socket.off("notification");
--- a/frontend/src/components/share-dialog.tsx
+++ b/frontend/src/components/share-dialog.tsx
@@ -28,9 +28,10 @@ interface ShareDialogProps {
 export function ShareDialog({
 	contentId,
 	contentTitle,
+	contentUrl: _unused, // Support legacy prop
 	open,
 	onOpenChange,
-}: Omit<ShareDialogProps, "contentUrl">) {
+}: ShareDialogProps) {
 	const [searchQuery, setSearchQuery] = React.useState("");
 	const [results, setResults] = React.useState<User[]>([]);
 	const [isLoading, setIsLoading] = React.useState(false);
--- a/frontend/src/components/two-factor-setup.tsx
+++ b/frontend/src/components/two-factor-setup.tsx
@@ -29,6 +29,7 @@ export function TwoFactorSetup() {
 	const [secret, setSecret] = useState<string | null>(null);
 	const [otpValue, setOtpValue] = useState("");
 	const [isLoading, setIsLoading] = useState(false);
+	const [isRevealed, setIsRevealed] = useState(false);

 	const handleSetup = async () => {
 		setIsLoading(true);
@@ -152,24 +153,59 @@ export function TwoFactorSetup() {
 				</CardHeader>
 				<CardContent className="flex flex-col items-center gap-6">
 					{qrCode && (
-						<div className="bg-white p-4 rounded-xl border-4 border-zinc-100">
-							<Image
-								src={qrCode}
-								alt="QR Code 2FA"
-								width={192}
-								height={192}
-								className="w-48 h-48"
-								unoptimized
-							/>
+						<div className="relative group">
+							<div
+								className={`bg-white p-4 rounded-xl border-4 border-zinc-100 transition-all duration-300 ${
+									!isRevealed ? "blur-md select-none" : ""
+								}`}
+							>
+								<Image
+									src={qrCode}
+									alt="QR Code 2FA"
+									width={192}
+									height={192}
+									className="w-48 h-48"
+									unoptimized
+								/>
+							</div>
+							{!isRevealed && (
+								<div className="absolute inset-0 flex items-center justify-center">
+									<Button
+										variant="secondary"
+										size="sm"
+										onClick={() => setIsRevealed(true)}
+										className="shadow-lg"
+									>
+										Afficher le QR Code
+									</Button>
+								</div>
+							)}
 						</div>
 					)}
 					<div className="w-full space-y-2">
 						<p className="text-sm font-medium text-center">
 							Ou entrez ce code manuellement :
 						</p>
-						<code className="block p-2 bg-muted text-center rounded text-xs font-mono break-all">
-							{secret}
-						</code>
+						<div className="relative group">
+							<code
+								className={`block p-2 bg-muted text-center rounded text-xs font-mono break-all transition-all duration-300 ${
+									!isRevealed ? "blur-[3px] select-none" : ""
+								}`}
+							>
+								{secret}
+							</code>
+							{!isRevealed && (
+								<div className="absolute inset-0 flex items-center justify-center">
+									<button
+										type="button"
+										onClick={() => setIsRevealed(true)}
+										className="text-[10px] font-bold uppercase tracking-wider text-primary hover:underline"
+									>
+										Afficher le code
+									</button>
+								</div>
+							)}
+						</div>
 					</div>
 					<div className="flex flex-col items-center gap-4 w-full border-t pt-6">
 						<p className="text-sm font-medium">
--- a/frontend/src/components/ui/avatar.tsx
+++ b/frontend/src/components/ui/avatar.tsx
@@ -7,17 +7,23 @@ import { cn } from "@/lib/utils";

 function Avatar({
 	className,
+	isOnline,
 	...props
-}: React.ComponentProps<typeof AvatarPrimitive.Root>) {
+}: React.ComponentProps<typeof AvatarPrimitive.Root> & { isOnline?: boolean }) {
 	return (
-		<AvatarPrimitive.Root
-			data-slot="avatar"
-			className={cn(
-				"relative flex size-8 shrink-0 overflow-hidden rounded-full",
-				className,
+		<div className="relative inline-block">
+			<AvatarPrimitive.Root
+				data-slot="avatar"
+				className={cn(
+					"relative flex size-8 shrink-0 overflow-hidden rounded-full",
+					className,
+				)}
+				{...props}
+			/>
+			{isOnline && (
+				<span className="absolute bottom-0 right-0 block h-2.5 w-2.5 rounded-full bg-green-500 ring-2 ring-white dark:ring-zinc-900" />
 			)}
-			{...props}
-		/>
+		</div>
 	);
 }

--- a/frontend/src/services/message.service.ts
+++ b/frontend/src/services/message.service.ts
@@ -55,4 +55,8 @@ export const MessageService = {
 		});
 		return data;
 	},
+
+	async markAsRead(conversationId: string): Promise<void> {
+		await api.patch(`/messages/conversations/${conversationId}/read`);
+	},
 };
--- a/frontend/src/types/user.ts
+++ b/frontend/src/types/user.ts
@@ -9,6 +9,8 @@ export interface User {
 	role?: "user" | "admin" | "moderator";
 	status?: "active" | "verification" | "suspended" | "pending" | "deleted";
 	twoFactorEnabled?: boolean;
+	showOnlineStatus?: boolean;
+	showReadReceipts?: boolean;
 	createdAt: string;
 }

--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@memegoat/source",
-  "version": "1.9.0",
+  "version": "1.9.6",
  "description": "",
  "scripts": {
    "version:get": "cmake -P version.cmake GET",
Author	SHA1	Message	Date
Mathis HERRIOT	22c753d1e7	chore: bump version to 1.9.6 All checks were successful CI/CD Pipeline / Valider backend (push) Successful in 1m43s Details CI/CD Pipeline / Valider frontend (push) Successful in 1m50s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m51s Details CI/CD Pipeline / Déploiement en Production (push) Successful in 5m26s Details	2026-02-01 20:27:58 +01:00
Mathis HERRIOT	1f7bd51a7b	feat(docs): add detailed features and business flow diagrams - Introduced new interaction and community features, including comments and private messaging. - Added technical diagrams for critical workflows: authentication, content publication, and messaging. - Enhanced data model documentation with support for comments and messaging tables. - Updated API references with endpoints for comments, messaging, and user search. - Integrated post-quantum cryptography for improved data protection.	2026-02-01 20:27:46 +01:00
Mathis HERRIOT	f34fd644b8	chore: bump version to 1.9.5 All checks were successful CI/CD Pipeline / Valider backend (push) Successful in 1m38s Details CI/CD Pipeline / Valider frontend (push) Successful in 1m43s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m47s Details CI/CD Pipeline / Déploiement en Production (push) Successful in 17s Details	2026-01-29 21:42:34 +01:00
Mathis HERRIOT	c827c2e58d	feat(database): increase passwordHash length and add migration snapshot - Extended `passwordHash` field length in `users` schema from 100 to 255. - Added migration snapshot for schema updates.	2026-01-29 21:42:05 +01:00
Mathis HERRIOT	30bcfdb436	chore: bump version to 1.9.4 All checks were successful CI/CD Pipeline / Valider backend (push) Successful in 1m30s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m36s Details CI/CD Pipeline / Valider frontend (push) Successful in 1m26s Details CI/CD Pipeline / Déploiement en Production (push) Successful in 5m19s Details	2026-01-29 20:49:07 +01:00
Mathis HERRIOT	0b4753c47b	style(messages): reformat import statements in MessagesService	2026-01-29 20:48:57 +01:00
Mathis HERRIOT	69b90849fd	feat(messages): integrate UsersModule into MessagesModule with forward-ref - Added `UsersModule` to `MessagesModule` imports using `forwardRef`. - Injected `UsersService` into `MessagesService` to support user-related operations.	2026-01-29 20:44:35 +01:00
Mathis HERRIOT	f2950ecf86	chore: bump version to 1.9.3 All checks were successful CI/CD Pipeline / Valider backend (push) Successful in 1m38s Details CI/CD Pipeline / Valider frontend (push) Successful in 1m43s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m47s Details CI/CD Pipeline / Déploiement en Production (push) Successful in 5m16s Details	2026-01-29 20:33:19 +01:00
Mathis HERRIOT	1e17308aab	feat(realtime): add ConfigModule and UsersModule to RealtimeModule - Integrated `ConfigModule` for configuration management. - Added `UsersModule` to enable forward-ref dependencies in realtime services.	2026-01-29 20:32:34 +01:00
Mathis HERRIOT	ca4b594828	chore: bump version to 1.9.2 All checks were successful CI/CD Pipeline / Valider backend (push) Successful in 1m37s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m48s Details CI/CD Pipeline / Valider frontend (push) Successful in 1m47s Details CI/CD Pipeline / Déploiement en Production (push) Successful in 5m36s Details	2026-01-29 18:22:00 +01:00
Mathis HERRIOT	2ea16773c8	feat(users): add boolean fields for online status and read receipts - Added `showOnlineStatus` and `showReadReceipts` fields to `UpdateUserDto` with validation.	2026-01-29 18:21:54 +01:00
Mathis HERRIOT	616d7f76d7	feat: add support for online status and read receipt preferences - Added `showOnlineStatus` and `showReadReceipts` fields to settings form. - Introduced real-time synchronization for read receipts in message threads. - Enhanced avatars to display online status indicators. - Automatically mark messages as read when viewing active conversations.	2026-01-29 18:20:58 +01:00
Mathis HERRIOT	f882a70343	feat: add read receipt handling based on user preferences - Integrated `UsersService` into `MessagesService` for retrieving user preferences. - Updated `markAsRead` functionality to respect `showReadReceipts` preference. - Enhanced real-time read receipt notifications via `EventsGateway`. - Added `markAsRead` method to the frontend message service.	2026-01-29 18:20:18 +01:00
Mathis HERRIOT	779bb5c112	feat: integrate user preferences for online status in WebSocket gateway - Added `UsersService` to manage user preferences in `EventsGateway`. - Enhanced online/offline broadcasting to respect user `showOnlineStatus` preference. - Updated `handleTyping` and `check_status` to verify user preferences before emitting events. - Abstracted status broadcasting logic into `broadcastStatus`.	2026-01-29 18:20:04 +01:00
Mathis HERRIOT	5753477717	feat: add user preferences for online status and read receipts with real-time updates - Introduced `showOnlineStatus` and `showReadReceipts` fields in the user schema and API. - Integrated real-time status broadcasting in `UsersService` via `EventsGateway`. - Updated repository and frontend user types to align with new fields. - Enhanced user update handling to support dynamic preference changes for online status.	2026-01-29 18:18:52 +01:00
Mathis HERRIOT	7615ec670e	chore: bump version to 1.9.1 All checks were successful CI/CD Pipeline / Valider backend (push) Successful in 1m36s Details CI/CD Pipeline / Valider frontend (push) Successful in 1m42s Details CI/CD Pipeline / Valider documentation (push) Successful in 1m47s Details CI/CD Pipeline / Déploiement en Production (push) Successful in 5m58s Details	2026-01-29 17:44:55 +01:00
Mathis HERRIOT	40cfff683d	fix: ensure decrypted PGP values are cast to text in SQL queries - Added `::text` cast to `pgp_sym_decrypt` function calls for consistent data type handling.	2026-01-29 17:44:50 +01:00
Mathis HERRIOT	bb52782226	feat: enhance environment configuration and CORS handling - Added `NEXT_PUBLIC_APP_URL` and `NEXT_PUBLIC_CONTACT_EMAIL` to environment variables for frontend configuration. - Updated CORS logic to support domain-based restrictions with dynamic origin validation. - Improved frontend image hostname resolution using environment-driven URLs. - Standardized contact email usage across the application.	2026-01-29 17:34:53 +01:00
Mathis HERRIOT	6a70274623	fix: handle null enriched comment in comments service - Added a null check for `enrichedComment` to prevent processing invalid data and potential runtime errors.	2026-01-29 17:22:00 +01:00
Mathis HERRIOT	aabc615b89	feat: enhance CORS and user connection handling in WebSocket gateway - Improved CORS configuration to allow specific origins for development and mobile use cases. - Added validation for token payload to ensure `sub` property is present. - Enhanced user connection management by using `userId` consistently for online status tracking and room joining.	2026-01-29 17:21:53 +01:00
Mathis HERRIOT	f9b202375f	feat: improve accessibility, security & user interaction in notifications and setup - Replaced `div` with `button` elements in `NotificationHandler` for better semantics and accessibility. - Added conditional QR Code reveal in 2FA setup with `blur` effect for enhanced security and user control. - Enhanced messages layout for responsiveness on smaller screens with dynamic chat/sidebar toggling. - Simplified legacy prop handling in `ShareDialog`.	2026-01-29 17:21:19 +01:00
				`@@ -0,0 +1 @@`
				`ALTER TABLE "users" ALTER COLUMN "password_hash" SET DATA TYPE varchar(255);`