@arch-cadre/panel 1.0.7 → 1.0.10

package/dist/ui/activity-log/pages/log-list.cjs

@@ -8,11 +8,11 @@ var _server = require("@arch-cadre/intl/server");
 var _ui = require("@arch-cadre/ui");
 var _table = require("@arch-cadre/ui/components/table");
 var React = _interopRequireWildcard(require("react"));
-var _activityLog = require("../../../actions/activity-log/index.cjs");
+var _index = require("../../../actions/activity-log/index.cjs");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 async function ActivityLogPage() {
-  const logs = await (0, _activityLog.getActivityLogs)();
+  const logs = await (0, _index.getActivityLogs)();
   const {
     t
   } = await (0, _server.getTranslation)();

package/dist/ui/components/profile/components.cjs

@@ -7,14 +7,14 @@ Object.defineProperty(exports, "__esModule", {
 exports.UpdateEmailForm = UpdateEmailForm;
 exports.UpdatePasswordForm = UpdatePasswordForm;
 exports.UpdateProfileForm = UpdateProfileForm;
-var _react = _interopRequireWildcard(require("react"));
-var React = _react;
 var _intl = require("@arch-cadre/intl");
 var _ui = require("@arch-cadre/ui");
 var _avatar = require("@arch-cadre/ui/components/avatar");
 var _button = require("@arch-cadre/ui/components/button");
 var _input = require("@arch-cadre/ui/components/input");
 var _label = require("@arch-cadre/ui/components/label");
+var _react = _interopRequireWildcard(require("react"));
+var React = _react;
 var _profile = require("../../../actions/profile.cjs");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }

package/dist/ui/components/profile/components.d.ts

@@ -1,5 +1,5 @@
-import * as React from "react";
 import type { FullUser } from "@arch-cadre/core";
+import * as React from "react";
 export declare function UpdateProfileForm({ user }: {
     user: FullUser;
 }): React.JSX.Element;

package/dist/ui/components/profile/components.mjs

@@ -1,5 +1,4 @@
 "use client";
-import * as React from "react";
 import { useTranslation } from "@arch-cadre/intl";
 import { cn, Icon, toast } from "@arch-cadre/ui";
 import {
@@ -10,6 +9,7 @@ import {
 import { Button } from "@arch-cadre/ui/components/button";
 import { Input } from "@arch-cadre/ui/components/input";
 import { Label } from "@arch-cadre/ui/components/label";
+import * as React from "react";
 import { useActionState, useRef, useState, useTransition } from "react";
 import {
   updateEmailAction,

package/dist/ui/rbac/pages/rbac-admin.cjs

@@ -14,7 +14,7 @@ var _input = require("@arch-cadre/ui/components/input");
 var _table = require("@arch-cadre/ui/components/table");
 var _react = _interopRequireWildcard(require("react"));
 var React = _react;
-var _rbac = require("../../../actions/rbac/index.cjs");
+var _index = require("../../../actions/rbac/index.cjs");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 function RbacAdminPage() {
@@ -38,7 +38,7 @@ function RbacAdminPage() {
   const loadData = (0, _react.useCallback)(async () => {
     setLoading(true);
     try {
-      const [r, p, u] = await Promise.all([(0, _rbac.getRoles)(), (0, _rbac.getPermissions)(), (0, _rbac.getUsers)()]);
+      const [r, p, u] = await Promise.all([(0, _index.getRoles)(), (0, _index.getPermissions)(), (0, _index.getUsers)()]);
       setRoles(r);
       setPermissions(p);
       setUsers(u);
@@ -51,7 +51,7 @@ function RbacAdminPage() {
   }, []);
   const loadRolePermissions = (0, _react.useCallback)(async roleId => {
     try {
-      const p = await (0, _rbac.getRolePermissions)(roleId);
+      const p = await (0, _index.getRolePermissions)(roleId);
       setRolePermissions(p);
     } catch (e) {
       console.error(`[RBAC] Failed to load permissions for role ${roleId}:`, e);
@@ -60,7 +60,7 @@ function RbacAdminPage() {
   }, []);
   const loadUserRbacData = (0, _react.useCallback)(async userId => {
     try {
-      const data = await (0, _rbac.getUserRbacData)(userId);
+      const data = await (0, _index.getUserRbacData)(userId);
       setUserRbacData(data);
     } catch (e) {
       console.error(`[RBAC] Failed to load RBAC data for user ${userId}:`, e);
@@ -83,7 +83,7 @@ function RbacAdminPage() {
   const handleCreateRole = (0, _react.useCallback)(async () => {
     if (!newRoleName) return;
     try {
-      await (0, _rbac.createRole)(newRoleName);
+      await (0, _index.createRole)(newRoleName);
       setNewRoleName("");
       _ui.toast.success(t("Role created."));
       loadData();
@@ -94,7 +94,7 @@ function RbacAdminPage() {
   const handleCreatePermission = (0, _react.useCallback)(async () => {
     if (!newPermissionName) return;
     try {
-      await (0, _rbac.createPermission)(newPermissionName);
+      await (0, _index.createPermission)(newPermissionName);
       setNewPermissionName("");
       _ui.toast.success(t("Permission created."));
       loadData();
@@ -104,7 +104,7 @@ function RbacAdminPage() {
   }, [newPermissionName, loadData]);
   const handleDeleteRole = (0, _react.useCallback)(async id => {
     try {
-      await (0, _rbac.deleteRole)(id);
+      await (0, _index.deleteRole)(id);
       _ui.toast.success(t("Role deleted."));
       if (selectedRole?.id === id) setSelectedRole(null);
       loadData();
@@ -114,7 +114,7 @@ function RbacAdminPage() {
   }, [selectedRole, loadData]);
   const handleDeletePermission = (0, _react.useCallback)(async id => {
     try {
-      await (0, _rbac.deletePermission)(id);
+      await (0, _index.deletePermission)(id);
       _ui.toast.success(t("Permission deleted."));
       loadData();
     } catch (_e) {
@@ -125,9 +125,9 @@ function RbacAdminPage() {
     if (!selectedRole) return;
     try {
       if (hasIt) {
-        await (0, _rbac.revokePermissionFromRole)(selectedRole.id, permId);
+        await (0, _index.revokePermissionFromRole)(selectedRole.id, permId);
       } else {
-        await (0, _rbac.assignPermissionToRole)(selectedRole.id, permId);
+        await (0, _index.assignPermissionToRole)(selectedRole.id, permId);
       }
       loadRolePermissions(selectedRole.id);
     } catch (_e) {
@@ -138,9 +138,9 @@ function RbacAdminPage() {
     if (!selectedUser) return;
     try {
       if (hasIt) {
-        await (0, _rbac.revokeRoleFromUser)(selectedUser.id, roleId);
+        await (0, _index.revokeRoleFromUser)(selectedUser.id, roleId);
       } else {
-        await (0, _rbac.assignRoleToUser)(selectedUser.id, roleId);
+        await (0, _index.assignRoleToUser)(selectedUser.id, roleId);
       }
       loadUserRbacData(selectedUser.id);
     } catch (_e) {
@@ -151,9 +151,9 @@ function RbacAdminPage() {
     if (!selectedUser) return;
     try {
       if (hasIt) {
-        await (0, _rbac.revokePermissionFromUser)(selectedUser.id, permId);
+        await (0, _index.revokePermissionFromUser)(selectedUser.id, permId);
       } else {
-        await (0, _rbac.assignPermissionToUser)(selectedUser.id, permId);
+        await (0, _index.assignPermissionToUser)(selectedUser.id, permId);
       }
       loadUserRbacData(selectedUser.id);
     } catch (_e) {

package/dist/ui/session-manager/components/sessions-list.cjs

@@ -5,15 +5,15 @@ Object.defineProperty(exports, "__esModule", {
   value: true
 });
 exports.SessionsList = SessionsList;
-var _react = _interopRequireWildcard(require("react"));
-var React = _react;
 var _intl = require("@arch-cadre/intl");
 var _ui = require("@arch-cadre/ui");
 var _alertDialog = require("@arch-cadre/ui/components/alert-dialog");
 var _badge = require("@arch-cadre/ui/components/badge");
 var _button = require("@arch-cadre/ui/components/button");
 var _navigation = require("next/navigation");
-var _sessionManager = require("../../../actions/session-manager/index.cjs");
+var _react = _interopRequireWildcard(require("react"));
+var React = _react;
+var _index = require("../../../actions/session-manager/index.cjs");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 const CORE_SESSION_KEYS = ["id", "createdAt", "expiresAt", "isCurrent", "userId"];
@@ -49,7 +49,7 @@ function SessionsList({
   const handleRevokeSession = sessionId => {
     setRevokingSessionId(sessionId);
     startTransition(async () => {
-      const result = await (0, _sessionManager.revokeSessionAction)(sessionId);
+      const result = await (0, _index.revokeSessionAction)(sessionId);
       if (result.error) {
         _ui.toast.error(result.error);
       } else {
@@ -61,7 +61,7 @@ function SessionsList({
   };
   const handleRevokeAllOther = () => {
     startTransition(async () => {
-      const result = await (0, _sessionManager.revokeAllOtherSessionsAction)();
+      const result = await (0, _index.revokeAllOtherSessionsAction)();
       if (result.error) {
         _ui.toast.error(result.error);
       } else {

package/dist/ui/session-manager/components/sessions-list.mjs

@@ -1,5 +1,4 @@
 "use client";
-import * as React from "react";
 import { useTranslation } from "@arch-cadre/intl";
 import { cn, Icon, toast } from "@arch-cadre/ui";
 import {
@@ -16,6 +15,7 @@ import {
 import { Badge } from "@arch-cadre/ui/components/badge";
 import { Button } from "@arch-cadre/ui/components/button";
 import { useRouter } from "next/navigation";
+import * as React from "react";
 import { useState, useTransition } from "react";
 import {
   revokeAllOtherSessionsAction,

package/dist/ui/session-manager/pages/sessions-page.cjs

@@ -4,9 +4,9 @@ Object.defineProperty(exports, "__esModule", {
   value: true
 });
 module.exports = SessionsSettingsPage;
-var React = _interopRequireWildcard(require("react"));
 var _server = require("@arch-cadre/intl/server");
-var _sessionManager = require("../../../actions/session-manager/index.cjs");
+var React = _interopRequireWildcard(require("react"));
+var _index = require("../../../actions/session-manager/index.cjs");
 var _sessionsList = require("../components/sessions-list.cjs");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
@@ -16,7 +16,7 @@ async function SessionsSettingsPage() {
   } = await (0, _server.getTranslation)();
   const {
     sessions
-  } = await (0, _sessionManager.getSessionsAction)();
+  } = await (0, _index.getSessionsAction)();
   return /* @__PURE__ */React.createElement("div", {
     className: "space-y-6"
   }, /* @__PURE__ */React.createElement("div", null, /* @__PURE__ */React.createElement("h2", {

package/dist/ui/session-manager/pages/sessions-page.mjs

@@ -1,5 +1,5 @@
-import * as React from "react";
 import { getTranslation } from "@arch-cadre/intl/server";
+import * as React from "react";
 import { getSessionsAction } from "../../../actions/session-manager/index.mjs";
 import { SessionsList } from "../components/sessions-list.mjs";
 export default async function SessionsSettingsPage() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arch-cadre/panel",
-  "version": "1.0.7",
+  "version": "1.0.10",
   "type": "module",
   "description": "Panel module for Kryo framework",
   "exports": {
@@ -23,6 +23,7 @@
   },
   "files": [
     "dist",
+    "src",
     "locales",
     "manifest.json"
   ],
@@ -36,7 +37,7 @@
     "lint": "biome check --write"
   },
   "dependencies": {
-    "@arch-cadre/modules": "^0.0.73",
+    "@arch-cadre/modules": "^0.0.80",
     "@hookform/resolvers": "^3.10.0",
     "react-hook-form": "^7.54.2",
     "@iconify-json/solar": "^1.2.2",
@@ -48,7 +49,7 @@
     "zod": "^3.24.1"
   },
   "devDependencies": {
-    "@arch-cadre/core": "^0.0.47",
+    "@arch-cadre/core": "^0.0.54",
     "@types/adm-zip": "^0.5.7",
     "@types/node": "^20.19.9",
     "@types/react": "^19",
@@ -57,9 +58,9 @@
     "unbuild": "^3.6.1"
   },
   "peerDependencies": {
-    "@arch-cadre/core": "^0.0.47",
-    "@arch-cadre/intl": "^0.0.47",
-    "@arch-cadre/ui": "^0.0.47",
+    "@arch-cadre/core": "^0.0.54",
+    "@arch-cadre/intl": "^0.0.54",
+    "@arch-cadre/ui": "^0.0.54",
     "next": ">=13.0.0",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/src/actions/actions.ts

@@ -0,0 +1,17 @@
+"use server";
+
+import { signOut as signOutAction } from "@arch-cadre/core/server";
+import { getTranslation } from "@arch-cadre/intl/server";
+import { revalidatePath } from "next/cache";
+
+/**
+ * Modern Logout Action delegating to Core Auth
+ */
+export async function logoutAction() {
+  await signOutAction();
+  const { t } = await getTranslation();
+
+  t("Pos");
+
+  revalidatePath("/", "layout");
+}

package/src/actions/activity-log/index.ts

@@ -0,0 +1,17 @@
+"use server";
+
+import { db, userTable } from "@arch-cadre/core/server";
+import { desc, eq } from "drizzle-orm";
+import { activityLogsTable } from "../../schema/activity-log";
+
+export async function getActivityLogs() {
+  return await db
+    .select({
+      log: activityLogsTable,
+      user: { name: userTable.name, email: userTable.email },
+    })
+    .from(activityLogsTable)
+    .leftJoin(userTable, eq(activityLogsTable.userId, userTable.id))
+    .orderBy(desc(activityLogsTable.createdAt))
+    .limit(100);
+}

package/src/actions/index.ts

@@ -0,0 +1,2 @@
+export * from "./actions";
+export * from "./settings";

package/src/actions/manager.ts

@@ -0,0 +1,168 @@
+"use server";
+
+import { exec } from "node:child_process";
+import fs, { constants } from "node:fs/promises";
+import path from "node:path";
+import { promisify } from "node:util";
+import {
+  db,
+  eventBus,
+  getModulesDir,
+  systemModulesTable,
+} from "@arch-cadre/core/server";
+import {
+  getModuleStatus,
+  getModules,
+  ModuleManifestSchema,
+  toggleModuleState,
+} from "@arch-cadre/modules/server";
+import AdmZip from "adm-zip";
+import { revalidatePath, unstable_noStore } from "next/cache";
+
+export async function toggleModuleAction(moduleId: string, isEnabled: boolean) {
+  try {
+    console.log(
+      `[Module:ModuleManager] Toggle request for ${moduleId} -> ${isEnabled}`,
+    );
+    const result = await toggleModuleState(moduleId, isEnabled);
+    await eventBus.publish("system:module:toggle", { moduleId, isEnabled });
+    revalidatePath("/admin/modules");
+    revalidatePath("/module/module-manager");
+    return result;
+  } catch (error) {
+    console.error(
+      `[Module:ModuleManager] Error toggling module ${moduleId}:`,
+      error,
+    );
+    throw error;
+  }
+}
+
+export async function uploadModuleAction(formData: FormData) {
+  try {
+    const file = formData.get("file") as File;
+    if (!file) throw new Error("No file provided");
+
+    const buffer = Buffer.from(await file.arrayBuffer());
+    const zip = new AdmZip(buffer);
+    const zipEntries = zip.getEntries();
+
+    const manifestEntry = zipEntries.find((e) =>
+      e.entryName.endsWith("manifest.json"),
+    );
+    if (!manifestEntry) throw new Error("ZIP must contain manifest.json");
+
+    const moduleRootInZip = manifestEntry.entryName.replace(
+      "manifest.json",
+      "",
+    );
+
+    const manifestRaw = JSON.parse(manifestEntry.getData().toString("utf8"));
+    const manifest = ModuleManifestSchema.parse(manifestRaw);
+
+    const modulesDir = await getModulesDir();
+    const targetDir = path.join(modulesDir, manifest.id);
+
+    try {
+      await fs.access(targetDir);
+      throw new Error(`Module with ID "${manifest.id}" already exists.`);
+    } catch (e: any) {
+      if (e.message.includes("already exists")) throw e;
+    }
+
+    await fs.mkdir(targetDir, { recursive: true });
+
+    for (const entry of zipEntries) {
+      if (entry.entryName.startsWith(moduleRootInZip) && !entry.isDirectory) {
+        const relativePath = entry.entryName.slice(moduleRootInZip.length);
+        const fullPath = path.join(targetDir, relativePath);
+        await fs.mkdir(path.dirname(fullPath), { recursive: true });
+        await fs.writeFile(fullPath, entry.getData());
+      }
+    }
+
+    await db
+      .insert(systemModulesTable)
+      .values({
+        id: manifest.id,
+        enabled: false,
+        installed: false,
+        system: manifest.system ?? false,
+      })
+      .onConflictDoNothing();
+
+    console.log(
+      `[Module:ModuleManager] Module "${manifest.id}" uploaded and extracted.`,
+    );
+    await eventBus.publish("system:module:upload", {
+      moduleId: manifest.id,
+      manifest,
+    });
+    revalidatePath("/admin/modules");
+    revalidatePath("/module/module-manager");
+    return { success: true };
+  } catch (error) {
+    console.error(`[Module:ModuleManager] Upload error:`, error);
+    return { success: false, error: (error as Error).message };
+  }
+}
+
+export async function checkDiskWriteAccess() {
+  const modulesDir = await getModulesDir();
+  try {
+    await fs.access(modulesDir, constants.W_OK);
+    return { canWrite: true };
+  } catch (error) {
+    console.error(
+      "[Module:ModuleManager] No write access to modules directory:",
+      error,
+    );
+    return { canWrite: false };
+  }
+}
+
+export async function getModuleStatusAction(moduleId: string) {
+  unstable_noStore();
+  return await getModuleStatus(moduleId);
+}
+
+export async function getModulesAction() {
+  unstable_noStore();
+  return await getModules();
+}
+
+export async function getModuleDocumentation(moduleId: string) {
+  const modulesDir = await getModulesDir();
+  const docsDir = path.join(modulesDir, moduleId, "docs");
+  try {
+    const exists = await fs
+      .access(docsDir)
+      .then(() => true)
+      .catch(() => false);
+    if (!exists) return null;
+
+    const files = await fs.readdir(docsDir);
+    const mdFiles = files.filter((f) => f.endsWith(".md"));
+
+    if (mdFiles.length === 0) return null;
+
+    const docs = await Promise.all(
+      mdFiles.map(async (file) => {
+        const content = await fs.readFile(path.join(docsDir, file), "utf-8");
+        return {
+          filename: file,
+          title: file
+            .replace(".md", "")
+            .split("-")
+            .map((s) => s.charAt(0).toUpperCase() + s.slice(1))
+            .join(" "),
+          content,
+        };
+      }),
+    );
+
+    return docs;
+  } catch (_error) {
+    return null;
+  }
+}

package/src/actions/profile.ts

@@ -0,0 +1,173 @@
+"use server";
+
+import type { SessionFlags } from "@arch-cadre/core";
+import {
+  checkEmailAvailability,
+  createEmailVerificationRequest,
+  createSession,
+  eventBus,
+  filesystemService,
+  generateSessionToken,
+  getCurrentSession,
+  getUserPasswordHash,
+  invalidateUserSessions,
+  sendVerificationEmail,
+  setEmailVerificationRequestCookie,
+  setSessionTokenCookie,
+  updateUserAwatar,
+  updateUserName,
+  updateUserPassword,
+  verifyEmailInput,
+  verifyPasswordHash,
+  verifyPasswordStrength,
+} from "@arch-cadre/core/server";
+import { getTranslation } from "@arch-cadre/intl/server";
+import { revalidatePath } from "next/cache";
+import { redirect } from "next/navigation";
+import type { ActionResult } from "../types";
+
+export async function updatePasswordAction(
+  _prev: ActionResult,
+  formData: FormData,
+): Promise<ActionResult> {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (session === null || user === null) {
+    return { success: false, message: t("Not authenticated") };
+  }
+
+  if (user.registered2FA && !session.two_factor_verified) {
+    return { success: false, message: t("Forbidden") };
+  }
+
+  const password = formData.get("password");
+  const newPassword = formData.get("new_password");
+
+  if (typeof password !== "string" || typeof newPassword !== "string") {
+    return { success: false, message: t("Invalid or missing fields") };
+  }
+
+  if (!verifyPasswordStrength(newPassword)) {
+    return { success: false, message: t("Weak password") };
+  }
+
+  const passwordHash = await getUserPasswordHash(user.id);
+  if (!passwordHash) return { success: false, message: t("Internal error") };
+
+  const validPassword = await verifyPasswordHash(passwordHash, password);
+  if (!validPassword) {
+    return { success: false, message: t("Incorrect password") };
+  }
+
+  await invalidateUserSessions(user.id);
+  await updateUserPassword(user.id, newPassword);
+
+  const sessionToken = await generateSessionToken();
+  const sessionFlags: SessionFlags = {
+    twoFactorVerified: session.two_factor_verified ?? false,
+  };
+  const newSession = await createSession(sessionToken, user.id, sessionFlags);
+  await setSessionTokenCookie(sessionToken, newSession.expiresAt);
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "profile.updated.password",
+      description: `User ${user?.name} updated their password`,
+      userId: user?.id,
+      metadata: {},
+    },
+    "profile",
+  );
+
+  return { success: true, message: t("Updated password") };
+}
+
+export async function updateEmailAction(
+  _prev: ActionResult,
+  formData: FormData,
+): Promise<ActionResult> {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (session === null || user === null)
+    return { success: false, message: t("Not authenticated") };
+  if (user.registered2FA && !session.two_factor_verified)
+    return { success: false, message: t("Forbidden") };
+
+  const email = formData.get("email");
+  if (typeof email !== "string" || email === "") {
+    return { success: false, message: t("Please enter your email") };
+  }
+  if (!verifyEmailInput(email)) {
+    return { success: false, message: t("Please enter a valid email") };
+  }
+  const emailAvailable = await checkEmailAvailability(email);
+  if (!emailAvailable) {
+    return { success: false, message: t("This email is already used") };
+  }
+
+  const verificationRequest = await createEmailVerificationRequest(
+    user.id,
+    email,
+  );
+  await sendVerificationEmail(
+    verificationRequest.email,
+    verificationRequest.code,
+  );
+  await setEmailVerificationRequestCookie(verificationRequest);
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "profile.updated.email",
+      description: `User ${user?.name} updated their email`,
+      userId: user?.id,
+      metadata: { email },
+    },
+    "profile",
+  );
+
+  return redirect("/verify-email");
+}
+
+export async function updateProfileAction(
+  name: string,
+  image?: File,
+): Promise<{ error?: string; success?: boolean; message?: string }> {
+  const { session, user } = await getCurrentSession();
+
+  const { t } = await getTranslation();
+
+  if (session === null || user === null)
+    return { error: t("Not authenticated") };
+
+  if (!name || name.trim().length === 0)
+    return { error: t("Name is required") };
+  if (name.trim().length > 100) return { error: t("Name is too long") };
+
+  if (image instanceof File) {
+    const uploaded = await filesystemService.upload(image, "vercel-blob");
+
+    if ("error" in uploaded) {
+      return { error: uploaded.error };
+    }
+
+    await updateUserAwatar(user.id, uploaded.url);
+  }
+
+  await updateUserName(user.id, name.trim());
+  revalidatePath("/profile"); // Updated path
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "profile.updated",
+      description: `User ${user?.name} updated their profile`,
+      userId: user?.id,
+      metadata: { name, imageUrl: image instanceof File ? image.name : null },
+    },
+    "profile",
+  );
+
+  return { success: true, message: t("Profile updated successfully") };
+}