clean up docs structure, remove misplaced and duplicate content

Author: nvms

docs/docs/concepts/authentication.md

@@ -5,20 +5,7 @@ Login checks password, account status, email verification, and optional two-fact
 ## Login
 
 ```typescript
-app.post("/login", async (req, res) => {
-  try {
-    await req.auth.login(req.body.email, req.body.password, req.body.remember);
-    res.json({ success: true });
-  } catch (error) {
-    if (error.name === "SecondFactorRequiredError") {
-      return res.status(202).json({
-        requiresTwoFactor: true,
-        availableMethods: error.availableMethods,
-      });
-    }
-    res.status(401).json({ error: error.message });
-  }
-});
+await req.auth.login(email, password, remember);
 ```
 
 The login method:
@@ -38,48 +25,20 @@ Return the available methods to the client so it can show the appropriate UI. Do
 
 ## Completing 2FA
 
+After verification succeeds, call `completeTwoFactorLogin()` to finish the login:
+
 ```typescript
-app.post("/verify-2fa", async (req, res) => {
-  const { code, method } = req.body;
-
-  switch (method) {
-    case "totp":
-      await req.auth.twoFactor.verify.totp(code);
-      break;
-    case "email":
-      await req.auth.twoFactor.verify.email(code);
-      break;
-    case "sms":
-      await req.auth.twoFactor.verify.sms(code);
-      break;
-    case "backup":
-      await req.auth.twoFactor.verify.backupCode(code);
-      break;
-    case "otp":
-      await req.auth.twoFactor.verify.otp(code);
-      break;
-  }
-
-  await req.auth.completeTwoFactorLogin();
-  res.json({ success: true });
-});
+await req.auth.twoFactor.verify.totp(code);
+await req.auth.completeTwoFactorLogin();
 ```
 
-`verify.otp()` is a smart verifier that tries both email and SMS OTP methods automatically.
-
-## Remember Me
+Verifiers: `verify.totp()`, `verify.email()`, `verify.sms()`, `verify.backupCode()`, `verify.otp()` (tries email and SMS automatically).
 
-Login with `remember: true` creates a persistent token in `{prefix}remembers` and sets an httpOnly cookie. On future requests, the middleware auto-restores the session from the cookie.
+See the [MFA Patterns](../guides/mfa.md) guide for full implementation examples including OTP delivery.
 
-Configure the duration and cookie name in `AuthConfig`:
+## Remember Me
 
-```typescript
-const authConfig = {
-  db: pool,
-  rememberDuration: "30d",
-  rememberCookieName: "remember_token",
-};
-```
+Login with `remember: true` creates a persistent token in `{prefix}remembers` and sets an httpOnly cookie. On future requests, the middleware auto-restores the session from the cookie. Configure `rememberDuration` and `rememberCookieName` in `AuthConfig`.
 
 ## Logout
 

docs/docs/concepts/sessions.md

@@ -32,17 +32,4 @@ On subsequent requests, the middleware checks for the cookie and restores the se
 
 ## Activity Logging
 
-The `ActivityLogger` records actions like login, failed login, 2FA prompts, remember token creation, role changes, and more. It parses user agent strings for browser/OS/device info and stores metadata as JSON.
-
-Activity logging is enabled by default. Configure it in `AuthConfig`:
-
-```typescript
-const authConfig = {
-  db: pool,
-  activityLog: {
-    enabled: true,
-    maxEntries: 10000,
-    actions: [AuthActivityAction.Login, AuthActivityAction.FailedLogin],
-  },
-};
-```
+The `ActivityLogger` records actions like login, failed login, 2FA prompts, remember token creation, role changes, and more. It parses user agent strings for browser/OS/device info and stores metadata as JSON. Activity logging is enabled by default. See the [Express Middleware](../guides/express-middleware.md) guide for configuration options.

docs/docs/quick-start.md

@@ -59,20 +59,4 @@ app.use(createAuthMiddleware(authConfig));
 app.use("/admin", createAdminUI(authConfig));
 ```
 
-The admin panel is served from your Express app. It reads your auth config, so custom roles and all user data show up automatically.
-
-## Custom Roles
-
-```typescript
-import { defineRoles } from "@eaccess/auth";
-
-const Roles = defineRoles("admin", "owner", "editor", "viewer");
-
-const authConfig = {
-  db: pool,
-  tablePrefix: "auth_",
-  roles: Roles,
-};
-```
-
-`defineRoles` assigns sequential powers of 2. The admin UI and `getRoleNames()` use whatever you define here. If you don't set `roles`, the built-in `AuthRole` enum (21 predefined roles) is used.
+The admin panel is served from your Express app. It reads your auth config, so custom roles and all user data show up automatically.

docs/mkdocs.yml

@@ -80,6 +80,7 @@ nav:
       - Registration & Confirmation: concepts/registration.md
       - Authentication & MFA: concepts/authentication.md
       - Roles: concepts/roles.md
+      - Password Reset: concepts/password-reset.md
       - Multi-Tenant Mapping: concepts/multi-tenant.md
       - OAuth Providers: concepts/providers.md
       - Standalone Auth: concepts/standalone.md