@startuml
title User registration, verification, login, approval
actor User
participant "Next API" as API
database Postgres as DB
participant SMTP as Mail
actor Admin

User -> API: POST /api/auth/register\n(email, password, name)
API -> DB: create User (status=PENDING)\ncreate VerificationToken
API -> Mail: send verification email
User -> API: POST /api/auth/verify (token)
API -> DB: set emailVerifiedAt
Admin -> API: POST /api/admin/users/approve
API -> DB: set status=ACTIVE, approvedAt
User -> API: POST /api/auth/login
API -> DB: validate password + status
API --> User: session_token cookie (JWT)
@enduml