"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.generateToken = generateToken; exports.verifyToken = verifyToken; exports.authenticateUser = authenticateUser; exports.authMiddleware = authMiddleware; exports.requireRole = requireRole; const jsonwebtoken_1 = __importDefault(require("jsonwebtoken")); const bcrypt_1 = __importDefault(require("bcrypt")); const migrate_1 = require("../db/migrate"); const JWT_SECRET = process.env.JWT_SECRET || 'change_this_in_production'; function generateToken(user) { return jsonwebtoken_1.default.sign({ id: user.id, email: user.email, role: user.role }, JWT_SECRET, { expiresIn: '7d' }); } function verifyToken(token) { try { return jsonwebtoken_1.default.verify(token, JWT_SECRET); } catch (error) { return null; } } async function authenticateUser(email, password) { const result = await migrate_1.pool.query('SELECT id, email, password_hash, role FROM users WHERE email = $1', [email]); if (result.rows.length === 0) { return null; } const user = result.rows[0]; const isValid = await bcrypt_1.default.compare(password, user.password_hash); if (!isValid) { return null; } return { id: user.id, email: user.email, role: user.role }; } function authMiddleware(req, res, next) { const authHeader = req.headers.authorization; if (!authHeader || !authHeader.startsWith('Bearer ')) { return res.status(401).json({ error: 'No token provided' }); } const token = authHeader.substring(7); const user = verifyToken(token); if (!user) { return res.status(401).json({ error: 'Invalid token' }); } req.user = user; next(); } function requireRole(...roles) { return (req, res, next) => { if (!req.user) { return res.status(401).json({ error: 'Not authenticated' }); } if (!roles.includes(req.user.role)) { return res.status(403).json({ error: 'Insufficient permissions' }); } next(); }; }