Sindbad~EG File Manager

let db,bcrypt,failedResponse,catchAsync,AppError,jwtService;_68f‍.x([["default",()=>_68f‍.o]]);_68f‍.w("../model/index",[["default",["db"],function(v){db=v}]]);_68f‍.w("bcrypt",[["default",["bcrypt"],function(v){bcrypt=v}]]);_68f‍.w("../utils/responseFormat",[["failedResponse",["failedResponse"],function(v){failedResponse=v}]]);_68f‍.w("../utils/catchAsync",[["default",["catchAsync"],function(v){catchAsync=v}]]);_68f‍.w("../utils/apiError",[["default",["AppError"],function(v){AppError=v}]]);_68f‍.w("../utils/jwtService",[["jwtService",["jwtService"],function(v){jwtService=v}]]);






const login = catchAsync(async (req, res, next) => {
  const { email, password } = req.body;

  if (!email || !password) {
    return next(new AppError("Invalid credentials", 401));
  }

  const user = await db.User.findOne({ email: email.toLowerCase() });
  if (!user) {
    return next(new AppError("Invalid credentials", 401));
  }

  const passwordMatch = await bcrypt.compare(password, user.password);
  if (!passwordMatch) {
    return next(new AppError("Invalid credentials", 401));
  }
  const token = await jwtService.signToken({ _id: user._id, role: user.role });

  res.setHeader("Authorization", token);
  res.status(200).json({ token: token, user, message: "Login successfully" });
});

const authenticate = catchAsync(async (req, res, next) => {
  const user = await db.User.findOne({ _id: req.user._id });
  if (!user) {
    return next(new AppError("No user found.", 401));
  }

  const token = await jwtService.signToken({ _id: user._id, role: user.role });
  // Create a JWT token
  res.setHeader("Authorization", token);
  res.status(200).json({ token: token, user, message: "success" });
});

const restrictTo = (...roles) => {
  // roles are : admin, agent
  return (req, res, next) => {
    if (!roles.includes(req.user.role)) {
      return failedResponse({ res, error: "You are not allowed!" });
    }
    next();
  };
};

_68f‍.d({ login, authenticate, restrictTo });