70 lines
2.1 KiB
TypeScript
70 lines
2.1 KiB
TypeScript
/**
|
|
* lib/users.ts
|
|
* Reads user config from environment variables — no database needed.
|
|
*
|
|
* .env format:
|
|
* USER_0_NAME="Mustafa Ayris"
|
|
* USER_0_EMAIL="mustafa@ayristech.com"
|
|
* USER_0_PASSWORD="mustafa123"
|
|
* USER_0_ROLE="SUPER_ADMIN" // or "DOMAIN_ADMIN"
|
|
* USER_0_DOMAINS="*" // "*" for all, or "domain1.com,domain2.com"
|
|
*
|
|
* USER_1_NAME="Emina Karabudak"
|
|
* USER_1_EMAIL="emina@ayristech.com"
|
|
* USER_1_PASSWORD="emina123"
|
|
* USER_1_ROLE="DOMAIN_ADMIN"
|
|
* USER_1_DOMAINS="aveminakarabudak.com"
|
|
*/
|
|
|
|
export interface AppUser {
|
|
id: string; // "user_0", "user_1", ...
|
|
name: string;
|
|
email: string;
|
|
password: string; // plain text — store hashed in prod or use secrets manager
|
|
role: "SUPER_ADMIN" | "DOMAIN_ADMIN";
|
|
domains: string[]; // ["*"] for super admin, ["domain.com"] for domain admins
|
|
}
|
|
|
|
/** Load all users defined in environment variables */
|
|
export function getUsers(): AppUser[] {
|
|
const users: AppUser[] = [];
|
|
|
|
let i = 0;
|
|
while (true) {
|
|
const name = process.env[`USER_${i}_NAME`];
|
|
const email = process.env[`USER_${i}_EMAIL`];
|
|
const password = process.env[`USER_${i}_PASSWORD`];
|
|
const role = process.env[`USER_${i}_ROLE`] as AppUser["role"];
|
|
const domainsRaw = process.env[`USER_${i}_DOMAINS`] ?? "";
|
|
|
|
if (!name || !email || !password) break;
|
|
|
|
users.push({
|
|
id: `user_${i}`,
|
|
name,
|
|
email,
|
|
password,
|
|
role: role ?? "DOMAIN_ADMIN",
|
|
domains: domainsRaw === "*" ? ["*"] : domainsRaw.split(",").map((d) => d.trim()).filter(Boolean),
|
|
});
|
|
|
|
i++;
|
|
}
|
|
|
|
return users;
|
|
}
|
|
|
|
/** Find user by email and validate password */
|
|
export function authenticateUser(email: string, password: string): AppUser | null {
|
|
const users = getUsers();
|
|
const user = users.find((u) => u.email.toLowerCase() === email.toLowerCase());
|
|
if (!user) return null;
|
|
if (user.password !== password) return null;
|
|
return user;
|
|
}
|
|
|
|
/** Check if a user has access to a specific domain */
|
|
export function canAccessDomain(userDomains: string[], domain: string): boolean {
|
|
return userDomains.includes("*") || userDomains.includes(domain);
|
|
}
|