import bcrypt from 'bcryptjs' import { getIronSession } from 'iron-session' import { cookies } from 'next/headers' import { prisma } from '@/lib/prisma' import { SessionData, sessionOptions } from '@/lib/session' import { getAccessibleProduct } from '@/lib/product-access' export async function getSession() { return getIronSession(await cookies(), sessionOptions) } export async function requireUser() { const session = await getSession() if (!session.userId) throw new Error('Niet ingelogd') return session } export async function requireWriter() { const session = await requireUser() if (session.isDemo) throw new Error('Niet beschikbaar in demo-modus') return session.userId } export async function requireProductAccess(productId: string) { const session = await requireUser() const product = await getAccessibleProduct(productId, session.userId) if (!product) throw new Error('Product niet gevonden of geen toegang') return product } export async function requireProductWriter(productId: string) { const userId = await requireWriter() const product = await getAccessibleProduct(productId, userId) if (!product) throw new Error('Product niet gevonden of geen toegang') return product } export async function registerUser(username: string, password: string) { const existing = await prisma.user.findUnique({ where: { username } }) if (existing) { return { error: 'Gebruikersnaam is al in gebruik' } } if (password.length < 8) { return { error: 'Wachtwoord moet minimaal 8 tekens bevatten' } } const password_hash = await bcrypt.hash(password, 12) const user = await prisma.user.create({ data: { username, password_hash, roles: { create: [{ role: 'DEVELOPER' }] }, }, }) return { user } } export async function verifyUser(username: string, password: string) { const user = await prisma.user.findUnique({ where: { username } }) if (!user) return null const valid = await bcrypt.compare(password, user.password_hash) if (!valid) return null return user }