livedash-node/lib/auth/server.ts

import { createAuthServer, neonAuth } from "@neondatabase/auth/next/server";
import type { UserRole } from "@prisma/client";
import { prisma } from "@/lib/prisma";

export const authServer = createAuthServer();

// Re-export neonAuth for direct use in server components
export { neonAuth };

// Platform roles for easy checking
export const PLATFORM_ROLES: UserRole[] = [
  "PLATFORM_SUPER_ADMIN",
  "PLATFORM_ADMIN",
  "PLATFORM_SUPPORT",
];

/**
 * Check if a role is a platform-level role
 */
export function isPlatformRole(role: UserRole): boolean {
  return PLATFORM_ROLES.includes(role);
}

/**
 * Get authenticated user with full data (works for both platform and company users)
 */
export async function getAuthenticatedUser() {
  const { session, user: authUser } = await neonAuth();

  if (!session || !authUser?.email) {
    return { session: null, user: null, authUser: null };
  }

  const user = await prisma.user.findUnique({
    where: { email: authUser.email },
    select: {
      id: true,
      email: true,
      name: true,
      role: true,
      companyId: true,
      company: {
        select: {
          id: true,
          name: true,
          status: true,
        },
      },
    },
  });

  return { session, user, authUser };
}

/**
 * Get authenticated company user (for dashboard routes)
 * Returns null if user is a platform user or has no company
 */
export async function getAuthenticatedCompanyUser() {
  const { session, user, authUser } = await getAuthenticatedUser();

  if (!user || !user.companyId || isPlatformRole(user.role)) {
    return { session: null, user: null, authUser: null };
  }

  return { session, user, authUser };
}

/**
 * Get authenticated platform user (for platform admin routes)
 * Returns null if user is not a platform user
 */
export async function getAuthenticatedPlatformUser() {
  const { session, user, authUser } = await getAuthenticatedUser();

  if (!user || !isPlatformRole(user.role)) {
    return { session: null, user: null, authUser: null };
  }

  return { session, user, authUser };
}

/**
 * Check if user has specific platform role or higher
 */
export function hasPlatformAccess(
  role: UserRole,
  minRole:
    | "PLATFORM_SUPPORT"
    | "PLATFORM_ADMIN"
    | "PLATFORM_SUPER_ADMIN" = "PLATFORM_SUPPORT"
): boolean {
  const hierarchy: UserRole[] = [
    "PLATFORM_SUPPORT",
    "PLATFORM_ADMIN",
    "PLATFORM_SUPER_ADMIN",
  ];
  const userLevel = hierarchy.indexOf(role);
  const minLevel = hierarchy.indexOf(minRole);
  return userLevel >= minLevel;
}