| import bcrypt from 'bcrypt'; | |
| import { prisma } from './prisma'; | |
| const SALT_ROUNDS = 10; | |
| export class AuthService { | |
| /** | |
| * Hashes a password using bcrypt. | |
| */ | |
| static async hashPassword(password: string): Promise<string> { | |
| return bcrypt.hash(password, SALT_ROUNDS); | |
| } | |
| /** | |
| * Compares a plaintext password with a hashed password. | |
| */ | |
| static async verifyPassword(password: string, hash: string): Promise<boolean> { | |
| return bcrypt.compare(password, hash); | |
| } | |
| /** | |
| * Finds a user by email and includes organization context. | |
| */ | |
| static async findUserByEmail(email: string, organizationId: string) { | |
| return prisma.user.findUnique({ | |
| where: { email_organizationId: { email, organizationId } }, | |
| include: { organization: true } | |
| }); | |
| } | |
| static async findUserByEmailOnly(email: string) { | |
| return prisma.user.findFirst({ | |
| where: { email }, | |
| include: { organization: true } | |
| }); | |
| } | |
| /** | |
| * Checks if a user is allowed to access an organization. | |
| */ | |
| static isUserAllowedInOrg(user: any, targetOrgId: string): boolean { | |
| // Super admin can access anything | |
| if (user.role === 'SUPER_ADMIN') return true; | |
| // Org Admin/Member must match the ID | |
| return user.organizationId === targetOrgId; | |
| } | |
| } | |