src/lib/auth.ts

const ROLE_PERMISSIONS: Record<string, string[]> = {
  super_admin: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user', 'dashboard.view'],
  admin_manager: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user', 'dashboard.view'],
  staff: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'dashboard.view'],
  accountant: ['dashboard.view', 'accounting.view', 'accounting.create', 'accounting.edit', 'accounting.delete'],
  investor: ['dashboard.view', 'kyc.request', 'kyc.view'],
  biker: ['dashboard.view', 'kyc.request', 'kyc.view', 'rentals.view', 'rentals.create'],
  'swap-station': ['dashboard.view', 'kyc.request', 'kyc.view'],
  merchant: ['dashboard.view', 'kyc.request', 'kyc.view', 'merchants.view'],
};

export const isAuthenticated = (): boolean => {
  return typeof window !== 'undefined' && !!sessionStorage.getItem('authToken');
};

export const getUserRole = (): string | null => {
  return typeof window !== 'undefined' ? sessionStorage.getItem('userRole') : null;
};

export const getUserName = (): string | null => {
  return typeof window !== 'undefined' ? sessionStorage.getItem('userName') : null;
};

export const getUserPermissions = (): string[] => {
  if (typeof window === 'undefined') return [];
  const stored = sessionStorage.getItem('userPermissions');
  if (stored) return JSON.parse(stored);
  const role = getUserRole();
  return role ? (ROLE_PERMISSIONS[role] || []) : [];
};

export const hasPermission = (permission: string): boolean => {
  const permissions = getUserPermissions();
  return permissions.includes(permission);
};

export const canApproveKycDocument = (): boolean => {
  return hasPermission('kyc.doc_approve');
};

export const canRejectKycDocument = (): boolean => {
  return hasPermission('kyc.doc_reject');
};

export const canMakeValidUser = (): boolean => {
  return hasPermission('kyc.make_valid_user');
};

export const logout = () => {
  if (typeof window !== 'undefined') {
    sessionStorage.removeItem('authToken');
    sessionStorage.removeItem('userRole');
    sessionStorage.removeItem('userName');
    sessionStorage.removeItem('userPermissions');
  }
};
feat: implement role-based access control for KYC workflows and add permissions documentation 2026-05-09 12:51:28 +06:00			`const ROLE_PERMISSIONS: Record<string, string[]> = {`
			`super_admin: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user', 'dashboard.view'],`
			`admin_manager: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'kyc.doc_approve', 'kyc.doc_reject', 'kyc.make_valid_user', 'dashboard.view'],`
			`staff: ['kyc.request', 'kyc.view', 'kyc.doc_upload', 'dashboard.view'],`
			`accountant: ['dashboard.view', 'accounting.view', 'accounting.create', 'accounting.edit', 'accounting.delete'],`
			`investor: ['dashboard.view', 'kyc.request', 'kyc.view'],`
			`biker: ['dashboard.view', 'kyc.request', 'kyc.view', 'rentals.view', 'rentals.create'],`
			`'swap-station': ['dashboard.view', 'kyc.request', 'kyc.view'],`
			`merchant: ['dashboard.view', 'kyc.request', 'kyc.view', 'merchants.view'],`
			`};`

feat: implement authentication flow with login page, middleware protection, and session-based role management 2026-05-07 16:08:18 +06:00			`export const isAuthenticated = (): boolean => {`
			`return typeof window !== 'undefined' && !!sessionStorage.getItem('authToken');`
			`};`

			`export const getUserRole = (): string \| null => {`
			`return typeof window !== 'undefined' ? sessionStorage.getItem('userRole') : null;`
			`};`

			`export const getUserName = (): string \| null => {`
			`return typeof window !== 'undefined' ? sessionStorage.getItem('userName') : null;`
			`};`

feat: implement role-based access control for KYC workflows and add permissions documentation 2026-05-09 12:51:28 +06:00			`export const getUserPermissions = (): string[] => {`
			`if (typeof window === 'undefined') return [];`
			`const stored = sessionStorage.getItem('userPermissions');`
			`if (stored) return JSON.parse(stored);`
			`const role = getUserRole();`
			`return role ? (ROLE_PERMISSIONS[role] \|\| []) : [];`
			`};`

			`export const hasPermission = (permission: string): boolean => {`
			`const permissions = getUserPermissions();`
			`return permissions.includes(permission);`
			`};`

			`export const canApproveKycDocument = (): boolean => {`
			`return hasPermission('kyc.doc_approve');`
			`};`

			`export const canRejectKycDocument = (): boolean => {`
			`return hasPermission('kyc.doc_reject');`
			`};`

			`export const canMakeValidUser = (): boolean => {`
			`return hasPermission('kyc.make_valid_user');`
			`};`

feat: implement authentication flow with login page, middleware protection, and session-based role management 2026-05-07 16:08:18 +06:00			`export const logout = () => {`
			`if (typeof window !== 'undefined') {`
			`sessionStorage.removeItem('authToken');`
			`sessionStorage.removeItem('userRole');`
			`sessionStorage.removeItem('userName');`
feat: implement role-based access control for KYC workflows and add permissions documentation 2026-05-09 12:51:28 +06:00			`sessionStorage.removeItem('userPermissions');`
feat: implement authentication flow with login page, middleware protection, and session-based role management 2026-05-07 16:08:18 +06:00			`}`
			`};`