function authenticate(){
const { username, password} = body;
const user = users.find(x => x.username === username && x.password === password);
if(!user) return error('Username or password is incorrect');
return ok({
id: user.id,
username: user.username,
firstName: user.firstName,
lastName: user.lastName,
role: user.role,
token: `fake-jwt-token.${user.id}`
});
}
function getUserById(){
if(!isLoggedIn()) return unauthorized();
// only admins can access other user records
if(!isAdmin() && currentUser().id !== idFromUrl()) return unauthorized();
const user = users.find(x => x.id === idFromUrl());
return ok(user);
}