frontend/src/contexts/AuthContext.js

import React, { createContext, useContext, useState, useEffect, useCallback } from 'react';

const API_BASE = process.env.REACT_APP_API_BASE || 'http://localhost:3001/api';

const AuthContext = createContext(null);

export function AuthProvider({ children }) {
    const [user, setUser] = useState(null);
    const [loading, setLoading] = useState(true);
    const [error, setError] = useState(null);

    // Check if user is authenticated on mount
    const checkAuth = useCallback(async () => {
        try {
            const response = await fetch(`${API_BASE}/auth/me`, {
                credentials: 'include'
            });

            if (response.ok) {
                const data = await response.json();
                setUser(data.user);
            } else {
                setUser(null);
            }
        } catch (err) {
            console.error('Auth check error:', err);
            setUser(null);
        } finally {
            setLoading(false);
        }
    }, []);

    useEffect(() => {
        checkAuth();
    }, [checkAuth]);

    // Login function
    const login = async (username, password) => {
        setError(null);
        try {
            const response = await fetch(`${API_BASE}/auth/login`, {
                method: 'POST',
                headers: { 'Content-Type': 'application/json' },
                credentials: 'include',
                body: JSON.stringify({ username, password })
            });

            const data = await response.json();

            if (!response.ok) {
                throw new Error(data.error || 'Login failed');
            }

            setUser(data.user);
            return { success: true };
        } catch (err) {
            setError(err.message);
            return { success: false, error: err.message };
        }
    };

    // Logout function
    const logout = async () => {
        try {
            await fetch(`${API_BASE}/auth/logout`, {
                method: 'POST',
                credentials: 'include'
            });
        } catch (err) {
            console.error('Logout error:', err);
        }
        setUser(null);
    };

    // Check if user belongs to one of the specified groups
    const isInGroup = (...groups) => user && groups.includes(user.group);

    // Check if user can perform write operations (Admin or Standard_User)
    const canWrite = () => isInGroup('Admin', 'Standard_User');

    // Check if user can delete a resource
    // Admin: always true; Standard_User: only if they own the resource; others: false
    const canDelete = (resource) => {
        if (!user) return false;
        if (isInGroup('Admin')) return true;
        if (!isInGroup('Standard_User')) return false;
        return resource?.created_by === user.id;
    };

    // Check if user can export data
    const canExport = () => isInGroup('Admin', 'Standard_User', 'Leadership');

    // Check if user is admin
    const isAdmin = () => isInGroup('Admin');

    const value = {
        user,
        loading,
        error,
        login,
        logout,
        checkAuth,
        isInGroup,
        canWrite,
        canDelete,
        canExport,
        isAdmin,
        isAuthenticated: !!user
    };

    return (
        <AuthContext.Provider value={value}>
            {children}
        </AuthContext.Provider>
    );
}

export function useAuth() {
    const context = useContext(AuthContext);
    if (!context) {
        throw new Error('useAuth must be used within an AuthProvider');
    }
    return context;
}
added required code changes, components, and packages for login feature 2026-01-28 14:36:33 -07:00			`import React, { createContext, useContext, useState, useEffect, useCallback } from 'react';`

			`const API_BASE = process.env.REACT_APP_API_BASE \|\| 'http://localhost:3001/api';`

			`const AuthContext = createContext(null);`

			`export function AuthProvider({ children }) {`
			`const [user, setUser] = useState(null);`
			`const [loading, setLoading] = useState(true);`
			`const [error, setError] = useState(null);`

			`// Check if user is authenticated on mount`
			`const checkAuth = useCallback(async () => {`
			`try {`
			const response = await fetch(`${API_BASE}/auth/me`, {
			`credentials: 'include'`
			`});`

			`if (response.ok) {`
			`const data = await response.json();`
			`setUser(data.user);`
			`} else {`
			`setUser(null);`
			`}`
			`} catch (err) {`
			`console.error('Auth check error:', err);`
			`setUser(null);`
			`} finally {`
			`setLoading(false);`
			`}`
			`}, []);`

			`useEffect(() => {`
			`checkAuth();`
			`}, [checkAuth]);`

			`// Login function`
			`const login = async (username, password) => {`
			`setError(null);`
			`try {`
			const response = await fetch(`${API_BASE}/auth/login`, {
			`method: 'POST',`
			`headers: { 'Content-Type': 'application/json' },`
			`credentials: 'include',`
			`body: JSON.stringify({ username, password })`
			`});`

			`const data = await response.json();`

			`if (!response.ok) {`
			`throw new Error(data.error \|\| 'Login failed');`
			`}`

			`setUser(data.user);`
			`return { success: true };`
			`} catch (err) {`
			`setError(err.message);`
			`return { success: false, error: err.message };`
			`}`
			`};`

			`// Logout function`
			`const logout = async () => {`
			`try {`
			await fetch(`${API_BASE}/auth/logout`, {
			`method: 'POST',`
			`credentials: 'include'`
			`});`
			`} catch (err) {`
			`console.error('Logout error:', err);`
			`}`
			`setUser(null);`
			`};`

feat: implement group-based access control (Admin, Standard_User, Leadership, Read_Only) - Add user_group migration and created_by column migration - Replace requireRole middleware with requireGroup - Update all backend routes to use group-based authorization - Add Standard_User conditional delete with ownership, state, and compliance checks - Add cascade impact check for CVE deletes - Update AuthContext with group-based permission helpers - Update all frontend components for group-based rendering - Update UserManagement UI with group dropdown, confirmation dialogs, self-demotion prevention 2026-04-06 16:18:07 -06:00			`// Check if user belongs to one of the specified groups`
			`const isInGroup = (...groups) => user && groups.includes(user.group);`

			`// Check if user can perform write operations (Admin or Standard_User)`
			`const canWrite = () => isInGroup('Admin', 'Standard_User');`

			`// Check if user can delete a resource`
			`// Admin: always true; Standard_User: only if they own the resource; others: false`
			`const canDelete = (resource) => {`
			`if (!user) return false;`
			`if (isInGroup('Admin')) return true;`
			`if (!isInGroup('Standard_User')) return false;`
			`return resource?.created_by === user.id;`
added required code changes, components, and packages for login feature 2026-01-28 14:36:33 -07:00			`};`

feat: implement group-based access control (Admin, Standard_User, Leadership, Read_Only) - Add user_group migration and created_by column migration - Replace requireRole middleware with requireGroup - Update all backend routes to use group-based authorization - Add Standard_User conditional delete with ownership, state, and compliance checks - Add cascade impact check for CVE deletes - Update AuthContext with group-based permission helpers - Update all frontend components for group-based rendering - Update UserManagement UI with group dropdown, confirmation dialogs, self-demotion prevention 2026-04-06 16:18:07 -06:00			`// Check if user can export data`
			`const canExport = () => isInGroup('Admin', 'Standard_User', 'Leadership');`
added required code changes, components, and packages for login feature 2026-01-28 14:36:33 -07:00
			`// Check if user is admin`
feat: implement group-based access control (Admin, Standard_User, Leadership, Read_Only) - Add user_group migration and created_by column migration - Replace requireRole middleware with requireGroup - Update all backend routes to use group-based authorization - Add Standard_User conditional delete with ownership, state, and compliance checks - Add cascade impact check for CVE deletes - Update AuthContext with group-based permission helpers - Update all frontend components for group-based rendering - Update UserManagement UI with group dropdown, confirmation dialogs, self-demotion prevention 2026-04-06 16:18:07 -06:00			`const isAdmin = () => isInGroup('Admin');`
added required code changes, components, and packages for login feature 2026-01-28 14:36:33 -07:00
			`const value = {`
			`user,`
			`loading,`
			`error,`
			`login,`
			`logout,`
			`checkAuth,`
feat: implement group-based access control (Admin, Standard_User, Leadership, Read_Only) - Add user_group migration and created_by column migration - Replace requireRole middleware with requireGroup - Update all backend routes to use group-based authorization - Add Standard_User conditional delete with ownership, state, and compliance checks - Add cascade impact check for CVE deletes - Update AuthContext with group-based permission helpers - Update all frontend components for group-based rendering - Update UserManagement UI with group dropdown, confirmation dialogs, self-demotion prevention 2026-04-06 16:18:07 -06:00			`isInGroup,`
added required code changes, components, and packages for login feature 2026-01-28 14:36:33 -07:00			`canWrite,`
feat: implement group-based access control (Admin, Standard_User, Leadership, Read_Only) - Add user_group migration and created_by column migration - Replace requireRole middleware with requireGroup - Update all backend routes to use group-based authorization - Add Standard_User conditional delete with ownership, state, and compliance checks - Add cascade impact check for CVE deletes - Update AuthContext with group-based permission helpers - Update all frontend components for group-based rendering - Update UserManagement UI with group dropdown, confirmation dialogs, self-demotion prevention 2026-04-06 16:18:07 -06:00			`canDelete,`
			`canExport,`
added required code changes, components, and packages for login feature 2026-01-28 14:36:33 -07:00			`isAdmin,`
			`isAuthenticated: !!user`
			`};`

			`return (`
			`<AuthContext.Provider value={value}>`
			`{children}`
			`</AuthContext.Provider>`
			`);`
			`}`

			`export function useAuth() {`
			`const context = useContext(AuthContext);`
			`if (!context) {`
			`throw new Error('useAuth must be used within an AuthProvider');`
			`}`
			`return context;`
			`}`