const { hooks } = require ('@feathersjs/authentication-local');
const { NotAuthenticated } = require('@feathersjs/errors');

const compareUser = async context => {
  if (context.id !== context.params.user._id.toString()) {
    throw new NotAuthenticated('You can only PATCH/UPDATE your own user!');
  }
  return context;
};


module.exports = {
  after: {
    all: hooks.protect('password')
  },
  before: {
    patch: [compareUser],
    update: [compareUser]
  }
};