yogiedigital/cod-api
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: auth

Browse Source
This commit is contained in:
Antony Kurniawan
2025-10-01 10:17:05 +07:00
parent 4bd50c7a4c
commit 27d4541cfc
1 changed files with 55 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
controllers/auth.controller.js
View File

@@ -1,5 +1,5 @@
const AuthService = require('../services/auth.service'); const AuthService = require('../services/auth.service');
const { registerSchema, loginSchema } = require('../helpers/authValidation'); const { registerSchema, loginSchema } = require('../helpers/validation');
const { setResponse } = require('../helpers/utils'); const { setResponse } = require('../helpers/utils');
const { createCaptcha } = require('../utils/captcha'); const { createCaptcha } = require('../utils/captcha');
@@ -11,29 +11,32 @@ class AuthController {
const { error, value } = registerSchema.validate(req.body, { abortEarly: false }); const { error, value } = registerSchema.validate(req.body, { abortEarly: false });
if (error) { if (error) {
// kumpulkan pesan error per field
const errors = error.details.reduce((acc, cur) => { const errors = error.details.reduce((acc, cur) => {
const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path); const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path);
if (!acc[field]) acc[field] = []; if (!acc[field]) acc[field] = [];
acc[field].push(cur.message); acc[field].push(cur.message);
return acc; return acc;
}, {}); }, {});
return res.status(400).json(setResponse(errors, 'Validation failed', 400));
return res.status(400).json(
setResponse(errors, 'Validation failed', 400)
);
} }
// Normalisasi phone menjadi +62
if (value.phone && value.phone.startsWith('0')) { if (value.phone && value.phone.startsWith('0')) {
value.phone = '+62' + value.phone.slice(1); value.phone = '+62' + value.phone.slice(1);
} }
const user = await AuthService.register(value); const { user, tokens } = await AuthService.register(value);
return res.status(201).json(
setResponse(user, 'User registered successfully', 201)
);
// Set refresh token in cookie
res.cookie('refreshToken', tokens.refreshToken, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
});
return res.status(201).json(
setResponse({ user, accessToken: tokens.accessToken }, 'User registered successfully', 201)
);
} catch (err) { } catch (err) {
return res.status(err.statusCode || 500).json( return res.status(err.statusCode || 500).json(
setResponse([], err.message || 'Register failed', err.statusCode || 500) setResponse([], err.message || 'Register failed', err.statusCode || 500)
@@ -41,18 +44,17 @@ class AuthController {
} }
} }
// Captcha
static async generateCaptcha(req, res) { static async generateCaptcha(req, res) {
try { try {
const { svg, text } = createCaptcha(); const { svg, text } = createCaptcha();
return res.status(200).json({ return res.status(200).json({ data: { svg, text } });
data: { svg, text }
});
} catch (err) { } catch (err) {
return res.status(500).json(setResponse([], 'Captcha failed', 500)); return res.status(500).json(setResponse([], 'Captcha failed', 500));
} }
} }
// Login
static async login(req, res) { static async login(req, res) {
try { try {
const { error, value } = loginSchema.validate(req.body, { abortEarly: false }); const { error, value } = loginSchema.validate(req.body, { abortEarly: false });
@@ -60,15 +62,23 @@ class AuthController {
const { email, password, captcha, captchaText } = value; const { email, password, captcha, captchaText } = value;
// verify captcha
if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) { if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
return res.status(400).json(setResponse([], 'Invalid captcha', 400)); return res.status(400).json(setResponse([], 'Invalid captcha', 400));
} }
const { user, tokens } = await AuthService.login({ email, password }); const { user, tokens } = await AuthService.login({ email, password });
return res.status(200).json(setResponse({ user, tokens }, 'Login successful', 200)); // Set refresh token in cookie
res.cookie('refreshToken', tokens.refreshToken, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
});
return res.status(200).json(
setResponse({ user, accessToken: tokens.accessToken }, 'Login successful', 200)
);
} catch (err) { } catch (err) {
return res.status(err.statusCode || 500).json( return res.status(err.statusCode || 500).json(
setResponse([], err.message || 'Login failed', err.statusCode || 500) setResponse([], err.message || 'Login failed', err.statusCode || 500)
@@ -76,28 +86,37 @@ class AuthController {
} }
} }
// // Verify Captcha (secure) // Refresh Token
// static async verifyCaptcha(req, res) { static async refreshToken(req, res) {
// const { userInput } = req.body; try {
const refreshToken = req.cookies?.refreshToken;
if (!refreshToken) {
return res.status(401).json(setResponse(null, 'Refresh token is required', 401));
}
// if (!userInput || !req.session.captcha) { const result = await AuthService.refreshToken(refreshToken);
// return res.status(400).json(
// setResponse([], 'Missing data', 400)
// );
// }
// if (userInput.toLowerCase() === req.session.captcha.toLowerCase()) { return res.status(200).json(setResponse(result, 'Token refreshed successfully', 200));
// req.session.captcha = null; // one-time use } catch (err) {
// return res.json( return res.status(err.statusCode || 500).json(
// setResponse([], 'Captcha is valid', 200) setResponse(null, err.message || 'Refresh token failed', err.statusCode || 500)
// ); );
// } else { }
// return res.status(400).json( }
// setResponse([], 'Invalid captcha', 400)
// );
// }
// }
// Logout
static async logout(req, res) {
try {
res.clearCookie('refreshToken', {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
});
return res.status(200).json(setResponse(null, 'Logged out successfully', 200));
} catch (err) {
return res.status(500).json(setResponse(null, 'Logout failed', 500));
}
}
} }
module.exports = AuthController; module.exports = AuthController;