yogiedigital/cod-api
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: auth

Browse Source
This commit is contained in:
Antony Kurniawan
2025-10-11 02:26:00 +07:00
parent cc4d135a53
commit 751cd0911e
3 changed files with 60 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
controllers/auth.controller.js
View File

@@ -1,6 +1,6 @@
const AuthService = require('../services/auth.service'); const AuthService = require('../services/auth.service');
const { registerSchema, loginSchema } = require('../validate/auth.schema');
const { setResponse, checkValidate } = require('../helpers/utils'); const { setResponse, checkValidate } = require('../helpers/utils');
const { registerSchema, loginSchema } = require('../validate/auth.schema');
const { createCaptcha } = require('../utils/captcha'); const { createCaptcha } = require('../utils/captcha');
class AuthController { class AuthController {
@@ -12,30 +12,21 @@ class AuthController {
return res.status(400).json(setResponse(error, 'Validation failed', 400)); return res.status(400).json(setResponse(error, 'Validation failed', 400));
} }
if (value.phone && value.phone.startsWith('0')) { // Format nomor HP Indonesia
value.phone = '+62' + value.phone.slice(1); if (value.user_phone && value.user_phone.startsWith('0')) {
value.user_phone = '+62' + value.user_phone.slice(1);
} }
const { user, tokens } = await AuthService.register(value); const results = await AuthService.register(value);
// Set refresh token di cookie
res.cookie('refreshToken', tokens.refreshToken, {
httpOnly: true,
secure: false, // masih dev
sameSite: 'lax',
maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
});
const response = await setResponse( const response = await setResponse(
{ {
user: { ...user, approved: false }, user: { ...results.user, approved: false },
accessToken: tokens.accessToken
}, },
'User registered successfully. Waiting for admin approval.', 'User registered successfully. Waiting for admin approval.'
201
); );
return res.status(response.statusCode).json(response); res.status(response.statusCode).json(response);
} }
// Login // Login
@@ -46,32 +37,25 @@ class AuthController {
return res.status(400).json(setResponse(error, 'Validation failed', 400)); return res.status(400).json(setResponse(error, 'Validation failed', 400));
} }
const { identifier, password, captcha, captchaText } = value; const results = await AuthService.login(value);
if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) { // Simpan refresh token di cookie
return res.status(400).json(setResponse([], 'Invalid captcha', 400)); res.cookie('refreshToken', results.tokens.refreshToken, {
}
const { user, tokens } = await AuthService.login({ identifier, password });
// Set refresh token di cookie
res.cookie('refreshToken', tokens.refreshToken, {
httpOnly: true, httpOnly: true,
secure: false, // masih dev secure: false,
sameSite: 'lax', sameSite: 'lax',
maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari maxAge: 7 * 24 * 60 * 60 * 1000
}); });
const response = await setResponse( const response = await setResponse(
{ {
user: { ...user, approved: true }, user: { ...results.user, approved: true },
accessToken: tokens.accessToken accessToken: results.tokens.accessToken
}, },
'Login successful', 'Login successful'
200
); );
return res.status(response.statusCode).json(response); res.status(response.statusCode).json(response);
} }
// Refresh Token // Refresh Token
@@ -82,10 +66,10 @@ class AuthController {
return res.status(401).json(setResponse(null, 'Refresh token is required', 401)); return res.status(401).json(setResponse(null, 'Refresh token is required', 401));
} }
const result = await AuthService.refreshToken(refreshToken); const results = await AuthService.refreshToken(refreshToken);
const response = await setResponse(result, 'Token refreshed successfully', 200); const response = await setResponse(results, 'Token refreshed successfully');
return res.status(response.statusCode).json(response); res.status(response.statusCode).json(response);
} }
// Logout // Logout
@@ -96,19 +80,19 @@ class AuthController {
secure: true secure: true
}); });
const response = await setResponse(null, 'Logged out successfully', 200); const response = await setResponse(null, 'Logged out successfully');
return res.status(response.statusCode).json(response); res.status(response.statusCode).json(response);
} }
// Captcha // Captcha
static async generateCaptcha(req, res) { static async generateCaptcha(req, res) {
const { svg, text } = createCaptcha(); const { svg, text } = createCaptcha();
// munculkan di header untuk keperluan dev // Tampilkan captcha di header untuk dev
res.setHeader('X-Captcha-Text', text); res.setHeader('X-Captcha-Text', text);
const response = await setResponse({ svg, text }, 'Captcha generated', 200); const response = await setResponse({ svg, text }, 'Captcha generated');
return res.status(response.statusCode).json(response); res.status(response.statusCode).json(response);
} }
} }

71
services/auth.service.js
View File

@@ -9,72 +9,66 @@ const JWTService = require('../utils/jwt');
class AuthService { class AuthService {
// Register // Register
static async register({ fullname, name, email, phone, password }) { static async register(data) {
try { try {
const existingUser = await getUserByUserEmailDb(email); const existingEmail = await getUserByUserEmailDb(data.user_email);
if (existingUser) { const existingUsername = await getUserByUsernameDb(data.user_name);
throw new ErrorHandler(400, 'Email already registered');
if (existingUsername) {
throw new ErrorHandler(400, 'Username is already taken');
}
if (existingEmail) {
throw new ErrorHandler(400, 'Email is already taken');
} }
const hashedPassword = await hashPassword(password); const hashedPassword = await hashPassword(data.user_password);
const userId = await createUserDb({ const userId = await createUserDb({
user_fullname: fullname, user_fullname: data.user_fullname,
user_name: name, user_name: data.user_name,
user_email: email, user_email: data.user_email,
user_phone: phone, user_phone: data.user_phone,
user_password: hashedPassword, user_password: hashedPassword,
role_id: null,
is_sa: 0,
is_active: 1,
is_approve: 0,
approved_by: null,
approved_at: null
}); });
const newUser = { const newUser = {
user_id: userId, user_id: userId,
user_fullname: fullname, user_fullname: data.user_fullname,
user_name: name, user_name: data.user_name,
user_email: email, user_email: data.user_email,
user_phone: phone user_phone: data.user_phone
}; };
const tokens = JWTService.generateTokenPair(newUser); return { user: newUser };
return { user: newUser, tokens };
} catch (error) { } catch (error) {
throw new ErrorHandler(error.statusCode, error.message); throw new ErrorHandler(error.statusCode, error.message);
} }
} }
// Login // Login
static async login({ identifier, password }) { static async login(data) {
try { try {
let user; const { identifier, password, captcha, captchaText } = data;
if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
throw new ErrorHandler(400, 'Invalid captcha');
}
let user;
if (identifier.includes('@')) { if (identifier.includes('@')) {
user = await getUserByUserEmailDb(identifier); user = await getUserByUserEmailDb(identifier);
} else { } else {
user = await getUserByUsernameDb(identifier); user = await getUserByUsernameDb(identifier);
} }
if (!user) { if (!user) throw new ErrorHandler(401, 'Invalid credentials');
throw new ErrorHandler(401, 'Invalid credentials');
}
const passwordMatch = await comparePassword(password, user.user_password); const passwordMatch = await comparePassword(password, user.user_password);
if (!passwordMatch) { if (!passwordMatch) throw new ErrorHandler(401, 'Invalid credentials');
throw new ErrorHandler(401, 'Invalid credentials');
}
if (!user.is_active) { if (!user.is_active) throw new ErrorHandler(403, 'User is inactive');
throw new ErrorHandler(403, 'User is inactive'); if (!user.is_approve)
}
if (!user.is_approve) {
throw new ErrorHandler(403, 'Your account has not been approved by admin yet.'); throw new ErrorHandler(403, 'Your account has not been approved by admin yet.');
}
const payload = { const payload = {
user_id: user.user_id, user_id: user.user_id,
@@ -88,7 +82,6 @@ class AuthService {
}; };
const tokens = JWTService.generateTokenPair(payload); const tokens = JWTService.generateTokenPair(payload);
return { user: payload, tokens }; return { user: payload, tokens };
} catch (error) { } catch (error) {
throw new ErrorHandler(error.statusCode, error.message); throw new ErrorHandler(error.statusCode, error.message);
@@ -98,10 +91,6 @@ class AuthService {
// Refresh Token // Refresh Token
static async refreshToken(refreshToken) { static async refreshToken(refreshToken) {
try { try {
if (!refreshToken) {
throw new ErrorHandler(401, 'Refresh token is required');
}
let decoded; let decoded;
try { try {
decoded = JWTService.verifyRefreshToken(refreshToken); decoded = JWTService.verifyRefreshToken(refreshToken);

10
validate/auth.schema.js
View File

@@ -4,17 +4,17 @@ const Joi = require("joi");
// Auth Validation // Auth Validation
// ======================== // ========================
const registerSchema = Joi.object({ const registerSchema = Joi.object({
fullname: Joi.string().min(3).max(100).required(), user_fullname: Joi.string().min(3).max(100).required(),
name: Joi.string().alphanum().min(3).max(50).required(), user_name: Joi.string().alphanum().min(3).max(50).required(),
email: Joi.string().email().required(), user_email: Joi.string().email().required(),
phone: Joi.string() user_phone: Joi.string()
.pattern(/^(?:\+62|0)8\d{7,10}$/) .pattern(/^(?:\+62|0)8\d{7,10}$/)
.required() .required()
.messages({ .messages({
'string.pattern.base': 'string.pattern.base':
'Phone number must be a valid Indonesian number in format +628XXXXXXXXX' 'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
}), }),
password: Joi.string() user_password: Joi.string()
.min(8) .min(8)
.pattern(/[A-Z]/, 'uppercase letter') .pattern(/[A-Z]/, 'uppercase letter')
.pattern(/[a-z]/, 'lowercase letter') .pattern(/[a-z]/, 'lowercase letter')