diff --git a/controllers/auth.controller.js b/controllers/auth.controller.js index 464b3cd..e876dfd 100644 --- a/controllers/auth.controller.js +++ b/controllers/auth.controller.js @@ -1,26 +1,103 @@ -const authService = require("../services/auth.service"); +const AuthService = require('../services/auth.service'); +const { registerSchema, loginSchema } = require('../helpers/authValidation'); +const { setResponse } = require('../helpers/utils'); +const { createCaptcha } = require('../utils/captcha'); -const loginUser = async (req, res) => { - const { username, password, role, tenant } = req.body; - const { token, refreshToken, user } = await authService.login( - username, - password, - tenant - ); +class AuthController { - res.header("auth-token", token); - res.cookie("refreshToken", refreshToken, { - httpOnly: true, - sameSite: process.env.NODE_ENV === "development" ? true : "none", - secure: process.env.NODE_ENV === "development" ? false : true, - }); - res.status(200).json({ - token, - refreshToken, - user, - }); -}; + // Registration + static async register(req, res) { + try { + const { error, value } = registerSchema.validate(req.body, { abortEarly: false }); -module.exports = { - loginUser, -}; + if (error) { + // kumpulkan pesan error per field + const errors = error.details.reduce((acc, cur) => { + const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path); + if (!acc[field]) acc[field] = []; + acc[field].push(cur.message); + return acc; + }, {}); + + return res.status(400).json( + setResponse(errors, 'Validation failed', 400) + ); + } + + // Normalisasi phone menjadi +62 + if (value.phone && value.phone.startsWith('0')) { + value.phone = '+62' + value.phone.slice(1); + } + + const user = await AuthService.register(value); + return res.status(201).json( + setResponse(user, 'User registered successfully', 201) + ); + + } catch (err) { + return res.status(err.statusCode || 500).json( + setResponse([], err.message || 'Register failed', err.statusCode || 500) + ); + } + } + + + static async generateCaptcha(req, res) { + try { + const { svg, text } = createCaptcha(); + return res.status(200).json({ + data: { svg, text } + }); + } catch (err) { + return res.status(500).json(setResponse([], 'Captcha failed', 500)); + } + } + + static async login(req, res) { + try { + const { error, value } = loginSchema.validate(req.body, { abortEarly: false }); + if (error) return res.status(400).json(setResponse([], 'Validation failed', 400)); + + const { email, password, captcha, captchaText } = value; + + // verify captcha + if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) { + return res.status(400).json(setResponse([], 'Invalid captcha', 400)); + } + + const { user, tokens } = await AuthService.login({ email, password }); + + return res.status(200).json(setResponse({ user, tokens }, 'Login successful', 200)); + + } catch (err) { + return res.status(err.statusCode || 500).json( + setResponse([], err.message || 'Login failed', err.statusCode || 500) + ); + } + } + +// // Verify Captcha (secure) +// static async verifyCaptcha(req, res) { +// const { userInput } = req.body; + +// if (!userInput || !req.session.captcha) { +// return res.status(400).json( +// setResponse([], 'Missing data', 400) +// ); +// } + +// if (userInput.toLowerCase() === req.session.captcha.toLowerCase()) { +// req.session.captcha = null; // one-time use +// return res.json( +// setResponse([], 'Captcha is valid', 200) +// ); +// } else { +// return res.status(400).json( +// setResponse([], 'Invalid captcha', 400) +// ); +// } +// } + +} + +module.exports = AuthController;