fix: auth controller

controllers/auth.controller.js

@@ -1,26 +1,103 @@
-const authService = require("../services/auth.service");
+const AuthService = require('../services/auth.service');
+const { registerSchema, loginSchema } = require('../helpers/authValidation');
+const { setResponse } = require('../helpers/utils');
+const { createCaptcha } = require('../utils/captcha');
 
-const loginUser = async (req, res) => {
+class AuthController {
-  const { username, password, role, tenant } = req.body;
-  const { token, refreshToken, user } = await authService.login(
-    username,
-    password,
-    tenant
-  );
 
-  res.header("auth-token", token);
+  // Registration
-  res.cookie("refreshToken", refreshToken, {
+  static async register(req, res) {
-    httpOnly: true,
+    try {
-    sameSite: process.env.NODE_ENV === "development" ? true : "none",
+      const { error, value } = registerSchema.validate(req.body, { abortEarly: false });
-    secure: process.env.NODE_ENV === "development" ? false : true,
-  });
-  res.status(200).json({
-    token,
-    refreshToken,
-    user,
-  });
-};
 
-module.exports = {
+      if (error) {
-  loginUser,
+        // kumpulkan pesan error per field
-};
+        const errors = error.details.reduce((acc, cur) => {
+          const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path);
+          if (!acc[field]) acc[field] = [];
+          acc[field].push(cur.message);
+          return acc;
+        }, {});
+
+        return res.status(400).json(
+          setResponse(errors, 'Validation failed', 400)
+        );
+      }
+
+      // Normalisasi phone menjadi +62
+      if (value.phone && value.phone.startsWith('0')) {
+        value.phone = '+62' + value.phone.slice(1);
+      }
+
+      const user = await AuthService.register(value);
+      return res.status(201).json(
+        setResponse(user, 'User registered successfully', 201)
+      );
+
+    } catch (err) {
+      return res.status(err.statusCode || 500).json(
+        setResponse([], err.message || 'Register failed', err.statusCode || 500)
+      );
+    }
+  }
+
+
+  static async generateCaptcha(req, res) {
+    try {
+      const { svg, text } = createCaptcha();
+      return res.status(200).json({
+        data: { svg, text }
+      });
+    } catch (err) {
+      return res.status(500).json(setResponse([], 'Captcha failed', 500));
+    }
+  }
+
+  static async login(req, res) {
+    try {
+      const { error, value } = loginSchema.validate(req.body, { abortEarly: false });
+      if (error) return res.status(400).json(setResponse([], 'Validation failed', 400));
+
+      const { email, password, captcha, captchaText } = value;
+
+      // verify captcha
+      if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
+        return res.status(400).json(setResponse([], 'Invalid captcha', 400));
+      }
+
+      const { user, tokens } = await AuthService.login({ email, password });
+
+      return res.status(200).json(setResponse({ user, tokens }, 'Login successful', 200));
+
+    } catch (err) {
+      return res.status(err.statusCode || 500).json(
+        setResponse([], err.message || 'Login failed', err.statusCode || 500)
+      );
+    }
+  }
+
+// // Verify Captcha (secure)
+//   static async verifyCaptcha(req, res) {
+//     const { userInput } = req.body;
+
+//     if (!userInput || !req.session.captcha) {
+//       return res.status(400).json(
+//         setResponse([], 'Missing data', 400)
+//       );
+//     }
+
+//     if (userInput.toLowerCase() === req.session.captcha.toLowerCase()) {
+//       req.session.captcha = null; // one-time use
+//       return res.json(
+//         setResponse([], 'Captcha is valid', 200)
+//       );
+//     } else {
+//       return res.status(400).json(
+//         setResponse([], 'Invalid captcha', 400)
+//       );
+//     }
+//   }
+
+}
+
+module.exports = AuthController;