diff --git a/controllers/auth.controller.js b/controllers/auth.controller.js index daff027..db3a316 100644 --- a/controllers/auth.controller.js +++ b/controllers/auth.controller.js @@ -20,12 +20,10 @@ class AuthController { return res.status(400).json(setResponse(errors, 'Validation failed', 400)); } - // Convert nomor HP ke format +62 if (value.phone && value.phone.startsWith('0')) { value.phone = '+62' + value.phone.slice(1); } - // Register user baru (is_approve default 0) const { user, tokens } = await AuthService.register(value); // Set refresh token di cookie @@ -39,7 +37,7 @@ class AuthController { return res.status(201).json( setResponse( { - user: { ...user, approved: false }, // user belum disetujui + user: { ...user, approved: false }, accessToken: tokens.accessToken }, 'User registered successfully. Waiting for admin approval.', @@ -77,6 +75,12 @@ class AuthController { const { user, tokens } = await AuthService.login({ email, password }); + if (!user.is_approve) { + return res.status(403).json( + setResponse(null, 'Your account has not been approved by admin yet.', 403) + ); + } + // Set refresh token di cookie res.cookie('refreshToken', tokens.refreshToken, { httpOnly: true, @@ -85,18 +89,13 @@ class AuthController { maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari }); - let message = 'Login successful'; - if (!user.is_approve) { - message = 'Login successful. Limited access until approved.'; - } - return res.status(200).json( setResponse( { - user: { ...user, approved: !!user.is_approve }, + user: { ...user, approved: true }, accessToken: tokens.accessToken }, - message, + 'Login successful', 200 ) ); @@ -141,4 +140,4 @@ class AuthController { } } -module.exports = AuthController; \ No newline at end of file +module.exports = AuthController;