add: is approve validation

controllers/auth.controller.js

@@ -20,12 +20,10 @@ class AuthController {
         return res.status(400).json(setResponse(errors, 'Validation failed', 400));
       }
 
-      // Convert nomor HP ke format +62
       if (value.phone && value.phone.startsWith('0')) {
         value.phone = '+62' + value.phone.slice(1);
       }
 
-      // Register user baru (is_approve default 0)
       const { user, tokens } = await AuthService.register(value);
 
       // Set refresh token di cookie
@@ -39,7 +37,7 @@ class AuthController {
       return res.status(201).json(
         setResponse(
           {
-            user: { ...user, approved: false }, // user belum disetujui
+            user: { ...user, approved: false },
             accessToken: tokens.accessToken
           },
           'User registered successfully. Waiting for admin approval.',
@@ -77,6 +75,12 @@ class AuthController {
 
       const { user, tokens } = await AuthService.login({ email, password });
 
+      if (!user.is_approve) {
+        return res.status(403).json(
+          setResponse(null, 'Your account has not been approved by admin yet.', 403)
+        );
+      }
+
       // Set refresh token di cookie
       res.cookie('refreshToken', tokens.refreshToken, {
         httpOnly: true,
@@ -85,18 +89,13 @@ class AuthController {
         maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
       });
 
-      let message = 'Login successful';
-      if (!user.is_approve) {
-        message = 'Login successful. Limited access until approved.';
-      }
-
       return res.status(200).json(
         setResponse(
           {
-            user: { ...user, approved: !!user.is_approve },
+            user: { ...user, approved: true },
             accessToken: tokens.accessToken
           },
-          message,
+          'Login successful',
           200
         )
       );
@@ -141,4 +140,4 @@ class AuthController {
   }
 }
 
-module.exports = AuthController;
+module.exports = AuthController;