update: auth

2025-10-07 15:12:27 +07:00
parent 48cb3af91d
commit ddf9784213
1 changed files with 27 additions and 6 deletions
--- a/controllers/auth.controller.js
+++ b/controllers/auth.controller.js
@@ -20,22 +20,31 @@ class AuthController {
        return res.status(400).json(setResponse(errors, 'Validation failed', 400));
      }

+      // Convert nomor HP ke format +62
      if (value.phone && value.phone.startsWith('0')) {
        value.phone = '+62' + value.phone.slice(1);
      }

+      // Register user baru (is_approve default 0)
      const { user, tokens } = await AuthService.register(value);

-      // Set refresh token in cookie
+      // Set refresh token di cookie
      res.cookie('refreshToken', tokens.refreshToken, {
        httpOnly: true,
-        secure: false, //masih dev
+        secure: false, // masih dev
        sameSite: 'lax',
        maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
      });

      return res.status(201).json(
-        setResponse({ user, accessToken: tokens.accessToken }, 'User registered successfully', 201)
+        setResponse(
+          {
+            user: { ...user, approved: false }, // user belum disetujui
+            accessToken: tokens.accessToken
+          },
+          'User registered successfully. Waiting for admin approval.',
+          201
+        )
      );
    } catch (err) {
      return res.status(err.statusCode || 500).json(
@@ -68,7 +77,7 @@ class AuthController {

      const { user, tokens } = await AuthService.login({ email, password });

-      // Set refresh token in cookie
+      // Set refresh token di cookie
      res.cookie('refreshToken', tokens.refreshToken, {
        httpOnly: true,
        secure: false, // masih dev
@@ -76,8 +85,20 @@ class AuthController {
        maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
      });

+      let message = 'Login successful';
+      if (!user.is_approve) {
+        message = 'Login successful. Limited access until approved.';
+      }
+
      return res.status(200).json(
-        setResponse({ user, accessToken: tokens.accessToken }, 'Login successful', 200)
+        setResponse(
+          {
+            user: { ...user, approved: !!user.is_approve },
+            accessToken: tokens.accessToken
+          },
+          message,
+          200
+        )
      );
    } catch (err) {
      return res.status(err.statusCode || 500).json(
@@ -120,4 +141,4 @@ class AuthController {
  }
 }

-module.exports = AuthController;
+module.exports = AuthController;