Compare commits
10 Commits
6212048aec
...
c0aca9ea87
| Author | SHA1 | Date | |
|---|---|---|---|
| c0aca9ea87 | |||
| 7b2509ffa1 | |||
| 050529cf78 | |||
| d41c0421c4 | |||
| 373b707954 | |||
| b022e86e02 | |||
| 6f66f0c2f3 | |||
| a28c3c22d9 | |||
| 8142ceda30 | |||
| ce64671551 |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -3,3 +3,4 @@ node_modules
|
||||
.vscode
|
||||
request.http
|
||||
*.rest
|
||||
package-lock.json
|
||||
@@ -1,26 +1,103 @@
|
||||
const authService = require("../services/auth.service");
|
||||
const AuthService = require('../services/auth.service');
|
||||
const { registerSchema, loginSchema } = require('../helpers/authValidation');
|
||||
const { setResponse } = require('../helpers/utils');
|
||||
const { createCaptcha } = require('../utils/captcha');
|
||||
|
||||
const loginUser = async (req, res) => {
|
||||
const { username, password, role, tenant } = req.body;
|
||||
const { token, refreshToken, user } = await authService.login(
|
||||
username,
|
||||
password,
|
||||
tenant
|
||||
);
|
||||
class AuthController {
|
||||
|
||||
res.header("auth-token", token);
|
||||
res.cookie("refreshToken", refreshToken, {
|
||||
httpOnly: true,
|
||||
sameSite: process.env.NODE_ENV === "development" ? true : "none",
|
||||
secure: process.env.NODE_ENV === "development" ? false : true,
|
||||
});
|
||||
res.status(200).json({
|
||||
token,
|
||||
refreshToken,
|
||||
user,
|
||||
});
|
||||
};
|
||||
// Registration
|
||||
static async register(req, res) {
|
||||
try {
|
||||
const { error, value } = registerSchema.validate(req.body, { abortEarly: false });
|
||||
|
||||
module.exports = {
|
||||
loginUser,
|
||||
};
|
||||
if (error) {
|
||||
// kumpulkan pesan error per field
|
||||
const errors = error.details.reduce((acc, cur) => {
|
||||
const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path);
|
||||
if (!acc[field]) acc[field] = [];
|
||||
acc[field].push(cur.message);
|
||||
return acc;
|
||||
}, {});
|
||||
|
||||
return res.status(400).json(
|
||||
setResponse(errors, 'Validation failed', 400)
|
||||
);
|
||||
}
|
||||
|
||||
// Normalisasi phone menjadi +62
|
||||
if (value.phone && value.phone.startsWith('0')) {
|
||||
value.phone = '+62' + value.phone.slice(1);
|
||||
}
|
||||
|
||||
const user = await AuthService.register(value);
|
||||
return res.status(201).json(
|
||||
setResponse(user, 'User registered successfully', 201)
|
||||
);
|
||||
|
||||
} catch (err) {
|
||||
return res.status(err.statusCode || 500).json(
|
||||
setResponse([], err.message || 'Register failed', err.statusCode || 500)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static async generateCaptcha(req, res) {
|
||||
try {
|
||||
const { svg, text } = createCaptcha();
|
||||
return res.status(200).json({
|
||||
data: { svg, text }
|
||||
});
|
||||
} catch (err) {
|
||||
return res.status(500).json(setResponse([], 'Captcha failed', 500));
|
||||
}
|
||||
}
|
||||
|
||||
static async login(req, res) {
|
||||
try {
|
||||
const { error, value } = loginSchema.validate(req.body, { abortEarly: false });
|
||||
if (error) return res.status(400).json(setResponse([], 'Validation failed', 400));
|
||||
|
||||
const { email, password, captcha, captchaText } = value;
|
||||
|
||||
// verify captcha
|
||||
if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
|
||||
return res.status(400).json(setResponse([], 'Invalid captcha', 400));
|
||||
}
|
||||
|
||||
const { user, tokens } = await AuthService.login({ email, password });
|
||||
|
||||
return res.status(200).json(setResponse({ user, tokens }, 'Login successful', 200));
|
||||
|
||||
} catch (err) {
|
||||
return res.status(err.statusCode || 500).json(
|
||||
setResponse([], err.message || 'Login failed', err.statusCode || 500)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// // Verify Captcha (secure)
|
||||
// static async verifyCaptcha(req, res) {
|
||||
// const { userInput } = req.body;
|
||||
|
||||
// if (!userInput || !req.session.captcha) {
|
||||
// return res.status(400).json(
|
||||
// setResponse([], 'Missing data', 400)
|
||||
// );
|
||||
// }
|
||||
|
||||
// if (userInput.toLowerCase() === req.session.captcha.toLowerCase()) {
|
||||
// req.session.captcha = null; // one-time use
|
||||
// return res.json(
|
||||
// setResponse([], 'Captcha is valid', 200)
|
||||
// );
|
||||
// } else {
|
||||
// return res.status(400).json(
|
||||
// setResponse([], 'Invalid captcha', 400)
|
||||
// );
|
||||
// }
|
||||
// }
|
||||
|
||||
}
|
||||
|
||||
module.exports = AuthController;
|
||||
|
||||
177
db/user.db.js
177
db/user.db.js
@@ -1,131 +1,108 @@
|
||||
const pool = require("../config");
|
||||
|
||||
const getAllUsersDb = async (param) => {
|
||||
// limit & offset masuk fixed param
|
||||
let fixedParams = [param.fixed.limit, param.fixed.offset, param.fixed.tenantID];
|
||||
|
||||
const { whereOrConditions, whereParam } = pool.buildStringOrIlike(
|
||||
param.filterCriteria.column,
|
||||
param.filterCriteria.criteria,
|
||||
fixedParams
|
||||
);
|
||||
const { whereConditions, queryParams } = pool.buildFilterQuery(param.filterQuery, whereParam);npm
|
||||
|
||||
const query = `
|
||||
SELECT mut.*, mr.role_name, COUNT(*) OVER() AS total
|
||||
FROM m_users mut
|
||||
LEFT JOIN system.role_tenant mr ON mr.role_id = mut.role_id
|
||||
WHERE mut.deleted_at IS NULL AND mut.is_sa != 1 AND mut.tenant_id = $3
|
||||
${whereConditions.length > 0 ? ` AND ${whereConditions.join(" AND ")}` : ""}
|
||||
${whereOrConditions ? whereOrConditions : ""}
|
||||
ORDER BY mut.user_id
|
||||
OFFSET $2 ROWS FETCH NEXT $1 ROWS ONLY
|
||||
// Get all users
|
||||
const getAllUsersDb = async () => {
|
||||
const queryText = `
|
||||
SELECT u.user_id, u.user_fullname, u.user_name, u.user_email, u.user_phone,
|
||||
u.is_active, u.created_at, u.updated_at, u.deleted_at,
|
||||
u.updated_by, u.deleted_by,
|
||||
r.role_id, r.role_name
|
||||
FROM users u
|
||||
LEFT JOIN roles r ON u.role_id = r.role_id
|
||||
WHERE u.deleted_at IS NULL
|
||||
ORDER BY u.user_id ASC
|
||||
`;
|
||||
|
||||
const result = await pool.query(query, queryParams);
|
||||
const rows = result.recordset;
|
||||
|
||||
const total = rows.length > 0 ? parseInt(rows[0].total, 10) : 0;
|
||||
return { data: rows, total };
|
||||
const result = await pool.query(queryText);
|
||||
return result.recordset;
|
||||
};
|
||||
|
||||
const createUserDb = async (param) => {
|
||||
const insertData = {
|
||||
tenant_id: param.tenantID,
|
||||
user_fullname: param.userFullname,
|
||||
user_name: param.userName,
|
||||
user_email: param.userEmail ?? null,
|
||||
user_password: param.userPassword,
|
||||
role_id: param.roleId ?? null,
|
||||
is_active: param.isActive ? 1 : 0,
|
||||
created_by: param.userID,
|
||||
updated_by: param.userID,
|
||||
};
|
||||
|
||||
const { query, values } = pool.buildDynamicInsert("m_users", insertData);
|
||||
|
||||
const result = await pool.query(query, values);
|
||||
// Get user by ID
|
||||
const getUserByIdDb = async (id) => {
|
||||
const queryText = `
|
||||
SELECT u.user_id, u.user_fullname, u.user_name, u.user_email, u.user_phone,
|
||||
u.is_active, u.created_at, u.updated_at, u.deleted_at,
|
||||
u.updated_by, u.deleted_by,
|
||||
r.role_id, r.role_name
|
||||
FROM users u
|
||||
LEFT JOIN roles r ON u.role_id = r.role_id
|
||||
WHERE u.user_id = $1 AND u.deleted_at IS NULL
|
||||
`;
|
||||
const result = await pool.query(queryText, [id]);
|
||||
return result.recordset[0];
|
||||
};
|
||||
|
||||
const getUserByIdDb = async (id) => {
|
||||
const query = `
|
||||
SELECT mut.*
|
||||
FROM m_users mut
|
||||
WHERE mut.user_id = $1
|
||||
// Get user by email (login)
|
||||
const getUserByUserEmailDb = async (email) => {
|
||||
const queryText = `
|
||||
SELECT u.user_id, u.user_fullname, u.user_name, u.user_email, u.user_phone,
|
||||
u.user_password, u.is_active, u.is_sa,
|
||||
r.role_id, r.role_name
|
||||
FROM users u
|
||||
LEFT JOIN roles r ON u.role_id = r.role_id
|
||||
WHERE u.user_email = $1 AND u.deleted_at IS NULL
|
||||
`;
|
||||
const result = await pool.query(query, [id]);
|
||||
const result = await pool.query(queryText, [email]);
|
||||
return result.recordset[0];
|
||||
};
|
||||
|
||||
const getUserByUsernameDb = async (username) => {
|
||||
const query = `
|
||||
SELECT mut.*
|
||||
FROM m_users mut
|
||||
WHERE LOWER(mut.username) = LOWER($1)
|
||||
const queryText = `
|
||||
SELECT u.user_id, u.user_fullname, u.user_name, u.user_email, u.user_phone, u.user_password,
|
||||
u.is_active, u.role_id,
|
||||
r.role_name
|
||||
FROM users u
|
||||
LEFT JOIN roles r ON u.role_id = r.role_id
|
||||
WHERE u.user_name = $1 AND u.deleted_at IS NULL
|
||||
`;
|
||||
const result = await pool.query(query, [username]);
|
||||
const result = await pool.query(queryText, [username]);
|
||||
return result.recordset[0];
|
||||
};
|
||||
|
||||
const getUserByUserEmailDb = async (userEmail) => {
|
||||
const query = `
|
||||
SELECT mut.*
|
||||
FROM m_users mut
|
||||
WHERE LOWER(mut.user_email) = LOWER($1)
|
||||
`;
|
||||
const result = await pool.query(query, [userEmail]);
|
||||
return result.recordset[0];
|
||||
// Create user
|
||||
const createUserDb = async (data) => {
|
||||
const { query: queryText, values } = pool.buildDynamicInsert("users", data);
|
||||
const result = await pool.query(queryText, values);
|
||||
return result.recordset[0]?.inserted_id || null;
|
||||
};
|
||||
|
||||
const updateUserDb = async (param) => {
|
||||
const updateData = {
|
||||
tenant_id: param.tenantID,
|
||||
user_fullname: param.userFullname,
|
||||
user_name: param.userName,
|
||||
user_email: param.userEmail ?? null,
|
||||
user_password: param.userPassword,
|
||||
role_id: param.roleId ?? null,
|
||||
is_active: param.isActive ? 1 : 0,
|
||||
updated_by: param.userID,
|
||||
};
|
||||
|
||||
const whereData = { user_id: param.id };
|
||||
|
||||
const { query, values } = pool.buildDynamicUpdate("m_users", updateData, whereData);
|
||||
|
||||
const result = await pool.query(query, values);
|
||||
return result.recordset[0];
|
||||
// Update user
|
||||
const updateUserDb = async (userId, data) => {
|
||||
const { query: queryText, values } = pool.buildDynamicUpdate("users", data, { user_id: userId });
|
||||
await pool.query(queryText, values);
|
||||
return true;
|
||||
};
|
||||
|
||||
const deleteUserDb = async (id, userID) => {
|
||||
const query = `
|
||||
UPDATE m_users
|
||||
SET deleted_at = GETDATE(), deleted_by = $1
|
||||
WHERE user_id = $2;
|
||||
|
||||
SELECT * FROM m_users WHERE user_id = $2
|
||||
// Change user password
|
||||
const changeUserPasswordDb = async (userId, newPassword) => {
|
||||
const queryText = `
|
||||
UPDATE users
|
||||
SET user_password = $1, updated_at = GETDATE()
|
||||
WHERE user_id = $2 AND deleted_at IS NULL
|
||||
`;
|
||||
const result = await pool.query(query, [userID, id]);
|
||||
return result.recordset[0];
|
||||
await pool.query(queryText, [newPassword, userId]);
|
||||
return true;
|
||||
};
|
||||
|
||||
const changeUserPasswordDb = async (hashedPassword, userEmail, tenantId) => {
|
||||
const query = `
|
||||
UPDATE m_users
|
||||
SET user_password = $1
|
||||
WHERE user_email = $2 AND tenant_id = $3
|
||||
// Soft delete user
|
||||
const deleteUserDb = async (userId, deletedBy) => {
|
||||
const queryText = `
|
||||
UPDATE users
|
||||
SET deleted_at = GETDATE(),
|
||||
deleted_by = $1
|
||||
WHERE user_id = $2
|
||||
`;
|
||||
return pool.query(query, [hashedPassword, userEmail, tenantId]);
|
||||
await pool.query(queryText, [deletedBy, userId]);
|
||||
return true;
|
||||
};
|
||||
|
||||
const getAllRoleDb = async (tenantId) => {
|
||||
const query = `
|
||||
SELECT *
|
||||
FROM system.role_tenant
|
||||
WHERE deleted_at IS NULL AND tenant_id = $1
|
||||
// Get all roles
|
||||
const getAllRoleDb = async () => {
|
||||
const queryText = `
|
||||
SELECT role_id, role_name
|
||||
FROM roles
|
||||
ORDER BY role_id ASC
|
||||
`;
|
||||
const result = await pool.query(query, [tenantId]);
|
||||
const result = await pool.query(queryText);
|
||||
return result.recordset;
|
||||
};
|
||||
|
||||
|
||||
36
helpers/authValidation.js
Normal file
36
helpers/authValidation.js
Normal file
@@ -0,0 +1,36 @@
|
||||
const Joi = require('joi');
|
||||
|
||||
const registerSchema = Joi.object({
|
||||
fullname: Joi.string().min(3).max(100).required(),
|
||||
username: Joi.string().alphanum().min(3).max(50).required(),
|
||||
email: Joi.string().email().required(),
|
||||
phone: Joi.string()
|
||||
.pattern(/^(?:\+62|0)8\d{7,10}$/)
|
||||
.required()
|
||||
.messages({
|
||||
'string.pattern.base': 'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
|
||||
}),
|
||||
password: Joi.string()
|
||||
.min(8)
|
||||
.pattern(/[A-Z]/, 'uppercase letter')
|
||||
.pattern(/[a-z]/, 'lowercase letter')
|
||||
.pattern(/\d/, 'number')
|
||||
.pattern(/[!@#$%^&*(),.?":{}|<>]/, 'special character')
|
||||
.required()
|
||||
.messages({
|
||||
'string.min': 'Password must be at least 8 characters long',
|
||||
'string.pattern.name': 'Password must contain at least one {#name}'
|
||||
})
|
||||
});
|
||||
|
||||
const loginSchema = Joi.object({
|
||||
email: Joi.string().email().required(),
|
||||
password: Joi.string().required(),
|
||||
captcha: Joi.string().required(),
|
||||
captchaText: Joi.string().required()
|
||||
});
|
||||
|
||||
module.exports = {
|
||||
registerSchema,
|
||||
loginSchema
|
||||
};
|
||||
@@ -1,12 +1,12 @@
|
||||
const setResponse = async (data = [], message = "success", statusCode = 200) => {
|
||||
const response = {
|
||||
const setResponse = (data = null, message = "success", statusCode = 200) => {
|
||||
const total = Array.isArray(data) ? data.length : null;
|
||||
|
||||
return {
|
||||
data,
|
||||
total: data.length,
|
||||
total,
|
||||
message,
|
||||
statusCode
|
||||
}
|
||||
|
||||
return response
|
||||
};
|
||||
};
|
||||
|
||||
const setResponsePaging = async (data = [], total, limit, page, message = "success", statusCode = 200) => {
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
const validateUser = (email, password) => {
|
||||
const validEmail = typeof email === "string" && email.trim() !== "";
|
||||
const validPassword =
|
||||
typeof password === "string" && password.trim().length >= 6;
|
||||
|
||||
return validEmail && validPassword;
|
||||
};
|
||||
|
||||
module.exports = validateUser;
|
||||
@@ -1,47 +1,57 @@
|
||||
const jwt = require("jsonwebtoken");
|
||||
const { ErrorHandler } = require("../helpers/error");
|
||||
const JWTService = require('../utils/jwt');
|
||||
const { ErrorHandler } = require('../helpers/error');
|
||||
|
||||
const verifyToken = (req, res, next) => {
|
||||
const authHeader = req.header("Authorization");
|
||||
// console.log("authHeader", authHeader)
|
||||
|
||||
// Pastikan header Authorization ada dan berisi token
|
||||
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
||||
throw new ErrorHandler(401, "Token missing or invalid");
|
||||
}
|
||||
|
||||
// Ambil token dari header Authorization
|
||||
const token = authHeader.split(" ")[1];
|
||||
function setUser(req, decoded) {
|
||||
req.user = {
|
||||
userId: decoded.user_id,
|
||||
fullname: decoded.user_fullname,
|
||||
username: decoded.user_name,
|
||||
email: decoded.user_email,
|
||||
roleId: decoded.role_id,
|
||||
roleName: decoded.role_name
|
||||
};
|
||||
}
|
||||
|
||||
function verifyAccessToken(req, res, next) {
|
||||
try {
|
||||
// const decoded = jwt.decode(token, { complete: true });
|
||||
// console.log("decoded", decoded)
|
||||
// console.log("==============================")
|
||||
// console.log("token", token)
|
||||
// console.log("process.env.SECRET", process.env.SECRET)
|
||||
// // console.log("==============================> ", jwt.verify(token, process.env.SECRET))
|
||||
// jwt.verify(token, process.env.SECRET, (err, decoded) => {
|
||||
// if (err) {
|
||||
// console.error('Error verifying token: ==============================>', err.message);
|
||||
// } else {
|
||||
// console.log('Decoded payload: ==============================>', decoded);
|
||||
// }
|
||||
// });
|
||||
let token = req.cookies?.accessToken;
|
||||
|
||||
const verified = jwt.verify(token, process.env.SECRET);
|
||||
req.tokenExtract = verified;
|
||||
// console.log(req.tokenExtract);
|
||||
|
||||
req.userID = req.tokenExtract.user_id
|
||||
req.tenantID = req.tokenExtract.tenant_id
|
||||
req.roleID = req.tokenExtract.role_id
|
||||
req.body.userID = req.tokenExtract.user_id
|
||||
req.body.tenantID = req.tokenExtract.tenant_id
|
||||
req.query.tenantID = req.tokenExtract.tenant_id
|
||||
if (!token) {
|
||||
const authHeader = req.headers.authorization;
|
||||
if (!authHeader || !authHeader.startsWith('Bearer')) {
|
||||
throw new ErrorHandler(401, 'Access Token is required');
|
||||
}
|
||||
token = authHeader.split(' ')[1];
|
||||
}
|
||||
|
||||
const decoded = JWTService.verifyToken(token);
|
||||
setUser(req, decoded);
|
||||
next();
|
||||
} catch (error) {
|
||||
throw new ErrorHandler(401, error.message || "Invalid Token");
|
||||
if (error.name === 'TokenExpiredError' || error.name === 'JsonWebTokenError') {
|
||||
return next(new ErrorHandler(401, error.message));
|
||||
}
|
||||
next(new ErrorHandler(500, 'Authenticate verification failed'));
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
module.exports = verifyToken;
|
||||
function verifyRefreshToken(req, res, next) {
|
||||
try {
|
||||
const refreshToken = req.cookies?.refreshToken;
|
||||
|
||||
if (!refreshToken) {
|
||||
throw new ErrorHandler(401, 'Refresh Token is required');
|
||||
}
|
||||
|
||||
const decoded = JWTService.verifyRefreshToken(refreshToken);
|
||||
setUser(req, decoded);
|
||||
next();
|
||||
} catch (error) {
|
||||
next(new ErrorHandler(500, 'Refresh token verification failed'));
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
verifyAccessToken,
|
||||
verifyRefreshToken,
|
||||
};
|
||||
@@ -1,8 +0,0 @@
|
||||
const router = require("express").Router();
|
||||
const {
|
||||
loginUser,
|
||||
} = require("../controllers/auth.controller");
|
||||
|
||||
router.post("/login", loginUser);
|
||||
|
||||
module.exports = router;
|
||||
11
routes/auth.route.js
Normal file
11
routes/auth.route.js
Normal file
@@ -0,0 +1,11 @@
|
||||
const express = require('express');
|
||||
const authController = require("../controllers/auth.controller");
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
router.post('/login', authController.login);
|
||||
router.post('/register', authController.register);
|
||||
router.get('/generate-captcha', authController.generateCaptcha);
|
||||
// router.post('/verify-captcha', authController.verifyCaptcha);
|
||||
|
||||
module.exports = router;
|
||||
@@ -1,8 +1,8 @@
|
||||
const router = require("express").Router();
|
||||
const auth = require("./auth");
|
||||
const users = require("./users");
|
||||
const auth = require("./auth.route");
|
||||
const users = require("./users.route");
|
||||
|
||||
router.use("/auth", auth);
|
||||
router.use("/users", users);
|
||||
router.use("/user", users);
|
||||
|
||||
module.exports = router;
|
||||
|
||||
@@ -14,20 +14,19 @@ const verifyToken = require("../middleware/verifyToken");
|
||||
|
||||
router.get("/roles", getAllRoles);
|
||||
|
||||
router.route("/profile")
|
||||
.get(getUserProfile);
|
||||
router.get('/profile', verifyToken.verifyAccessToken, getUserProfile);
|
||||
|
||||
router.route("/")
|
||||
.get(verifyToken, getAllUsers)
|
||||
.post(verifyToken, createUser);
|
||||
.get(verifyToken.verifyAccessToken, getAllUsers)
|
||||
.post(verifyToken.verifyAccessToken, createUser);
|
||||
|
||||
router
|
||||
.route("/status")
|
||||
.get(verifyToken, getAllStatusUsers);
|
||||
.get(verifyToken.verifyAccessToken, getAllStatusUsers);
|
||||
|
||||
router.route("/:id")
|
||||
.get(verifyToken, getUserById)
|
||||
.put(verifyToken, updateUser)
|
||||
.delete(verifyToken, deleteUser);
|
||||
.get(verifyToken.verifyAccessToken, getUserById)
|
||||
.put(verifyToken.verifyAccessToken, updateUser)
|
||||
.delete(verifyToken.verifyAccessToken, deleteUser);
|
||||
|
||||
module.exports = router;
|
||||
@@ -1,77 +1,101 @@
|
||||
const bcrypt = require("bcrypt");
|
||||
const jwt = require("jsonwebtoken");
|
||||
const validateUser = require("../helpers/validateUser");
|
||||
const { ErrorHandler } = require("../helpers/error");
|
||||
const {
|
||||
getUserByUsernameDb
|
||||
} = require("../db/user.db");
|
||||
const { logger } = require("../utils/logger");
|
||||
const {
|
||||
getUserByUserEmailDb,
|
||||
createUserDb
|
||||
} = require('../db/user.db');
|
||||
const JWTService = require('../utils/jwt');
|
||||
const { hashPassword, comparePassword } = require('../helpers/hashPassword');
|
||||
const { ErrorHandler } = require('../helpers/error');
|
||||
|
||||
class AuthService {
|
||||
|
||||
async login(username, password, tenantId) {
|
||||
try {
|
||||
// if (!validateUser(username, password)) {
|
||||
// throw new ErrorHandler(403, "Invalid login");
|
||||
// }
|
||||
|
||||
const user = await getUserByUsernameDb(username, tenantId);
|
||||
console.log(user);
|
||||
|
||||
if (!user) {
|
||||
throw new ErrorHandler(403, "Username not found.");
|
||||
}
|
||||
|
||||
const isCorrectPassword = password === user.password
|
||||
if (!isCorrectPassword) {
|
||||
throw new ErrorHandler(403, "Username or password incorrect.");
|
||||
}
|
||||
|
||||
const dataToken = {
|
||||
tenant_id: tenantId,
|
||||
user_id: user.user_id,
|
||||
username,
|
||||
fullname: user.full_name,
|
||||
role_id: user.role_id
|
||||
}
|
||||
|
||||
const token = await this.signToken(dataToken);
|
||||
const refreshToken = await this.signRefreshToken(dataToken);
|
||||
|
||||
return {
|
||||
token,
|
||||
refreshToken,
|
||||
role_id: dataToken.role_id,
|
||||
tenant_id: tenantId,
|
||||
user: {
|
||||
user_id: dataToken.user_id,
|
||||
fullname: dataToken.fullname,
|
||||
username: dataToken.username,
|
||||
},
|
||||
};
|
||||
} catch (error) {
|
||||
throw new ErrorHandler(error.statusCode, error.message);
|
||||
// Register
|
||||
static async register({ fullname, username, email, phone, password }) {
|
||||
const existingUser = await getUserByUserEmailDb(email);
|
||||
if (existingUser) {
|
||||
throw new ErrorHandler(400, 'Email already registered');
|
||||
}
|
||||
|
||||
const hashedPassword = await hashPassword(password);
|
||||
|
||||
const userId = await createUserDb({
|
||||
user_fullname: fullname,
|
||||
user_name: username,
|
||||
user_email: email,
|
||||
user_phone: phone,
|
||||
user_password: hashedPassword,
|
||||
role_id: 3,
|
||||
is_sa: 0,
|
||||
is_active: 1
|
||||
});
|
||||
|
||||
// ambil user baru
|
||||
const newUser = {
|
||||
user_id: userId,
|
||||
user_fullname: fullname,
|
||||
user_name: username,
|
||||
user_email: email,
|
||||
user_phone: phone,
|
||||
role_id: 3,
|
||||
};
|
||||
|
||||
// generate token pair
|
||||
const tokens = JWTService.generateTokenPair(newUser);
|
||||
|
||||
return { user: newUser, tokens };
|
||||
}
|
||||
|
||||
async signToken(data) {
|
||||
try {
|
||||
// console.log("signToken process.env.SECRET", process.env.SECRET)
|
||||
return jwt.sign(data, process.env.SECRET, { expiresIn: "23h" });
|
||||
} catch (error) {
|
||||
logger.error(error);
|
||||
throw new ErrorHandler(500, "An error occurred");
|
||||
// Login
|
||||
static async login({ email, password }) {
|
||||
const user = await getUserByUserEmailDb(email);
|
||||
if (!user) {
|
||||
throw new ErrorHandler(401, 'Invalid credentials');
|
||||
}
|
||||
|
||||
const passwordMatch = await comparePassword(password, user.user_password);
|
||||
if (!passwordMatch) {
|
||||
throw new ErrorHandler(401, 'Invalid credentials');
|
||||
}
|
||||
|
||||
if (!user.is_active) {
|
||||
throw new ErrorHandler(403, 'User is inactive');
|
||||
}
|
||||
|
||||
const payload = {
|
||||
user_id: user.user_id,
|
||||
user_fullname: user.user_fullname,
|
||||
user_name: user.user_name,
|
||||
user_email: user.user_email,
|
||||
phone: user.phone,
|
||||
role_id: user.role_id,
|
||||
role_name: user.role_name,
|
||||
is_sa: user.is_sa
|
||||
};
|
||||
|
||||
const tokens = JWTService.generateTokenPair(payload);
|
||||
return { user: payload, tokens };
|
||||
}
|
||||
|
||||
async signRefreshToken(data) {
|
||||
try {
|
||||
return jwt.sign(data, process.env.REFRESH_SECRET, { expiresIn: "23h" });
|
||||
} catch (error) {
|
||||
logger.error(error);
|
||||
throw new ErrorHandler(500, error.message);
|
||||
// Refresh token
|
||||
static async refreshToken(refreshToken) {
|
||||
if (!refreshToken) {
|
||||
throw new ErrorHandler(401, 'Refresh token is required');
|
||||
}
|
||||
|
||||
const decoded = JWTService.verifyRefreshToken(refreshToken);
|
||||
|
||||
const payload = {
|
||||
user_id: decoded.user_id,
|
||||
user_fullname: decoded.user_fullname,
|
||||
user_name: decoded.user_name,
|
||||
user_email: decoded.user_email,
|
||||
role_id: decoded.role_id,
|
||||
role_name: decoded.role_name
|
||||
};
|
||||
|
||||
const accessToken = JWTService.generateAccessToken(payload);
|
||||
return { accessToken, tokenType: 'Bearer', expiresIn: 900 };
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
module.exports = new AuthService();
|
||||
module.exports = AuthService;
|
||||
|
||||
8
utils/captcha.js
Normal file
8
utils/captcha.js
Normal file
@@ -0,0 +1,8 @@
|
||||
const svgCaptcha = require('svg-captcha');
|
||||
|
||||
function createCaptcha() {
|
||||
const captcha = svgCaptcha.create({ size: 5, noise: 2, color: true });
|
||||
return { svg: captcha.data, text: captcha.text };
|
||||
}
|
||||
|
||||
module.exports = { createCaptcha };
|
||||
81
utils/jwt.js
Normal file
81
utils/jwt.js
Normal file
@@ -0,0 +1,81 @@
|
||||
const jwt = require('jsonwebtoken');
|
||||
const crypto = require('crypto');
|
||||
|
||||
const tokenSettings = {
|
||||
access: {
|
||||
expiresIn: '15m',
|
||||
type: 'access',
|
||||
secret: process.env.SECRET
|
||||
},
|
||||
refresh: {
|
||||
expiresIn: '7d',
|
||||
type: 'refresh',
|
||||
secret: process.env.REFRESH_SECRET
|
||||
}
|
||||
};
|
||||
|
||||
function generateTokenId() {
|
||||
return crypto.randomBytes(32).toString('hex');
|
||||
}
|
||||
|
||||
function generateToken(payload, type) {
|
||||
const settings = tokenSettings[type];
|
||||
if (!settings) throw new Error(`Invalid token type: ${type}`);
|
||||
|
||||
const tokenPayload = { ...payload, type: settings.type };
|
||||
|
||||
return jwt.sign(tokenPayload, settings.secret, {
|
||||
expiresIn: settings.expiresIn,
|
||||
jwtid: generateTokenId()
|
||||
});
|
||||
}
|
||||
|
||||
function verifyTokenType(token, type) {
|
||||
const settings = tokenSettings[type];
|
||||
try {
|
||||
const decoded = jwt.verify(token, settings.secret);
|
||||
if (decoded.type !== type) throw new Error('Invalid token type');
|
||||
return decoded;
|
||||
} catch (error) {
|
||||
if (error.name === 'TokenExpiredError') throw new Error(`${type} token has expired`);
|
||||
if (error.name === 'JsonWebTokenError') throw new Error(`Invalid ${type} token`);
|
||||
throw error;
|
||||
}
|
||||
}
|
||||
|
||||
function generateAccessToken(payload) {
|
||||
return generateToken(payload, 'access');
|
||||
}
|
||||
|
||||
function generateRefreshToken(payload) {
|
||||
return generateToken(payload, 'refresh');
|
||||
}
|
||||
|
||||
function verifyToken(token) {
|
||||
return verifyTokenType(token, 'access');
|
||||
}
|
||||
|
||||
function verifyRefreshToken(token) {
|
||||
return verifyTokenType(token, 'refresh');
|
||||
}
|
||||
|
||||
function generateTokenPair(payload) {
|
||||
const accessToken = generateAccessToken(payload);
|
||||
const refreshToken = generateRefreshToken(payload);
|
||||
|
||||
return {
|
||||
accessToken,
|
||||
refreshToken,
|
||||
tokenType: 'Bearer',
|
||||
expiresIn: 900,
|
||||
refreshExpiresIn: 604800
|
||||
};
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
generateAccessToken,
|
||||
generateRefreshToken,
|
||||
verifyToken,
|
||||
verifyRefreshToken,
|
||||
generateTokenPair,
|
||||
};
|
||||
Reference in New Issue
Block a user