add: device service

controllers/auth.controller.js

@@ -1,5 +1,5 @@
 const AuthService = require('../services/auth.service');
-const { registerSchema, loginSchema } = require('../helpers/authValidation');
+const { registerSchema, loginSchema } = require('../helpers/validation');
 const { setResponse } = require('../helpers/utils');
 const { createCaptcha } = require('../utils/captcha');
 
@@ -11,29 +11,32 @@ class AuthController {
       const { error, value } = registerSchema.validate(req.body, { abortEarly: false });
 
       if (error) {
-        // kumpulkan pesan error per field
         const errors = error.details.reduce((acc, cur) => {
           const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path);
           if (!acc[field]) acc[field] = [];
           acc[field].push(cur.message);
           return acc;
         }, {});
-
+        return res.status(400).json(setResponse(errors, 'Validation failed', 400));
-        return res.status(400).json(
-          setResponse(errors, 'Validation failed', 400)
-        );
       }
 
-      // Normalisasi phone menjadi +62
       if (value.phone && value.phone.startsWith('0')) {
         value.phone = '+62' + value.phone.slice(1);
       }
 
-      const user = await AuthService.register(value);
+      const { user, tokens } = await AuthService.register(value);
-      return res.status(201).json(
-        setResponse(user, 'User registered successfully', 201)
-      );
 
+      // Set refresh token in cookie
+      res.cookie('refreshToken', tokens.refreshToken, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'strict',
+        maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
+      });
+
+      return res.status(201).json(
+        setResponse({ user, accessToken: tokens.accessToken }, 'User registered successfully', 201)
+      );
     } catch (err) {
       return res.status(err.statusCode || 500).json(
         setResponse([], err.message || 'Register failed', err.statusCode || 500)
@@ -41,18 +44,17 @@ class AuthController {
     }
   }
 
-
+  // Captcha
   static async generateCaptcha(req, res) {
     try {
       const { svg, text } = createCaptcha();
-      return res.status(200).json({
+      return res.status(200).json({ data: { svg, text } });
-        data: { svg, text }
-      });
     } catch (err) {
       return res.status(500).json(setResponse([], 'Captcha failed', 500));
     }
   }
 
+  // Login
   static async login(req, res) {
     try {
       const { error, value } = loginSchema.validate(req.body, { abortEarly: false });
@@ -60,15 +62,23 @@ class AuthController {
 
       const { email, password, captcha, captchaText } = value;
 
-      // verify captcha
       if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
         return res.status(400).json(setResponse([], 'Invalid captcha', 400));
       }
 
       const { user, tokens } = await AuthService.login({ email, password });
 
-      return res.status(200).json(setResponse({ user, tokens }, 'Login successful', 200));
+      // Set refresh token in cookie
+      res.cookie('refreshToken', tokens.refreshToken, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'strict',
+        maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
+      });
 
+      return res.status(200).json(
+        setResponse({ user, accessToken: tokens.accessToken }, 'Login successful', 200)
+      );
     } catch (err) {
       return res.status(err.statusCode || 500).json(
         setResponse([], err.message || 'Login failed', err.statusCode || 500)
@@ -76,28 +86,37 @@ class AuthController {
     }
   }
 
-// // Verify Captcha (secure)
+  // Refresh Token
-//   static async verifyCaptcha(req, res) {
+  static async refreshToken(req, res) {
-//     const { userInput } = req.body;
+    try {
+      const refreshToken = req.cookies?.refreshToken;
+      if (!refreshToken) {
+        return res.status(401).json(setResponse(null, 'Refresh token is required', 401));
+      }
 
-//     if (!userInput || !req.session.captcha) {
+      const result = await AuthService.refreshToken(refreshToken);
-//       return res.status(400).json(
-//         setResponse([], 'Missing data', 400)
-//       );
-//     }
 
-//     if (userInput.toLowerCase() === req.session.captcha.toLowerCase()) {
+      return res.status(200).json(setResponse(result, 'Token refreshed successfully', 200));
-//       req.session.captcha = null; // one-time use
+    } catch (err) {
-//       return res.json(
+      return res.status(err.statusCode || 500).json(
-//         setResponse([], 'Captcha is valid', 200)
+        setResponse(null, err.message || 'Refresh token failed', err.statusCode || 500)
-//       );
+      );
-//     } else {
+    }
-//       return res.status(400).json(
+  }
-//         setResponse([], 'Invalid captcha', 400)
-//       );
-//     }
-//   }
 
+  // Logout
+  static async logout(req, res) {
+    try {
+      res.clearCookie('refreshToken', {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'strict',
+      });
+      return res.status(200).json(setResponse(null, 'Logged out successfully', 200));
+    } catch (err) {
+      return res.status(500).json(setResponse(null, 'Logout failed', 500));
+    }
+  }
 }
 
 module.exports = AuthController;

controllers/device.controller.js

@@ -0,0 +1,103 @@
+const DeviceService = require('../services/device.service');
+const { deviceSchema } = require('../helpers/validation');
+const { setResponse } = require('../helpers/utils');
+
+class DeviceController {
+  // Get all devices
+  static async getAll(req, res) {
+    try {
+      const devices = await DeviceService.getAllDevices();
+      return res.status(200).json(
+        setResponse(devices, 'Devices retrieved successfully', 200)
+      );
+    } catch (err) {
+      return res.status(err.statusCode || 500).json(
+        setResponse([], err.message || 'Failed to get devices', err.statusCode || 500)
+      );
+    }
+  }
+
+  // Get device by ID
+  static async getById(req, res) {
+    try {
+      const { id } = req.params;
+      const device = await DeviceService.getDeviceById(id);
+      return res.status(200).json(
+        setResponse(device, 'Device retrieved successfully', 200)
+      );
+    } catch (err) {
+      return res.status(err.statusCode || 500).json(
+        setResponse([], err.message || 'Failed to get device', err.statusCode || 500)
+      );
+    }
+  }
+
+  // Create device
+  static async create(req, res) {
+    try {
+      const { error, value } = deviceSchema.validate(req.body || {}, { abortEarly: false });
+      if (error) {
+        const errors = error.details.reduce((acc, cur) => {
+          const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path);
+          if (!acc[field]) acc[field] = [];
+          acc[field].push(cur.message);
+          return acc;
+        }, {});
+        return res.status(400).json(setResponse(errors, 'Validation failed', 400));
+      }
+
+      const newDevice = await DeviceService.createDevice(value, req.user.userId);
+      return res.status(201).json(
+        setResponse(newDevice, 'Device created successfully', 201)
+      );
+    } catch (err) {
+      return res.status(err.statusCode || 500).json(
+        setResponse([], err.message || 'Failed to create device', err.statusCode || 500)
+      );
+    }
+  }
+
+  // Update device
+  static async update(req, res) {
+    try {
+      const { id } = req.params;
+      const { error, value } = deviceSchema.validate(req.body || {}, { abortEarly: false });
+      if (error) {
+        const errors = error.details.reduce((acc, cur) => {
+          const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path);
+          if (!acc[field]) acc[field] = [];
+          acc[field].push(cur.message);
+          return acc;
+        }, {});
+        return res.status(400).json(setResponse(errors, 'Validation failed', 400));
+      }
+
+      await DeviceService.updateDevice(id, value, req.user.userId);
+      return res.status(200).json(
+        setResponse([], 'Device updated successfully', 200)
+      );
+    } catch (err) {
+      return res.status(err.statusCode || 500).json(
+        setResponse([], err.message || 'Failed to update device', err.statusCode || 500)
+      );
+    }
+  }
+
+  // Soft delete device
+  static async delete(req, res) {
+    try {
+      const { id } = req.params;
+
+      await DeviceService.deleteDevice(id, req.user.userId);
+      return res.status(200).json(
+        setResponse([], 'Device deleted successfully', 200)
+      );
+    } catch (err) {
+      return res.status(err.statusCode || 500).json(
+        setResponse([], err.message || 'Failed to delete device', err.statusCode || 500)
+      );
+    }
+  }
+}
+
+module.exports = DeviceController;

db/device.db.js

@@ -0,0 +1,76 @@
+const pool = require("../config");
+
+// Get all devices
+const getAllDevicesDb = async () => {
+  const queryText = `
+    SELECT *
+    FROM m_device
+    WHERE deleted_at IS NULL
+    ORDER BY device_id ASC
+  `;
+  const result = await pool.query(queryText);
+  return result.recordset;
+};
+
+// Get device by ID
+const getDeviceByIdDb = async (id) => {
+  const queryText = `
+    SELECT *
+    FROM m_device
+    WHERE device_id = $1
+      AND deleted_at IS NULL
+  `;
+  const result = await pool.query(queryText, [id]);
+  return result.recordset[0];
+};
+
+// Get device by device_code
+const getDeviceByCodeDb = async (code) => {
+  const queryText = `
+    SELECT *
+    FROM m_device
+    WHERE device_code = $1
+      AND deleted_at IS NULL
+  `;
+  const result = await pool.query(queryText, [code]);
+  return result.recordset[0];
+};
+
+// Create device
+const createDeviceDb = async (data) => {
+  const { query: queryText, values } = pool.buildDynamicInsert("m_device", data);
+  const result = await pool.query(queryText, values);
+  const insertedId = result.recordset[0]?.inserted_id;
+  if (!insertedId) return null;
+
+  return getDeviceByIdDb(insertedId);
+};
+
+// Update device
+const updateDeviceDb = async (id, data) => {
+  const { query: queryText, values } = pool.buildDynamicUpdate("m_device", data, { device_id: id });
+  await pool.query(queryText, values);
+  return getDeviceByIdDb(id);
+};
+
+// Soft delete device
+const softDeleteDeviceDb = async (id, deletedBy) => {
+  const queryText = `
+    UPDATE m_device
+    SET deleted_at = GETDATE(),
+        deleted_by = $1
+    WHERE device_id = $2
+      AND deleted_at IS NULL
+  `;
+  await pool.query(queryText, [deletedBy, id]);
+  return true;
+};
+
+module.exports = {
+  getAllDevicesDb,
+  getDeviceByIdDb,
+  getDeviceByCodeDb,
+  createDeviceDb,
+  updateDeviceDb,
+  softDeleteDeviceDb,
+};

db/user.db.js

@@ -7,8 +7,8 @@ const getAllUsersDb = async () => {
            u.is_active, u.created_at, u.updated_at, u.deleted_at,
            u.updated_by, u.deleted_by,
            r.role_id, r.role_name
-    FROM users u
+    FROM m_users u
-    LEFT JOIN roles r ON u.role_id = r.role_id
+    LEFT JOIN m_roles r ON u.role_id = r.role_id
     WHERE u.deleted_at IS NULL
     ORDER BY u.user_id ASC
   `;
@@ -23,8 +23,8 @@ const getUserByIdDb = async (id) => {
            u.is_active, u.created_at, u.updated_at, u.deleted_at,
            u.updated_by, u.deleted_by,
            r.role_id, r.role_name
-    FROM users u
+    FROM m_users u
-    LEFT JOIN roles r ON u.role_id = r.role_id
+    LEFT JOIN m_roles r ON u.role_id = r.role_id
     WHERE u.user_id = $1 AND u.deleted_at IS NULL
   `;
   const result = await pool.query(queryText, [id]);
@@ -37,21 +37,22 @@ const getUserByUserEmailDb = async (email) => {
     SELECT u.user_id, u.user_fullname, u.user_name, u.user_email, u.user_phone,
            u.user_password, u.is_active, u.is_sa,
            r.role_id, r.role_name
-    FROM users u
+    FROM m_users u
-    LEFT JOIN roles r ON u.role_id = r.role_id
+    LEFT JOIN m_roles r ON u.role_id = r.role_id
     WHERE u.user_email = $1 AND u.deleted_at IS NULL
   `;
   const result = await pool.query(queryText, [email]);
   return result.recordset[0];
 };
 
+// Get user by username
 const getUserByUsernameDb = async (username) => {
   const queryText = `
     SELECT u.user_id, u.user_fullname, u.user_name, u.user_email, u.user_phone, u.user_password,
            u.is_active, u.role_id,
            r.role_name
-    FROM users u
+    FROM m_users u
-    LEFT JOIN roles r ON u.role_id = r.role_id
+    LEFT JOIN m_roles r ON u.role_id = r.role_id
     WHERE u.user_name = $1 AND u.deleted_at IS NULL
   `;
   const result = await pool.query(queryText, [username]);
@@ -60,14 +61,14 @@ const getUserByUsernameDb = async (username) => {
 
 // Create user
 const createUserDb = async (data) => {
-  const { query: queryText, values } = pool.buildDynamicInsert("users", data);
+  const { query: queryText, values } = pool.buildDynamicInsert("m_users", data);
   const result = await pool.query(queryText, values);
   return result.recordset[0]?.inserted_id || null;
 };
 
 // Update user
 const updateUserDb = async (userId, data) => {
-  const { query: queryText, values } = pool.buildDynamicUpdate("users", data, { user_id: userId });
+  const { query: queryText, values } = pool.buildDynamicUpdate("m_users", data, { user_id: userId });
   await pool.query(queryText, values);
   return true;
 };
@@ -75,7 +76,7 @@ const updateUserDb = async (userId, data) => {
 // Change user password
 const changeUserPasswordDb = async (userId, newPassword) => {
   const queryText = `
-    UPDATE users
+    UPDATE m_users
     SET user_password = $1, updated_at = GETDATE()
     WHERE user_id = $2 AND deleted_at IS NULL
   `;
@@ -86,7 +87,7 @@ const changeUserPasswordDb = async (userId, newPassword) => {
 // Soft delete user
 const deleteUserDb = async (userId, deletedBy) => {
   const queryText = `
-    UPDATE users
+    UPDATE m_users
     SET deleted_at = GETDATE(),
         deleted_by = $1
     WHERE user_id = $2
@@ -99,7 +100,7 @@ const deleteUserDb = async (userId, deletedBy) => {
 const getAllRoleDb = async () => {
   const queryText = `
     SELECT role_id, role_name
-    FROM roles
+    FROM m_roles
     ORDER BY role_id ASC
   `;
   const result = await pool.query(queryText);

helpers/authValidation.js

@@ -1,36 +0,0 @@
-const Joi = require('joi');
-
-const registerSchema = Joi.object({
-  fullname: Joi.string().min(3).max(100).required(),
-  username: Joi.string().alphanum().min(3).max(50).required(),
-  email: Joi.string().email().required(),
-  phone: Joi.string()
-  .pattern(/^(?:\+62|0)8\d{7,10}$/)
-  .required()
-  .messages({
-    'string.pattern.base': 'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
-  }),
-  password: Joi.string()
-    .min(8)
-    .pattern(/[A-Z]/, 'uppercase letter')
-    .pattern(/[a-z]/, 'lowercase letter')
-    .pattern(/\d/, 'number')
-    .pattern(/[!@#$%^&*(),.?":{}|<>]/, 'special character')
-    .required()
-    .messages({
-      'string.min': 'Password must be at least 8 characters long',
-      'string.pattern.name': 'Password must contain at least one {#name}'
-    })
-});
-
-const loginSchema = Joi.object({
-  email: Joi.string().email().required(),
-  password: Joi.string().required(),
-  captcha: Joi.string().required(),
-  captchaText: Joi.string().required()
-});
-
-module.exports = {
-  registerSchema,
-  loginSchema
-};

helpers/validation.js

@@ -0,0 +1,58 @@
+const Joi = require('joi');
+
+// ========================
+// Auth Validation
+// ========================
+const registerSchema = Joi.object({
+  fullname: Joi.string().min(3).max(100).required(),
+  name: Joi.string().alphanum().min(3).max(50).required(),
+  email: Joi.string().email().required(),
+  phone: Joi.string()
+    .pattern(/^(?:\+62|0)8\d{7,10}$/)
+    .required()
+    .messages({
+      'string.pattern.base':
+        'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
+    }),
+  password: Joi.string()
+    .min(8)
+    .pattern(/[A-Z]/, 'uppercase letter')
+    .pattern(/[a-z]/, 'lowercase letter')
+    .pattern(/\d/, 'number')
+    .pattern(/[!@#$%^&*(),.?":{}|<>]/, 'special character')
+    .required()
+    .messages({
+      'string.min': 'Password must be at least 8 characters long',
+      'string.pattern.name': 'Password must contain at least one {#name}'
+    })
+});
+
+const loginSchema = Joi.object({
+  email: Joi.string().email().required(),
+  password: Joi.string().required(),
+  captcha: Joi.string().required(),
+  captchaText: Joi.string().required()
+});
+
+// ========================
+// Device Validation
+// ========================
+const deviceSchema = Joi.object({
+  device_code: Joi.string().max(100).required(),
+  device_name: Joi.string().max(100).required(),
+  device_status: Joi.boolean().required(),
+  device_location: Joi.string().max(100).required(),
+  device_description: Joi.string().required(),
+  ip_address: Joi.string()
+    .ip({ version: ['ipv4', 'ipv6'] })
+    .required()
+    .messages({
+      'string.ip': 'IP address must be a valid IPv4 or IPv6 address'
+    })
+});
+
+module.exports = {
+  registerSchema,
+  loginSchema,
+  deviceSchema
+};

middleware/verifyAdmin.js

@@ -1,14 +0,0 @@
-const { ErrorHandler } = require("../helpers/error");
-
-module.exports = (req, res, next) => {
-  const { roles } = req.user;
-  if (roles && roles.includes("admin")) {
-    req.user = {
-      ...req.user,
-      roles,
-    };
-    return next();
-  } else {
-    throw new ErrorHandler(401, "require admin role");
-  }
-};

middleware/verifyRole.js

@@ -0,0 +1,28 @@
+const { ErrorHandler } = require("../helpers/error");
+
+const verifyRole = (allowedRoles) => {
+  return (req, res, next) => {
+    try {
+      const user = req.user;
+
+      if (!user) {
+        throw new ErrorHandler(401, "Unauthorized: User not found");
+      }
+
+      // Super Admin bypass semua role
+      if (user.is_sa) {
+        return next();
+      }
+
+      if (!allowedRoles.includes(user.role_id)) {
+        throw new ErrorHandler(403, "Forbidden: Access denied");
+      }
+
+      next();
+    } catch (err) {
+      next(err);
+    }
+  };
+};
+
+module.exports = verifyRole;

middleware/verifyToken.js

@@ -8,7 +8,8 @@ function setUser(req, decoded) {
     username: decoded.user_name,
     email: decoded.user_email,
     roleId: decoded.role_id,
-    roleName: decoded.role_name
+    roleName: decoded.role_name,
+    is_sa: decoded.is_sa
   };
 }
 
@@ -44,10 +45,10 @@ function verifyRefreshToken(req, res, next) {
     }
 
     const decoded = JWTService.verifyRefreshToken(refreshToken);
-    setUser(req, decoded);
+    req.user = decoded;
     next();
   } catch (error) {
-    next(new ErrorHandler(500, 'Refresh token verification failed'));
+    next(new ErrorHandler(401, 'Refresh token is invalid or expired'));
   }
 }
 

routes/auth.route.js

@@ -1,11 +1,11 @@
 const express = require('express');
-const authController = require("../controllers/auth.controller");
+const AuthController = require("../controllers/auth.controller");
 
 const router = express.Router();
 
-router.post('/login', authController.login);
+router.post('/login', AuthController.login);
-router.post('/register', authController.register);
+router.post('/register', AuthController.register);
-router.get('/generate-captcha', authController.generateCaptcha);
+router.get('/generate-captcha', AuthController.generateCaptcha);
-// router.post('/verify-captcha', authController.verifyCaptcha);
+router.post('/refresh-token', AuthController.refreshToken);
 
 module.exports = router;

routes/device.route.js

@@ -0,0 +1,14 @@
+const express = require('express');
+const DeviceController = require('../controllers/device.controller');
+const verifyToken = require("../middleware/verifyToken")
+const verifyRole = require("../middleware/verifyRole")
+
+const router = express.Router();
+
+router.get('/', verifyToken.verifyAccessToken, DeviceController.getAll);
+router.get('/:id', verifyToken.verifyAccessToken, DeviceController.getById);
+router.post('/', verifyToken.verifyAccessToken, verifyRole([1]),  DeviceController.create);
+router.put('/:id', verifyToken.verifyAccessToken, verifyRole([1, 2]), DeviceController.update);
+router.delete('/:id', verifyToken.verifyAccessToken, verifyRole([1]), DeviceController.delete);
+
+module.exports = router;

routes/index.js

@@ -1,8 +1,10 @@
 const router = require("express").Router();
 const auth = require("./auth.route");
 const users = require("./users.route");
+const device = require('./device.route');
 
 router.use("/auth", auth);
 router.use("/user", users);
+router.use("/device", device);
 
 module.exports = router;

routes/users.route.js

@@ -9,7 +9,7 @@ const {
   getAllStatusUsers
 } = require("../controllers/users.controller");
 const router = require("express").Router();
-const verifyAdmin = require("../middleware/verifyAdmin");
+const verifyAdmin = require("../middleware/verifyRole");
 const verifyToken = require("../middleware/verifyToken");
 
 router.get("/roles", getAllRoles);

services/auth.service.js

@@ -2,14 +2,14 @@ const {
   getUserByUserEmailDb, 
   createUserDb 
 } = require('../db/user.db');
-const JWTService = require('../utils/jwt');
 const { hashPassword, comparePassword } = require('../helpers/hashPassword');
 const { ErrorHandler } = require('../helpers/error');
+const JWTService = require('../utils/jwt');
 
 class AuthService {
 
   // Register
-  static async register({ fullname, username, email, phone, password }) {
+  static async register({ fullname, name, email, phone, password }) {
     const existingUser = await getUserByUserEmailDb(email);
     if (existingUser) {
       throw new ErrorHandler(400, 'Email already registered');
@@ -19,7 +19,7 @@ class AuthService {
 
     const userId = await createUserDb({
       user_fullname: fullname,
-      user_name: username,
+      user_name: name,
       user_email: email,
       user_phone: phone,
       user_password: hashedPassword,
@@ -28,11 +28,10 @@ class AuthService {
       is_active: 1
     });
 
-    // ambil user baru
     const newUser = {
       user_id: userId,
       user_fullname: fullname,
-      user_name: username,
+      user_name: name,
       user_email: email,
       user_phone: phone,
       role_id: 3,
@@ -65,7 +64,7 @@ class AuthService {
       user_fullname: user.user_fullname,
       user_name: user.user_name,
       user_email: user.user_email,
-      phone: user.phone,
+      user_phone: user.user_phone,
       role_id: user.role_id,
       role_name: user.role_name,
       is_sa: user.is_sa
@@ -75,7 +74,7 @@ class AuthService {
     return { user: payload, tokens };
   }
 
-  // Refresh token
+  // Refresh Token
   static async refreshToken(refreshToken) {
     if (!refreshToken) {
       throw new ErrorHandler(401, 'Refresh token is required');
@@ -89,13 +88,14 @@ class AuthService {
       user_name: decoded.user_name,
       user_email: decoded.user_email,
       role_id: decoded.role_id,
-      role_name: decoded.role_name
+      role_name: decoded.role_name,
+      is_sa: decoded.is_sa
     };
 
     const accessToken = JWTService.generateAccessToken(payload);
+
     return { accessToken, tokenType: 'Bearer', expiresIn: 900 };
   }
-
 }
 
 module.exports = AuthService;

services/device.service.js

@@ -0,0 +1,81 @@
+const {
+  getAllDevicesDb,
+  getDeviceByIdDb,
+  getDeviceByCodeDb,
+  createDeviceDb,
+  updateDeviceDb,
+  softDeleteDeviceDb
+} = require('../db/device.db');
+const { ErrorHandler } = require('../helpers/error');
+
+class DeviceService {
+  // Get all devices
+  static async getAllDevices() {
+    const devices = await getAllDevicesDb();
+    return devices;
+  }
+
+  // Get device by ID
+  static async getDeviceById(id) {
+    const device = await getDeviceByIdDb(id);
+    if (!device) {
+      throw new ErrorHandler(404, 'Device not found');
+    }
+    return device;
+  }
+
+  // Get device by code
+  static async getDeviceByCode(code) {
+    const device = await getDeviceByCodeDb(code);
+    if (!device) {
+      throw new ErrorHandler(404, 'Device not found');
+    }
+    return device;
+  }
+
+  // Create device
+  static async createDevice(data, userId) {
+    if (!data || typeof data !== 'object') data = {};
+
+    data.created_by = userId;
+    data.is_active = 1;
+
+    // cek kode unik
+    const existingDevice = await getDeviceByCodeDb(data.device_code);
+    if (existingDevice) {
+      throw new ErrorHandler(400, 'Device code already exists');
+    }
+
+    const newDevice = await createDeviceDb(data);
+    return newDevice;
+  }
+
+  // Update device
+  static async updateDevice(id, data, userId) {
+    if (!data || typeof data !== 'object') data = {};
+
+    const existingDevice = await getDeviceByIdDb(id);
+    if (!existingDevice) {
+      throw new ErrorHandler(404, 'Device not found');
+    }
+
+    data.updated_by = userId;
+    data.updated_at = new Date();
+
+    await updateDeviceDb(id, data);
+    return { message: 'Device updated successfully' };
+  }
+
+  // Soft delete device
+  static async deleteDevice(id, userId) {
+    const existingDevice = await getDeviceByIdDb(id);
+    if (!existingDevice) {
+      throw new ErrorHandler(404, 'Device not found');
+    }
+
+    await softDeleteDeviceDb(id, userId);
+    return { message: 'Device deleted successfully' };
+  }
+}
+
+module.exports = DeviceService;

utils/captcha.js

@@ -1,7 +1,7 @@
 const svgCaptcha = require('svg-captcha');
 
 function createCaptcha() {
-  const captcha = svgCaptcha.create({ size: 5, noise: 2, color: true });
+  const captcha = svgCaptcha.create({ size: 5, noise: 7, color: true });
   return { svg: captcha.data, text: captcha.text };
 }