yogiedigital/cod-api
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: yogiedigital:cc4d135a53670adc656e02f0d463fd7041d69244
Branches Tags
yogiedigital:main yogiedigital:wisdom
...
compare: yogiedigital:e581f5b5bb9888a435cd2a48c51f951fd4ffb07a
Branches Tags
yogiedigital:wisdom yogiedigital:main

2 Commits
cc4d135a53 ... e581f5b5bb

Author SHA1 Message Date
Antony Kurniawan
e581f5b5bb fix: crud user 2025-10-11 02:26:17 +07:00
Antony Kurniawan
751cd0911e fix: auth 2025-10-11 02:26:00 +07:00
8 changed files with 214 additions and 243 deletions
Expand all files Collapse all files

66
controllers/auth.controller.js
View File

@@ -1,6 +1,6 @@
const AuthService = require('../services/auth.service');
const { registerSchema, loginSchema } = require('../validate/auth.schema');
const { setResponse, checkValidate } = require('../helpers/utils');
const { registerSchema, loginSchema } = require('../validate/auth.schema');
const { createCaptcha } = require('../utils/captcha');
class AuthController {
@@ -12,30 +12,21 @@ class AuthController {
return res.status(400).json(setResponse(error, 'Validation failed', 400));
}
if (value.phone && value.phone.startsWith('0')) {
value.phone = '+62' + value.phone.slice(1);
// Format nomor HP Indonesia
if (value.user_phone && value.user_phone.startsWith('0')) {
value.user_phone = '+62' + value.user_phone.slice(1);
}
const { user, tokens } = await AuthService.register(value);
// Set refresh token di cookie
res.cookie('refreshToken', tokens.refreshToken, {
httpOnly: true,
secure: false, // masih dev
sameSite: 'lax',
maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
});
const results = await AuthService.register(value);
const response = await setResponse(
{
user: { ...user, approved: false },
accessToken: tokens.accessToken
user: { ...results.user, approved: false },
},
'User registered successfully. Waiting for admin approval.',
201
'User registered successfully. Waiting for admin approval.'
);
return res.status(response.statusCode).json(response);
res.status(response.statusCode).json(response);
}
// Login
@@ -46,32 +37,25 @@ class AuthController {
return res.status(400).json(setResponse(error, 'Validation failed', 400));
}
const { identifier, password, captcha, captchaText } = value;
const results = await AuthService.login(value);
if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
return res.status(400).json(setResponse([], 'Invalid captcha', 400));
}
const { user, tokens } = await AuthService.login({ identifier, password });
// Set refresh token di cookie
res.cookie('refreshToken', tokens.refreshToken, {
// Simpan refresh token di cookie
res.cookie('refreshToken', results.tokens.refreshToken, {
httpOnly: true,
secure: false, // masih dev
secure: false,
sameSite: 'lax',
maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
maxAge: 7 * 24 * 60 * 60 * 1000
});
const response = await setResponse(
{
user: { ...user, approved: true },
accessToken: tokens.accessToken
user: { ...results.user, approved: true },
accessToken: results.tokens.accessToken
},
'Login successful',
200
'Login successful'
);
return res.status(response.statusCode).json(response);
res.status(response.statusCode).json(response);
}
// Refresh Token
@@ -82,10 +66,10 @@ class AuthController {
return res.status(401).json(setResponse(null, 'Refresh token is required', 401));
}
const result = await AuthService.refreshToken(refreshToken);
const response = await setResponse(result, 'Token refreshed successfully', 200);
const results = await AuthService.refreshToken(refreshToken);
const response = await setResponse(results, 'Token refreshed successfully');
return res.status(response.statusCode).json(response);
res.status(response.statusCode).json(response);
}
// Logout
@@ -96,19 +80,19 @@ class AuthController {
secure: true
});
const response = await setResponse(null, 'Logged out successfully', 200);
return res.status(response.statusCode).json(response);
const response = await setResponse(null, 'Logged out successfully');
res.status(response.statusCode).json(response);
}
// Captcha
static async generateCaptcha(req, res) {
const { svg, text } = createCaptcha();
// munculkan di header untuk keperluan dev
// Tampilkan captcha di header untuk dev
res.setHeader('X-Captcha-Text', text);
const response = await setResponse({ svg, text }, 'Captcha generated', 200);
return res.status(response.statusCode).json(response);
const response = await setResponse({ svg, text }, 'Captcha generated');
res.status(response.statusCode).json(response);
}
}

47
controllers/users.controller.js
View File

@@ -1,6 +1,6 @@
const UserService = require('../services/user.service');
const { setResponse, setResponsePaging, checkValidate } = require('../helpers/utils');
const { userSchema, newPasswordSchema } = require('../validate/user.schema');
const UserService = require("../services/user.service");
const { setResponse, setResponsePaging, checkValidate } = require("../helpers/utils");
const { userSchema, updateUserSchema, newPasswordSchema } = require("../validate/user.schema");
class UserController {
// Get all users
@@ -8,7 +8,7 @@ class UserController {
const queryParams = req.query;
const results = await UserService.getAllUsers(queryParams);
const response = await setResponsePaging(queryParams, results, 'Users retrieved successfully');
const response = await setResponsePaging(queryParams, results, 'Users found');
res.status(response.statusCode).json(response);
}
@@ -18,7 +18,7 @@ class UserController {
const { id } = req.params;
const results = await UserService.getUserById(id);
const response = await setResponse(results, 'User retrieved successfully');
const response = await setResponse(results, 'User found');
res.status(response.statusCode).json(response);
}
@@ -42,13 +42,14 @@ class UserController {
// Update user
static async update(req, res) {
const { id } = req.params;
const { error, value } = await checkValidate(userSchema, req);
const { error, value } = await checkValidate(updateUserSchema, req);
if (error) {
return res.status(400).json(setResponse(error, 'Validation failed', 400));
}
value.updated_by = req.user.user_id;
value.userId = req.user.user_id;
const results = await UserService.updateUser(id, value);
const response = await setResponse(results, 'User updated successfully');
@@ -56,6 +57,17 @@ class UserController {
res.status(response.statusCode).json(response);
}
// Approve user
static async approve(req, res) {
const { id } = req.params;
const approverId = req.user.user_id;
const updatedUser = await UserService.approveUser(id, approverId);
const response = await setResponse(updatedUser, 'User approved successfully');
return res.status(response.statusCode).json(response);
}
// Soft delete user
static async delete(req, res) {
const { id } = req.params;
@@ -66,7 +78,7 @@ class UserController {
res.status(response.statusCode).json(response);
}
// Change user password
// Change password
static async changePassword(req, res) {
const { id } = req.params;
const { error, value } = await checkValidate(newPasswordSchema, req);
@@ -80,25 +92,6 @@ class UserController {
res.status(response.statusCode).json(response);
}
// Get all status users
static async getAllStatus(req, res) {
const results = await UserService.getAllStatusUsers();
const response = await setResponse(results, 'Status list retrieved successfully');
res.status(response.statusCode).json(response);
}
// Approve user
static async approve(req, res) {
const { id } = req.params;
const approverId = req.user?.user_id || null;
const results = await UserService.approveUser(id, approverId);
const response = await setResponse(results, 'User approved successfully');
res.status(response.statusCode).json(response);
}
}
module.exports = UserController;

17
db/user.db.js
View File

@@ -132,6 +132,22 @@ const updateUserDb = async (userId, data) => {
return getUserByIdDb(userId);
};
const approveUserDb = async (userId, approverId) => {
const queryText = `
UPDATE m_users
SET
is_approve = 1,
approved_by = $1,
approved_at = CURRENT_TIMESTAMP,
updated_by = $1,
updated_at = CURRENT_TIMESTAMP
WHERE user_id = $2 AND deleted_at IS NULL
`;
await pool.query(queryText, [approverId, userId]);
return true; // simple, cuma tanda berhasil
};
// Change user password
const changeUserPasswordDb = async (userId, newPassword) => {
const queryText = `
@@ -165,6 +181,7 @@ module.exports = {
getUserByUsernameDb,
createUserDb,
updateUserDb,
approveUserDb,
changeUserPasswordDb,
deleteUserDb,
};

3
routes/users.route.js
View File

@@ -20,7 +20,4 @@ router.route('/change-password/:id')
router.route('/:id/approve')
.put(verifyToken.verifyAccessToken, verifyAccess(), UserController.approve);
router.route('/status/all')
.get(verifyToken.verifyAccessToken, UserController.getAllStatus);
module.exports = router;

71
services/auth.service.js
View File

@@ -9,72 +9,66 @@ const JWTService = require('../utils/jwt');
class AuthService {
// Register
static async register({ fullname, name, email, phone, password }) {
static async register(data) {
try {
const existingUser = await getUserByUserEmailDb(email);
if (existingUser) {
throw new ErrorHandler(400, 'Email already registered');
const existingEmail = await getUserByUserEmailDb(data.user_email);
const existingUsername = await getUserByUsernameDb(data.user_name);
if (existingUsername) {
throw new ErrorHandler(400, 'Username is already taken');
}
if (existingEmail) {
throw new ErrorHandler(400, 'Email is already taken');
}
const hashedPassword = await hashPassword(password);
const hashedPassword = await hashPassword(data.user_password);
const userId = await createUserDb({
user_fullname: fullname,
user_name: name,
user_email: email,
user_phone: phone,
user_fullname: data.user_fullname,
user_name: data.user_name,
user_email: data.user_email,
user_phone: data.user_phone,
user_password: hashedPassword,
role_id: null,
is_sa: 0,
is_active: 1,
is_approve: 0,
approved_by: null,
approved_at: null
});
const newUser = {
user_id: userId,
user_fullname: fullname,
user_name: name,
user_email: email,
user_phone: phone
user_fullname: data.user_fullname,
user_name: data.user_name,
user_email: data.user_email,
user_phone: data.user_phone
};
const tokens = JWTService.generateTokenPair(newUser);
return { user: newUser, tokens };
return { user: newUser };
} catch (error) {
throw new ErrorHandler(error.statusCode, error.message);
}
}
// Login
static async login({ identifier, password }) {
static async login(data) {
try {
let user;
const { identifier, password, captcha, captchaText } = data;
if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
throw new ErrorHandler(400, 'Invalid captcha');
}
let user;
if (identifier.includes('@')) {
user = await getUserByUserEmailDb(identifier);
} else {
user = await getUserByUsernameDb(identifier);
}
if (!user) {
throw new ErrorHandler(401, 'Invalid credentials');
}
if (!user) throw new ErrorHandler(401, 'Invalid credentials');
const passwordMatch = await comparePassword(password, user.user_password);
if (!passwordMatch) {
throw new ErrorHandler(401, 'Invalid credentials');
}
if (!passwordMatch) throw new ErrorHandler(401, 'Invalid credentials');
if (!user.is_active) {
throw new ErrorHandler(403, 'User is inactive');
}
if (!user.is_approve) {
if (!user.is_active) throw new ErrorHandler(403, 'User is inactive');
if (!user.is_approve)
throw new ErrorHandler(403, 'Your account has not been approved by admin yet.');
}
const payload = {
user_id: user.user_id,
@@ -88,7 +82,6 @@ class AuthService {
};
const tokens = JWTService.generateTokenPair(payload);
return { user: payload, tokens };
} catch (error) {
throw new ErrorHandler(error.statusCode, error.message);
@@ -98,10 +91,6 @@ class AuthService {
// Refresh Token
static async refreshToken(refreshToken) {
try {
if (!refreshToken) {
throw new ErrorHandler(401, 'Refresh token is required');
}
let decoded;
try {
decoded = JWTService.verifyRefreshToken(refreshToken);

219
services/user.service.js
View File

@@ -1,174 +1,151 @@
const {
createUserDb,
getUserByIdDb,
const {
getAllUsersDb,
getUserByIdDb,
getUserByUserEmailDb,
getUserByUsernameDb,
createUserDb,
updateUserDb,
approveUserDb,
deleteUserDb,
changeUserPasswordDb
} = require('../db/user.db');
const { hashPassword } = require('../helpers/hashPassword');
const { ErrorHandler } = require('../helpers/error');
const statusName = [
{ status: true, status_name: "Aktif" },
{ status: false, status_name: "NonAktif" }
];
class UserService {
// Get all status users
getAllStatusUsers = async () => {
try {
return statusName;
} catch (error) {
throw new ErrorHandler(error.statusCode || 500, error.message);
}
};
// Get all users
getAllUsers = async () => {
static async getAllUsers(param) {
try {
const results = await getAllUsersDb();
results.forEach(user => {
user.is_active = user.is_active == 1;
user.is_active_name = statusName.find(s => s.status === user.is_active)?.status_name;
delete user.user_password; // remove password
});
const results = await getAllUsersDb(param);
return results;
} catch (error) {
throw new ErrorHandler(error.statusCode || 500, error.message);
throw new ErrorHandler(error.statusCode, error.message);
}
};
}
// Get user by ID
getUserById = async (id) => {
static async getUserById(id) {
try {
const user = await getUserByIdDb(id);
if (!user) throw new ErrorHandler(404, "User not found");
const result = await getUserByIdDb(id);
user.is_active = user.is_active == 1;
user.is_active_name = statusName.find(s => s.status === user.is_active)?.status_name;
delete user.user_password;
return user;
if (!result) throw new ErrorHandler(404, 'User not found');
return result;
} catch (error) {
throw new ErrorHandler(error.statusCode || 500, error.message);
throw new ErrorHandler(error.statusCode, error.message);
}
};
}
// Create users
createUser = async ({ fullname, name, email, phone, password, role_id = null, is_sa = 0, is_active = 1, approved_by }) => {
// Create user
static async createUser(data) {
try {
const existingUser = await getUserByUsernameDb(name);
if (existingUser) throw new ErrorHandler(400, "Username already taken");
if (!data || typeof data !== 'object') data = {};
const hashedPassword = await hashPassword(password);
const creatorId = data.userId;
const userId = await createUserDb({
user_fullname: fullname,
user_name: name,
user_email: email,
user_phone: phone,
user_password: hashedPassword,
role_id,
is_sa,
is_active,
is_approve: 1,
approved_by,
approved_at: new Date()
});
const existingEmail = await getUserByUserEmailDb(data.user_email);
const existingUsername = await getUserByUsernameDb(data.user_name);
return {
user_id: userId,
user_fullname: fullname,
user_name: name,
user_email: email,
user_phone: phone,
role_id,
is_sa,
is_active,
is_approve: 1,
approved_by
};
} catch (error) {
throw new ErrorHandler(error.statusCode || 500, error.message);
}
};
// Update user
updateUser = async ({ user_id, fullname, name, email, phone, role_id, is_sa, is_active, is_approve, updatedById }) => {
try {
const user = await getUserByIdDb(user_id);
if (!user) throw new ErrorHandler(404, "User not found");
// Cek username
if (name && user.user_name.toLowerCase() !== name.toLowerCase()) {
const userByName = await getUserByUsernameDb(name);
if (userByName) throw new ErrorHandler(400, "Username already taken");
if (existingUsername) {
throw new ErrorHandler(400, 'Username is already taken');
}
if (existingEmail) {
throw new ErrorHandler(400, 'Email is already taken');
}
const updateData = {
...(fullname && { user_fullname: fullname }),
...(name && { user_name: name }),
...(email && { user_email: email }),
...(phone && { user_phone: phone }),
...(role_id !== undefined && { role_id }),
...(updatedById !== undefined && { updated_by: updatedById })
};
if (data.user_password) {
data.user_password = await hashPassword(data.user_password);
}
await updateUserDb(user_id, updateData);
data.is_approve = 1;
data.approved_by = creatorId;
data.created_by = creatorId;
data.updated_by = creatorId;
data.is_sa = 0;
data.is_active = 1;
delete data.userId;
const updatedUser = await getUserByIdDb(user_id);
delete updatedUser.user_password;
updatedUser.is_active = updatedUser.is_active == 1;
updatedUser.is_active_name = statusName.find(s => s.status === updatedUser.is_active)?.status_name;
return updatedUser;
const result = await createUserDb(data);
return result;
} catch (error) {
throw new ErrorHandler(error.statusCode || 500, error.message);
}
};
}
// Update user
static async updateUser(id, data) {
try {
if (!data || typeof data !== 'object') data = {};
const existingEmail = await getUserByUserEmailDb(data.user_email);
const existingUsername = await getUserByUsernameDb(data.user_name);
if (existingUsername) {
throw new ErrorHandler(400, 'Username is already taken');
}
if (existingEmail) {
throw new ErrorHandler(400, 'Email is already taken')
}
const userExist = await getUserByIdDb(id);
if (!userExist) throw new ErrorHandler(404, 'User not found');
const result = await updateUserDb(id, data);
return result;
} catch (error) {
throw new ErrorHandler(error.statusCode, error.message);
}
}
// Approve user
approveUser = async (userId, approverId) => {
static async approveUser(userId, approverId) {
try {
const updateData = {
is_approve: 1,
approved_by: approverId,
approved_at: new Date()
};
await updateUserDb(userId, updateData);
if (!userId) {
throw new ErrorHandler(400, 'User ID is required');
}
const updatedUser = await getUserByIdDb(userId);
delete updatedUser.user_password;
const existingUser = await getUserByIdDb(userId);
if (!existingUser) {
throw new ErrorHandler(404, 'User not found');
}
if (existingUser.is_approve) {
throw new ErrorHandler(400, 'User is already approved');
}
const updatedUser = await approveUserDb(userId, approverId);
return updatedUser;
} catch (error) {
throw new ErrorHandler(error.statusCode || 500, error.message);
}
};
}
// Delete user (soft delete)
deleteUser = async (userId, deletedBy) => {
// Soft delete user
static async deleteUser(id, userId) {
try {
await deleteUserDb(userId, deletedBy);
return { message: "User deleted successfully" };
const userExist = await getUserByIdDb(id);
if (!userExist) throw new ErrorHandler(404, 'User not found');
const result = await deleteUserDb(id, userId);
return result;
} catch (error) {
throw new ErrorHandler(error.statusCode || 500, error.message);
throw new ErrorHandler(error.statusCode, error.message);
}
};
}
// Change password
changeUserPassword = async (user_Id, new_Password) => {
static async changeUserPassword(id, newPassword) {
try {
const hashedPassword = await hashPassword(new_Password);
await changeUserPasswordDb(user_Id, hashedPassword);
return { message: "Password updated successfully" };
const userExist = await getUserByIdDb(id);
if (!userExist) throw new ErrorHandler(404, 'User not found');
const result = await changeUserPasswordDb(id, newPassword);
return result;
} catch (error) {
throw new ErrorHandler(error.statusCode || 500, error.message);
throw new ErrorHandler(error.statusCode, error.message);
}
};
}
}
module.exports = new UserService();
module.exports = UserService;

10
validate/auth.schema.js
View File

@@ -4,17 +4,17 @@ const Joi = require("joi");
// Auth Validation
// ========================
const registerSchema = Joi.object({
fullname: Joi.string().min(3).max(100).required(),
name: Joi.string().alphanum().min(3).max(50).required(),
email: Joi.string().email().required(),
phone: Joi.string()
user_fullname: Joi.string().min(3).max(100).required(),
user_name: Joi.string().alphanum().min(3).max(50).required(),
user_email: Joi.string().email().required(),
user_phone: Joi.string()
.pattern(/^(?:\+62|0)8\d{7,10}$/)
.required()
.messages({
'string.pattern.base':
'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
}),
password: Joi.string()
user_password: Joi.string()
.min(8)
.pattern(/[A-Z]/, 'uppercase letter')
.pattern(/[a-z]/, 'lowercase letter')

24
validate/user.schema.js
View File

@@ -4,17 +4,17 @@ const Joi = require("joi");
// Users Validation
// ========================
const userSchema = Joi.object({
fullname: Joi.string().min(3).max(100).required(),
name: Joi.string().alphanum().min(3).max(50).required(),
email: Joi.string().email().required(),
phone: Joi.string()
user_fullname: Joi.string().min(3).max(100).required(),
user_name: Joi.string().alphanum().min(3).max(50).required(),
user_email: Joi.string().email().required(),
user_phone: Joi.string()
.pattern(/^(?:\+62|0)8\d{7,10}$/)
.required()
.messages({
'string.pattern.base':
'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
}),
password: Joi.string()
user_password: Joi.string()
.min(8)
.pattern(/[A-Z]/, 'uppercase letter')
.pattern(/[a-z]/, 'lowercase letter')
@@ -28,6 +28,19 @@ const userSchema = Joi.object({
role_id: Joi.number().integer().min(1)
});
const updateUserSchema = Joi.object({
user_fullname: Joi.string().min(3).max(100),
user_name: Joi.string().alphanum().min(3).max(50),
user_email: Joi.string().email(),
user_phone: Joi.string()
.pattern(/^(?:\+62|0)8\d{7,10}$/)
.messages({
'string.pattern.base':
'Phone number must be a valid Indonesian number in format +628XXXXXXXXX'
}),
role_id: Joi.number().integer().min(1)
}).min(1);
const newPasswordSchema = Joi.object({
new_password: Joi.string()
.min(8)
@@ -45,4 +58,5 @@ const newPasswordSchema = Joi.object({
module.exports = {
userSchema,
newPasswordSchema,
updateUserSchema
};