“init”

2025-09-22 10:45:25 +07:00
commit 7fd2f07234
28 changed files with 1221 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,43 @@
+# # SQL DB Connection Colo
+# SQL_HOST=117.102.231.130
+# SQL_DATABASE=piu
+# SQL_USERNAME=sa
+# SQL_PASSWORD=@R3M4niA.
+# SQL_PORT=1433
+
+SQL_HOST=203.153.114.226
+SQL_PORT=1112
+SQL_DATABASE=piu
+SQL_USERNAME=sa
+SQL_PASSWORD=piu123
+
+# Application Port - express server listens on this port (default 9000).
+PORT=9528
+ENDPOINT_WA=http://203.153.114.226:9529/send
+# ENDPOINT_WA=http://localhost:9529/send
+ENDPOINT_FE=http://203.153.114.226:9527
+
+# JWT access secret
+SECRET=secret
+
+# JWT refresh secret
+REFRESH_SECRET=refreshsecret
+
+# mail server settings
+# SMTP_FROM=youremail
+# SMTP_USER=youremail
+
+# Stripe secret key - https://stripe.com/docs/keys
+# STRIPE_SECRET_KEY=sk_test_4eC39HqLyjWDarjtT1zdp7dc
+
+# Google OAuth2.0 settings for sign in with Google - https://console.developers.google.com/
+# OAUTH_CLIENT_ID=287280guajkxxxxxxx.apps.googleusercontent.com
+# OAUTH_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxx
+# OAUTH_REFRESH_TOKEN=1//XXXXXXXXXX
+
+# Google OAuth2.0 settings for sending emails - https://console.developers.google.com/
+# CLIENT_ID=938729280guajk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
+# CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxx
+# REFRESH_TOKEN=1//XXXXXXXX
+
+VITE_KEY_SESSION=PetekRombonganPetekMorekMorakMarek
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -0,0 +1,20 @@
+module.exports = {
+  env: {
+    commonjs: true,
+    es2021: true,
+    node: true,
+    jest: true,
+  },
+  extends: ["eslint:recommended"],
+  parserOptions: {
+    ecmaVersion: 12,
+  },
+  parser: "babel-eslint",
+  plugins: ["babel", "prettier"],
+  rules: {
+    "no-console": "warn",
+    eqeqeq: "error",
+    // "object-curly-spacing": ["error", "always"],
+    // "arrow-spacing": ["error", { before: true, after: true }],
+  },
+};
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,5 @@
+.env
+node_modules
+.vscode
+request.http
+*.rest
--- a/.prettierrc
+++ b/.prettierrc
@@ -0,0 +1,8 @@
+{
+  "semi": true,
+  "tabWidth": 2,
+  "printWidth": 80,
+  "singleQuote": false,
+  "trailingComma": "es5",
+  "endOfLine": "lf"
+}
--- a/1
+++ b/1
@@ -0,0 +1 @@
+web: node index.js
--- a/app.js
+++ b/app.js
@@ -0,0 +1,30 @@
+const express = require("express");
+require("express-async-errors");
+const cors = require("cors");
+const morgan = require("morgan");
+const cookieParser = require("cookie-parser");
+const routes = require("./routes");
+const helmet = require("helmet");
+const compression = require("compression");
+const unknownEndpoint = require("./middleware/unKnownEndpoint");
+const { handleError } = require("./helpers/error");
+
+const app = express();
+
+app.set("trust proxy", 1);
+app.use(cors({ credentials: true, origin: true }));
+app.use(express.json());
+app.use(morgan("dev"));
+app.use(compression());
+app.use(helmet());
+app.use(cookieParser());
+
+app.use("/api", routes);
+
+app.get("/", (req, res) =>
+  res.send("<h1 style='text-align: center'>HAHALO</h1>")
+);
+app.use(unknownEndpoint);
+app.use(handleError);
+
+module.exports = app;
--- a/config/index.js
+++ b/config/index.js
@@ -0,0 +1,204 @@
+require("dotenv").config();
+const sql = require("mssql");
+
+const isProduction = process.env.NODE_ENV === "production";
+
+// Config SQL Server
+const config = {
+  user: process.env.SQL_USERNAME,
+  password: process.env.SQL_PASSWORD,
+  database: process.env.SQL_DATABASE,
+  server: process.env.SQL_HOST,
+  port: parseInt(process.env.SQL_PORT, 10),
+  options: {
+    encrypt: false, // true kalau Azure
+    trustServerCertificate: true,
+  },
+};
+
+// Buat pool global
+const poolPromise = new sql.ConnectionPool(config)
+  .connect()
+  .then(pool => {
+    console.log("✅ Koneksi SQL Server berhasil");
+    return pool;
+  })
+  .catch(err => {
+    console.error("❌ Gagal koneksi SQL Server:", err);
+    process.exit(1);
+  });
+
+/**
+ * Wrapper query (auto konversi $1 → @p1)
+ */
+async function query(text, params = []) {
+  const pool = await poolPromise;
+  const request = pool.request();
+
+  params.forEach((param, i) => {
+    request.input(`p${i + 1}`, param);
+  });
+
+  // Ubah $1, $2 jadi @p1, @p2
+  const sqlText = text.replace(/\$(\d+)/g, (_, num) => `@p${num}`);
+
+  console.log(sqlText, params);
+  return request.query(sqlText);
+}
+
+/**
+ * Build filter query
+ */
+function buildFilterQuery(filterQuery = [], fixedParams = []) {
+  let whereConditions = [];
+  let queryParams = [...fixedParams];
+
+  filterQuery.forEach((f) => {
+    if (f.param === undefined || f.param === null || f.param === "") return;
+
+    switch (f.type) {
+      case "string":
+        queryParams.push(`%${f.param}%`);
+        whereConditions.push(`${f.column} LIKE $${queryParams.length} COLLATE SQL_Latin1_General_CP1_CI_AS`);
+        break;
+
+      case "number":
+        queryParams.push(f.param);
+        whereConditions.push(`${f.column} = $${queryParams.length}`);
+        break;
+
+      case "boolean":
+        queryParams.push(f.param ? 1 : 0);
+        whereConditions.push(`${f.column} = $${queryParams.length}`);
+        break;
+    }
+  });
+
+  return { whereConditions, queryParams };
+}
+
+/**
+ * Build OR ILIKE (SQL Server pakai LIKE + COLLATE)
+ */
+function buildStringOrIlike(columnParam, criteria, fixedParams = []) {
+  if (!criteria) return { whereClause: "", whereParam: fixedParams };
+
+  let orStringConditions = [];
+  let queryParams = [...fixedParams];
+
+  columnParam.forEach((column) => {
+    if (!column) return;
+    queryParams.push(`%${criteria}%`);
+    orStringConditions.push(`${column} LIKE $${queryParams.length} COLLATE SQL_Latin1_General_CP1_CI_AS`);
+  });
+
+  const whereClause = orStringConditions.length
+    ? `AND (${orStringConditions.join(" OR ")})`
+    : "";
+
+  return { whereOrConditions: whereClause, whereParam: queryParams };
+}
+
+/**
+ * Build dynamic UPDATE
+ */
+function buildDynamicUpdate(table, data, where) {
+  const setParts = [];
+  const values = [];
+  let index = 1;
+
+  for (const [key, value] of Object.entries(data)) {
+    if (value !== undefined && value !== null) {
+      setParts.push(`${key} = $${index++}`);
+      values.push(value);
+    }
+  }
+
+  if (setParts.length === 0) {
+    throw new Error("Tidak ada kolom untuk diupdate");
+  }
+
+  // updated_at otomatis pakai GETDATE()
+  setParts.push(`updated_at = GETDATE()`);
+
+  const whereParts = [];
+  for (const [key, value] of Object.entries(where)) {
+    whereParts.push(`${key} = $${index++}`);
+    values.push(value);
+  }
+
+  const query = `
+    UPDATE ${table}
+    SET ${setParts.join(", ")}
+    WHERE ${whereParts.join(" AND ")}
+  `;
+
+  return { query, values };
+}
+
+/**
+ * Build dynamic INSERT
+ */
+function buildDynamicInsert(table, data) {
+  const columns = [];
+  const placeholders = [];
+  const values = [];
+  let index = 1;
+
+  for (const [key, value] of Object.entries(data)) {
+    if (value !== undefined && value !== null) {
+      columns.push(key);
+      placeholders.push(`$${index++}`);
+      values.push(value);
+    }
+  }
+
+  if (columns.length === 0) {
+    throw new Error("Tidak ada kolom untuk diinsert");
+  }
+
+  // created_at & updated_at otomatis
+  columns.push("created_at", "updated_at");
+  placeholders.push("GETDATE()", "GETDATE()");
+
+  const query = `
+    INSERT INTO ${table} (${columns.join(", ")})
+    VALUES (${placeholders.join(", ")});
+    SELECT SCOPE_IDENTITY() as inserted_id;
+  `;
+
+  return { query, values };
+}
+
+/**
+ * Generate kode otomatis
+ */
+async function generateKode(prefix, tableName, columnName) {
+  const pool = await poolPromise;
+  const result = await pool.request()
+    .input("prefix", sql.VarChar, prefix + "%")
+    .query(`
+      SELECT TOP 1 ${columnName} as kode
+      FROM ${tableName}
+      WHERE ${columnName} LIKE @prefix
+      ORDER BY ${columnName} DESC
+    `);
+
+  let nextNumber = 1;
+  if (result.recordset.length > 0) {
+    const lastKode = result.recordset[0].kode;
+    const lastNumber = parseInt(lastKode.replace(prefix, ""), 10);
+    nextNumber = lastNumber + 1;
+  }
+
+  return prefix + String(nextNumber).padStart(3, "0");
+}
+
+module.exports = {
+  query,
+  buildFilterQuery,
+  buildStringOrIlike,
+  buildDynamicInsert,
+  buildDynamicUpdate,
+  generateKode,
+};
--- a/controllers/auth.controller.js
+++ b/controllers/auth.controller.js
@@ -0,0 +1,26 @@
+const authService = require("../services/auth.service");
+
+const loginUser = async (req, res) => {
+  const { username, password, role, tenant } = req.body;
+  const { token, refreshToken, user } = await authService.login(
+    username,
+    password,
+    tenant
+  );
+
+  res.header("auth-token", token);
+  res.cookie("refreshToken", refreshToken, {
+    httpOnly: true,
+    sameSite: process.env.NODE_ENV === "development" ? true : "none",
+    secure: process.env.NODE_ENV === "development" ? false : true,
+  });
+  res.status(200).json({
+    token,
+    refreshToken,
+    user,
+  });
+};
+
+module.exports = {
+  loginUser,
+};
--- a/controllers/users.controller.js
+++ b/controllers/users.controller.js
@@ -0,0 +1,172 @@
+const userService = require("../services/user.service");
+const { ErrorHandler } = require("../helpers/error");
+const { hashPassword } = require("../helpers/hashPassword");
+const { setResponse, setPaging, setResponsePaging } = require("../helpers/utils");
+const Joi = require("joi");
+
+// Definisikan skema validasi
+const validateTerm = Joi.object({
+  user_fullname: Joi.string().max(255).required(),
+  user_name: Joi.string().max(255).required(),
+  user_email: Joi.string().max(255).email().allow(null),
+  user_password: Joi.string().max(255).required(),
+  role_id: Joi.number().integer().allow(null),
+  is_active: Joi.boolean().required()
+});
+
+const getAllUsers = async (req, res) => {
+
+  const {
+    page = 1,
+    limit = 10,
+    fullname: userFullname,
+    username: userName,
+    is_active: isActive,
+    criteria,
+    tenantID,
+  } = req.query
+
+  const offset = (page - 1) * limit;
+
+  const filterQuery = {
+    fixed: {
+      limit, offset, tenantID
+    },
+    filterQuery: [
+      {
+        type: 'string',
+        column: 'user_fullname',
+        param: userFullname
+      },
+      {
+        type: 'string',
+        column: 'user_name',
+        param: userName
+      },
+      {
+        type: 'number',
+        column: 'is_active',
+        param: isActive
+      }
+    ],
+    filterCriteria:
+    {
+      criteria,
+      column: [
+        'user_fullname', 'user_name'
+      ]
+    }
+  }
+
+  const results = await userService.getAllUsers(filterQuery)
+  const response = await setResponsePaging(results.data, results.total, parseInt(limit), parseInt(page))
+
+  res.status(response.statusCode).json(response)
+};
+
+const getAllStatusUsers = async (req, res) => {
+
+  const results = await userService.getAllStatusUsers();
+  const response = await setResponse(results)
+
+  res.status(response.statusCode).json(response);
+};
+
+const createUser = async (req, res) => {
+
+  // Lakukan validasi
+  const { error } = validateTerm.validate(req.body, { stripUnknown: true });
+  if (error) {
+    const response = await setResponse([], error.details[0].message, 400)
+    return res.status(response.statusCode).json(response);
+  }
+
+  const results = await userService.createUser({
+    userFullname: req.body.user_fullname,
+    userName: req.body.user_name,
+    userEmail: req.body.user_email,
+    userPassword: req.body.user_password,
+    roleId: req.body.role_id,
+    isActive: req.body.is_active, // default 1 jika tidak dikirim
+    userID: req.body.userID,
+    tenantID: req.body.tenantID
+  });
+
+  const response = await setResponse(results);
+
+  res.status(response.statusCode).json(response);
+};
+
+const getUserById = async (req, res) => {
+  const { id } = req.params;
+
+  const results = await userService.getUserById(id);
+  const response = await setResponse(results)
+
+  res.status(response.statusCode).json(response);
+};
+
+const getUserProfile = async (req, res) => {
+  const { id } = req.user;
+
+  const results = await userService.getUserById(id);
+  const response = await setResponse(results)
+
+  res.status(response.statusCode).json(response);
+};
+
+const updateUser = async (req, res) => {
+
+  const { id } = req.params;
+
+  // Lakukan validasi
+  const { error } = validateTerm.validate(req.body, { stripUnknown: true });
+  if (error) {
+    const response = await setResponse([], error.details[0].message, 400)
+    return res.status(response.statusCode).json(response);
+  }
+
+  const results = await userService.updateUser({
+    userFullname: req.body.user_fullname,
+    userName: req.body.user_name,
+    userEmail: req.body.user_email,
+    userPassword: req.body.user_password,
+    roleId: req.body.role_id,
+    isActive: req.body.is_active, // default 1 jika tidak dikirim
+    userID: req.body.userID,
+    tenantID: req.body.tenantID,
+    id
+  });
+
+  const response = await setResponse(results);
+
+  res.status(response.statusCode).json(response);
+};
+
+const deleteUser = async (req, res) => {
+  const { id } = req.params;
+  const userID = req.userID
+
+  const results = await userService.deleteUser(id, userID);
+  const response = await setResponse(results)
+
+  res.status(response.statusCode).json(response);
+};
+
+const getAllRoles = async (req, res) => {
+  const results = await userService.getAllRoles(req.body.tenantID);
+  const response = await setResponse(results)
+
+  res.status(response.statusCode).json(response);
+};
+
+module.exports = {
+  getAllUsers,
+  createUser,
+  getUserById,
+  updateUser,
+  deleteUser,
+  getUserProfile,
+  getAllRoles,
+  getAllStatusUsers
+};
--- a/db/user.db.js
+++ b/db/user.db.js
@@ -0,0 +1,142 @@
+const pool = require("../config");
+
+const getAllUsersDb = async (param) => {
+  // limit & offset masuk fixed param
+  let fixedParams = [param.fixed.limit, param.fixed.offset, param.fixed.tenantID];
+
+  const { whereOrConditions, whereParam } = pool.buildStringOrIlike(
+    param.filterCriteria.column,
+    param.filterCriteria.criteria,
+    fixedParams
+  );
+  const { whereConditions, queryParams } = pool.buildFilterQuery(param.filterQuery, whereParam);npm 
+
+  const query = `
+    SELECT mut.*, mr.role_name, COUNT(*) OVER() AS total
+    FROM m_users mut
+    LEFT JOIN system.role_tenant mr ON mr.role_id = mut.role_id
+    WHERE mut.deleted_at IS NULL AND mut.is_sa != 1 AND mut.tenant_id = $3
+    ${whereConditions.length > 0 ? ` AND ${whereConditions.join(" AND ")}` : ""}
+    ${whereOrConditions ? whereOrConditions : ""}
+    ORDER BY mut.user_id
+    OFFSET $2 ROWS FETCH NEXT $1 ROWS ONLY
+  `;
+
+  const result = await pool.query(query, queryParams);
+  const rows = result.recordset;
+
+  const total = rows.length > 0 ? parseInt(rows[0].total, 10) : 0;
+  return { data: rows, total };
+};
+
+const createUserDb = async (param) => {
+  const insertData = {
+    tenant_id: param.tenantID,
+    user_fullname: param.userFullname,
+    user_name: param.userName,
+    user_email: param.userEmail ?? null,
+    user_password: param.userPassword,
+    role_id: param.roleId ?? null,
+    is_active: param.isActive ? 1 : 0,
+    created_by: param.userID,
+    updated_by: param.userID,
+  };
+
+  const { query, values } = pool.buildDynamicInsert("m_users", insertData);
+
+  const result = await pool.query(query, values);
+  return result.recordset[0];
+};
+
+const getUserByIdDb = async (id) => {
+  const query = `
+    SELECT mut.* 
+    FROM m_users mut 
+    WHERE mut.user_id = $1
+  `;
+  const result = await pool.query(query, [id]);
+  return result.recordset[0];
+};
+
+const getUserByUsernameDb = async (username) => {
+  const query = `
+    SELECT mut.* 
+    FROM m_users mut 
+    WHERE LOWER(mut.username) = LOWER($1)
+  `;
+  const result = await pool.query(query, [username]);
+  return result.recordset[0];
+};
+
+const getUserByUserEmailDb = async (userEmail) => {
+  const query = `
+    SELECT mut.* 
+    FROM m_users mut 
+    WHERE LOWER(mut.user_email) = LOWER($1)
+  `;
+  const result = await pool.query(query, [userEmail]);
+  return result.recordset[0];
+};
+
+const updateUserDb = async (param) => {
+  const updateData = {
+    tenant_id: param.tenantID,
+    user_fullname: param.userFullname,
+    user_name: param.userName,
+    user_email: param.userEmail ?? null,
+    user_password: param.userPassword,
+    role_id: param.roleId ?? null,
+    is_active: param.isActive ? 1 : 0,
+    updated_by: param.userID,
+  };
+
+  const whereData = { user_id: param.id };
+
+  const { query, values } = pool.buildDynamicUpdate("m_users", updateData, whereData);
+
+  const result = await pool.query(query, values);
+  return result.recordset[0];
+};
+
+const deleteUserDb = async (id, userID) => {
+  const query = `
+    UPDATE m_users 
+    SET deleted_at = GETDATE(), deleted_by = $1 
+    WHERE user_id = $2;
+
+    SELECT * FROM m_users WHERE user_id = $2
+  `;
+  const result = await pool.query(query, [userID, id]);
+  return result.recordset[0];
+};
+
+const changeUserPasswordDb = async (hashedPassword, userEmail, tenantId) => {
+  const query = `
+    UPDATE m_users 
+    SET user_password = $1 
+    WHERE user_email = $2 AND tenant_id = $3
+  `;
+  return pool.query(query, [hashedPassword, userEmail, tenantId]);
+};
+
+const getAllRoleDb = async (tenantId) => {
+  const query = `
+    SELECT * 
+    FROM system.role_tenant 
+    WHERE deleted_at IS NULL AND tenant_id = $1
+  `;
+  const result = await pool.query(query, [tenantId]);
+  return result.recordset;
+};
+
+module.exports = {
+  getAllUsersDb,
+  getUserByIdDb,
+  getUserByUserEmailDb,
+  updateUserDb,
+  createUserDb,
+  deleteUserDb,
+  getUserByUsernameDb,
+  changeUserPasswordDb,
+  getAllRoleDb,
+};
--- a/ecosystem.config.js
+++ b/ecosystem.config.js
@@ -0,0 +1,14 @@
+module.exports = {
+  apps: [
+    {
+      name: "bengkel-api",
+      script: "./index.js", // Path to your entry file
+      env: {
+        NODE_ENV: "development",
+      },
+      env_production: {
+        NODE_ENV: "production",
+      },
+    },
+  ],
+};
--- a/helpers/error.js
+++ b/helpers/error.js
@@ -0,0 +1,24 @@
+const { logger } = require("../utils/logger");
+class ErrorHandler extends Error {
+  constructor(statusCode, message) {
+    super();
+    this.status = "error";
+    this.statusCode = statusCode;
+    this.message = message;
+  }
+}
+
+const handleError = (err, req, res, next) => {
+  const { statusCode, message } = err;
+  logger.error(err);
+  res.status(statusCode || 500).json({
+    status: "error",
+    statusCode: statusCode || 500,
+    message: statusCode === 500 ? "An error occurred" : message,
+  });
+  next();
+};
+module.exports = {
+  ErrorHandler,
+  handleError,
+};
--- a/helpers/hashPassword.js
+++ b/helpers/hashPassword.js
@@ -0,0 +1,12 @@
+const bcrypt = require("bcrypt");
+
+const hashPassword = async (password) => {
+  const salt = await bcrypt.genSalt();
+  const hashedPassword = await bcrypt.hash(password, salt);
+  return hashedPassword;
+};
+
+const comparePassword = async (password, passwordHash) =>
+  await bcrypt.compare(password, passwordHash);
+
+module.exports = { hashPassword, comparePassword };
--- a/helpers/test_helper.js
+++ b/helpers/test_helper.js
@@ -0,0 +1,13 @@
+const pool = require("../config");
+
+const usersInDb = async () => {
+  const users = await pool.query("SELECT * FROM USERS");
+  return users.rows;
+};
+
+const productsInDb = async () => {
+  const products = await pool.query("SELECT * FROM products");
+  return products.rows;
+};
+
+module.exports = { usersInDb, productsInDb };
--- a/helpers/utils.js
+++ b/helpers/utils.js
@@ -0,0 +1,89 @@
+const setResponse = async (data = [], message = "success", statusCode = 200) => {
+  const response = {
+    data,
+    total: data.length,
+    message,
+    statusCode
+  }
+
+  return response
+};
+
+const setResponsePaging = async (data = [], total, limit, page, message = "success", statusCode = 200) => {
+
+  const totalPages = Math.ceil(total / limit);
+
+  const response = {
+    message,
+    statusCode,
+    data,
+    total: data.length,
+    paging: {
+      total,
+      limit,
+      page,
+      page_total: totalPages
+    }
+  }
+
+  return response
+};
+
+const setPaging = async (total, limit, page) => {
+
+  const totalPages = Math.ceil(total / limit);
+
+  const response = {
+    total,
+    limit,
+    page,
+    page_total: totalPages
+  }
+
+  return response
+};
+
+function convertId(items, id, fieldId = "id", fieldName = "name") {
+  var match = ""
+  items.forEach(element => {
+    if (element[fieldId] == id) {
+      match = element[fieldName]
+    }
+  });
+
+  return match
+}
+
+function formatToYYYYMMDD(date) {
+  return new Intl.DateTimeFormat('id-ID', {
+    timeZone: 'Asia/Jakarta',
+    year: 'numeric',
+    month: '2-digit',
+    day: '2-digit',
+  }).format(date).split('/').reverse().join('-'); // Ubah format dari dd/mm/yyyy ke yyyy-mm-dd
+}
+
+function ensureArray(param) {
+  return Array.isArray(param) ? param : [param];
+}
+
+function orderByClauseQuery(orderParams) {
+  orderParams = ensureArray(orderParams)
+
+  // Transform order parameters to SQL ORDER BY syntax
+  const validDirections = ['ASC', 'DESC'];
+  const orderConditions = orderParams.map(param => {
+    const [field, direction] = param.split(':');
+    if (!validDirections.includes(direction.toUpperCase())) {
+      throw new Error(`Invalid direction: ${direction}`);
+    }
+    return `${field} ${direction}`;
+  });
+
+  // Gabungkan dengan koma untuk digunakan dalam query
+  const orderByClause = orderConditions.join(', ');
+
+  return orderByClause
+}
+
+module.exports = { setResponse, setResponsePaging, setPaging, convertId, formatToYYYYMMDD, orderByClauseQuery };
--- a/helpers/validateUser.js
+++ b/helpers/validateUser.js
@@ -0,0 +1,9 @@
+const validateUser = (email, password) => {
+  const validEmail = typeof email === "string" && email.trim() !== "";
+  const validPassword =
+    typeof password === "string" && password.trim().length >= 6;
+
+  return validEmail && validPassword;
+};
+
+module.exports = validateUser;
--- a/index.js
+++ b/index.js
@@ -0,0 +1,10 @@
+require("dotenv").config({ path: __dirname + "/.env" });
+const http = require("http");
+const app = require("./app");
+const { logger } = require("./utils/logger");
+
+const server = http.createServer(app);
+
+const PORT = process.env.PORT || 9524;
+
+server.listen(PORT, () => logger.info(`Magic happening on port: ${PORT}`));
--- a/middleware/unKnownEndpoint.js
+++ b/middleware/unKnownEndpoint.js
@@ -0,0 +1,8 @@
+const { ErrorHandler } = require("../helpers/error");
+
+// eslint-disable-next-line no-unused-vars
+const unknownEndpoint = (request, response) => {
+  throw new ErrorHandler(401, "unknown endpoint");
+};
+
+module.exports = unknownEndpoint;
--- a/middleware/verifyAdmin.js
+++ b/middleware/verifyAdmin.js
@@ -0,0 +1,14 @@
+const { ErrorHandler } = require("../helpers/error");
+
+module.exports = (req, res, next) => {
+  const { roles } = req.user;
+  if (roles && roles.includes("admin")) {
+    req.user = {
+      ...req.user,
+      roles,
+    };
+    return next();
+  } else {
+    throw new ErrorHandler(401, "require admin role");
+  }
+};
--- a/middleware/verifyToken.js
+++ b/middleware/verifyToken.js
@@ -0,0 +1,47 @@
+const jwt = require("jsonwebtoken");
+const { ErrorHandler } = require("../helpers/error");
+
+const verifyToken = (req, res, next) => {
+  const authHeader = req.header("Authorization");
+  // console.log("authHeader", authHeader)
+
+  // Pastikan header Authorization ada dan berisi token
+  if (!authHeader || !authHeader.startsWith("Bearer ")) {
+    throw new ErrorHandler(401, "Token missing or invalid");
+  }
+
+  // Ambil token dari header Authorization
+  const token = authHeader.split(" ")[1];
+
+  try {
+    // const decoded = jwt.decode(token, { complete: true });
+    // console.log("decoded", decoded)
+    // console.log("==============================")
+    // console.log("token", token)
+    // console.log("process.env.SECRET", process.env.SECRET)
+    // // console.log("==============================> ", jwt.verify(token, process.env.SECRET))
+    // jwt.verify(token, process.env.SECRET, (err, decoded) => {
+    //   if (err) {
+    //       console.error('Error verifying token: ==============================>', err.message);
+    //   } else {
+    //       console.log('Decoded payload: ==============================>', decoded);
+    //   }
+    // });
+
+    const verified = jwt.verify(token, process.env.SECRET);
+    req.tokenExtract = verified;
+    // console.log(req.tokenExtract);
+    
+    req.userID = req.tokenExtract.user_id
+    req.tenantID = req.tokenExtract.tenant_id
+    req.roleID = req.tokenExtract.role_id
+    req.body.userID = req.tokenExtract.user_id
+    req.body.tenantID = req.tokenExtract.tenant_id
+    req.query.tenantID = req.tokenExtract.tenant_id
+    next();
+  } catch (error) {
+    throw new ErrorHandler(401, error.message || "Invalid Token");
+  }
+};
+
+module.exports = verifyToken;
--- a/package.json
+++ b/package.json
@@ -0,0 +1,64 @@
+{
+  "name": "server",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "start": "cross-env NODE_ENV=production node index",
+    "dev": "cross-env NODE_ENV=development && nodemon --legacy-watch",
+    "test": "cross-env NODE_ENV=test jest --verbose --runInBand",
+    "test:watch": "cross-env NODE_ENV=test jest --verbose --runInBand --watch",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "format": "prettier --write ."
+  },
+  "jest": {
+    "testEnvironment": "node",
+    "coveragePathIgnorePatterns": [
+      "/node_modules/"
+    ]
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "axios": "^1.9.0",
+    "bcrypt": "^5.1.1",
+    "compression": "^1.7.4",
+    "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
+    "crypto": "^1.0.1",
+    "crypto-js": "^4.2.0",
+    "dotenv": "^8.2.0",
+    "express": "^4.18.2",
+    "express-async-errors": "^3.1.1",
+    "google-auth-library": "^8.7.0",
+    "googleapis": "^112.0.0",
+    "helmet": "^4.4.1",
+    "joi": "^17.13.3",
+    "jsonwebtoken": "^8.5.1",
+    "moment": "^2.29.4",
+    "morgan": "^1.10.0",
+    "mqtt": "^5.14.0",
+    "mssql": "^11.0.1",
+    "multer": "^1.4.5-lts.2",
+    "nodemailer": "^6.8.0",
+    "pg": "^8.8.0",
+    "pino": "^6.11.3",
+    "stripe": "^8.138.0",
+    "svg-captcha": "^1.4.0",
+    "swagger-ui-express": "^4.6.0",
+    "uuid": "^11.1.0"
+  },
+  "devDependencies": {
+    "babel-eslint": "^10.1.0",
+    "cross-env": "^7.0.3",
+    "eslint": "^7.32.0",
+    "eslint-plugin-babel": "^5.3.1",
+    "eslint-plugin-prettier": "^4.2.1",
+    "nodemon": "^2.0.20",
+    "pino-pretty": "^4.8.0",
+    "prettier": "^2.8.1",
+    "supertest": "^6.3.3"
+  }
+}
--- a/readme.md
+++ b/readme.md
@@ -0,0 +1,7 @@
+touch README.md
+git init
+git checkout -b main
+git add README.md
+git commit -m "first commit"
+git remote add origin https://gitea.idetama.id/yogiedigital/cod-api.git
+git push -u origin main
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -0,0 +1,8 @@
+const router = require("express").Router();
+const {
+  loginUser,
+} = require("../controllers/auth.controller");
+
+router.post("/login", loginUser);
+
+module.exports = router;
--- a/routes/index.js
+++ b/routes/index.js
@@ -0,0 +1,8 @@
+const router = require("express").Router();
+const auth = require("./auth");
+const users = require("./users");
+
+router.use("/auth", auth);
+router.use("/users", users);
+
+module.exports = router;
--- a/routes/users.js
+++ b/routes/users.js
@@ -0,0 +1,33 @@
+const {
+  getAllUsers,
+  createUser,
+  deleteUser,
+  getUserById,
+  updateUser,
+  getUserProfile,
+  getAllRoles,
+  getAllStatusUsers
+} = require("../controllers/users.controller");
+const router = require("express").Router();
+const verifyAdmin = require("../middleware/verifyAdmin");
+const verifyToken = require("../middleware/verifyToken");
+
+router.get("/roles", getAllRoles);
+
+router.route("/profile")
+  .get(getUserProfile);
+
+router.route("/")
+  .get(verifyToken, getAllUsers)
+  .post(verifyToken, createUser);
+
+router
+  .route("/status")
+  .get(verifyToken, getAllStatusUsers);
+
+router.route("/:id")
+  .get(verifyToken, getUserById)
+  .put(verifyToken, updateUser)
+  .delete(verifyToken, deleteUser);
+
+module.exports = router;
--- a/services/auth.service.js
+++ b/services/auth.service.js
@@ -0,0 +1,77 @@
+const bcrypt = require("bcrypt");
+const jwt = require("jsonwebtoken");
+const validateUser = require("../helpers/validateUser");
+const { ErrorHandler } = require("../helpers/error");
+const {
+  getUserByUsernameDb
+} = require("../db/user.db");
+const { logger } = require("../utils/logger");
+
+class AuthService {
+
+  async login(username, password, tenantId) {
+    try {
+      // if (!validateUser(username, password)) {
+      //   throw new ErrorHandler(403, "Invalid login");
+      // }
+
+      const user = await getUserByUsernameDb(username, tenantId);
+      console.log(user);
+      
+      if (!user) {
+        throw new ErrorHandler(403, "Username not found.");
+      }
+
+      const isCorrectPassword = password === user.password
+      if (!isCorrectPassword) {
+        throw new ErrorHandler(403, "Username or password incorrect.");
+      }
+
+      const dataToken = {
+        tenant_id: tenantId,
+        user_id: user.user_id,
+        username,
+        fullname: user.full_name,
+        role_id: user.role_id
+      }
+
+      const token = await this.signToken(dataToken);
+      const refreshToken = await this.signRefreshToken(dataToken);
+
+      return {
+        token,
+        refreshToken,
+        role_id: dataToken.role_id,
+        tenant_id: tenantId,
+        user: {
+          user_id: dataToken.user_id,
+          fullname: dataToken.fullname,
+          username: dataToken.username,
+        },
+      };
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  }
+
+  async signToken(data) {
+    try {
+      // console.log("signToken process.env.SECRET", process.env.SECRET)
+      return jwt.sign(data, process.env.SECRET, { expiresIn: "23h" });
+    } catch (error) {
+      logger.error(error);
+      throw new ErrorHandler(500, "An error occurred");
+    }
+  }
+
+  async signRefreshToken(data) {
+    try {
+      return jwt.sign(data, process.env.REFRESH_SECRET, { expiresIn: "23h" });
+    } catch (error) {
+      logger.error(error);
+      throw new ErrorHandler(500, error.message);
+    }
+  }
+}
+
+module.exports = new AuthService();
--- a/services/user.service.js
+++ b/services/user.service.js
@@ -0,0 +1,124 @@
+const {
+  createUserDb,
+  changeUserPasswordDb,
+  getUserByIdDb,
+  updateUserDb,
+  deleteUserDb,
+  getAllUsersDb,
+  getUserByUsernameDb,
+  getAllRoleDb
+} = require("../db/user.db");
+const { ErrorHandler } = require("../helpers/error");
+const { convertId } = require("../helpers/utils");
+
+const statusName = [
+  {
+    status: true,
+    status_name: "Aktif"
+  }, {
+    status: false,
+    status_name: "NonAktif"
+  }
+];
+
+class UserService {
+
+  getAllStatusUsers = async () => {
+    try {
+      return statusName;
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  };
+
+  getAllUsers = async (param) => {
+    try {
+      const results = await getAllUsersDb(param);
+
+      results.data.map(element => {
+        element.is_active = element.is_active == 1 ? true : false
+        element.is_active_name = convertId(statusName, element.is_active, 'status', 'status_name')
+      });
+
+      return results
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  };
+
+  createUser = async (param) => {
+    try {
+      const userByUsername = await getUserByUsernameDb(param.userName, param.tenantID);
+
+      if (userByUsername) {
+        throw new ErrorHandler(401, "username taken already");
+      }
+
+      return await createUserDb(param);
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  };
+
+  getUserById = async (id) => {
+    try {
+      const user = await getUserByIdDb(id);
+      // user.password = undefined;
+      user.is_active = user.is_active == 1 ? true : false
+      return user;
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  };
+
+  changeUserPassword = async (password, email, tenantID) => {
+    try {
+      return await changeUserPasswordDb(password, email, tenantID);
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  };
+
+  updateUser = async (param) => {
+    const { userName, id } = param;
+    const errors = {};
+    try {
+
+      const user = await getUserByIdDb(id);
+
+      const findUserByUsername = await getUserByUsernameDb(userName, param.tenantID);
+
+      const usernameChanged = userName && user.user_name.toLowerCase() !== userName.toLowerCase();
+
+      if (usernameChanged && typeof findUserByUsername === "object") {
+        errors["username"] = "Username is already taken";
+      }
+
+      if (Object.keys(errors).length > 0) {
+        throw new ErrorHandler(403, errors);
+      }
+
+      return await updateUserDb(param);
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  };
+
+  deleteUser = async (id, userID) => {
+    try {
+      return await deleteUserDb(id, userID);
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  };
+
+  getAllRoles = async (tenantID) => {
+    try {
+      return await getAllRoleDb(tenantID);
+    } catch (error) {
+      throw new ErrorHandler(error.statusCode, error.message);
+    }
+  };
+}
+
+module.exports = new UserService();
--- a/utils/logger.js
+++ b/utils/logger.js
@@ -0,0 +1,9 @@
+const pino = require("pino");
+
+// Create a logging instance
+const logger = pino({
+  level: process.env.NODE_ENV === "production" ? "info" : "debug",
+  prettyPrint: process.env.NODE_ENV !== "production",
+});
+
+module.exports.logger = logger;