tambahan
This commit is contained in:
bipproduction
@@ -5,7 +5,11 @@ import { prisma } from '../lib/prisma'
|
|||||||
|
|
||||||
const secret = process.env.JWT_SECRET
|
const secret = process.env.JWT_SECRET
|
||||||
|
|
||||||
export default function apiAuth(app: Elysia) {
|
if (!secret) {
|
||||||
|
throw new Error('JWT_SECRET is not defined')
|
||||||
|
}
|
||||||
|
|
||||||
|
export function apiAuth(app: Elysia) {
|
||||||
if (!secret) {
|
if (!secret) {
|
||||||
throw new Error('JWT_SECRET is not defined')
|
throw new Error('JWT_SECRET is not defined')
|
||||||
}
|
}
|
||||||
@@ -16,37 +20,63 @@ export default function apiAuth(app: Elysia) {
|
|||||||
secret,
|
secret,
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
.derive(async ({ cookie, headers, jwt }) => {
|
.derive(async ({ cookie, headers, jwt, request }) => {
|
||||||
let token: string | undefined
|
let token: string | undefined
|
||||||
|
|
||||||
if (cookie?.token?.value) {
|
// 🔸 Ambil token dari Cookie
|
||||||
token = cookie.token.value as any
|
if (cookie?.token?.value) token = cookie.token.value as string
|
||||||
|
|
||||||
|
// 🔸 Ambil token dari Header (case-insensitive)
|
||||||
|
const possibleHeaders = [
|
||||||
|
'authorization',
|
||||||
|
'Authorization',
|
||||||
|
'x-token',
|
||||||
|
'X-Token',
|
||||||
|
]
|
||||||
|
|
||||||
|
for (const key of possibleHeaders) {
|
||||||
|
const value = headers[key]
|
||||||
|
if (typeof value === 'string') {
|
||||||
|
token = value.startsWith('Bearer ') ? value.slice(7) : value
|
||||||
|
break
|
||||||
}
|
}
|
||||||
if (headers['x-token']?.startsWith('Bearer ')) {
|
|
||||||
token = (headers['x-token'] as string).slice(7)
|
|
||||||
}
|
|
||||||
if (headers['authorization']?.startsWith('Bearer ')) {
|
|
||||||
token = (headers['authorization'] as string).slice(7)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
let user: null | Awaited<ReturnType<typeof prisma.user.findUnique>> = null
|
// 🔸 Tidak ada token
|
||||||
if (token) {
|
if (!token) {
|
||||||
|
console.warn(`[AUTH] No token found for ${request.method} ${request.url}`)
|
||||||
|
return { user: null }
|
||||||
|
}
|
||||||
|
|
||||||
|
// 🔸 Verifikasi token
|
||||||
try {
|
try {
|
||||||
const decoded = (await jwt.verify(token)) as JWTPayloadSpec
|
const decoded = (await jwt.verify(token)) as JWTPayloadSpec
|
||||||
if (decoded.sub) {
|
|
||||||
user = await prisma.user.findUnique({
|
if (!decoded?.sub) {
|
||||||
|
console.warn('[AUTH] Token missing sub field:', decoded)
|
||||||
|
return { user: null }
|
||||||
|
}
|
||||||
|
|
||||||
|
const user = await prisma.user.findUnique({
|
||||||
where: { id: decoded.sub as string },
|
where: { id: decoded.sub as string },
|
||||||
})
|
})
|
||||||
}
|
|
||||||
} catch (err) {
|
if (!user) {
|
||||||
console.warn('[SERVER][apiAuth] Invalid token', err)
|
console.warn('[AUTH] User not found for sub:', decoded.sub)
|
||||||
}
|
return { user: null }
|
||||||
}
|
}
|
||||||
|
|
||||||
return { user }
|
return { user }
|
||||||
|
} catch (err) {
|
||||||
|
console.warn('[AUTH] Invalid JWT token:', err)
|
||||||
|
return { user: null }
|
||||||
|
}
|
||||||
})
|
})
|
||||||
.onBeforeHandle(({ user, set }) => {
|
.onBeforeHandle(({ user, set, request }) => {
|
||||||
if (!user) {
|
if (!user) {
|
||||||
|
console.warn(
|
||||||
|
`[AUTH] Unauthorized access: ${request.method} ${request.url}`
|
||||||
|
)
|
||||||
set.status = 401
|
set.status = 401
|
||||||
return { error: 'Unauthorized' }
|
return { error: 'Unauthorized' }
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user