fix-admin-menu-desa-berita

prisma/migrations/20260225082505_deploy/migration.sql

@@ -0,0 +1,170 @@
+/*
+  Warnings:
+
+  - You are about to alter the column `nama` on the `KategoriPotensi` table. The data in that column could be lost. The data in that column will be cast from `Text` to `VarChar(100)`.
+  - You are about to alter the column `name` on the `PotensiDesa` table. The data in that column could be lost. The data in that column will be cast from `Text` to `VarChar(255)`.
+  - You are about to alter the column `kategoriId` on the `PotensiDesa` table. The data in that column could be lost. The data in that column will be cast from `Text` to `VarChar(36)`.
+  - A unique constraint covering the columns `[nama]` on the table `KategoriPotensi` will be added. If there are existing duplicate values, this will fail.
+  - A unique constraint covering the columns `[name]` on the table `PotensiDesa` will be added. If there are existing duplicate values, this will fail.
+  - Made the column `kategoriId` on table `PotensiDesa` required. This step will fail if there are existing NULL values in that column.
+
+*/
+-- DropForeignKey
+ALTER TABLE "DataPerpustakaan" DROP CONSTRAINT "DataPerpustakaan_imageId_fkey";
+
+-- DropForeignKey
+ALTER TABLE "DesaDigital" DROP CONSTRAINT "DesaDigital_imageId_fkey";
+
+-- DropForeignKey
+ALTER TABLE "InfoTekno" DROP CONSTRAINT "InfoTekno_imageId_fkey";
+
+-- DropForeignKey
+ALTER TABLE "KegiatanDesa" DROP CONSTRAINT "KegiatanDesa_imageId_fkey";
+
+-- DropForeignKey
+ALTER TABLE "PengaduanMasyarakat" DROP CONSTRAINT "PengaduanMasyarakat_imageId_fkey";
+
+-- DropForeignKey
+ALTER TABLE "PotensiDesa" DROP CONSTRAINT "PotensiDesa_kategoriId_fkey";
+
+-- DropForeignKey
+ALTER TABLE "ProfileDesaImage" DROP CONSTRAINT "ProfileDesaImage_imageId_fkey";
+
+-- AlterTable
+ALTER TABLE "CaraMemperolehInformasi" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "CaraMemperolehSalinanInformasi" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "DaftarInformasiPublik" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "DasarHukumPPID" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "DataPerpustakaan" ALTER COLUMN "imageId" DROP NOT NULL;
+
+-- AlterTable
+ALTER TABLE "DesaDigital" ALTER COLUMN "imageId" DROP NOT NULL;
+
+-- AlterTable
+ALTER TABLE "FormulirPermohonanKeberatan" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "InfoTekno" ALTER COLUMN "imageId" DROP NOT NULL;
+
+-- AlterTable
+ALTER TABLE "JenisInformasiDiminta" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "JenisKelaminResponden" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "KategoriPotensi" ALTER COLUMN "nama" SET DATA TYPE VARCHAR(100),
+ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "KategoriPrestasiDesa" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "KegiatanDesa" ALTER COLUMN "imageId" DROP NOT NULL;
+
+-- AlterTable
+ALTER TABLE "LambangDesa" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "MaskotDesa" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "PegawaiPPID" ADD COLUMN     "deletedAt" TIMESTAMP(3);
+
+-- AlterTable
+ALTER TABLE "PengaduanMasyarakat" ALTER COLUMN "imageId" DROP NOT NULL;
+
+-- AlterTable
+ALTER TABLE "PermohonanInformasiPublik" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "PilihanRatingResponden" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "PosisiOrganisasiPPID" ADD COLUMN     "deletedAt" TIMESTAMP(3);
+
+-- AlterTable
+ALTER TABLE "PotensiDesa" ALTER COLUMN "name" SET DATA TYPE VARCHAR(255),
+ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT,
+ALTER COLUMN "kategoriId" SET NOT NULL,
+ALTER COLUMN "kategoriId" SET DATA TYPE VARCHAR(36);
+
+-- AlterTable
+ALTER TABLE "PrestasiDesa" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "ProfileDesaImage" ALTER COLUMN "imageId" DROP NOT NULL;
+
+-- AlterTable
+ALTER TABLE "ProfilePPID" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "Responden" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "SejarahDesa" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "UmurResponden" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "VisiMisiDesa" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- AlterTable
+ALTER TABLE "VisiMisiPPID" ALTER COLUMN "deletedAt" DROP NOT NULL,
+ALTER COLUMN "deletedAt" DROP DEFAULT;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "KategoriPotensi_nama_key" ON "KategoriPotensi"("nama");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "PotensiDesa_name_key" ON "PotensiDesa"("name");
+
+-- AddForeignKey
+ALTER TABLE "ProfileDesaImage" ADD CONSTRAINT "ProfileDesaImage_imageId_fkey" FOREIGN KEY ("imageId") REFERENCES "FileStorage"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "PotensiDesa" ADD CONSTRAINT "PotensiDesa_kategoriId_fkey" FOREIGN KEY ("kategoriId") REFERENCES "KategoriPotensi"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "DesaDigital" ADD CONSTRAINT "DesaDigital_imageId_fkey" FOREIGN KEY ("imageId") REFERENCES "FileStorage"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "InfoTekno" ADD CONSTRAINT "InfoTekno_imageId_fkey" FOREIGN KEY ("imageId") REFERENCES "FileStorage"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "PengaduanMasyarakat" ADD CONSTRAINT "PengaduanMasyarakat_imageId_fkey" FOREIGN KEY ("imageId") REFERENCES "FileStorage"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "KegiatanDesa" ADD CONSTRAINT "KegiatanDesa_imageId_fkey" FOREIGN KEY ("imageId") REFERENCES "FileStorage"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "DataPerpustakaan" ADD CONSTRAINT "DataPerpustakaan_imageId_fkey" FOREIGN KEY ("imageId") REFERENCES "FileStorage"("id") ON DELETE SET NULL ON UPDATE CASCADE;

prisma/migrations/migration_lock.toml

@@ -1,3 +1,3 @@
 # Please do not edit this file manually
 # It should be added in your version-control system (e.g., Git)
-provider = "postgresql"
+provider = "postgresql"

prisma/schema.prisma

@@ -533,7 +533,7 @@ model SejarahDesa {
   deskripsi String   @db.Text
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
-  deletedAt DateTime @default(now())
+  deletedAt DateTime?
   isActive  Boolean  @default(true)
 }
 
@@ -543,7 +543,7 @@ model VisiMisiDesa {
   misi      String   @db.Text
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
-  deletedAt DateTime @default(now())
+  deletedAt DateTime?
   isActive  Boolean  @default(true)
 }
 
@@ -553,7 +553,7 @@ model LambangDesa {
   deskripsi String   @db.Text
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
-  deletedAt DateTime @default(now())
+  deletedAt DateTime?
   isActive  Boolean  @default(true)
 }
 
@@ -564,7 +564,7 @@ model MaskotDesa {
   images    ProfileDesaImage[]
   createdAt DateTime           @default(now())
   updatedAt DateTime           @updatedAt
-  deletedAt DateTime           @default(now())
+  deletedAt DateTime?
   isActive  Boolean            @default(true)
 }
 
@@ -633,25 +633,25 @@ model KategoriBerita {
 // ========================================= POTENSI DESA ========================================= //
 model PotensiDesa {
   id         String           @id @default(cuid())
-  name       String
-  deskripsi  String
+  name       String           @unique @db.VarChar(255)
+  deskripsi  String           @db.Text
   kategori   KategoriPotensi? @relation(fields: [kategoriId], references: [id])
-  kategoriId String?
+  kategoriId String           @db.VarChar(36)
   image      FileStorage?     @relation(fields: [imageId], references: [id])
   imageId    String?
   content    String           @db.Text
   createdAt  DateTime         @default(now())
   updatedAt  DateTime         @updatedAt
-  deletedAt  DateTime         @default(now())
+  deletedAt  DateTime?
   isActive   Boolean          @default(true)
 }
 
 model KategoriPotensi {
   id          String        @id @default(cuid())
-  nama        String
+  nama        String        @unique @db.VarChar(100)
   createdAt   DateTime      @default(now())
   updatedAt   DateTime      @updatedAt
-  deletedAt   DateTime      @default(now())
+  deletedAt   DateTime?
   isActive    Boolean       @default(true)
   PotensiDesa PotensiDesa[]
 }

src/app/admin/(dashboard)/desa/berita/kategori-berita/page.tsx

@@ -160,7 +160,7 @@ function ListKategoriBerita({ search }: { search: string }) {
                 ))
               ) : (
                 <TableTr>
-                  <TableTd colSpan={4}>
+                  <TableTd colSpan={3}>  {/* ✅ Match column count (3 columns) */}
                     <Center py={24}>
                       <Text c="dimmed" fz="sm" lh={1.4}>
                         Tidak ada data kategori berita yang cocok

src/app/admin/(dashboard)/desa/berita/list-berita/page.tsx

@@ -187,7 +187,7 @@ function ListBerita({ search }: { search: string }) {
         <Pagination
           value={page}
           onChange={(newPage) => {
-            load(newPage, 10);
+            load(newPage, 10, debouncedSearch);  // ✅ Include search parameter
             window.scrollTo({ top: 0, behavior: 'smooth' });
           }}
           total={totalPages}

src/app/admin/(dashboard)/desa/potensi/list-potensi/[id]/page.tsx

@@ -8,6 +8,7 @@ import { IconArrowBack, IconEdit, IconTrash } from '@tabler/icons-react';
 import { useParams, useRouter } from 'next/navigation';
 import { useState } from 'react';
 import { useProxy } from 'valtio/utils';
+import DOMPurify from 'dompurify';
 
 export default function DetailPotensi() {
   const router = useRouter();
@@ -77,7 +78,17 @@ export default function DetailPotensi() {
 
               <Box>
                 <Text fz="lg" fw="bold">Deskripsi</Text>
-                <Text fz="md" c="dimmed" style={{ wordBreak: "break-word", whiteSpace: "normal" }} dangerouslySetInnerHTML={{ __html: data.deskripsi || '-' }}></Text>
+                <Text 
+                  fz="md" 
+                  c="dimmed" 
+                  style={{ wordBreak: "break-word", whiteSpace: "normal" }} 
+                  dangerouslySetInnerHTML={{ 
+                    __html: DOMPurify.sanitize(data.deskripsi || '-', {
+                      ALLOWED_TAGS: ['p', 'br', 'strong', 'em', 'u', 'ul', 'ol', 'li'],
+                      ALLOWED_ATTR: []
+                    })
+                  }}
+                ></Text>
               </Box>
 
               <Box>
@@ -102,7 +113,12 @@ export default function DetailPotensi() {
                 <Text
                   fz="md"
                   c="dimmed"
-                  dangerouslySetInnerHTML={{ __html: data.content || '-' }}
+                  dangerouslySetInnerHTML={{
+                    __html: DOMPurify.sanitize(data.content || '-', {
+                      ALLOWED_TAGS: ['p', 'br', 'strong', 'em', 'u', 'ul', 'ol', 'li'],
+                      ALLOWED_ATTR: []
+                    })
+                  }}
                   style={{ wordBreak: "break-word", whiteSpace: "normal" }}
                 />
               </Box>

src/app/admin/(dashboard)/desa/potensi/list-potensi/page.tsx

@@ -27,6 +27,7 @@ import { useProxy } from 'valtio/utils';
 import HeaderSearch from '../../../_com/header';
 import potensiDesaState from '../../../_state/desa/potensi';
 import { useDebouncedValue } from '@mantine/hooks';
+import DOMPurify from 'dompurify';
 
 function Potensi() {
   const [search, setSearch] = useState("");
@@ -137,7 +138,12 @@ function ListPotensi({ search }: { search: string }) {
                         fz="sm"
                         lh={1.5}
                         lineClamp={2}
-                        dangerouslySetInnerHTML={{ __html: item.deskripsi }}
+                        dangerouslySetInnerHTML={{
+                          __html: DOMPurify.sanitize(item.deskripsi, {
+                            ALLOWED_TAGS: ['p', 'br', 'strong', 'em', 'u', 'ul', 'ol', 'li'],
+                            ALLOWED_ATTR: []
+                          })
+                        }}
                         style={{ wordBreak: 'break-word' }}
                       />
                     </TableTd>
@@ -199,7 +205,12 @@ function ListPotensi({ search }: { search: string }) {
                     <Text
                       fz="sm"
                       lh={1.5}
-                      dangerouslySetInnerHTML={{ __html: item.deskripsi }}
+                      dangerouslySetInnerHTML={{
+                        __html: DOMPurify.sanitize(item.deskripsi, {
+                          ALLOWED_TAGS: ['p', 'br', 'strong', 'em', 'u', 'ul', 'ol', 'li'],
+                          ALLOWED_ATTR: []
+                        })
+                      }}
                       style={{ wordBreak: 'break-word' }}
                     />
                   </Box>

src/app/admin/(dashboard)/desa/profil/profil-perbekel/page.tsx

@@ -95,7 +95,7 @@ function Page() {
                 fz={{ base: 'md', md: 'lg' }}
                 lh={{ base: 1.4, md: 1.4 }}
               >
-                I.B. Surya Prabhawa Manuaba, S.H., M.H.
+                {perbekel.nama || "I.B. Surya Prabhawa Manuaba, S.H., M.H."}
               </Text>
             </Paper>
           </Stack>

src/app/admin/layout.tsx

@@ -354,7 +354,8 @@ export default function Layout({ children }: { children: React.ReactNode }) {
                             borderLeft: `2px solid ${tokens.colors.primary}`,
                           }),
                           ...(mounted && isChildActive && !isDark && {
-                            backgroundColor: tokens.colors.bg.hover,
+                            backgroundColor: 'rgba(25, 113, 194, 0.1)',
+                            borderLeft: `2px solid ${tokens.colors.primary}`,
                           }),
                         }
                       }}

src/app/api/[[...slugs]]/_lib/desa/berita/kategori-berita/del.ts

@@ -2,15 +2,50 @@ import prisma from "@/lib/prisma";
 import { Context } from "elysia";
 
 export default async function kategoriBeritaDelete(context: Context) {
-    const id = context.params.id as string;
+    try {
+        const id = context.params?.id as string;
 
-    await prisma.kategoriBerita.delete({
-        where: { id },
-    });
+        if (!id) {
+            return Response.json({
+                success: false,
+                message: "ID tidak boleh kosong",
+            }, { status: 400 });
+        }
 
-    return {
-        status: 200,
-        success: true,
-        message: "Sukses Menghapus kategori berita",
-    };
+        // ✅ Cek apakah kategori masih digunakan oleh berita
+        const beritaCount = await prisma.berita.count({
+            where: {
+                kategoriBeritaId: id,
+                isActive: true,
+                deletedAt: null,
+            },
+        });
+
+        if (beritaCount > 0) {
+            return Response.json({
+                success: false,
+                message: `Kategori tidak dapat dihapus karena masih digunakan oleh ${beritaCount} berita`,
+            }, { status: 400 });
+        }
+
+        // ✅ Soft delete (bukan hard delete)
+        await prisma.kategoriBerita.update({
+            where: { id },
+            data: {
+                deletedAt: new Date(),
+                isActive: false,
+            },
+        });
+
+        return {
+            success: true,
+            message: "Kategori berita berhasil dihapus",
+        };
+    } catch (error) {
+        console.error("Delete kategori error:", error);
+        return Response.json({
+            success: false,
+            message: "Gagal menghapus kategori: " + (error instanceof Error ? error.message : 'Unknown error'),
+        }, { status: 500 });
+    }
 }

src/app/api/[[...slugs]]/_lib/desa/potensi/find-unique.ts

@@ -21,8 +21,13 @@ export default async function findUnique(
             }, { status: 400 });
         }
 
-        const data = await prisma.potensiDesa.findUnique({
-            where: { id },
+        // ✅ Filter by isActive and deletedAt
+        const data = await prisma.potensiDesa.findFirst({
+            where: { 
+                id,
+                isActive: true,
+                deletedAt: null,
+            },
             include: {
                 image: true,
                 kategori: true
@@ -48,5 +53,5 @@ export default async function findUnique(
             message: "Gagal mengambil potensi desa: " + (error instanceof Error ? error.message : 'Unknown error'),
         }, { status: 500 });
     }
-    
+
 }

src/app/api/[[...slugs]]/_lib/desa/potensi/kategori-potensi/del.ts

@@ -2,15 +2,50 @@ import prisma from "@/lib/prisma";
 import { Context } from "elysia";
 
 export default async function kategoriPotensiDelete(context: Context) {
-    const id = context.params.id as string;
+    try {
+        const id = context.params?.id as string;
 
-    await prisma.kategoriPotensi.delete({
-        where: { id },
-    });
+        if (!id) {
+            return Response.json({
+                success: false,
+                message: "ID tidak boleh kosong",
+            }, { status: 400 });
+        }
 
-    return {
-        status: 200,
-        success: true,
-        message: "Sukses Menghapus kategori potensi",
-    };
+        // ✅ Cek apakah kategori masih digunakan oleh potensi desa
+        const existingPotensi = await prisma.potensiDesa.findFirst({
+            where: {
+                kategoriId: id,
+                isActive: true,
+                deletedAt: null,
+            },
+        });
+
+        if (existingPotensi) {
+            return Response.json({
+                success: false,
+                message: "Kategori masih digunakan oleh potensi desa. Tidak dapat dihapus.",
+            }, { status: 400 });
+        }
+
+        // Soft delete
+        await prisma.kategoriPotensi.update({
+            where: { id },
+            data: {
+                deletedAt: new Date(),
+                isActive: false,
+            },
+        });
+
+        return {
+            success: true,
+            message: "Kategori potensi berhasil dihapus",
+        };
+    } catch (error) {
+        console.error("Delete kategori error:", error);
+        return Response.json({
+            success: false,
+            message: "Gagal menghapus kategori: " + (error instanceof Error ? error.message : 'Unknown error'),
+        }, { status: 500 });
+    }
 }

src/app/api/[[...slugs]]/_lib/desa/profile/profile_desa/sejarah/find-first.ts

@@ -0,0 +1,40 @@
+import prisma from "@/lib/prisma";
+import { requireAuth } from "@/lib/api-auth";
+
+export default async function sejarahDesaFindFirst(request: Request) {
+    // ✅ Authentication check
+    const headers = new Headers(request.url);
+    const authResult = await requireAuth({ headers });
+    if (!authResult.authenticated) {
+        return authResult.response;
+    }
+
+    try {
+      // Get the first active record
+      const data = await prisma.sejarahDesa.findFirst({
+        where: { 
+          isActive: true,
+          deletedAt: null 
+        },
+        orderBy: { createdAt: 'asc' } // Get the oldest one first
+      });
+
+      if (!data) {
+        return Response.json({
+          success: false,
+          message: "Data tidak ditemukan",
+        }, {status: 404})
+      }
+
+      return Response.json({
+        success: true,
+        data,
+      }, {status: 200})
+    } catch (error) {
+      console.error("Gagal mengambil data sejarah desa:", error)
+      return Response.json({
+        success: false,
+        message: "Terjadi kesalahan saat mengambil data",
+      }, {status: 500})
+    }
+}

src/app/api/[[...slugs]]/_lib/desa/profile/profile_desa/sejarah/index.ts

@@ -1,11 +1,16 @@
 import Elysia, { t } from "elysia";
 import sejarahDesaFindById from "./find-by-id";
 import sejarahDesaUpdate from "./update";
+import sejarahDesaFindFirst from "./find-first";
 
 const SejarahDesa = new Elysia({
   prefix: "/sejarah",
   tags: ["Desa/Profile"],
 })
+  .get("/first", async (context) => {
+    const response = await sejarahDesaFindFirst(new Request(context.request));
+    return response;
+  })
   .get("/:id", async (context) => {
     const response = await sejarahDesaFindById(new Request(context.request));
     return response;

src/app/api/[[...slugs]]/_lib/desa/profile/profile_desa/sejarah/update.ts

@@ -1,7 +1,14 @@
 import prisma from "@/lib/prisma";
+import { requireAuth } from "@/lib/api-auth";
 import { Context } from "elysia";
 
 export default async function sejarahDesaUpdate(context: Context) {
+    // ✅ Authentication check
+    const authResult = await requireAuth(context);
+    if (!authResult.authenticated) {
+        return authResult.response;
+    }
+
     try {
         const id = context.params?.id as string;
         const body = await context.body as {

src/app/darmasaba/layout.tsx

@@ -1,19 +1,14 @@
 "use client";
 
 import colors from "@/con/colors";
-import { MantineProvider, createTheme } from "@mantine/core";
 import { Box, Space, Stack } from "@mantine/core";
 
 import { Navbar } from "@/app/darmasaba/_com/Navbar";
 import Footer from "./_com/Footer";
 
-const theme = createTheme({
-  defaultColorScheme: "light",
-});
 
 export default function Layout({ children }: { children: React.ReactNode }) {
     return (
-        <MantineProvider theme={theme} defaultColorScheme="light">
             <Stack gap={0} bg={colors.grey[1]}>
                 <Navbar />
                 <Space h={{
@@ -27,6 +22,5 @@ export default function Layout({ children }: { children: React.ReactNode }) {
                 </Box>
                 <Footer />
             </Stack>
-        </MantineProvider>
     )
 }

src/lib/api-auth.ts

@@ -0,0 +1,84 @@
+/**
+ * Authentication helper untuk API endpoints
+ * 
+ * Usage:
+ * import { requireAuth } from "@/lib/api-auth";
+ * 
+ * export default async function myEndpoint(context: Context) {
+ *   const authResult = await requireAuth(context);
+ *   if (!authResult.authenticated) {
+ *     return authResult.response;
+ *   }
+ *   // Lanjut proses dengan authResult.user
+ * }
+ */
+
+import { getSession } from "@/lib/session";
+
+export type AuthResult = 
+  | { authenticated: true; user: any }
+  | { authenticated: false; response: Response };
+
+export async function requireAuth(context: any): Promise<AuthResult> {
+  try {
+    // Cek session dari cookies
+    const session = await getSession();
+    
+    if (!session || !session.user) {
+      return {
+        authenticated: false,
+        response: new Response(JSON.stringify({
+          success: false,
+          message: "Unauthorized - Silakan login terlebih dahulu"
+        }), { 
+          status: 401,
+          headers: { 'Content-Type': 'application/json' }
+        })
+      };
+    }
+
+    // Check jika user masih aktif
+    if (!session.user.isActive) {
+      return {
+        authenticated: false,
+        response: new Response(JSON.stringify({
+          success: false,
+          message: "Akun Anda tidak aktif. Hubungi administrator."
+        }), { 
+          status: 403,
+          headers: { 'Content-Type': 'application/json' }
+        })
+      };
+    }
+
+    return {
+      authenticated: true,
+      user: session.user
+    };
+  } catch (error) {
+    console.error("Auth error:", error);
+    return {
+      authenticated: false,
+      response: new Response(JSON.stringify({
+        success: false,
+        message: "Authentication error"
+      }), { 
+        status: 500,
+        headers: { 'Content-Type': 'application/json' }
+      })
+    };
+  }
+}
+
+/**
+ * Optional auth - tidak error jika tidak authenticated
+ * Berguna untuk endpoint yang bisa diakses public atau private
+ */
+export async function optionalAuth(context: any): Promise<any> {
+  try {
+    const session = await getSession();
+    return session?.user || null;
+  } catch (error) {
+    return null;
+  }
+}

src/lib/session.ts

@@ -0,0 +1,68 @@
+/**
+ * Session helper menggunakan iron-session
+ * 
+ * Usage:
+ * import { getSession } from "@/lib/session";
+ * 
+ * const session = await getSession();
+ * if (session?.user) {
+ *   // User authenticated
+ * }
+ */
+
+import { getIronSession } from 'iron-session';
+import { cookies } from 'next/headers';
+
+export type SessionData = {
+  user?: {
+    id: string;
+    name: string;
+    roleId: number;
+    menuIds?: string[] | null;
+    isActive?: boolean;
+  };
+};
+
+export type Session = SessionData & {
+  save: () => Promise<void>;
+  destroy: () => Promise<void>;
+};
+
+const SESSION_OPTIONS = {
+  cookieName: 'desa-session',
+  password: process.env.SESSION_PASSWORD || 'default-password-change-in-production',
+  cookieOptions: {
+    secure: process.env.NODE_ENV === 'production',
+    httpOnly: true,
+    sameSite: 'lax' as const,
+    maxAge: 60 * 60 * 24 * 7, // 7 days
+  },
+};
+
+export async function getSession(): Promise<SessionData | null> {
+  try {
+    const cookieStore = await cookies();
+    const session = await getIronSession<SessionData>(
+      cookieStore,
+      SESSION_OPTIONS
+    );
+    
+    return session;
+  } catch (error) {
+    console.error('Session error:', error);
+    return null;
+  }
+}
+
+export async function destroySession(): Promise<void> {
+  try {
+    const cookieStore = await cookies();
+    const session = await getIronSession<SessionData>(
+      cookieStore,
+      SESSION_OPTIONS
+    );
+    await session.destroy();
+  } catch (error) {
+    console.error('Destroy session error:', error);
+  }
+}