wibu/hipmi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix middleware

Browse Source 
deskrispi:
- perbaiki middleware untuk versi diatas 1.4.6
No Issuee
This commit is contained in:
Bagasbanuna02
2025-05-22 11:47:59 +08:00
parent e8c897242e
commit dbe56f364e
7 changed files with 764 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/app/api/auth/logout/route-v.1.4.5t.xt Normal file
View File

@@ -0,0 +1,38 @@
import { cookies } from "next/headers";
import { NextResponse } from "next/server";
export const dynamic = "force-dynamic";
export async function GET() {
const sessionKey = process.env.NEXT_PUBLIC_BASE_SESSION_KEY!; // Gunakan environment variable yang tidak diekspos ke client-side
if (!sessionKey) {
return NextResponse.json(
{ success: false, message: "Session key tidak ditemukan" },
{ status: 500 }
);
}
const cookieStore = cookies();
const sessionCookie = cookieStore.get(sessionKey);
if (!sessionCookie) {
return NextResponse.json(
{ success: false, message: "Session tidak ditemukan" },
{ status: 400 }
);
}
try {
cookieStore.delete(sessionKey);
return NextResponse.json(
{ success: true, message: "Logout berhasil" },
{ status: 200 }
);
} catch (error) {
console.error("Gagal menghapus cookie:", error);
return NextResponse.json(
{ success: false, message: "Gagal melakukan logout" },
{ status: 500 }
);
}
}

21
src/app/api/auth/logout/route.ts
View File

@@ -4,7 +4,7 @@ import { NextResponse } from "next/server";
export const dynamic = "force-dynamic";
export async function GET() {
const sessionKey = process.env.NEXT_PUBLIC_BASE_SESSION_KEY!; // Gunakan environment variable yang tidak diekspos ke client-side
const sessionKey = process.env.NEXT_PUBLIC_BASE_SESSION_KEY!;
if (!sessionKey) {
return NextResponse.json(
{ success: false, message: "Session key tidak ditemukan" },
@@ -23,11 +23,20 @@ export async function GET() {
}
try {
cookieStore.delete(sessionKey);
return NextResponse.json(
{ success: true, message: "Logout berhasil" },
{ status: 200 }
);
const response = NextResponse.json({
success: true,
message: "Logout berhasil",
});
// Menghapus cookie dengan set maxAge 0
response.cookies.set({
name: sessionKey,
value: "",
path: "/",
maxAge: 0,
});
return response;
} catch (error) {
console.error("Gagal menghapus cookie:", error);
return NextResponse.json(

67
src/app/api/user-validate/route-v.1.4.5.txt Normal file
View File

@@ -0,0 +1,67 @@
import { decrypt } from "@/app/(auth)/_lib/decrypt";
import { prisma } from "@/lib";
import { cookies } from "next/headers";
import { NextResponse } from "next/server";
export const dynamic = "force-dynamic";
export async function GET(req: Request) {
try {
const SESSIONKEY = process.env.NEXT_PUBLIC_BASE_SESSION_KEY!;
// const token = req.headers.get("Authorization")?.split(" ")[1]
const token =
cookies().get(SESSIONKEY)?.value ||
req.headers.get("Authorization")?.split(" ")[1];
if (!token) {
return NextResponse.json(
{
success: false,
message: "Unauthorized token not found",
},
{ status: 401 }
);
}
const decripted = await decrypt({
token: token!,
encodedKey: process.env.NEXT_PUBLIC_BASE_TOKEN_KEY!,
});
if (!decripted) {
await prisma.$disconnect();
return NextResponse.json(
{
success: false,
message: "Unauthorized",
},
{ status: 401 }
);
}
const user = await prisma.user.findUnique({
where: {
id: decripted.id,
},
});
// Disconnect after successful query
return NextResponse.json({
success: true,
message: "Berhasil mendapatkan data",
data: user,
});
} catch (error) {
// Ensure connection is closed even if error occurs
console.error("Error in user validation:", error);
return NextResponse.json(
{
success: false,
message: "Terjadi kesalahan pada server",
},
{ status: 500 }
);
} finally {
await prisma.$disconnect();
}
}

51
src/app/api/user-validate/route.ts
View File

@@ -2,15 +2,22 @@ import { decrypt } from "@/app/(auth)/_lib/decrypt";
import { prisma } from "@/lib";
import { cookies } from "next/headers";
import { NextResponse } from "next/server";
export const dynamic = "force-dynamic";
export async function GET(req: Request) {
try {
const SESSIONKEY = process.env.NEXT_PUBLIC_BASE_SESSION_KEY!;
// const token = req.headers.get("Authorization")?.split(" ")[1]
const token =
cookies().get(SESSIONKEY)?.value ||
req.headers.get("Authorization")?.split(" ")[1];
const TOKENKEY = process.env.NEXT_PUBLIC_BASE_TOKEN_KEY!;
const cookieStore = cookies();
const authHeader = req.headers.get("Authorization") || "";
const bearerToken = authHeader.startsWith("Bearer ")
? authHeader.split(" ")[1]
: undefined;
const token = cookieStore.get(SESSIONKEY)?.value || bearerToken;
if (!token) {
return NextResponse.json(
{
@@ -21,17 +28,16 @@ export async function GET(req: Request) {
);
}
const decripted = await decrypt({
token: token!,
encodedKey: process.env.NEXT_PUBLIC_BASE_TOKEN_KEY!,
const decrypted = await decrypt({
token,
encodedKey: TOKENKEY,
});
if (!decripted) {
await prisma.$disconnect();
if (!decrypted?.id) {
return NextResponse.json(
{
success: false,
message: "Unauthorized",
message: "Unauthorized: invalid token data",
},
{ status: 401 }
);
@@ -39,11 +45,30 @@ export async function GET(req: Request) {
const user = await prisma.user.findUnique({
where: {
id: decripted.id,
id: decrypted.id,
},
});
// Disconnect after successful query
if (!user) {
return NextResponse.json(
{
success: false,
message: "User tidak ditemukan",
},
{ status: 404 }
);
}
if (!user.active) {
return NextResponse.json(
{
success: false,
message: "User belum aktif",
data: user,
},
{ status: 403 }
);
}
return NextResponse.json({
success: true,
@@ -51,8 +76,6 @@ export async function GET(req: Request) {
data: user,
});
} catch (error) {
// Ensure connection is closed even if error occurs
console.error("Error in user validation:", error);
return NextResponse.json(
{

53
src/app/api/validation/route.ts
View File

@@ -1,9 +1,58 @@
import { NextResponse } from "next/server";
import { jwtVerify } from "jose";
export async function GET(req: Request) {
const token = req.headers.get("Authorization")?.split(" ")[1];
if (!token) return NextResponse.json({ success: false }, { status: 401 });
if (!token) {
console.warn("Token is missing in /api/validation");
return NextResponse.json(
{ success: false, error: "Token missing" },
{ status: 401 }
);
}
return NextResponse.json({ success: true });
try {
const secret = new TextEncoder().encode(
process.env.NEXT_PUBLIC_BASE_TOKEN_KEY!
);
const { payload } = await jwtVerify(token, secret, {
algorithms: ["HS256"],
});
if (!payload || typeof payload !== "object" || !payload.user) {
console.warn("Invalid payload structure in /api/validation:", payload);
return NextResponse.json(
{ success: false, error: "Invalid token payload" },
{ status: 401 }
);
}
return NextResponse.json({
success: true,
user: payload.user,
});
} catch (err) {
console.error("Token verification failed in /api/validation:", err);
return NextResponse.json(
{ success: false, error: "Invalid or expired token" },
{ status: 401 }
);
}
}
// Optional: handle disallowed methods
export async function POST() {
return NextResponse.json({ error: "Method Not Allowed" }, { status: 405 });
}
// ==== Versi 1.4.5 ==== //
// export async function GET(req: Request) {
// const token = req.headers.get("Authorization")?.split(" ")[1];
// if (!token) return NextResponse.json({ success: false }, { status: 401 });
// return NextResponse.json({ success: true });
// }