tambahan
This commit is contained in:
bipproduction
@@ -1,7 +1,7 @@
|
||||
import Swagger from "@elysiajs/swagger";
|
||||
import Elysia from "elysia";
|
||||
import html from "./index.html";
|
||||
import apiAuth from "./server/middlewares/apiAuth";
|
||||
import { apiAuth } from "./server/middlewares/apiAuth";
|
||||
import ApiKeyRoute from "./server/routes/apikey_route";
|
||||
import Auth from "./server/routes/auth_route";
|
||||
import CredentialRoute from "./server/routes/credential_route";
|
||||
@@ -10,8 +10,6 @@ import { convertOpenApiToMcp } from "./server/lib/mcp-converter";
|
||||
import UserRoute from "./server/routes/user_route";
|
||||
import LayananRoute from "./server/routes/layanan_route";
|
||||
import AduanRoute from "./server/routes/aduan_route";
|
||||
|
||||
import { cors } from "@elysiajs/cors";
|
||||
import { MCPRoute } from "./server/routes/mcp_route";
|
||||
import PengaduanRoute from "./server/routes/pengaduan_route";
|
||||
|
||||
|
||||
@@ -1,15 +1,18 @@
|
||||
/* eslint-disable @typescript-eslint/no-explicit-any */
|
||||
import jwt, { type JWTPayloadSpec } from '@elysiajs/jwt'
|
||||
import Elysia from 'elysia'
|
||||
import { prisma } from '../lib/prisma' // pastikan nama file sama persis!
|
||||
import { prisma } from '../lib/prisma'
|
||||
|
||||
const secret = process.env.JWT_SECRET
|
||||
|
||||
export default function apiAuth(app: Elysia) {
|
||||
if (!secret) {
|
||||
throw new Error('JWT_SECRET is not defined')
|
||||
}
|
||||
|
||||
export function apiAuth(app: Elysia) {
|
||||
if (!secret) {
|
||||
throw new Error('JWT_SECRET is not defined')
|
||||
}
|
||||
|
||||
return app
|
||||
.use(
|
||||
jwt({
|
||||
@@ -17,44 +20,63 @@ export default function apiAuth(app: Elysia) {
|
||||
secret,
|
||||
})
|
||||
)
|
||||
.derive(async ({ cookie, headers, jwt }) => {
|
||||
.derive(async ({ cookie, headers, jwt, request }) => {
|
||||
let token: string | undefined
|
||||
|
||||
// Cek token dari cookie
|
||||
if (cookie?.token?.value) {
|
||||
token = cookie.token.value as any
|
||||
}
|
||||
// 🔸 Ambil token dari Cookie
|
||||
if (cookie?.token?.value) token = cookie.token.value as string
|
||||
|
||||
// Normalisasi header key
|
||||
const headerToken =
|
||||
headers['x-token'] ||
|
||||
headers['X-Token'] ||
|
||||
headers['authorization'] ||
|
||||
headers['Authorization']
|
||||
// 🔸 Ambil token dari Header (case-insensitive)
|
||||
const possibleHeaders = [
|
||||
'authorization',
|
||||
'Authorization',
|
||||
'x-token',
|
||||
'X-Token',
|
||||
]
|
||||
|
||||
if (headerToken?.startsWith('Bearer ')) {
|
||||
token = headerToken.slice(7)
|
||||
}
|
||||
|
||||
let user: null | Awaited<ReturnType<typeof prisma.user.findUnique>> = null
|
||||
|
||||
if (token) {
|
||||
try {
|
||||
const decoded = (await jwt.verify(token)) as JWTPayloadSpec
|
||||
if (decoded.sub) {
|
||||
user = await prisma.user.findUnique({
|
||||
where: { id: decoded.sub as string },
|
||||
})
|
||||
}
|
||||
} catch (err) {
|
||||
console.warn('[SERVER][apiAuth] Invalid token', err)
|
||||
for (const key of possibleHeaders) {
|
||||
const value = headers[key]
|
||||
if (typeof value === 'string') {
|
||||
token = value.startsWith('Bearer ') ? value.slice(7) : value
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return { user }
|
||||
// 🔸 Tidak ada token
|
||||
if (!token) {
|
||||
console.warn(`[AUTH] No token found for ${request.method} ${request.url}`)
|
||||
return { user: null }
|
||||
}
|
||||
|
||||
// 🔸 Verifikasi token
|
||||
try {
|
||||
const decoded = (await jwt.verify(token)) as JWTPayloadSpec
|
||||
|
||||
if (!decoded?.sub) {
|
||||
console.warn('[AUTH] Token missing sub field:', decoded)
|
||||
return { user: null }
|
||||
}
|
||||
|
||||
const user = await prisma.user.findUnique({
|
||||
where: { id: decoded.sub as string },
|
||||
})
|
||||
|
||||
if (!user) {
|
||||
console.warn('[AUTH] User not found for sub:', decoded.sub)
|
||||
return { user: null }
|
||||
}
|
||||
|
||||
return { user }
|
||||
} catch (err) {
|
||||
console.warn('[AUTH] Invalid JWT token:', err)
|
||||
return { user: null }
|
||||
}
|
||||
})
|
||||
.onBeforeHandle(({ user, set }) => {
|
||||
.onBeforeHandle(({ user, set, request }) => {
|
||||
if (!user) {
|
||||
console.warn(
|
||||
`[AUTH] Unauthorized access: ${request.method} ${request.url}`
|
||||
)
|
||||
set.status = 401
|
||||
return { error: 'Unauthorized' }
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user