wibu/jenna-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tambahan

Browse Source
This commit is contained in:
bipproduction
2025-10-28 16:26:03 +08:00
parent 5dc83dbd35
commit 2003364bff
2 changed files with 55 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/index.tsx
View File

@@ -1,7 +1,7 @@
import Swagger from "@elysiajs/swagger"; import Swagger from "@elysiajs/swagger";
import Elysia from "elysia"; import Elysia from "elysia";
import html from "./index.html"; import html from "./index.html";
import apiAuth from "./server/middlewares/apiAuth"; import { apiAuth } from "./server/middlewares/apiAuth";
import ApiKeyRoute from "./server/routes/apikey_route"; import ApiKeyRoute from "./server/routes/apikey_route";
import Auth from "./server/routes/auth_route"; import Auth from "./server/routes/auth_route";
import CredentialRoute from "./server/routes/credential_route"; import CredentialRoute from "./server/routes/credential_route";
@@ -10,8 +10,6 @@ import { convertOpenApiToMcp } from "./server/lib/mcp-converter";
import UserRoute from "./server/routes/user_route"; import UserRoute from "./server/routes/user_route";
import LayananRoute from "./server/routes/layanan_route"; import LayananRoute from "./server/routes/layanan_route";
import AduanRoute from "./server/routes/aduan_route"; import AduanRoute from "./server/routes/aduan_route";
import { cors } from "@elysiajs/cors";
import { MCPRoute } from "./server/routes/mcp_route"; import { MCPRoute } from "./server/routes/mcp_route";
import PengaduanRoute from "./server/routes/pengaduan_route"; import PengaduanRoute from "./server/routes/pengaduan_route";

86
src/server/middlewares/apiAuth.ts
View File

@@ -1,15 +1,18 @@
/* eslint-disable @typescript-eslint/no-explicit-any */ /* eslint-disable @typescript-eslint/no-explicit-any */
import jwt, { type JWTPayloadSpec } from '@elysiajs/jwt' import jwt, { type JWTPayloadSpec } from '@elysiajs/jwt'
import Elysia from 'elysia' import Elysia from 'elysia'
import { prisma } from '../lib/prisma' // pastikan nama file sama persis! import { prisma } from '../lib/prisma'
const secret = process.env.JWT_SECRET const secret = process.env.JWT_SECRET
export default function apiAuth(app: Elysia) { if (!secret) {
throw new Error('JWT_SECRET is not defined')
}
export function apiAuth(app: Elysia) {
if (!secret) { if (!secret) {
throw new Error('JWT_SECRET is not defined') throw new Error('JWT_SECRET is not defined')
} }
return app return app
.use( .use(
jwt({ jwt({
@@ -17,44 +20,63 @@ export default function apiAuth(app: Elysia) {
secret, secret,
}) })
) )
.derive(async ({ cookie, headers, jwt }) => { .derive(async ({ cookie, headers, jwt, request }) => {
let token: string | undefined let token: string | undefined
// Cek token dari cookie // 🔸 Ambil token dari Cookie
if (cookie?.token?.value) { if (cookie?.token?.value) token = cookie.token.value as string
token = cookie.token.value as any
}
// Normalisasi header key // 🔸 Ambil token dari Header (case-insensitive)
const headerToken = const possibleHeaders = [
headers['x-token'] || 'authorization',
headers['X-Token'] || 'Authorization',
headers['authorization'] || 'x-token',
headers['Authorization'] 'X-Token',
]
if (headerToken?.startsWith('Bearer ')) { for (const key of possibleHeaders) {
token = headerToken.slice(7) const value = headers[key]
} if (typeof value === 'string') {
token = value.startsWith('Bearer ') ? value.slice(7) : value
let user: null | Awaited<ReturnType<typeof prisma.user.findUnique>> = null break
if (token) {
try {
const decoded = (await jwt.verify(token)) as JWTPayloadSpec
if (decoded.sub) {
user = await prisma.user.findUnique({
where: { id: decoded.sub as string },
})
}
} catch (err) {
console.warn('[SERVER][apiAuth] Invalid token', err)
} }
} }
return { user } // 🔸 Tidak ada token
if (!token) {
console.warn(`[AUTH] No token found for ${request.method} ${request.url}`)
return { user: null }
}
// 🔸 Verifikasi token
try {
const decoded = (await jwt.verify(token)) as JWTPayloadSpec
if (!decoded?.sub) {
console.warn('[AUTH] Token missing sub field:', decoded)
return { user: null }
}
const user = await prisma.user.findUnique({
where: { id: decoded.sub as string },
})
if (!user) {
console.warn('[AUTH] User not found for sub:', decoded.sub)
return { user: null }
}
return { user }
} catch (err) {
console.warn('[AUTH] Invalid JWT token:', err)
return { user: null }
}
}) })
.onBeforeHandle(({ user, set }) => { .onBeforeHandle(({ user, set, request }) => {
if (!user) { if (!user) {
console.warn(
`[AUTH] Unauthorized access: ${request.method} ${request.url}`
)
set.status = 401 set.status = 401
return { error: 'Unauthorized' } return { error: 'Unauthorized' }
} }