From 5dc83dbd35254e0bc8c1d2ccc86ba0d850597ba0 Mon Sep 17 00:00:00 2001
From: bipproduction <bip.production.js@gmail.com>
Date: Tue, 28 Oct 2025 16:18:13 +0800
Subject: [PATCH] tambahan

---
 src/server/middlewares/apiAuth.ts | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/server/middlewares/apiAuth.ts b/src/server/middlewares/apiAuth.ts
index 7f6c003..2a5cf85 100644
--- a/src/server/middlewares/apiAuth.ts
+++ b/src/server/middlewares/apiAuth.ts
@@ -1,7 +1,7 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 import jwt, { type JWTPayloadSpec } from '@elysiajs/jwt'
 import Elysia from 'elysia'
-import { prisma } from '../lib/prisma'
+import { prisma } from '../lib/prisma' // pastikan nama file sama persis!
 
 const secret = process.env.JWT_SECRET
 
@@ -9,6 +9,7 @@ export default function apiAuth(app: Elysia) {
   if (!secret) {
     throw new Error('JWT_SECRET is not defined')
   }
+
   return app
     .use(
       jwt({
@@ -19,17 +20,24 @@ export default function apiAuth(app: Elysia) {
     .derive(async ({ cookie, headers, jwt }) => {
       let token: string | undefined
 
+      // Cek token dari cookie
       if (cookie?.token?.value) {
         token = cookie.token.value as any
       }
-      if (headers['x-token']?.startsWith('Bearer ')) {
-        token = (headers['x-token'] as string).slice(7)
-      }
-      if (headers['authorization']?.startsWith('Bearer ')) {
-        token = (headers['authorization'] as string).slice(7)
+
+      // Normalisasi header key
+      const headerToken =
+        headers['x-token'] ||
+        headers['X-Token'] ||
+        headers['authorization'] ||
+        headers['Authorization']
+
+      if (headerToken?.startsWith('Bearer ')) {
+        token = headerToken.slice(7)
       }
 
       let user: null | Awaited<ReturnType<typeof prisma.user.findUnique>> = null
+
       if (token) {
         try {
           const decoded = (await jwt.verify(token)) as JWTPayloadSpec