feat: block inactive users from login and fix activity log on dev operators

- Block inactive users on email/password login (403) - Block inactive users on Google OAuth (redirect to account_disabled) - Auto-logout inactive users on session check (deleteMany sessions) - Delete sessions when user is deactivated via PATCH /api/operators/:id - Add account_disabled error message on login page - Show inactive indicator on users table with reactivate button - Add createSystemLog calls to /api/admin/users role and activate endpoints Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 11:58:31 +08:00
parent 73aa9729b8
commit 06794524fd
3 changed files with 91 additions and 17 deletions
--- a/src/frontend/routes/login.tsx
+++ b/src/frontend/routes/login.tsx
@@ -66,6 +66,7 @@ function LoginPage() {
                    invalid_state: 'Sesi OAuth tidak valid, silakan coba lagi.',
                    token_failed: 'Gagal menukar token Google, silakan coba lagi.',
                    userinfo_failed: 'Gagal mengambil info akun Google, silakan coba lagi.',
+                    account_disabled: 'Akun Anda telah dinonaktifkan. Hubungi admin untuk informasi lebih lanjut.',
                  }[searchError ?? ''] ?? 'Login dengan Google gagal, silakan coba lagi.'
                )}
              </Alert>