Merge pull request 'amalia/28-mei-26' (#54 ) from amalia/28-mei-26 into join

Reviewed-on: #54
feat: tambahkan village-report endpoint dengan perbandingan periode sebelumnya
2026-05-28 17:24:09 +08:00 · 2026-05-28 15:39:47 +08:00 · 2026-05-28 15:06:23 +08:00 · 2026-05-28 14:47:11 +08:00 · 2026-05-28 14:32:49 +08:00 · 2026-05-28 14:18:03 +08:00
15 changed files with 756 additions and 275 deletions
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "sistem-desa-mandiri",
-  "version": "0.1.11",
+  "version": "0.1.18",
  "private": true,
  "scripts": {
    "dev": "next dev --experimental-https",
--- a/prisma/migrations/20260515030040_auto/migration.sql
+++ b/prisma/migrations/20260515030040_auto/migration.sql
@@ -0,0 +1 @@
+-- This is an empty migration.
--- a/prisma/migrations/20260515031651_auto/migration.sql
+++ b/prisma/migrations/20260515031651_auto/migration.sql
@@ -0,0 +1 @@
+-- This is an empty migration.
--- a/prisma/migrations/20260518071507_auto/migration.sql
+++ b/prisma/migrations/20260518071507_auto/migration.sql
@@ -0,0 +1 @@
+-- This is an empty migration.
--- a/prisma/migrations/20260519080535_auto/migration.sql
+++ b/prisma/migrations/20260519080535_auto/migration.sql
@@ -0,0 +1 @@
+-- This is an empty migration.
--- a/prisma/migrations/20260521030721_auto/migration.sql
+++ b/prisma/migrations/20260521030721_auto/migration.sql
@@ -0,0 +1 @@
+-- This is an empty migration.
--- a/prisma/migrations/20260522064632_auto/migration.sql
+++ b/prisma/migrations/20260522064632_auto/migration.sql
@@ -0,0 +1 @@
+-- This is an empty migration.
--- a/prisma/migrations/20260525073630_auto/migration.sql
+++ b/prisma/migrations/20260525073630_auto/migration.sql
@@ -0,0 +1 @@
+-- This is an empty migration.
--- a/src/app/api/ai/[[...slug]]/route.ts
+++ b/src/app/api/ai/[[...slug]]/route.ts
@@ -1,3 +1,4 @@
+import { isValidApiKey } from "@/lib/apiKey";
 import { prisma } from "@/module/_global";
 import cors from "@elysiajs/cors";
 import { swagger } from "@elysiajs/swagger";
@@ -6,20 +7,6 @@ import _ from "lodash";
 import moment from "moment";
 import "moment/locale/id";

-const CACHE_TTL_MS = 60_000;
-let apiKeyCache: Set<string> = new Set();
-let cacheExpiresAt = 0;
-
-async function isValidApiKey(incoming: string): Promise<boolean> {
-   const now = Date.now();
-   if (now > cacheExpiresAt) {
-      const rows = await prisma.apiKey.findMany({ where: { isActive: true }, select: { key: true } });
-      apiKeyCache = new Set(rows.map((r) => r.key));
-      cacheExpiresAt = now + CACHE_TTL_MS;
-   }
-   return apiKeyCache.has(incoming);
-}
-
 const AiServer = new Elysia({ prefix: "/api/ai" })
   .use(cors({
      origin: "*",
--- a/src/app/api/mobile/project/task/[id]/approval/route.ts
+++ b/src/app/api/mobile/project/task/[id]/approval/route.ts
@@ -96,13 +96,13 @@ async function sendNotification({
    }
 }

-async function getApproversInVillage(idVillage: string): Promise<NotifTarget[]> {
+async function getApproversInVillage(idVillage: string, idGroup: string): Promise<NotifTarget[]> {
    const approvers = await prisma.user.findMany({
        where: {
            isActive: true,
            idVillage,
            OR: [
-                { isApprover: true },
+                { isApprover: true, idGroup },
                { UserRole: { id: 'supadmin' } }
            ]
        },
@@ -198,7 +198,10 @@ export async function POST(request: Request, context: { params: { id: string } }

        const task = await prisma.projectTask.findUnique({
            where: { id, isActive: true },
-            select: { id: true, status: true, idProject: true, title: true }
+            select: {
+                id: true, status: true, title: true,
+                Project: { select: { id: true, idGroup: true } }
+            }
        });

        if (!task) {
@@ -227,14 +230,14 @@ export async function POST(request: Request, context: { params: { id: string } }
            })
        ]);

-        await recalculateProjectStatus(task.idProject);
+        await recalculateProjectStatus(task.Project.id);

-        // Notifikasi ke semua approver
-        const approverTargets = await getApproversInVillage(String(userMobile.idVillage));
+        // Notifikasi ke semua approver di desa dan group yang sama
+        const approverTargets = await getApproversInVillage(String(userMobile.idVillage), task.Project.idGroup);
        await sendNotification({
            targets: approverTargets,
            idUserFrom: userMobile.id,
-            idContent: task.idProject,
+            idContent: task.Project.id,
            title: 'Pengajuan Penyelesaian Tugas',
            desc: task.title,
        });
@@ -271,7 +274,7 @@ export async function PUT(request: Request, context: { params: { id: string } })

        const task = await prisma.projectTask.findUnique({
            where: { id, isActive: true },
-            select: { id: true, status: true, idProject: true, title: true }
+            select: { id: true, status: true, title: true, Project: { select: { id: true } } }
        });

        if (!task) {
@@ -304,7 +307,7 @@ export async function PUT(request: Request, context: { params: { id: string } })
                })
            ]);

-            await recalculateProjectStatus(task.idProject);
+            await recalculateProjectStatus(task.Project.id);

            // Notifikasi ke submitter
            const submitterTarget = await getUserNotifTarget(pendingApproval.idUser);
@@ -312,7 +315,7 @@ export async function PUT(request: Request, context: { params: { id: string } })
                await sendNotification({
                    targets: [submitterTarget],
                    idUserFrom: userMobile.id,
-                    idContent: task.idProject,
+                    idContent: task.Project.id,
                    title: 'Tugas Disetujui',
                    desc: task.title,
                });
@@ -339,7 +342,7 @@ export async function PUT(request: Request, context: { params: { id: string } })
            })
        ]);

-        await recalculateProjectStatus(task.idProject);
+        await recalculateProjectStatus(task.Project.id);

        // Notifikasi ke submitter
        const submitterTarget = await getUserNotifTarget(pendingApproval.idUser);
@@ -347,7 +350,7 @@ export async function PUT(request: Request, context: { params: { id: string } })
            await sendNotification({
                targets: [submitterTarget],
                idUserFrom: userMobile.id,
-                idContent: task.idProject,
+                idContent: task.Project.id,
                title: 'Tugas Ditolak',
                desc: task.title,
            });
--- a/src/app/api/mobile/task/[id]/route.ts
+++ b/src/app/api/mobile/task/[id]/route.ts
@@ -25,6 +25,9 @@ export async function GET(request: Request, context: { params: { id: string } })
         where: {
            id: String(id),
            isActive: true
+         },
+         include: {
+            Division: { select: { idGroup: true } }
         }
      });

@@ -33,7 +36,7 @@ export async function GET(request: Request, context: { params: { id: string } })
      }

      if (kategori == "data") {
-         allData = data
+         allData = { ...data, idGroup: data.Division.idGroup }
      } else if (kategori == "progress") {
         const dataProgress = await prisma.divisionProjectTask.findMany({
            where: {
--- a/src/app/api/mobile/task/tugas/[id]/approval/route.ts
+++ b/src/app/api/mobile/task/tugas/[id]/approval/route.ts
@@ -96,13 +96,19 @@ async function sendNotification({
 }

 async function getApproversForDivision(idVillage: string, idDivision: string): Promise<NotifTarget[]> {
+    const division = await prisma.division.findUnique({
+        where: { id: idDivision },
+        select: { idGroup: true }
+    });
+    const idGroup = division?.idGroup;
+
    const [globalApprovers, divisionAdmins] = await Promise.all([
        prisma.user.findMany({
            where: {
                isActive: true,
                idVillage,
                OR: [
-                    { isApprover: true },
+                    { isApprover: true, idGroup },
                    { UserRole: { id: 'supadmin' } }
                ]
            },
@@ -285,23 +291,35 @@ export async function PUT(request: Request, context: { params: { id: string } })
            return NextResponse.json({ success: false, message: "Anda harus login untuk mengakses ini" }, { status: 200 });
        }

-        const canApprove = await getApproverStatus(userMobile.id);
-        if (!canApprove) {
-            // Check if division admin
-            const task = await prisma.divisionProjectTask.findUnique({
-                where: { id, isActive: true },
-                select: { idDivision: true }
-            });
-            if (task) {
-                const isDivAdmin = await prisma.divisionMember.count({
-                    where: { idDivision: task.idDivision, idUser: userMobile.id, isAdmin: true, isActive: true }
-                });
-                if (isDivAdmin === 0) {
-                    return NextResponse.json({ success: false, message: "Anda tidak memiliki izin untuk menyetujui atau menolak tugas" }, { status: 200 });
-                }
-            } else {
-                return NextResponse.json({ success: false, message: "Tugas tidak ditemukan" }, { status: 200 });
-            }
+        const taskForAuth = await prisma.divisionProjectTask.findUnique({
+            where: { id, isActive: true },
+            select: { idDivision: true }
+        });
+        if (!taskForAuth) {
+            return NextResponse.json({ success: false, message: "Tugas tidak ditemukan" }, { status: 200 });
+        }
+
+        const [division, userFull, isDivAdmin] = await Promise.all([
+            prisma.division.findUnique({
+                where: { id: taskForAuth.idDivision },
+                select: { idGroup: true, idVillage: true }
+            }),
+            prisma.user.findUnique({
+                where: { id: userMobile.id },
+                select: { isApprover: true, idGroup: true, idVillage: true, UserRole: { select: { id: true } } }
+            }),
+            prisma.divisionMember.count({
+                where: { idDivision: taskForAuth.idDivision, idUser: userMobile.id, isAdmin: true, isActive: true }
+            })
+        ]);
+
+        const isSupadmin = APPROVER_ROLES.includes(userFull?.UserRole?.id ?? '');
+        const isGroupApprover = !!(userFull?.isApprover &&
+            userFull.idVillage === division?.idVillage &&
+            userFull.idGroup === division?.idGroup);
+
+        if (!isSupadmin && !isGroupApprover && isDivAdmin === 0) {
+            return NextResponse.json({ success: false, message: "Anda tidak memiliki izin untuk menyetujui atau menolak tugas" }, { status: 200 });
        }

        const task = await prisma.divisionProjectTask.findUnique({
--- a/src/app/api/monitoring/[[...slug]]/route.ts
+++ b/src/app/api/monitoring/[[...slug]]/route.ts
--- a/src/app/api/noc/[[...slug]]/route.ts
+++ b/src/app/api/noc/[[...slug]]/route.ts
@@ -1,3 +1,4 @@
+import { isValidApiKey } from "@/lib/apiKey";
 import { prisma } from "@/module/_global";
 import cors from "@elysiajs/cors";
 import { swagger } from "@elysiajs/swagger";
@@ -11,20 +12,40 @@ const NocServer = new Elysia({ prefix: "/api/noc" })
   .use(cors({
      origin: "*",
      methods: ["GET", "POST", "OPTIONS"],
+      allowedHeaders: ["Content-Type", "x-api-key"],
   }))
   .use(swagger({
-      path: "/docs", // Karena prefix instance adalah /api/noc, maka ini akan diakses di /api/noc/docs
+      path: "/docs",
      documentation: {
         info: {
            title: "Sistem Desa Mandiri - NOC API",
            version: "1.0.0",
            description: "API Khusus untuk kebutuhan NOC (Network Operation Center) dan Monitoring Desa",
         },
+         components: {
+            securitySchemes: {
+               ApiKeyAuth: {
+                  type: "apiKey",
+                  in: "header",
+                  name: "x-api-key",
+               },
+            },
+         },
+         security: [{ ApiKeyAuth: [] }],
         tags: [
            { name: "NOC", description: "Endpoint khusus monitoring" }
         ]
      }
   }))
+   .onBeforeHandle(async ({ request, set, path }) => {
+      if (path.startsWith("/api/noc/docs")) return;
+
+      const incoming = request.headers.get("x-api-key");
+      if (!incoming || !(await isValidApiKey(incoming))) {
+         set.status = 401;
+         return { success: false, message: "Unauthorized" };
+      }
+   })

   // ── GET /api/noc/active-divisions ──────────────────────────────────────────
   .get(
--- a/src/lib/apiKey.ts
+++ b/src/lib/apiKey.ts
@@ -0,0 +1,15 @@
+import { prisma } from "@/module/_global";
+
+const CACHE_TTL_MS = 60_000;
+let apiKeyCache: Set<string> = new Set();
+let cacheExpiresAt = 0;
+
+export async function isValidApiKey(incoming: string): Promise<boolean> {
+   const now = Date.now();
+   if (now > cacheExpiresAt) {
+      const rows = await prisma.apiKey.findMany({ where: { isActive: true }, select: { key: true } });
+      apiKeyCache = new Set(rows.map((r) => r.key));
+      cacheExpiresAt = now + CACHE_TTL_MS;
+   }
+   return apiKeyCache.has(incoming);
+}
Author	SHA1	Message	Date
amaliadwiy	a14f07b928	Merge pull request 'amalia/28-mei-26' (#54 ) from amalia/28-mei-26 into join Reviewed-on: #54	2026-05-28 17:24:09 +08:00
amaliadwiy	1e02747e22	feat: tambahkan village-report endpoint dengan perbandingan periode sebelumnya - Endpoint /village-report kini menghitung activity_count periode saat ini dan prev_activity_count periode sebelumnya dalam satu query (doubleRange) - Tambahkan kalkulasi trend persentase perubahan antar periode - Sertakan data perbekel, active_users, inactive_users, lastActivity, dan daysSince - Tambahkan endpoint /export-logs dan /export-users untuk ekspor CSV	2026-05-28 15:39:47 +08:00
amaliadwiy	a0bffd53cb	feat: tambah endpoint export-logs dan export-users untuk CSV download	2026-05-28 15:06:23 +08:00
amaliadwiy	8dca3e440f	feat: tambah endpoint peak-hours untuk distribusi aktivitas per jam	2026-05-28 14:47:11 +08:00
amaliadwiy	1df1d10c91	feat: tambah endpoint inactive-users dan lengkapi field response-nya	2026-05-28 14:32:49 +08:00
amaliadwiy	e5891f0da3	feat: tambah idVillage ke response log-all-villages	2026-05-28 14:18:03 +08:00
amaliadwiy	619cc9a403	feat: tambah endpoint stale-villages untuk deteksi desa tidak aktif	2026-05-28 14:14:35 +08:00
amaliadwiy	3272ecaef3	feat: tambah field lastActivity ke endpoint monitoring /user	2026-05-28 14:09:42 +08:00
amaliadwiy	3b5126d8ee	Merge pull request 'amalia/25-mei-26' (#53 ) from amalia/25-mei-26 into join Reviewed-on: #53	2026-05-25 17:32:47 +08:00
amaliadwiy	552957282b	bump: version 0.1.18 + migration	2026-05-25 15:36:30 +08:00
amaliadwiy	22555079f3	feat: graph-log-villages support dateFrom/dateTo + recent-village-logs endpoint	2026-05-25 15:08:30 +08:00
amaliadwiy	6cf6486172	feat: tambah endpoint GET /api-keys/:id untuk ambil full key	2026-05-25 12:00:53 +08:00
amaliadwiy	35e51028db	Merge pull request 'amalia/22-mei-26' (#52 ) from amalia/22-mei-26 into join Reviewed-on: #52	2026-05-22 17:41:21 +08:00
amaliadwiy	37ea4e37e7	bump: version 0.1.17 + migration	2026-05-22 14:46:33 +08:00
amaliadwiy	e270db3bfa	feat: add range param to daily-activity and comparison-activity endpoints Both endpoints now accept ?range=7\|30\|90 (default 7). comparison-activity result now follows SQL ORDER BY instead of being remapped through villages array.	2026-05-22 14:16:36 +08:00
amaliadwiy	32dac32532	feat: add village and date range filter on /log-all-villages endpoint	2026-05-22 11:37:42 +08:00
amaliadwiy	d369a71eb6	feat: add filter and orderBy support on /user monitoring endpoint	2026-05-22 11:17:42 +08:00
amaliadwiy	7334831d61	Merge pull request 'bump: version 0.1.16 + migration' (#51 ) from amalia/21-mei-26 into join Reviewed-on: #51	2026-05-21 17:25:52 +08:00
amaliadwiy	c0a4d584af	bump: version 0.1.16 + migration	2026-05-21 11:07:23 +08:00
amaliadwiy	9ac105e7bc	Merge pull request 'amalia/20-mei-26' (#50 ) from amalia/20-mei-26 into join Reviewed-on: #50	2026-05-20 17:22:20 +08:00
amaliadwiy	10457e96e8	feat: tambah autentikasi x-api-key pada NOC API dan ekstrak isValidApiKey ke shared lib	2026-05-20 12:23:38 +08:00
amaliadwiy	9ad934c99f	bump: version 0.1.15 + migration	2026-05-19 16:05:35 +08:00
amaliadwiy	5bfcde32ed	Merge pull request 'amalia/18-mei-26' (#49 ) from amalia/18-mei-26 into join Reviewed-on: #49	2026-05-18 17:26:42 +08:00
amaliadwiy	8240d608ad	feat: tambah field isApprover pada endpoint get & edit user	2026-05-18 16:42:33 +08:00
amaliadwiy	fd7d08d38a	bump: version 0.1.14 + migration	2026-05-18 15:15:07 +08:00
amaliadwiy	b95fd9543c	feat: filter approver berdasarkan group pada project dan division task - project/task approval: filter isApprover berdasarkan desa + group project - project/task approval: supadmin tetap hanya filter desa - division/task approval: expose idGroup dari Division pada response cat=data - division/task approval: filter isApprover berdasarkan desa + group division - division/task approval PUT: ganti getApproverStatus dengan cek langsung berdasarkan village, group, dan keanggotaan division admin	2026-05-18 14:52:38 +08:00
amaliadwiy	7622c58ce4	Merge pull request 'amalia/15-mei-26' (#48 ) from amalia/15-mei-26 into join Reviewed-on: #48	2026-05-15 14:20:52 +08:00
amaliadwiy	d1b90b63e9	bump: version 0.1.13 + migration	2026-05-15 11:16:51 +08:00
amaliadwiy	387a86f17e	bump: version 0.1.12 + migration	2026-05-15 11:00:40 +08:00
amaliadwiy	b749b333f6	Merge pull request 'upd: api jenna perangkat desa' (#47 ) from amalia/13-mei-26 into join Reviewed-on: #47	2026-05-13 17:25:21 +08:00