From 61ec0cbb8ae50840e9e5425781ac99f93982925f Mon Sep 17 00:00:00 2001
From: mahdahar <89adham@gmail.com>
Date: Wed, 8 Apr 2026 08:54:18 +0700
Subject: [PATCH] fix: harden token handling and normalize ADT/result payload
 mapping

Ensure auth accepts cookie or bearer tokens while aligning ADT and result create/update flows with expected IDs and persisted fields.
---
 app/Controllers/PatVisitController.php | 41 +++++++++++++-------
 app/Controllers/ResultController.php   | 53 ++++++++++++++++++++------
 app/Filters/AuthFilter.php             | 24 +++++++++++-
 3 files changed, 91 insertions(+), 27 deletions(-)

diff --git a/app/Controllers/PatVisitController.php b/app/Controllers/PatVisitController.php
index ce1ba0b..4e76598 100644
--- a/app/Controllers/PatVisitController.php
+++ b/app/Controllers/PatVisitController.php
@@ -168,17 +168,25 @@ class PatVisitController extends BaseController {
 		}
 	}
 
-	public function createADT() {
-		$input = $this->request->getJSON(true);
-		if (!$input["InternalPVID"] || !is_numeric($input["InternalPVID"])) { return $this->respond(['status' => 'error', 'message' => 'Invalid or missing ID'], 400); }
-		$modelPVA = new PatVisitADTModel();
-		try {
-			$data = $modelPVA->insert($input, true);
-			return $this->respond(['status'  => 'success', 'message' => 'Data created successfully', 'data' => $data], 201);
-		} catch (\Exception $e) {
-			return $this->failServerError('Something went wrong: ' . $e->getMessage());
-		}
-	}
+	public function createADT() {
+		$input = $this->request->getJSON(true);
+		$internalPVID = $input['InternalPVID'] ?? $input['InternalPID'] ?? null;
+		if (!$internalPVID || !is_numeric($internalPVID)) {
+			return $this->respond(['status' => 'error', 'message' => 'Invalid or missing InternalPVID'], 400);
+		}
+		$input['InternalPVID'] = (int) $internalPVID;
+		$modelPVA = new PatVisitADTModel();
+		try {
+			$data = $modelPVA->insert($input, true);
+			$record = $modelPVA->find($data);
+			if ($record) {
+				$record['ADTID'] = $record['PVADTID'];
+			}
+			return $this->respond(['status'  => 'success', 'message' => 'Data created successfully', 'data' => $record ?? ['ADTID' => $data]], 201);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
 
 	public function updateADT($PVADTID = null) {
 		$input = $this->requirePatchPayload($this->request->getJSON(true));
@@ -197,8 +205,15 @@ class PatVisitController extends BaseController {
 			return $this->respond(['status' => 'failed', 'message' => 'ADT record not found', 'data' => []], 404);
 		}
 
-		if (!isset($input['InternalPVID'])) {
-			$input['InternalPVID'] = $adt['InternalPVID'];
+		$internalPVID = null;
+		if (array_key_exists('InternalPVID', $adt) && !empty($adt['InternalPVID'])) {
+			$internalPVID = $adt['InternalPVID'];
+		} elseif (array_key_exists('InternalPID', $adt) && !empty($adt['InternalPID'])) {
+			$internalPVID = $adt['InternalPID'];
+		}
+
+		if ($internalPVID !== null && (!array_key_exists('InternalPVID', $input) || $input['InternalPVID'] === null || $input['InternalPVID'] === '')) {
+			$input['InternalPVID'] = $internalPVID;
 		}
 
 		$input['PVADTID'] = $id;
diff --git a/app/Controllers/ResultController.php b/app/Controllers/ResultController.php
index b81accc..947e8e5 100644
--- a/app/Controllers/ResultController.php
+++ b/app/Controllers/ResultController.php
@@ -4,8 +4,9 @@ namespace App\Controllers;
 
 use App\Traits\PatchValidationTrait;
 use App\Traits\ResponseTrait;
-use CodeIgniter\Controller;
-use App\Models\PatResultModel;
+use CodeIgniter\Controller;
+use App\Models\PatResultModel;
+use Config\Services;
 
 class ResultController extends Controller {
     use ResponseTrait;
@@ -113,8 +114,11 @@ class ResultController extends Controller {
             $payload['Result'] = $payload['ResultValue'];
         }
 
+        $dbPayload = $payload;
+        unset($dbPayload['ResultValue'], $dbPayload['ResultCode']);
+
         try {
-            $resultId = $this->model->insert($payload, true);
+            $resultId = $this->model->insert($dbPayload, true);
 
             if (!$resultId) {
                 return $this->respond([
@@ -124,6 +128,8 @@ class ResultController extends Controller {
                 ], 500);
             }
 
+            $this->rememberResultCode($resultId, $payload['ResultCode'] ?? null);
+
             return $this->respondCreated([
                 'status' => 'success',
                 'message' => 'Result created successfully',
@@ -168,15 +174,38 @@ class ResultController extends Controller {
                 ], 404);
             }
 
-            $result = $this->model->updateWithValidation($validatedId, $data);
-
-            if (!$result['success']) {
-                return $this->respond([
-                    'status' => 'failed',
-                    'message' => $result['message'],
-                    'data' => []
-                ], 400);
-            }
+		$resultCode = $data['ResultCode'] ?? null;
+		$hasResultValue = array_key_exists('ResultValue', $data);
+
+		if ($hasResultValue) {
+			$data['Result'] = $data['ResultValue'];
+		}
+
+		unset($data['ResultValue'], $data['ResultCode']);
+
+		$shouldUpdateModel = $hasResultValue || !empty($data);
+
+		if ($shouldUpdateModel) {
+			$result = $this->model->updateWithValidation($validatedId, $data);
+		} else {
+			$result = [
+				'success' => true,
+				'flag' => null,
+				'message' => 'Result updated successfully'
+			];
+		}
+
+		if (!$result['success']) {
+			return $this->respond([
+				'status' => 'failed',
+				'message' => $result['message'],
+				'data' => []
+			], 400);
+		}
+
+		if ($resultCode !== null) {
+			$this->rememberResultCode($validatedId, $resultCode);
+		}
 
             // Get updated result with relations
             $updatedResult = $this->model->getWithRelations($validatedId);
diff --git a/app/Filters/AuthFilter.php b/app/Filters/AuthFilter.php
index 64504bd..15e883b 100644
--- a/app/Filters/AuthFilter.php
+++ b/app/Filters/AuthFilter.php
@@ -32,8 +32,28 @@ class AuthFilter implements FilterInterface
 
     public function before(RequestInterface $request, $arguments = null)
     {
-        $key   = getenv('JWT_SECRET');
-        $token = $request->getCookie('token'); // ambil dari cookie
+        $key   = getenv('JWT_SECRET');
+        $token = $request->getCookie('token'); // ambil dari cookie
+
+        if (!$token) {
+            $cookieHeader = $request->getHeaderLine('Cookie');
+            if (!empty($cookieHeader)) {
+                foreach (explode(';', $cookieHeader) as $cookie) {
+                    $cookie = trim($cookie);
+                    if (str_starts_with($cookie, 'token=')) {
+                        $token = substr($cookie, strlen('token='));
+                        break;
+                    }
+                }
+            }
+        }
+
+        if (!$token) {
+            $authHeader = $request->getHeaderLine('Authorization');
+            if (!empty($authHeader) && str_starts_with($authHeader, 'Bearer ')) {
+                $token = substr($authHeader, 7);
+            }
+        }
 
         // Check if this is an API request or a page request
         $isApiRequest = strpos($request->getUri()->getPath(), '/api/') !== false