mahdahar/clqms-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden token handling and normalize ADT/result payload mapping

Browse Source 
Ensure auth accepts cookie or bearer tokens while aligning ADT and result create/update flows with expected IDs and persisted fields.
This commit is contained in:
mahdahar 2026-04-08 08:54:18 +07:00
parent 84c81fe9c5
commit 61ec0cbb8a
3 changed files with 91 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/Controllers/PatVisitController.php
View File

@ -170,11 +170,19 @@ class PatVisitController extends BaseController {
public function createADT() { public function createADT() {
$input = $this->request->getJSON(true); $input = $this->request->getJSON(true);
if (!$input["InternalPVID"] || !is_numeric($input["InternalPVID"])) { return $this->respond(['status' => 'error', 'message' => 'Invalid or missing ID'], 400); } $internalPVID = $input['InternalPVID'] ?? $input['InternalPID'] ?? null;
if (!$internalPVID || !is_numeric($internalPVID)) {
return $this->respond(['status' => 'error', 'message' => 'Invalid or missing InternalPVID'], 400);
}
$input['InternalPVID'] = (int) $internalPVID;
$modelPVA = new PatVisitADTModel(); $modelPVA = new PatVisitADTModel();
try { try {
$data = $modelPVA->insert($input, true); $data = $modelPVA->insert($input, true);
return $this->respond(['status' => 'success', 'message' => 'Data created successfully', 'data' => $data], 201); $record = $modelPVA->find($data);
if ($record) {
$record['ADTID'] = $record['PVADTID'];
}
return $this->respond(['status' => 'success', 'message' => 'Data created successfully', 'data' => $record ?? ['ADTID' => $data]], 201);
} catch (\Exception $e) { } catch (\Exception $e) {
return $this->failServerError('Something went wrong: ' . $e->getMessage()); return $this->failServerError('Something went wrong: ' . $e->getMessage());
} }
@ -197,8 +205,15 @@ class PatVisitController extends BaseController {
return $this->respond(['status' => 'failed', 'message' => 'ADT record not found', 'data' => []], 404); return $this->respond(['status' => 'failed', 'message' => 'ADT record not found', 'data' => []], 404);
} }
if (!isset($input['InternalPVID'])) { $internalPVID = null;
$input['InternalPVID'] = $adt['InternalPVID']; if (array_key_exists('InternalPVID', $adt) && !empty($adt['InternalPVID'])) {
$internalPVID = $adt['InternalPVID'];
} elseif (array_key_exists('InternalPID', $adt) && !empty($adt['InternalPID'])) {
$internalPVID = $adt['InternalPID'];
}
if ($internalPVID !== null && (!array_key_exists('InternalPVID', $input) || $input['InternalPVID'] === null || $input['InternalPVID'] === '')) {
$input['InternalPVID'] = $internalPVID;
} }
$input['PVADTID'] = $id; $input['PVADTID'] = $id;

31
app/Controllers/ResultController.php
View File

@ -6,6 +6,7 @@ use App\Traits\PatchValidationTrait;
use App\Traits\ResponseTrait; use App\Traits\ResponseTrait;
use CodeIgniter\Controller; use CodeIgniter\Controller;
use App\Models\PatResultModel; use App\Models\PatResultModel;
use Config\Services;
class ResultController extends Controller { class ResultController extends Controller {
use ResponseTrait; use ResponseTrait;
@ -113,8 +114,11 @@ class ResultController extends Controller {
$payload['Result'] = $payload['ResultValue']; $payload['Result'] = $payload['ResultValue'];
} }
$dbPayload = $payload;
unset($dbPayload['ResultValue'], $dbPayload['ResultCode']);
try { try {
$resultId = $this->model->insert($payload, true); $resultId = $this->model->insert($dbPayload, true);
if (!$resultId) { if (!$resultId) {
return $this->respond([ return $this->respond([
@ -124,6 +128,8 @@ class ResultController extends Controller {
], 500); ], 500);
} }
$this->rememberResultCode($resultId, $payload['ResultCode'] ?? null);
return $this->respondCreated([ return $this->respondCreated([
'status' => 'success', 'status' => 'success',
'message' => 'Result created successfully', 'message' => 'Result created successfully',
@ -168,7 +174,26 @@ class ResultController extends Controller {
], 404); ], 404);
} }
$resultCode = $data['ResultCode'] ?? null;
$hasResultValue = array_key_exists('ResultValue', $data);
if ($hasResultValue) {
$data['Result'] = $data['ResultValue'];
}
unset($data['ResultValue'], $data['ResultCode']);
$shouldUpdateModel = $hasResultValue || !empty($data);
if ($shouldUpdateModel) {
$result = $this->model->updateWithValidation($validatedId, $data); $result = $this->model->updateWithValidation($validatedId, $data);
} else {
$result = [
'success' => true,
'flag' => null,
'message' => 'Result updated successfully'
];
}
if (!$result['success']) { if (!$result['success']) {
return $this->respond([ return $this->respond([
@ -178,6 +203,10 @@ class ResultController extends Controller {
], 400); ], 400);
} }
if ($resultCode !== null) {
$this->rememberResultCode($validatedId, $resultCode);
}
// Get updated result with relations // Get updated result with relations
$updatedResult = $this->model->getWithRelations($validatedId); $updatedResult = $this->model->getWithRelations($validatedId);

20
app/Filters/AuthFilter.php
View File

@ -35,6 +35,26 @@ class AuthFilter implements FilterInterface
$key = getenv('JWT_SECRET'); $key = getenv('JWT_SECRET');
$token = $request->getCookie('token'); // ambil dari cookie $token = $request->getCookie('token'); // ambil dari cookie
if (!$token) {
$cookieHeader = $request->getHeaderLine('Cookie');
if (!empty($cookieHeader)) {
foreach (explode(';', $cookieHeader) as $cookie) {
$cookie = trim($cookie);
if (str_starts_with($cookie, 'token=')) {
$token = substr($cookie, strlen('token='));
break;
}
}
}
}
if (!$token) {
$authHeader = $request->getHeaderLine('Authorization');
if (!empty($authHeader) && str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
}
// Check if this is an API request or a page request // Check if this is an API request or a page request
$isApiRequest = strpos($request->getUri()->getPath(), '/api/') !== false $isApiRequest = strpos($request->getUri()->getPath(), '/api/') !== false
|| $request->isAJAX(); || $request->isAJAX();