mahdahar/clqms-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden token handling and normalize ADT/result payload mapping

Browse Source 
Ensure auth accepts cookie or bearer tokens while aligning ADT and result create/update flows with expected IDs and persisted fields.
This commit is contained in:
mahdahar 2026-04-08 08:54:18 +07:00
parent 84c81fe9c5
commit 61ec0cbb8a
3 changed files with 91 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
app/Controllers/PatVisitController.php
View File

@ -168,17 +168,25 @@ class PatVisitController extends BaseController {
} }
} }
public function createADT() { public function createADT() {
$input = $this->request->getJSON(true); $input = $this->request->getJSON(true);
if (!$input["InternalPVID"] || !is_numeric($input["InternalPVID"])) { return $this->respond(['status' => 'error', 'message' => 'Invalid or missing ID'], 400); } $internalPVID = $input['InternalPVID'] ?? $input['InternalPID'] ?? null;
$modelPVA = new PatVisitADTModel(); if (!$internalPVID || !is_numeric($internalPVID)) {
try { return $this->respond(['status' => 'error', 'message' => 'Invalid or missing InternalPVID'], 400);
$data = $modelPVA->insert($input, true); }
return $this->respond(['status' => 'success', 'message' => 'Data created successfully', 'data' => $data], 201); $input['InternalPVID'] = (int) $internalPVID;
} catch (\Exception $e) { $modelPVA = new PatVisitADTModel();
return $this->failServerError('Something went wrong: ' . $e->getMessage()); try {
} $data = $modelPVA->insert($input, true);
} $record = $modelPVA->find($data);
if ($record) {
$record['ADTID'] = $record['PVADTID'];
}
return $this->respond(['status' => 'success', 'message' => 'Data created successfully', 'data' => $record ?? ['ADTID' => $data]], 201);
} catch (\Exception $e) {
return $this->failServerError('Something went wrong: ' . $e->getMessage());
}
}
public function updateADT($PVADTID = null) { public function updateADT($PVADTID = null) {
$input = $this->requirePatchPayload($this->request->getJSON(true)); $input = $this->requirePatchPayload($this->request->getJSON(true));
@ -197,8 +205,15 @@ class PatVisitController extends BaseController {
return $this->respond(['status' => 'failed', 'message' => 'ADT record not found', 'data' => []], 404); return $this->respond(['status' => 'failed', 'message' => 'ADT record not found', 'data' => []], 404);
} }
if (!isset($input['InternalPVID'])) { $internalPVID = null;
$input['InternalPVID'] = $adt['InternalPVID']; if (array_key_exists('InternalPVID', $adt) && !empty($adt['InternalPVID'])) {
$internalPVID = $adt['InternalPVID'];
} elseif (array_key_exists('InternalPID', $adt) && !empty($adt['InternalPID'])) {
$internalPVID = $adt['InternalPID'];
}
if ($internalPVID !== null && (!array_key_exists('InternalPVID', $input) || $input['InternalPVID'] === null || $input['InternalPVID'] === '')) {
$input['InternalPVID'] = $internalPVID;
} }
$input['PVADTID'] = $id; $input['PVADTID'] = $id;

53
app/Controllers/ResultController.php
View File

@ -4,8 +4,9 @@ namespace App\Controllers;
use App\Traits\PatchValidationTrait; use App\Traits\PatchValidationTrait;
use App\Traits\ResponseTrait; use App\Traits\ResponseTrait;
use CodeIgniter\Controller; use CodeIgniter\Controller;
use App\Models\PatResultModel; use App\Models\PatResultModel;
use Config\Services;
class ResultController extends Controller { class ResultController extends Controller {
use ResponseTrait; use ResponseTrait;
@ -113,8 +114,11 @@ class ResultController extends Controller {
$payload['Result'] = $payload['ResultValue']; $payload['Result'] = $payload['ResultValue'];
} }
$dbPayload = $payload;
unset($dbPayload['ResultValue'], $dbPayload['ResultCode']);
try { try {
$resultId = $this->model->insert($payload, true); $resultId = $this->model->insert($dbPayload, true);
if (!$resultId) { if (!$resultId) {
return $this->respond([ return $this->respond([
@ -124,6 +128,8 @@ class ResultController extends Controller {
], 500); ], 500);
} }
$this->rememberResultCode($resultId, $payload['ResultCode'] ?? null);
return $this->respondCreated([ return $this->respondCreated([
'status' => 'success', 'status' => 'success',
'message' => 'Result created successfully', 'message' => 'Result created successfully',
@ -168,15 +174,38 @@ class ResultController extends Controller {
], 404); ], 404);
} }
$result = $this->model->updateWithValidation($validatedId, $data); $resultCode = $data['ResultCode'] ?? null;
$hasResultValue = array_key_exists('ResultValue', $data);
if (!$result['success']) {
return $this->respond([ if ($hasResultValue) {
'status' => 'failed', $data['Result'] = $data['ResultValue'];
'message' => $result['message'], }
'data' => []
], 400); unset($data['ResultValue'], $data['ResultCode']);
}
$shouldUpdateModel = $hasResultValue || !empty($data);
if ($shouldUpdateModel) {
$result = $this->model->updateWithValidation($validatedId, $data);
} else {
$result = [
'success' => true,
'flag' => null,
'message' => 'Result updated successfully'
];
}
if (!$result['success']) {
return $this->respond([
'status' => 'failed',
'message' => $result['message'],
'data' => []
], 400);
}
if ($resultCode !== null) {
$this->rememberResultCode($validatedId, $resultCode);
}
// Get updated result with relations // Get updated result with relations
$updatedResult = $this->model->getWithRelations($validatedId); $updatedResult = $this->model->getWithRelations($validatedId);

24
app/Filters/AuthFilter.php
View File

@ -32,8 +32,28 @@ class AuthFilter implements FilterInterface
public function before(RequestInterface $request, $arguments = null) public function before(RequestInterface $request, $arguments = null)
{ {
$key = getenv('JWT_SECRET'); $key = getenv('JWT_SECRET');
$token = $request->getCookie('token'); // ambil dari cookie $token = $request->getCookie('token'); // ambil dari cookie
if (!$token) {
$cookieHeader = $request->getHeaderLine('Cookie');
if (!empty($cookieHeader)) {
foreach (explode(';', $cookieHeader) as $cookie) {
$cookie = trim($cookie);
if (str_starts_with($cookie, 'token=')) {
$token = substr($cookie, strlen('token='));
break;
}
}
}
}
if (!$token) {
$authHeader = $request->getHeaderLine('Authorization');
if (!empty($authHeader) && str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
}
// Check if this is an API request or a page request // Check if this is an API request or a page request
$isApiRequest = strpos($request->getUri()->getPath(), '/api/') !== false $isApiRequest = strpos($request->getUri()->getPath(), '/api/') !== false