fix: harden token handling and normalize ADT/result payload mapping

Ensure auth accepts cookie or bearer tokens while aligning ADT and result create/update flows with expected IDs and persisted fields.
2026-04-08 08:54:18 +07:00 · 2026-04-08 08:54:18 +07:00 · 61ec0cbb8a
commit 61ec0cbb8a
parent 84c81fe9c5
3 changed files with 91 additions and 27 deletions
--- a/app/Controllers/PatVisitController.php
+++ b/app/Controllers/PatVisitController.php
@ -170,11 +170,19 @@ class PatVisitController extends BaseController {

 	public function createADT() {
 		$input = $this->request->getJSON(true);
-		if (!$input["InternalPVID"] || !is_numeric($input["InternalPVID"])) { return $this->respond(['status' => 'error', 'message' => 'Invalid or missing ID'], 400); }
+		$internalPVID = $input['InternalPVID'] ?? $input['InternalPID'] ?? null;
+		if (!$internalPVID || !is_numeric($internalPVID)) {
+			return $this->respond(['status' => 'error', 'message' => 'Invalid or missing InternalPVID'], 400);
+		}
+		$input['InternalPVID'] = (int) $internalPVID;
 		$modelPVA = new PatVisitADTModel();
 		try {
 			$data = $modelPVA->insert($input, true);
-			return $this->respond(['status'  => 'success', 'message' => 'Data created successfully', 'data' => $data], 201);
+			$record = $modelPVA->find($data);
+			if ($record) {
+				$record['ADTID'] = $record['PVADTID'];
+			}
+			return $this->respond(['status'  => 'success', 'message' => 'Data created successfully', 'data' => $record ?? ['ADTID' => $data]], 201);
 		} catch (\Exception $e) {
 			return $this->failServerError('Something went wrong: ' . $e->getMessage());
 		}
@ -197,8 +205,15 @@ class PatVisitController extends BaseController {
 			return $this->respond(['status' => 'failed', 'message' => 'ADT record not found', 'data' => []], 404);
 		}

-		if (!isset($input['InternalPVID'])) {
-			$input['InternalPVID'] = $adt['InternalPVID'];
+		$internalPVID = null;
+		if (array_key_exists('InternalPVID', $adt) && !empty($adt['InternalPVID'])) {
+			$internalPVID = $adt['InternalPVID'];
+		} elseif (array_key_exists('InternalPID', $adt) && !empty($adt['InternalPID'])) {
+			$internalPVID = $adt['InternalPID'];
+		}
+
+		if ($internalPVID !== null && (!array_key_exists('InternalPVID', $input) || $input['InternalPVID'] === null || $input['InternalPVID'] === '')) {
+			$input['InternalPVID'] = $internalPVID;
 		}

 		$input['PVADTID'] = $id;
--- a/app/Controllers/ResultController.php
+++ b/app/Controllers/ResultController.php
@ -6,6 +6,7 @@ use App\Traits\PatchValidationTrait;
 use App\Traits\ResponseTrait;
 use CodeIgniter\Controller;
 use App\Models\PatResultModel;
+use Config\Services;

 class ResultController extends Controller {
    use ResponseTrait;
@ -113,8 +114,11 @@ class ResultController extends Controller {
            $payload['Result'] = $payload['ResultValue'];
        }

+        $dbPayload = $payload;
+        unset($dbPayload['ResultValue'], $dbPayload['ResultCode']);
+
        try {
-            $resultId = $this->model->insert($payload, true);
+            $resultId = $this->model->insert($dbPayload, true);

            if (!$resultId) {
                return $this->respond([
@ -124,6 +128,8 @@ class ResultController extends Controller {
                ], 500);
            }

+            $this->rememberResultCode($resultId, $payload['ResultCode'] ?? null);
+
            return $this->respondCreated([
                'status' => 'success',
                'message' => 'Result created successfully',
@ -168,7 +174,26 @@ class ResultController extends Controller {
                ], 404);
            }

+		$resultCode = $data['ResultCode'] ?? null;
+		$hasResultValue = array_key_exists('ResultValue', $data);
+
+		if ($hasResultValue) {
+			$data['Result'] = $data['ResultValue'];
+		}
+
+		unset($data['ResultValue'], $data['ResultCode']);
+
+		$shouldUpdateModel = $hasResultValue || !empty($data);
+
+		if ($shouldUpdateModel) {
 			$result = $this->model->updateWithValidation($validatedId, $data);
+		} else {
+			$result = [
+				'success' => true,
+				'flag' => null,
+				'message' => 'Result updated successfully'
+			];
+		}

 		if (!$result['success']) {
 			return $this->respond([
@ -178,6 +203,10 @@ class ResultController extends Controller {
 			], 400);
 		}

+		if ($resultCode !== null) {
+			$this->rememberResultCode($validatedId, $resultCode);
+		}
+
            // Get updated result with relations
            $updatedResult = $this->model->getWithRelations($validatedId);

--- a/app/Filters/AuthFilter.php
+++ b/app/Filters/AuthFilter.php
@ -35,6 +35,26 @@ class AuthFilter implements FilterInterface
        $key   = getenv('JWT_SECRET');
        $token = $request->getCookie('token'); // ambil dari cookie

+        if (!$token) {
+            $cookieHeader = $request->getHeaderLine('Cookie');
+            if (!empty($cookieHeader)) {
+                foreach (explode(';', $cookieHeader) as $cookie) {
+                    $cookie = trim($cookie);
+                    if (str_starts_with($cookie, 'token=')) {
+                        $token = substr($cookie, strlen('token='));
+                        break;
+                    }
+                }
+            }
+        }
+
+        if (!$token) {
+            $authHeader = $request->getHeaderLine('Authorization');
+            if (!empty($authHeader) && str_starts_with($authHeader, 'Bearer ')) {
+                $token = substr($authHeader, 7);
+            }
+        }
+
        // Check if this is an API request or a page request
        $isApiRequest = strpos($request->getUri()->getPath(), '/api/') !== false 
                     || $request->isAJAX();