mahdahar/clqms-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden token handling and normalize ADT/result payload mapping

Browse Source 
Ensure auth accepts cookie or bearer tokens while aligning ADT and result create/update flows with expected IDs and persisted fields.
This commit is contained in:
mahdahar 2026-04-08 08:54:18 +07:00
parent 84c81fe9c5
commit 61ec0cbb8a
3 changed files with 91 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
app/Controllers/PatVisitController.php
View File

@ -168,17 +168,25 @@ class PatVisitController extends BaseController {
}
}
public function createADT() {
$input = $this->request->getJSON(true);
if (!$input["InternalPVID"] || !is_numeric($input["InternalPVID"])) { return $this->respond(['status' => 'error', 'message' => 'Invalid or missing ID'], 400); }
$modelPVA = new PatVisitADTModel();
try {
$data = $modelPVA->insert($input, true);
return $this->respond(['status' => 'success', 'message' => 'Data created successfully', 'data' => $data], 201);
} catch (\Exception $e) {
return $this->failServerError('Something went wrong: ' . $e->getMessage());
}
}
public function createADT() {
$input = $this->request->getJSON(true);
$internalPVID = $input['InternalPVID'] ?? $input['InternalPID'] ?? null;
if (!$internalPVID || !is_numeric($internalPVID)) {
return $this->respond(['status' => 'error', 'message' => 'Invalid or missing InternalPVID'], 400);
}
$input['InternalPVID'] = (int) $internalPVID;
$modelPVA = new PatVisitADTModel();
try {
$data = $modelPVA->insert($input, true);
$record = $modelPVA->find($data);
if ($record) {
$record['ADTID'] = $record['PVADTID'];
}
return $this->respond(['status' => 'success', 'message' => 'Data created successfully', 'data' => $record ?? ['ADTID' => $data]], 201);
} catch (\Exception $e) {
return $this->failServerError('Something went wrong: ' . $e->getMessage());
}
}
public function updateADT($PVADTID = null) {
$input = $this->requirePatchPayload($this->request->getJSON(true));
@ -197,8 +205,15 @@ class PatVisitController extends BaseController {
return $this->respond(['status' => 'failed', 'message' => 'ADT record not found', 'data' => []], 404);
}
if (!isset($input['InternalPVID'])) {
$input['InternalPVID'] = $adt['InternalPVID'];
$internalPVID = null;
if (array_key_exists('InternalPVID', $adt) && !empty($adt['InternalPVID'])) {
$internalPVID = $adt['InternalPVID'];
} elseif (array_key_exists('InternalPID', $adt) && !empty($adt['InternalPID'])) {
$internalPVID = $adt['InternalPID'];
}
if ($internalPVID !== null && (!array_key_exists('InternalPVID', $input) || $input['InternalPVID'] === null || $input['InternalPVID'] === '')) {
$input['InternalPVID'] = $internalPVID;
}
$input['PVADTID'] = $id;

53
app/Controllers/ResultController.php
View File

@ -4,8 +4,9 @@ namespace App\Controllers;
use App\Traits\PatchValidationTrait;
use App\Traits\ResponseTrait;
use CodeIgniter\Controller;
use App\Models\PatResultModel;
use CodeIgniter\Controller;
use App\Models\PatResultModel;
use Config\Services;
class ResultController extends Controller {
use ResponseTrait;
@ -113,8 +114,11 @@ class ResultController extends Controller {
$payload['Result'] = $payload['ResultValue'];
}
$dbPayload = $payload;
unset($dbPayload['ResultValue'], $dbPayload['ResultCode']);
try {
$resultId = $this->model->insert($payload, true);
$resultId = $this->model->insert($dbPayload, true);
if (!$resultId) {
return $this->respond([
@ -124,6 +128,8 @@ class ResultController extends Controller {
], 500);
}
$this->rememberResultCode($resultId, $payload['ResultCode'] ?? null);
return $this->respondCreated([
'status' => 'success',
'message' => 'Result created successfully',
@ -168,15 +174,38 @@ class ResultController extends Controller {
], 404);
}
$result = $this->model->updateWithValidation($validatedId, $data);
if (!$result['success']) {
return $this->respond([
'status' => 'failed',
'message' => $result['message'],
'data' => []
], 400);
}
$resultCode = $data['ResultCode'] ?? null;
$hasResultValue = array_key_exists('ResultValue', $data);
if ($hasResultValue) {
$data['Result'] = $data['ResultValue'];
}
unset($data['ResultValue'], $data['ResultCode']);
$shouldUpdateModel = $hasResultValue || !empty($data);
if ($shouldUpdateModel) {
$result = $this->model->updateWithValidation($validatedId, $data);
} else {
$result = [
'success' => true,
'flag' => null,
'message' => 'Result updated successfully'
];
}
if (!$result['success']) {
return $this->respond([
'status' => 'failed',
'message' => $result['message'],
'data' => []
], 400);
}
if ($resultCode !== null) {
$this->rememberResultCode($validatedId, $resultCode);
}
// Get updated result with relations
$updatedResult = $this->model->getWithRelations($validatedId);

24
app/Filters/AuthFilter.php
View File

@ -32,8 +32,28 @@ class AuthFilter implements FilterInterface
public function before(RequestInterface $request, $arguments = null)
{
$key = getenv('JWT_SECRET');
$token = $request->getCookie('token'); // ambil dari cookie
$key = getenv('JWT_SECRET');
$token = $request->getCookie('token'); // ambil dari cookie
if (!$token) {
$cookieHeader = $request->getHeaderLine('Cookie');
if (!empty($cookieHeader)) {
foreach (explode(';', $cookieHeader) as $cookie) {
$cookie = trim($cookie);
if (str_starts_with($cookie, 'token=')) {
$token = substr($cookie, strlen('token='));
break;
}
}
}
}
if (!$token) {
$authHeader = $request->getHeaderLine('Authorization');
if (!empty($authHeader) && str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
}
// Check if this is an API request or a page request
$isApiRequest = strpos($request->getUri()->getPath(), '/api/') !== false