mahdahar/clqms-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update JWT for Auth

Browse Source
This commit is contained in:
mikael-zakaria 2025-09-03 15:36:55 +07:00
parent f9fc76027b
commit 8709788114
3 changed files with 104 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Config/Routes.php
View File

@ -10,14 +10,17 @@ $routes->options('(:any)', function() {
}); });
$routes->get('/', 'Home::index'); $routes->get('/', 'Home::index');
//PUNYA GUS INI TEMP
$routes->get('/api/v1/emr/lab/list-new', 'NUHATEMP::index'); $routes->get('/api/v1/emr/lab/list-new', 'NUHATEMP::index');
$routes->post('/api/v1/emr/lab/insert', 'NUHATEMP::create'); $routes->post('/api/v1/emr/lab/insert', 'NUHATEMP::create');
$routes->post('/api/v1/emr/lab/update-validasi', 'NUHATEMP::update'); $routes->post('/api/v1/emr/lab/update-validasi', 'NUHATEMP::update');
$routes->post('/api/v1/emr/lab/detail', 'NUHATEMP::detail'); $routes->post('/api/v1/emr/lab/detail', 'NUHATEMP::detail');
$routes->post('/auth/login/', 'Auth::login'); $routes->post('/api/auth/login/', 'Auth::login');
$routes->post('/auth/change_pass/', 'Auth::change_pass'); $routes->post('/api/auth/change_pass/', 'Auth::change_pass');
$routes->post('/auth/register/', 'Auth::register'); $routes->post('/api/auth/register/', 'Auth::register');
$routes->get('/api/auth/check/', 'Auth::checkAuth');
$routes->post('/api/auth/logout/', 'Auth::logout');
$routes->get('/api/patient', 'Patient::index'); $routes->get('/api/patient', 'Patient::index');
$routes->post('/api/patient', 'Patient::create'); $routes->post('/api/patient', 'Patient::create');

136
app/Controllers/Auth.php
View File

@ -5,6 +5,7 @@ namespace App\Controllers;
use CodeIgniter\API\ResponseTrait; use CodeIgniter\API\ResponseTrait;
use CodeIgniter\Controller; use CodeIgniter\Controller;
use \Firebase\JWT\JWT; use \Firebase\JWT\JWT;
use CodeIgniter\Cookie\Cookie;
class Auth extends Controller { class Auth extends Controller {
use ResponseTrait; use ResponseTrait;
@ -13,7 +14,52 @@ class Auth extends Controller {
$this->db = \Config\Database::connect(); $this->db = \Config\Database::connect();
} }
// public function login() {
// $username = $this->request->getVar('username');
// $password = $this->request->getVar('password');
// $key = getenv('JWT_SECRET');
// if (!$username) {
// return $this->fail('Username required.', 400);
// }
// $sql = "SELECT * FROM users WHERE username=".$this->db->escape($username);
// $query = $this->db->query($sql);
// $row = $query->getRowArray();
// if (!$row) {
// return $this->fail('User not found.', 401); // Use 401 for authentication failures
// }
// if (!password_verify($password, $row['password'])) {
// return $this->fail('Invalid password.', 401);
// }
// // JWT payload
// $payload = [
// 'userid' => $row['id'],
// 'username' => $row['username'],
// 'exp' => time() + 3600
// ];
// try {
// $jwt = JWT::encode($payload, $key, 'HS256');
// } catch (Exception $e) {
// return $this->fail('Error generating JWT: ' . $e->getMessage(), 500);
// }
// // Update last_login
// //$this->userModel->update($user['id'], ['lastlogin' => date('Y-m-d H:i:s')]);
// $response = [
// 'status' => 'success',
// 'message' => 'Login successful',
// 'token' => $jwt,
// ];
// return $this->respond($response);
// }
public function login() { public function login() {
$username = $this->request->getVar('username'); $username = $this->request->getVar('username');
$password = $this->request->getVar('password'); $password = $this->request->getVar('password');
$key = getenv('JWT_SECRET'); $key = getenv('JWT_SECRET');
@ -22,12 +68,12 @@ class Auth extends Controller {
return $this->fail('Username required.', 400); return $this->fail('Username required.', 400);
} }
$sql = "select * from users where username=".$this->db->escape($username); $sql = "SELECT * FROM users WHERE username=" . $this->db->escape($username);
$query = $this->db->query($sql); $query = $this->db->query($sql);
$row = $query->getRowArray(); $row = $query->getRowArray();
if (!$row) { if (!$row) {
return $this->fail('User not found.', 401); // Use 401 for authentication failures return $this->fail('User not found.', 401);
} }
if (!password_verify($password, $row['password'])) { if (!password_verify($password, $row['password'])) {
@ -36,8 +82,9 @@ class Auth extends Controller {
// JWT payload // JWT payload
$payload = [ $payload = [
'userid' => $row['id'],
'username' => $row['username'], 'username' => $row['username'],
'exp' => time() + 3600 'exp' => time() + 3600
]; ];
try { try {
@ -46,14 +93,23 @@ class Auth extends Controller {
return $this->fail('Error generating JWT: ' . $e->getMessage(), 500); return $this->fail('Error generating JWT: ' . $e->getMessage(), 500);
} }
// Update last_login // Set cookie (HttpOnly + Secure + SameSite=Strict)
//$this->userModel->update($user['id'], ['lastlogin' => date('Y-m-d H:i:s')]); $this->response->setCookie([
'name' => 'token',
'value' => $jwt,
'expire' => 3600, // 1 jam
'path' => '/',
'secure' => true, // set true kalau sudah HTTPS
'httponly' => true,
'samesite' => Cookie::SAMESITE_NONE // set true kalau sudah HTTPS
// 'samesite' => Cookie::SAMESITE_STRICT
]);
$response = [ // Response tanpa token di body
'message' => 'Login successful', return $this->respond([
'token' => $jwt, 'status' => 'success',
]; 'message' => 'Login successful'
return $this->respond($response); ]);
} }
public function change_pass() { public function change_pass() {
@ -78,58 +134,50 @@ class Auth extends Controller {
} }
public function register() { public function register() {
$username = $this->request->getJsonVar('username'); $username = $this->request->getJsonVar('username');
$password = $this->request->getJsonVar('password'); $password = $this->request->getJsonVar('password');
$password = password_hash($password, PASSWORD_DEFAULT); $password = password_hash($password, PASSWORD_DEFAULT);
$master = $this->request->getJsonVar('master'); // $master = $this->request->getJsonVar('master');
$masterkey = getenv('MASTERKEY'); // $masterkey = getenv('MASTERKEY');
if($master != $masterkey) { // if($master != $masterkey) {
return $this->fail('Invalid master key.', 401); // return $this->fail('Invalid master key.', 401);
} // }
$sql = "insert into users(username, password) values('$username', '$password')"; $sql = "INSERT INTO users(username, password) values('$username', '$password')";
$this->db->query($sql); $this->db->query($sql);
$response = [ $response = [
'message' => "user $username created" 'message' => "User $username created"
]; ];
return $this->respondCreated($response); return $this->respondCreated($response);
} }
public function checkAuth() { public function checkAuth() {
$authorizationHeader = $this->request->getHeader('Authorization'); $token = $this->request->getCookie('token');
$key = getenv('JWT_SECRET');
if (!$authorizationHeader) { if (!$token) {
return $this->fail('Authorization header is missing', 401); return $this->fail('No token found', 401);
} }
$authHeaderValue = $authorizationHeader->getValue();
if (empty($authHeaderValue)) {
return $this->fail('Authorization header is empty', 401);
}
// Extract the token from the "Bearer <token>" format
if (strpos($authHeaderValue, 'Bearer ') === 0) {
$token = substr($authHeaderValue, 7);
} else {
$token = $authHeaderValue; // Assume the header contains only the token
}
try { try {
$decoded = JWT::decode($token, $this->key, ['HS256']); // Use the Key object $decoded = JWT::decode($token, new Key($key, 'HS256'));
// You can now access user data from $decoded return $this->respond([
$response = [ 'status' => 'success',
'message' => 'Authentication successful', 'message' => 'Authenticated',
'user' => $decoded, // return the decoded token 'data' => $decoded
]; ]);
return $this->respond($response); } catch (\Exception $e) {
return $this->fail('Invalid or expired token: ' . $e->getMessage(), 401);
} catch (Exception $e) {
return $this->fail('Invalid token: ' . $e->getMessage(), 401);
} }
} }
public function logout() {
return $this->response
->deleteCookie('token')
->setJSON(['message' => 'Logout successful']);
}
} }

3
app/Filters/Cors.php
View File

@ -22,7 +22,8 @@ class Cors implements FilterInterface
if (in_array($origin, $this->allowedOrigins)) { if (in_array($origin, $this->allowedOrigins)) {
$response->setHeader('Access-Control-Allow-Origin', $origin); $response->setHeader('Access-Control-Allow-Origin', $origin);
$response->setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS'); $response->setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS');
$response->setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With'); $response->setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, Accept, Origin, Cache-Control, Pragma');
// $response->setHeader('Access-Control-Allow-Headers', '*');
$response->setHeader('Access-Control-Allow-Credentials', 'true'); $response->setHeader('Access-Control-Allow-Credentials', 'true');
} }