2bcdf09b55
Normalize formatting/line endings across configs, controllers, models, tests, and OpenAPI specs. Update rule expression/rule engine implementation and remove obsolete RuleAction controller/model. Add unit tests for rule expression syntax and multi-action behavior, and include docs updates.
84 lines
2.9 KiB
PHP
84 lines
2.9 KiB
PHP
<?php
|
|
|
|
namespace App\Filters;
|
|
|
|
use CodeIgniter\HTTP\RequestInterface;
|
|
use CodeIgniter\HTTP\ResponseInterface;
|
|
use CodeIgniter\Filters\FilterInterface;
|
|
use Config\Services;
|
|
use Firebase\JWT\JWT;
|
|
use Firebase\JWT\Key;
|
|
|
|
class AuthFilter implements FilterInterface
|
|
{
|
|
protected function addCorsHeaders($response)
|
|
{
|
|
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
|
|
$allowedOrigins = [
|
|
'http://localhost:5173',
|
|
'http://localhost',
|
|
'https://clqms01.services-summit.my.id',
|
|
];
|
|
|
|
if (in_array($origin, $allowedOrigins)) {
|
|
$response->setHeader('Access-Control-Allow-Origin', $origin);
|
|
$response->setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS');
|
|
$response->setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, Accept, Origin, Cache-Control, Pragma');
|
|
$response->setHeader('Access-Control-Allow-Credentials', 'true');
|
|
}
|
|
|
|
return $response;
|
|
}
|
|
|
|
public function before(RequestInterface $request, $arguments = null)
|
|
{
|
|
$key = getenv('JWT_SECRET');
|
|
$token = $request->getCookie('token'); // ambil dari cookie
|
|
|
|
// Check if this is an API request or a page request
|
|
$isApiRequest = strpos($request->getUri()->getPath(), '/api/') !== false
|
|
|| $request->isAJAX();
|
|
|
|
// Kalau tidak ada token
|
|
if (!$token) {
|
|
if ($isApiRequest) {
|
|
return Services::response()
|
|
->setStatusCode(401)
|
|
->setJSON([
|
|
'status' => 'failed',
|
|
'message' => 'Unauthorized: Token not found'
|
|
]);
|
|
}
|
|
// Redirect to login for page requests
|
|
return redirect()->to('/v2/login');
|
|
}
|
|
|
|
try {
|
|
// Decode JWT : jika error maka akan mentrigger catch
|
|
$decoded = JWT::decode($token, new Key($key, 'HS256'));
|
|
|
|
file_put_contents(WRITEPATH . 'logs/tokens.log', date('Y-m-d H:i:s') . ' - ' . $token . PHP_EOL, FILE_APPEND);
|
|
|
|
// Kalau mau, bisa inject user info ke request
|
|
// $request->userData = $decoded;
|
|
|
|
} catch (\Exception $e) {
|
|
if ($isApiRequest) {
|
|
return Services::response()
|
|
->setStatusCode(401)
|
|
->setJSON([
|
|
'status' => 'failed',
|
|
'message' => 'Unauthorized: ' . $e->getMessage()
|
|
]);
|
|
}
|
|
// Redirect to login for page requests
|
|
return redirect()->to('/v2/login');
|
|
}
|
|
}
|
|
|
|
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
|
|
{
|
|
// Tidak perlu apa-apa
|
|
}
|
|
}
|