clqms-be/app/Controllers/Auth.php

<?php

namespace App\Controllers;

use CodeIgniter\API\ResponseTrait;
use CodeIgniter\Controller;
use \Firebase\JWT\JWT;
use CodeIgniter\Cookie\Cookie;

class Auth extends Controller {
    use ResponseTrait;

    public function __construct() {
        $this->db = \Config\Database::connect();
    }

    // public function login() {
    //     $username = $this->request->getVar('username');
    //     $password = $this->request->getVar('password');
    //     $key = getenv('JWT_SECRET');

    //     if (!$username) {
    //         return $this->fail('Username required.', 400);
    //     }
        
    //     $sql = "SELECT * FROM users WHERE username=".$this->db->escape($username);
    //     $query = $this->db->query($sql);
    //     $row = $query->getRowArray();

    //     if (!$row) {
    //         return $this->fail('User not found.', 401); // Use 401 for authentication failures
    //     }
        
    //     if (!password_verify($password, $row['password'])) {
    //         return $this->fail('Invalid password.', 401);
    //     }
        
    //     // JWT payload
    //     $payload = [
    //         'userid' => $row['id'],
    //         'username' => $row['username'],
    //         'exp' => time() + 3600
    //     ];

    //     try {
    //         $jwt = JWT::encode($payload, $key, 'HS256');
    //     } catch (Exception $e) {
    //         return $this->fail('Error generating JWT: ' . $e->getMessage(), 500);
    //     }

    //     // Update last_login
    //     //$this->userModel->update($user['id'], ['lastlogin' => date('Y-m-d H:i:s')]);

    //     $response = [
    //         'status'  => 'success',
    //         'message' => 'Login successful',
    //         'token'   => $jwt,
    //     ];
    //     return $this->respond($response);
    // }
    public function login() {

        $username = $this->request->getVar('username');
        $password = $this->request->getVar('password');
        $key = getenv('JWT_SECRET');

        if (!$username) {
            return $this->fail('Username required.', 400);
        }

        $sql = "SELECT * FROM users WHERE username=" . $this->db->escape($username);
        $query = $this->db->query($sql);
        $row = $query->getRowArray();

        if (!$row) {
            return $this->fail('User not found.', 401);
        }

        if (!password_verify($password, $row['password'])) {
            return $this->fail('Invalid password.', 401);
        }

        // JWT payload
        $payload = [
            'userid'   => $row['id'],
            'username' => $row['username'],
            'exp'      => time() + 3600
        ];

        try {
            $jwt = JWT::encode($payload, $key, 'HS256');
        } catch (Exception $e) {
            return $this->fail('Error generating JWT: ' . $e->getMessage(), 500);
        }

        // Set cookie (HttpOnly + Secure + SameSite=Strict)
        $this->response->setCookie([
            'name'     => 'token',
            'value'    => $jwt,
            'expire'   => 3600, // 1 jam
            'path'     => '/',
            'secure'   => true,   // set true kalau sudah HTTPS
            'httponly' => true,
            'samesite' => Cookie::SAMESITE_NONE // set true kalau sudah HTTPS
            // 'samesite' => Cookie::SAMESITE_STRICT
        ]);

        // Response tanpa token di body
        return $this->respond([
            'status'  => 'success',
            'message' => 'Login successful'
        ]);
    }

    public function change_pass() {
        $db = \Config\Database::connect();
        $username = $this->request->getJsonVar('username');
        $password = $this->request->getJsonVar('password');
        $password = password_hash($password, PASSWORD_DEFAULT);

        $master = $this->request->getJsonVar('master');
        $masterkey = getenv('masterkey');
        
        if($master != $masterkey) {
            return $this->fail('Invalid master key.', 401);
        }
        
        $sql = "update users set password='$password' where username='$username'";
        $query = $db->query($sql);
        $response = [
            'message' => "Password Changed for $username"
        ];
        return $this->respond($response);
    }

    public function register() {

        $username = $this->request->getJsonVar('username');
        $password = $this->request->getJsonVar('password');
        $password = password_hash($password, PASSWORD_DEFAULT);

        // $master = $this->request->getJsonVar('master');
        // $masterkey = getenv('MASTERKEY');
    
        // if($master != $masterkey) {
        //     return $this->fail('Invalid master key.', 401);
        // }
        
        $sql = "INSERT INTO users(username, password) values('$username', '$password')";
        $this->db->query($sql);
        $response = [
            'message' => "User $username created"
        ];
        return $this->respondCreated($response);
    }

    public function checkAuth() {
        $token = $this->request->getCookie('token');
        $key   = getenv('JWT_SECRET');

        if (!$token) {
            return $this->fail('No token found', 401);
        }

        try {
            $decoded = JWT::decode($token, new Key($key, 'HS256'));
            return $this->respond([
                'status'  => 'success',
                'message' => 'Authenticated',
                'data'    => $decoded
            ]);
        } catch (\Exception $e) {
            return $this->fail('Invalid or expired token: ' . $e->getMessage(), 401);
        }
    }

    public function logout() {
        return $this->response
            ->deleteCookie('token')
            ->setJSON(['message' => 'Logout successful']);
    }

}