218 lines
6.8 KiB
PHP
218 lines
6.8 KiB
PHP
<?php
|
|
|
|
namespace App\Controllers;
|
|
|
|
use CodeIgniter\API\ResponseTrait;
|
|
use CodeIgniter\Controller;
|
|
|
|
use Firebase\JWT\JWT;
|
|
use Firebase\JWT\Key;
|
|
use Firebase\JWT\ExpiredException;
|
|
use Firebase\JWT\SignatureInvalidException;
|
|
use Firebase\JWT\BeforeValidException;
|
|
use CodeIgniter\Cookie\Cookie;
|
|
|
|
class Auth extends Controller {
|
|
use ResponseTrait;
|
|
|
|
// ok
|
|
public function __construct() {
|
|
$this->db = \Config\Database::connect();
|
|
}
|
|
|
|
// ok
|
|
public function checkAuth() {
|
|
$token = $this->request->getCookie('token');
|
|
$key = getenv('JWT_SECRET');
|
|
|
|
// Jika token FE tidak ada langsung kabarkan failed
|
|
if (!$token) {
|
|
return $this->respond([
|
|
'status' => 'failed',
|
|
'message' => 'No token found'
|
|
], 401);
|
|
}
|
|
|
|
try {
|
|
// Decode Token dengan Key yg ada di .env
|
|
$decodedPayload = JWT::decode($token, new Key($key, 'HS256'));
|
|
|
|
return $this->respond([
|
|
'status' => 'success',
|
|
'message' => 'Authenticated',
|
|
'data' => $decodedPayload
|
|
], 200);
|
|
|
|
} catch (ExpiredException $e) {
|
|
return $this->respond([
|
|
'status' => 'failed',
|
|
'message' => 'Token expired',
|
|
'data' => []
|
|
], 401);
|
|
|
|
} catch (SignatureInvalidException $e) {
|
|
return $this->respond([
|
|
'status' => 'failed',
|
|
'message' => 'Invalid token signature',
|
|
'data' => []
|
|
], 401);
|
|
|
|
} catch (BeforeValidException $e) {
|
|
return $this->respond([
|
|
'status' => 'failed',
|
|
'message' => 'Token not valid yet',
|
|
'data' => []
|
|
], 401);
|
|
|
|
} catch (\Exception $e) {
|
|
return $this->respond([
|
|
'status' => 'failed',
|
|
'message' => 'Invalid token: ' . $e->getMessage(),
|
|
'data' => []
|
|
], 401);
|
|
}
|
|
}
|
|
|
|
// ok
|
|
public function login() {
|
|
|
|
// Ambil dari JSON Form dan Key .env
|
|
$username = $this->request->getVar('username');
|
|
$password = $this->request->getVar('password');
|
|
$key = getenv('JWT_SECRET');
|
|
|
|
if (!$username) {
|
|
return $this->fail('Username required.', 400);
|
|
}
|
|
|
|
$sql = "SELECT * FROM users WHERE username=" . $this->db->escape($username);
|
|
$query = $this->db->query($sql);
|
|
$row = $query->getRowArray();
|
|
|
|
if (!$row) {
|
|
return $this->fail('User not found.', 401);
|
|
}
|
|
|
|
if (!password_verify($password, $row['password'])) {
|
|
return $this->fail('Invalid password.', 401);
|
|
}
|
|
|
|
// Buat JWT payload
|
|
$payload = [
|
|
'userid' => $row['id'],
|
|
'username' => $row['username'],
|
|
'exp' => time() + 86400 // 1 hari
|
|
];
|
|
|
|
try {
|
|
// Melakukan Hash terhadap Payload dengan Kunci .env menggunakan Algortima HMAC + SHA-256
|
|
$jwt = JWT::encode($payload, $key, 'HS256');
|
|
} catch (Exception $e) {
|
|
return $this->fail('Error generating JWT: ' . $e->getMessage(), 500);
|
|
}
|
|
|
|
// Kirim Respon ke HttpOnly yg akan disimpan di browser dan tidak akan dapat diakses oleh siapapun
|
|
$this->response->setCookie([
|
|
'name' => 'token', // nama token
|
|
'value' => $jwt, // value dari jwt yg sudah di hash
|
|
'expire' => 86400, // 1 hari
|
|
'path' => '/', // valid untuk semua path
|
|
'secure' => true, // set true kalau sudah HTTPS
|
|
'httponly' => true, // dipakai agar cookie berikut tidak dapat diakses oleh javascript
|
|
'samesite' => Cookie::SAMESITE_NONE
|
|
]);
|
|
|
|
// Response tanpa token di body
|
|
return $this->respond([
|
|
'status' => 'success',
|
|
'message' => 'Login successful'
|
|
], 200);
|
|
}
|
|
|
|
// ok
|
|
public function logout() {
|
|
// Definisikan ini pada cookies browser, harus sama dengan cookies login
|
|
return $this->response->setCookie([
|
|
'name' => 'token',
|
|
'value' => '',
|
|
'expire' => time() - 3600,
|
|
'path' => '/',
|
|
'secure' => true,
|
|
'httponly' => true,
|
|
'samesite' => Cookie::SAMESITE_NONE
|
|
|
|
])->setJSON([
|
|
'status' => 'success',
|
|
'message' => 'Logout successful'
|
|
], 200);
|
|
}
|
|
|
|
// ok
|
|
public function register() {
|
|
|
|
$username = $this->request->getJsonVar('username');
|
|
$password = $this->request->getJsonVar('password');
|
|
|
|
// Validasi
|
|
if (empty($username) || empty($password)) {
|
|
return $this->respond([
|
|
'status' => 'failed',
|
|
'message' => 'Username and password are required'
|
|
], 400); // Gunakan 400 Bad Request
|
|
}
|
|
|
|
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
|
$sql = "INSERT INTO users(username, password) VALUES(?, ?)";
|
|
|
|
try {
|
|
// Jalankan kueri dan binding data secara terpisah
|
|
$this->db->query($sql, [$username, $hashedPassword]);
|
|
|
|
// Respon sukses jika kueri berhasil
|
|
return $this->respond([
|
|
'status' => 'success',
|
|
'message' => 'User ' . $username . ' successfully created.'
|
|
], 201); // Kode 201 Created sudah benar untuk resource baru
|
|
|
|
} catch (\Exception $e) {
|
|
|
|
// Tangani error lain-lain
|
|
return $this->respond([
|
|
'status' => 'error',
|
|
'message' => 'Failed to create user. Please try again later.'
|
|
], 500); // Kode 500 Internal Server Error untuk masalah di server
|
|
}
|
|
|
|
|
|
}
|
|
|
|
// public function change_pass() {
|
|
// $db = \Config\Database::connect();
|
|
// $username = $this->request->getJsonVar('username');
|
|
// $password = $this->request->getJsonVar('password');
|
|
// $password = password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
// $master = $this->request->getJsonVar('master');
|
|
// $masterkey = getenv('masterkey');
|
|
|
|
// if($master != $masterkey) {
|
|
// return $this->fail('Invalid master key.', 401);
|
|
// }
|
|
|
|
// $sql = "update users set password='$password' where username='$username'";
|
|
// $query = $db->query($sql);
|
|
// $response = [
|
|
// 'message' => "Password Changed for $username"
|
|
// ];
|
|
// return $this->respond($response);
|
|
// }
|
|
|
|
public function coba() {
|
|
return $this->respond([
|
|
'status' => 'success',
|
|
'message' => 'Already Login'
|
|
],200);
|
|
}
|
|
|
|
}
|