@restforgejs/platform 5.2.16 → 5.3.5

package/generators/cli/endpoint/create.js

@@ -34,6 +34,8 @@ const DemoGenerator = require('../../src/utils/demo-generator');
 const projectRegistry = require('../../lib/utils/project-registry');
 const cliOutput = require('../../lib/utils/cli-output');
 const endpointSchemaValidator = require('../../lib/payload/endpoint-schema-validator');
+const { deriveFieldProjections, augmentProjectionsForSoftDelete } = require('../../lib/payload/field-projections');
+const configResolver = require('../../lib/utils/config-resolver');
 
 function hasAuditRequired(payload) {
     if (!payload || !payload.fieldPolicy) return false;
@@ -143,14 +145,12 @@ module.exports = {
     async handler(args) {
         const startTime = Date.now();
         let muted = false;
+        let summary = null;
 
         try {
             const project = ArgumentValidator.validateProjectName(args.project);
             const endpoint = ArgumentValidator.validateEndpointName(args.name);
             const payloadFile = ArgumentValidator.validatePayloadName(args.payload);
-            const database = args.database
-                ? ArgumentValidator.validateDatabaseType(args.database)
-                : 'postgres';
             const force = !!args.force;
             const createExamples = !!args['create-examples'];
             const skipSqlValidation = !!args['skip-sql-validation'];
@@ -161,6 +161,30 @@ module.exports = {
                 ? args.config.trim()
                 : null;
 
+            // Resolusi tipe database:
+            //   1. --database eksplisit → dipakai apa adanya (prioritas tertinggi)
+            //   2. Auto-deteksi DB_TYPE dari config aktif (--config, atau default
+            //      config .restforge/defaults.json) → mengikuti DB_TYPE project
+            //   3. Fallback 'postgres' bila tidak ada config yang bisa di-resolve
+            let database;
+            let databaseSource;
+            if (args.database) {
+                database = ArgumentValidator.validateDatabaseType(args.database);
+                databaseSource = 'flag';
+            } else {
+                const resolvedCfg = configResolver.resolveConfig(configArg, process.cwd());
+                const detected = resolvedCfg
+                    ? configResolver.readDatabaseTypeFromConfig(resolvedCfg.path)
+                    : null;
+                if (detected) {
+                    database = detected;
+                    databaseSource = resolvedCfg.source === 'default' ? 'config-default' : 'config';
+                } else {
+                    database = 'postgres';
+                    databaseSource = 'fallback';
+                }
+            }
+
             if (!verbose) {
                 cliOutput.mute();
                 muted = true;
@@ -170,12 +194,17 @@ module.exports = {
             console.log(`   Project: ${project}`);
             console.log(`   Endpoint: ${endpoint}`);
             console.log(`   Payload: ${payloadFile}`);
-            console.log(`   Database: ${database}`);
+            const databaseNote = databaseSource === 'config'
+                ? ' (auto-detected from --config)'
+                : databaseSource === 'config-default'
+                    ? ' (auto-detected from default config)'
+                    : '';
+            console.log(`   Database: ${database}${databaseNote}`);
             console.log(`   Force overwrite: ${force}`);
             console.log('');
 
             const cwd = process.cwd();
-            const summary = {
+            summary = {
                 config: { project, endpoint, database, force },
                 payload: null,
                 archive: null,
@@ -204,7 +233,7 @@ module.exports = {
             const schemaResult = await endpointSchemaValidator.validateEndpointSchema({
                 payload,
                 payloadFileName: path.basename(payloadFile),
-                payloadFilePath: payloadFile,
+                payloadFilePath: rawPayload._payloadPath,
                 configArg,
                 skipSchemaCheck,
                 workingDir: cwd
@@ -216,6 +245,37 @@ module.exports = {
             summary.schemaValidation = schemaResult;
             summary.config.config = configArg || null;
 
+            // Derivasi field projections dan embed ke payload sebagai _fieldProjections.
+            // Template membaca ini untuk emit schemaFields/readableFields/datatablesFields.
+            // Fallback ke fieldName bila DB tidak tersedia (skipSchemaCheck atau projectionInputs absent).
+            {
+                const fn = payload.fieldName || [];
+                let fieldProjections;
+                if (schemaResult.status === 'ok' && schemaResult.projectionInputs) {
+                    fieldProjections = deriveFieldProjections({
+                        fieldName: fn,
+                        physicalColumns: schemaResult.projectionInputs.physicalColumns,
+                        readSourceColumns: schemaResult.projectionInputs.readSourceColumns,
+                        datatablesColumns: schemaResult.projectionInputs.datatablesColumns,
+                        overrides: {
+                            readableFields: payload.readableFields,
+                            datatablesFields: payload.datatablesFields
+                        }
+                    });
+                } else {
+                    // skipSchemaCheck atau projectionInputs tidak tersedia:
+                    // fallback langsung ke fieldName untuk semua proyeksi tanpa DB.
+                    // Override payload.readableFields / datatablesFields diterapkan bila ada.
+                    fieldProjections = {
+                        schemaFields: fn.slice(),
+                        readableFields: payload.readableFields || fn.slice(),
+                        datatablesFields: payload.datatablesFields || fn.slice()
+                    };
+                }
+                augmentProjectionsForSoftDelete(fieldProjections, payload);
+                payload._fieldProjections = fieldProjections;
+            }
+
             const registry = projectRegistry.loadProjectRegistry();
             if (registry.projects[project]) {
                 const existing = registry.projects[project];
@@ -312,6 +372,9 @@ module.exports = {
             // cli-entry.js men-print `Error: <message>` ke stderr saat handler
             // re-throw (lihat handler dispatch). Jangan double-print di sini.
             if (muted) cliOutput.unmute();
+            if (summary && summary.config) {
+                cliOutput.printCreatePartial(summary);
+            }
             throw error;
         }
     }

package/generators/cli/payload/sync.js

@@ -32,10 +32,11 @@ module.exports = {
             description: 'Sync only a specific table (default: all)'
         },
         'expand-fk': {
-            type: 'boolean',
+            type: 'string',
             required: false,
-            default: false,
-            description: 'Generate JOIN configuration from foreign keys: creates SQL file query/<table>-join.sql and sets datatablesQuery/viewQuery to that file. Opt-in; without this flag sync behavior is unchanged. Requires --table. If --fk-columns is empty, display columns per FK are auto-selected (name → code → primary key)'
+            default: null,
+            bareDefault: 'both',
+            description: 'Generate JOIN configuration from foreign keys: creates SQL file query/<table>-join.sql. Values: "both" (updates datatablesQuery and viewQuery) or "datatables-only" (updates datatablesQuery only, viewQuery unchanged). Bare --expand-fk (without value) defaults to "both". Requires --table. If --fk-columns is empty, display columns per FK are auto-selected (name → code → primary key)'
         },
         'fk-columns': {
             type: 'string',
@@ -47,16 +48,25 @@ module.exports = {
     examples: [
         'npx restforge payload sync --config=db.env',
         'npx restforge payload sync --config=db.env --table=users',
-        'npx restforge payload sync --table=visitors --expand-fk',
-        'npx restforge payload sync --table=visitors --expand-fk --fk-columns=visitor_categories.category_code,visitor_categories.category_name'
+        'npx restforge payload sync --table=visitors --expand-fk=both',
+        'npx restforge payload sync --table=visitors --expand-fk=datatables-only',
+        'npx restforge payload sync --table=visitors --expand-fk=both --fk-columns=visitor_categories.category_code,visitor_categories.category_name'
     ],
     async handler(args) {
+        const expandFkRaw = args['expand-fk'];
+        let expandFkMode = null;
+        if (expandFkRaw === 'both' || expandFkRaw === 'datatables-only') {
+            expandFkMode = expandFkRaw;
+        } else if (expandFkRaw !== null && expandFkRaw !== undefined) {
+            throw new Error(`Invalid --expand-fk value "${expandFkRaw}". Valid values: both, datatables-only`);
+        }
+
         const generator = new PayloadGenerator();
         await generator.run({
             config: args.config,
             table: args.table || null,
             sync: true,
-            expandFk: args['expand-fk'] === true,
+            expandFkMode,
             fkColumns: args['fk-columns'] || null
         });
     }

package/generators/cli/project/auth.js

@@ -7,8 +7,8 @@
  * RESTForge yang sudah ada. Setelah validasi prasyarat (phase 00), handler
  * menulis dua file SDF auth ber-prefix `rfx` ke `--schema-path` (Fungsi 1),
  * lalu membuat tabelnya di DB via primitif dbschema-kit langsung (Fungsi 2),
- * lalu menulis component middleware + router auth tanpa google (Fungsi 3a),
- * lalu menulis keenam processor auth tanpa google (Fungsi 3b), lalu
+ * lalu menulis component middleware + router auth termasuk route google (Fungsi 3a),
+ * lalu menulis ketujuh processor auth termasuk google (Fungsi 3b), lalu
  * menginjeksi variabel env auth ke `--config` dan memverifikasi/mencatat
  * dependency runtime `bcrypt`+`jsonwebtoken` (Fungsi tambahan, phase 05),
  * lalu mencetak ringkasan akhir.

package/generators/cli/project/sdk.js

@@ -0,0 +1,112 @@
+'use strict';
+
+/**
+ * Contract: project sdk
+ *
+ * Menghasilkan SDK JavaScript untuk satu project RESTForge — satu layer tipis di
+ * atas REST API hasil generate, dipakai frontend apa pun tanpa menulis ulang
+ * boilerplate fetch/$.ajax.
+ *
+ * Rujukan desain: docs/plan/sdk-generator-command.md.
+ *
+ * Versi awal:
+ * - TANPA auth (flag --with-auth & core/auth-client.js menyusul terpisah).
+ * - --generate hanya MENULIS source buildable (src/, package.json, tsup.config.js);
+ *   `npm install && npm run build` adalah langkah terpisah milik user.
+ * - Sumber kebenaran resource = metadata/<project>.json (key endpoint = slug = segment route).
+ */
+
+const { validateSafeName } = require('../../lib/utils/path-validator');
+const { generateSdk, resolveBaseUrl } = require('../../lib/sdk/generator');
+
+module.exports = {
+    resource: 'project',
+    verb: 'sdk',
+    description: 'Generate a JavaScript SDK for a project (derived from backend metadata + payload)',
+    category: 'generation',
+    flags: {
+        project: {
+            type: 'string',
+            required: true,
+            description: 'Target project name (also the SDK package name)'
+        },
+        generate: {
+            type: 'boolean',
+            required: true,
+            description: 'Trigger SDK source generation'
+        },
+        'sdk-path': {
+            type: 'string',
+            required: false,
+            default: null,
+            description: 'Output folder for the SDK source (default: <project-root>/sdk)'
+        },
+        'base-url': {
+            type: 'string',
+            required: false,
+            default: null,
+            description: 'Override the API base URL baked into sdk-client.js (default: derived from the project config)'
+        },
+        force: {
+            type: 'boolean',
+            required: false,
+            default: false,
+            description: 'Overwrite existing SDK source'
+        }
+    },
+    examples: [
+        'npx restforge project sdk --generate --project=myapp',
+        'npx restforge project sdk --generate --project=myapp --sdk-path=./client-sdk',
+        'npx restforge project sdk --generate --project=myapp --force'
+    ],
+    async handler(args) {
+        const project = validateSafeName(args.project, 'project');
+
+        if (args.generate !== true) {
+            const err = new Error('The --generate flag must be set to run SDK generation.');
+            err.exitCode = 2;
+            throw err;
+        }
+
+        const workingDir = process.cwd();
+
+        console.log('');
+        console.log(`Generating SDK for project '${project}'...`);
+        console.log('');
+
+        const baseUrl = resolveBaseUrl({
+            workingDir,
+            project,
+            override: args['base-url'],
+            log: (line) => console.log(`  ${line}`)
+        });
+
+        const result = generateSdk({
+            workingDir,
+            project,
+            sdkPath: args['sdk-path'],
+            baseUrl,
+            force: args.force === true,
+            log: (line) => console.log(`  ${line}`)
+        });
+
+        console.log('');
+        console.log('==========================================');
+        console.log('SDK GENERATION COMPLETE');
+        console.log('==========================================');
+        console.log(`Project   : ${project}`);
+        console.log(`Output    : ${result.outputDir}`);
+        console.log(`Base URL  : ${result.baseUrl}`);
+        console.log(`Auth      : ${result.hasAuth ? 'enabled (client.auth)' : 'none'}`);
+        console.log(`Resources : ${result.resources.length} (${result.resources.join(', ')})`);
+        console.log('');
+        console.log('Next steps (optional, owned by you):');
+        console.log(`  cd ${result.outputDir}`);
+        console.log('  npm install');
+        console.log('  npm run build');
+        console.log('  npm run deploy        # copy into a frontend app js/ folder (asks for target)');
+        console.log('  # or: node deploy.mjs <target-app-js-folder>');
+        console.log('==========================================');
+        console.log('');
+    }
+};

package/generators/lib/arg-parser.js

@@ -119,6 +119,12 @@ function parseArgs(argv, contract) {
 
             if (!valueProvided) {
                 if (i + 1 >= argv.length || argv[i + 1].startsWith('--')) {
+                    if (flagDef.bareDefault !== undefined) {
+                        args[flagName] = flagDef.bareDefault;
+                        seenFlags.add(flagName);
+                        i += 1;
+                        continue;
+                    }
                     errors.push(`Flag --${flagName} requires a value`);
                     i += 1;
                     continue;

package/generators/lib/auth/processor-generator.js

@@ -1,13 +1,15 @@
 'use strict';
 
 /**
- * Generator processor auth (Fungsi 3b). Merender keenam aset template di
+ * Generator processor auth (Fungsi 3b). Merender aset template di
  * `templates/processor/` via template-renderer (Phase 03), lalu menulis ke
  * lokasi target memakai writeFileWithBackup — perilaku force/skip identik
  * Fungsi 1/3a: tanpa --force file existing di-skip, dengan --force
  * di-overwrite + backup.
  *
- * `google.js` TIDAK disertakan (keputusan #5 campaign).
+ * `google.js` (Sign in with Google) disertakan; endpoint membutuhkan
+ * GOOGLE_CLIENT_ID di env (di-inject env-injector) dan ID token dari Google
+ * Identity Services di sisi frontend.
  */
 
 const fs = require('fs');
@@ -19,7 +21,7 @@ const { AUTH_USER_TABLE, AUTH_REFRESH_TOKEN_TABLE, AUTH_MIDDLEWARE_NAME } = requ
 
 const TEMPLATES_DIR = path.join(__dirname, 'templates', 'processor');
 
-const PROCESSOR_NAMES = ['register', 'login', 'refresh', 'logout', 'me', 'reset-password'];
+const PROCESSOR_NAMES = ['register', 'login', 'google', 'refresh', 'logout', 'me', 'reset-password'];
 
 const PARAMS = {
     AUTH_USER_TABLE,

package/generators/lib/auth/templates/processor/google.js.tmpl

@@ -0,0 +1,178 @@
+'use strict';
+
+/**
+ * Processor: google (Sign in with Google)
+ * Verifikasi Google ID token, lalu find-or-create user (identitas = email) dan
+ * terbitkan JWT access token + refresh token (sama seperti login biasa).
+ * Method: POST  body: { credential: "<google-id-token>" }
+ *
+ * Verifikasi ID token memakai endpoint tokeninfo Google (tanpa dependensi npm
+ * tambahan). Untuk produksi, pertimbangkan google-auth-library (verifikasi JWKS
+ * lokal) agar tidak bergantung pada round-trip ke Google tiap request.
+ */
+
+const bcrypt = require('bcrypt');
+const crypto = require('crypto');
+const {
+  generateAccessToken,
+  getAccessTokenExpiryMin
+} = require('../../../../components/handlers/{{AUTH_MIDDLEWARE_NAME}}');
+
+const BCRYPT_ROUNDS = 12;
+
+function getRefreshExpiryDays() {
+  return parseInt(process.env.REFRESH_TOKEN_EXPIRY_DAYS || '30', 10);
+}
+
+async function verifyGoogleIdToken(credential) {
+  const url = 'https://oauth2.googleapis.com/tokeninfo?id_token=' + encodeURIComponent(credential);
+  const res = await fetch(url);
+  if (!res.ok) return null;
+  return res.json();
+}
+
+module.exports = {
+  async process(input, services, req) {
+    const { db, logger } = services;
+
+    try {
+      const { credential } = input;
+
+      if (!credential) {
+        return {
+          success: false,
+          statusCode: 400,
+          message: 'Field credential (Google ID token) is required.',
+          timestamp: new Date().toISOString()
+        };
+      }
+
+      const clientId = process.env.GOOGLE_CLIENT_ID;
+      if (!clientId) {
+        return {
+          success: false,
+          statusCode: 501,
+          message: 'Google login is not configured on the server (GOOGLE_CLIENT_ID is empty).',
+          timestamp: new Date().toISOString()
+        };
+      }
+
+      const info = await verifyGoogleIdToken(credential);
+      if (!info || !info.email) {
+        return {
+          success: false,
+          statusCode: 401,
+          message: 'Invalid Google token.',
+          timestamp: new Date().toISOString()
+        };
+      }
+
+      // Pastikan token memang ditujukan untuk aplikasi ini.
+      if (info.aud !== clientId) {
+        return {
+          success: false,
+          statusCode: 401,
+          message: 'Google token was not issued for this application.',
+          timestamp: new Date().toISOString()
+        };
+      }
+
+      // Google menandai email_verified sebagai string 'true'.
+      if (info.email_verified !== 'true' && info.email_verified !== true) {
+        return {
+          success: false,
+          statusCode: 403,
+          message: 'Google email is not verified.',
+          timestamp: new Date().toISOString()
+        };
+      }
+
+      const email = String(info.email).toLowerCase();
+      const fullName = info.name || null;
+
+      // Identitas = email. Satukan dengan akun manual ber-email sama.
+      const rows = await db.executeQuery(
+        `SELECT user_id, username, email, full_name, is_active, is_locked
+         FROM public.{{AUTH_USER_TABLE}} WHERE username = $1`,
+        [email]
+      );
+      let user = rows[0] || null;
+
+      if (user) {
+        if (!user.is_active || user.is_locked) {
+          return {
+            success: false,
+            statusCode: 403,
+            message: 'Account is inactive or locked.',
+            timestamp: new Date().toISOString()
+          };
+        }
+        await db.executeQuery(
+          `UPDATE public.{{AUTH_USER_TABLE}}
+           SET last_login_at = NOW(), failed_login_count = 0, updated_at = NOW()
+           WHERE user_id = $1`,
+          [user.user_id]
+        );
+      } else {
+        // User baru via Google: password acak (tidak dapat dipakai login manual
+        // sampai user reset password). password_hash tetap non-null sesuai schema.
+        const randomPw = crypto.randomBytes(32).toString('hex');
+        const passwordHash = await bcrypt.hash(randomPw, BCRYPT_ROUNDS);
+        const userId = crypto.randomUUID();
+
+        await db.executeQuery(
+          `INSERT INTO public.{{AUTH_USER_TABLE}}
+              (user_id, username, email, full_name, password_hash,
+               is_active, is_locked, failed_login_count,
+               last_login_at, password_changed_at, created_at)
+           VALUES ($1, $2, $3, $4, $5, TRUE, FALSE, 0, NOW(), NOW(), NOW())`,
+          [userId, email, email, fullName, passwordHash]
+        );
+
+        user = { user_id: userId, username: email, email: email, full_name: fullName };
+      }
+
+      const accessToken = generateAccessToken(user);
+      const expiresIn = getAccessTokenExpiryMin() * 60;
+
+      const refreshTokenRaw = `${user.user_id}:${crypto.randomBytes(64).toString('hex')}`;
+      const refreshTokenHash = await bcrypt.hash(refreshTokenRaw, BCRYPT_ROUNDS);
+      const refreshExpiresAt = new Date();
+      refreshExpiresAt.setDate(refreshExpiresAt.getDate() + getRefreshExpiryDays());
+
+      await db.executeQuery(
+        `INSERT INTO public.{{AUTH_REFRESH_TOKEN_TABLE}}
+            (token_id, user_id, token_hash, expires_at, created_at)
+         VALUES ($1, $2, $3, $4, NOW())`,
+        [crypto.randomUUID(), user.user_id, refreshTokenHash, refreshExpiresAt]
+      );
+
+      return {
+        success: true,
+        statusCode: 200,
+        message: 'Google login successful.',
+        data: {
+          access_token: accessToken,
+          refresh_token: refreshTokenRaw,
+          token_type: 'Bearer',
+          expires_in: expiresIn,
+          user: {
+            user_id: user.user_id,
+            username: user.username,
+            email: user.email,
+            full_name: user.full_name
+          }
+        },
+        timestamp: new Date().toISOString()
+      };
+    } catch (error) {
+      logger.error({ error: error.message }, '[auth-google] Unexpected error');
+      return {
+        success: false,
+        statusCode: 500,
+        message: 'An internal server error occurred.',
+        timestamp: new Date().toISOString()
+      };
+    }
+  }
+};

package/generators/lib/auth/templates/processor/login.js.tmpl

@@ -31,7 +31,7 @@ module.exports = {
         return {
           success: false,
           statusCode: 400,
-          message: 'Field username dan password wajib diisi.',
+          message: 'Username and password are required.',
           timestamp: new Date().toISOString()
         };
       }
@@ -49,7 +49,7 @@ module.exports = {
         return {
           success: false,
           statusCode: 401,
-          message: 'Username atau password salah.',
+          message: 'Invalid username or password.',
           timestamp: new Date().toISOString()
         };
       }
@@ -58,7 +58,7 @@ module.exports = {
         return {
           success: false,
           statusCode: 403,
-          message: 'Akun tidak aktif. Hubungi administrator.',
+          message: 'Account is inactive. Contact administrator.',
           timestamp: new Date().toISOString()
         };
       }
@@ -67,7 +67,7 @@ module.exports = {
         return {
           success: false,
           statusCode: 403,
-          message: 'Akun terkunci karena terlalu banyak percobaan login gagal. Hubungi administrator.',
+          message: 'Account locked due to too many failed login attempts. Contact administrator.',
           timestamp: new Date().toISOString()
         };
       }
@@ -86,8 +86,8 @@ module.exports = {
         );
 
         const message = shouldLock
-          ? 'Akun terkunci karena terlalu banyak percobaan login gagal. Hubungi administrator.'
-          : `Username atau password salah. Sisa percobaan: ${MAX_FAILED_LOGIN - newFailedCount}.`;
+          ? 'Account locked due to too many failed login attempts. Contact administrator.'
+          : `Invalid username or password. Attempts remaining: ${MAX_FAILED_LOGIN - newFailedCount}.`;
 
         return {
           success: false,
@@ -124,7 +124,7 @@ module.exports = {
       return {
         success: true,
         statusCode: 200,
-        message: 'Login berhasil.',
+        message: 'Login successful.',
         data: {
           access_token: accessToken,
           refresh_token: refreshTokenRaw,
@@ -144,7 +144,7 @@ module.exports = {
       return {
         success: false,
         statusCode: 500,
-        message: 'Terjadi kesalahan internal pada server.',
+        message: 'An internal server error occurred.',
         timestamp: new Date().toISOString()
       };
     }

package/generators/lib/auth/templates/processor/logout.js.tmpl

@@ -42,7 +42,7 @@ module.exports = {
       return {
         success: true,
         statusCode: 200,
-        message: 'Logout berhasil.',
+        message: 'Logout successful.',
         timestamp: new Date().toISOString()
       };
     } catch (error) {
@@ -50,7 +50,7 @@ module.exports = {
       return {
         success: false,
         statusCode: 500,
-        message: 'Terjadi kesalahan internal pada server.',
+        message: 'An internal server error occurred.',
         timestamp: new Date().toISOString()
       };
     }

package/generators/lib/auth/templates/processor/me.js.tmpl

@@ -39,7 +39,7 @@ module.exports = {
         return {
           success: false,
           statusCode: 404,
-          message: 'User tidak ditemukan.',
+          message: 'User not found.',
           timestamp: new Date().toISOString()
         };
       }
@@ -56,7 +56,7 @@ module.exports = {
       return {
         success: false,
         statusCode: 500,
-        message: 'Terjadi kesalahan internal pada server.',
+        message: 'An internal server error occurred.',
         timestamp: new Date().toISOString()
       };
     }

package/generators/lib/auth/templates/processor/refresh.js.tmpl

@@ -31,7 +31,7 @@ module.exports = {
         return {
           success: false,
           statusCode: 400,
-          message: 'Field refresh_token wajib diisi.',
+          message: 'refresh_token is required.',
           timestamp: new Date().toISOString()
         };
       }
@@ -41,7 +41,7 @@ module.exports = {
         return {
           success: false,
           statusCode: 401,
-          message: 'Refresh token tidak valid.',
+          message: 'Invalid refresh token.',
           timestamp: new Date().toISOString()
         };
       }
@@ -66,7 +66,7 @@ module.exports = {
         return {
           success: false,
           statusCode: 401,
-          message: 'Refresh token tidak valid atau sudah kedaluwarsa.',
+          message: 'Invalid or expired refresh token.',
           timestamp: new Date().toISOString()
         };
       }
@@ -83,7 +83,7 @@ module.exports = {
         return {
           success: false,
           statusCode: 403,
-          message: 'User tidak aktif atau terkunci.',
+          message: 'User account is inactive or locked.',
           timestamp: new Date().toISOString()
         };
       }
@@ -112,7 +112,7 @@ module.exports = {
       return {
         success: true,
         statusCode: 200,
-        message: 'Token berhasil diperbarui.',
+        message: 'Token refreshed successfully.',
         data: {
           access_token: accessToken,
           refresh_token: newRefreshRaw,
@@ -126,7 +126,7 @@ module.exports = {
       return {
         success: false,
         statusCode: 500,
-        message: 'Terjadi kesalahan internal pada server.',
+        message: 'An internal server error occurred.',
         timestamp: new Date().toISOString()
       };
     }