lapeh 1.0.1

package/src/controllers/rbacController.ts

@@ -0,0 +1,353 @@
+import { Request, Response } from "express";
+import { prisma } from "../prisma";
+import { sendSuccess, sendError } from "../utils/response";
+
+export async function createRole(req: Request, res: Response) {
+  const { name, slug, description } = req.body || {};
+  if (!name || !slug) {
+    sendError(res, 422, "Validation error", {
+      name: !name ? ["Nama role wajib diisi"] : undefined,
+      slug: !slug ? ["Slug role wajib diisi"] : undefined,
+    });
+    return;
+  }
+  const exists = await prisma.roles.findUnique({ where: { slug } });
+  if (exists) {
+    sendError(res, 409, "Role already exists", {
+      slug: ["Slug role sudah digunakan"],
+    });
+    return;
+  }
+  const role = await prisma.roles.create({
+    data: {
+      name,
+      slug,
+      description: description || null,
+      created_at: new Date(),
+      updated_at: new Date(),
+    },
+  });
+  sendSuccess(res, 201, "Role created", role);
+}
+
+export async function listRoles(_req: Request, res: Response) {
+  const roles = await prisma.roles.findMany({
+    orderBy: { id: "asc" },
+  });
+  sendSuccess(res, 200, "Roles list", roles);
+}
+
+export async function updateRole(req: Request, res: Response) {
+  const { id } = req.params;
+  const roleId = BigInt(id);
+  const { name, slug, description } = req.body || {};
+  const role = await prisma.roles.findUnique({ where: { id: roleId } });
+  if (!role) {
+    sendError(res, 404, "Role not found");
+    return;
+  }
+  if (slug) {
+    const exists = await prisma.roles.findFirst({
+      where: {
+        slug,
+        NOT: { id: roleId },
+      },
+    });
+    if (exists) {
+      sendError(res, 409, "Role already exists", {
+        slug: ["Slug role sudah digunakan"],
+      });
+      return;
+    }
+  }
+  const updated = await prisma.roles.update({
+    where: { id: roleId },
+    data: {
+      name: name ?? role.name,
+      slug: slug ?? role.slug,
+      description: description ?? role.description,
+      updated_at: new Date(),
+    },
+  });
+  sendSuccess(res, 200, "Role updated", updated);
+}
+
+export async function deleteRole(req: Request, res: Response) {
+  const { id } = req.params;
+  const roleId = BigInt(id);
+  const role = await prisma.roles.findUnique({ where: { id: roleId } });
+  if (!role) {
+    sendError(res, 404, "Role not found");
+    return;
+  }
+  await prisma.role_permissions.deleteMany({ where: { role_id: roleId } });
+  await prisma.user_roles.deleteMany({ where: { role_id: roleId } });
+  await prisma.roles.delete({ where: { id: roleId } });
+  sendSuccess(res, 200, "Role deleted", null);
+}
+
+export async function createPermission(req: Request, res: Response) {
+  const { name, slug, description } = req.body || {};
+  if (!name || !slug) {
+    sendError(res, 422, "Validation error", {
+      name: !name ? ["Nama permission wajib diisi"] : undefined,
+      slug: !slug ? ["Slug permission wajib diisi"] : undefined,
+    });
+    return;
+  }
+  const exists = await prisma.permissions.findUnique({ where: { slug } });
+  if (exists) {
+    sendError(res, 409, "Permission already exists", {
+      slug: ["Slug permission sudah digunakan"],
+    });
+    return;
+  }
+  const permission = await prisma.permissions.create({
+    data: {
+      name,
+      slug,
+      description: description || null,
+      created_at: new Date(),
+      updated_at: new Date(),
+    },
+  });
+  sendSuccess(res, 201, "Permission created", permission);
+}
+
+export async function listPermissions(_req: Request, res: Response) {
+  const permissions = await prisma.permissions.findMany({
+    orderBy: { id: "asc" },
+  });
+  sendSuccess(res, 200, "Permissions list", permissions);
+}
+
+export async function updatePermission(req: Request, res: Response) {
+  const { id } = req.params;
+  const permissionId = BigInt(id);
+  const { name, slug, description } = req.body || {};
+  const permission = await prisma.permissions.findUnique({
+    where: { id: permissionId },
+  });
+  if (!permission) {
+    sendError(res, 404, "Permission not found");
+    return;
+  }
+  if (slug) {
+    const exists = await prisma.permissions.findFirst({
+      where: {
+        slug,
+        NOT: { id: permissionId },
+      },
+    });
+    if (exists) {
+      sendError(res, 409, "Permission already exists", {
+        slug: ["Slug permission sudah digunakan"],
+      });
+      return;
+    }
+  }
+  const updated = await prisma.permissions.update({
+    where: { id: permissionId },
+    data: {
+      name: name ?? permission.name,
+      slug: slug ?? permission.slug,
+      description: description ?? permission.description,
+      updated_at: new Date(),
+    },
+  });
+  sendSuccess(res, 200, "Permission updated", updated);
+}
+
+export async function deletePermission(req: Request, res: Response) {
+  const { id } = req.params;
+  const permissionId = BigInt(id);
+  const permission = await prisma.permissions.findUnique({
+    where: { id: permissionId },
+  });
+  if (!permission) {
+    sendError(res, 404, "Permission not found");
+    return;
+  }
+  await prisma.role_permissions.deleteMany({
+    where: { permission_id: permissionId },
+  });
+  await prisma.user_permissions.deleteMany({
+    where: { permission_id: permissionId },
+  });
+  await prisma.permissions.delete({ where: { id: permissionId } });
+  sendSuccess(res, 200, "Permission deleted", null);
+}
+
+export async function assignRoleToUser(req: Request, res: Response) {
+  const { userId, roleId } = req.body || {};
+  if (!userId || !roleId) {
+    sendError(res, 422, "Validation error", {
+      userId: !userId ? ["userId wajib diisi"] : undefined,
+      roleId: !roleId ? ["roleId wajib diisi"] : undefined,
+    });
+    return;
+  }
+  const user = await prisma.users.findUnique({
+    where: { id: BigInt(userId) },
+  });
+  if (!user) {
+    sendError(res, 404, "User not found");
+    return;
+  }
+  const role = await prisma.roles.findUnique({
+    where: { id: BigInt(roleId) },
+  });
+  if (!role) {
+    sendError(res, 404, "Role not found");
+    return;
+  }
+  await prisma.user_roles.upsert({
+    where: {
+      user_id_role_id: {
+        user_id: BigInt(userId),
+        role_id: BigInt(roleId),
+      },
+    },
+    create: {
+      user_id: BigInt(userId),
+      role_id: BigInt(roleId),
+      created_at: new Date(),
+    },
+    update: {},
+  });
+  sendSuccess(res, 200, "Role assigned to user", null);
+}
+
+export async function removeRoleFromUser(req: Request, res: Response) {
+  const { userId, roleId } = req.body || {};
+  if (!userId || !roleId) {
+    sendError(res, 422, "Validation error", {
+      userId: !userId ? ["userId wajib diisi"] : undefined,
+      roleId: !roleId ? ["roleId wajib diisi"] : undefined,
+    });
+    return;
+  }
+  await prisma.user_roles.deleteMany({
+    where: {
+      user_id: BigInt(userId),
+      role_id: BigInt(roleId),
+    },
+  });
+  sendSuccess(res, 200, "Role removed from user", null);
+}
+
+export async function assignPermissionToRole(req: Request, res: Response) {
+  const { roleId, permissionId } = req.body || {};
+  if (!roleId || !permissionId) {
+    sendError(res, 422, "Validation error", {
+      roleId: !roleId ? ["roleId wajib diisi"] : undefined,
+      permissionId: !permissionId ? ["permissionId wajib diisi"] : undefined,
+    });
+    return;
+  }
+  const role = await prisma.roles.findUnique({
+    where: { id: BigInt(roleId) },
+  });
+  if (!role) {
+    sendError(res, 404, "Role not found");
+    return;
+  }
+  const permission = await prisma.permissions.findUnique({
+    where: { id: BigInt(permissionId) },
+  });
+  if (!permission) {
+    sendError(res, 404, "Permission not found");
+    return;
+  }
+  await prisma.role_permissions.upsert({
+    where: {
+      role_id_permission_id: {
+        role_id: BigInt(roleId),
+        permission_id: BigInt(permissionId),
+      },
+    },
+    create: {
+      role_id: BigInt(roleId),
+      permission_id: BigInt(permissionId),
+      created_at: new Date(),
+    },
+    update: {},
+  });
+  sendSuccess(res, 200, "Permission assigned to role", null);
+}
+
+export async function removePermissionFromRole(req: Request, res: Response) {
+  const { roleId, permissionId } = req.body || {};
+  if (!roleId || !permissionId) {
+    sendError(res, 422, "Validation error", {
+      roleId: !roleId ? ["roleId wajib diisi"] : undefined,
+      permissionId: !permissionId ? ["permissionId wajib diisi"] : undefined,
+    });
+    return;
+  }
+  await prisma.role_permissions.deleteMany({
+    where: {
+      role_id: BigInt(roleId),
+      permission_id: BigInt(permissionId),
+    },
+  });
+  sendSuccess(res, 200, "Permission removed from role", null);
+}
+
+export async function assignPermissionToUser(req: Request, res: Response) {
+  const { userId, permissionId } = req.body || {};
+  if (!userId || !permissionId) {
+    sendError(res, 422, "Validation error", {
+      userId: !userId ? ["userId wajib diisi"] : undefined,
+      permissionId: !permissionId ? ["permissionId wajib diisi"] : undefined,
+    });
+    return;
+  }
+  const user = await prisma.users.findUnique({
+    where: { id: BigInt(userId) },
+  });
+  if (!user) {
+    sendError(res, 404, "User not found");
+    return;
+  }
+  const permission = await prisma.permissions.findUnique({
+    where: { id: BigInt(permissionId) },
+  });
+  if (!permission) {
+    sendError(res, 404, "Permission not found");
+    return;
+  }
+  await prisma.user_permissions.upsert({
+    where: {
+      user_id_permission_id: {
+        user_id: BigInt(userId),
+        permission_id: BigInt(permissionId),
+      },
+    },
+    create: {
+      user_id: BigInt(userId),
+      permission_id: BigInt(permissionId),
+      created_at: new Date(),
+    },
+    update: {},
+  });
+  sendSuccess(res, 200, "Permission assigned to user", null);
+}
+
+export async function removePermissionFromUser(req: Request, res: Response) {
+  const { userId, permissionId } = req.body || {};
+  if (!userId || !permissionId) {
+    sendError(res, 422, "Validation error", {
+      userId: !userId ? ["userId wajib diisi"] : undefined,
+      permissionId: !permissionId ? ["permissionId wajib diisi"] : undefined,
+    });
+    return;
+  }
+  await prisma.user_permissions.deleteMany({
+    where: {
+      user_id: BigInt(userId),
+      permission_id: BigInt(permissionId),
+    },
+  });
+  sendSuccess(res, 200, "Permission removed from user", null);
+}

package/src/index.ts

@@ -0,0 +1,29 @@
+import dotenv from "dotenv";
+dotenv.config();
+import { app } from "./server";
+import http from "http";
+import { initRealtime } from "./realtime";
+import { useRedis, pingRedis } from "./redis";
+
+const port = process.env.PORT ? Number(process.env.PORT) : 4000;
+const server = http.createServer(app);
+
+initRealtime(server);
+
+server.listen(port, () => {
+  (async () => {
+    if (!useRedis) {
+      console.log("Redis not configured, using in-memory cache");
+    } else {
+      const ok = await pingRedis();
+      if (ok) {
+        console.log(`Redis connected at ${process.env.REDIS_URL}`);
+      } else {
+        console.log(
+          `Redis configured at ${process.env.REDIS_URL}, but not reachable. Using in-memory cache`
+        );
+      }
+    }
+    console.log(`API running at http://localhost:${port}`);
+  })();
+});

package/src/middleware/auth.ts

@@ -0,0 +1,56 @@
+import { Request, Response, NextFunction } from "express";
+import jwt from "jsonwebtoken";
+import { sendError } from "../utils/response";
+import { ACCESS_TOKEN_EXPIRES_IN_SECONDS } from "../controllers/authController";
+
+export function requireAuth(req: Request, res: Response, next: NextFunction) {
+  const header = req.headers.authorization;
+  if (!header || !header.startsWith("Bearer ")) {
+    sendError(res, 401, "Unauthorized");
+    return;
+  }
+  const token = header.slice(7);
+  const secret = process.env.JWT_SECRET;
+  if (!secret) {
+    sendError(res, 500, "Server misconfigured");
+    return;
+  }
+  try {
+    const payload = jwt.verify(token, secret) as {
+      userId: string;
+      role: string;
+    };
+    (req as any).user = { userId: payload.userId, role: payload.role };
+
+    const accessExpiresInSeconds = ACCESS_TOKEN_EXPIRES_IN_SECONDS;
+    const accessExpiresAt = new Date(
+      Date.now() + accessExpiresInSeconds * 1000
+    ).toISOString();
+    const newToken = jwt.sign(
+      { userId: payload.userId, role: payload.role },
+      secret,
+      { expiresIn: accessExpiresInSeconds }
+    );
+    res.setHeader("x-access-token", newToken);
+    res.setHeader("x-access-expires-at", accessExpiresAt);
+
+    next();
+  } catch {
+    sendError(res, 401, "Invalid token");
+  }
+}
+
+export function requireAdmin(req: Request, res: Response, next: NextFunction) {
+  const user = (req as any).user as
+    | { userId: string; role: string }
+    | undefined;
+  if (!user) {
+    sendError(res, 401, "Unauthorized");
+    return;
+  }
+  if (user.role !== "admin" && user.role !== "super_admin") {
+    sendError(res, 403, "Forbidden");
+    return;
+  }
+  next();
+}

package/src/middleware/error.ts

@@ -0,0 +1,8 @@
+import { Request, Response, NextFunction } from "express"
+import { sendError } from "../utils/response"
+export function errorHandler(err: any, _req: Request, res: Response, _next: NextFunction) {
+  const code = err.statusCode || 500
+  const msg = err.message || "Internal Server Error"
+  sendError(res, code, msg)
+}
+

package/src/middleware/visitor.ts

@@ -0,0 +1,180 @@
+import { Request, Response, NextFunction } from "express";
+import { v4 as uuidv4 } from "uuid";
+import { redis, useRedis } from "../redis";
+
+type DayMemoryStats = {
+  requests: number;
+  newVisitors: number;
+  visitors: Set<string>;
+  newVisitorsMobile: number;
+  visitorsMobile: Set<string>;
+  ipAddresses: number;
+  ipSet: Set<string>;
+  sessions: number;
+  sessionSet: Set<string>;
+};
+
+const memoryStats = new Map<string, DayMemoryStats>();
+const globalVisitors = new Set<string>();
+
+function formatDateKey(d: Date) {
+  const dd = String(d.getDate()).padStart(2, "0");
+  const mm = String(d.getMonth() + 1).padStart(2, "0");
+  const yyyy = d.getFullYear();
+  return `${dd}-${mm}-${yyyy}`;
+}
+
+function parseCookies(header: string | undefined) {
+  const cookies: Record<string, string> = {};
+  if (!header) return cookies;
+  const parts = header.split(";");
+  for (const part of parts) {
+    const [k, v] = part.split("=").map((s) => s.trim());
+    if (k && v) cookies[k] = decodeURIComponent(v);
+  }
+  return cookies;
+}
+
+function isMobileUserAgent(ua: string | undefined) {
+  if (!ua) return false;
+  return /Mobile|Android|iPhone|iPad|iPod/i.test(ua);
+}
+
+export async function visitorCounter(
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  const now = new Date();
+  const dateKey = formatDateKey(now);
+  const ip =
+    req.ip ||
+    (req.headers["x-forwarded-for"] as string | undefined) ||
+    req.socket.remoteAddress ||
+    "";
+  const userAgent = req.headers["user-agent"] as string | undefined;
+  const mobile = isMobileUserAgent(userAgent);
+
+  const cookies = parseCookies(req.headers.cookie);
+  let visitorId = cookies["visitor_id"];
+  if (!visitorId) {
+    visitorId = uuidv4();
+    res.cookie("visitor_id", visitorId, {
+      httpOnly: true,
+      sameSite: "lax",
+      maxAge: 365 * 24 * 60 * 60 * 1000,
+    });
+  }
+
+  let sessionId = cookies["visitor_session_id"];
+  if (!sessionId) {
+    sessionId = uuidv4();
+    res.cookie("visitor_session_id", sessionId, {
+      httpOnly: true,
+      sameSite: "lax",
+    });
+  }
+
+  if (useRedis && redis) {
+    const base = dateKey;
+    const kRequests = `requests-${base}`;
+    const kNewVisitors = `new-visitors-${base}`;
+    const kVisitors = `visitors-${base}`;
+    const kNewVisitorsMobile = `new-visitors-from-mobile-${base}`;
+    const kVisitorsMobile = `visitors-from-mobile-${base}`;
+    const kIpAddresses = `ip-addresses-${base}`;
+    const kSessions = `sessions-${base}`;
+    const kVisitorsSet = `visitors-set-${base}`;
+    const kVisitorsMobileSet = `visitors-from-mobile-set-${base}`;
+    const kIpSet = `ip-addresses-set-${base}`;
+    const kSessionsSet = `sessions-set-${base}`;
+    const kVisitorsAll = `visitors-all`;
+
+    try {
+      await redis.incr(kRequests);
+
+      const isNewEver = await redis.sadd(kVisitorsAll, visitorId);
+      if (isNewEver === 1) {
+        await redis.incr(kNewVisitors);
+      }
+
+      const addedVisitor = await redis.sadd(kVisitorsSet, visitorId);
+      if (addedVisitor === 1) {
+        await redis.incr(kVisitors);
+      }
+
+      if (mobile) {
+        const addedMobileVisitor = await redis.sadd(
+          kVisitorsMobileSet,
+          visitorId
+        );
+        if (addedMobileVisitor === 1) {
+          await redis.incr(kVisitorsMobile);
+        }
+        if (isNewEver === 1) {
+          await redis.incr(kNewVisitorsMobile);
+        }
+      }
+
+      if (ip) {
+        const addedIp = await redis.sadd(kIpSet, ip);
+        if (addedIp === 1) {
+          await redis.incr(kIpAddresses);
+        }
+      }
+
+      const addedSession = await redis.sadd(kSessionsSet, sessionId);
+      if (addedSession === 1) {
+        await redis.incr(kSessions);
+      }
+    } catch {
+    }
+  } else {
+    let stats = memoryStats.get(dateKey);
+    if (!stats) {
+      stats = {
+        requests: 0,
+        newVisitors: 0,
+        visitors: new Set<string>(),
+        newVisitorsMobile: 0,
+        visitorsMobile: new Set<string>(),
+        ipAddresses: 0,
+        ipSet: new Set<string>(),
+        sessions: 0,
+        sessionSet: new Set<string>(),
+      };
+      memoryStats.set(dateKey, stats);
+    }
+
+    stats.requests += 1;
+
+    if (!globalVisitors.has(visitorId)) {
+      globalVisitors.add(visitorId);
+      stats.newVisitors += 1;
+      if (mobile) {
+        stats.newVisitorsMobile += 1;
+      }
+    }
+
+    if (!stats.visitors.has(visitorId)) {
+      stats.visitors.add(visitorId);
+    }
+
+    if (mobile && !stats.visitorsMobile.has(visitorId)) {
+      stats.visitorsMobile.add(visitorId);
+    }
+
+    if (ip && !stats.ipSet.has(ip)) {
+      stats.ipSet.add(ip);
+      stats.ipAddresses += 1;
+    }
+
+    if (!stats.sessionSet.has(sessionId)) {
+      stats.sessionSet.add(sessionId);
+      stats.sessions += 1;
+    }
+  }
+
+  next();
+}
+