lapeh 2.2.9 → 2.3.2

package/api-testing-tujuhbelas/scripts/verify-rbac-functional.js

@@ -1,187 +0,0 @@
-
-// const fetch = require('node:fetch'); // Or native fetch in Node 18+
-
-const BASE_URL = 'http://localhost:8000/api';
-let TOKEN = '';
-let USER_ID = '';
-let ROLE_ID = '';
-let PERMISSION_ID = '';
-
-async function request(method, endpoint, body = null, token = null) {
-  const headers = { 'Content-Type': 'application/json' };
-  if (token) headers['Authorization'] = `Bearer ${token}`;
-  
-  const config = { method, headers };
-  if (body) config.body = JSON.stringify(body);
-
-  try {
-    const res = await fetch(`${BASE_URL}${endpoint}`, config);
-    const data = await res.json();
-    return { status: res.status, data };
-  } catch (err) {
-    console.error(`Error requesting ${endpoint}:`, err.message);
-    return null;
-  }
-}
-
-async function run() {
-  console.log('🚀 Starting RBAC Functional Verification...');
-
-  // 0. Login as Super Admin
-  console.log('\n0️⃣  Logging in as Super Admin...');
-  const saLogin = await request('POST', '/auth/login', {
-    email: 'sa@sa.com',
-    password: 'string'
-  });
-
-  let SA_TOKEN = '';
-  if (saLogin?.status === 200) {
-    console.log('✅ SA Login successful');
-    SA_TOKEN = saLogin.data.data.token;
-  } else {
-    console.error('❌ SA Login failed:', JSON.stringify(saLogin?.data));
-    process.exit(1);
-  }
-
-  // 1. Register User
-  console.log('\n1️⃣  Registering User (Tester)...');
-  const regRes = await request('POST', '/auth/register', {
-    email: 'testrbac@example.com',
-    name: 'RBAC Tester',
-    password: 'password123',
-    confirmPassword: 'password123'
-  });
-  
-  if (regRes?.status === 200 || regRes?.status === 201) {
-    console.log('✅ Registered successfully');
-    USER_ID = regRes.data.data.id;
-  } else if (regRes?.status === 422 && regRes.data.message.includes('Validation error')) {
-     console.log('ℹ️  User might already exist, trying login to get ID...');
-     // Login to get ID
-     const loginRes = await request('POST', '/auth/login', {
-        email: 'testrbac@example.com',
-        password: 'password123'
-      });
-      if (loginRes?.status === 200) {
-        const meRes = await request('GET', '/auth/me', null, loginRes.data.data.token);
-        USER_ID = meRes.data.data.id;
-        console.log('✅ Got existing User ID');
-      }
-  } else {
-    console.error('❌ Registration failed:', JSON.stringify(regRes?.data));
-  }
-
-  // 2. Login (as Tester) - to verify later
-  console.log('\n2️⃣  Logging in as Tester...');
-  const loginRes = await request('POST', '/auth/login', {
-    email: 'testrbac@example.com',
-    password: 'password123'
-  });
-
-  if (loginRes?.status === 200) {
-    console.log('✅ Login successful');
-    TOKEN = loginRes.data.data.token;
-  } else {
-    console.error('❌ Login failed:', JSON.stringify(loginRes?.data));
-    process.exit(1);
-  }
-
-  // 3. Create Role (Using SA Token)
-  console.log('\n3️⃣  Creating Role "tester-role"...');
-  const roleRes = await request('POST', '/rbac/roles', {
-    name: 'Tester Role',
-    slug: 'tester-role',
-    description: 'Role for automated testing'
-  }, SA_TOKEN);
-
-  if (roleRes?.status === 201 || roleRes?.status === 200) {
-    console.log('✅ Role created');
-    ROLE_ID = roleRes.data.data.id;
-  } else if (roleRes?.status === 422) { // Duplicate?
-     console.log('ℹ️  Role might already exist.');
-     const listRes = await request('GET', '/rbac/roles', null, SA_TOKEN);
-     const found = listRes.data.data.find(r => r.slug === 'tester-role');
-     if (found) {
-        ROLE_ID = found.id;
-        console.log('✅ Found existing role');
-     } else {
-        console.error('❌ Could not create or find role');
-        process.exit(1);
-     }
-  } else {
-    console.error('❌ Create role failed:', JSON.stringify(roleRes?.data));
-    process.exit(1);
-  }
-
-  // 4. Create Permission (Using SA Token)
-  console.log('\n4️⃣  Creating Permission "test.exec"...');
-  const permRes = await request('POST', '/rbac/permissions', {
-    name: 'Test Execute',
-    slug: 'test.exec',
-    description: 'Permission to execute tests'
-  }, SA_TOKEN);
-
-  if (permRes?.status === 201 || permRes?.status === 200) {
-    console.log('✅ Permission created');
-    PERMISSION_ID = permRes.data.data.id;
-  } else if (permRes?.status === 422) {
-     const listRes = await request('GET', '/rbac/permissions', null, SA_TOKEN);
-     const found = listRes.data.data.find(p => p.slug === 'test.exec');
-     if (found) {
-        PERMISSION_ID = found.id;
-        console.log('✅ Found existing permission');
-     } else {
-        console.error('❌ Could not create or find permission');
-        process.exit(1);
-     }
-  } else {
-    console.error('❌ Create permission failed:', JSON.stringify(permRes?.data));
-    process.exit(1);
-  }
-
-  // 5. Assign Permission to Role (Using SA Token)
-  console.log('\n5️⃣  Assigning Permission to Role...');
-  const assignP2R = await request('POST', '/rbac/roles/assign-permission', {
-    roleId: ROLE_ID,
-    permissionId: PERMISSION_ID
-  }, SA_TOKEN);
-
-  if (assignP2R?.status === 200) {
-    console.log('✅ Permission assigned to role');
-  } else {
-    console.error('❌ Assign permission failed:', JSON.stringify(assignP2R?.data));
-  }
-
-  // 6. Assign Role to User (Using SA Token)
-  console.log('\n6️⃣  Assigning Role to User...');
-  const assignR2U = await request('POST', '/rbac/users/assign-role', {
-    userId: USER_ID,
-    roleId: ROLE_ID
-  }, SA_TOKEN);
-
-  if (assignR2U?.status === 200) {
-    console.log('✅ Role assigned to user');
-  } else {
-    console.error('❌ Assign role failed:', JSON.stringify(assignR2U?.data));
-  }
-
-  // 7. Verify via Profile (Using Tester Token)
-  console.log('\n7️⃣  Verifying Profile...');
-  const profile = await request('GET', '/auth/me', null, TOKEN);
-  console.log('👤 User Profile:', JSON.stringify(profile.data.data));
-  
-  // 8. Cleanup (Using SA Token)
-  console.log('\n8️⃣  Cleaning up...');
-  
-  const delRole = await request('DELETE', `/rbac/roles/${ROLE_ID}`, null, SA_TOKEN);
-  if (delRole?.status === 200) console.log('✅ Role deleted');
-  else console.error('❌ Delete role failed', JSON.stringify(delRole?.data));
-
-  const delPerm = await request('DELETE', `/rbac/permissions/${PERMISSION_ID}`, null, SA_TOKEN);
-  if (delPerm?.status === 200) console.log('✅ Permission deleted');
-  else console.error('❌ Delete permission failed');
-
-  console.log('\n🎉 Verification Complete!');
-}
-
-run();

package/api-testing-tujuhbelas/src/controllers/authController.ts

@@ -1,469 +0,0 @@
-import { Request, Response } from "express";
-import bcrypt from "bcryptjs";
-import jwt from "jsonwebtoken";
-import { v4 as uuidv4 } from "uuid";
-import { prisma } from "@lapeh/core/database";
-import { sendError, sendFastSuccess } from "@lapeh/utils/response";
-import { Validator } from "@lapeh/utils/validator";
-import { getSerializer, createResponseSchema } from "@lapeh/core/serializer";
-
-export const ACCESS_TOKEN_EXPIRES_IN_SECONDS = 7 * 24 * 60 * 60;
-
-// --- Serializers ---
-
-const registerSchema = {
-  type: "object",
-  properties: {
-    id: { type: "string" },
-    email: { type: "string" },
-    name: { type: "string" },
-    role: { type: "string" },
-  },
-};
-
-const loginSchema = {
-  type: "object",
-  properties: {
-    token: { type: "string" },
-    refreshToken: { type: "string" },
-    expiresIn: { type: "integer" },
-    expiresAt: { type: "string" },
-    name: { type: "string" },
-    role: { type: "string" },
-  },
-};
-
-const userProfileSchema = {
-  type: "object",
-  properties: {
-    id: { type: "string" },
-    name: { type: "string" },
-    email: { type: "string" },
-    role: { type: "string" },
-    avatar: { type: "string", nullable: true },
-    avatar_url: { type: "string", nullable: true },
-    email_verified_at: { type: "string", format: "date-time", nullable: true },
-    created_at: { type: "string", format: "date-time", nullable: true },
-    updated_at: { type: "string", format: "date-time", nullable: true },
-  },
-};
-
-const refreshTokenSchema = {
-  type: "object",
-  properties: {
-    token: { type: "string" },
-    expiresIn: { type: "integer" },
-    expiresAt: { type: "string" },
-    name: { type: "string" },
-    role: { type: "string" },
-  },
-};
-
-const registerSerializer = getSerializer(
-  "auth-register",
-  createResponseSchema(registerSchema)
-);
-const loginSerializer = getSerializer(
-  "auth-login",
-  createResponseSchema(loginSchema)
-);
-const userProfileSerializer = getSerializer(
-  "auth-profile",
-  createResponseSchema(userProfileSchema)
-);
-const refreshTokenSerializer = getSerializer(
-  "auth-refresh",
-  createResponseSchema(refreshTokenSchema)
-);
-
-const voidSerializer = getSerializer(
-  "void",
-  createResponseSchema({ type: "null" })
-);
-
-// --- Controllers ---
-
-export async function register(req: Request, res: Response) {
-  const validator = Validator.make(req.body || {}, {
-    email: "required|email|unique:users,email",
-    name: "required|min:1",
-    password: "required|min:4",
-    confirmPassword: "required|min:4|same:password",
-  });
-
-  if (await validator.fails()) {
-    sendError(res, 422, "Validation error", validator.errors());
-    return;
-  }
-  const { email, name, password } = await validator.validated();
-  // Manual unique check removed as it is handled by validator
-  const hash = await bcrypt.hash(password, 10);
-  const user = await prisma.users.create({
-    data: {
-      email,
-      name,
-      password: hash,
-      uuid: uuidv4(),
-      created_at: new Date(),
-      updated_at: new Date(),
-    },
-  });
-
-  const defaultRole = await prisma.roles.findUnique({
-    where: { slug: "user" },
-  });
-  if (defaultRole) {
-    await prisma.user_roles.create({
-      data: {
-        user_id: user.id,
-        role_id: defaultRole.id,
-        created_at: new Date(),
-      },
-    });
-  }
-
-  sendFastSuccess(res, 200, registerSerializer, {
-    status: "success",
-    message: "Registration successful",
-    data: {
-      id: user.id.toString(),
-      email: user.email,
-      name: user.name,
-      role: defaultRole ? defaultRole.slug : "user",
-    },
-  });
-}
-
-export async function login(req: Request, res: Response) {
-  const validator = Validator.make(req.body || {}, {
-    email: "required|email",
-    password: "required|min:4",
-  });
-
-  if (await validator.fails()) {
-    sendError(res, 422, "Validation error", validator.errors());
-    return;
-  }
-  const { email, password } = await validator.validated();
-  const user = await prisma.users.findUnique({
-    where: { email },
-    include: {
-      user_roles: {
-        include: {
-          role: true,
-        },
-      },
-    },
-  });
-  if (!user) {
-    sendError(res, 401, "Email not registered", {
-      field: "email",
-      message: "Email is not registered, please register first",
-    });
-    return;
-  }
-  const ok = await bcrypt.compare(password, user.password);
-  if (!ok) {
-    sendError(res, 401, "Invalid credentials", {
-      field: "password",
-      message: "The password you entered is incorrect",
-    });
-    return;
-  }
-  const secret = process.env.JWT_SECRET;
-  if (!secret) {
-    sendError(res, 500, "Server misconfigured");
-    return;
-  }
-  const primaryUserRole =
-    user.user_roles && user.user_roles.length > 0 && user.user_roles[0].role
-      ? user.user_roles[0].role.slug
-      : "user";
-  const accessExpiresInSeconds = ACCESS_TOKEN_EXPIRES_IN_SECONDS;
-  const accessExpiresAt = new Date(
-    Date.now() + accessExpiresInSeconds * 1000
-  ).toISOString();
-  const token = jwt.sign(
-    { userId: user.id.toString(), role: primaryUserRole },
-    secret,
-    { expiresIn: accessExpiresInSeconds }
-  );
-  const refreshExpiresInSeconds = 30 * 24 * 60 * 60;
-  const refreshToken = jwt.sign(
-    {
-      userId: user.id.toString(),
-      role: primaryUserRole,
-      tokenType: "refresh",
-    },
-    secret,
-    { expiresIn: refreshExpiresInSeconds }
-  );
-  sendFastSuccess(res, 200, loginSerializer, {
-    status: "success",
-    message: "Login successful",
-    data: {
-      token,
-      refreshToken,
-      expiresIn: accessExpiresInSeconds,
-      expiresAt: accessExpiresAt,
-      name: user.name,
-      role: primaryUserRole,
-    },
-  });
-}
-
-export async function me(req: Request, res: Response) {
-  const payload = (req as any).user as { userId: string; role: string };
-  if (!payload || !payload.userId) {
-    sendError(res, 401, "Unauthorized");
-    return;
-  }
-  const user = await prisma.users.findUnique({
-    where: { id: BigInt(payload.userId) },
-    include: {
-      user_roles: {
-        include: {
-          role: true,
-        },
-      },
-    },
-  });
-  if (!user) {
-    sendError(res, 404, "User not found");
-    return;
-  }
-  const { password, remember_token, ...rest } = user as any;
-  sendFastSuccess(res, 200, userProfileSerializer, {
-    status: "success",
-    message: "User profile",
-    data: {
-      ...rest,
-      id: user.id.toString(),
-      role:
-        user.user_roles && user.user_roles.length > 0 && user.user_roles[0].role
-          ? user.user_roles[0].role.slug
-          : "user",
-    },
-  });
-}
-
-export async function logout(_req: Request, res: Response) {
-  // In a stateless JWT setup, logout is client-side (delete token).
-  // If using a whitelist/blacklist in Redis, invalidate the token here.
-  // For now, just return success.
-  sendFastSuccess(res, 200, voidSerializer, {
-    status: "success",
-    message: "Logout successful",
-    data: null,
-  });
-}
-
-export async function refreshToken(req: Request, res: Response) {
-  const validator = Validator.make(req.body || {}, {
-    refreshToken: "required|min:1",
-  });
-  if (await validator.fails()) {
-    sendError(res, 422, "Validation error", validator.errors());
-    return;
-  }
-  const secret = process.env.JWT_SECRET;
-  if (!secret) {
-    sendError(res, 500, "Server misconfigured");
-    return;
-  }
-  try {
-    const validatedData = await validator.validated();
-    const decoded = jwt.verify(validatedData.refreshToken, secret) as {
-      userId: string;
-      role: string;
-      tokenType?: string;
-      iat: number;
-      exp: number;
-    };
-    if (decoded.tokenType !== "refresh") {
-      sendError(res, 401, "Invalid refresh token");
-      return;
-    }
-    const user = await prisma.users.findUnique({
-      where: { id: BigInt(decoded.userId) },
-      include: {
-        user_roles: {
-          include: {
-            role: true,
-          },
-        },
-      },
-    });
-    if (!user) {
-      sendError(res, 401, "Invalid refresh token");
-      return;
-    }
-    const primaryUserRole =
-      user.user_roles && user.user_roles.length > 0 && user.user_roles[0].role
-        ? user.user_roles[0].role.slug
-        : "user";
-    const accessExpiresInSeconds = ACCESS_TOKEN_EXPIRES_IN_SECONDS;
-    const accessExpiresAt = new Date(
-      Date.now() + accessExpiresInSeconds * 1000
-    ).toISOString();
-    const token = jwt.sign(
-      { userId: user.id.toString(), role: primaryUserRole },
-      secret,
-      { expiresIn: accessExpiresInSeconds }
-    );
-    sendFastSuccess(res, 200, refreshTokenSerializer, {
-      status: "success",
-      message: "Token refreshed",
-      data: {
-        token,
-        expiresIn: accessExpiresInSeconds,
-        expiresAt: accessExpiresAt,
-        name: user.name,
-        role: primaryUserRole,
-      },
-    });
-  } catch {
-    sendError(res, 401, "Invalid refresh token");
-  }
-}
-
-export async function updateAvatar(req: Request, res: Response) {
-  const payload = (req as any).user as { userId: string; role: string };
-  if (!payload || !payload.userId) {
-    sendError(res, 401, "Unauthorized");
-    return;
-  }
-
-  const data = {
-    avatar: (req as any).file,
-  };
-
-  const validator = Validator.make(data, {
-    avatar: "nullable|image|mimes:jpeg,png,jpg,gif|max:2048",
-  });
-
-  if (await validator.fails()) {
-    sendError(res, 422, "Validation error", validator.errors());
-    return;
-  }
-
-  const { avatar: file } = await validator.validated();
-
-  if (!file) {
-    sendError(res, 400, "Avatar file is required");
-    return;
-  }
-  const userId = BigInt(payload.userId);
-  const avatar = file.filename;
-  const avatar_url =
-    process.env.AVATAR_BASE_URL || `/uploads/avatars/${file.filename}`;
-  const updated = await prisma.users.update({
-    where: { id: userId },
-    data: {
-      avatar,
-      avatar_url,
-      updated_at: new Date(),
-    },
-  });
-  const { password, remember_token, ...rest } = updated as any;
-  // Note: user_roles might not be fetched in update, so role defaults to "user" or fetched if needed.
-  // Ideally we should refetch or pass existing role.
-  // For now assuming role is preserved or handled by frontend state, but API should return it.
-  // Let's rely on nullable role or simple "user" fallback if not present in `updated`.
-  // Actually `update` returns what was updated. Relations are not included unless specified.
-  // For now we will return it compatible with userProfileSchema.
-
-  sendFastSuccess(res, 200, userProfileSerializer, {
-    status: "success",
-    message: "Avatar updated successfully",
-    data: {
-      ...rest,
-      id: updated.id.toString(),
-      role: payload.role, // Use role from JWT payload as it shouldn't change here
-    },
-  });
-}
-
-export async function updatePassword(req: Request, res: Response) {
-  const payload = (req as any).user as { userId: string; role: string };
-  if (!payload || !payload.userId) {
-    sendError(res, 401, "Unauthorized");
-    return;
-  }
-  const validator = Validator.make(req.body || {}, {
-    currentPassword: "required|min:4",
-    newPassword: "required|min:4",
-    confirmPassword: "required|min:4|same:newPassword",
-  });
-  if (await validator.fails()) {
-    sendError(res, 422, "Validation error", validator.errors());
-    return;
-  }
-  const { currentPassword, newPassword } = await validator.validated();
-  const user = await prisma.users.findUnique({
-    where: { id: BigInt(payload.userId) },
-  });
-  if (!user) {
-    sendError(res, 404, "User not found");
-    return;
-  }
-  const ok = await bcrypt.compare(currentPassword, user.password);
-  if (!ok) {
-    sendError(res, 401, "Invalid credentials", {
-      field: "currentPassword",
-      message: "Current password is incorrect",
-    });
-    return;
-  }
-  const hash = await bcrypt.hash(newPassword, 10);
-  await prisma.users.update({
-    where: { id: user.id },
-    data: {
-      password: hash,
-      updated_at: new Date(),
-    },
-  });
-  sendFastSuccess(res, 200, voidSerializer, {
-    status: "success",
-    message: "Password updated successfully",
-    data: null,
-  });
-}
-
-export async function updateProfile(req: Request, res: Response) {
-  const payload = (req as any).user as { userId: string; role: string };
-  if (!payload || !payload.userId) {
-    sendError(res, 401, "Unauthorized");
-    return;
-  }
-  const validator = Validator.make(req.body || {}, {
-    name: "required|min:1",
-    email: `required|email|unique:users,email,${payload.userId}`,
-  });
-  if (await validator.fails()) {
-    sendError(res, 422, "Validation error", validator.errors());
-    return;
-  }
-  const { name, email } = await validator.validated();
-  const userId = BigInt(payload.userId);
-  // Manual unique check removed as it is handled by validator
-
-  const updated = await prisma.users.update({
-    where: { id: userId },
-    data: {
-      name,
-      email,
-      updated_at: new Date(),
-    },
-  });
-  const { password, remember_token, ...rest } = updated as any;
-  sendFastSuccess(res, 200, userProfileSerializer, {
-    status: "success",
-    message: "Profile updated successfully",
-    data: {
-      ...rest,
-      id: updated.id.toString(),
-      role: payload.role, // Use role from JWT payload
-    },
-  });
-}