111 lines
3.9 KiB
JavaScript
111 lines
3.9 KiB
JavaScript
// Auth Routes - Login & User Management
|
|
import express from 'express';
|
|
import pool, { generateId } from '../db.js';
|
|
|
|
const router = express.Router();
|
|
|
|
// POST /api/login
|
|
router.post('/login', async (req, res) => {
|
|
try {
|
|
const { username, password } = req.body;
|
|
|
|
if (!username || !password) {
|
|
return res.json({ status: 'error', message: 'Username dan password harus diisi' });
|
|
}
|
|
|
|
const [rows] = await pool.query(
|
|
'SELECT id, username, fullname, role, allowed_menus FROM users WHERE username = ? AND password = ?',
|
|
[username, password]
|
|
);
|
|
|
|
if (rows.length === 0) {
|
|
return res.json({ status: 'error', message: 'Username atau password salah' });
|
|
}
|
|
|
|
const user = rows[0];
|
|
// Parse allowed_menus if it's a string
|
|
if (typeof user.allowed_menus === 'string') {
|
|
try {
|
|
user.allowed_menus = JSON.parse(user.allowed_menus);
|
|
} catch (e) {
|
|
user.allowed_menus = ['/*'];
|
|
}
|
|
}
|
|
|
|
res.json({ status: 'success', data: user });
|
|
} catch (error) {
|
|
console.error('Login error:', error);
|
|
res.json({ status: 'error', message: error.message });
|
|
}
|
|
});
|
|
|
|
// POST /api/getUsers
|
|
router.post('/getUsers', async (req, res) => {
|
|
try {
|
|
const [rows] = await pool.query(
|
|
'SELECT id, username, fullname, role, allowed_menus FROM users ORDER BY id'
|
|
);
|
|
|
|
// Parse allowed_menus for each user
|
|
const users = rows.map(user => ({
|
|
...user,
|
|
allowed_menus: typeof user.allowed_menus === 'string'
|
|
? JSON.parse(user.allowed_menus)
|
|
: user.allowed_menus
|
|
}));
|
|
|
|
res.json({ status: 'success', data: users });
|
|
} catch (error) {
|
|
console.error('Get users error:', error);
|
|
res.json({ status: 'error', message: error.message });
|
|
}
|
|
});
|
|
|
|
// POST /api/saveUser
|
|
router.post('/saveUser', async (req, res) => {
|
|
try {
|
|
const { id, username, password, fullname, role, allowed_menus } = req.body;
|
|
const menusJson = JSON.stringify(allowed_menus || ['/*']);
|
|
|
|
if (id) {
|
|
// Update existing user
|
|
if (password) {
|
|
await pool.query(
|
|
'UPDATE users SET username = ?, password = ?, fullname = ?, role = ?, allowed_menus = ? WHERE id = ?',
|
|
[username, password, fullname, role, menusJson, id]
|
|
);
|
|
} else {
|
|
await pool.query(
|
|
'UPDATE users SET username = ?, fullname = ?, role = ?, allowed_menus = ? WHERE id = ?',
|
|
[username, fullname, role, menusJson, id]
|
|
);
|
|
}
|
|
res.json({ status: 'success', message: 'User berhasil diperbarui', id });
|
|
} else {
|
|
// Create new user
|
|
const [result] = await pool.query(
|
|
'INSERT INTO users (username, password, fullname, role, allowed_menus) VALUES (?, ?, ?, ?, ?)',
|
|
[username, password || 'password123', fullname, role || 'Staf Sarpras', menusJson]
|
|
);
|
|
res.json({ status: 'success', message: 'User berhasil ditambahkan', id: result.insertId });
|
|
}
|
|
} catch (error) {
|
|
console.error('Save user error:', error);
|
|
res.json({ status: 'error', message: error.message });
|
|
}
|
|
});
|
|
|
|
// POST /api/deleteUser
|
|
router.post('/deleteUser', async (req, res) => {
|
|
try {
|
|
const { id } = req.body;
|
|
await pool.query('DELETE FROM users WHERE id = ?', [id]);
|
|
res.json({ status: 'success', message: 'User berhasil dihapus' });
|
|
} catch (error) {
|
|
console.error('Delete user error:', error);
|
|
res.json({ status: 'error', message: error.message });
|
|
}
|
|
});
|
|
|
|
export default router;
|