41 lines
1.4 KiB
PHP
41 lines
1.4 KiB
PHP
<?php
|
|
// api/controllers/AuthController.php
|
|
class AuthController {
|
|
|
|
public function index(): void { jsonError('Method tidak diizinkan', 405); }
|
|
public function show(string $id): void { jsonError('Method tidak diizinkan', 405); }
|
|
public function update(string $id): void { jsonError('Method tidak diizinkan', 405); }
|
|
public function destroy(string $id): void { jsonError('Method tidak diizinkan', 405); }
|
|
|
|
/** POST /api/auth — login */
|
|
public function store(): void {
|
|
$body = getBody();
|
|
$errs = required($body, ['username', 'password']);
|
|
if ($errs) jsonError(implode('; ', $errs));
|
|
|
|
$user = login(sanitize($body['username']), $body['password']);
|
|
if (!$user) jsonError('Username atau password salah', 401);
|
|
|
|
startSession();
|
|
$_SESSION['user'] = $user;
|
|
logActivity('login', 'user', $user['id']);
|
|
jsonSuccess($user, 'Login berhasil');
|
|
}
|
|
|
|
/** DELETE /api/auth/:any — logout */
|
|
public function logout(): void {
|
|
startSession();
|
|
$user = currentUser();
|
|
if ($user) logActivity('logout', 'user', $user['id']);
|
|
session_destroy();
|
|
jsonSuccess([], 'Logout berhasil');
|
|
}
|
|
|
|
/** GET /api/auth/me */
|
|
public function me(): void {
|
|
$user = currentUser();
|
|
if (!$user) jsonError('Tidak login', 401);
|
|
jsonSuccess($user);
|
|
}
|
|
}
|