Change Audiens

app/api/auth/login/route.ts

@@ -5,15 +5,14 @@ import { SignJWT } from 'jose';
 
 interface User {
   id_user: number;
-  nim: string;
-  username: string;
+  username?: string;
+  nip?: string;
   password: string;
-  role: string;
+  role_user: string;
 }
 
 export async function POST(request: Request) {
   try {
-    console.log('Login request received');
     
     // Test database connection first
     try {
@@ -23,15 +22,12 @@ export async function POST(request: Request) {
         .limit(1);
       
       if (testError) {
-        console.error('Database connection error:', testError);
         return NextResponse.json(
           { error: 'Tidak dapat terhubung ke database' },
           { status: 500 }
         );
       }
-      console.log('Database connection successful');
     } catch (dbError) {
-      console.error('Database connection error:', dbError);
       return NextResponse.json(
         { error: 'Tidak dapat terhubung ke database' },
         { status: 500 }
@@ -39,31 +35,45 @@ export async function POST(request: Request) {
     }
 
     const body = await request.json();
-    console.log('Request body:', body);
     
-    const { nim, password } = body;
-    console.log('Extracted credentials:', { nim, password: '***' });
+    const { username, nip, password, role } = body;
 
-    // Validate input
-    if (!nim || !password) {
-      console.log('Missing credentials:', { nim: !!nim, password: !!password });
+    // Validate input based on role
+    if (role === 'admin') {
+      if (!username || !password) {
+        return NextResponse.json(
+          { error: 'Username dan password harus diisi' },
+          { status: 400 }
+        );
+      }
+    } else if (role === 'dosen' || role === 'kajur') {
+      if (!nip || !password) {
+        return NextResponse.json(
+          { error: 'NIP dan password harus diisi' },
+          { status: 400 }
+        );
+      }
+    } else {
       return NextResponse.json(
-        { error: 'NIM dan password harus diisi' },
+        { error: 'Role tidak valid' },
         { status: 400 }
       );
     }
 
-    // Get user by NIM
-    console.log('Querying user with NIM:', nim);
+    // Get user by username (admin) or NIP (dosen/kajur)
     let users: User[];
     try {
-      const { data, error } = await supabase
-        .from('user_app')
-        .select('*')
-        .eq('nim', nim);
+      let query = supabase.from('user_app').select('*');
+      
+      if (role === 'admin') {
+        query = query.eq('username', username);
+      } else {
+        query = query.eq('nip', nip);
+      }
+
+      const { data, error } = await query;
 
       if (error) {
-        console.error('Database query error:', error);
         return NextResponse.json(
           { error: 'Terjadi kesalahan saat memeriksa data pengguna' },
           { status: 500 }
@@ -71,9 +81,7 @@ export async function POST(request: Request) {
       }
 
       users = data || [];
-      console.log('Query result:', users.length > 0 ? 'User found' : 'User not found');
     } catch (queryError) {
-      console.error('Database query error:', queryError);
       return NextResponse.json(
         { error: 'Terjadi kesalahan saat memeriksa data pengguna' },
         { status: 500 }
@@ -81,29 +89,40 @@ export async function POST(request: Request) {
     }
 
     if (users.length === 0) {
-      console.log('No user found with NIM:', nim);
       return NextResponse.json(
-        { error: 'NIM atau password salah' },
+        { error: role === 'admin' ? 'Username atau password salah' : 'NIP atau password salah' },
         { status: 401 }
       );
     }
 
     const user = users[0];
-    console.log('User found:', { 
-      id: user.id_user, 
-      nim: user.nim, 
-      username: user.username, 
-      role: user.role 
-    });
 
-    // Verify password
-    console.log('Verifying password...');
+    // Check if user role matches
+    if (user.role_user !== role) {
+      return NextResponse.json(
+        { error: 'Role tidak sesuai' },
+        { status: 401 }
+      );
+    }
+
+    // Verify password    
     let isPasswordValid;
     try {
-      isPasswordValid = await bcrypt.compare(password, user.password);
-      console.log('Password verification result:', isPasswordValid ? 'Valid' : 'Invalid');
+      // For admin, check if password is plain text (not hashed)
+      if (user.role_user === 'admin') {
+        // Check if stored password is plain text (not starting with $2a$ or $2b$)
+        if (!user.password.startsWith('$2a$') && !user.password.startsWith('$2b$')) {
+          // Plain text password - direct comparison
+          isPasswordValid = password === user.password;
+        } else {
+          // Hashed password - use bcrypt
+          isPasswordValid = await bcrypt.compare(password, user.password);
+        }
+      } else {
+        // For dosen/kajur, always use bcrypt (should be hashed)
+        isPasswordValid = await bcrypt.compare(password, user.password);
+      }
     } catch (bcryptError) {
-      console.error('Password verification error:', bcryptError);
       return NextResponse.json(
         { error: 'Terjadi kesalahan saat memverifikasi password' },
         { status: 500 }
@@ -111,28 +130,32 @@ export async function POST(request: Request) {
     }
 
     if (!isPasswordValid) {
-      console.log('Invalid password for user:', nim);
       return NextResponse.json(
-        { error: 'NIM atau password salah' },
+        { error: role === 'admin' ? 'Username atau password salah' : 'NIP atau password salah' },
         { status: 401 }
       );
     }
 
     // Create JWT token
-    console.log('Creating JWT token...');
     let token;
     try {
-      token = await new SignJWT({
+      const tokenPayload: any = {
         id: user.id_user,
-        nim: user.nim,
-        role: user.role
-      })
+        role: user.role_user
+      };
+      
+      // Add username for admin, NIP for dosen/kajur
+      if (user.role_user === 'admin') {
+        tokenPayload.username = user.username;
+      } else {
+        tokenPayload.nip = user.nip;
+      }
+      
+      token = await new SignJWT(tokenPayload)
         .setProtectedHeader({ alg: 'HS256' })
         .setExpirationTime('24h')
         .sign(new TextEncoder().encode(process.env.JWT_SECRET || 'your-secret-key'));
-      console.log('JWT token created');
     } catch (jwtError) {
-      console.error('JWT creation error:', jwtError);
       return NextResponse.json(
         { error: 'Terjadi kesalahan saat membuat token' },
         { status: 500 }
@@ -140,14 +163,20 @@ export async function POST(request: Request) {
     }
 
     // Set cookie
-    console.log('Setting response...');
+    const userResponse: any = {
+      id: user.id_user,
+      role: user.role_user
+    };
+    
+    // Add username for admin, NIP for dosen/kajur
+    if (user.role_user === 'admin') {
+      userResponse.username = user.username;
+    } else {
+      userResponse.nip = user.nip;
+    }
+    
     const response = NextResponse.json({
-      user: {
-        id: user.id_user,
-        nim: user.nim,
-        username: user.username,
-        role: user.role
-      }
+      user: userResponse
     });
 
     response.cookies.set('token', token, {
@@ -156,15 +185,11 @@ export async function POST(request: Request) {
       sameSite: 'lax',
       maxAge: 60 * 60 * 24 // 24 hours
     });
-    console.log('Cookie set');
 
-    console.log('Login process completed successfully');
     return response;
   } catch (error) {
-    console.error('Login error details:', error);
     if (error instanceof Error) {
       console.error('Error message:', error.message);
-      console.error('Error stack:', error.stack);
     }
     return NextResponse.json(
       { error: 'Terjadi kesalahan saat login' },