Change Alur Aplikasi

2025-07-14 15:07:33 +07:00
parent db82b40a6b
commit 6d86e1ca2f
53 changed files with 6109 additions and 964 deletions
--- a/app/api/auth/check/route.ts
+++ b/app/api/auth/check/route.ts
@@ -10,7 +10,7 @@ export async function GET() {

    if (!token) {
      return NextResponse.json(
-        { error: 'Unauthorized' },
+        { error: 'Unauthorized', isAuthenticated: false },
        { status: 401 }
      );
    }
@@ -21,33 +21,58 @@ export async function GET() {
      new TextEncoder().encode(process.env.JWT_SECRET || 'your-secret-key')
    );

+    // Check if token is expired
+    if (payload.exp && payload.exp * 1000 < Date.now()) {
+      return NextResponse.json(
+        { error: 'Token expired', isAuthenticated: false },
+        { status: 401 }
+      );
+    }
+
    // Get user data from user_app table
    const { data: user, error } = await supabase
      .from('user_app')
-      .select('id_user, nim, username, role')
+      .select('id_user, nim, username, nip, role_user')
      .eq('id_user', payload.id)
      .single();

    if (error || !user) {
      return NextResponse.json(
-        { error: 'User not found' },
+        { error: 'User not found', isAuthenticated: false },
        { status: 404 }
      );
    }

    return NextResponse.json({
+      isAuthenticated: true,
      user: {
        id: user.id_user,
        nim: user.nim,
        username: user.username,
-        role: user.role
+        nip: user.nip,
+        role: user.role_user
+      },
+      session: {
+        expiresAt: payload.exp ? new Date(payload.exp * 1000).toISOString() : null,
+        issuedAt: payload.iat ? new Date(payload.iat * 1000).toISOString() : null
      }
    });
  } catch (error) {
    console.error('Auth check error:', error);
    return NextResponse.json(
-      { error: 'Unauthorized' },
+      { error: 'Unauthorized', isAuthenticated: false },
      { status: 401 }
    );
  }
+}
+
+// Handle OPTIONS request for CORS
+export async function OPTIONS() {
+  return NextResponse.json({}, {
+    headers: {
+      'Access-Control-Allow-Origin': '*',
+      'Access-Control-Allow-Methods': 'GET, OPTIONS',
+      'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+    }
+  });
 }