First commit

app/api/auth/check/route.ts

@@ -0,0 +1,63 @@
+import { NextResponse } from 'next/server';
+import { cookies } from 'next/headers';
+import { jwtVerify } from 'jose';
+import pool from '@/lib/db';
+
+export async function GET() {
+  let connection;
+  try {
+    const token = (await (await cookies()).get('token'))?.value;
+
+    if (!token) {
+      return NextResponse.json(
+        { error: 'Unauthorized' },
+        { status: 401 }
+      );
+    }
+
+    // Verify JWT token
+    const { payload } = await jwtVerify(
+      token,
+      new TextEncoder().encode(process.env.JWT_SECRET || 'your-secret-key')
+    );
+
+    // Get connection from pool
+    connection = await pool.getConnection();
+
+    // Get user data
+    const [users]: any = await connection.execute(
+      'SELECT id_user, nim, username, role FROM user WHERE id_user = ?',
+      [payload.id]
+    );
+
+    if (users.length === 0) {
+      connection.release();
+      return NextResponse.json(
+        { error: 'User not found' },
+        { status: 404 }
+      );
+    }
+
+    const user = users[0];
+    connection.release();
+
+    return NextResponse.json({
+      user: {
+        id: user.id_user,
+        nim: user.nim,
+        username: user.username,
+        role: user.role
+      }
+    });
+  } catch (error) {
+    if (connection) {
+      connection.release();
+    }
+
+    console.error('Auth check error:', error);
+    return NextResponse.json(
+      { error: 'Unauthorized' },
+      { status: 401 }
+    );
+  }
+} 

app/api/auth/login/route.ts

@@ -0,0 +1,174 @@
+import { NextResponse } from 'next/server';
+import pool from '@/lib/db';
+import bcrypt from 'bcryptjs';
+import { SignJWT } from 'jose';
+import { RowDataPacket } from 'mysql2';
+
+interface User extends RowDataPacket {
+  id_user: number;
+  nim: string;
+  username: string;
+  password: string;
+  role: string;
+}
+
+export async function POST(request: Request) {
+  let connection;
+  try {
+    console.log('Login request received');
+    
+    // Test database connection first
+    try {
+      connection = await pool.getConnection();
+      console.log('Database connection successful');
+    } catch (dbError) {
+      console.error('Database connection error:', dbError);
+      return NextResponse.json(
+        { error: 'Tidak dapat terhubung ke database' },
+        { status: 500 }
+      );
+    }
+
+    const body = await request.json();
+    console.log('Request body:', body);
+    
+    const { nim, password } = body;
+    console.log('Extracted credentials:', { nim, password: '***' });
+
+    // Validate input
+    if (!nim || !password) {
+      console.log('Missing credentials:', { nim: !!nim, password: !!password });
+      return NextResponse.json(
+        { error: 'NIM dan password harus diisi' },
+        { status: 400 }
+      );
+    }
+
+    // Get user by NIM
+    console.log('Querying user with NIM:', nim);
+    let users: User[];
+    try {
+      const [rows] = await connection.execute<User[]>(
+        'SELECT * FROM user WHERE nim = ?',
+        [nim]
+      );
+      users = rows;
+      console.log('Query result:', users.length > 0 ? 'User found' : 'User not found');
+    } catch (queryError) {
+      console.error('Database query error:', queryError);
+      return NextResponse.json(
+        { error: 'Terjadi kesalahan saat memeriksa data pengguna' },
+        { status: 500 }
+      );
+    }
+
+    if (users.length === 0) {
+      console.log('No user found with NIM:', nim);
+      connection.release();
+      return NextResponse.json(
+        { error: 'NIM atau password salah' },
+        { status: 401 }
+      );
+    }
+
+    const user = users[0];
+    console.log('User found:', { 
+      id: user.id_user, 
+      nim: user.nim, 
+      username: user.username, 
+      role: user.role 
+    });
+
+    // Verify password
+    console.log('Verifying password...');
+    let isPasswordValid;
+    try {
+      isPasswordValid = await bcrypt.compare(password, user.password);
+      console.log('Password verification result:', isPasswordValid ? 'Valid' : 'Invalid');
+    } catch (bcryptError) {
+      console.error('Password verification error:', bcryptError);
+      return NextResponse.json(
+        { error: 'Terjadi kesalahan saat memverifikasi password' },
+        { status: 500 }
+      );
+    }
+
+    if (!isPasswordValid) {
+      console.log('Invalid password for user:', nim);
+      connection.release();
+      return NextResponse.json(
+        { error: 'NIM atau password salah' },
+        { status: 401 }
+      );
+    }
+
+    // Create JWT token
+    console.log('Creating JWT token...');
+    let token;
+    try {
+      token = await new SignJWT({
+        id: user.id_user,
+        nim: user.nim,
+        role: user.role
+      })
+        .setProtectedHeader({ alg: 'HS256' })
+        .setExpirationTime('24h')
+        .sign(new TextEncoder().encode(process.env.JWT_SECRET || 'your-secret-key'));
+      console.log('JWT token created');
+    } catch (jwtError) {
+      console.error('JWT creation error:', jwtError);
+      return NextResponse.json(
+        { error: 'Terjadi kesalahan saat membuat token' },
+        { status: 500 }
+      );
+    }
+
+    // Set cookie
+    console.log('Setting response...');
+    const response = NextResponse.json({
+      user: {
+        id: user.id_user,
+        nim: user.nim,
+        username: user.username,
+        role: user.role
+      }
+    });
+
+    response.cookies.set('token', token, {
+      httpOnly: true,
+      secure: false,
+      sameSite: 'lax',
+      maxAge: 60 * 60 * 24 // 24 hours
+    });
+    console.log('Cookie set');
+
+    connection.release();
+    console.log('Login process completed successfully');
+    return response;
+  } catch (error) {
+    if (connection) {
+      connection.release();
+    }
+    
+    console.error('Login error details:', error);
+    if (error instanceof Error) {
+      console.error('Error message:', error.message);
+      console.error('Error stack:', error.stack);
+    }
+    return NextResponse.json(
+      { error: 'Terjadi kesalahan saat login' },
+      { status: 500 }
+    );
+  }
+}
+
+// Handle OPTIONS request for CORS
+export async function OPTIONS() {
+  return NextResponse.json({}, {
+    headers: {
+      'Access-Control-Allow-Origin': '*',
+      'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
+      'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+    }
+  });
+} 

app/api/auth/logout/route.ts

@@ -0,0 +1,28 @@
+import { NextResponse } from 'next/server';
+import { cookies } from 'next/headers';
+
+export async function POST() {
+  try {
+    const response = NextResponse.json(
+      { message: 'Logout berhasil' },
+      { status: 200 }
+    );
+
+    // Clear the token cookie with additional security options
+    response.cookies.set('token', '', {
+      expires: new Date(0),
+      path: '/',
+      httpOnly: true,
+      secure: false,
+      sameSite: 'lax'
+    });
+
+    return response;
+  } catch (error) {
+    console.error('Logout error:', error);
+    return NextResponse.json(
+      { error: 'Terjadi kesalahan saat logout' },
+      { status: 500 }
+    );
+  }
+}

app/api/auth/register/route.ts

@@ -0,0 +1,83 @@
+import { NextResponse } from 'next/server';
+import pool from '@/lib/db';
+import bcrypt from 'bcryptjs';
+
+export async function POST(request: Request) {
+  let connection;
+  try {
+    const { username, nim, password } = await request.json();
+
+    // Validate input
+    if (!username || !nim || !password) {
+      return NextResponse.json(
+        { error: 'Semua field harus diisi' },
+        { status: 400 }
+      );
+    }
+
+    // Validate NIM format (11 characters)
+    if (nim.length !== 11) {
+      return NextResponse.json(
+        { error: 'NIM harus 11 karakter' },
+        { status: 400 }
+      );
+    }
+
+    // Get connection from pool
+    connection = await pool.getConnection();
+
+    // Check if NIM exists in mahasiswa table
+    const [mahasiswa]: any = await connection.execute(
+      'SELECT * FROM mahasiswa WHERE nim = ?',
+      [nim]
+    );
+
+    if (mahasiswa.length === 0) {
+      connection.release();
+      return NextResponse.json(
+        { error: 'NIM tidak terdaftar sebagai mahasiswa' },
+        { status: 400 }
+      );
+    }
+
+    // Check if NIM already exists in user table
+    const [existingUsers]: any = await connection.execute(
+      'SELECT * FROM user WHERE nim = ?',
+      [nim]
+    );
+
+    if (existingUsers.length > 0) {
+      connection.release();
+      return NextResponse.json(
+        { error: 'NIM sudah terdaftar sebagai pengguna' },
+        { status: 400 }
+      );
+    }
+
+    // Hash password
+    const hashedPassword = await bcrypt.hash(password, 10);
+
+    // Insert new user
+    await connection.execute(
+      'INSERT INTO user (nim, username, password, role, created_at, updated_at) VALUES (?, ?, ?, ?, NOW(), NOW())',
+      [nim, username, hashedPassword, 'mahasiswa']
+    );
+
+    connection.release();
+
+    return NextResponse.json(
+      { message: 'Registrasi berhasil' },
+      { status: 201 }
+    );
+  } catch (error) {
+    if (connection) {
+      connection.release();
+    }
+    
+    console.error('Registration error:', error);
+    return NextResponse.json(
+      { error: 'Terjadi kesalahan saat registrasi' },
+      { status: 500 }
+    );
+  }
+}