hospital-log/backend/api/src/modules/auth/auth.controller.ts

import {
  Body,
  Controller,
  Header,
  HttpCode,
  Post,
  Res,
  UseGuards,
} from '@nestjs/common';
import type { Response } from 'express';
import { CreateUserDto, CreateUserDtoResponse } from './dto/create-user.dto';
import { AuthDto, UserRole } from './dto/auth.dto';
import { AuthService } from './auth.service';
import { AuthGuard } from './guard/auth.guard';
import { RolesGuard } from './guard/roles.guard';
import { Roles } from './decorator/roles.decorator';
import { ConfigService } from '@nestjs/config';

@Controller('/auth')
export class AuthController {
  constructor(
    private authService: AuthService,
    private configService: ConfigService,
  ) {}

  @Post('/register')
  @HttpCode(201)
  @UseGuards(AuthGuard, RolesGuard)
  @Roles(UserRole.Admin)
  registerUser(@Body() data: CreateUserDto): Promise<CreateUserDtoResponse> {
    return this.authService.registerUser(data);
  }

  @Post('login')
  async login(
    @Body() loginDto: AuthDto,
    @Res({ passthrough: true }) res: Response,
  ) {
    const { accessToken, csrfToken, user } = await this.authService.signIn(
      loginDto.username,
      loginDto.password,
    );

    res.cookie('access_token', accessToken, {
      httpOnly: true,
      secure: this.configService.get<string>('NODE_ENV') !== 'development',
      sameSite: 'strict',
      maxAge: parseInt(
        this.configService.get<string>('COOKIE_MAX_AGE') || '7200000',
        10,
      ),
    });

    return { user, csrfToken };
  }

  @Post('logout')
  @HttpCode(200)
  logout(@Res({ passthrough: true }) res: Response) {
    res.clearCookie('access_token', {
      httpOnly: true,
      secure: this.configService.get<string>('NODE_ENV') !== 'development',
      sameSite: 'strict',
    });

    return { message: 'Logout berhasil' };
  }
}
feat: Authentication, Register users, Create Rekammedis + logs, Get All Users, Obat, Tindakan, Rekam Medis 2025-10-27 06:41:51 +00:00			`import {`
			`Body,`
			`Controller,`
			`Header,`
			`HttpCode,`
			`Post,`
feat: change jwt from response into httpOnly cookies to prevent xss attack, add csrf token to prevent csrf attack, login view and functionality to route, add 404 page functionality 2025-10-28 07:41:24 +00:00			`Res,`
feat: Authentication, Register users, Create Rekammedis + logs, Get All Users, Obat, Tindakan, Rekam Medis 2025-10-27 06:41:51 +00:00			`UseGuards,`
			`} from '@nestjs/common';`
feat: change jwt from response into httpOnly cookies to prevent xss attack, add csrf token to prevent csrf attack, login view and functionality to route, add 404 page functionality 2025-10-28 07:41:24 +00:00			`import type { Response } from 'express';`
feat: Authentication, Register users, Create Rekammedis + logs, Get All Users, Obat, Tindakan, Rekam Medis 2025-10-27 06:41:51 +00:00			`import { CreateUserDto, CreateUserDtoResponse } from './dto/create-user.dto';`
test: add unit test for auth modules. feat: add logout endpoint. fix: change auth register logic, add env variable to easily change token expire, fix bug for empty array and header csrf doesn't authenticate 2025-12-02 06:19:03 +00:00			`import { AuthDto, UserRole } from './dto/auth.dto';`
feat: Authentication, Register users, Create Rekammedis + logs, Get All Users, Obat, Tindakan, Rekam Medis 2025-10-27 06:41:51 +00:00			`import { AuthService } from './auth.service';`
feat: add auth guard on obat and tindakan dokter, fix response on get all users and add auth guard on get all users 2025-10-27 07:29:44 +00:00			`import { AuthGuard } from './guard/auth.guard';`
			`import { RolesGuard } from './guard/roles.guard';`
			`import { Roles } from './decorator/roles.decorator';`
feat: change jwt from response into httpOnly cookies to prevent xss attack, add csrf token to prevent csrf attack, login view and functionality to route, add 404 page functionality 2025-10-28 07:41:24 +00:00			`import { ConfigService } from '@nestjs/config';`
feat: Authentication, Register users, Create Rekammedis + logs, Get All Users, Obat, Tindakan, Rekam Medis 2025-10-27 06:41:51 +00:00
			`@Controller('/auth')`
			`export class AuthController {`
feat: change jwt from response into httpOnly cookies to prevent xss attack, add csrf token to prevent csrf attack, login view and functionality to route, add 404 page functionality 2025-10-28 07:41:24 +00:00			`constructor(`
			`private authService: AuthService,`
			`private configService: ConfigService,`
			`) {}`
feat: Authentication, Register users, Create Rekammedis + logs, Get All Users, Obat, Tindakan, Rekam Medis 2025-10-27 06:41:51 +00:00
			`@Post('/register')`
			`@HttpCode(201)`
			`@UseGuards(AuthGuard, RolesGuard)`
			`@Roles(UserRole.Admin)`
			`registerUser(@Body() data: CreateUserDto): Promise<CreateUserDtoResponse> {`
			`return this.authService.registerUser(data);`
			`}`

feat: change jwt from response into httpOnly cookies to prevent xss attack, add csrf token to prevent csrf attack, login view and functionality to route, add 404 page functionality 2025-10-28 07:41:24 +00:00			`@Post('login')`
			`async login(`
			`@Body() loginDto: AuthDto,`
			`@Res({ passthrough: true }) res: Response,`
			`) {`
			`const { accessToken, csrfToken, user } = await this.authService.signIn(`
			`loginDto.username,`
			`loginDto.password,`
			`);`

			`res.cookie('access_token', accessToken, {`
			`httpOnly: true,`
			`secure: this.configService.get<string>('NODE_ENV') !== 'development',`
			`sameSite: 'strict',`
test: add unit test for auth modules. feat: add logout endpoint. fix: change auth register logic, add env variable to easily change token expire, fix bug for empty array and header csrf doesn't authenticate 2025-12-02 06:19:03 +00:00			`maxAge: parseInt(`
			`this.configService.get<string>('COOKIE_MAX_AGE') \|\| '7200000',`
			`10,`
			`),`
feat: change jwt from response into httpOnly cookies to prevent xss attack, add csrf token to prevent csrf attack, login view and functionality to route, add 404 page functionality 2025-10-28 07:41:24 +00:00			`});`

			`return { user, csrfToken };`
feat: Authentication, Register users, Create Rekammedis + logs, Get All Users, Obat, Tindakan, Rekam Medis 2025-10-27 06:41:51 +00:00			`}`
test: add unit test for auth modules. feat: add logout endpoint. fix: change auth register logic, add env variable to easily change token expire, fix bug for empty array and header csrf doesn't authenticate 2025-12-02 06:19:03 +00:00
			`@Post('logout')`
			`@HttpCode(200)`
			`logout(@Res({ passthrough: true }) res: Response) {`
			`res.clearCookie('access_token', {`
			`httpOnly: true,`
			`secure: this.configService.get<string>('NODE_ENV') !== 'development',`
			`sameSite: 'strict',`
			`});`

			`return { message: 'Logout berhasil' };`
			`}`
feat: Authentication, Register users, Create Rekammedis + logs, Get All Users, Obat, Tindakan, Rekam Medis 2025-10-27 06:41:51 +00:00			`}`