feat: add auth guard on obat and tindakan dokter, fix response on get all users and add auth guard on get all users

2025-10-27 14:29:44 +07:00 · 2025-10-27 14:29:44 +07:00 · d4fb9df013
commit d4fb9df013
parent d73a44cceb
15 changed files with 69 additions and 14 deletions
--- a/backend/api/src/modules/auth/auth.controller.ts
+++ b/backend/api/src/modules/auth/auth.controller.ts
@ -9,9 +9,9 @@ import {
 import { CreateUserDto, CreateUserDtoResponse } from './dto/create-user.dto';
 import { AuthDto, AuthDtoResponse, UserRole } from './dto/auth.dto';
 import { AuthService } from './auth.service';
-import { AuthGuard } from './auth.guard';
-import { RolesGuard } from './roles.guard';
-import { Roles } from './roles.decorator';
+import { AuthGuard } from './guard/auth.guard';
+import { RolesGuard } from './guard/roles.guard';
+import { Roles } from './decorator/roles.decorator';

@Controller('/auth')
 export class AuthController {
--- a/backend/api/src/modules/auth/auth.module.ts
+++ b/backend/api/src/modules/auth/auth.module.ts
@ -11,6 +11,7 @@ import { JwtModule } from '@nestjs/jwt';
    PrismaModule,
    ConfigModule,
    JwtModule.registerAsync({
+      global: true,
      imports: [ConfigModule],
      inject: [ConfigService],
      useFactory: (configService: ConfigService) => ({
--- a/backend/api/src/modules/auth/decorator/roles.decorator.ts
+++ b/backend/api/src/modules/auth/decorator/roles.decorator.ts
@ -1,5 +1,5 @@
 import { SetMetadata } from '@nestjs/common';
-import { UserRole } from './dto/auth.dto';
+import { UserRole } from '../dto/auth.dto';

 export const ROLES_KEY = 'roles';

--- a/backend/api/src/modules/auth/guard/auth.guard.spec.ts
+++ b/backend/api/src/modules/auth/guard/auth.guard.spec.ts
--- a/backend/api/src/modules/auth/guard/auth.guard.ts
+++ b/backend/api/src/modules/auth/guard/auth.guard.ts
--- a/backend/api/src/modules/auth/guard/roles.guard.spec.ts
+++ b/backend/api/src/modules/auth/guard/roles.guard.spec.ts
--- a/backend/api/src/modules/auth/guard/roles.guard.ts
+++ b/backend/api/src/modules/auth/guard/roles.guard.ts
@ -5,8 +5,8 @@ import {
  ForbiddenException,
 } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
-import { ROLES_KEY } from './roles.decorator';
-import { UserRole } from './dto/auth.dto';
+import { ROLES_KEY } from '../decorator/roles.decorator';
+import { UserRole } from '../dto/auth.dto';

@Injectable()
 export class RolesGuard implements CanActivate {
--- a/backend/api/src/modules/obat/obat.controller.ts
+++ b/backend/api/src/modules/obat/obat.controller.ts
@ -1,11 +1,13 @@
-import { Controller, Get, Query } from '@nestjs/common';
+import { Controller, Get, Query, UseGuards } from '@nestjs/common';
 import { ObatService } from './obat.service';
+import { AuthGuard } from '../auth/guard/auth.guard';

@Controller('obat')
 export class ObatController {
  constructor(private readonly obatService: ObatService) {}

  @Get('/')
+  @UseGuards(AuthGuard)
  async getAllObat(
    @Query('take') take: number,
    @Query('skip') skip: number,
--- a/backend/api/src/modules/rekammedis/rekammedis.controller.ts
+++ b/backend/api/src/modules/rekammedis/rekammedis.controller.ts
@ -10,7 +10,7 @@ import {
 } from '@nestjs/common';
 import { RekammedisService } from './rekammedis.service';
 import { CreateRekamMedisDto } from './dto/create-rekammedis.dto';
-import { AuthGuard } from '../auth/auth.guard';
+import { AuthGuard } from '../auth/guard/auth.guard';

@Controller('/rekammedis')
 export class RekamMedisController {
@ -40,6 +40,7 @@ export class RekamMedisController {

  @Post('/')
  @Header('Content-Type', 'application/json')
+  @UseGuards(AuthGuard)
  async createRekamMedis(@Body() dto: CreateRekamMedisDto) {
    return this.rekammedisService.createRekamMedis(dto);
  }
--- a/backend/api/src/modules/rekammedis/rekammedis.module.ts
+++ b/backend/api/src/modules/rekammedis/rekammedis.module.ts
@ -5,7 +5,7 @@ import { PrismaModule } from '../prisma/prisma.module';
 import { JwtModule } from '@nestjs/jwt';

@Module({
-  imports: [PrismaModule, JwtModule],
+  imports: [PrismaModule],
  controllers: [RekamMedisController],
  providers: [RekammedisService],
 })
--- a/backend/api/src/modules/tindakandokter/tindakandokter.controller.ts
+++ b/backend/api/src/modules/tindakandokter/tindakandokter.controller.ts
@ -5,14 +5,17 @@ import {
  HttpCode,
  Param,
  Query,
+  UseGuards,
 } from '@nestjs/common';
 import { TindakanDokterService } from './tindakandokter.service';
+import { AuthGuard } from '../auth/guard/auth.guard';

@Controller('/tindakan')
 export class TindakanDokterController {
  constructor(private tindakanDokterService: TindakanDokterService) {}

  @Get('/')
+  @UseGuards(AuthGuard)
  async getAllTindakanDokter(
    @Query('take') take: number,
    @Query('tindakan') tindakan: string,
--- a/backend/api/src/modules/tindakandokter/tindakandokter.module.ts
+++ b/backend/api/src/modules/tindakandokter/tindakandokter.module.ts
@ -2,6 +2,7 @@ import { Module } from '@nestjs/common';
 import { TindakanDokterController } from './tindakandokter.controller';
 import { TindakanDokterService } from './tindakandokter.service';
 import { PrismaModule } from '../prisma/prisma.module';
+import { JwtModule } from '@nestjs/jwt';

@Module({
  imports: [PrismaModule],
--- a/backend/api/src/modules/user/dto/query-users.dto.ts
+++ b/backend/api/src/modules/user/dto/query-users.dto.ts
@ -0,0 +1,31 @@
+import { UserRole } from '@api/modules/auth/dto/auth.dto';
+import { Expose, Transform } from 'class-transformer';
+import { IsEnum, IsOptional } from 'class-validator';
+
+export class QueryUsersDto {
+  search?: string;
+}
+
+export class QueryUsersResponseDto {
+  @Expose()
+  //   @Transform(({ value }) => (value ? parseInt(value) : null))
+  id: bigint;
+
+  @Expose()
+  name: string;
+
+  @Expose()
+  username: string;
+
+  @Expose()
+  @IsEnum(UserRole, { message: 'role must be a valid UserRole' })
+  role: UserRole;
+
+  @Expose()
+  @IsOptional()
+  created_at?: Date;
+
+  @Expose()
+  @IsOptional()
+  updated_at?: Date;
+}
--- a/backend/api/src/modules/user/user.controller.ts
+++ b/backend/api/src/modules/user/user.controller.ts
@ -10,11 +10,17 @@ import {
  Query,
  Req,
  Res,
+  UseGuards,
  UseInterceptors,
 } from '@nestjs/common';
 import type { Request, Response } from 'express';
 import { UserService } from './user.service';
 import { users } from '@dist/generated/prisma';
+import { AuthGuard } from '../auth/guard/auth.guard';
+import { RolesGuard } from '../auth/guard/roles.guard';
+import { Roles } from '../auth/decorator/roles.decorator';
+import { UserRole } from '../auth/dto/auth.dto';
+import { QueryUsersResponseDto } from './dto/query-users.dto';

@Controller('/users')
@UseInterceptors(ClassSerializerInterceptor)
@ -28,8 +34,10 @@ export class UserController {

  @Get('/')
  @Header('Content-Type', 'application/json')
+  @UseGuards(AuthGuard, RolesGuard)
+  @Roles(UserRole.Admin)
  @HttpCode(200)
-  getAllUsers(): Promise<users[]> {
+  getAllUsers(): Promise<QueryUsersResponseDto[]> {
    return this.userService.getAllUsers();
  }

--- a/backend/api/src/modules/user/user.service.ts
+++ b/backend/api/src/modules/user/user.service.ts
@ -1,12 +1,20 @@
 import { Injectable } from '@nestjs/common';
 import { PrismaService } from '../prisma/prisma.service';
-import { users } from '@dist/generated/prisma';
+import { QueryUsersResponseDto } from './dto/query-users.dto';
+import { UserRole } from '../auth/dto/auth.dto';

@Injectable()
 export class UserService {
  constructor(private prisma: PrismaService) {}
-
-  async getAllUsers(): Promise<users[]> {
-    return this.prisma.users.findMany();
+  async getAllUsers(): Promise<QueryUsersResponseDto[]> {
+    const users = await this.prisma.users.findMany();
+    return users.map((user) => ({
+      id: user.id,
+      name: user.nama_lengkap,
+      username: user.username,
+      role: user.role as UserRole,
+      created_at: user.created_at || undefined,
+      updated_at: user.updated_at || undefined,
+    }));
  }
 }