fix: update response /auth/sign-in

masb0ymas · masb0ymas · commit d493b8236917 · 2025-04-03T19:52:27.000+07:00
diff --git a/src/app/handler/auth.ts b/src/app/handler/auth.ts
@@ -46,7 +46,16 @@ route.post(
       data,
       message: 'Login successfully',
     })
-    res.status(200).json(httpResponse)
+
+    res
+      .status(200)
+      .cookie('token', data.access_token, {
+        maxAge: Number(data.expires_in) * 1000,
+        httpOnly: true,
+        path: '/v1',
+        secure: process.env.NODE_ENV === 'production',
+      })
+      .json(httpResponse)
   })
 )
 
diff --git a/src/app/handler/session.ts b/src/app/handler/session.ts
@@ -1,7 +1,9 @@
 import express, { Request, Response } from 'express'
 import { asyncHandler } from '~/lib/async-handler'
+import { ConstRole } from '~/lib/constant/seed/role'
 import HttpResponse from '~/lib/http/response'
 import authorization from '../middleware/authorization'
+import { permissionAccess } from '../middleware/with-permission'
 import SessionService from '../service/session'
 
 const route = express.Router()
@@ -10,6 +12,7 @@ const service = new SessionService()
 route.get(
   '/',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { page, pageSize, filtered, sorted } = req.getQuery()
     const records = await service.find({ page, pageSize, filtered, sorted })
@@ -21,6 +24,7 @@ route.get(
 route.get(
   '/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     const record = await service.findById(id)
@@ -32,6 +36,7 @@ route.get(
 route.post(
   '/',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const values = req.getBody()
     const record = await service.create(values)
@@ -43,6 +48,7 @@ route.post(
 route.put(
   '/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     const values = req.getBody()
@@ -55,6 +61,7 @@ route.put(
 route.put(
   '/restore/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     await service.restore(id)
@@ -66,6 +73,7 @@ route.put(
 route.delete(
   '/soft-delete/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     await service.softDelete(id)
@@ -77,6 +85,7 @@ route.delete(
 route.delete(
   '/force-delete/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     await service.forceDelete(id)
diff --git a/src/app/handler/user.ts b/src/app/handler/user.ts
@@ -1,7 +1,9 @@
 import express, { Request, Response } from 'express'
 import { asyncHandler } from '~/lib/async-handler'
+import { ConstRole } from '~/lib/constant/seed/role'
 import HttpResponse from '~/lib/http/response'
 import authorization from '../middleware/authorization'
+import { permissionAccess } from '../middleware/with-permission'
 import UserService from '../service/user'
 
 const route = express.Router()
@@ -10,6 +12,7 @@ const service = new UserService()
 route.get(
   '/',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { page, pageSize, filtered, sorted } = req.getQuery()
     const records = await service.findWithRelations({ page, pageSize, filtered, sorted })
@@ -21,6 +24,7 @@ route.get(
 route.get(
   '/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     const record = await service.findByIdWithRelation(id)
@@ -32,6 +36,7 @@ route.get(
 route.post(
   '/',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const values = req.getBody()
     const record = await service.create(values)
@@ -43,6 +48,7 @@ route.post(
 route.put(
   '/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     const values = req.getBody()
@@ -55,6 +61,7 @@ route.put(
 route.put(
   '/restore/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     await service.restore(id)
@@ -66,6 +73,7 @@ route.put(
 route.delete(
   '/soft-delete/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     await service.softDelete(id)
@@ -77,6 +85,7 @@ route.delete(
 route.delete(
   '/force-delete/:id',
   authorization(),
+  permissionAccess(ConstRole.ROLE_ADMIN),
   asyncHandler(async (req: Request, res: Response) => {
     const { id } = req.getParams()
     await service.forceDelete(id)
diff --git a/src/app/service/auth.ts b/src/app/service/auth.ts
@@ -12,6 +12,7 @@ import { Session } from '../database/entity/session'
 import { User } from '../database/entity/user'
 import { LoginSchema, loginSchema, UserLoginState, userSchema } from '../database/schema/user'
 import SessionService from './session'
+import { fromUnixTime } from 'date-fns'
 
 type VerifySessionParams = {
   user_id: string
@@ -108,7 +109,8 @@ export default class AuthService {
         email: getUser.email,
         uid: getUser.id,
         access_token: token,
-        expires_at: expiresIn,
+        expires_at: new Date(Date.now() + expiresIn * 1000),
+        expires_in: expiresIn,
         is_admin,
       }
     })
