commit

.env

@@ -3,8 +3,8 @@ P3UQ5=1d66650cb3bbe70d1426db09bdad22a326a1e3202598d9c92a7d43432b60a2b1cd835b13bd
 SRU51=3d3eb3d842f4e595048f1806ca815f8092e29fb6b98a30dff0b8241ad0e6c273
 
 MYDSY=4fcc351bc989e21e3dabceaf98d5f3be565d2ca5609cb9e84bcc5a0f1eaa095e160d83a5f6951601dca173fe369175d8db34f85442fc565201837382c413cefe6d343e513e34f18da935bbd583e8c797ad19ac015564dcc3df827b472842b8307894486960960d184e936878610f034f648b944117353ce03c0e0015dc4130907686bba340432236cba7ed0a56ac3a336e312dbdec92e7cb10b3349934beea06
-XNX1Q=77aecfec-10ac-3b4f-ab59-3fbfbeed6324
-TEKQU=5b62f743-eef2-3370-8c66-6951b2e9c2c5
-CBGTB=5j12h43g6hj2367234k57
+XNX1Q=3f551be0c7519b3765a033014ddb9fc041fb2118679b46ca59db24e33c42964d6b4e311108ff1db25580feaf8dd6b63098e58b980a78bd25f3a685370a834653cc2e1c26dd0e504a76fa4490cd054f3c3eefb0b2ccc044abbe3898173de93b5084ffd2f03bcb78d23da04587737bdd0e7e0fcafd04f7784c50e59f4fd013f3f671351be3
+TEKQU=72372a5ec47568b3e9743691dd37a8854840e688bd0b653274e9652913c5021404cb31178efc06b48947d35ef9a58f0b73bd79236b732215d0d7cef7fa5a2d14e12bee126627525080197bd889c8c9f1279a9a99c53d9da2b8d8aadbe435a30180cfc311cc843000d20cd69820476fa0e6dce2057fb32c1d1f1ea301c892ed1f3bfb301b
+CBGTB=d69969375fb168a7d6cc35e27a5cc982896c1c0ab35d875fd54dc13b1226bb4e962994e8af5b02dc8c2d91eab09b26d06c37ff7aca82813883f98a568a733f3587f857d417bbbcbc292e88e2b706c1e79253ba7c4d300b8081c7ae5c1a5087f6f1b06020b79a3e91903bbe8946c5086643b683a287
 
 CXQSB=5c8e9b8cb0a154a9fb1683042e85231b600a18b57288165dea5a426a593ca811d4451a4b4f92714633adb67cd3fa622337208d345c82fdf23fb6673ceede764a237f4d704669533fb95a78df8a06023af172449f28f673a880360d30fd426d3c0a1b49cad1c52890a235

app.js

@@ -3,6 +3,7 @@ const path = require('path')
 const cookieParser = require('cookie-parser')
 const logger = require('morgan')
 const cors = require('cors')
+const csrf = require('tiny-csrf')
 const response = require('./utils/responseHandler')
 const dokumenController = require('./controller/dokumen.controller')
 const app = express()
@@ -13,7 +14,8 @@ app.use(logger('dev'))
 app.use(express.json())
 app.use(cors({ origin: true, credentials: true }))
 app.use(express.urlencoded({ extended: false }))
-app.use(cookieParser())
+app.use(cookieParser(process.env.SRU51))
+app.use(csrf("XwHsY7X1spE#pdhgdGe9G$Cw&mF7n8=$", ['POST'], ['/v1/auth/login']))
 app.use(express.static(path.join(__dirname, 'public')))
 
 app.get('/', (req, res) => {

middleware/verifyTokenAuto.js

@@ -1,4 +1,5 @@
 const response = require('../utils/responseHandler')
+const coba = require('../utils/coba')
 
 module.exports = (req, res, next) => {
   const authHeader = req.headers.authorization
@@ -10,7 +11,7 @@ module.exports = (req, res, next) => {
       message: 'Token tidak ada',
     })
 
-  if (process.env.CBGTB === token) {
+  if (coba.decrypt(process.env.CBGTB) === token) {
     return next()
   }
 

package.json

@@ -23,6 +23,7 @@
     "mongoose": "^6.2.7",
     "morgan": "~1.9.1",
     "multer": "^1.4.4",
+    "tiny-csrf": "^1.1.3",
     "xlsx": "^0.18.5"
   },
   "devDependencies": {

routes/v1/index.js

@@ -8,6 +8,9 @@ router.get('/', (req, res) => {
     version: 1,
   })
 })
+router.get('/csrf',  (req, res) => {
+  return res.json({ token: req.csrfToken() })
+})
 
 router.use('/laporan', auth, roleId([2020, 2021, 2023]), require('./laporan'))
 router.use('/sanksi', auth, require('./sanksi'))

utils/axios.js

@@ -8,7 +8,7 @@ exports.get = async (url) => {
   if (baseUrl.includes('dev')) token = process.env.XNX1Q
   const response = await axios.get(url, {
     headers: {
-      Authorization: `Bearer ${token}`,
+      Authorization: `Bearer ${coba.decrypt(token)}`,
       Accept: 'application/json',
     },
     httpsAgent: new https.Agent({
@@ -24,7 +24,7 @@ exports.post = async (url, data, config) => {
   if (baseUrl.includes('dev')) token = process.env.XNX1Q
   const response = await axios.post(url, data, {
     headers: {
-      Authorization: `Bearer ${token}`,
+      Authorization: `Bearer ${coba.decrypt(token)}`,
       Accept: 'application/json',
       ...config,
     },