# Auth Login Implementation (Real API)

Dokumen ini untuk membuat login FE benar-benar memakai backend API (`pure API`), termasuk akun awal:

- username: `desak`
- password: `password`
- role: `superadmin`

## Status Saat Ini

Endpoint auth masih belum diimplementasi.

- `POST /api/v1/auth/login` -> `501 not implemented`
- `POST /api/v1/auth/refresh` -> `501 not implemented`
- `POST /api/v1/auth/logout` -> `501 not implemented`
- `GET /api/v1/auth/me` -> `501 not implemented`

Lokasi file handler saat ini:

- `internal/modules/auth/handler.go`

## File BE yang Harus Dibuat/Diupdate

1. `internal/modules/auth/handler.go`
   - Implement login, refresh, logout, me.
2. `internal/modules/auth/service.go` (baru)
   - Logic autentikasi + generate JWT/refresh token.
3. `internal/modules/auth/repository.go` (baru)
   - Query user by username/id.
4. `internal/modules/auth/types.go` (baru)
   - Request/response struct.
5. `internal/server/http.go`
   - Group route `/auth/me` sebaiknya pakai middleware auth.
6. `internal/middleware/auth.go` (baru)
   - Validasi bearer token JWT.

Opsional jika ingin sqlc:

7. `sql/queries/auth.sql` (baru)
8. Regenerate sqlc code.

## Kontrak API yang Harus Match FE

FE saat ini memanggil:

- `POST /api/v1/auth/login` dengan payload:

```json
{
  "username": "desak",
  "password": "password"
}
```

Response minimum yang diharapkan FE:

```json
{
  "access_token": "jwt_access_token",
  "refresh_token": "jwt_refresh_token",
  "expires_in": 1800,
  "user": {
    "id": 1,
    "name": "Desak",
    "username": "desak",
    "role": "superadmin"
  }
}
```

## Seed User Superadmin `desak`

Jalankan SQL berikut di PostgreSQL (`bazzar_db`) agar user login tersedia.

```sql
CREATE EXTENSION IF NOT EXISTS pgcrypto;

INSERT INTO bazzar_pos.users (name, username, password_hash, role_id, is_active)
SELECT
  'Desak',
  'desak',
  crypt('password', gen_salt('bf')),
  r.id,
  TRUE
FROM bazzar_pos.roles r
WHERE r.code = 'superadmin'
ON CONFLICT (username) DO UPDATE SET
  name = EXCLUDED.name,
  password_hash = EXCLUDED.password_hash,
  role_id = EXCLUDED.role_id,
  is_active = TRUE;
```

Catatan:

- Password harus diverifikasi via `bcrypt.CompareHashAndPassword` di Go.
- Jangan pakai plaintext password di tabel.

## Checklist Testing

1. Login:
   - `POST /api/v1/auth/login` -> `200`
2. Ambil profile:
   - `GET /api/v1/auth/me` pakai `Authorization: Bearer <access_token>` -> `200`
3. Logout:
   - `POST /api/v1/auth/logout` -> token refresh invalid.
4. FE:
   - Login di `bazzar.softcomp.io` berhasil masuk ke dashboard.
   - Tombol logout kembali ke halaman login.

## Catatan Integrasi FE

FE sudah ready untuk pure API:

- `src/api/modules/auth.js`
- `src/stores/auth.js`
- `src/router/index.js` (route guard login/logout)

Jadi blocker saat ini ada di implementasi auth BE.