# SETTINGS_GENERAL_USER_DEVICE_POLICY_REQUIRED

## Context

FE menambahkan halaman **Setting > General** dengan fitur:

1. Edit identitas struk (nama toko + no telepon).
2. User management (tambah/hapus user).
3. Data cleanup (hapus transaksi/report/semua data).
4. Single-device login policy (1 user hanya 1 sesi aktif lintas device).

Agar fitur benar-benar real (bukan local-only), endpoint BE berikut perlu disediakan.

## Required Endpoints

## 1) General settings

- `GET /api/v1/settings/general`
- `PUT /api/v1/settings/general`

### Required payload keys

```json
{
  "store_name": "POS Bazzar",
  "store_phone": "0812xxxx",
  "single_device_session": true
}
```

## 2) User management

- `GET /api/v1/settings/users`
- `POST /api/v1/settings/users`
- `DELETE /api/v1/settings/users/:id`

### Create user request

```json
{
  "name": "Desak",
  "username": "desak",
  "password": "secret123",
  "role": "cashier"
}
```

## 3) Data cleanup

- `POST /api/v1/settings/data/purge`

### Request

```json
{
  "scope": "transactions"
}
```

`scope` allowed:
- `transactions`
- `reports`
- `all`

## 4) Single-device session enforcement (critical)

Saat user login di device B, sesi user yang sama di device A harus invalid otomatis.

### Required behavior

1. Simpan `session_id` aktif per user di BE.
2. Saat login baru, revoke session lama user tsb.
3. Token lama harus ditolak middleware auth (401 Unauthorized).
4. (Recommended) endpoint logout-all-user-session:
   - `POST /api/v1/settings/session-policy/force-logout`

## Security / Audit Notes

- Semua endpoint settings harus role-protected (admin/superadmin).
- Endpoint purge wajib audit log (`who`, `when`, `scope`).
- Endpoint purge `all` sebaiknya butuh konfirmasi tambahan (mis. password admin / OTP / second confirm flag).

## 401/403 Fix Checklist (Current Issue)

Jika FE menerima `401 Unauthorized` atau `403 Forbidden` di endpoint settings:

1. Pastikan token dari login berlaku untuk guard yang sama dengan endpoint settings.
2. Pastikan middleware role mengizinkan `admin/superadmin`.
3. Pastikan response auth gagal konsisten (jangan 500).
4. Pastikan CORS/CSRF tidak memblokir request bearer token.
5. Validasi route prefix benar (`/api/v1/settings/...`) dan tidak tertabrak route frontend `/settings`.

### Expected status

- User `admin/superadmin` + token valid: **200**
- User non-privileged: **403**
- Token invalid/expired: **401**

## Acceptance Criteria

1. Perubahan nama toko/no telp langsung dipakai pada struk print.
2. Tambah/hapus user berjalan dari FE tanpa fallback lokal.
3. Purge data benar-benar membersihkan data sesuai scope di DB.
4. User yang login dari device kedua otomatis kick dari device pertama (single active session).