From 686b7e0632e7e84d03866f2c603c04e00e198c7d Mon Sep 17 00:00:00 2001
From: Farrel Augusta Dinata <farrel.apeiron@gmail.com>
Date: Sun, 22 Dec 2024 22:04:16 +0700
Subject: [PATCH] add: new route to view generated summary report

---
 app/controllers/AdminJurusanController.php | 17 ++++++-
 app/middlewares/AuthMiddleware.php         | 55 ++++++++++++++++------
 app/repository/ApiRepository.php           | 26 ++++++++++
 app/routes/web.php                         |  7 +++
 4 files changed, 88 insertions(+), 17 deletions(-)
 create mode 100644 app/repository/ApiRepository.php

diff --git a/app/controllers/AdminJurusanController.php b/app/controllers/AdminJurusanController.php
index 0b458eb..9ca8e1d 100644
--- a/app/controllers/AdminJurusanController.php
+++ b/app/controllers/AdminJurusanController.php
@@ -4,7 +4,7 @@
 
 use App\Core\Controller;
 use App\Models\Mahasiswa;
-use App\Repository\{AdminRepository, MahasiswaRepository, StatistikRepository};
+use App\Repository\{AdminRepository, MahasiswaRepository, StatistikRepository, ApiRepository};
 use App\Models\Admin;
 use Dompdf\{Dompdf, Options};
 
@@ -437,8 +437,21 @@ public function viewLaporan(): void
         $this->view("templates/footer");
     }
 
-    public function viewLaporanUmum(): void
+    public function viewLaporanUmum(string $api_key = null): void
     {
+        if ($api_key != null) {
+            $result = ApiRepository::validateApiKey($api_key);
+            if (!$result) {
+                http_response_code(403);
+                $this->view("templates/header", [
+                    'title' => 'Not Authorized!'
+                ]);
+                $this->view("pages/general/not_authorized");
+                $this->view("templates/footer");
+                exit;
+            }
+        }
+
         $d4_ti = StatistikRepository::getTotalPaidOffAndUnpaidStudent("D4 Teknik Informatika");
         $d4_sib = StatistikRepository::getTotalPaidOffAndUnpaidStudent("D4 Sistem Informasi Bisnis");
         $d2_ppls = StatistikRepository::getTotalPaidOffAndUnpaidStudent("D2 Pengembangan Perangkat Lunak Situs");
diff --git a/app/middlewares/AuthMiddleware.php b/app/middlewares/AuthMiddleware.php
index 6298dc1..d1b5488 100644
--- a/app/middlewares/AuthMiddleware.php
+++ b/app/middlewares/AuthMiddleware.php
@@ -3,28 +3,53 @@
 namespace App\Middlewares;
 
 use App\Controllers\AuthController;
+use App\Repository\ApiRepository;
 
 class AuthMiddleware
 {
 
     public static function checkAuth(string $user_role): void
     {
-        if (!isset($_SESSION['user_id'])) {
-            (new AuthController)->sendNotAuthorizedWarning();
-            exit;
-        }
-        
-        if ($user_role == 'any') {
-            if (!in_array($_SESSION['role'], ['mahasiswa', 'Admin Prodi', 'Admin TA', 'Admin Jurusan'])) {
-                (new AuthController)->sendNotAuthorizedWarning();
-                exit;
-            }
-            return;
+        switch ($user_role) {
+            case 'any':
+                if (isset($_SESSION['user_id'])) {
+                    if (!in_array($_SESSION['role'], ['mahasiswa', 'Admin Prodi', 'Admin TA', 'Admin Jurusan'])) {
+                        (new AuthController)->sendNotAuthorizedWarning();
+                        exit;
+                    }
+                } else {
+                    (new AuthController)->sendNotAuthorizedWarning();
+                    exit;
+                }
+                return;
+            case 'admin prodi':
+            case 'admin ta':
+            case 'admin jurusan':
+                if (isset($_SESSION['user_id'])) {
+                    if (strcasecmp($_SESSION['role'], $user_role) != 0) {
+                        (new AuthController)->sendNotAuthorizedWarning();
+                        exit;
+                    }
+                } else {
+                    (new AuthController)->sendNotAuthorizedWarning();
+                    exit;
+                }
+                return;
+            case 'desktop':
+                // $headers = getallheaders();
+                // $api_key = isset($headers['Authorization']) ? trim(str_replace('Bearer ', '', $headers['Authorization'])) : null;
+                // if ($api_key != null) {
+                //     if (!ApiRepository::validateApiKey($api_key)) {
+                //         (new AuthController)->sendNotAuthorizedWarning();
+                //         exit;
+                //     }
+                // } else {
+                //     (new AuthController)->sendNotAuthorizedWarning();
+                //     exit;
+                // }
+                return;
         }
 
-        if (strcasecmp($_SESSION['role'], $user_role) != 0) {
-            (new AuthController)->sendNotAuthorizedWarning();
-            exit;
-        }
+        
     }
 }
diff --git a/app/repository/ApiRepository.php b/app/repository/ApiRepository.php
new file mode 100644
index 0000000..c22e5c6
--- /dev/null
+++ b/app/repository/ApiRepository.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Repository;
+
+use App\Core\Database;
+use App\Helpers\ErrorLog;
+
+class ApiRepository
+{
+    public static function validateApiKey(string $api_key): bool
+    {
+        try {
+            $stmt = Database::getConnection()->prepare(<<<SQL
+                SELECT id, user_id, api_key
+                FROM APP.ApiKeys
+                WHERE api_key = :api_key
+            SQL);
+            $stmt->bindValue(':api_key', $api_key, \PDO::PARAM_STR);
+            $stmt->execute();
+            return ($stmt->fetch() != false) ? true : false;
+        } catch (\PDOException $e) {
+            error_log(ErrorLog::formattedErrorLog($e->getMessage()), 3, LOG_FILE_PATH);
+            throw new \PDOException($e->getMessage());
+        }
+    }
+}
diff --git a/app/routes/web.php b/app/routes/web.php
index 3e165c5..ece37ca 100644
--- a/app/routes/web.php
+++ b/app/routes/web.php
@@ -258,4 +258,11 @@
         'function' => 'checkAuth',
         'args' => 'admin jurusan'
     ]
+]);
+Router::add('GET', '/api/laporan/laporan-umum/([a-zA-Z0-9]+)', AdminJurusanController::class, 'viewLaporanUmum', [
+    [
+        'class' => AuthMiddleware::class,
+        'function' => 'checkAuth',
+        'args' => 'desktop'
+    ]
 ]);
\ No newline at end of file