Fix auth errors, CORS, control center login, and stale session handling

- Mitra auth: parse DioException response for proper error messages (ACCOUNT_NOT_FOUND, ACCOUNT_INACTIVE) instead of generic "OTP invalid" - Backend: add CORS to internal app (port 3001) for control center - Control center: fix login race condition (wait for AuthContext verify before navigating), fix MitraActivityPage fetching paginated data - Stale session goodbye: both apps detect SESSION_NOT_ACTIVE/409 and move to complete state instead of retrying endlessly Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 20:49:57 +08:00
parent 1920507ec5
commit 50d31260dc
10 changed files with 3139 additions and 21 deletions
--- a/backend/src/app.internal.js
+++ b/backend/src/app.internal.js
@@ -1,4 +1,5 @@
 import Fastify from 'fastify'
+import cors from '@fastify/cors'
 import sensible from '@fastify/sensible'
 import { mitraManagementRoutes } from './routes/internal/mitra.routes.js'
 import { ccUserRoutes } from './routes/internal/cc-user.routes.js'
@@ -12,6 +13,7 @@ import { errorHandler } from './plugins/error-handler.js'
 export const buildInternalApp = async () => {
  const app = Fastify({ logger: true })

+  await app.register(cors, { origin: true })
  await app.register(sensible)
  app.setErrorHandler(errorHandler)

--- a/client_app/lib/core/chat/session_closure_notifier.dart
+++ b/client_app/lib/core/chat/session_closure_notifier.dart
@@ -1,3 +1,4 @@
+import 'package:dio/dio.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:riverpod_annotation/riverpod_annotation.dart';
 import '../api/api_client_provider.dart';
@@ -67,6 +68,13 @@ class SessionClosure extends _$SessionClosure {
        'message': message,
      });
      state = const ClosureCompleteData();
+    } on DioException catch (e) {
+      final code = e.response?.data?['error']?['code'];
+      if (code == 'SESSION_NOT_ACTIVE' || e.response?.statusCode == 409) {
+        state = const ClosureCompleteData();
+      } else {
+        state = const ClosureErrorData('Gagal mengirim pesan penutup.');
+      }
    } catch (e) {
      state = const ClosureErrorData('Gagal mengirim pesan penutup.');
    }
--- a/client_app/pubspec.lock
+++ b/client_app/pubspec.lock
@@ -125,10 +125,10 @@ packages:
    dependency: transitive
    description:
      name: characters
-      sha256: faf38497bda5ead2a8c7615f4f7939df04333478bf32e4173fcb06d428b5716b
+      sha256: f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803
      url: "https://pub.dev"
    source: hosted
-    version: "1.4.1"
+    version: "1.4.0"
  checked_yaml:
    dependency: transitive
    description:
@@ -628,18 +628,18 @@ packages:
    dependency: transitive
    description:
      name: matcher
-      sha256: dc0b7dc7651697ea4ff3e69ef44b0407ea32c487a39fff6a4004fa585e901861
+      sha256: dc58c723c3c24bf8d3e2d3ad3f2f9d7bd9cf43ec6feaa64181775e60190153f2
      url: "https://pub.dev"
    source: hosted
-    version: "0.12.19"
+    version: "0.12.17"
  material_color_utilities:
    dependency: transitive
    description:
      name: material_color_utilities
-      sha256: "9c337007e82b1889149c82ed242ed1cb24a66044e30979c44912381e9be4c48b"
+      sha256: f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec
      url: "https://pub.dev"
    source: hosted
-    version: "0.13.0"
+    version: "0.11.1"
  meta:
    dependency: transitive
    description:
@@ -961,10 +961,10 @@ packages:
    dependency: transitive
    description:
      name: test_api
-      sha256: "8161c84903fd860b26bfdefb7963b3f0b68fee7adea0f59ef805ecca346f0c7a"
+      sha256: ab2726c1a94d3176a45960b6234466ec367179b87dd74f1611adb1f3b5fb9d55
      url: "https://pub.dev"
    source: hosted
-    version: "0.7.10"
+    version: "0.7.7"
  timezone:
    dependency: transitive
    description:
--- a/control_center/package-lock.json
+++ b/control_center/package-lock.json
--- a/control_center/src/pages/login/LoginPage.jsx
+++ b/control_center/src/pages/login/LoginPage.jsx
@@ -1,25 +1,27 @@
-import { useState } from 'react'
+import { useState, useEffect } from 'react'
 import { useNavigate } from 'react-router-dom'
 import { useAuth } from '../../core/auth/AuthContext'

 export default function LoginPage() {
-  const { login } = useAuth()
+  const { user, loading: authLoading, login } = useAuth()
  const navigate = useNavigate()
  const [email, setEmail] = useState('')
  const [password, setPassword] = useState('')
  const [error, setError] = useState('')
  const [loading, setLoading] = useState(false)

+  useEffect(() => {
+    if (user) navigate('/', { replace: true })
+  }, [user, navigate])
+
  const handleSubmit = async (e) => {
    e.preventDefault()
    setError('')
    setLoading(true)
    try {
      await login(email, password)
-      navigate('/')
    } catch {
      setError('Email atau password salah.')
-    } finally {
      setLoading(false)
    }
  }
--- a/control_center/src/pages/mitra-activity/MitraActivityPage.jsx
+++ b/control_center/src/pages/mitra-activity/MitraActivityPage.jsx
@@ -23,8 +23,8 @@ const fetchLog = async ({ mitra_id, date_from, date_to, page, limit }) => {
 }

 const fetchMitras = async () => {
-  const res = await apiClient.get('/internal/mitras')
-  return res.data.data
+  const res = await apiClient.get('/internal/mitras?limit=100')
+  return res.data.data.items
 }

 const responseColor = (response) => {
--- a/mitra_app/lib/core/auth/auth_notifier.dart
+++ b/mitra_app/lib/core/auth/auth_notifier.dart
@@ -1,4 +1,5 @@
 import 'dart:async';
+import 'package:dio/dio.dart';
 import 'package:firebase_auth/firebase_auth.dart';
 import 'package:flutter/foundation.dart' show kIsWeb;
 import 'package:riverpod_annotation/riverpod_annotation.dart';
@@ -91,8 +92,10 @@ class MitraAuth extends _$MitraAuth {
        await _auth.signInWithCredential(credential);
      }
      state = AsyncData(await _verifyAndReturn());
-    } catch (e) {
+    } on FirebaseAuthException {
      state = AsyncError('OTP tidak valid. Coba lagi.', StackTrace.current);
+    } catch (e) {
+      state = AsyncError(e.toString().replaceFirst('Exception: ', ''), StackTrace.current);
    }
  }

@@ -105,15 +108,18 @@ class MitraAuth extends _$MitraAuth {
    try {
      final response = await _apiClient.post('/api/mitra/auth/verify');
      return MitraAuthAuthenticatedData(response['data'] as Map<String, dynamic>);
-    } on Exception catch (e) {
+    } on DioException catch (e) {
      await _auth.signOut();
-      final msg = e.toString();
-      if (msg.contains('ACCOUNT_NOT_FOUND')) {
+      final code = e.response?.data?['error']?['code'] as String?;
+      if (code == 'ACCOUNT_NOT_FOUND' || e.response?.statusCode == 404) {
        throw Exception('Akun tidak ditemukan. Hubungi administrator.');
-      } else if (msg.contains('ACCOUNT_INACTIVE')) {
+      } else if (code == 'ACCOUNT_INACTIVE' || e.response?.statusCode == 403) {
        throw Exception('Akun tidak aktif. Hubungi administrator.');
      }
      throw Exception('Gagal masuk. Coba lagi.');
+    } on Exception {
+      await _auth.signOut();
+      throw Exception('Gagal masuk. Coba lagi.');
    }
  }
 }
--- a/mitra_app/lib/core/auth/auth_notifier.g.dart
+++ b/mitra_app/lib/core/auth/auth_notifier.g.dart
@@ -6,7 +6,7 @@ part of 'auth_notifier.dart';
 // RiverpodGenerator
 // **************************************************************************

-String _$mitraAuthHash() => r'65235a41cde3a37feef0b3004a0a48b508bf9ac9';
+String _$mitraAuthHash() => r'ddb09225b47b4e7683c9f8ad46abc21d9fb7a37b';

 /// See also [MitraAuth].
@ProviderFor(MitraAuth)
--- a/mitra_app/lib/core/chat/extension_notifier.dart
+++ b/mitra_app/lib/core/chat/extension_notifier.dart
@@ -68,6 +68,13 @@ class MitraExtension extends _$MitraExtension {
        'message': message,
      });
      state = const ExtensionCompleteData();
+    } on DioException catch (e) {
+      final code = e.response?.data?['error']?['code'];
+      if (code == 'SESSION_NOT_ACTIVE' || e.response?.statusCode == 409) {
+        state = const ExtensionCompleteData();
+      } else {
+        state = const ExtensionErrorData('Gagal mengirim pesan penutup.');
+      }
    } catch (e) {
      state = const ExtensionErrorData('Gagal mengirim pesan penutup.');
    }
--- a/mitra_app/lib/core/status/status_notifier.g.dart
+++ b/mitra_app/lib/core/status/status_notifier.g.dart
@@ -6,7 +6,7 @@ part of 'status_notifier.dart';
 // RiverpodGenerator
 // **************************************************************************

-String _$onlineStatusHash() => r'6b42328eaba0f7934b0e3eaa54eb6b764f1c4e53';
+String _$onlineStatusHash() => r'26f86241ddbe8534b8ab700d3dcaa22c5f17eb76';

 /// See also [OnlineStatus].
@ProviderFor(OnlineStatus)