kangmin/Retribusi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Retribusi frontend dengan dashboard, event logs, dan settings

Browse Source
This commit is contained in:
mwpn
2025-12-18 11:21:40 +07:00
commit b3573ed390
35 changed files with 7368 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
api/CORS_SETUP_GUIDE.md Normal file
View File

@@ -0,0 +1,174 @@
# Panduan Setup CORS untuk API Btekno
## Masalah
Browser tidak dapat mengakses API karena CORS (Cross-Origin Resource Sharing) belum dikonfigurasi.
## Solusi
### Metode 1: CORS Handler di Setiap Endpoint (Recommended)
Tambahkan CORS handler di **AWAL** setiap file endpoint PHP:
```php
<?php
// ==================== CORS HANDLER - HARUS DI AWAL ====================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Access-Control-Max-Age: 3600");
// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// ==================== END CORS HANDLER ====================
// Lanjutkan dengan logic endpoint...
```
### Metode 2: CORS Handler di Bootstrap/Autoload
Jika menggunakan framework atau autoloader, tambahkan CORS handler di file bootstrap:
**File: `bootstrap.php` atau `index.php`**
```php
<?php
// CORS Handler
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Access-Control-Max-Age: 3600");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// Lanjutkan dengan routing/autoload...
```
### Metode 3: CORS Handler di .htaccess (Apache)
Jika menggunakan Apache, tambahkan di `.htaccess`:
```apache
# CORS Headers
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-API-KEY"
Header set Access-Control-Max-Age "3600"
</IfModule>
# Handle OPTIONS request
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
```
### Metode 4: CORS Handler di Nginx Config
Jika menggunakan Nginx, tambahkan di config:
```nginx
location / {
# CORS Headers
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-API-KEY' always;
add_header 'Access-Control-Max-Age' '3600' always;
# Handle OPTIONS request
if ($request_method = 'OPTIONS') {
return 204;
}
# Proxy atau serve PHP
try_files $uri $uri/ /index.php?$query_string;
}
```
## Endpoint yang Perlu CORS Handler
Pastikan semua endpoint berikut memiliki CORS handler:
1.`/health` - Health check
2.`/auth/v1/login` - Login
3.`/retribusi/v1/dashboard/summary` - Dashboard summary
4.`/retribusi/v1/summary/hourly` - Hourly summary
5.`/retribusi/v1/dashboard/daily` - Daily chart
6.`/retribusi/v1/dashboard/by-category` - By category chart
7.`/retribusi/v1/realtime/snapshot` - Realtime snapshot
8. ✅ Semua endpoint lainnya
## Testing CORS
### Test dengan curl:
```bash
# Test OPTIONS request (preflight)
curl -X OPTIONS https://api.btekno.cloud/auth/v1/login \
-H "Origin: http://localhost" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: Content-Type" \
-v
# Harus return:
# < HTTP/1.1 200 OK
# < Access-Control-Allow-Origin: *
# < Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
# < Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY
```
### Test dengan browser:
1. Buka `dashboard/test-connection.html`
2. Klik "Test Health Check"
3. Buka Developer Tools (F12) → Network tab
4. Cek apakah request OPTIONS return 200 dengan CORS headers
## Troubleshooting
### Masalah: Masih error "Failed to fetch"
- ✅ Pastikan CORS handler di **AWAL** file, sebelum output apapun
- ✅ Pastikan tidak ada output (echo, print, whitespace) sebelum CORS headers
- ✅ Pastikan OPTIONS request return 200, bukan 404 atau 405
### Masalah: CORS headers tidak muncul
- ✅ Cek apakah mod_headers enabled (Apache)
- ✅ Cek apakah PHP output buffering tidak mengganggu
- ✅ Cek apakah ada error PHP sebelum headers dikirim
### Masalah: Preflight OPTIONS gagal
- ✅ Pastikan server menangani method OPTIONS
- ✅ Pastikan return 200 untuk OPTIONS request
- ✅ Jangan proses logic endpoint untuk OPTIONS request
## Security Note
⚠️ **Untuk Production:**
- Ganti `Access-Control-Allow-Origin: *` dengan domain spesifik:
```php
header("Access-Control-Allow-Origin: https://yourdomain.com");
```
- Atau gunakan whitelist:
```php
$allowedOrigins = ['https://yourdomain.com', 'https://app.yourdomain.com'];
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
if (in_array($origin, $allowedOrigins)) {
header("Access-Control-Allow-Origin: $origin");
}
```
## Quick Fix
Copy file `cors-handler.php` dan include di setiap endpoint:
```php
<?php
require_once __DIR__ . '/cors-handler.php';
// Endpoint logic di sini...
```

84
api/INSTALASI_CORS.md Normal file
View File

@@ -0,0 +1,84 @@
# 🚨 INSTRUKSI PERBAIKAN CORS - WAJIB DILAKUKAN
## ⚠️ MASALAH SAAT INI
- Browser tidak bisa login karena CORS error
- Request OPTIONS (preflight) return 400 Bad Request
- Server API belum memiliki CORS handler
## ✅ SOLUSI: Upload File dengan CORS Handler
### LANGKAH 1: Buka File yang Sudah Diperbaiki
File berikut sudah diperbaiki dan siap digunakan:
- `api/auth/login.php`
- `api/dashboard/summary.php`
- `api/dashboard/chart.php`
- `api/dashboard/chart_monthly.php`
- `api/dashboard/events.php`
### LANGKAH 2: Copy Kode CORS Handler
Setiap file sudah memiliki CORS handler di baris paling atas:
```php
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
```
### LANGKAH 3: Upload ke Server API
**OPSI A: Upload File Lengkap**
1. Buka file `api/auth/login.php` di folder lokal
2. Copy seluruh isinya
3. Upload/replace file di server: `/retribusi/v1/api/auth/login.php`
4. Ulangi untuk semua file endpoint lainnya
**OPSI B: Tambahkan CORS Handler ke File yang Sudah Ada**
1. Buka file API yang sudah ada di server
2. Tambahkan kode CORS handler di **BARIS PALING ATAS** (sebelum require/include apapun)
3. Pastikan kode CORS dieksekusi sebelum logic lainnya
### LANGKAH 4: Test
Setelah upload, test dengan:
```bash
# Test OPTIONS (harus return 200)
curl -X OPTIONS https://api.btekno.cloud/retribusi/v1/api/auth/login.php -i
# Test POST (harus berhasil)
curl -X POST https://api.btekno.cloud/retribusi/v1/api/auth/login.php \
-H "Content-Type: application/json" \
-H "X-API-KEY: RETRIBUSI-DASHBOARD-KEY" \
-d '{"username":"admin","password":"dodolgarut"}'
```
### ✅ HASIL YANG DIHARAPKAN
Setelah upload:
-`curl -X OPTIONS` → HTTP 200 OK
- ✅ Browser bisa login tanpa error CORS
- ✅ Frontend berfungsi normal
## 📋 CHECKLIST
- [ ] File `api/auth/login.php` sudah di-upload ke server
- [ ] CORS handler ada di baris paling atas
- [ ] OPTIONS request return HTTP 200
- [ ] Test login dari browser berhasil
## ⚠️ PENTING
- CORS handler HARUS di baris paling atas
- CORS handler HARUS dieksekusi sebelum require/include
- CORS handler HARUS dieksekusi sebelum logic auth
- Setelah upload, clear cache browser jika perlu

118
api/README_CORS_FIX.md Normal file
View File

@@ -0,0 +1,118 @@
# 🔧 PERBAIKAN CORS - INSTRUKSI WAJIB
## ⚠️ MASALAH SAAT INI
- Frontend (localhost) GAGAL login karena CORS
- Request OPTIONS (preflight) ke endpoint login.php dibalas 400
- API belum menangani preflight OPTIONS
## ✅ SOLUSI: Tambahkan CORS Handler
### LANGKAH 1: Copy Kode CORS Handler
Copy kode berikut ke **PALING ATAS** setiap file endpoint (sebelum require/include apapun):
```php
<?php
// ================= CORS HANDLER (WAJIB PALING ATAS) =================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// ================= END CORS HANDLER =================
```
### LANGKAH 2: File yang Perlu Diperbaiki
Tambahkan CORS handler di file-file berikut:
1.`/retribusi/v1/api/auth/login.php`
2.`/retribusi/v1/api/dashboard/summary.php`
3.`/retribusi/v1/api/dashboard/chart.php`
4.`/retribusi/v1/api/dashboard/chart_monthly.php`
5.`/retribusi/v1/api/dashboard/events.php`
### LANGKAH 3: Urutan Kode yang Benar
```php
<?php
// 1. CORS HANDLER (PALING ATAS - SEBELUM APAPUN)
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// 2. Set Content-Type untuk JSON response
header('Content-Type: application/json');
// 3. Require/include file lain (jika ada)
// require_once '../config/database.php';
// require_once '../config/auth.php';
// 4. Logic auth/validation
// ... kode auth yang sudah ada ...
// 5. Logic bisnis API
// ... kode API yang sudah ada ...
```
## 🧪 TESTING
Setelah perbaikan, test dengan:
```bash
# Test OPTIONS preflight
curl -X OPTIONS https://api.btekno.cloud/retribusi/v1/api/auth/login.php \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: Content-Type, X-API-KEY" \
-v
# Harus return: HTTP 200 OK
# Test POST login
curl -X POST https://api.btekno.cloud/retribusi/v1/api/auth/login.php \
-H "Content-Type: application/json" \
-H "X-API-KEY: RETRIBUSI-DASHBOARD-KEY" \
-d '{"username":"test","password":"test"}' \
-v
```
## ✅ HASIL YANG DIHARAPKAN
-`OPTIONS /api/auth/login.php` → HTTP 200 OK
-`POST /api/auth/login.php` → login normal (tidak berubah)
- ✅ Browser TIDAK lagi error CORS
- ✅ Frontend login dari localhost BERHASIL
## 📋 CHECKLIST
- [ ] CORS handler ditambahkan di semua endpoint
- [ ] CORS handler di paling atas (sebelum require/include)
- [ ] OPTIONS request return HTTP 200
- [ ] Response bisnis API tidak berubah
- [ ] Auth logic tetap berjalan normal
- [ ] Test dari browser localhost berhasil
## ⚠️ PENTING
- **JANGAN** mengubah response bisnis API
- **JANGAN** menambah proxy
- **JANGAN** mematikan auth
- **HANYA** menambahkan CORS handler di atas
## 📁 File Example
Lihat file `.example` di folder ini untuk contoh implementasi:
- `auth/login.php.example`
- `dashboard/summary.php.example`
- `dashboard/chart.php.example`
- `dashboard/chart_monthly.php.example`
- `dashboard/events.php.example`

44
api/auth/login.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
header('Content-Type: application/json');
// TODO: Implementasi logic login di sini
// Contoh response structure:
/*
$input = json_decode(file_get_contents('php://input'), true);
if (!isset($input['username']) || !isset($input['password'])) {
http_response_code(400);
echo json_encode(['error' => 'invalid_request']);
exit;
}
// Validasi X-API-KEY
if (!isset($_SERVER['HTTP_X_API_KEY']) || $_SERVER['HTTP_X_API_KEY'] !== 'RETRIBUSI-DASHBOARD-KEY') {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
// Logic authentication
// ... kode auth yang sudah ada ...
// Response success
echo json_encode([
'token' => 'Bearer xxxxx',
'user' => [
'username' => 'admin',
'role' => 'admin',
'locations' => ['kerkof_01']
]
]);
*/

45
api/auth/login.php.example Normal file
View File

@@ -0,0 +1,45 @@
<?php
/**
* EXAMPLE: Login Endpoint dengan CORS Handler
*
* INSTRUKSI:
* 1. Copy kode CORS handler ke paling atas (sebelum require/include apapun)
* 2. Pastikan CORS handler dieksekusi SEBELUM logic auth
* 3. Jangan ubah response bisnis API, hanya tambahkan CORS
*/
// ================= CORS HANDLER (WAJIB PALING ATAS) =================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// ================= END CORS HANDLER =================
// Setelah CORS handler, baru require/include file lain
// require_once '../config/database.php';
// require_once '../config/auth.php';
// Set header untuk JSON response
header('Content-Type: application/json');
// Logic auth/login di sini
// ... kode login yang sudah ada ...
// Example response (sesuaikan dengan logic yang sudah ada)
/*
$response = [
'token' => 'Bearer xxxxx',
'user' => [
'username' => 'admin',
'role' => 'admin',
'locations' => ['kerkof_01']
]
];
echo json_encode($response);
*/

30
api/cors-handler.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
/**
* CORS Handler untuk API Btekno
*
* File ini HARUS di-include di awal SETIAP endpoint PHP
* atau ditempatkan di file bootstrap/autoload yang dieksekusi sebelum semua endpoint
*
* Usage:
* require_once __DIR__ . '/cors-handler.php';
*/
// Set CORS headers
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Credentials: false");
// Handle preflight OPTIONS request
// Browser akan mengirim OPTIONS request sebelum POST/PUT/DELETE jika ada custom headers
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// Log untuk debugging (opsional, bisa dihapus di production)
if (defined('APP_DEBUG') && APP_DEBUG === true) {
error_log('CORS Handler: ' . $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI']);
}

21
api/cors_handler.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
/**
* CORS Handler - WAJIB di-include di awal SETIAP endpoint
*
* INSTRUKSI:
* 1. Copy file ini ke server API
* 2. Include di awal SETIAP file endpoint: require_once 'cors_handler.php';
* 3. Atau copy kode di bawah ke awal setiap endpoint
*/
// ================= CORS =================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}

43
api/dashboard/chart.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
header('Content-Type: application/json');
// TODO: Implementasi logic chart di sini
// Validasi Authorization token
/*
$headers = getallheaders();
if (!isset($headers['Authorization'])) {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
// Validasi X-API-KEY
if (!isset($_SERVER['HTTP_X_API_KEY']) || $_SERVER['HTTP_X_API_KEY'] !== 'RETRIBUSI-DASHBOARD-KEY') {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
// Logic chart
$date = $_GET['date'] ?? date('Y-m-d');
$location_code = $_GET['location_code'] ?? null;
// ... kode chart yang sudah ada ...
echo json_encode([
'labels' => ['00','01','02','03','04','05','06','07','08','09','10','11','12','13','14','15','16','17','18','19','20','21','22','23'],
'motor' => array_fill(0, 24, 0),
'car' => array_fill(0, 24, 0),
'person' => array_fill(0, 24, 0)
]);
*/

20
api/dashboard/chart.php.example Normal file
View File

@@ -0,0 +1,20 @@
<?php
/**
* EXAMPLE: Dashboard Chart Endpoint dengan CORS Handler
*/
// ================= CORS HANDLER (WAJIB PALING ATAS) =================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// ================= END CORS HANDLER =================
header('Content-Type: application/json');
// ... logic chart yang sudah ada ...

45
api/dashboard/chart_monthly.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
header('Content-Type: application/json');
// TODO: Implementasi logic chart monthly di sini
// Validasi Authorization token
/*
$headers = getallheaders();
if (!isset($headers['Authorization'])) {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
// Validasi X-API-KEY
if (!isset($_SERVER['HTTP_X_API_KEY']) || $_SERVER['HTTP_X_API_KEY'] !== 'RETRIBUSI-DASHBOARD-KEY') {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
// Logic chart monthly
$month = $_GET['month'] ?? date('Y-m');
$location_code = $_GET['location_code'] ?? null;
// ... kode chart monthly yang sudah ada ...
$daysInMonth = date('t', strtotime($month . '-01'));
echo json_encode([
'labels' => range(1, $daysInMonth),
'motor' => array_fill(0, $daysInMonth, 0),
'car' => array_fill(0, $daysInMonth, 0),
'person' => array_fill(0, $daysInMonth, 0),
'amount' => array_fill(0, $daysInMonth, 0)
]);
*/

20
api/dashboard/chart_monthly.php.example Normal file
View File

@@ -0,0 +1,20 @@
<?php
/**
* EXAMPLE: Dashboard Chart Monthly Endpoint dengan CORS Handler
*/
// ================= CORS HANDLER (WAJIB PALING ATAS) =================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// ================= END CORS HANDLER =================
header('Content-Type: application/json');
// ... logic chart monthly yang sudah ada ...

49
api/dashboard/events.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
header('Content-Type: application/json');
// TODO: Implementasi logic events di sini
// Validasi Authorization token
/*
$headers = getallheaders();
if (!isset($headers['Authorization'])) {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
// Validasi X-API-KEY
if (!isset($_SERVER['HTTP_X_API_KEY']) || $_SERVER['HTTP_X_API_KEY'] !== 'RETRIBUSI-DASHBOARD-KEY') {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
// Validasi role admin
// ... kode validasi role admin ...
// Logic events
$date = $_GET['date'] ?? null;
$location_code = $_GET['location_code'] ?? null;
$gate_code = $_GET['gate_code'] ?? null;
$category = $_GET['category'] ?? null;
$page = intval($_GET['page'] ?? 1);
$limit = intval($_GET['limit'] ?? 20);
// ... kode events yang sudah ada ...
echo json_encode([
'events' => [],
'total_pages' => 1,
'current_page' => $page
]);
*/

20
api/dashboard/events.php.example Normal file
View File

@@ -0,0 +1,20 @@
<?php
/**
* EXAMPLE: Dashboard Events Endpoint dengan CORS Handler
*/
// ================= CORS HANDLER (WAJIB PALING ATAS) =================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// ================= END CORS HANDLER =================
header('Content-Type: application/json');
// ... logic events yang sudah ada ...

44
api/dashboard/summary.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
header('Content-Type: application/json');
// TODO: Implementasi logic summary di sini
// Validasi Authorization token
/*
$headers = getallheaders();
if (!isset($headers['Authorization'])) {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
// Validasi X-API-KEY
if (!isset($_SERVER['HTTP_X_API_KEY']) || $_SERVER['HTTP_X_API_KEY'] !== 'RETRIBUSI-DASHBOARD-KEY') {
http_response_code(401);
echo json_encode(['error' => 'unauthorized']);
exit;
}
// Logic summary
$date = $_GET['date'] ?? date('Y-m-d');
$location_code = $_GET['location_code'] ?? null;
// ... kode summary yang sudah ada ...
echo json_encode([
'date' => $date,
'location_code' => $location_code,
'total_vehicle' => 0,
'total_person' => 0,
'total_amount' => 0
]);
*/

42
api/dashboard/summary.php.example Normal file
View File

@@ -0,0 +1,42 @@
<?php
/**
* EXAMPLE: Dashboard Summary Endpoint dengan CORS Handler
*
* INSTRUKSI:
* 1. Copy kode CORS handler ke paling atas
* 2. Pastikan CORS handler dieksekusi SEBELUM logic auth
*/
// ================= CORS HANDLER (WAJIB PALING ATAS) =================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// ================= END CORS HANDLER =================
// Set header untuk JSON response
header('Content-Type: application/json');
// Logic auth/validation di sini
// ... kode auth yang sudah ada ...
// Logic summary di sini
// ... kode summary yang sudah ada ...
// Example response (sesuaikan dengan logic yang sudah ada)
/*
$response = [
'date' => '2024-01-01',
'location_code' => null,
'total_vehicle' => 100,
'total_person' => 250,
'total_amount' => 5000000
];
echo json_encode($response);
*/

76
api/example-endpoint-with-cors.php Normal file
View File

@@ -0,0 +1,76 @@
<?php
/**
* Contoh Endpoint dengan CORS Handler
*
* INI ADALAH CONTOH - jangan gunakan langsung, copy logic CORS ke endpoint yang sebenarnya
*/
// ==================== CORS HANDLER - HARUS DI AWAL ====================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
header("Access-Control-Max-Age: 3600");
// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// ==================== END CORS HANDLER ====================
// Set content type
header('Content-Type: application/json');
// Load environment variables (sesuai dengan struktur project)
// require_once __DIR__ . '/../vendor/autoload.php'; // Jika pakai Composer
// atau load env manual
// Contoh endpoint: Health Check
if ($_SERVER['REQUEST_METHOD'] === 'GET' && $_SERVER['REQUEST_URI'] === '/health') {
echo json_encode([
'status' => 'ok',
'time' => time()
]);
exit;
}
// Contoh endpoint: Login
if ($_SERVER['REQUEST_METHOD'] === 'POST' && strpos($_SERVER['REQUEST_URI'], '/auth/v1/login') !== false) {
// Parse request body
$input = json_decode(file_get_contents('php://input'), true);
// Validasi
if (!isset($input['username']) || !isset($input['password'])) {
http_response_code(422);
echo json_encode([
'error' => 'validation_error',
'message' => 'Username and password are required'
]);
exit;
}
// TODO: Implementasi login logic di sini
// Contoh response:
echo json_encode([
'success' => true,
'data' => [
'token' => 'example_token_here',
'expires_in' => 3600,
'user' => [
'id' => 1,
'username' => $input['username'],
'role' => 'admin'
]
],
'timestamp' => time()
]);
exit;
}
// 404 jika endpoint tidak ditemukan
http_response_code(404);
echo json_encode([
'error' => 'not_found',
'message' => 'Endpoint not found'
]);