From d8e8ec3fa7e5c62608c4250cfd45baf5babb39b9 Mon Sep 17 00:00:00 2001
From: Rafi Arrafif <rafiarrafif05@gmail.com>
Date: Wed, 7 Jan 2026 23:56:44 +0700
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20refactor:=20app=20token=20?=
 =?UTF-8?q?and=20oAuth=20endpoint=20request?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

These changes include:
1. Replacing the app token with a standard authorization barrier.
2. Changing the response body in the OAuth request by wrapping the endpoint link with a structure instead of placing it in the callback payload data.
---
 src/middleware/global/appAccessToken.middleware.ts | 14 +++++++++-----
 .../controllers/getOauthProviders.controller.ts    |  9 ++++++++-
 .../auth/controllers/githubRequest.controller.ts   |  9 +++------
 .../auth/controllers/googleRequest.controller.ts   |  9 +++------
 4 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/src/middleware/global/appAccessToken.middleware.ts b/src/middleware/global/appAccessToken.middleware.ts
index d1e4a1e..459d137 100644
--- a/src/middleware/global/appAccessToken.middleware.ts
+++ b/src/middleware/global/appAccessToken.middleware.ts
@@ -3,10 +3,14 @@ import { returnErrorResponse } from "../../helpers/callback/httpResponse";
 
 export const appAccessTokenMiddleware = () =>
   new Elysia().onRequest(({ request, set }) => {
-    const headerToken = request.headers.get("access_token");
-    const storedToken = process.env.API_KEY;
+    const headerToken = request.headers.get("authorization");
+    if (!headerToken) return returnErrorResponse(set, 401, "Unauthorized");
 
-    if (headerToken !== storedToken) {
-      return returnErrorResponse(set, 403, "Unauthorized");
-    }
+    const storedToken = process.env.API_KEY;
+    const [scheme, token] = headerToken.split(" ");
+
+    if (scheme !== "Bearer" || !token)
+      return returnErrorResponse(set, 401, "Invalid auth format");
+    if (token !== storedToken)
+      return returnErrorResponse(set, 403, "Forbidden");
   });
diff --git a/src/modules/auth/controllers/getOauthProviders.controller.ts b/src/modules/auth/controllers/getOauthProviders.controller.ts
index 10e937e..579ae1c 100644
--- a/src/modules/auth/controllers/getOauthProviders.controller.ts
+++ b/src/modules/auth/controllers/getOauthProviders.controller.ts
@@ -1,10 +1,17 @@
 import { Context } from "elysia";
 import { mainErrorHandler } from "../../../helpers/error/handler";
 import { getOauthProvidersService } from "../services/http/getOauthProviders.service";
+import { returnReadResponse } from "../../../helpers/callback/httpResponse";
 
 export const getOauthProvidersController = (ctx: Context) => {
   try {
-    return getOauthProvidersService();
+    const oauthProviderServices = getOauthProvidersService();
+    return returnReadResponse(
+      ctx.set,
+      200,
+      "Getting all oauth available list",
+      oauthProviderServices
+    );
   } catch (error) {
     return mainErrorHandler(ctx.set, error);
   }
diff --git a/src/modules/auth/controllers/githubRequest.controller.ts b/src/modules/auth/controllers/githubRequest.controller.ts
index d3d332c..06709dc 100644
--- a/src/modules/auth/controllers/githubRequest.controller.ts
+++ b/src/modules/auth/controllers/githubRequest.controller.ts
@@ -6,10 +6,7 @@ export const githubRequestController = async (
   ctx: Context & { query: { callback?: string } }
 ) => {
   const loginUrl = await githubRequestService(ctx.query.callback);
-  return returnReadResponse(
-    ctx.set,
-    200,
-    "Login URL generated successfully",
-    loginUrl
-  );
+  return returnReadResponse(ctx.set, 200, "Login URL generated successfully", {
+    endpointUrl: loginUrl,
+  });
 };
diff --git a/src/modules/auth/controllers/googleRequest.controller.ts b/src/modules/auth/controllers/googleRequest.controller.ts
index 8b11796..7b122a2 100644
--- a/src/modules/auth/controllers/googleRequest.controller.ts
+++ b/src/modules/auth/controllers/googleRequest.controller.ts
@@ -8,12 +8,9 @@ export const googleRequestController = async (
 ) => {
   try {
     const loginUrl = await googleRequestService(ctx.query.callback);
-    return returnReadResponse(
-      ctx.set,
-      200,
-      "Google login url created!",
-      loginUrl
-    );
+    return returnReadResponse(ctx.set, 200, "Google login url created!", {
+      endpointUrl: loginUrl,
+    });
   } catch (error) {
     return mainErrorHandler(ctx.set, error);
   }