From 4d686d031e362ca953bb6af3a90f19655b7ed243 Mon Sep 17 00:00:00 2001 From: rahmagustin Date: Mon, 30 Mar 2026 19:26:23 +0700 Subject: [PATCH] validasi login --- app/Http/Requests/Auth/LoginRequest.php | 95 ++++++++++++++++++------- resources/views/auth/login.blade.php | 65 ++++++++++------- 2 files changed, 108 insertions(+), 52 deletions(-) diff --git a/app/Http/Requests/Auth/LoginRequest.php b/app/Http/Requests/Auth/LoginRequest.php index 9bee446..45f35d3 100644 --- a/app/Http/Requests/Auth/LoginRequest.php +++ b/app/Http/Requests/Auth/LoginRequest.php @@ -12,41 +12,85 @@ class LoginRequest extends FormRequest { + /** + * Izinkan semua user akses request ini + */ public function authorize(): bool { return true; } + /** + * Aturan validasi input + */ public function rules(): array { return [ 'username' => ['required', 'string'], - 'password' => ['required', 'string'], + 'password' => ['required', 'string', 'min:8'], ]; } -public function authenticate(): void -{ - $user = User::where('username', $this->username)->first(); - if (!$user) { - throw ValidationException::withMessages([ - 'username' => 'Username tidak terdaftar.', - ]); - } - if (!Auth::attempt([ - 'username' => $this->username, - 'password' => $this->password, - ])) { - throw ValidationException::withMessages([ - 'password' => 'Password yang dimasukkan salah.', - ]); - } -} + /** + * Pesan error custom (biar lebih user-friendly) + */ + public function messages(): array + { + return [ + 'username.required' => 'Username wajib diisi.', + 'username.string' => 'Username harus berupa teks.', + 'password.required' => 'Password wajib diisi.', + 'password.string' => 'Password harus berupa teks.', + 'password.min' => 'Password minimal 6 karakter.', + ]; + } + /** + * Proses autentikasi login + */ + public function authenticate(): void + { + // Cek limit login (anti brute force) + $this->ensureIsNotRateLimited(); + + // Jika dua-duanya kosong (optional tambahan biar lebih jelas) + if (!$this->username && !$this->password) { + throw ValidationException::withMessages([ + 'username' => 'Username dan password wajib diisi.', + ]); + } + + // Cek apakah username ada + $user = User::where('username', $this->username)->first(); + if (!$user) { + throw ValidationException::withMessages([ + 'username' => 'Username tidak terdaftar.', + ]); + } + + // Cek password + if (!Auth::attempt([ + 'username' => $this->username, + 'password' => $this->password, + ])) { + RateLimiter::hit($this->throttleKey()); + + throw ValidationException::withMessages([ + 'password' => 'Password yang dimasukkan salah.', + ]); + } + + // Reset limit kalau berhasil login + RateLimiter::clear($this->throttleKey()); + } + + /** + * Cek apakah sudah terlalu banyak percobaan login + */ public function ensureIsNotRateLimited(): void { - if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) { + if (!RateLimiter::tooManyAttempts($this->throttleKey(), 5)) { return; } @@ -55,16 +99,17 @@ public function ensureIsNotRateLimited(): void $seconds = RateLimiter::availableIn($this->throttleKey()); throw ValidationException::withMessages([ - 'username' => trans('auth.throttle', [ - 'seconds' => $seconds, - 'minutes' => ceil($seconds / 60), - ]), + 'username' => 'Terlalu banyak percobaan login. Coba lagi dalam ' . $seconds . ' detik.', ]); } - + /** + * Key unik untuk rate limiter + */ public function throttleKey(): string { - return Str::transliterate(Str::lower($this->string('username')) . '|' . $this->ip()); + return Str::transliterate( + Str::lower($this->input('username')) . '|' . $this->ip() + ); } } diff --git a/resources/views/auth/login.blade.php b/resources/views/auth/login.blade.php index 62162af..2d367d7 100644 --- a/resources/views/auth/login.blade.php +++ b/resources/views/auth/login.blade.php @@ -2,20 +2,15 @@ - Login Admin | SIG TPS Kabupaten Nganjuk - + + - - - - - @@ -25,63 +20,79 @@
+
-
-
-
- - + + - - - - - +