Garment.id
🇮🇩 Indonesian
  • 🇮🇩 Indonesian
  • 🇺🇸 English
Home
Core APITenant APISupport CenterChangelog
Home
Core APITenant APISupport CenterChangelog
Github
Instagram
|
🇮🇩 Indonesian
  • 🇮🇩 Indonesian
  • 🇺🇸 English
🇮🇩 Indonesian
  • 🇮🇩 Indonesian
  • 🇺🇸 English
  1. Home
  • Introduction
  • 01 - Project Structure
  • 02 - Context Boundaries
  • 03 - Central Auth Runtime
  • 04 - Central Billing
  • 05 - Tenant Runtime
  • 06 - FE Integration Contracts
  • 07 - Security, Middleware, and RLS
  • 08 - Events, Jobs, Listeners, Notifications, Observers
  • 09 - Testing and Quality Gates
  • 10 - Operations Runbook
  • 11 - Architecture Decisions (ADR Ringkas)
  • 12 - API Endpoint Catalog (v1)
  • 13 - Class Catalog by Context
  • 14 - Feature Development Playbook
  • 15 - Migration and Model Conventions
  • 16 - Service, Support, and Trait Contracts
  • 17 - Auth Business Scenarios and Decision Tree
  • 18 - Config Reference and Impact
  • 19 - Migration and Model Cookbook
  • 20 - Billing and Provisioning Business Flows
  • 21 - FE Error Handling Matrix
  • 22 - Incident Playbooks
  • 23 - Data Ownership Matrix
  • 24 - Documentation Governance and Changelog
  • 25 - Tenant Authorization Backend Guide
Home
Core APITenant APISupport CenterChangelog
Home
Core APITenant APISupport CenterChangelog
Github
Instagram
|
🇮🇩 Indonesian
  • 🇮🇩 Indonesian
  • 🇺🇸 English
🇮🇩 Indonesian
  • 🇮🇩 Indonesian
  • 🇺🇸 English
  1. Home

03 - Central Auth Runtime

Dokumen ini membahas alur auth terpusat, runtime endpoint user, serta mapping class yang terlibat.

Scope#

Context: central
Route files:
routes/central/auth.php
routes/central/auth-runtime.php
routes/central/auth-runtime/core.php
routes/central/auth-runtime/activity.php
routes/central/auth-runtime/session.php
routes/central/auth-runtime/notification.php
routes/central/auth-runtime/security.php

End-to-End Auth Flow#

Runtime Middleware Pipeline#

Endpoint Matrix#

A. Public/Pre-runtime Auth (/api/v1/auth/*)#

MethodPathControllerMiddleware KhususTujuan
POST/auth/registerRegisterControllerthrottle:auth-registerRegistrasi user baru
POST/auth/loginLoginControllerthrottle:auth-loginLogin kredensial
POST/auth/refreshRefreshTokenControllerthrottle:auth-refreshRotasi access token
POST/auth/social/googleSocialGoogleLoginControllerthrottle:auth-loginLogin via social account
GET/auth/social/google/redirectSocialGoogleOAuthController@redirect-Start OAuth redirect
GET/auth/social/google/callbackSocialGoogleOAuthController@callback-Callback OAuth
POST/auth/two-factor/challengeTwoFactorChallengeControllerauth:sanctum, ability:auth:2fa-challenge, throttle:auth-loginVerifikasi challenge 2FA
POST/auth/forgot-passwordPasswordResetLinkControllerthrottle:auth-passwordRequest reset link
POST/auth/reset-passwordPasswordResetControllerthrottle:auth-passwordSet password baru
GET/auth/verify-email/{id}/{hash}VerifyEmailControllersigned:relative, throttle:auth-email-verificationVerify email
POST/auth/verify-email/resend/{id}/{hash}ResendEmailVerificationControllersigned:relative, throttle:auth-email-verificationResend verify link
POST/auth/select-tenantSelectTenantControllerauth:sanctum, tenant.context, ability:tenant:select, throttle:auth-select-tenantPilih tenant context
POST/auth/tenant-onboardingOnboardingControllerauth:sanctum, ability:tenant:onboard, throttle:auth-registerSelesaikan onboarding tenant

B. Runtime Auth Core (/api/v1/auth/*)#

MethodPathControllerMiddleware
POST/auth/logoutLogoutControllerruntime baseline
POST/auth/logout-allLogoutAllControllerruntime baseline + password.confirmed
GET/auth/meMeControllerruntime baseline
Runtime baseline:
auth:sanctum
tenant.context
tenant.token
ability:tenant:access,platform:access

C. Runtime Activity#

MethodPathController
GET/auth/activitiesAuthActivityController@index
GET/auth/activities/suspiciousAuthActivityController@suspicious
GET/auth/activities/tenantAuthActivityController@tenantActivities
GET/auth/activities/user-securityAuthActivityController@userSecurity
GET/activitiesAuthActivityController@index (alias BC)
GET/activities/suspiciousAuthActivityController@suspicious (alias BC)
GET/activities/tenantAuthActivityController@tenantActivities (alias BC)
GET/activities/user-securityAuthActivityController@userSecurity (alias BC)

D. Runtime Session#

MethodPathControllerMiddleware Khusus
GET/user/sessionsUserSessionController@indexruntime baseline
DELETE/user/sessions/token/{tokenId}UserSessionController@revokeByTokenstepup.confirmed
DELETE/user/sessions/device/{deviceName}UserSessionController@revokeByDevicestepup.confirmed

E. Runtime Notification#

MethodPathController
GET/user/notificationsUserNotificationController@index
PATCH/user/notifications/read-allUserNotificationController@markAllAsRead
PATCH/user/notifications/{notificationId}/readUserNotificationController@markAsRead

F. Runtime Security#

MethodPathControllerMiddleware Khusus
POST/user/security/confirm-passwordUserSecurityController@confirmPasswordruntime baseline
GET/user/security/confirmed-password-statusUserSecurityController@confirmedPasswordStatusruntime baseline
POST/user/security/pin/verifyUserSecurityController@verifyPinruntime baseline
POST/user/security/pin/setupUserSecurityController@setupPinpassword.confirmed
PUT/user/security/pin/changeUserSecurityController@changePinpassword.confirmed
DELETE/user/security/pinUserSecurityController@disablePinpassword.confirmed
PUT/user/security/passwordUserSecurityController@updatePasswordruntime baseline
POST/user/security/two-factor-authenticationUserSecurityController@enableTwoFactorAuthenticationpassword.confirmed
DELETE/user/security/two-factor-authenticationUserSecurityController@disableTwoFactorAuthenticationpassword.confirmed
POST/user/security/confirmed-two-factor-authenticationUserSecurityController@confirmTwoFactorAuthenticationpassword.confirmed
GET/user/security/two-factor-qr-codeUserSecurityController@twoFactorQrCodepassword.confirmed
GET/user/security/two-factor-recovery-codesUserSecurityController@twoFactorRecoveryCodespassword.confirmed
POST/user/security/two-factor-recovery-codesUserSecurityController@regenerateTwoFactorRecoveryCodespassword.confirmed
GET/user/security/two-factor-secret-keyUserSecurityController@twoFactorSecretKeypassword.confirmed

Class Responsibility Map#

MeController: agregasi data user + tenant + authz.
AuthorizationResolver: resolve roles/permissions tenant-scoped dan platform-scoped.
BuildsAuthenticatedSessionResponse: builder payload session auth.
LoginController + RefreshTokenController: issue/rotate token flow.
SelectTenantController: boundary transisi dari token global ke token tenant-scoped.

GET /auth/me Contract#

{
  "success": true,
  "code": "SUCCESS",
  "data": {
    "id": "uuid",
    "name": "string",
    "account": {
      "type": "platform_admin|user",
      "status": "active|inactive"
    },
    "current_tenant": {
      "id": "uuid",
      "name": "string",
      "slug": "string"
    },
    "authz": {
      "roles": ["owner", "ppic"],
      "permissions": ["po.create", "mr.read"]
    }
  }
}
Diubah pada 2026-03-03 22:25:30
Sebelumnya
02 - Context Boundaries
Berikutnya
04 - Central Billing
Built with