Initial commit: Retribusi frontend dengan dashboard, event logs, dan settings

api/README_CORS_FIX.md

@@ -0,0 +1,118 @@
+# 🔧 PERBAIKAN CORS - INSTRUKSI WAJIB
+
+## ⚠️ MASALAH SAAT INI
+- Frontend (localhost) GAGAL login karena CORS
+- Request OPTIONS (preflight) ke endpoint login.php dibalas 400
+- API belum menangani preflight OPTIONS
+
+## ✅ SOLUSI: Tambahkan CORS Handler
+
+### LANGKAH 1: Copy Kode CORS Handler
+
+Copy kode berikut ke **PALING ATAS** setiap file endpoint (sebelum require/include apapun):
+
+```php
+<?php
+// ================= CORS HANDLER (WAJIB PALING ATAS) =================
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+// ================= END CORS HANDLER =================
+```
+
+### LANGKAH 2: File yang Perlu Diperbaiki
+
+Tambahkan CORS handler di file-file berikut:
+
+1. ✅ `/retribusi/v1/api/auth/login.php`
+2. ✅ `/retribusi/v1/api/dashboard/summary.php`
+3. ✅ `/retribusi/v1/api/dashboard/chart.php`
+4. ✅ `/retribusi/v1/api/dashboard/chart_monthly.php`
+5. ✅ `/retribusi/v1/api/dashboard/events.php`
+
+### LANGKAH 3: Urutan Kode yang Benar
+
+```php
+<?php
+// 1. CORS HANDLER (PALING ATAS - SEBELUM APAPUN)
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+// 2. Set Content-Type untuk JSON response
+header('Content-Type: application/json');
+
+// 3. Require/include file lain (jika ada)
+// require_once '../config/database.php';
+// require_once '../config/auth.php';
+
+// 4. Logic auth/validation
+// ... kode auth yang sudah ada ...
+
+// 5. Logic bisnis API
+// ... kode API yang sudah ada ...
+```
+
+## 🧪 TESTING
+
+Setelah perbaikan, test dengan:
+
+```bash
+# Test OPTIONS preflight
+curl -X OPTIONS https://api.btekno.cloud/retribusi/v1/api/auth/login.php \
+  -H "Access-Control-Request-Method: POST" \
+  -H "Access-Control-Request-Headers: Content-Type, X-API-KEY" \
+  -v
+
+# Harus return: HTTP 200 OK
+
+# Test POST login
+curl -X POST https://api.btekno.cloud/retribusi/v1/api/auth/login.php \
+  -H "Content-Type: application/json" \
+  -H "X-API-KEY: RETRIBUSI-DASHBOARD-KEY" \
+  -d '{"username":"test","password":"test"}' \
+  -v
+```
+
+## ✅ HASIL YANG DIHARAPKAN
+
+- ✅ `OPTIONS /api/auth/login.php` → HTTP 200 OK
+- ✅ `POST /api/auth/login.php` → login normal (tidak berubah)
+- ✅ Browser TIDAK lagi error CORS
+- ✅ Frontend login dari localhost BERHASIL
+
+## 📋 CHECKLIST
+
+- [ ] CORS handler ditambahkan di semua endpoint
+- [ ] CORS handler di paling atas (sebelum require/include)
+- [ ] OPTIONS request return HTTP 200
+- [ ] Response bisnis API tidak berubah
+- [ ] Auth logic tetap berjalan normal
+- [ ] Test dari browser localhost berhasil
+
+## ⚠️ PENTING
+
+- **JANGAN** mengubah response bisnis API
+- **JANGAN** menambah proxy
+- **JANGAN** mematikan auth
+- **HANYA** menambahkan CORS handler di atas
+
+## 📁 File Example
+
+Lihat file `.example` di folder ini untuk contoh implementasi:
+- `auth/login.php.example`
+- `dashboard/summary.php.example`
+- `dashboard/chart.php.example`
+- `dashboard/chart_monthly.php.example`
+- `dashboard/events.php.example`
+