# Di Bagian Mana Security by Design Diterapkan

Dokumen ini merujuk **lokasi file dan bagian kode** tempat Security by Design diterapkan di sistem SDM Puskesmas.

---

## 1. Konfigurasi (Config)

| File | Penerapan Security by Design |
|------|------------------------------|
| **`config/security.php`** | Kebijakan password (algorithm, rounds, min_length), login (max_attempts, lockout_duration, rate_limit), audit (enabled, retention), CSP, daftar field sensitif untuk redaksi. |
| **`config/session.php`** | Lifetime session, driver, cookie: http_only, secure, same_site (strict). |
| **`config/auth.php`** | Konfigurasi guard, provider, password reset. |

---

## 2. Middleware (Lapisan Request)

| File | Penerapan |
|------|-----------|
| **`app/Http/Kernel.php`** | **Web group:** EncryptCookies → StartSession → VerifyCsrfToken → SecurityHeaders. **Aliases:** auth, role, throttle. |
| **`app/Http/Middleware/EncryptCookies.php`** | Enkripsi cookie (Laravel bawaan). |
| **`app/Http/Middleware/VerifyCsrfToken.php`** | Validasi token CSRF pada POST/PUT/DELETE. |
| **`app/Http/Middleware/SecurityHeaders.php`** | Header: CSP, X-Frame-Options, X-Content-Type-Options, HSTS, Referrer-Policy, Permissions-Policy. |
| **`app/Http/Middleware/ForceHttps.php`** | Redirect HTTP → HTTPS (jika dipakai di production). |
| **`app/Http/Middleware/Authenticate.php`** | Redirect ke login jika belum auth. |
| **`app/Http/Middleware/RoleMiddleware.php`** | Cek role user (pegawai, kepala_tata_usaha, pimpinan); abort(403) jika tidak sesuai. |
| **`app/Http/Middleware/TrimStrings.php`** | Trim string input (global). |
| **`app/Http/Middleware/InputSanitizer.php`** | Sanitasi input (jika dipakai di route/group). |

---

## 3. Route (Pembatasan Akses & Rate Limit)

| File | Penerapan |
|------|-----------|
| **`routes/web.php`** | • **Rate limit login:** `Route::post('/login', ...)->middleware('throttle:5,15')` (baris ~23).<br>• **Auth:** Semua route dalam `Route::middleware('auth')->group(...)` (baris ~26).<br>• **Role:** Group `role:kepala_tata_usaha`, `role:pegawai`, `role:pimpinan`, `role:pegawai,kepala_tata_usaha,pimpinan` untuk pegawai, absensi, cuti, gaji, audit-log, admin. |

---

## 4. Controller (Validasi, Sanitasi, Audit, Hash)

| File / Method | Penerapan |
|---------------|-----------|
| **`app/Http/Controllers/Controller.php`** | **Base controller:** `sanitizeInput()` (null byte, trim); `authorizeOrAbort()` (403 + log unauthorized). |
| **`app/Http/Controllers/AuthController.php`** | Sanitasi username (`sanitizeInput`), session regenerate setelah login, invalidate + regenerate token saat logout. |
| **`app/Http/Controllers/PegawaiController.php`** | AuditLogService: logCreate, logUpdate, logDelete, logSensitiveAccess (download PDF/Word). Filter data per role (pegawai hanya data sendiri). |
| **`app/Http/Controllers/AbsensiController.php`** | AuditLogService: logCreate, logUpdate, logDelete. Filter absensi per pegawai_id untuk role pegawai. |
| **`app/Http/Controllers/CutiController.php`** | AuditLogService: log CREATE/UPDATE/DELETE, logSensitiveAccess (download PDF). Validasi aksi per role. |
| **`app/Http/Controllers/GajiController.php`** | AuditLogService: logCreate, logUpdate, logDelete, logSensitiveAccess (download PDF, approve, reject, pay). Filter gaji per pegawai untuk role pegawai. |
| **`app/Http/Controllers/Admin/UserManagementController.php`** | Hash::make() untuk password baru/reset; AuditLogService logCreate, logUpdate (user, reset password, nonaktifkan). |
| **`app/Http/Controllers/LaporanGajiController.php`** | AuditLogService::logSensitiveAccess untuk export PDF/Excel. |
| **`app/Http/Controllers/AuditLogController.php`** | Hanya boleh diakses role kepala_tata_usaha (dibatasi di route). |

---

## 5. Form Request (Validasi Input)

| File | Penerapan |
|------|-----------|
| **`app/Http/Requests/LoginRequest.php`** | Validasi username, password (min 8), role (in: pegawai, kepala_tata_usaha, pimpinan). |
| **`app/Http/Requests/StorePegawaiRequest.php`** | Validasi NIP, nama, email, no_telepon, dll. (unique, format). |
| **`app/Http/Requests/UpdatePegawaiRequest.php`** | Validasi update pegawai (NIP unique kecuali id ini). |
| **`app/Http/Requests/StoreAbsensiRequest.php`** | Validasi pegawai_id, tanggal, status (Hadir, Izin, dll.). |
| **`app/Http/Requests/StoreCutiRequest.php`** | Validasi jenis_cuti, tanggal_mulai/selesai, alasan. |
| **`app/Http/Requests/StoreGajiRequest.php`** | Validasi pegawai_id, periode, gaji_pokok, dll. |

Controller memakai type-hint Form Request dan `$request->validated()` sehingga hanya data yang lolos validasi yang diproses.

---

## 6. Model & Service (Password, Audit, Data)

| File | Penerapan |
|------|-----------|
| **`app/Models/User.php`** | **Password:** `setPasswordAttribute()` → Hash::make(); `checkPassword()` → Hash::check(). **Lockout:** incrementFailedAttempts(), lockAccount() (jika ada). |
| **`app/Models/AuditLog.php`** | Struktur data audit (user_id, action, table_name, record_id, old_values, new_values, ip_address, user_agent). |
| **`app/Services/AuthService.php`** | Validasi user/role/status/password; AuditLogService::logLogin (sukses/gagal), logLogout; reset failed attempts setelah login sukses. |
| **`app/Services/AuditLogService.php`** | log(), logCreate(), logUpdate(), logDelete(), logLogin(), logLogout(), logSensitiveAccess(); redaksi data sensitif sebelum simpan. |

---

## 7. View (CSRF & XSS)

| Lokasi | Penerapan |
|--------|-----------|
| **Form POST/PUT/DELETE** | Setiap form memakai **`@csrf`** agar token CSRF terkirim. Contoh: `resources/views/auth/login.blade.php`, `resources/views/pegawai/create.blade.php`, `resources/views/absensi/create.blade.php`, `resources/views/cuti/create.blade.php`, `resources/views/gaji/create.blade.php`, `resources/views/profile/edit.blade.php`, `resources/views/admin/users/create.blade.php`, `resources/views/admin/users/edit.blade.php`, dll. |
| **Output ke HTML** | Blade **`{{ $var }}`** (escape otomatis) untuk mencegah XSS. Hindari `{!! ... !!}` untuk input user. |

---

## 8. Ringkasan per Lapisan

| Lapisan | Lokasi utama |
|---------|--------------|
| **Konfigurasi** | `config/security.php`, `config/session.php` |
| **Middleware** | `app/Http/Kernel.php`, `app/Http/Middleware/` (EncryptCookies, VerifyCsrfToken, SecurityHeaders, RoleMiddleware, Authenticate) |
| **Route** | `routes/web.php` (throttle login, auth, role per group) |
| **Validasi** | `app/Http/Requests/` (LoginRequest, StorePegawaiRequest, StoreAbsensiRequest, StoreCutiRequest, StoreGajiRequest, UpdatePegawaiRequest) |
| **Sanitasi & otorisasi** | `app/Http/Controllers/Controller.php` (sanitizeInput, authorizeOrAbort); AuthController (sanitize username) |
| **Password & audit** | `app/Models/User.php` (Hash); `app/Services/AuthService.php`, `app/Services/AuditLogService.php`; tiap controller yang CRUD/sensitive (Pegawai, Absensi, Cuti, Gaji, UserManagement, LaporanGaji) |
| **View** | Semua form di `resources/views/` yang memakai `@csrf`; output dengan `{{ }}` |

Dengan demikian, Security by Design diterapkan di **config**, **middleware**, **route**, **controller**, **request**, **model**, **service**, dan **view**.