From 9187ace07db038683812d0a4892a72870b731c36 Mon Sep 17 00:00:00 2001
From: Naufal Pinasthika <naufalpinasthika@gmail.com>
Date: Wed, 18 Feb 2026 10:28:19 +0700
Subject: [PATCH 1/4] feat: input validation on create/edit project

---
 src/pages/ProjectCreatePage.tsx | 32 ++++++++++++++++++++++++++++++--
 src/pages/ProjectEditPage.tsx   | 27 +++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/src/pages/ProjectCreatePage.tsx b/src/pages/ProjectCreatePage.tsx
index 4b2aced..cf6dc8c 100644
--- a/src/pages/ProjectCreatePage.tsx
+++ b/src/pages/ProjectCreatePage.tsx
@@ -110,22 +110,50 @@ const ProjectCreatePage = () => {
 			alert("Please enter a project title");
 			return false;
 		}
+		if (formData.title.length > 100) {
+			alert("Project title cannot exceed 100 characters");
+			return false;
+		}
+
 		if (!formData.description.trim()) {
 			alert("Please enter a project description");
 			return false;
 		}
+		
+		if (formData.description.length > 2000) { 
+			alert("Description is too long (max 2000 characters)");
+			return false;
+		}
+
 		if (!formData.owner.trim()) {
 			alert("Please enter the project owner");
 			return false;
 		}
-		if (!formData.category.trim()) {
+		if (formData.owner.length > 50) {
+			alert("Owner name cannot exceed 50 characters");
+			return false;
+		}
+
+		if (formData.category.trim() === "") {
 			alert("Please select a category");
 			return false;
 		}
-		if (!formData.scope.trim()) {
+		
+		if (formData.scope.trim() === "") {
 			alert("Please select a scope");
 			return false;
 		}
+
+		if (formData.url && formData.url.length > 255) {
+			alert("Project URL is too long (max 255 characters)");
+			return false;
+		}
+
+		if (formData.testimonial && formData.testimonial.length > 500) {
+			alert("Testimonial cannot exceed 500 characters");
+			return false;
+		}
+
 		return true;
 	};
 
diff --git a/src/pages/ProjectEditPage.tsx b/src/pages/ProjectEditPage.tsx
index 8fbf286..e33fc35 100644
--- a/src/pages/ProjectEditPage.tsx
+++ b/src/pages/ProjectEditPage.tsx
@@ -151,22 +151,49 @@ const ProjectEditPage = () => {
 			alert("Please enter a project title");
 			return false;
 		}
+		if (formData.title.length > 100) {
+			alert("Project title cannot exceed 100 characters");
+			return false;
+		}
+
 		if (!formData.description.trim()) {
 			alert("Please enter a project description");
 			return false;
 		}
+		if (formData.description.length > 2000) {
+			alert("Description is too long (max 2000 characters)");
+			return false;
+		}
+
 		if (!formData.owner.trim()) {
 			alert("Please enter the project owner");
 			return false;
 		}
+		if (formData.owner.length > 50) {
+			alert("Owner name cannot exceed 50 characters");
+			return false;
+		}
+
 		if (!formData.category.trim()) {
 			alert("Please select a category");
 			return false;
 		}
+
 		if (!formData.scope.trim()) {
 			alert("Please select a scope");
 			return false;
 		}
+
+		if (formData.url && formData.url.length > 255) {
+			alert("Project URL is too long (max 255 characters)");
+			return false;
+		}
+
+		if (formData.testimonial && formData.testimonial.length > 500) {
+			alert("Testimonial cannot exceed 500 characters");
+			return false;
+		}
+
 		return true;
 	};
 

From ffa2816b74040b73146c6551ca4aef3f34cb4ec6 Mon Sep 17 00:00:00 2001
From: Naufal Pinasthika <naufalpinasthika@gmail.com>
Date: Wed, 25 Feb 2026 21:21:32 +0700
Subject: [PATCH 2/4] feat: validataion on remaining pages

---
 src/pages/BlogCreatePage.tsx      | 23 +++++++++++++++++++++++
 src/pages/BlogEditPage.tsx        | 22 ++++++++++++++++++++++
 src/pages/TechStackCreatePage.tsx | 18 ++++++++++++++++++
 src/pages/TechStackEditPage.tsx   | 20 ++++++++++++++++++++
 4 files changed, 83 insertions(+)

diff --git a/src/pages/BlogCreatePage.tsx b/src/pages/BlogCreatePage.tsx
index 3a15463..ad3aeac 100644
--- a/src/pages/BlogCreatePage.tsx
+++ b/src/pages/BlogCreatePage.tsx
@@ -91,14 +91,34 @@ const BlogCreatePage = () => {
 			alert("Please enter a blog title");
 			return false;
 		}
+		if (formData.title.length > 150) {
+			alert("Blog title cannot exceed 150 characters");
+			return false;
+		}
+
 		if (!formData.author.trim()) {
 			alert("Please enter the author name");
 			return false;
 		}
+		if (formData.author.length > 50) {
+			alert("Author name cannot exceed 50 characters");
+			return false;
+		}
+
+		if (formData.excerpt && formData.excerpt.length > 300) {
+			alert("Excerpt cannot exceed 300 characters");
+			return false;
+		}
+
 		if (!formData.time_read.trim()) {
 			alert("Please enter the reading time");
 			return false;
 		}
+		if (formData.time_read.length > 50) {
+			alert("Reading time cannot exceed 50 characters");
+			return false;
+		}
+
 		if (
 			!formData.content ||
 			!formData.content.content ||
@@ -107,14 +127,17 @@ const BlogCreatePage = () => {
 			alert("Please add content to your blog");
 			return false;
 		}
+
 		if (!formData.thumbnail) {
 			alert("Please upload a thumbnail image");
 			return false;
 		}
+
 		if (!formData.tag_id) {
 			alert("Please select a tag");
 			return false;
 		}
+
 		return true;
 	};
 
diff --git a/src/pages/BlogEditPage.tsx b/src/pages/BlogEditPage.tsx
index e360060..61644bb 100644
--- a/src/pages/BlogEditPage.tsx
+++ b/src/pages/BlogEditPage.tsx
@@ -174,14 +174,34 @@ const BlogEditPage = () => {
 			alert("Please enter a blog title");
 			return false;
 		}
+		if (formData.title.length > 150) {
+			alert("Blog title cannot exceed 150 characters");
+			return false;
+		}
+
 		if (!formData.author.trim()) {
 			alert("Please enter the author name");
 			return false;
 		}
+		if (formData.author.length > 50) {
+			alert("Author name cannot exceed 50 characters");
+			return false;
+		}
+
+		if (formData.excerpt && formData.excerpt.length > 300) {
+			alert("Excerpt cannot exceed 300 characters");
+			return false;
+		}
+
 		if (!formData.time_read.trim()) {
 			alert("Please enter the reading time");
 			return false;
 		}
+		if (formData.time_read.length > 50) {
+			alert("Reading time cannot exceed 50 characters");
+			return false;
+		}
+
 		if (
 			!formData.content ||
 			!formData.content.content ||
@@ -190,10 +210,12 @@ const BlogEditPage = () => {
 			alert("Please add content to your blog");
 			return false;
 		}
+
 		if (!formData.tag_id) {
 			alert("Please select a tag");
 			return false;
 		}
+
 		return true;
 	};
 
diff --git a/src/pages/TechStackCreatePage.tsx b/src/pages/TechStackCreatePage.tsx
index 19aef70..9a5a45c 100644
--- a/src/pages/TechStackCreatePage.tsx
+++ b/src/pages/TechStackCreatePage.tsx
@@ -49,6 +49,24 @@ const TechStackCreatePage = () => {
 			alert("Please enter a tech stack name");
 			return false;
 		}
+		if (formData.tech_stack_name.length > 50) {
+			alert("Tech stack name cannot exceed 50 characters");
+			return false;
+		}
+
+		if (
+			formData.tech_stack_description &&
+			formData.tech_stack_description.length > 500
+		) {
+			alert("Description cannot exceed 500 characters");
+			return false;
+		}
+
+		if (!formData.icon_url) {
+			alert("Please upload an icon");
+			return false;
+		}
+
 		return true;
 	};
 
diff --git a/src/pages/TechStackEditPage.tsx b/src/pages/TechStackEditPage.tsx
index a338aff..9cca534 100644
--- a/src/pages/TechStackEditPage.tsx
+++ b/src/pages/TechStackEditPage.tsx
@@ -83,6 +83,26 @@ const TechStackEditPage = () => {
 			alert("Please enter a tech stack name");
 			return false;
 		}
+		if (formData.tech_stack_name.length > 50) {
+			alert("Tech stack name cannot exceed 50 characters");
+			return false;
+		}
+
+		if (
+			formData.tech_stack_description &&
+			formData.tech_stack_description.length > 500
+		) {
+			alert("Description cannot exceed 500 characters");
+			return false;
+		}
+
+		// Icon is optional in edit (might be already there), but if cleared it might be an issue?
+		// The state `icon_url` holds the current URL.
+		if (!formData.icon_url) {
+			alert("Please upload an icon");
+			return false;
+		}
+
 		return true;
 	};
 

From e9725311f1cc446816e95ea5355515c9e86a4b8c Mon Sep 17 00:00:00 2001
From: Naufal Pinasthika <naufalpinasthika@gmail.com>
Date: Sat, 28 Feb 2026 13:02:59 +0700
Subject: [PATCH 3/4] feat: testimonial section

---
 src/App.tsx                              |   6 +
 src/components/layout/AdminLayout.tsx    |  16 ++
 src/contexts/AuthContext.tsx             |  11 +-
 src/hooks/useTestimonials.ts             | 106 +++++++++++
 src/pages/LoginPage.tsx                  |  14 ++
 src/pages/TestimonialCreatePage.tsx      | 172 ++++++++++++++++++
 src/pages/TestimonialEditPage.tsx        | 215 +++++++++++++++++++++++
 src/pages/TestimonialListPage.tsx        | 195 ++++++++++++++++++++
 src/pages/index.ts                       |   3 +
 src/services/api.ts                      |   8 +
 src/services/api/index.ts                |   7 +
 src/services/api/testimonials.service.ts |  45 +++++
 src/services/api/types.ts                |  20 +++
 13 files changed, 817 insertions(+), 1 deletion(-)
 create mode 100644 src/hooks/useTestimonials.ts
 create mode 100644 src/pages/TestimonialCreatePage.tsx
 create mode 100644 src/pages/TestimonialEditPage.tsx
 create mode 100644 src/pages/TestimonialListPage.tsx
 create mode 100644 src/services/api/testimonials.service.ts

diff --git a/src/App.tsx b/src/App.tsx
index 4142d92..e361a2c 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -11,6 +11,9 @@ import {
 	TechStackListPage,
 	TechStackCreatePage,
 	TechStackEditPage,
+	TestimonialListPage,
+	TestimonialCreatePage,
+	TestimonialEditPage,
 	LoginPage,
 	// RegisterPage, // Keep this commented out if you aren't using it yet
 } from "@/pages";
@@ -42,6 +45,9 @@ function App() {
 					<Route path="tech-stack" element={<TechStackListPage />} />
 					<Route path="tech-stack/create" element={<TechStackCreatePage />} />
 					<Route path="tech-stack/:id/edit" element={<TechStackEditPage />} />
+					<Route path="testimonials" element={<TestimonialListPage />} />
+					<Route path="testimonials/create" element={<TestimonialCreatePage />} />
+					<Route path="testimonials/:id/edit" element={<TestimonialEditPage />} />
 				</Route>
 			</Routes>
 		</Router>
diff --git a/src/components/layout/AdminLayout.tsx b/src/components/layout/AdminLayout.tsx
index a9c16a4..fc3197d 100644
--- a/src/components/layout/AdminLayout.tsx
+++ b/src/components/layout/AdminLayout.tsx
@@ -7,6 +7,7 @@ import {
 	User,
 	Briefcase,
 	Layers,
+	MessageSquareQuote,
 } from "lucide-react";
 import { signOut } from "@/lib/auth-client";
 import { useAuth } from "@/contexts/AuthContext";
@@ -98,6 +99,21 @@ const AdminLayout = () => {
 								Tags
 							</NavLink>
 						</li>
+						<li>
+							<NavLink
+								to="/testimonials"
+								className={({ isActive }) =>
+									`flex items-center gap-3 px-3 py-2 rounded-lg text-sm font-medium transition-colors ${
+										isActive
+											? "bg-purple-100 text-purple-700"
+											: "text-gray-600 hover:bg-gray-100 hover:text-gray-900"
+									}`
+								}
+							>
+								<MessageSquareQuote className="w-4 h-4" />
+								Testimonials
+							</NavLink>
+						</li>
 						<li>
 							<NavLink
 								to="/settings"
diff --git a/src/contexts/AuthContext.tsx b/src/contexts/AuthContext.tsx
index c0cd2c4..2329509 100644
--- a/src/contexts/AuthContext.tsx
+++ b/src/contexts/AuthContext.tsx
@@ -18,9 +18,18 @@ const AuthContext = createContext<AuthContextType | undefined>(undefined);
 export function AuthProvider({ children }: { children: ReactNode }) {
 	const { data, isPending } = useSession();
 
+	// TODO: REMOVE BYPASS WHEN BACKEND AUTH IS READY
+	const isBypassed = localStorage.getItem("admin_token") === "dev_token";
+
+	const user = isBypassed 
+		? { id: "dev-id", name: "Dev Admin", email: "admin@iit.dev", emailVerified: true } 
+		: (data?.user ?? null);
+	
+	const isLoading = isBypassed ? false : isPending;
+
 	return (
 		<AuthContext.Provider
-			value={{ user: data?.user ?? null, isLoading: isPending }}
+			value={{ user, isLoading }}
 		>
 			{children}
 		</AuthContext.Provider>
diff --git a/src/hooks/useTestimonials.ts b/src/hooks/useTestimonials.ts
new file mode 100644
index 0000000..983927c
--- /dev/null
+++ b/src/hooks/useTestimonials.ts
@@ -0,0 +1,106 @@
+import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
+import { apiService } from "@/services/api";
+import type {
+	CreateTestimonialRequest,
+	UpdateTestimonialRequest,
+} from "@/services/api/types";
+
+// Query keys
+export const testimonialKeys = {
+	all: ["testimonials"] as const,
+	lists: () => [...testimonialKeys.all, "list"] as const,
+	details: () => [...testimonialKeys.all, "detail"] as const,
+	detail: (id: number) => [...testimonialKeys.details(), id] as const,
+};
+
+// Fetch all testimonials
+export const useTestimonials = () => {
+	return useQuery({
+		queryKey: testimonialKeys.lists(),
+		queryFn: async () => {
+			const response = await apiService.getAllTestimonials();
+			if (!response.success) {
+				throw new Error(response.error || "Failed to fetch testimonials");
+			}
+			return response.data || [];
+		},
+	});
+};
+
+// Fetch single testimonial
+export const useTestimonial = (id: number) => {
+	return useQuery({
+		queryKey: testimonialKeys.detail(id),
+		queryFn: async () => {
+			const response = await apiService.getTestimonialById(id);
+			if (!response.success) {
+				throw new Error(response.error || "Failed to fetch testimonial");
+			}
+			return response.data;
+		},
+		enabled: !!id && id > 0,
+	});
+};
+
+// Create testimonial mutation
+export const useCreateTestimonial = () => {
+	const queryClient = useQueryClient();
+
+	return useMutation({
+		mutationFn: async (data: CreateTestimonialRequest) => {
+			const response = await apiService.createTestimonial(data);
+			if (!response.success) {
+				throw new Error(response.error || "Failed to create testimonial");
+			}
+			return response.data!;
+		},
+		onSuccess: () => {
+			queryClient.invalidateQueries({ queryKey: testimonialKeys.lists() });
+		},
+	});
+};
+
+// Update testimonial mutation
+export const useUpdateTestimonial = () => {
+	const queryClient = useQueryClient();
+
+	return useMutation({
+		mutationFn: async ({
+			id,
+			data,
+		}: {
+			id: number;
+			data: UpdateTestimonialRequest;
+		}) => {
+			const response = await apiService.updateTestimonial(id, data);
+			if (!response.success) {
+				throw new Error(response.error || "Failed to update testimonial");
+			}
+			return response.data!;
+		},
+		onSuccess: (_data, variables) => {
+			queryClient.invalidateQueries({ queryKey: testimonialKeys.lists() });
+			queryClient.invalidateQueries({
+				queryKey: testimonialKeys.detail(variables.id),
+			});
+		},
+	});
+};
+
+// Delete testimonial mutation
+export const useDeleteTestimonial = () => {
+	const queryClient = useQueryClient();
+
+	return useMutation({
+		mutationFn: async (id: number) => {
+			const response = await apiService.deleteTestimonial(id);
+			if (!response.success) {
+				throw new Error(response.error || "Failed to delete testimonial");
+			}
+			return response.data!;
+		},
+		onSuccess: () => {
+			queryClient.invalidateQueries({ queryKey: testimonialKeys.lists() });
+		},
+	});
+};
diff --git a/src/pages/LoginPage.tsx b/src/pages/LoginPage.tsx
index 2a6962f..71ac395 100644
--- a/src/pages/LoginPage.tsx
+++ b/src/pages/LoginPage.tsx
@@ -25,6 +25,19 @@ export default function LoginPage() {
 		setError("");
 		setIsLoading(true);
 
+		// TODO: REMOVE THIS BYPASS WHEN BACKEND AUTH IS IMPLEMENTED
+		// Currently backend has no auth/users table, so we bypass login for development.
+		setTimeout(() => {
+			console.warn("BYPASSING LOGIN: No backend auth available yet.");
+			// Mock successful login state
+			localStorage.setItem("admin_token", "dev_token");
+			// Force reload to update AuthContext
+			window.location.href = "/";
+			setIsLoading(false);admin/src/contexts
+		}, 1000);
+
+		// ORIGINAL CODE (Commented out):
+		/*
 		try {
 			const result = await signIn.email({
 				email,
@@ -42,6 +55,7 @@ export default function LoginPage() {
 		} finally {
 			setIsLoading(false);
 		}
+		*/
 	};
 
 	return (
diff --git a/src/pages/TestimonialCreatePage.tsx b/src/pages/TestimonialCreatePage.tsx
new file mode 100644
index 0000000..e542638
--- /dev/null
+++ b/src/pages/TestimonialCreatePage.tsx
@@ -0,0 +1,172 @@
+import { useState } from "react";
+import { useNavigate } from "react-router-dom";
+import MetaTags from "@/components/MetaTags";
+import { useCreateTestimonial } from "@/hooks/useTestimonials";
+import { sanitizeText } from "@/utils/sanitizeInput";
+
+const TestimonialCreatePage = () => {
+	const navigate = useNavigate();
+	const createTestimonialMutation = useCreateTestimonial();
+
+	const [formData, setFormData] = useState({
+		full_name: "",
+		role: "",
+		description: "",
+	});
+
+	const validateForm = () => {
+		if (!formData.full_name.trim()) {
+			alert("Please enter the full name");
+			return false;
+		}
+		if (formData.full_name.length > 100) {
+			alert("Full name cannot exceed 100 characters");
+			return false;
+		}
+
+		if (!formData.role.trim()) {
+			alert("Please enter the role/position");
+			return false;
+		}
+		if (formData.role.length > 100) {
+			alert("Role/Position cannot exceed 100 characters");
+			return false;
+		}
+
+		if (!formData.description.trim()) {
+			alert("Please enter the description");
+			return false;
+		}
+		if (formData.description.length > 500) {
+			alert("Description cannot exceed 500 characters");
+			return false;
+		}
+
+		return true;
+	};
+
+	const handleCreateTestimonial = async () => {
+		if (!validateForm()) return;
+
+		try {
+			await createTestimonialMutation.mutateAsync({
+				full_name: sanitizeText(formData.full_name),
+				role: sanitizeText(formData.role),
+				description: sanitizeText(formData.description),
+			});
+			alert("Testimonial created successfully!");
+			navigate("/testimonials");
+		} catch (error) {
+			alert(
+				error instanceof Error
+					? error.message
+					: "Failed to create testimonial",
+			);
+		}
+	};
+
+	const isLoading = createTestimonialMutation.isPending;
+
+	return (
+		<div className="p-8">
+			<MetaTags
+				title="Buat Testimonial Baru - Admin Dashboard Inkubator IT"
+				description="Tambahkan testimonial klien baru untuk website Inkubator IT"
+				keywords="buat testimonial, client review, inkubator it, admin"
+			/>
+			<div className="mb-8">
+				<h1 className="text-3xl font-bold text-gray-900 mb-2">
+					Create Testimonial
+				</h1>
+				<p className="text-gray-600">Add a new client testimonial</p>
+			</div>
+
+			<div className="w-full max-w-2xl">
+				<div className="space-y-6">
+					<div>
+						<label className="block text-sm font-medium text-gray-700 mb-2">
+							Full Name <span className="text-red-500">*</span>
+						</label>
+						<input
+							type="text"
+							value={formData.full_name}
+							onChange={(e) =>
+								setFormData((prev) => ({
+									...prev,
+									full_name: e.target.value,
+								}))
+							}
+							placeholder="e.g., John Doe"
+							maxLength={100}
+							className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+						/>
+						<p className="mt-1 text-xs text-gray-500">
+							{formData.full_name.length}/100 characters
+						</p>
+					</div>
+
+					<div>
+						<label className="block text-sm font-medium text-gray-700 mb-2">
+							Role / Position <span className="text-red-500">*</span>
+						</label>
+						<input
+							type="text"
+							value={formData.role}
+							onChange={(e) =>
+								setFormData((prev) => ({ ...prev, role: e.target.value }))
+							}
+							placeholder="e.g., CEO at Company"
+							maxLength={100}
+							className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+						/>
+						<p className="mt-1 text-xs text-gray-500">
+							{formData.role.length}/100 characters
+						</p>
+					</div>
+
+					<div>
+						<label className="block text-sm font-medium text-gray-700 mb-2">
+							Description <span className="text-red-500">*</span>
+						</label>
+						<textarea
+							value={formData.description}
+							onChange={(e) =>
+								setFormData((prev) => ({
+									...prev,
+									description: e.target.value,
+								}))
+							}
+							placeholder="What the client said about your service..."
+							maxLength={500}
+							rows={5}
+							className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent resize-vertical"
+						/>
+						<p className="mt-1 text-xs text-gray-500">
+							{formData.description.length}/500 characters
+						</p>
+					</div>
+
+					<div className="flex items-center gap-4 pt-4">
+						<button
+							type="button"
+							onClick={handleCreateTestimonial}
+							disabled={isLoading}
+							className="bg-blue-600 text-white px-6 py-2 rounded-lg hover:bg-blue-700 transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
+						>
+							{isLoading ? "Creating..." : "Create Testimonial"}
+						</button>
+						<button
+							type="button"
+							onClick={() => navigate("/testimonials")}
+							className="text-gray-600 hover:text-gray-800 transition-colors"
+						>
+							Cancel
+						</button>
+					</div>
+				</div>
+			</div>
+		</div>
+	);
+};
+
+export default TestimonialCreatePage;
diff --git a/src/pages/TestimonialEditPage.tsx b/src/pages/TestimonialEditPage.tsx
new file mode 100644
index 0000000..308cbd9
--- /dev/null
+++ b/src/pages/TestimonialEditPage.tsx
@@ -0,0 +1,215 @@
+import { useState, useEffect } from "react";
+import { useNavigate, useParams } from "react-router-dom";
+import MetaTags from "@/components/MetaTags";
+import {
+	useTestimonial,
+	useUpdateTestimonial,
+} from "@/hooks/useTestimonials";
+import { sanitizeText } from "@/utils/sanitizeInput";
+
+const TestimonialEditPage = () => {
+	const { id } = useParams<{ id: string }>();
+	const navigate = useNavigate();
+	const testimonialId = Number(id);
+
+	const {
+		data: testimonial,
+		isLoading: isLoadingTestimonial,
+		error: fetchError,
+	} = useTestimonial(testimonialId);
+	const updateTestimonialMutation = useUpdateTestimonial();
+
+	const [formData, setFormData] = useState({
+		full_name: "",
+		role: "",
+		description: "",
+	});
+
+	useEffect(() => {
+		if (testimonial) {
+			setFormData({
+				full_name: testimonial.full_name || "",
+				role: testimonial.role || "",
+				description: testimonial.description || "",
+			});
+		}
+	}, [testimonial]);
+
+	const validateForm = () => {
+		if (!formData.full_name.trim()) {
+			alert("Please enter the full name");
+			return false;
+		}
+		if (formData.full_name.length > 100) {
+			alert("Full name cannot exceed 100 characters");
+			return false;
+		}
+
+		if (!formData.role.trim()) {
+			alert("Please enter the role/position");
+			return false;
+		}
+		if (formData.role.length > 100) {
+			alert("Role/Position cannot exceed 100 characters");
+			return false;
+		}
+
+		if (!formData.description.trim()) {
+			alert("Please enter the description");
+			return false;
+		}
+		if (formData.description.length > 500) {
+			alert("Description cannot exceed 500 characters");
+			return false;
+		}
+
+		return true;
+	};
+
+	const handleUpdateTestimonial = async () => {
+		if (!validateForm()) return;
+
+		try {
+			await updateTestimonialMutation.mutateAsync({
+				id: testimonialId,
+				data: {
+					full_name: sanitizeText(formData.full_name),
+					role: sanitizeText(formData.role),
+					description: sanitizeText(formData.description),
+				},
+			});
+			alert("Testimonial updated successfully!");
+			navigate("/testimonials");
+		} catch (error) {
+			alert(
+				error instanceof Error
+					? error.message
+					: "Failed to update testimonial",
+			);
+		}
+	};
+
+	if (isLoadingTestimonial) {
+		return (
+			<div className="p-8">
+				<div className="text-center">Loading testimonial...</div>
+			</div>
+		);
+	}
+
+	if (fetchError) {
+		return (
+			<div className="p-8">
+				<div className="text-center text-red-600">
+					Error loading testimonial:{" "}
+					{fetchError instanceof Error ? fetchError.message : "Unknown error"}
+				</div>
+			</div>
+		);
+	}
+
+	const isLoading = updateTestimonialMutation.isPending;
+
+	return (
+		<div className="p-8">
+			<MetaTags
+				title="Edit Testimonial - Admin Dashboard Inkubator IT"
+				description="Edit testimonial klien website Inkubator IT"
+				keywords="edit testimonial, client review, inkubator it, admin"
+			/>
+			<div className="mb-8">
+				<h1 className="text-3xl font-bold text-gray-900 mb-2">
+					Edit Testimonial
+				</h1>
+				<p className="text-gray-600">Update client testimonial</p>
+			</div>
+
+			<div className="w-full max-w-2xl">
+				<div className="space-y-6">
+					<div>
+						<label className="block text-sm font-medium text-gray-700 mb-2">
+							Full Name <span className="text-red-500">*</span>
+						</label>
+						<input
+							type="text"
+							value={formData.full_name}
+							onChange={(e) =>
+								setFormData((prev) => ({
+									...prev,
+									full_name: e.target.value,
+								}))
+							}
+							placeholder="e.g., John Doe"
+							maxLength={100}
+							className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+						/>
+						<p className="mt-1 text-xs text-gray-500">
+							{formData.full_name.length}/100 characters
+						</p>
+					</div>
+
+					<div>
+						<label className="block text-sm font-medium text-gray-700 mb-2">
+							Role / Position <span className="text-red-500">*</span>
+						</label>
+						<input
+							type="text"
+							value={formData.role}
+							onChange={(e) =>
+								setFormData((prev) => ({ ...prev, role: e.target.value }))
+							}
+							placeholder="e.g., CEO at Company"
+							maxLength={100}
+							className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+						/>
+						<p className="mt-1 text-xs text-gray-500">
+							{formData.role.length}/100 characters
+						</p>
+					</div>
+
+					<div>
+						<label className="block text-sm font-medium text-gray-700 mb-2">
+							Description <span className="text-red-500">*</span>
+						</label>
+						<textarea
+							value={formData.description}
+							onChange={(e) =>
+								setFormData((prev) => ({
+									...prev,
+									description: e.target.value,
+								}))
+							}
+							placeholder="What the client said about your service..."
+							maxLength={500}
+							rows={5}
+							className="w-full px-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent resize-vertical"
+						/>
+						<p className="mt-1 text-xs text-gray-500">
+							{formData.description.length}/500 characters
+						</p>
+					</div>
+
+					<div className="flex items-center gap-4 pt-4">
+						<button
+							type="button"
+							onClick={handleUpdateTestimonial}
+							disabled={isLoading}
+							className="bg-blue-600 text-white px-6 py-2 rounded-lg hover:bg-blue-700 transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
+						>
+							{isLoading ? "Updating..." : "Update Testimonial"}
+						</button>
+						<button
+							type="button"
+							onClick={() => navigate("/testimonials")}
+							className="text-gray-600 hover:text-gray-800 transition-colors"
+						>
+							Cancel
+						</button>
+					</div>
+				</div>
+			</div>
+		</div>
+	);
+};
+
+export default TestimonialEditPage;
diff --git a/src/pages/TestimonialListPage.tsx b/src/pages/TestimonialListPage.tsx
new file mode 100644
index 0000000..d34e7e0
--- /dev/null
+++ b/src/pages/TestimonialListPage.tsx
@@ -0,0 +1,195 @@
+import { useState, useMemo } from "react";
+import { Link } from "react-router-dom";
+import { Plus, Search, Edit, Trash2 } from "lucide-react";
+import { formatDate } from "@/utils/dateUtils";
+import MetaTags from "@/components/MetaTags";
+import {
+	useTestimonials,
+	useDeleteTestimonial,
+} from "@/hooks/useTestimonials";
+
+const TestimonialListPage = () => {
+	const [searchTerm, setSearchTerm] = useState("");
+
+	const {
+		data: testimonials = [],
+		isLoading,
+		error,
+	} = useTestimonials();
+	const deleteTestimonialMutation = useDeleteTestimonial();
+
+	const handleDeleteTestimonial = async (id: number) => {
+		if (!confirm("Are you sure you want to delete this testimonial?")) return;
+
+		try {
+			await deleteTestimonialMutation.mutateAsync(id);
+			alert("Testimonial deleted successfully!");
+		} catch (error) {
+			alert(
+				error instanceof Error
+					? error.message
+					: "Failed to delete testimonial",
+			);
+		}
+	};
+
+	const filteredTestimonials = useMemo(() => {
+		return testimonials.filter((testimonial) => {
+			const matchesSearch =
+				testimonial.full_name
+					.toLowerCase()
+					.includes(searchTerm.toLowerCase()) ||
+				testimonial.role.toLowerCase().includes(searchTerm.toLowerCase()) ||
+				testimonial.description
+					.toLowerCase()
+					.includes(searchTerm.toLowerCase());
+			return matchesSearch;
+		});
+	}, [testimonials, searchTerm]);
+
+	if (isLoading) {
+		return (
+			<div className="p-8">
+				<div className="text-center">Loading testimonials...</div>
+			</div>
+		);
+	}
+
+	return (
+		<div className="p-8">
+			<MetaTags
+				title="Kelola Testimonials - Admin Dashboard Inkubator IT"
+				description="Kelola testimonial klien untuk website Inkubator IT"
+				keywords="testimonial management, client testimonials, inkubator it, admin"
+			/>
+			<div className="mb-8 flex items-center justify-between">
+				<div>
+					<h1 className="text-3xl font-bold text-gray-900 mb-2">
+						Testimonials
+					</h1>
+					<p className="text-gray-600">
+						Manage client testimonials • Total: {testimonials.length}
+					</p>
+				</div>
+				<Link
+					to="/testimonials/create"
+					className="flex items-center gap-2 bg-blue-600 text-white px-4 py-2 rounded-lg hover:bg-blue-700 transition-colors"
+				>
+					<Plus className="w-4 h-4" />
+					Add Testimonial
+				</Link>
+			</div>
+
+			{error && (
+				<div className="mb-4 p-4 bg-red-50 border border-red-200 rounded-lg text-red-600">
+					Error loading testimonials:{" "}
+					{error instanceof Error ? error.message : "Unknown error"}
+				</div>
+			)}
+
+			<div className="mb-6">
+				<div className="relative">
+					<Search className="absolute left-3 top-1/2 transform -translate-y-1/2 text-gray-400 w-4 h-4" />
+					<input
+						type="text"
+						value={searchTerm}
+						onChange={(e) => setSearchTerm(e.target.value)}
+						placeholder="Search testimonials..."
+						className="w-full pl-10 pr-4 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+					/>
+				</div>
+			</div>
+
+			<div className="bg-white rounded-lg shadow-sm border">
+				<div className="overflow-x-auto">
+					<table className="w-full">
+						<thead className="bg-gray-50 border-b">
+							<tr>
+								<th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
+									Full Name
+								</th>
+								<th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
+									Role / Position
+								</th>
+								<th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
+									Description
+								</th>
+								<th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
+									Created At
+								</th>
+								<th className="px-6 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider">
+									Actions
+								</th>
+							</tr>
+						</thead>
+						<tbody className="bg-white divide-y divide-gray-200">
+							{filteredTestimonials.length === 0 ? (
+								<tr>
+									<td
+										colSpan={5}
+										className="px-6 py-8 text-center text-gray-500"
+									>
+										{searchTerm
+											? "No testimonials match your search."
+											: "No testimonials yet. Add your first testimonial!"}
+									</td>
+								</tr>
+							) : (
+								filteredTestimonials.map((testimonial) => (
+									<tr key={testimonial.id} className="hover:bg-gray-50">
+										<td className="px-6 py-4 whitespace-nowrap">
+											<span className="text-sm font-medium text-gray-900">
+												{testimonial.full_name}
+											</span>
+										</td>
+										<td className="px-6 py-4 whitespace-nowrap">
+											<span className="text-sm text-gray-600">
+												{testimonial.role}
+											</span>
+										</td>
+										<td className="px-6 py-4">
+											<span className="text-sm text-gray-600 line-clamp-2">
+												{testimonial.description}
+											</span>
+										</td>
+										<td className="px-6 py-4 whitespace-nowrap">
+											<span className="text-sm text-gray-500">
+												{formatDate(testimonial.created_at)}
+											</span>
+										</td>
+										<td className="px-6 py-4 whitespace-nowrap text-right">
+											<div className="flex items-center justify-end gap-4">
+												<Link
+													to={`/testimonials/${testimonial.id}/edit`}
+													className="flex items-center gap-1 text-gray-600 hover:text-gray-800 transition-colors"
+												>
+													<Edit className="w-4 h-4" />
+													Edit
+												</Link>
+												<button
+													type="button"
+													onClick={() =>
+														handleDeleteTestimonial(testimonial.id)
+													}
+													disabled={deleteTestimonialMutation.isPending}
+													className="flex items-center gap-1 text-red-600 hover:text-red-800 transition-colors disabled:opacity-50"
+												>
+													<Trash2 className="w-4 h-4" />
+													{deleteTestimonialMutation.isPending
+														? "Deleting..."
+														: "Delete"}
+												</button>
+											</div>
+										</td>
+									</tr>
+								))
+							)}
+						</tbody>
+					</table>
+				</div>
+			</div>
+		</div>
+	);
+};
+
+export default TestimonialListPage;
diff --git a/src/pages/index.ts b/src/pages/index.ts
index ad5d89e..1845d11 100644
--- a/src/pages/index.ts
+++ b/src/pages/index.ts
@@ -8,5 +8,8 @@ export { default as ProjectEditPage } from "./ProjectEditPage";
 export { default as TechStackListPage } from "./TechStackListPage";
 export { default as TechStackCreatePage } from "./TechStackCreatePage";
 export { default as TechStackEditPage } from "./TechStackEditPage";
+export { default as TestimonialListPage } from "./TestimonialListPage";
+export { default as TestimonialCreatePage } from "./TestimonialCreatePage";
+export { default as TestimonialEditPage } from "./TestimonialEditPage";
 export { default as LoginPage } from "./LoginPage";
 // export { default as RegisterPage } from "./RegisterPage";
diff --git a/src/services/api.ts b/src/services/api.ts
index d1886b7..55a6c15 100644
--- a/src/services/api.ts
+++ b/src/services/api.ts
@@ -7,6 +7,7 @@ import { projectsApi } from "./api/projects.service";
 import { servicesApi } from "./api/services.service";
 import { techStackApi } from "./api/tech-stack.service";
 import { clientInformationApi } from "./api/client-information.service";
+import { testimonialsApi } from "./api/testimonials.service";
 
 export const apiService = {
 	// Blog methods
@@ -56,4 +57,11 @@ export const apiService = {
 		clientInformationApi.updateClientInformation.bind(clientInformationApi),
 	deleteClientInformation:
 		clientInformationApi.deleteClientInformation.bind(clientInformationApi),
+
+	// Testimonial methods
+	getAllTestimonials: testimonialsApi.getAllTestimonials.bind(testimonialsApi),
+	getTestimonialById: testimonialsApi.getTestimonialById.bind(testimonialsApi),
+	createTestimonial: testimonialsApi.createTestimonial.bind(testimonialsApi),
+	updateTestimonial: testimonialsApi.updateTestimonial.bind(testimonialsApi),
+	deleteTestimonial: testimonialsApi.deleteTestimonial.bind(testimonialsApi),
 };
diff --git a/src/services/api/index.ts b/src/services/api/index.ts
index bc66702..ba5cd4c 100644
--- a/src/services/api/index.ts
+++ b/src/services/api/index.ts
@@ -5,6 +5,7 @@ export { projectsApi } from "./projects.service";
 export { servicesApi } from "./services.service";
 export { techStackApi } from "./tech-stack.service";
 export { clientInformationApi } from "./client-information.service";
+export { testimonialsApi } from "./testimonials.service";
 export { StorageService } from "./storage.service";
 
 // Export types
@@ -34,6 +35,10 @@ export type {
 	ClientInformation,
 	CreateClientInformationRequest,
 	UpdateClientInformationRequest,
+	// Testimonial types
+	Testimonial,
+	CreateTestimonialRequest,
+	UpdateTestimonialRequest,
 } from "./types";
 
 // Convenience export for accessing all APIs through a single object
@@ -43,6 +48,7 @@ import { projectsApi } from "./projects.service";
 import { servicesApi } from "./services.service";
 import { techStackApi } from "./tech-stack.service";
 import { clientInformationApi } from "./client-information.service";
+import { testimonialsApi } from "./testimonials.service";
 import { StorageService } from "./storage.service";
 
 export const api = {
@@ -52,5 +58,6 @@ export const api = {
 	services: servicesApi,
 	techStack: techStackApi,
 	clientInformation: clientInformationApi,
+	testimonials: testimonialsApi,
 	storage: StorageService,
 };
diff --git a/src/services/api/testimonials.service.ts b/src/services/api/testimonials.service.ts
new file mode 100644
index 0000000..e50f04c
--- /dev/null
+++ b/src/services/api/testimonials.service.ts
@@ -0,0 +1,45 @@
+import { ApiClient, type ApiResponse } from "./client";
+import type {
+	Testimonial,
+	CreateTestimonialRequest,
+	UpdateTestimonialRequest,
+} from "./types";
+
+class TestimonialsApiService extends ApiClient {
+	async getAllTestimonials(): Promise<ApiResponse<Testimonial[]>> {
+		return this.request<Testimonial[]>("/api/testimonials");
+	}
+
+	async getTestimonialById(id: number): Promise<ApiResponse<Testimonial>> {
+		return this.request<Testimonial>(`/api/testimonials/${id}`);
+	}
+
+	async createTestimonial(
+		data: CreateTestimonialRequest,
+	): Promise<ApiResponse<Testimonial>> {
+		return this.request<Testimonial>("/api/testimonials", {
+			method: "POST",
+			body: JSON.stringify(data),
+		});
+	}
+
+	async updateTestimonial(
+		id: number,
+		data: UpdateTestimonialRequest,
+	): Promise<ApiResponse<Testimonial>> {
+		return this.request<Testimonial>(`/api/testimonials/${id}`, {
+			method: "PUT",
+			body: JSON.stringify(data),
+		});
+	}
+
+	async deleteTestimonial(
+		id: number,
+	): Promise<ApiResponse<{ message: string }>> {
+		return this.request<{ message: string }>(`/api/testimonials/${id}`, {
+			method: "DELETE",
+		});
+	}
+}
+
+export const testimonialsApi = new TestimonialsApiService();
diff --git a/src/services/api/types.ts b/src/services/api/types.ts
index 4192b56..b86b249 100644
--- a/src/services/api/types.ts
+++ b/src/services/api/types.ts
@@ -173,3 +173,23 @@ export interface CreateClientInformationRequest {
 
 export interface UpdateClientInformationRequest
 	extends Partial<CreateClientInformationRequest> {}
+
+// Testimonial Types
+export interface Testimonial {
+	id: number;
+	full_name: string;
+	role: string;
+	description: string;
+	created_at: string;
+	updated_at: string;
+}
+
+export interface CreateTestimonialRequest {
+	full_name: string;
+	role: string;
+	description: string;
+}
+
+export interface UpdateTestimonialRequest
+	extends Partial<CreateTestimonialRequest> {}
+

From a281080c6a2b02a7a24aa9cf36826fceda57967e Mon Sep 17 00:00:00 2001
From: Naufal Pinasthika <naufalpinasthika@gmail.com>
Date: Sat, 28 Feb 2026 13:06:30 +0700
Subject: [PATCH 4/4] fix: revert bypass login

---
 src/contexts/AuthContext.tsx | 13 ++-----------
 src/pages/LoginPage.tsx      | 16 +---------------
 2 files changed, 3 insertions(+), 26 deletions(-)

diff --git a/src/contexts/AuthContext.tsx b/src/contexts/AuthContext.tsx
index 2329509..36406ff 100644
--- a/src/contexts/AuthContext.tsx
+++ b/src/contexts/AuthContext.tsx
@@ -18,18 +18,9 @@ const AuthContext = createContext<AuthContextType | undefined>(undefined);
 export function AuthProvider({ children }: { children: ReactNode }) {
 	const { data, isPending } = useSession();
 
-	// TODO: REMOVE BYPASS WHEN BACKEND AUTH IS READY
-	const isBypassed = localStorage.getItem("admin_token") === "dev_token";
-
-	const user = isBypassed 
-		? { id: "dev-id", name: "Dev Admin", email: "admin@iit.dev", emailVerified: true } 
-		: (data?.user ?? null);
-	
-	const isLoading = isBypassed ? false : isPending;
-
 	return (
 		<AuthContext.Provider
-			value={{ user, isLoading }}
+			value={{ user: data?.user ?? null, isLoading: isPending }}
 		>
 			{children}
 		</AuthContext.Provider>
@@ -42,4 +33,4 @@ export function useAuth() {
 		throw new Error("useAuth must be used within an AuthProvider");
 	}
 	return context;
-}
+}
\ No newline at end of file
diff --git a/src/pages/LoginPage.tsx b/src/pages/LoginPage.tsx
index 71ac395..3d22477 100644
--- a/src/pages/LoginPage.tsx
+++ b/src/pages/LoginPage.tsx
@@ -25,19 +25,6 @@ export default function LoginPage() {
 		setError("");
 		setIsLoading(true);
 
-		// TODO: REMOVE THIS BYPASS WHEN BACKEND AUTH IS IMPLEMENTED
-		// Currently backend has no auth/users table, so we bypass login for development.
-		setTimeout(() => {
-			console.warn("BYPASSING LOGIN: No backend auth available yet.");
-			// Mock successful login state
-			localStorage.setItem("admin_token", "dev_token");
-			// Force reload to update AuthContext
-			window.location.href = "/";
-			setIsLoading(false);admin/src/contexts
-		}, 1000);
-
-		// ORIGINAL CODE (Commented out):
-		/*
 		try {
 			const result = await signIn.email({
 				email,
@@ -55,7 +42,6 @@ export default function LoginPage() {
 		} finally {
 			setIsLoading(false);
 		}
-		*/
 	};
 
 	return (
@@ -122,4 +108,4 @@ export default function LoginPage() {
 			</Card>
 		</div>
 	);
-}
+}
\ No newline at end of file