zenn/planner.sori.studio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.1.47 - 관리자 계정 정리 기능 추가

Browse Source
This commit is contained in:
zenn
2026-04-24 11:43:22 +09:00
parent c442e0d8bb
commit 317a2ce8af
12 changed files with 350 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/src/db/init.js
View File

@@ -9,6 +9,7 @@ export async function ensureDatabaseSchema() {
password_hash VARCHAR(255) NOT NULL,
nickname VARCHAR(60) NOT NULL,
role VARCHAR(20) NOT NULL DEFAULT 'user',
disabled_at TIMESTAMPTZ,
email_verified_at TIMESTAMPTZ,
last_login_at TIMESTAMPTZ,
created_at TIMESTAMPTZ NOT NULL,
@@ -21,6 +22,9 @@ export async function ensureDatabaseSchema() {
ALTER TABLE users
ADD COLUMN IF NOT EXISTS role VARCHAR(20) NOT NULL DEFAULT 'user';
ALTER TABLE users
ADD COLUMN IF NOT EXISTS disabled_at TIMESTAMPTZ;
ALTER TABLE users
ADD COLUMN IF NOT EXISTS email_verified_at TIMESTAMPTZ;

1
backend/src/db/schema.js
View File

@@ -16,6 +16,7 @@ export const users = pgTable('users', {
passwordHash: varchar('password_hash', { length: 255 }).notNull(),
nickname: varchar('nickname', { length: 60 }).notNull(),
role: varchar('role', { length: 20 }).notNull().default('user'),
disabledAt: timestamp('disabled_at', { withTimezone: true }),
emailVerifiedAt: timestamp('email_verified_at', { withTimezone: true }),
lastLoginAt: timestamp('last_login_at', { withTimezone: true }),
createdAt: timestamp('created_at', { withTimezone: true }).notNull(),

5
backend/src/lib/authSession.js
View File

@@ -65,6 +65,11 @@ export async function findAuthenticatedUser(request) {
.where(eq(users.id, session.userId))
.limit(1)
if (user?.disabledAt) {
await db.delete(authSessions).where(eq(authSessions.id, session.id))
return null
}
if (user && user.role !== 'admin' && !user.emailVerifiedAt) {
await db.delete(authSessions).where(eq(authSessions.id, session.id))
return null

161
backend/src/routes/admin.js
View File

@@ -1,7 +1,13 @@
import { sql } from 'drizzle-orm'
import { and, eq, sql } from 'drizzle-orm'
import { z } from 'zod'
import { db } from '../db/client.js'
import { findAuthenticatedUser } from '../lib/authSession.js'
import { users } from '../db/schema.js'
import { authSessions, users } from '../db/schema.js'
const adminUserIdSchema = z.coerce.number().int().positive()
const adminStatusSchema = z.object({
disabled: z.boolean(),
})
async function requireAdminUser(request, reply) {
const user = await findAuthenticatedUser(request)
@@ -35,6 +41,7 @@ export async function registerAdminRoutes(app) {
.select({
totalUsers: sql`count(*)::int`,
totalAdmins: sql`count(*) filter (where ${users.role} = 'admin')::int`,
disabledUsers: sql`count(*) filter (where ${users.disabledAt} is not null)::int`,
verifiedUsers: sql`count(*) filter (where ${users.emailVerifiedAt} is not null)::int`,
activeUsers30d: sql`count(*) filter (where ${users.lastLoginAt} >= now() - interval '30 days')::int`,
newUsers7d: sql`count(*) filter (where ${users.createdAt} >= now() - interval '7 days')::int`,
@@ -54,16 +61,19 @@ export async function registerAdminRoutes(app) {
u.nickname,
u.email,
u.role,
u.disabled_at as "disabledAt",
u.created_at as "createdAt",
u.email_verified_at as "emailVerifiedAt",
u.last_login_at as "lastLoginAt",
count(distinct pe.id)::int as "plannerEntryCount",
count(distinct g.id)::int as "goalCount",
count(distinct s.id)::int as "activeSessionCount",
max(pe.entry_date) as "lastEntryDate",
max(pe.updated_at) as "lastEntryUpdatedAt"
from users u
left join planner_entries pe on pe.user_id = u.id
left join goals g on g.user_id = u.id
left join auth_sessions s on s.user_id = u.id and s.expires_at > now()
group by u.id
order by coalesce(u.last_login_at, u.created_at) desc, u.id desc
`)
@@ -88,6 +98,7 @@ export async function registerAdminRoutes(app) {
verifiedUsers: summary?.verifiedUsers ?? 0,
activeUsers30d: summary?.activeUsers30d ?? 0,
newUsers7d: summary?.newUsers7d ?? 0,
disabledUsers: summary?.disabledUsers ?? 0,
totalPlannerEntries: plannerCountResult.rows[0]?.count ?? 0,
totalGoals: goalCountResult.rows[0]?.count ?? 0,
},
@@ -100,4 +111,150 @@ export async function registerAdminRoutes(app) {
recentLogins: recentLoginsResult.rows,
}
})
app.put('/api/admin/users/:userId/status', async (request, reply) => {
const adminUser = await requireAdminUser(request, reply)
if (!adminUser) {
return
}
const userIdResult = adminUserIdSchema.safeParse(request.params.userId)
const payload = adminStatusSchema.safeParse(request.body)
if (!userIdResult.success || !payload.success) {
return reply.code(400).send({
message: '관리자 요청 값이 올바르지 않습니다.',
})
}
const userId = userIdResult.data
const [targetUser] = await db
.select()
.from(users)
.where(eq(users.id, userId))
.limit(1)
if (!targetUser) {
return reply.code(404).send({
message: '대상 사용자를 찾을 수 없습니다.',
})
}
if (targetUser.role === 'admin') {
return reply.code(403).send({
message: '관리자 계정 상태는 여기서 변경할 수 없습니다.',
})
}
const disabled = payload.data.disabled
const now = new Date()
const [updatedUser] = await db
.update(users)
.set({
disabledAt: disabled ? now : null,
updatedAt: now,
})
.where(eq(users.id, userId))
.returning()
if (disabled) {
await db.delete(authSessions).where(eq(authSessions.userId, userId))
}
return {
message: disabled ? '계정을 비활성화했습니다.' : '계정을 다시 사용할 수 있게 했습니다.',
user: updatedUser,
}
})
app.post('/api/admin/users/:userId/revoke-sessions', async (request, reply) => {
const adminUser = await requireAdminUser(request, reply)
if (!adminUser) {
return
}
const userIdResult = adminUserIdSchema.safeParse(request.params.userId)
if (!userIdResult.success) {
return reply.code(400).send({
message: '대상 사용자 값이 올바르지 않습니다.',
})
}
const userId = userIdResult.data
const [targetUser] = await db
.select()
.from(users)
.where(eq(users.id, userId))
.limit(1)
if (!targetUser) {
return reply.code(404).send({
message: '대상 사용자를 찾을 수 없습니다.',
})
}
if (targetUser.role === 'admin') {
return reply.code(403).send({
message: '관리자 계정 세션은 여기서 정리하지 않습니다.',
})
}
const deletedSessions = await db
.delete(authSessions)
.where(eq(authSessions.userId, userId))
.returning({ id: authSessions.id })
return {
message: deletedSessions.length > 0 ? '해당 사용자의 로그인 세션을 모두 종료했습니다.' : '종료할 로그인 세션이 없습니다.',
revokedCount: deletedSessions.length,
}
})
app.delete('/api/admin/users/:userId', async (request, reply) => {
const adminUser = await requireAdminUser(request, reply)
if (!adminUser) {
return
}
const userIdResult = adminUserIdSchema.safeParse(request.params.userId)
if (!userIdResult.success) {
return reply.code(400).send({
message: '대상 사용자 값이 올바르지 않습니다.',
})
}
const userId = userIdResult.data
const [targetUser] = await db
.select()
.from(users)
.where(eq(users.id, userId))
.limit(1)
if (!targetUser) {
return reply.code(404).send({
message: '대상 사용자를 찾을 수 없습니다.',
})
}
if (targetUser.role === 'admin') {
return reply.code(403).send({
message: '관리자 계정은 여기서 삭제할 수 없습니다.',
})
}
await db.delete(users).where(and(eq(users.id, userId), eq(users.role, 'user')))
return {
message: '사용자 계정과 관련 데이터를 삭제했습니다.',
}
})
}

7
backend/src/routes/auth.js
View File

@@ -106,6 +106,7 @@ function sanitizeUser(user) {
loginId: user.loginId,
nickname: user.nickname,
role: user.role,
disabledAt: user.disabledAt,
emailVerifiedAt: user.emailVerifiedAt,
lastLoginAt: user.lastLoginAt,
createdAt: user.createdAt,
@@ -239,6 +240,12 @@ export async function registerAuthRoutes(app) {
})
}
if (user.disabledAt) {
return reply.code(403).send({
message: '비활성화된 계정입니다. 관리자에게 문의해 주세요.',
})
}
if (user.role !== 'admin' && !user.emailVerifiedAt) {
return reply.code(403).send({
message: '이메일 인증을 완료한 뒤 로그인해 주세요.',