v0.1.47 - 관리자 계정 정리 기능 추가

backend/src/routes/admin.js

@@ -1,7 +1,13 @@
-import { sql } from 'drizzle-orm'
+import { and, eq, sql } from 'drizzle-orm'
+import { z } from 'zod'
 import { db } from '../db/client.js'
 import { findAuthenticatedUser } from '../lib/authSession.js'
-import { users } from '../db/schema.js'
+import { authSessions, users } from '../db/schema.js'
+
+const adminUserIdSchema = z.coerce.number().int().positive()
+const adminStatusSchema = z.object({
+  disabled: z.boolean(),
+})
 
 async function requireAdminUser(request, reply) {
   const user = await findAuthenticatedUser(request)
@@ -35,6 +41,7 @@ export async function registerAdminRoutes(app) {
       .select({
         totalUsers: sql`count(*)::int`,
         totalAdmins: sql`count(*) filter (where ${users.role} = 'admin')::int`,
+        disabledUsers: sql`count(*) filter (where ${users.disabledAt} is not null)::int`,
         verifiedUsers: sql`count(*) filter (where ${users.emailVerifiedAt} is not null)::int`,
         activeUsers30d: sql`count(*) filter (where ${users.lastLoginAt} >= now() - interval '30 days')::int`,
         newUsers7d: sql`count(*) filter (where ${users.createdAt} >= now() - interval '7 days')::int`,
@@ -54,16 +61,19 @@ export async function registerAdminRoutes(app) {
         u.nickname,
         u.email,
         u.role,
+        u.disabled_at as "disabledAt",
         u.created_at as "createdAt",
         u.email_verified_at as "emailVerifiedAt",
         u.last_login_at as "lastLoginAt",
         count(distinct pe.id)::int as "plannerEntryCount",
         count(distinct g.id)::int as "goalCount",
+        count(distinct s.id)::int as "activeSessionCount",
         max(pe.entry_date) as "lastEntryDate",
         max(pe.updated_at) as "lastEntryUpdatedAt"
       from users u
       left join planner_entries pe on pe.user_id = u.id
       left join goals g on g.user_id = u.id
+      left join auth_sessions s on s.user_id = u.id and s.expires_at > now()
       group by u.id
       order by coalesce(u.last_login_at, u.created_at) desc, u.id desc
     `)
@@ -88,6 +98,7 @@ export async function registerAdminRoutes(app) {
         verifiedUsers: summary?.verifiedUsers ?? 0,
         activeUsers30d: summary?.activeUsers30d ?? 0,
         newUsers7d: summary?.newUsers7d ?? 0,
+        disabledUsers: summary?.disabledUsers ?? 0,
         totalPlannerEntries: plannerCountResult.rows[0]?.count ?? 0,
         totalGoals: goalCountResult.rows[0]?.count ?? 0,
       },
@@ -100,4 +111,150 @@ export async function registerAdminRoutes(app) {
       recentLogins: recentLoginsResult.rows,
     }
   })
+
+  app.put('/api/admin/users/:userId/status', async (request, reply) => {
+    const adminUser = await requireAdminUser(request, reply)
+
+    if (!adminUser) {
+      return
+    }
+
+    const userIdResult = adminUserIdSchema.safeParse(request.params.userId)
+    const payload = adminStatusSchema.safeParse(request.body)
+
+    if (!userIdResult.success || !payload.success) {
+      return reply.code(400).send({
+        message: '관리자 요청 값이 올바르지 않습니다.',
+      })
+    }
+
+    const userId = userIdResult.data
+
+    const [targetUser] = await db
+      .select()
+      .from(users)
+      .where(eq(users.id, userId))
+      .limit(1)
+
+    if (!targetUser) {
+      return reply.code(404).send({
+        message: '대상 사용자를 찾을 수 없습니다.',
+      })
+    }
+
+    if (targetUser.role === 'admin') {
+      return reply.code(403).send({
+        message: '관리자 계정 상태는 여기서 변경할 수 없습니다.',
+      })
+    }
+
+    const disabled = payload.data.disabled
+    const now = new Date()
+
+    const [updatedUser] = await db
+      .update(users)
+      .set({
+        disabledAt: disabled ? now : null,
+        updatedAt: now,
+      })
+      .where(eq(users.id, userId))
+      .returning()
+
+    if (disabled) {
+      await db.delete(authSessions).where(eq(authSessions.userId, userId))
+    }
+
+    return {
+      message: disabled ? '계정을 비활성화했습니다.' : '계정을 다시 사용할 수 있게 했습니다.',
+      user: updatedUser,
+    }
+  })
+
+  app.post('/api/admin/users/:userId/revoke-sessions', async (request, reply) => {
+    const adminUser = await requireAdminUser(request, reply)
+
+    if (!adminUser) {
+      return
+    }
+
+    const userIdResult = adminUserIdSchema.safeParse(request.params.userId)
+
+    if (!userIdResult.success) {
+      return reply.code(400).send({
+        message: '대상 사용자 값이 올바르지 않습니다.',
+      })
+    }
+
+    const userId = userIdResult.data
+
+    const [targetUser] = await db
+      .select()
+      .from(users)
+      .where(eq(users.id, userId))
+      .limit(1)
+
+    if (!targetUser) {
+      return reply.code(404).send({
+        message: '대상 사용자를 찾을 수 없습니다.',
+      })
+    }
+
+    if (targetUser.role === 'admin') {
+      return reply.code(403).send({
+        message: '관리자 계정 세션은 여기서 정리하지 않습니다.',
+      })
+    }
+
+    const deletedSessions = await db
+      .delete(authSessions)
+      .where(eq(authSessions.userId, userId))
+      .returning({ id: authSessions.id })
+
+    return {
+      message: deletedSessions.length > 0 ? '해당 사용자의 로그인 세션을 모두 종료했습니다.' : '종료할 로그인 세션이 없습니다.',
+      revokedCount: deletedSessions.length,
+    }
+  })
+
+  app.delete('/api/admin/users/:userId', async (request, reply) => {
+    const adminUser = await requireAdminUser(request, reply)
+
+    if (!adminUser) {
+      return
+    }
+
+    const userIdResult = adminUserIdSchema.safeParse(request.params.userId)
+
+    if (!userIdResult.success) {
+      return reply.code(400).send({
+        message: '대상 사용자 값이 올바르지 않습니다.',
+      })
+    }
+
+    const userId = userIdResult.data
+
+    const [targetUser] = await db
+      .select()
+      .from(users)
+      .where(eq(users.id, userId))
+      .limit(1)
+
+    if (!targetUser) {
+      return reply.code(404).send({
+        message: '대상 사용자를 찾을 수 없습니다.',
+      })
+    }
+
+    if (targetUser.role === 'admin') {
+      return reply.code(403).send({
+        message: '관리자 계정은 여기서 삭제할 수 없습니다.',
+      })
+    }
+
+    await db.delete(users).where(and(eq(users.id, userId), eq(users.role, 'user')))
+
+    return {
+      message: '사용자 계정과 관련 데이터를 삭제했습니다.',
+    }
+  })
 }