v0.1.42 - 관리자 자동 계정과 로그인 정리

2026-04-22 18:44:15 +09:00
parent 403d0a0c5a
commit 4a80721824
11 changed files with 118 additions and 49 deletions
--- a/backend/src/config.js
+++ b/backend/src/config.js
@@ -14,7 +14,10 @@ const envSchema = z.object({
  CORS_ORIGIN: z.string().default('http://localhost:5173'),
  SESSION_TTL_DAYS: z.coerce.number().default(30),
  APP_BASE_URL: z.string().default('http://localhost:5173'),
-  ADMIN_EMAILS: z.string().default('zenn.message@gmail.com'),
+  ADMIN_ACCOUNT_ID: z.string().default('planner-admin'),
+  ADMIN_ACCOUNT_PASSWORD: z.string().default('wps!vmffosj180204'),
+  ADMIN_ACCOUNT_EMAIL: z.string().default('planner-admin@planner.local'),
+  ADMIN_ACCOUNT_NICKNAME: z.string().default('Planner Admin'),
 })

 export const env = envSchema.parse(process.env)
--- a/backend/src/db/init.js
+++ b/backend/src/db/init.js
@@ -5,6 +5,7 @@ export async function ensureDatabaseSchema() {
    CREATE TABLE IF NOT EXISTS users (
      id SERIAL PRIMARY KEY,
      email VARCHAR(255) NOT NULL UNIQUE,
+      login_id VARCHAR(60) UNIQUE,
      password_hash VARCHAR(255) NOT NULL,
      nickname VARCHAR(60) NOT NULL,
      role VARCHAR(20) NOT NULL DEFAULT 'user',
@@ -14,6 +15,9 @@ export async function ensureDatabaseSchema() {
      updated_at TIMESTAMPTZ NOT NULL
    );

+    ALTER TABLE users
+    ADD COLUMN IF NOT EXISTS login_id VARCHAR(60);
+
    ALTER TABLE users
    ADD COLUMN IF NOT EXISTS role VARCHAR(20) NOT NULL DEFAULT 'user';

--- a/backend/src/db/schema.js
+++ b/backend/src/db/schema.js
@@ -12,6 +12,7 @@ import {
 export const users = pgTable('users', {
  id: serial('id').primaryKey(),
  email: varchar('email', { length: 255 }).notNull().unique(),
+  loginId: varchar('login_id', { length: 60 }).unique(),
  passwordHash: varchar('password_hash', { length: 255 }).notNull(),
  nickname: varchar('nickname', { length: 60 }).notNull(),
  role: varchar('role', { length: 20 }).notNull().default('user'),
--- a/backend/src/lib/adminAccount.js
+++ b/backend/src/lib/adminAccount.js
@@ -0,0 +1,69 @@
+import { and, eq, isNull, ne, or } from 'drizzle-orm'
+import { env } from '../config.js'
+import { db } from '../db/client.js'
+import { users } from '../db/schema.js'
+import { hashPassword } from './password.js'
+
+export async function ensureAdminAccount() {
+  const loginId = env.ADMIN_ACCOUNT_ID.trim()
+  const email = env.ADMIN_ACCOUNT_EMAIL.trim().toLowerCase()
+  const nickname = env.ADMIN_ACCOUNT_NICKNAME.trim()
+  const password = env.ADMIN_ACCOUNT_PASSWORD
+
+  const now = new Date()
+
+  await db
+    .update(users)
+    .set({
+      role: 'user',
+      updatedAt: now,
+    })
+    .where(
+      and(
+        eq(users.role, 'admin'),
+        or(
+          ne(users.loginId, loginId),
+          isNull(users.loginId),
+        ),
+      ),
+    )
+
+  const [existingAdmin] = await db
+    .select()
+    .from(users)
+    .where(
+      or(
+        eq(users.loginId, loginId),
+        eq(users.email, email),
+      ),
+    )
+    .limit(1)
+
+  if (existingAdmin) {
+    await db
+      .update(users)
+      .set({
+        email,
+        nickname,
+        role: 'admin',
+        updatedAt: now,
+      })
+      .where(eq(users.id, existingAdmin.id))
+
+    return
+  }
+
+  const passwordHash = await hashPassword(password)
+
+  await db.insert(users).values({
+    email,
+    loginId,
+    passwordHash,
+    nickname,
+    role: 'admin',
+    emailVerifiedAt: now,
+    lastLoginAt: null,
+    createdAt: now,
+    updatedAt: now,
+  })
+}
--- a/backend/src/routes/auth.js
+++ b/backend/src/routes/auth.js
@@ -1,10 +1,10 @@
-import { and, eq, gt, isNull } from 'drizzle-orm'
-import { env } from '../config.js'
+import { and, eq, gt, isNull, or } from 'drizzle-orm'
 import { z } from 'zod'
 import { db } from '../db/client.js'
 import { authSessions, emailVerificationTokens, passwordResetTokens, users } from '../db/schema.js'
 import { createSessionToken, hashSessionToken, hashPassword, verifyPassword } from '../lib/password.js'
 import { createSession, findAuthenticatedUser } from '../lib/authSession.js'
+import { env } from '../config.js'

 const signupSchema = z.object({
  email: z.string().trim().email(),
@@ -13,7 +13,7 @@ const signupSchema = z.object({
 })

 const loginSchema = z.object({
-  email: z.string().trim().email(),
+  email: z.string().trim().min(1).max(255),
  password: z.string().min(1).max(72),
 })

@@ -45,15 +45,6 @@ const passwordResetConfirmSchema = z.object({
 })

 const TOKEN_TTL_MS = 1000 * 60 * 30
-const adminEmails = new Set(
-  env.ADMIN_EMAILS.split(',')
-    .map((email) => email.trim().toLowerCase())
-    .filter(Boolean),
-)
-
-function resolveUserRole(email) {
-  return adminEmails.has(email.toLowerCase()) ? 'admin' : 'user'
-}

 function buildPreviewUrl(pathname, token) {
  const url = new URL(pathname, env.APP_BASE_URL)
@@ -107,6 +98,7 @@ function sanitizeUser(user) {
  return {
    id: user.id,
    email: user.email,
+    loginId: user.loginId,
    nickname: user.nickname,
    role: user.role,
    emailVerifiedAt: user.emailVerifiedAt,
@@ -144,15 +136,14 @@ export async function registerAuthRoutes(app) {

    const now = new Date()
    const passwordHash = await hashPassword(password)
-    const role = resolveUserRole(normalizedEmail)
-
    const [user] = await db
      .insert(users)
      .values({
        email: normalizedEmail,
+        loginId: null,
        passwordHash,
        nickname,
-        role,
+        role: 'user',
        emailVerifiedAt: null,
        lastLoginAt: now,
        createdAt: now,
@@ -181,17 +172,23 @@ export async function registerAuthRoutes(app) {
      })
    }

-    const normalizedEmail = payload.data.email.toLowerCase()
+    const identifier = payload.data.email.trim()
+    const normalizedEmail = identifier.toLowerCase()

    const [user] = await db
      .select()
      .from(users)
-      .where(eq(users.email, normalizedEmail))
+      .where(
+        or(
+          eq(users.email, normalizedEmail),
+          eq(users.loginId, identifier),
+        ),
+      )
      .limit(1)

    if (!user) {
      return reply.code(401).send({
-        message: '이메일 또는 비밀번호가 올바르지 않습니다.',
+        message: '이메일, 아이디 또는 비밀번호가 올바르지 않습니다.',
      })
    }

@@ -199,17 +196,15 @@ export async function registerAuthRoutes(app) {

    if (!passwordMatches) {
      return reply.code(401).send({
-        message: '이메일 또는 비밀번호가 올바르지 않습니다.',
+        message: '이메일, 아이디 또는 비밀번호가 올바르지 않습니다.',
      })
    }

    const now = new Date()
-    const role = resolveUserRole(user.email)

    const [updatedUser] = await db
      .update(users)
      .set({
-        role,
        lastLoginAt: now,
        updatedAt: now,
      })
@@ -234,23 +229,6 @@ export async function registerAuthRoutes(app) {
      })
    }

-    const resolvedRole = resolveUserRole(user.email)
-
-    if (user.role !== resolvedRole) {
-      const [updatedUser] = await db
-        .update(users)
-        .set({
-          role: resolvedRole,
-          updatedAt: new Date(),
-        })
-        .where(eq(users.id, user.id))
-        .returning()
-
-      return {
-        user: sanitizeUser(updatedUser),
-      }
-    }
-
    return {
      user: sanitizeUser(user),
    }
@@ -293,7 +271,6 @@ export async function registerAuthRoutes(app) {
      .set({
        email: normalizedEmail,
        nickname: payload.data.nickname,
-        role: resolveUserRole(normalizedEmail),
        updatedAt: new Date(),
      })
      .where(eq(users.id, user.id))
--- a/backend/src/server.js
+++ b/backend/src/server.js
@@ -3,6 +3,7 @@ import cors from '@fastify/cors'
 import { env } from './config.js'
 import { pool } from './db/client.js'
 import { ensureDatabaseSchema } from './db/init.js'
+import { ensureAdminAccount } from './lib/adminAccount.js'
 import { registerAuthRoutes } from './routes/auth.js'
 import { registerAdminRoutes } from './routes/admin.js'
 import { registerGoalRoutes } from './routes/goals.js'
@@ -13,6 +14,7 @@ const app = Fastify({
 })

 await ensureDatabaseSchema()
+await ensureAdminAccount()

 await app.register(cors, {
  origin: env.CORS_ORIGIN,