zenn/planner.sori.studio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.1.42 - 관리자 자동 계정과 로그인 정리

Browse Source
This commit is contained in:
zenn
2026-04-22 18:44:15 +09:00
parent 403d0a0c5a
commit 4a80721824
11 changed files with 118 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
backend/src/routes/auth.js
View File

@@ -1,10 +1,10 @@
import { and, eq, gt, isNull } from 'drizzle-orm'
import { env } from '../config.js'
import { and, eq, gt, isNull, or } from 'drizzle-orm'
import { z } from 'zod'
import { db } from '../db/client.js'
import { authSessions, emailVerificationTokens, passwordResetTokens, users } from '../db/schema.js'
import { createSessionToken, hashSessionToken, hashPassword, verifyPassword } from '../lib/password.js'
import { createSession, findAuthenticatedUser } from '../lib/authSession.js'
import { env } from '../config.js'
const signupSchema = z.object({
email: z.string().trim().email(),
@@ -13,7 +13,7 @@ const signupSchema = z.object({
})
const loginSchema = z.object({
email: z.string().trim().email(),
email: z.string().trim().min(1).max(255),
password: z.string().min(1).max(72),
})
@@ -45,15 +45,6 @@ const passwordResetConfirmSchema = z.object({
})
const TOKEN_TTL_MS = 1000 * 60 * 30
const adminEmails = new Set(
env.ADMIN_EMAILS.split(',')
.map((email) => email.trim().toLowerCase())
.filter(Boolean),
)
function resolveUserRole(email) {
return adminEmails.has(email.toLowerCase()) ? 'admin' : 'user'
}
function buildPreviewUrl(pathname, token) {
const url = new URL(pathname, env.APP_BASE_URL)
@@ -107,6 +98,7 @@ function sanitizeUser(user) {
return {
id: user.id,
email: user.email,
loginId: user.loginId,
nickname: user.nickname,
role: user.role,
emailVerifiedAt: user.emailVerifiedAt,
@@ -144,15 +136,14 @@ export async function registerAuthRoutes(app) {
const now = new Date()
const passwordHash = await hashPassword(password)
const role = resolveUserRole(normalizedEmail)
const [user] = await db
.insert(users)
.values({
email: normalizedEmail,
loginId: null,
passwordHash,
nickname,
role,
role: 'user',
emailVerifiedAt: null,
lastLoginAt: now,
createdAt: now,
@@ -181,17 +172,23 @@ export async function registerAuthRoutes(app) {
})
}
const normalizedEmail = payload.data.email.toLowerCase()
const identifier = payload.data.email.trim()
const normalizedEmail = identifier.toLowerCase()
const [user] = await db
.select()
.from(users)
.where(eq(users.email, normalizedEmail))
.where(
or(
eq(users.email, normalizedEmail),
eq(users.loginId, identifier),
),
)
.limit(1)
if (!user) {
return reply.code(401).send({
message: '이메일 또는 비밀번호가 올바르지 않습니다.',
message: '이메일, 아이디 또는 비밀번호가 올바르지 않습니다.',
})
}
@@ -199,17 +196,15 @@ export async function registerAuthRoutes(app) {
if (!passwordMatches) {
return reply.code(401).send({
message: '이메일 또는 비밀번호가 올바르지 않습니다.',
message: '이메일, 아이디 또는 비밀번호가 올바르지 않습니다.',
})
}
const now = new Date()
const role = resolveUserRole(user.email)
const [updatedUser] = await db
.update(users)
.set({
role,
lastLoginAt: now,
updatedAt: now,
})
@@ -234,23 +229,6 @@ export async function registerAuthRoutes(app) {
})
}
const resolvedRole = resolveUserRole(user.email)
if (user.role !== resolvedRole) {
const [updatedUser] = await db
.update(users)
.set({
role: resolvedRole,
updatedAt: new Date(),
})
.where(eq(users.id, user.id))
.returning()
return {
user: sanitizeUser(updatedUser),
}
}
return {
user: sanitizeUser(user),
}
@@ -293,7 +271,6 @@ export async function registerAuthRoutes(app) {
.set({
email: normalizedEmail,
nickname: payload.data.nickname,
role: resolveUserRole(normalizedEmail),
updatedAt: new Date(),
})
.where(eq(users.id, user.id))