232 lines
5.7 KiB
JavaScript
232 lines
5.7 KiB
JavaScript
import { eq } from 'drizzle-orm'
|
|
import { z } from 'zod'
|
|
import { db } from '../db/client.js'
|
|
import { users } from '../db/schema.js'
|
|
import { hashPassword, verifyPassword } from '../lib/password.js'
|
|
import { createSession, findAuthenticatedUser } from '../lib/authSession.js'
|
|
|
|
const signupSchema = z.object({
|
|
email: z.string().trim().email(),
|
|
password: z.string().min(8).max(72),
|
|
nickname: z.string().trim().min(2).max(30),
|
|
})
|
|
|
|
const loginSchema = z.object({
|
|
email: z.string().trim().email(),
|
|
password: z.string().min(1).max(72),
|
|
})
|
|
|
|
const profileSchema = z.object({
|
|
email: z.string().trim().email(),
|
|
nickname: z.string().trim().min(2).max(30),
|
|
})
|
|
|
|
const passwordSchema = z.object({
|
|
currentPassword: z.string().min(1).max(72),
|
|
newPassword: z.string().min(8).max(72),
|
|
})
|
|
|
|
function sanitizeUser(user) {
|
|
return {
|
|
id: user.id,
|
|
email: user.email,
|
|
nickname: user.nickname,
|
|
createdAt: user.createdAt,
|
|
updatedAt: user.updatedAt,
|
|
}
|
|
}
|
|
|
|
export async function registerAuthRoutes(app) {
|
|
app.post('/api/auth/signup', async (request, reply) => {
|
|
const payload = signupSchema.safeParse(request.body)
|
|
|
|
if (!payload.success) {
|
|
return reply.code(400).send({
|
|
message: '회원가입 입력값이 올바르지 않습니다.',
|
|
issues: payload.error.flatten(),
|
|
})
|
|
}
|
|
|
|
const { email, password, nickname } = payload.data
|
|
const normalizedEmail = email.toLowerCase()
|
|
|
|
const [existingUser] = await db
|
|
.select()
|
|
.from(users)
|
|
.where(eq(users.email, normalizedEmail))
|
|
.limit(1)
|
|
|
|
if (existingUser) {
|
|
return reply.code(409).send({
|
|
message: '이미 사용 중인 이메일입니다.',
|
|
})
|
|
}
|
|
|
|
const now = new Date()
|
|
const passwordHash = await hashPassword(password)
|
|
|
|
const [user] = await db
|
|
.insert(users)
|
|
.values({
|
|
email: normalizedEmail,
|
|
passwordHash,
|
|
nickname,
|
|
createdAt: now,
|
|
updatedAt: now,
|
|
})
|
|
.returning()
|
|
|
|
const { token } = await createSession(user.id)
|
|
|
|
return reply.code(201).send({
|
|
message: '회원가입이 완료되었습니다.',
|
|
token,
|
|
user: sanitizeUser(user),
|
|
})
|
|
})
|
|
|
|
app.post('/api/auth/login', async (request, reply) => {
|
|
const payload = loginSchema.safeParse(request.body)
|
|
|
|
if (!payload.success) {
|
|
return reply.code(400).send({
|
|
message: '로그인 입력값이 올바르지 않습니다.',
|
|
issues: payload.error.flatten(),
|
|
})
|
|
}
|
|
|
|
const normalizedEmail = payload.data.email.toLowerCase()
|
|
|
|
const [user] = await db
|
|
.select()
|
|
.from(users)
|
|
.where(eq(users.email, normalizedEmail))
|
|
.limit(1)
|
|
|
|
if (!user) {
|
|
return reply.code(401).send({
|
|
message: '이메일 또는 비밀번호가 올바르지 않습니다.',
|
|
})
|
|
}
|
|
|
|
const passwordMatches = await verifyPassword(payload.data.password, user.passwordHash)
|
|
|
|
if (!passwordMatches) {
|
|
return reply.code(401).send({
|
|
message: '이메일 또는 비밀번호가 올바르지 않습니다.',
|
|
})
|
|
}
|
|
|
|
const { token } = await createSession(user.id)
|
|
|
|
return {
|
|
message: '로그인에 성공했습니다.',
|
|
token,
|
|
user: sanitizeUser(user),
|
|
}
|
|
})
|
|
|
|
app.get('/api/auth/me', async (request, reply) => {
|
|
const user = await findAuthenticatedUser(request)
|
|
|
|
if (!user) {
|
|
return reply.code(401).send({
|
|
message: '인증이 필요합니다.',
|
|
})
|
|
}
|
|
|
|
return {
|
|
user: sanitizeUser(user),
|
|
}
|
|
})
|
|
|
|
app.put('/api/auth/profile', async (request, reply) => {
|
|
const user = await findAuthenticatedUser(request)
|
|
|
|
if (!user) {
|
|
return reply.code(401).send({
|
|
message: '인증이 필요합니다.',
|
|
})
|
|
}
|
|
|
|
const payload = profileSchema.safeParse(request.body)
|
|
|
|
if (!payload.success) {
|
|
return reply.code(400).send({
|
|
message: '프로필 입력값이 올바르지 않습니다.',
|
|
issues: payload.error.flatten(),
|
|
})
|
|
}
|
|
|
|
const normalizedEmail = payload.data.email.toLowerCase()
|
|
|
|
const [existingUser] = await db
|
|
.select()
|
|
.from(users)
|
|
.where(eq(users.email, normalizedEmail))
|
|
.limit(1)
|
|
|
|
if (existingUser && existingUser.id !== user.id) {
|
|
return reply.code(409).send({
|
|
message: '이미 사용 중인 이메일입니다.',
|
|
})
|
|
}
|
|
|
|
const [updatedUser] = await db
|
|
.update(users)
|
|
.set({
|
|
email: normalizedEmail,
|
|
nickname: payload.data.nickname,
|
|
updatedAt: new Date(),
|
|
})
|
|
.where(eq(users.id, user.id))
|
|
.returning()
|
|
|
|
return {
|
|
message: '프로필이 수정되었습니다.',
|
|
user: sanitizeUser(updatedUser),
|
|
}
|
|
})
|
|
|
|
app.put('/api/auth/password', async (request, reply) => {
|
|
const user = await findAuthenticatedUser(request)
|
|
|
|
if (!user) {
|
|
return reply.code(401).send({
|
|
message: '인증이 필요합니다.',
|
|
})
|
|
}
|
|
|
|
const payload = passwordSchema.safeParse(request.body)
|
|
|
|
if (!payload.success) {
|
|
return reply.code(400).send({
|
|
message: '비밀번호 입력값이 올바르지 않습니다.',
|
|
issues: payload.error.flatten(),
|
|
})
|
|
}
|
|
|
|
const passwordMatches = await verifyPassword(payload.data.currentPassword, user.passwordHash)
|
|
|
|
if (!passwordMatches) {
|
|
return reply.code(401).send({
|
|
message: '현재 비밀번호가 올바르지 않습니다.',
|
|
})
|
|
}
|
|
|
|
const passwordHash = await hashPassword(payload.data.newPassword)
|
|
|
|
await db
|
|
.update(users)
|
|
.set({
|
|
passwordHash,
|
|
updatedAt: new Date(),
|
|
})
|
|
.where(eq(users.id, user.id))
|
|
|
|
return {
|
|
message: '비밀번호가 변경되었습니다.',
|
|
}
|
|
})
|
|
}
|