관리자 이미지와 갤러리 블록 추가

server/routes/admin/api/uploads.post.js

@@ -0,0 +1,102 @@
+import { randomUUID } from 'node:crypto'
+import { mkdir, writeFile } from 'node:fs/promises'
+import { extname, join } from 'node:path'
+import { createError, readMultipartFormData } from 'h3'
+import { requireAdminSession } from '../../../utils/admin-auth'
+
+const allowedImageTypes = new Map([
+  ['image/jpeg', '.jpg'],
+  ['image/png', '.png'],
+  ['image/webp', '.webp'],
+  ['image/gif', '.gif']
+])
+
+/**
+ * 업로드 경로 조각을 URL 안전 문자열로 정리
+ * @param {string} value - 원본 경로 조각
+ * @returns {string} 정리된 경로 조각
+ */
+const sanitizePathPart = (value) => value
+  .replace(/[^a-zA-Z0-9가-힣._-]/g, '-')
+  .replace(/-+/g, '-')
+  .replace(/^-|-$/g, '')
+
+/**
+ * 파일 확장자 조회
+ * @param {Object} file - multipart 파일 파트
+ * @returns {string} 확장자
+ */
+const getUploadExtension = (file) => {
+  const extension = extname(file.filename || '').toLowerCase()
+
+  if (allowedImageTypes.has(file.type)) {
+    return allowedImageTypes.get(file.type)
+  }
+
+  return extension
+}
+
+/**
+ * 관리자 이미지 업로드 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ files: Array<{ url: string, name: string, size: number }> }>} 업로드 결과
+ */
+export default defineEventHandler(async (event) => {
+  requireAdminSession(event)
+
+  const config = useRuntimeConfig()
+  const maxFileSize = Number(config.maxFileSize || 10485760)
+  const formData = await readMultipartFormData(event)
+  const files = (formData || []).filter((part) => part.name === 'files' && part.filename)
+
+  if (!files.length) {
+    throw createError({
+      statusCode: 400,
+      message: '업로드할 이미지가 없습니다.'
+    })
+  }
+
+  const now = new Date()
+  const year = String(now.getFullYear())
+  const month = String(now.getMonth() + 1).padStart(2, '0')
+  const uploadBaseUrl = String(config.uploadDir || '/uploads').replace(/\/+$/g, '') || '/uploads'
+  const publicBasePath = uploadBaseUrl.replace(/^\/+/, '')
+  const directoryPath = join(process.cwd(), 'public', publicBasePath, 'posts', year, month)
+
+  await mkdir(directoryPath, { recursive: true })
+
+  const uploadedFiles = []
+
+  for (const file of files) {
+    if (!allowedImageTypes.has(file.type)) {
+      throw createError({
+        statusCode: 400,
+        message: '이미지 파일만 업로드할 수 있습니다.'
+      })
+    }
+
+    if (file.data.length > maxFileSize) {
+      throw createError({
+        statusCode: 413,
+        message: '업로드 가능한 파일 크기를 초과했습니다.'
+      })
+    }
+
+    const originalName = sanitizePathPart(file.filename.replace(/\.[^.]+$/g, '')) || 'image'
+    const extension = getUploadExtension(file)
+    const fileName = `${originalName}-${randomUUID()}${extension}`
+    const filePath = join(directoryPath, fileName)
+
+    await writeFile(filePath, file.data)
+
+    uploadedFiles.push({
+      url: `${uploadBaseUrl}/posts/${year}/${month}/${fileName}`,
+      name: file.filename,
+      size: file.data.length
+    })
+  }
+
+  return {
+    files: uploadedFiles
+  }
+})