관리자와 회원 설정 계정 작업 정리

2026-05-13 15:26:26 +09:00
parent 6481f958f5
commit bebf7ee1c9
18 changed files with 811 additions and 175 deletions
--- a/server/routes/admin/api/auth/login.post.js
+++ b/server/routes/admin/api/auth/login.post.js
@@ -1,8 +1,8 @@
 import { z } from 'zod'
-import { createError, readBody } from 'h3'
+import { createError, getRequestIP, readBody } from 'h3'
 import bcrypt from 'bcrypt'
 import { setAdminSession } from '../../../../utils/admin-auth'
-import { getAdminUserByEmail } from '../../../../repositories/member-repository'
+import { getAdminUserByEmail, touchUserActivity } from '../../../../repositories/member-repository'
 import { setMemberSession } from '../../../../utils/member-auth'

 const loginSchema = z.object({
@@ -47,6 +47,10 @@ export default defineEventHandler(async (event) => {
    userId: adminUser.id,
    email: adminUser.email
  })
+  await touchUserActivity({
+    userId: adminUser.id,
+    ip: String(getRequestIP(event) || '')
+  })

  return {
    userId: adminUser.id,
--- a/server/routes/admin/api/members/[id].delete.js
+++ b/server/routes/admin/api/members/[id].delete.js
@@ -0,0 +1,32 @@
+import { createError, getRouterParam } from 'h3'
+import { requireAdminSession } from '../../../../utils/admin-auth'
+import { deleteMemberByAdmin } from '../../../../repositories/member-repository'
+import { removeManagedAvatarAsset } from '../../../../utils/member-avatar'
+
+/**
+ * 관리자 회원 삭제 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ ok: true }>} 삭제 결과
+ */
+export default defineEventHandler(async (event) => {
+  const session = requireAdminSession(event)
+  const memberId = String(getRouterParam(event, 'id') || '')
+
+  if (!memberId) {
+    throw createError({
+      statusCode: 400,
+      message: '회원 ID가 필요합니다.'
+    })
+  }
+
+  const deletedMember = await deleteMemberByAdmin({
+    actorUserId: session.userId,
+    targetUserId: memberId
+  })
+
+  if (deletedMember.avatarUrl) {
+    await removeManagedAvatarAsset(deletedMember.avatarUrl)
+  }
+
+  return { ok: true }
+})
--- a/server/routes/admin/api/members/[id]/password.put.js
+++ b/server/routes/admin/api/members/[id]/password.put.js
@@ -0,0 +1,50 @@
+import bcrypt from 'bcrypt'
+import { createError, getRouterParam, readBody } from 'h3'
+import { z } from 'zod'
+import { requireAdminSession } from '../../../../../utils/admin-auth'
+import { getMemberForAdmin, updateMemberPassword } from '../../../../../repositories/member-repository'
+
+const adminMemberPasswordSchema = z.object({
+  password: z.string().min(8).max(32)
+})
+
+/**
+ * 관리자 회원 비밀번호 직접 변경 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ ok: true }>} 변경 결과
+ */
+export default defineEventHandler(async (event) => {
+  requireAdminSession(event)
+  const memberId = String(getRouterParam(event, 'id') || '')
+  const parsedBody = adminMemberPasswordSchema.safeParse(await readBody(event))
+
+  if (!memberId) {
+    throw createError({
+      statusCode: 400,
+      message: '회원 ID가 필요합니다.'
+    })
+  }
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '비밀번호 변경 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  const member = await getMemberForAdmin(memberId)
+  if (!member) {
+    throw createError({
+      statusCode: 404,
+      message: '회원을 찾을 수 없습니다.'
+    })
+  }
+
+  const passwordHash = await bcrypt.hash(parsedBody.data.password, 12)
+  await updateMemberPassword({
+    userId: memberId,
+    passwordHash
+  })
+
+  return { ok: true }
+})