태그를 관리용/일반용으로 분리하고 관리자 드래그 정렬을 추가.

댓글/회원/관리자 인증·프로필 흐름 보완과 관련 마이그레이션 및 문서를 함께 반영해 운영 동선을 안정화. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-11 18:34:23 +09:00
parent b18aca4dcc
commit cdc16c72b2
35 changed files with 1721 additions and 138 deletions
--- a/server/routes/admin/api/auth/login.post.js
+++ b/server/routes/admin/api/auth/login.post.js
@@ -1,6 +1,9 @@
 import { z } from 'zod'
 import { createError, readBody } from 'h3'
-import { safeCompare, setAdminSession } from '../../../../utils/admin-auth'
+import bcrypt from 'bcrypt'
+import { setAdminSession } from '../../../../utils/admin-auth'
+import { getAdminUserByEmail } from '../../../../repositories/member-repository'
+import { setMemberSession } from '../../../../utils/member-auth'

 const loginSchema = z.object({
  email: z.string().email(),
@@ -14,7 +17,6 @@ const loginSchema = z.object({
 */
 export default defineEventHandler(async (event) => {
  const parsedBody = loginSchema.safeParse(await readBody(event))
-  const config = useRuntimeConfig()

  if (!parsedBody.success) {
    throw createError({
@@ -25,19 +27,30 @@ export default defineEventHandler(async (event) => {

  const body = parsedBody.data

-  if (
-    !safeCompare(body.email, config.adminEmail) ||
-    !safeCompare(body.password, config.adminPassword)
-  ) {
+  const adminUser = await getAdminUserByEmail(body.email)
+  const passwordMatched = adminUser
+    ? await bcrypt.compare(body.password, adminUser.passwordHash)
+    : false
+
+  if (!adminUser || !passwordMatched) {
    throw createError({
      statusCode: 401,
      message: '이메일 또는 비밀번호가 올바르지 않습니다.'
    })
  }

-  setAdminSession(event, body.email)
+  setAdminSession(event, {
+    userId: adminUser.id,
+    email: adminUser.email
+  })
+  setMemberSession(event, {
+    userId: adminUser.id,
+    email: adminUser.email
+  })

  return {
-    email: body.email
+    userId: adminUser.id,
+    email: adminUser.email,
+    username: adminUser.username
  }
 })
--- a/server/routes/admin/api/auth/logout.post.js
+++ b/server/routes/admin/api/auth/logout.post.js
@@ -1,4 +1,5 @@
 import { clearAdminSession } from '../../../../utils/admin-auth'
+import { clearMemberSession } from '../../../../utils/member-auth'

 /**
 * 관리자 로그아웃 API
@@ -7,6 +8,7 @@ import { clearAdminSession } from '../../../../utils/admin-auth'
 */
 export default defineEventHandler((event) => {
  clearAdminSession(event)
+  clearMemberSession(event)

  return {
    ok: true
--- a/server/routes/admin/api/auth/me.get.js
+++ b/server/routes/admin/api/auth/me.get.js
@@ -3,6 +3,6 @@ import { requireAdminSession } from '../../../../utils/admin-auth'
 /**
 * 관리자 세션 조회 API
 * @param {import('h3').H3Event} event - 요청 이벤트
- * @returns {{ email: string }} 관리자 세션 정보
+ * @returns {{ userId: string, email: string, role: 'admin' }} 관리자 세션 정보
 */
 export default defineEventHandler((event) => requireAdminSession(event))
--- a/server/routes/admin/api/members/[id]/role.put.js
+++ b/server/routes/admin/api/members/[id]/role.put.js
@@ -0,0 +1,39 @@
+import { createError, getRouterParam, readBody } from 'h3'
+import { z } from 'zod'
+import { requireAdminSession } from '../../../../../utils/admin-auth'
+import { updateMemberRoleByAdmin } from '../../../../../repositories/member-repository'
+
+const roleSchema = z.object({
+  role: z.enum(['owner', 'admin', 'member'])
+})
+
+/**
+ * 관리자 회원 권한 변경 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ id: string, roleCode: string, role: string, isAdmin: boolean }>} 변경 결과
+ */
+export default defineEventHandler(async (event) => {
+  const session = requireAdminSession(event)
+  const memberId = String(getRouterParam(event, 'id') || '')
+  const parsedBody = roleSchema.safeParse(await readBody(event))
+
+  if (!memberId) {
+    throw createError({
+      statusCode: 400,
+      message: '대상 회원 ID가 필요합니다.'
+    })
+  }
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '권한 변경 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  return updateMemberRoleByAdmin({
+    actorUserId: session.userId,
+    targetUserId: memberId,
+    role: parsedBody.data.role
+  })
+})
--- a/server/routes/admin/api/tags.get.js
+++ b/server/routes/admin/api/tags.get.js
@@ -1,5 +1,5 @@
 import { requireAdminSession } from '../../../utils/admin-auth'
-import { listTags } from '../../../repositories/content-repository'
+import { listAdminTags } from '../../../repositories/content-repository'

 /**
 * 관리자 태그 목록 API
@@ -9,5 +9,5 @@ import { listTags } from '../../../repositories/content-repository'
 export default defineEventHandler((event) => {
  requireAdminSession(event)

-  return listTags()
+  return listAdminTags()
 })
--- a/server/routes/admin/api/tags/reorder.put.js
+++ b/server/routes/admin/api/tags/reorder.put.js
@@ -0,0 +1,27 @@
+import { createError, readBody } from 'h3'
+import { z } from 'zod'
+import { requireAdminSession } from '../../../../utils/admin-auth'
+import { reorderManagedTags } from '../../../../repositories/content-repository'
+
+const reorderSchema = z.object({
+  tagIds: z.array(z.string().uuid()).min(1)
+})
+
+/**
+ * 관리자 관리용 태그 순서 일괄 저장 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<Array>} 정렬 저장 후 태그 목록
+ */
+export default defineEventHandler(async (event) => {
+  requireAdminSession(event)
+  const parsedBody = reorderSchema.safeParse(await readBody(event))
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '정렬 저장 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  return reorderManagedTags(parsedBody.data.tagIds)
+})