태그를 관리용/일반용으로 분리하고 관리자 드래그 정렬을 추가.

댓글/회원/관리자 인증·프로필 흐름 보완과 관련 마이그레이션 및 문서를 함께 반영해 운영 동선을 안정화.

Co-authored-by: Cursor <cursoragent@cursor.com>

server/routes/admin/api/auth/login.post.js

@@ -1,6 +1,9 @@
 import { z } from 'zod'
 import { createError, readBody } from 'h3'
-import { safeCompare, setAdminSession } from '../../../../utils/admin-auth'
+import bcrypt from 'bcrypt'
+import { setAdminSession } from '../../../../utils/admin-auth'
+import { getAdminUserByEmail } from '../../../../repositories/member-repository'
+import { setMemberSession } from '../../../../utils/member-auth'
 
 const loginSchema = z.object({
   email: z.string().email(),
@@ -14,7 +17,6 @@ const loginSchema = z.object({
  */
 export default defineEventHandler(async (event) => {
   const parsedBody = loginSchema.safeParse(await readBody(event))
-  const config = useRuntimeConfig()
 
   if (!parsedBody.success) {
     throw createError({
@@ -25,19 +27,30 @@ export default defineEventHandler(async (event) => {
 
   const body = parsedBody.data
 
-  if (
-    !safeCompare(body.email, config.adminEmail) ||
-    !safeCompare(body.password, config.adminPassword)
-  ) {
+  const adminUser = await getAdminUserByEmail(body.email)
+  const passwordMatched = adminUser
+    ? await bcrypt.compare(body.password, adminUser.passwordHash)
+    : false
+
+  if (!adminUser || !passwordMatched) {
     throw createError({
       statusCode: 401,
       message: '이메일 또는 비밀번호가 올바르지 않습니다.'
     })
   }
 
-  setAdminSession(event, body.email)
+  setAdminSession(event, {
+    userId: adminUser.id,
+    email: adminUser.email
+  })
+  setMemberSession(event, {
+    userId: adminUser.id,
+    email: adminUser.email
+  })
 
   return {
-    email: body.email
+    userId: adminUser.id,
+    email: adminUser.email,
+    username: adminUser.username
   }
 })