feat(member): 회원 설정/헤더 상태 UI와 관리자 멤버 관리 추가

로그인 상태를 헤더에서 즉시 인지하고 계정 관리를 이어갈 수 있도록 사용자 설정과 관리자 멤버 관측 기능을 연결했다.

Co-authored-by: Cursor <cursoragent@cursor.com>

server/api/auth/account.delete.js

@@ -0,0 +1,48 @@
+import bcrypt from 'bcrypt'
+import { createError, readBody } from 'h3'
+import { z } from 'zod'
+import { deleteMember, getUserByIdWithPassword } from '../../repositories/member-repository'
+import { clearMemberSession, requireMemberSession } from '../../utils/member-auth'
+
+const deleteAccountSchema = z.object({
+  password: z.string().min(1)
+})
+
+/**
+ * 회원 탈퇴 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ ok: true }>} 처리 결과
+ */
+export default defineEventHandler(async (event) => {
+  const session = requireMemberSession(event)
+  const parsedBody = deleteAccountSchema.safeParse(await readBody(event))
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '탈퇴 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  const user = await getUserByIdWithPassword(session.userId)
+  if (!user) {
+    throw createError({
+      statusCode: 404,
+      message: '회원 정보를 찾을 수 없습니다.'
+    })
+  }
+
+  const isPasswordValid = await bcrypt.compare(parsedBody.data.password, user.passwordHash)
+  if (!isPasswordValid) {
+    throw createError({
+      statusCode: 401,
+      message: '비밀번호가 올바르지 않습니다.'
+    })
+  }
+
+  await deleteMember(session.userId)
+  clearMemberSession(event)
+
+  return { ok: true }
+})
+

server/api/auth/check-username.get.js

@@ -0,0 +1,31 @@
+import { createError } from 'h3'
+import { isUsernameTaken } from '../../repositories/member-repository'
+import { requireMemberSession } from '../../utils/member-auth'
+
+/**
+ * 사용자명 중복 확인 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ available: boolean }>} 사용 가능 여부
+ */
+export default defineEventHandler(async (event) => {
+  const session = requireMemberSession(event)
+  const rawUsername = getQuery(event).username
+  const username = typeof rawUsername === 'string' ? rawUsername.trim() : ''
+
+  if (!username) {
+    throw createError({
+      statusCode: 400,
+      message: '닉네임을 입력해 주세요.'
+    })
+  }
+
+  const taken = await isUsernameTaken({
+    username,
+    excludeUserId: session.userId
+  })
+
+  return {
+    available: !taken
+  }
+})
+

server/api/auth/login.post.js

@@ -0,0 +1,50 @@
+import bcrypt from 'bcrypt'
+import { z } from 'zod'
+import { createError, getRequestIP, readBody } from 'h3'
+import { getUserByEmail, touchUserActivity } from '../../repositories/member-repository'
+import { setMemberSession } from '../../utils/member-auth'
+
+const loginSchema = z.object({
+  email: z.string().trim().email(),
+  password: z.string().min(1)
+})
+
+/**
+ * 회원 로그인 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ id: string, username: string, email: string }>} 회원 정보
+ */
+export default defineEventHandler(async (event) => {
+  const parsedBody = loginSchema.safeParse(await readBody(event))
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '로그인 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  const body = parsedBody.data
+  const user = await getUserByEmail(body.email)
+
+  if (!user || !(await bcrypt.compare(body.password, user.passwordHash))) {
+    throw createError({
+      statusCode: 401,
+      message: '이메일 또는 비밀번호가 올바르지 않습니다.'
+    })
+  }
+
+  setMemberSession(event, { userId: user.id, email: user.email })
+  await touchUserActivity({
+    userId: user.id,
+    ip: String(getRequestIP(event) || '')
+  })
+
+  return {
+    id: user.id,
+    username: user.username,
+    email: user.email,
+    avatarUrl: user.avatarUrl || ''
+  }
+})
+

server/api/auth/logout.post.js

@@ -0,0 +1,12 @@
+import { clearMemberSession } from '../../utils/member-auth'
+
+/**
+ * 회원 로그아웃 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {{ ok: true }} 처리 결과
+ */
+export default defineEventHandler((event) => {
+  clearMemberSession(event)
+  return { ok: true }
+})
+

server/api/auth/me.get.js

@@ -0,0 +1,34 @@
+import { getUserById, touchUserActivity } from '../../repositories/member-repository'
+import { requireMemberSession } from '../../utils/member-auth'
+import { getRequestIP } from 'h3'
+
+/**
+ * 회원 세션 조회 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ id: string, username: string, email: string, avatarUrl: string }>} 회원 정보
+ */
+export default defineEventHandler(async (event) => {
+  const session = requireMemberSession(event)
+  await touchUserActivity({
+    userId: session.userId,
+    ip: String(getRequestIP(event) || '')
+  })
+  const user = await getUserById(session.userId)
+
+  if (!user) {
+    return {
+      id: session.userId,
+      username: '',
+      email: session.email,
+      avatarUrl: ''
+    }
+  }
+
+  return {
+    id: user.id,
+    username: user.username,
+    email: user.email,
+    avatarUrl: user.avatarUrl || ''
+  }
+})
+

server/api/auth/password.put.js

@@ -0,0 +1,52 @@
+import bcrypt from 'bcrypt'
+import { createError, readBody } from 'h3'
+import { z } from 'zod'
+import { getUserByIdWithPassword, updateMemberPassword } from '../../repositories/member-repository'
+import { requireMemberSession } from '../../utils/member-auth'
+
+const updatePasswordSchema = z.object({
+  currentPassword: z.string().min(1),
+  nextPassword: z.string().min(8).max(32)
+})
+
+/**
+ * 회원 비밀번호 변경 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ ok: true }>} 변경 결과
+ */
+export default defineEventHandler(async (event) => {
+  const session = requireMemberSession(event)
+  const parsedBody = updatePasswordSchema.safeParse(await readBody(event))
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '비밀번호 변경 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  const user = await getUserByIdWithPassword(session.userId)
+  if (!user) {
+    throw createError({
+      statusCode: 404,
+      message: '회원 정보를 찾을 수 없습니다.'
+    })
+  }
+
+  const isCurrentValid = await bcrypt.compare(parsedBody.data.currentPassword, user.passwordHash)
+  if (!isCurrentValid) {
+    throw createError({
+      statusCode: 401,
+      message: '현재 비밀번호가 올바르지 않습니다.'
+    })
+  }
+
+  const nextHash = await bcrypt.hash(parsedBody.data.nextPassword, 12)
+  await updateMemberPassword({
+    userId: session.userId,
+    passwordHash: nextHash
+  })
+
+  return { ok: true }
+})
+

server/api/auth/profile.get.js

@@ -0,0 +1,28 @@
+import { getUserById } from '../../repositories/member-repository'
+import { requireMemberSession } from '../../utils/member-auth'
+import { createError } from 'h3'
+
+/**
+ * 회원 프로필 조회 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ id: string, email: string, username: string, avatarUrl: string }>} 회원 프로필
+ */
+export default defineEventHandler(async (event) => {
+  const session = requireMemberSession(event)
+  const user = await getUserById(session.userId)
+
+  if (!user) {
+    throw createError({
+      statusCode: 404,
+      message: '회원 정보를 찾을 수 없습니다.'
+    })
+  }
+
+  return {
+    id: user.id,
+    email: user.email,
+    username: user.username,
+    avatarUrl: user.avatarUrl || ''
+  }
+})
+

server/api/auth/profile.put.js

@@ -0,0 +1,67 @@
+import { createError, readBody } from 'h3'
+import { z } from 'zod'
+import { getUserById, isUsernameTaken, updateMemberProfile } from '../../repositories/member-repository'
+import { requireMemberSession } from '../../utils/member-auth'
+
+const updateProfileSchema = z.object({
+  username: z.string().trim().min(1).max(30),
+  avatarUrl: z.string().trim().max(500).optional().default('')
+})
+
+/**
+ * 회원 프로필 수정 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ id: string, email: string, username: string, avatarUrl: string }>} 수정된 회원 프로필
+ */
+export default defineEventHandler(async (event) => {
+  const session = requireMemberSession(event)
+  const parsedBody = updateProfileSchema.safeParse(await readBody(event))
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '프로필 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  const taken = await isUsernameTaken({
+    username: parsedBody.data.username,
+    excludeUserId: session.userId
+  })
+
+  if (taken) {
+    throw createError({
+      statusCode: 409,
+      message: '이미 사용 중인 닉네임입니다.'
+    })
+  }
+
+  const updated = await updateMemberProfile({
+    userId: session.userId,
+    username: parsedBody.data.username,
+    avatarUrl: parsedBody.data.avatarUrl
+  })
+
+  if (!updated) {
+    throw createError({
+      statusCode: 404,
+      message: '회원 정보를 찾을 수 없습니다.'
+    })
+  }
+
+  const user = await getUserById(session.userId)
+  if (!user) {
+    throw createError({
+      statusCode: 404,
+      message: '회원 정보를 찾을 수 없습니다.'
+    })
+  }
+
+  return {
+    id: user.id,
+    email: user.email,
+    username: user.username,
+    avatarUrl: user.avatarUrl || ''
+  }
+})
+

server/api/auth/signup.post.js

@@ -0,0 +1,69 @@
+import bcrypt from 'bcrypt'
+import { z } from 'zod'
+import { createError, getRequestIP, readBody } from 'h3'
+import { createUser, getUserByEmail, isUsernameTaken, touchUserActivity } from '../../repositories/member-repository'
+import { setMemberSession } from '../../utils/member-auth'
+
+const signupSchema = z.object({
+  username: z.string().trim().min(1),
+  email: z.string().trim().email(),
+  password: z.string().min(8).max(32)
+})
+
+/**
+ * 회원 가입 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ id: string, username: string, email: string }>} 회원 정보
+ */
+export default defineEventHandler(async (event) => {
+  const parsedBody = signupSchema.safeParse(await readBody(event))
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '회원가입 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  const body = parsedBody.data
+  const usernameTaken = await isUsernameTaken({
+    username: body.username
+  })
+
+  if (usernameTaken) {
+    throw createError({
+      statusCode: 409,
+      message: '이미 사용 중인 닉네임입니다.'
+    })
+  }
+
+  const existingUser = await getUserByEmail(body.email)
+
+  if (existingUser) {
+    throw createError({
+      statusCode: 409,
+      message: '이미 사용 중인 이메일입니다.'
+    })
+  }
+
+  const passwordHash = await bcrypt.hash(body.password, 12)
+  const created = await createUser({
+    username: body.username,
+    email: body.email,
+    passwordHash
+  })
+
+  setMemberSession(event, { userId: created.id, email: created.email })
+  await touchUserActivity({
+    userId: created.id,
+    ip: String(getRequestIP(event) || '')
+  })
+
+  return {
+    id: created.id,
+    username: created.username,
+    email: created.email,
+    avatarUrl: created.avatarUrl || ''
+  }
+})
+

server/api/posts/[slug]/comments.get.js

@@ -0,0 +1,16 @@
+import { listPostCommentsBySlug } from '../../../repositories/comment-repository'
+
+/**
+ * 게시물 댓글 목록 조회 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ comments: Array<Object> }>} 댓글 목록
+ */
+export default defineEventHandler(async (event) => {
+  const slug = String(getRouterParam(event, 'slug') || '')
+  const comments = await listPostCommentsBySlug(slug)
+
+  return {
+    comments
+  }
+})
+

server/api/posts/[slug]/comments.post.js

@@ -0,0 +1,44 @@
+import { createError, getRequestIP, readBody } from 'h3'
+import { z } from 'zod'
+import { createComment } from '../../../repositories/comment-repository'
+import { touchUserActivity } from '../../../repositories/member-repository'
+import { requireMemberSession } from '../../../utils/member-auth'
+
+const createCommentSchema = z.object({
+  body: z.string().trim().min(1).max(5000),
+  parentId: z.string().uuid().optional().nullable()
+})
+
+/**
+ * 게시물 댓글 생성 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<{ comment: Object }>} 생성 댓글
+ */
+export default defineEventHandler(async (event) => {
+  const session = requireMemberSession(event)
+  const slug = String(getRouterParam(event, 'slug') || '')
+  const parsedBody = createCommentSchema.safeParse(await readBody(event))
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '댓글 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  const comment = await createComment({
+    slug,
+    userId: session.userId,
+    body: parsedBody.data.body,
+    parentId: parsedBody.data.parentId || null
+  })
+  await touchUserActivity({
+    userId: session.userId,
+    ip: String(getRequestIP(event) || '')
+  })
+
+  return {
+    comment
+  }
+})
+