sori.studio/server/api/auth/signup.post.js

import bcrypt from 'bcrypt'
import { z } from 'zod'
import { createError, getRequestIP, readBody } from 'h3'
import { createUser, getUserByEmail, isUsernameTaken, touchUserActivity } from '../../repositories/member-repository'
import { setMemberSession } from '../../utils/member-auth'
import { setAdminSession } from '../../utils/admin-auth'

const signupSchema = z.object({
  username: z.string().trim().min(1),
  email: z.string().trim().email(),
  password: z.string().min(8).max(32)
})

/**
 * 회원 가입 API
 * @param {import('h3').H3Event} event - 요청 이벤트
 * @returns {Promise<{ id: string, username: string, email: string, avatarUrl: string, isAdmin: boolean }>} 회원 정보
 */
export default defineEventHandler(async (event) => {
  const parsedBody = signupSchema.safeParse(await readBody(event))

  if (!parsedBody.success) {
    throw createError({
      statusCode: 400,
      message: '회원가입 요청 형식이 올바르지 않습니다.'
    })
  }

  const body = parsedBody.data
  const usernameTaken = await isUsernameTaken({
    username: body.username
  })

  if (usernameTaken) {
    throw createError({
      statusCode: 409,
      message: '이미 사용 중인 닉네임입니다.'
    })
  }

  const existingUser = await getUserByEmail(body.email)

  if (existingUser) {
    throw createError({
      statusCode: 409,
      message: '이미 사용 중인 이메일입니다.'
    })
  }

  const passwordHash = await bcrypt.hash(body.password, 12)
  const created = await createUser({
    username: body.username,
    email: body.email,
    passwordHash
  })

  setMemberSession(event, { userId: created.id, email: created.email })
  if (created.isAdmin) {
    setAdminSession(event, {
      userId: created.id,
      email: created.email
    })
  }
  await touchUserActivity({
    userId: created.id,
    ip: String(getRequestIP(event) || '')
  })

  return {
    id: created.id,
    username: created.username,
    email: created.email,
    avatarUrl: created.avatarUrl || '',
    isAdmin: Boolean(created.isAdmin)
  }
})