릴리스: v1.2.26 관리자 회원 관리와 셸 UI 개선

backend/src/routes/admin.js

@@ -61,6 +61,14 @@ const upload = multer({
   limits: { fileSize: 6 * 1024 * 1024 },
 })
 
+const avatarUpload = multer({
+  storage: multer.diskStorage({
+    destination: (req, file, cb) => cb(null, path.join(__dirname, '..', '..', 'uploads', 'avatars')),
+    filename: (req, file, cb) => cb(null, buildUploadFilename(file)),
+  }),
+  limits: { fileSize: 3 * 1024 * 1024 },
+})
+
 router.post('/games', requireAdmin, async (req, res) => {
   const schema = z.object({ id: z.string().min(1), name: z.string().min(1).max(60) })
   const parsed = schema.safeParse(req.body)
@@ -494,6 +502,29 @@ router.patch('/users/:userId', requireAdmin, async (req, res) => {
   }
 })
 
+router.post('/users/:userId/avatar', requireAdmin, avatarUpload.single('avatar'), async (req, res) => {
+  const schema = z.object({
+    removeAvatar: z.union([z.literal('1'), z.undefined()]).optional(),
+  })
+  const parsed = schema.safeParse(req.body)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+
+  const user = await findUserById(req.params.userId)
+  if (!user) return res.status(404).json({ error: 'not_found' })
+
+  const shouldRemoveAvatar = parsed.data.removeAvatar === '1'
+  const nextAvatarSrc = shouldRemoveAvatar ? '' : req.file ? `/uploads/avatars/${req.file.filename}` : user.avatarSrc || ''
+  const updated = await adminUpdateUser({
+    id: user.id,
+    email: user.email,
+    nickname: user.nickname || '',
+    isAdmin: !!user.isAdmin,
+    avatarSrc: nextAvatarSrc,
+  })
+
+  res.json({ user: updated })
+})
+
 router.delete('/users/:userId', requireAdmin, async (req, res) => {
   if (req.params.userId === req.session.userId) {
     return res.status(400).json({ error: 'cannot_delete_self' })

backend/src/routes/auth.js

@@ -28,6 +28,7 @@ const signupSchema = z.object({
 
 const profileSchema = z.object({
   nickname: z.string().trim().min(1).max(40),
+  removeAvatar: z.union([z.string(), z.undefined()]).optional(),
 })
 
 router.post('/signup', async (req, res) => {
@@ -108,7 +109,12 @@ router.post('/profile', requireAuth, upload.single('avatar'), async (req, res) =
   const user = await findUserById(req.session.userId)
   if (!user) return res.status(404).json({ error: 'not_found' })
 
-  const nextAvatarSrc = req.file ? `/uploads/avatars/${req.file.filename}` : user.avatarSrc || ''
+  const shouldRemoveAvatar = parsed.data.removeAvatar === '1'
+  const nextAvatarSrc = shouldRemoveAvatar
+    ? ''
+    : req.file
+      ? `/uploads/avatars/${req.file.filename}`
+      : user.avatarSrc || ''
   const updated = await updateUserProfile({
     id: user.id,
     nickname: parsed.data.nickname,

backend/src/routes/tierlists.js

@@ -83,6 +83,7 @@ const tierListUpsertSchema = z.object({
   thumbnailSrc: z.string().max(255).optional().default(''),
   description: z.string().max(1000).optional().default(''),
   isPublic: z.boolean().default(false),
+  showCharacterNames: z.boolean().optional().default(false),
   groups: z.array(
     z.object({
       id: z.string().min(1),
@@ -244,6 +245,7 @@ router.post('/', requireAuth, async (req, res) => {
       thumbnailSrc: payload.thumbnailSrc || '',
       description: payload.description || '',
       isPublic: !!payload.isPublic,
+      showCharacterNames: !!payload.showCharacterNames,
       groups: payload.groups,
       pool: normalizedPool,
     })
@@ -258,6 +260,7 @@ router.post('/', requireAuth, async (req, res) => {
     thumbnailSrc: payload.thumbnailSrc || '',
     description: payload.description || '',
     isPublic: !!payload.isPublic,
+    showCharacterNames: !!payload.showCharacterNames,
     groups: payload.groups,
     pool: normalizedPool,
   })