기능검증 중
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
import { query, execute } from '../../utils/db'
|
||||
import { query, queryOne, execute } from '../../utils/db'
|
||||
import { getClientIp } from '../../utils/ip'
|
||||
import { getCurrentUser } from '../../utils/session'
|
||||
import { requireAuth } from '../../utils/session'
|
||||
import { hashPassword, verifyPassword } from '../../utils/password'
|
||||
|
||||
interface ChangePasswordBody {
|
||||
@@ -14,10 +14,7 @@ interface ChangePasswordBody {
|
||||
* POST /api/auth/change-password
|
||||
*/
|
||||
export default defineEventHandler(async (event) => {
|
||||
const user = await getCurrentUser(event)
|
||||
if (!user) {
|
||||
throw createError({ statusCode: 401, message: '로그인이 필요합니다.' })
|
||||
}
|
||||
const employeeId = await requireAuth(event)
|
||||
|
||||
const body = await readBody<ChangePasswordBody>(event)
|
||||
const clientIp = getClientIp(event)
|
||||
@@ -35,14 +32,16 @@ export default defineEventHandler(async (event) => {
|
||||
}
|
||||
|
||||
// 현재 직원 정보 조회
|
||||
const employees = await query<any>(`
|
||||
SELECT password_hash FROM wr_employee_info WHERE employee_id = $1
|
||||
`, [user.employeeId])
|
||||
const employee = await queryOne<any>(`
|
||||
SELECT password_hash, employee_email FROM wr_employee_info WHERE employee_id = $1
|
||||
`, [employeeId])
|
||||
|
||||
const employee = employees[0]
|
||||
if (!employee) {
|
||||
throw createError({ statusCode: 404, message: '사용자를 찾을 수 없습니다.' })
|
||||
}
|
||||
|
||||
// 기존 비밀번호가 있으면 현재 비밀번호 검증
|
||||
if (employee?.password_hash) {
|
||||
if (employee.password_hash) {
|
||||
if (!body.currentPassword) {
|
||||
throw createError({ statusCode: 400, message: '현재 비밀번호를 입력해주세요.' })
|
||||
}
|
||||
@@ -60,7 +59,7 @@ export default defineEventHandler(async (event) => {
|
||||
UPDATE wr_employee_info
|
||||
SET password_hash = $1, updated_at = NOW(), updated_ip = $2, updated_email = $3
|
||||
WHERE employee_id = $4
|
||||
`, [newHash, clientIp, user.employeeEmail, user.employeeId])
|
||||
`, [newHash, clientIp, employee.employee_email, employeeId])
|
||||
|
||||
return { success: true, message: '비밀번호가 변경되었습니다.' }
|
||||
})
|
||||
|
||||
@@ -32,7 +32,10 @@ export default defineEventHandler(async (event) => {
|
||||
created_at,
|
||||
created_ip,
|
||||
updated_at,
|
||||
updated_ip
|
||||
updated_ip,
|
||||
password_hash,
|
||||
google_id,
|
||||
google_email
|
||||
FROM wr_employee_info
|
||||
WHERE employee_id = $1
|
||||
`, [session.employeeId])
|
||||
@@ -54,7 +57,10 @@ export default defineEventHandler(async (event) => {
|
||||
createdAt: employee.created_at,
|
||||
createdIp: employee.created_ip,
|
||||
updatedAt: employee.updated_at,
|
||||
updatedIp: employee.updated_ip
|
||||
updatedIp: employee.updated_ip,
|
||||
hasPassword: !!employee.password_hash,
|
||||
googleId: employee.google_id,
|
||||
googleEmail: employee.google_email
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
@@ -1,44 +1,54 @@
|
||||
import { query, execute } from '../../utils/db'
|
||||
import { query, queryOne, execute } from '../../utils/db'
|
||||
import { getClientIp } from '../../utils/ip'
|
||||
import { getCurrentUser } from '../../utils/session'
|
||||
import { requireAuth } from '../../utils/session'
|
||||
import { hashPassword, generateTempPassword } from '../../utils/password'
|
||||
|
||||
interface SetPasswordBody {
|
||||
employeeId: number
|
||||
password?: string
|
||||
generateTemp?: boolean
|
||||
employeeId?: number // 관리자가 다른 사용자 설정 시
|
||||
generateTemp?: boolean // 임시 비밀번호 생성
|
||||
}
|
||||
|
||||
/**
|
||||
* 직원 비밀번호 설정 (관리자용)
|
||||
* 비밀번호 설정
|
||||
* - 본인: password만 전송
|
||||
* - 관리자: employeeId + (password 또는 generateTemp)
|
||||
* POST /api/auth/set-password
|
||||
*/
|
||||
export default defineEventHandler(async (event) => {
|
||||
const user = await getCurrentUser(event)
|
||||
if (!user) {
|
||||
throw createError({ statusCode: 401, message: '로그인이 필요합니다.' })
|
||||
}
|
||||
|
||||
// 권한 확인 (ROLE_ADMIN만)
|
||||
const roles = await query<any>(`
|
||||
SELECT role_code FROM wr_employee_role WHERE employee_id = $1
|
||||
`, [user.employeeId])
|
||||
|
||||
const isAdmin = roles.some((r: any) => r.role_code === 'ROLE_ADMIN')
|
||||
if (!isAdmin) {
|
||||
throw createError({ statusCode: 403, message: '관리자 권한이 필요합니다.' })
|
||||
}
|
||||
const currentUserId = await requireAuth(event)
|
||||
|
||||
const body = await readBody<SetPasswordBody>(event)
|
||||
const clientIp = getClientIp(event)
|
||||
|
||||
if (!body.employeeId) {
|
||||
throw createError({ statusCode: 400, message: '직원 ID가 필요합니다.' })
|
||||
// 대상 직원 ID 결정 (없으면 본인)
|
||||
let targetEmployeeId = body.employeeId || currentUserId
|
||||
|
||||
// 다른 사람 비밀번호 설정 시 관리자 권한 확인
|
||||
if (body.employeeId && body.employeeId !== currentUserId) {
|
||||
const roles = await query<any>(`
|
||||
SELECT r.role_code FROM wr_employee_role er
|
||||
JOIN wr_role r ON er.role_id = r.role_id
|
||||
WHERE er.employee_id = $1
|
||||
`, [currentUserId])
|
||||
|
||||
const isAdmin = roles.some((r: any) => r.role_code === 'ROLE_ADMIN')
|
||||
if (!isAdmin) {
|
||||
throw createError({ statusCode: 403, message: '관리자 권한이 필요합니다.' })
|
||||
}
|
||||
}
|
||||
|
||||
let password = body.password
|
||||
// 대상 직원 조회
|
||||
const targetEmployee = await queryOne<any>(`
|
||||
SELECT employee_id, employee_name, employee_email FROM wr_employee_info WHERE employee_id = $1
|
||||
`, [targetEmployeeId])
|
||||
|
||||
// 임시 비밀번호 생성
|
||||
if (!targetEmployee) {
|
||||
throw createError({ statusCode: 404, message: '직원을 찾을 수 없습니다.' })
|
||||
}
|
||||
|
||||
// 비밀번호 결정
|
||||
let password = body.password
|
||||
if (body.generateTemp || !password) {
|
||||
password = generateTempPassword()
|
||||
}
|
||||
@@ -47,32 +57,20 @@ export default defineEventHandler(async (event) => {
|
||||
throw createError({ statusCode: 400, message: '비밀번호는 8자 이상이어야 합니다.' })
|
||||
}
|
||||
|
||||
// 대상 직원 존재 확인
|
||||
const employees = await query<any>(`
|
||||
SELECT employee_id, employee_name, employee_email FROM wr_employee_info WHERE employee_id = $1
|
||||
`, [body.employeeId])
|
||||
|
||||
if (employees.length === 0) {
|
||||
throw createError({ statusCode: 404, message: '직원을 찾을 수 없습니다.' })
|
||||
}
|
||||
|
||||
const targetEmployee = employees[0]
|
||||
|
||||
// 비밀번호 해시
|
||||
const hash = await hashPassword(password)
|
||||
|
||||
// 업데이트
|
||||
await execute(`
|
||||
UPDATE wr_employee_info
|
||||
SET password_hash = $1, updated_at = NOW(), updated_ip = $2, updated_email = $3
|
||||
WHERE employee_id = $4
|
||||
`, [hash, clientIp, user.employeeEmail, body.employeeId])
|
||||
SET password_hash = $1, updated_at = NOW(), updated_ip = $2
|
||||
WHERE employee_id = $3
|
||||
`, [hash, clientIp, targetEmployeeId])
|
||||
|
||||
return {
|
||||
success: true,
|
||||
employeeId: targetEmployee.employee_id,
|
||||
employeeName: targetEmployee.employee_name,
|
||||
employeeEmail: targetEmployee.employee_email,
|
||||
tempPassword: body.generateTemp ? password : undefined,
|
||||
message: body.generateTemp ? '임시 비밀번호가 생성되었습니다.' : '비밀번호가 설정되었습니다.'
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user