작업계획서대로 진행

2026-01-11 10:50:51 +09:00
parent 5cda181cc5
commit d4620dc1fa
39 changed files with 3344 additions and 120 deletions
--- a/backend/api/auth/set-password.post.ts
+++ b/backend/api/auth/set-password.post.ts
@@ -0,0 +1,79 @@
+import { query, execute } from '../../utils/db'
+import { getClientIp } from '../../utils/ip'
+import { getCurrentUser } from '../../utils/session'
+import { hashPassword, generateTempPassword } from '../../utils/password'
+
+interface SetPasswordBody {
+  employeeId: number
+  password?: string
+  generateTemp?: boolean
+}
+
+/**
+ * 직원 비밀번호 설정 (관리자용)
+ * POST /api/auth/set-password
+ */
+export default defineEventHandler(async (event) => {
+  const user = await getCurrentUser(event)
+  if (!user) {
+    throw createError({ statusCode: 401, message: '로그인이 필요합니다.' })
+  }
+  
+  // 권한 확인 (ROLE_ADMIN만)
+  const roles = await query<any>(`
+    SELECT role_code FROM wr_employee_role WHERE employee_id = $1
+  `, [user.employeeId])
+  
+  const isAdmin = roles.some((r: any) => r.role_code === 'ROLE_ADMIN')
+  if (!isAdmin) {
+    throw createError({ statusCode: 403, message: '관리자 권한이 필요합니다.' })
+  }
+  
+  const body = await readBody<SetPasswordBody>(event)
+  const clientIp = getClientIp(event)
+  
+  if (!body.employeeId) {
+    throw createError({ statusCode: 400, message: '직원 ID가 필요합니다.' })
+  }
+  
+  let password = body.password
+  
+  // 임시 비밀번호 생성
+  if (body.generateTemp || !password) {
+    password = generateTempPassword()
+  }
+  
+  if (password.length < 8) {
+    throw createError({ statusCode: 400, message: '비밀번호는 8자 이상이어야 합니다.' })
+  }
+  
+  // 대상 직원 존재 확인
+  const employees = await query<any>(`
+    SELECT employee_id, employee_name, employee_email FROM wr_employee_info WHERE employee_id = $1
+  `, [body.employeeId])
+  
+  if (employees.length === 0) {
+    throw createError({ statusCode: 404, message: '직원을 찾을 수 없습니다.' })
+  }
+  
+  const targetEmployee = employees[0]
+  
+  // 비밀번호 해시
+  const hash = await hashPassword(password)
+  
+  // 업데이트
+  await execute(`
+    UPDATE wr_employee_info 
+    SET password_hash = $1, updated_at = NOW(), updated_ip = $2, updated_email = $3
+    WHERE employee_id = $4
+  `, [hash, clientIp, user.employeeEmail, body.employeeId])
+  
+  return {
+    success: true,
+    employeeId: targetEmployee.employee_id,
+    employeeName: targetEmployee.employee_name,
+    employeeEmail: targetEmployee.employee_email,
+    tempPassword: body.generateTemp ? password : undefined,
+    message: body.generateTemp ? '임시 비밀번호가 생성되었습니다.' : '비밀번호가 설정되었습니다.'
+  }
+})