import { query, execute } from '../../utils/db' import { getClientIp } from '../../utils/ip' import { getCurrentUser } from '../../utils/session' import { hashPassword, generateTempPassword } from '../../utils/password' interface SetPasswordBody { employeeId: number password?: string generateTemp?: boolean } /** * 직원 비밀번호 설정 (관리자용) * POST /api/auth/set-password */ export default defineEventHandler(async (event) => { const user = await getCurrentUser(event) if (!user) { throw createError({ statusCode: 401, message: '로그인이 필요합니다.' }) } // 권한 확인 (ROLE_ADMIN만) const roles = await query(` SELECT role_code FROM wr_employee_role WHERE employee_id = $1 `, [user.employeeId]) const isAdmin = roles.some((r: any) => r.role_code === 'ROLE_ADMIN') if (!isAdmin) { throw createError({ statusCode: 403, message: '관리자 권한이 필요합니다.' }) } const body = await readBody(event) const clientIp = getClientIp(event) if (!body.employeeId) { throw createError({ statusCode: 400, message: '직원 ID가 필요합니다.' }) } let password = body.password // 임시 비밀번호 생성 if (body.generateTemp || !password) { password = generateTempPassword() } if (password.length < 8) { throw createError({ statusCode: 400, message: '비밀번호는 8자 이상이어야 합니다.' }) } // 대상 직원 존재 확인 const employees = await query(` SELECT employee_id, employee_name, employee_email FROM wr_employee_info WHERE employee_id = $1 `, [body.employeeId]) if (employees.length === 0) { throw createError({ statusCode: 404, message: '직원을 찾을 수 없습니다.' }) } const targetEmployee = employees[0] // 비밀번호 해시 const hash = await hashPassword(password) // 업데이트 await execute(` UPDATE wr_employee_info SET password_hash = $1, updated_at = NOW(), updated_ip = $2, updated_email = $3 WHERE employee_id = $4 `, [hash, clientIp, user.employeeEmail, body.employeeId]) return { success: true, employeeId: targetEmployee.employee_id, employeeName: targetEmployee.employee_name, employeeEmail: targetEmployee.employee_email, tempPassword: body.generateTemp ? password : undefined, message: body.generateTemp ? '임시 비밀번호가 생성되었습니다.' : '비밀번호가 설정되었습니다.' } })