weeklyreport/backend/api/admin/user/reset-password.post.ts

import { query, execute } from '../../../utils/db'
import { hashPassword, generateTempPassword } from '../../../utils/password'
import { getClientIp } from '../../../utils/ip'
import { requireAuth } from '../../../utils/session'

interface AdminResetPasswordBody {
  employeeId: number
}

/**
 * 관리자 비밀번호 초기화
 * POST /api/admin/user/reset-password
 */
export default defineEventHandler(async (event) => {
  const currentUserId = await requireAuth(event)
  
  // TODO: 관리자 권한 체크 (현재는 모든 로그인 사용자 허용)
  
  const body = await readBody<AdminResetPasswordBody>(event)
  const clientIp = getClientIp(event)
  
  if (!body.employeeId) {
    throw createError({ statusCode: 400, message: '사용자 ID가 필요합니다.' })
  }
  
  // 대상 사용자 조회
  const employees = await query<any>(`
    SELECT employee_id, employee_name, employee_email 
    FROM wr_employee_info 
    WHERE employee_id = $1
  `, [body.employeeId])
  
  if (employees.length === 0) {
    throw createError({ statusCode: 404, message: '사용자를 찾을 수 없습니다.' })
  }
  
  const employee = employees[0]
  
  // 임시 비밀번호 생성
  const tempPassword = generateTempPassword()
  const hash = await hashPassword(tempPassword)
  
  // 비밀번호 업데이트
  await execute(`
    UPDATE wr_employee_info 
    SET password_hash = $1, 
        updated_at = NOW(), 
        updated_ip = $2
    WHERE employee_id = $3
  `, [hash, clientIp, body.employeeId])
  
  return {
    success: true,
    message: '비밀번호가 초기화되었습니다.',
    tempPassword,
    employeeName: employee.employee_name
  }
})