80 lines
2.4 KiB
TypeScript
80 lines
2.4 KiB
TypeScript
import { query, execute } from '../../utils/db'
|
|
import { getClientIp } from '../../utils/ip'
|
|
import { getCurrentUser } from '../../utils/session'
|
|
import { hashPassword, generateTempPassword } from '../../utils/password'
|
|
|
|
interface SetPasswordBody {
|
|
employeeId: number
|
|
password?: string
|
|
generateTemp?: boolean
|
|
}
|
|
|
|
/**
|
|
* 직원 비밀번호 설정 (관리자용)
|
|
* POST /api/auth/set-password
|
|
*/
|
|
export default defineEventHandler(async (event) => {
|
|
const user = await getCurrentUser(event)
|
|
if (!user) {
|
|
throw createError({ statusCode: 401, message: '로그인이 필요합니다.' })
|
|
}
|
|
|
|
// 권한 확인 (ROLE_ADMIN만)
|
|
const roles = await query<any>(`
|
|
SELECT role_code FROM wr_employee_role WHERE employee_id = $1
|
|
`, [user.employeeId])
|
|
|
|
const isAdmin = roles.some((r: any) => r.role_code === 'ROLE_ADMIN')
|
|
if (!isAdmin) {
|
|
throw createError({ statusCode: 403, message: '관리자 권한이 필요합니다.' })
|
|
}
|
|
|
|
const body = await readBody<SetPasswordBody>(event)
|
|
const clientIp = getClientIp(event)
|
|
|
|
if (!body.employeeId) {
|
|
throw createError({ statusCode: 400, message: '직원 ID가 필요합니다.' })
|
|
}
|
|
|
|
let password = body.password
|
|
|
|
// 임시 비밀번호 생성
|
|
if (body.generateTemp || !password) {
|
|
password = generateTempPassword()
|
|
}
|
|
|
|
if (password.length < 8) {
|
|
throw createError({ statusCode: 400, message: '비밀번호는 8자 이상이어야 합니다.' })
|
|
}
|
|
|
|
// 대상 직원 존재 확인
|
|
const employees = await query<any>(`
|
|
SELECT employee_id, employee_name, employee_email FROM wr_employee_info WHERE employee_id = $1
|
|
`, [body.employeeId])
|
|
|
|
if (employees.length === 0) {
|
|
throw createError({ statusCode: 404, message: '직원을 찾을 수 없습니다.' })
|
|
}
|
|
|
|
const targetEmployee = employees[0]
|
|
|
|
// 비밀번호 해시
|
|
const hash = await hashPassword(password)
|
|
|
|
// 업데이트
|
|
await execute(`
|
|
UPDATE wr_employee_info
|
|
SET password_hash = $1, updated_at = NOW(), updated_ip = $2, updated_email = $3
|
|
WHERE employee_id = $4
|
|
`, [hash, clientIp, user.employeeEmail, body.employeeId])
|
|
|
|
return {
|
|
success: true,
|
|
employeeId: targetEmployee.employee_id,
|
|
employeeName: targetEmployee.employee_name,
|
|
employeeEmail: targetEmployee.employee_email,
|
|
tempPassword: body.generateTemp ? password : undefined,
|
|
message: body.generateTemp ? '임시 비밀번호가 생성되었습니다.' : '비밀번호가 설정되었습니다.'
|
|
}
|
|
})
|