2025-10-09 14:58:07 +09:00
|
|
|
import { NextResponse } from "next/server";
|
|
|
|
|
import { loginSchema } from "@/lib/validation/auth";
|
|
|
|
|
import prisma from "@/lib/prisma";
|
|
|
|
|
import { verifyPassword } from "@/lib/password";
|
2025-10-09 15:13:12 +09:00
|
|
|
import { getClientKey, isRateLimited } from "@/lib/ratelimit";
|
2025-10-09 14:58:07 +09:00
|
|
|
|
2025-10-10 11:22:43 +09:00
|
|
|
export async function GET(req: Request) {
|
|
|
|
|
try {
|
|
|
|
|
const cookieHeader = req.headers.get("cookie") || "";
|
|
|
|
|
const uid = cookieHeader
|
|
|
|
|
.split(";")
|
|
|
|
|
.map((s) => s.trim())
|
|
|
|
|
.find((pair) => pair.startsWith("uid="))
|
|
|
|
|
?.split("=")[1];
|
|
|
|
|
if (!uid) return NextResponse.json({ ok: false }, { status: 200 });
|
|
|
|
|
const user = await prisma.user.findUnique({ where: { userId: decodeURIComponent(uid) } });
|
|
|
|
|
if (!user) return NextResponse.json({ ok: false }, { status: 200 });
|
|
|
|
|
return NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });
|
|
|
|
|
} catch {
|
|
|
|
|
return NextResponse.json({ ok: false }, { status: 200 });
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-10-09 14:58:07 +09:00
|
|
|
export async function POST(req: Request) {
|
2025-10-09 15:13:12 +09:00
|
|
|
const key = getClientKey(req, "login");
|
|
|
|
|
if (isRateLimited(key, 5, 60_000)) {
|
|
|
|
|
return NextResponse.json({ error: "Too Many Requests" }, { status: 429 });
|
|
|
|
|
}
|
2025-10-09 14:58:07 +09:00
|
|
|
const body = await req.json();
|
|
|
|
|
const parsed = loginSchema.safeParse(body);
|
|
|
|
|
if (!parsed.success)
|
|
|
|
|
return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
|
|
|
|
|
const { nickname, password } = parsed.data;
|
|
|
|
|
const user = await prisma.user.findUnique({ where: { nickname } });
|
|
|
|
|
if (!user || !user.passwordHash || !verifyPassword(password, user.passwordHash)) {
|
|
|
|
|
return NextResponse.json({ error: "아이디 또는 비밀번호가 올바르지 않습니다" }, { status: 401 });
|
|
|
|
|
}
|
|
|
|
|
const res = NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });
|
|
|
|
|
res.headers.append(
|
|
|
|
|
"Set-Cookie",
|
|
|
|
|
`uid=${encodeURIComponent(user.userId)}; Path=/; HttpOnly; SameSite=Lax`
|
|
|
|
|
);
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export async function DELETE() {
|
|
|
|
|
const res = NextResponse.json({ ok: true });
|
|
|
|
|
res.headers.append("Set-Cookie", `uid=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
