msgapp/src/app/api/auth/session/route.ts

import { NextResponse } from "next/server";
import { loginSchema } from "@/lib/validation/auth";
import prisma from "@/lib/prisma";
import { verifyPassword } from "@/lib/password";
import { getClientKey, isRateLimited } from "@/lib/ratelimit";

export async function POST(req: Request) {
  const key = getClientKey(req, "login");
  if (isRateLimited(key, 5, 60_000)) {
    return NextResponse.json({ error: "Too Many Requests" }, { status: 429 });
  }
  const body = await req.json();
  const parsed = loginSchema.safeParse(body);
  if (!parsed.success)
    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
  const { nickname, password } = parsed.data;
  const user = await prisma.user.findUnique({ where: { nickname } });
  if (!user || !user.passwordHash || !verifyPassword(password, user.passwordHash)) {
    return NextResponse.json({ error: "아이디 또는 비밀번호가 올바르지 않습니다" }, { status: 401 });
  }
  const res = NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });
  res.headers.append(
    "Set-Cookie",
    `uid=${encodeURIComponent(user.userId)}; Path=/; HttpOnly; SameSite=Lax`
  );
  return res;
}

export async function DELETE() {
  const res = NextResponse.json({ ok: true });
  res.headers.append("Set-Cookie", `uid=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
  return res;
}
3.1 로그인/가입 폼 검증(Zod) 및 오류 UX 3.2 비밀번호 해시/검증 로직(bcrypt) 적용 3.3 세션/쿠키(HttpOnly/SameSite/Secure) 및 토큰 저장 전략 2025-10-09 14:58:07 +09:00			`import { NextResponse } from "next/server";`
			`import { loginSchema } from "@/lib/validation/auth";`
			`import prisma from "@/lib/prisma";`
			`import { verifyPassword } from "@/lib/password";`
4.1 React Query 설치 및 Provider 구성 o 2025-10-09 15:13:12 +09:00			`import { getClientKey, isRateLimited } from "@/lib/ratelimit";`
3.1 로그인/가입 폼 검증(Zod) 및 오류 UX 3.2 비밀번호 해시/검증 로직(bcrypt) 적용 3.3 세션/쿠키(HttpOnly/SameSite/Secure) 및 토큰 저장 전략 2025-10-09 14:58:07 +09:00
			`export async function POST(req: Request) {`
4.1 React Query 설치 및 Provider 구성 o 2025-10-09 15:13:12 +09:00			`const key = getClientKey(req, "login");`
			`if (isRateLimited(key, 5, 60_000)) {`
			`return NextResponse.json({ error: "Too Many Requests" }, { status: 429 });`
			`}`
3.1 로그인/가입 폼 검증(Zod) 및 오류 UX 3.2 비밀번호 해시/검증 로직(bcrypt) 적용 3.3 세션/쿠키(HttpOnly/SameSite/Secure) 및 토큰 저장 전략 2025-10-09 14:58:07 +09:00			`const body = await req.json();`
			`const parsed = loginSchema.safeParse(body);`
			`if (!parsed.success)`
			`return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });`
			`const { nickname, password } = parsed.data;`
			`const user = await prisma.user.findUnique({ where: { nickname } });`
			`if (!user \|\| !user.passwordHash \|\| !verifyPassword(password, user.passwordHash)) {`
			`return NextResponse.json({ error: "아이디 또는 비밀번호가 올바르지 않습니다" }, { status: 401 });`
			`}`
			`const res = NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });`
			`res.headers.append(`
			`"Set-Cookie",`
			`uid=${encodeURIComponent(user.userId)}; Path=/; HttpOnly; SameSite=Lax`
			`);`
			`return res;`
			`}`

			`export async function DELETE() {`
			`const res = NextResponse.json({ ok: true });`
			res.headers.append("Set-Cookie", `uid=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
			`return res;`
			`}`