fix

src/app/api/me/password/route.ts

@@ -0,0 +1,43 @@
+import { NextResponse } from "next/server";
+import prisma from "@/lib/prisma";
+import { getUserIdOrAdmin } from "@/lib/auth";
+import { verifyPassword, hashPassword } from "@/lib/password";
+
+export async function PUT(req: Request) {
+  const userId = await getUserIdOrAdmin(req);
+  if (!userId) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  try {
+    const body = await req.json();
+    const currentPassword: string | undefined = body?.currentPassword;
+    const newPassword: string | undefined = body?.newPassword;
+    if (!currentPassword || !newPassword) {
+      return NextResponse.json({ error: "currentPassword and newPassword required" }, { status: 400 });
+    }
+    if (newPassword.length < 8 || newPassword.length > 100) {
+      return NextResponse.json({ error: "password length invalid" }, { status: 400 });
+    }
+    const user = await prisma.user.findUnique({
+      where: { userId },
+      select: { passwordHash: true },
+    });
+    if (!user || !user.passwordHash) {
+      return NextResponse.json({ error: "invalid user" }, { status: 400 });
+    }
+    if (!verifyPassword(currentPassword, user.passwordHash)) {
+      return NextResponse.json({ error: "현재 비밀번호가 올바르지 않습니다" }, { status: 400 });
+    }
+    if (verifyPassword(newPassword, user.passwordHash)) {
+      // 새 비밀번호가 기존과 동일
+      return NextResponse.json({ error: "새 비밀번호가 기존과 동일합니다" }, { status: 400 });
+    }
+    await prisma.user.update({
+      where: { userId },
+      data: { passwordHash: hashPassword(newPassword) },
+    });
+    return NextResponse.json({ ok: true });
+  } catch {
+    return NextResponse.json({ error: "Bad Request" }, { status: 400 });
+  }
+}
+
+