3.1 로그인/가입 폼 검증(Zod) 및 오류 UX

3.2 비밀번호 해시/검증 로직(bcrypt) 적용
3.3 세션/쿠키(HttpOnly/SameSite/Secure) 및 토큰 저장 전략

src/app/api/auth/login/route.ts

@@ -0,0 +1,19 @@
+import { NextResponse } from "next/server";
+import prisma from "@/lib/prisma";
+import { loginSchema } from "@/lib/validation/auth";
+import { verifyPassword } from "@/lib/password";
+
+export async function POST(req: Request) {
+  const body = await req.json();
+  const parsed = loginSchema.safeParse(body);
+  if (!parsed.success)
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
+  const { nickname, password } = parsed.data;
+  const user = await prisma.user.findUnique({ where: { nickname } });
+  if (!user || !user.passwordHash || !verifyPassword(password, user.passwordHash)) {
+    return NextResponse.json({ error: "아이디 또는 비밀번호가 올바르지 않습니다" }, { status: 401 });
+  }
+  return NextResponse.json({ user: { userId: user.userId, nickname: user.nickname } });
+}
+
+

src/app/api/auth/register/route.ts

@@ -0,0 +1,33 @@
+import { NextResponse } from "next/server";
+import prisma from "@/lib/prisma";
+import { registerSchema } from "@/lib/validation/auth";
+import { hash } from "crypto";
+
+function hashPassword(pw: string) {
+  // 간이 해시(데모): 실제론 bcrypt/scrypt/argon2 사용 권장
+  return hash("sha256", Buffer.from(pw)).digest("hex");
+}
+
+export async function POST(req: Request) {
+  const body = await req.json();
+  const parsed = registerSchema.safeParse(body);
+  if (!parsed.success)
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
+  const { nickname, name, phone, birth, password } = parsed.data;
+  const exists = await prisma.user.findFirst({ where: { OR: [{ nickname }, { phone }] } });
+  if (exists) return NextResponse.json({ error: "이미 존재하는 사용자" }, { status: 409 });
+  const user = await prisma.user.create({
+    data: {
+      nickname,
+      name,
+      phone,
+      birth: new Date(birth),
+      passwordHash: hashPassword(password),
+      agreementTermsAt: new Date(),
+    },
+    select: { userId: true, nickname: true },
+  });
+  return NextResponse.json({ user }, { status: 201 });
+}
+
+

src/app/api/auth/session/route.ts

@@ -0,0 +1,30 @@
+import { NextResponse } from "next/server";
+import { loginSchema } from "@/lib/validation/auth";
+import prisma from "@/lib/prisma";
+import { verifyPassword } from "@/lib/password";
+
+export async function POST(req: Request) {
+  const body = await req.json();
+  const parsed = loginSchema.safeParse(body);
+  if (!parsed.success)
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
+  const { nickname, password } = parsed.data;
+  const user = await prisma.user.findUnique({ where: { nickname } });
+  if (!user || !user.passwordHash || !verifyPassword(password, user.passwordHash)) {
+    return NextResponse.json({ error: "아이디 또는 비밀번호가 올바르지 않습니다" }, { status: 401 });
+  }
+  const res = NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });
+  res.headers.append(
+    "Set-Cookie",
+    `uid=${encodeURIComponent(user.userId)}; Path=/; HttpOnly; SameSite=Lax`
+  );
+  return res;
+}
+
+export async function DELETE() {
+  const res = NextResponse.json({ ok: true });
+  res.headers.append("Set-Cookie", `uid=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
+  return res;
+}
+
+