3.1 로그인/가입 폼 검증(Zod) 및 오류 UX

3.2 비밀번호 해시/검증 로직(bcrypt) 적용
3.3 세션/쿠키(HttpOnly/SameSite/Secure) 및 토큰 저장 전략

src/app/api/auth/session/route.ts

@@ -0,0 +1,30 @@
+import { NextResponse } from "next/server";
+import { loginSchema } from "@/lib/validation/auth";
+import prisma from "@/lib/prisma";
+import { verifyPassword } from "@/lib/password";
+
+export async function POST(req: Request) {
+  const body = await req.json();
+  const parsed = loginSchema.safeParse(body);
+  if (!parsed.success)
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
+  const { nickname, password } = parsed.data;
+  const user = await prisma.user.findUnique({ where: { nickname } });
+  if (!user || !user.passwordHash || !verifyPassword(password, user.passwordHash)) {
+    return NextResponse.json({ error: "아이디 또는 비밀번호가 올바르지 않습니다" }, { status: 401 });
+  }
+  const res = NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });
+  res.headers.append(
+    "Set-Cookie",
+    `uid=${encodeURIComponent(user.userId)}; Path=/; HttpOnly; SameSite=Lax`
+  );
+  return res;
+}
+
+export async function DELETE() {
+  const res = NextResponse.json({ ok: true });
+  res.headers.append("Set-Cookie", `uid=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
+  return res;
+}
+
+