/api/auth/login Endpoint 구현

2025-12-15 22:38:47 +00:00 · 2024-12-26 16:50:13 +09:00
parent d83dc6b8d2
commit fac8764572
10 changed files with 205 additions and 9 deletions
--- a/src/lib/server/auth.ts
+++ b/src/lib/server/auth.ts
@@ -0,0 +1,27 @@
+import argon2 from "argon2";
+import jwt from "jsonwebtoken";
+import { getUserByEmail } from "$lib/server/db/user";
+import env from "$lib/server/loadenv";
+
+const verifyPassword = async (hash: string, password: string) => {
+  return await argon2.verify(hash, password);
+};
+
+const issueToken = (id: number, type: "access" | "refresh") => {
+  return jwt.sign({ id, type }, env.jwt.secret, {
+    expiresIn: type === "access" ? env.jwt.accessExp : env.jwt.refreshExp,
+  });
+};
+
+export const login = async (email: string, password: string) => {
+  const user = await getUserByEmail(email);
+  if (!user) return null;
+
+  const valid = await verifyPassword(user.password, password);
+  if (!valid) return null;
+
+  return {
+    accessToken: issueToken(user.id, "access"),
+    refreshToken: issueToken(user.id, "refresh"),
+  };
+};
--- a/src/lib/server/db/drizzle.ts
+++ b/src/lib/server/db/drizzle.ts
@@ -0,0 +1,7 @@
+import Database from "better-sqlite3";
+import { drizzle } from "drizzle-orm/better-sqlite3";
+import env from "$lib/server/loadenv";
+
+const client = new Database(env.databaseUrl);
+
+export default drizzle(client);
--- a/src/lib/server/db/index.ts
+++ b/src/lib/server/db/index.ts
@@ -1,6 +0,0 @@
-import { drizzle } from "drizzle-orm/better-sqlite3";
-import Database from "better-sqlite3";
-import { env } from "$env/dynamic/private";
-if (!env.DATABASE_URL) throw new Error("DATABASE_URL is not set");
-const client = new Database(env.DATABASE_URL);
-export const db = drizzle(client);
--- a/src/lib/server/db/user.ts
+++ b/src/lib/server/db/user.ts
@@ -0,0 +1,8 @@
+import { eq } from "drizzle-orm";
+import db from "./drizzle";
+import { user } from "./schema";
+
+export const getUserByEmail = async (email: string) => {
+  const users = await db.select().from(user).where(eq(user.email, email)).execute();
+  return users[0] ?? null;
+};
--- a/src/lib/server/loadenv.ts
+++ b/src/lib/server/loadenv.ts
@@ -0,0 +1,12 @@
+import { env } from "$env/dynamic/private";
+
+if (!env.JWT_SECRET) throw new Error("JWT_SECRET is not set");
+
+export default {
+  databaseUrl: env.DATABASE_URL || "local.db",
+  jwt: {
+    secret: env.JWT_SECRET,
+    accessExp: env.JWT_ACCESS_TOKEN_EXPIRES || "5m",
+    refreshExp: env.JWT_REFRESH_TOKEN_EXPIRES || "14d",
+  },
+};
--- a/src/routes/api/auth/login/+server.ts
+++ b/src/routes/api/auth/login/+server.ts
@@ -0,0 +1,22 @@
+import { error, json } from "@sveltejs/kit";
+import { z } from "zod";
+import { login } from "$lib/server/auth";
+import type { RequestHandler } from "./$types";
+
+export const POST: RequestHandler = async ({ request }) => {
+  const zodRes = z
+    .object({
+      email: z.string().email().nonempty(),
+      password: z.string().nonempty(),
+    })
+    .safeParse(await request.json());
+  if (!zodRes.success) error(400, zodRes.error.message);
+
+  const { email, password } = zodRes.data;
+  const loginRes = await login(email.trim(), password.trim());
+
+  if (!loginRes) error(401, "Invalid email or password");
+  const { accessToken, refreshToken } = loginRes;
+
+  return json({ accessToken, refreshToken });
+};