summaryrefslogtreecommitdiff
path: root/app/api/auth/verify-mfa/route.ts
diff options
context:
space:
mode:
Diffstat (limited to 'app/api/auth/verify-mfa/route.ts')
-rw-r--r--app/api/auth/verify-mfa/route.ts21
1 files changed, 19 insertions, 2 deletions
diff --git a/app/api/auth/verify-mfa/route.ts b/app/api/auth/verify-mfa/route.ts
index f9d1b51e..dea06164 100644
--- a/app/api/auth/verify-mfa/route.ts
+++ b/app/api/auth/verify-mfa/route.ts
@@ -5,6 +5,7 @@ import { z } from 'zod';
import { getServerSession } from 'next-auth';
import { authOptions } from '@/app/api/auth/[...nextauth]/route';
import { verifySmsToken } from '@/lib/users/auth/passwordUtil';
+import { getUserByEmail } from '@/lib/users/repository';
const verifyMfaSchema = z.object({
userId: z.string(),
@@ -25,16 +26,32 @@ export async function POST(request: NextRequest) {
const body = await request.json();
const { userId, token } = verifyMfaSchema.parse(body);
+
+ console.log(userId)
+
+
+
// 본인 확인
- if (session.user.id !== userId) {
+ if (session.user.email !== userId) {
return NextResponse.json(
{ error: '권한이 없습니다' },
{ status: 403 }
);
}
+ const user = await getUserByEmail(userId);
+ if (!user || !user.phone) {
+ return NextResponse.json(
+ { error: '전화번호가 등록되지 않았습니다' },
+ { status: 400 }
+ );
+ }
+
+ const userIdfromUsers = user.id
+
+
// MFA 토큰 검증
- const result = await verifySmsToken(parseInt(userId), token);
+ const result = await verifySmsToken(userIdfromUsers, token);
if (result.success) {
return NextResponse.json({
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-07 02:12:01 +0000