1 files changed, 19 insertions, 2 deletions

diff --git a/app/api/auth/verify-mfa/route.ts b/app/api/auth/verify-mfa/route.ts
index f9d1b51e..dea06164 100644
--- a/app/api/auth/verify-mfa/route.ts
+++ b/app/api/auth/verify-mfa/route.ts
@@ -5,6 +5,7 @@ import { z } from 'zod';
 import { getServerSession } from 'next-auth';
 import { authOptions } from '@/app/api/auth/[...nextauth]/route';
 import { verifySmsToken } from '@/lib/users/auth/passwordUtil';
+import { getUserByEmail } from '@/lib/users/repository';
 
 const verifyMfaSchema = z.object({
   userId: z.string(),
@@ -25,16 +26,32 @@ export async function POST(request: NextRequest) {
     const body = await request.json();
     const { userId, token } = verifyMfaSchema.parse(body);
 
+
+    console.log(userId)
+
+
+
     // 본인 확인
-    if (session.user.id !== userId) {
+    if (session.user.email !== userId) {
       return NextResponse.json(
         { error: '권한이 없습니다' },
         { status: 403 }
       );
     }
 
+    const user = await getUserByEmail(userId);
+    if (!user || !user.phone) {
+      return NextResponse.json(
+        { error: '전화번호가 등록되지 않았습니다' },
+        { status: 400 }
+      );
+    }
+
+    const userIdfromUsers = user.id
+
+
     // MFA 토큰 검증
-    const result = await verifySmsToken(parseInt(userId), token);
+    const result = await verifySmsToken(userIdfromUsers, token);
     
     if (result.success) {
       return NextResponse.json({