From a070f833d132e6370311c0bbdad03beb51d595df Mon Sep 17 00:00:00 2001
From: joonhoekim <26rote@gmail.com>
Date: Wed, 15 Oct 2025 21:38:21 +0900
Subject: (김준회) 이메일 화이트리스트 (SMS 우회) 기능 추가 및 기존 로그인 과정
 통합
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../evcp/(evcp)/(system)/email-whitelist/page.tsx  |  82 +++
 app/api/auth/[...nextauth]/route.ts                |  25 +-
 app/api/auth/first-auth/route.ts                   |   8 +-
 app/api/auth/send-email-otp/route.ts               |  74 +++
 components/login/login-form.tsx                    | 101 +++-
 config/menuConfig.ts                               | 523 +++++++++----------
 db/schema/emailWhitelist.ts                        |  27 +
 db/schema/index.ts                                 |   3 +-
 i18n/locales/en/menu.json                          |   1 +
 i18n/locales/ko/menu.json                          |   1 +
 lib/email-whitelist/service.ts                     | 577 +++++++++++++++++++++
 .../table/create-whitelist-dialog.tsx              | 179 +++++++
 .../table/delete-whitelist-dialog.tsx              | 137 +++++
 .../table/update-whitelist-dialog.tsx              | 193 +++++++
 .../table/whitelist-table-columns.tsx              | 208 ++++++++
 lib/email-whitelist/table/whitelist-table.tsx      | 130 +++++
 lib/users/auth/passwordUtil.ts                     | 146 ++++++
 lib/users/session/helper.ts                        |  16 +-
 18 files changed, 2146 insertions(+), 285 deletions(-)
 create mode 100644 app/[lng]/evcp/(evcp)/(system)/email-whitelist/page.tsx
 create mode 100644 app/api/auth/send-email-otp/route.ts
 create mode 100644 db/schema/emailWhitelist.ts
 create mode 100644 lib/email-whitelist/service.ts
 create mode 100644 lib/email-whitelist/table/create-whitelist-dialog.tsx
 create mode 100644 lib/email-whitelist/table/delete-whitelist-dialog.tsx
 create mode 100644 lib/email-whitelist/table/update-whitelist-dialog.tsx
 create mode 100644 lib/email-whitelist/table/whitelist-table-columns.tsx
 create mode 100644 lib/email-whitelist/table/whitelist-table.tsx

diff --git a/app/[lng]/evcp/(evcp)/(system)/email-whitelist/page.tsx b/app/[lng]/evcp/(evcp)/(system)/email-whitelist/page.tsx
new file mode 100644
index 00000000..95abd556
--- /dev/null
+++ b/app/[lng]/evcp/(evcp)/(system)/email-whitelist/page.tsx
@@ -0,0 +1,82 @@
+/**
+ * 이메일 화이트리스트
+ *
+ * 이메일 도메인의 화이트리스트를 통해, SMS 인증을 우회할 도메인을 관리
+ *
+ * db schema : db/schema/emailWhitelist.ts
+ *
+ * 구현방향: 이메일 화이트리스트 조회 + dialog 기반의 생성/삭제
+ *
+ */
+
+import * as React from "react"
+import { type Metadata } from "next"
+import { getEmailWhitelistList } from "@/lib/email-whitelist/service"
+import { type SearchParams } from "@/types/table"
+import { WhitelistTable } from "@/lib/email-whitelist/table/whitelist-table"
+import { Shell } from "@/components/shell"
+import { Skeleton } from "@/components/ui/skeleton"
+import { DataTableSkeleton } from "@/components/data-table/data-table-skeleton"
+
+// export const metadata: Metadata = {
+//   title: "이메일 화이트리스트 관리",
+//   description: "SMS 인증 대신 이메일로 인증번호를 받을 도메인 및 개별 이메일을 관리",
+// }
+
+interface WhitelistPageProps {
+  searchParams: SearchParams
+}
+
+export default async function WhitelistPage(props: WhitelistPageProps) {
+
+  const searchParams = await props.searchParams
+
+  // 기본 검색 파라미터 처리
+  const search = {
+    page: searchParams.page ? parseInt(searchParams.page as string) : 1,
+    perPage: searchParams.perPage ? parseInt(searchParams.perPage as string) : 10,
+    search: searchParams.search as string || "",
+    sort: searchParams.sort as string || "createdAt.desc",
+    filters: searchParams.filters ? JSON.parse(searchParams.filters as string) : undefined,
+  }
+
+  const promises = Promise.all([
+    getEmailWhitelistList(search),
+  ])
+
+  return (
+
+    <Shell className="gap-2">
+      <div className="flex items-center justify-between space-y-2">
+        <div className="flex items-center justify-between space-y-2">
+          <div>
+            <div className="flex items-center gap-2">
+              <h2 className="text-2xl font-bold tracking-tight">
+                이메일 화이트리스트 관리
+              </h2>
+            </div>
+            <p className="text-muted-foreground">
+              SMS 인증 대신 이메일로 인증번호를 받을 도메인 및 개별 이메일을 관리합니다.
+            </p>
+          </div>
+        </div>
+      </div>
+
+      <React.Suspense fallback={<Skeleton className="h-7 w-52" />}>
+      </React.Suspense>
+      <React.Suspense
+        fallback={
+          <DataTableSkeleton
+            columnCount={5}
+            searchableColumnCount={1}
+            filterableColumnCount={2}
+            cellWidths={["4rem", "12rem", "20rem", "12rem", "12rem", "8rem"]}
+            shrinkZero
+          />
+        }
+      >
+        <WhitelistTable promises={promises} />
+      </React.Suspense>
+    </Shell>
+  )
+}
\ No newline at end of file
diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index 5896fb90..3b0f8c61 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -11,7 +11,7 @@ import { getUserByEmail, getUserById } from '@/lib/users/repository'
 import { authenticateWithSGips, verifyExternalCredentials } from '@/lib/users/auth/verifyCredentails'
 import { verifyOtpTemp } from '@/lib/users/verifyOtp'
 import { getSecuritySettings } from '@/lib/password-policy/service'
-import { verifySmsToken } from '@/lib/users/auth/passwordUtil'
+import { verifySmsToken, verifyEmailToken } from '@/lib/users/auth/passwordUtil'
 import { SessionRepository } from '@/lib/users/session/repository'
 import { getUserRoles } from '@/lib/users/service'
 
@@ -161,14 +161,15 @@ export const authOptions: NextAuthOptions = {
       },
     }),
 
-    // ✅ MFA 완료 후 최종 인증 - roles 정보 추가
+    // ✅ MFA 완료 후 최종 인증 - roles 정보 추가 (SMS/Email OTP 지원)
     CredentialsProvider({
       id: 'credentials-mfa',
       name: 'MFA Verification',
       credentials: {
         userId: { label: 'User ID', type: 'text' },
-        smsToken: { label: 'SMS Token', type: 'text' },
+        smsToken: { label: 'SMS Token', type: 'text' }, // SMS 또는 Email OTP 토큰
         tempAuthKey: { label: 'Temp Auth Key', type: 'text' },
+        mfaType: { label: 'MFA Type', type: 'text' }, // 'sms' 또는 'email'
       },
       async authorize(credentials, req) {
         if (!credentials?.userId || !credentials?.smsToken || !credentials?.tempAuthKey) {
@@ -191,10 +192,20 @@ export const authOptions: NextAuthOptions = {
             return null
           }
 
-          // SMS 토큰 검증
-          const smsVerificationResult = await verifySmsToken(user.id, credentials.smsToken)
-          if (!smsVerificationResult || !smsVerificationResult.success) {
-            console.error('SMS token verification failed')
+          // MFA 타입에 따라 SMS 또는 Email OTP 검증
+          const mfaType = credentials.mfaType || 'sms'; // 기본값은 SMS
+          let verificationResult;
+
+          if (mfaType === 'email') {
+            verificationResult = await verifyEmailToken(user.id, credentials.smsToken)
+            console.log(`Email OTP verification for user ${user.email}:`, verificationResult.success)
+          } else {
+            verificationResult = await verifySmsToken(user.id, credentials.smsToken)
+            console.log(`SMS OTP verification for user ${user.email}:`, verificationResult.success)
+          }
+
+          if (!verificationResult || !verificationResult.success) {
+            console.error(`${mfaType.toUpperCase()} token verification failed`)
             return null
           }
 
diff --git a/app/api/auth/first-auth/route.ts b/app/api/auth/first-auth/route.ts
index 6952b472..93daf316 100644
--- a/app/api/auth/first-auth/route.ts
+++ b/app/api/auth/first-auth/route.ts
@@ -17,6 +17,8 @@ interface FirstAuthResponse {
   tempAuthKey?: string
   userId?: number
   email?: string
+  mfaType?: 'sms' | 'email' // MFA 타입 추가
+  userName?: string // Email OTP 전송 시 필요
   otpUsers?: Array<{
     id: string
     name: string
@@ -134,12 +136,14 @@ export async function POST(request: NextRequest): Promise<NextResponse<FirstAuth
       })
     }
 
-    // 일반 사용자의 경우 기존 응답
+    // 일반 사용자의 경우 mfaType 포함하여 응답
     return NextResponse.json({
       success: true,
       tempAuthKey: authResult.tempAuthKey,
       userId: authResult.userId,
-      email: authResult.email
+      email: authResult.email,
+      mfaType: (authResult.mfaType || 'sms') as 'sms' | 'email', // 기본값은 SMS
+      userName: authResult.userName,
     })
 
   } catch (error) {
diff --git a/app/api/auth/send-email-otp/route.ts b/app/api/auth/send-email-otp/route.ts
new file mode 100644
index 00000000..92bdbe6d
--- /dev/null
+++ b/app/api/auth/send-email-otp/route.ts
@@ -0,0 +1,74 @@
+// app/api/auth/send-email-otp/route.ts
+// Email OTP 전송 API 엔드포인트
+
+import { NextRequest, NextResponse } from 'next/server';
+import { z } from 'zod';
+import { getUserById } from '@/lib/users/repository';
+import { generateAndSendEmailToken } from '@/lib/users/auth/passwordUtil';
+
+const sendEmailOtpSchema = z.object({
+  userId: z.number(),
+  email: z.string().email().optional(),
+  userName: z.string().optional(),
+});
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json();
+    const { userId, email, userName } = sendEmailOtpSchema.parse(body);
+
+    // 본인 확인
+    if (!userId) {
+      return NextResponse.json(
+        { error: '권한이 없습니다' },
+        { status: 403 }
+      );
+    }
+
+    // 사용자 정보 조회
+    const user = await getUserById(userId);
+    if (!user || !user.email) {
+      return NextResponse.json(
+        { error: '이메일 주소가 등록되지 않았습니다' },
+        { status: 400 }
+      );
+    }
+
+    // Email OTP 전송
+    const userEmail = email || user.email;
+    const userDisplayName = userName || user.name;
+    
+    const result = await generateAndSendEmailToken(
+      Number(userId), 
+      userEmail,
+      userDisplayName
+    );
+    
+    if (result.success) {
+      return NextResponse.json({ 
+        success: true,
+        message: '이메일 인증번호가 전송되었습니다' 
+      });
+    } else {
+      return NextResponse.json(
+        { error: result.error },
+        { status: 400 }
+      );
+    }
+
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json(
+        { error: '잘못된 요청입니다' },
+        { status: 400 }
+      );
+    }
+
+    console.error('Email OTP send API error:', error);
+    return NextResponse.json(
+      { error: '서버 오류가 발생했습니다' },
+      { status: 500 }
+    );
+  }
+}
+
diff --git a/components/login/login-form.tsx b/components/login/login-form.tsx
index 090f3a70..d249b6b1 100644
--- a/components/login/login-form.tsx
+++ b/components/login/login-form.tsx
@@ -55,7 +55,9 @@ export function LoginForm() {
     const [tempAuthKey, setTempAuthKey] = useState('');
     const [mfaUserId, setMfaUserId] = useState<number | null>(null);
     const [mfaUserEmail, setMfaUserEmail] = useState('');
+    const [mfaUserName, setMfaUserName] = useState(''); // Email OTP 전송 시 필요
     const [mfaCountdown, setMfaCountdown] = useState(0);
+    const [mfaType, setMfaType] = useState<'sms' | 'email'>('sms'); // MFA 타입
 
     // 일반 로그인 폼 데이터
     const [username, setUsername] = useState('');
@@ -257,6 +259,52 @@ export function LoginForm() {
         }
     };
 
+    // Email OTP 전송
+    const handleSendEmail = async (userIdParam?: number, emailParam?: string, userNameParam?: string) => {
+        const targetUserId = userIdParam || mfaUserId;
+        const targetEmail = emailParam || mfaUserEmail;
+        const targetUserName = userNameParam || mfaUserName;
+        
+        if (!targetUserId || mfaCountdown > 0) return;
+
+        setIsSmsLoading(true);
+        try {
+            const response = await fetch('/api/auth/send-email-otp', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                    userId: targetUserId,
+                    email: targetEmail,
+                    userName: targetUserName,
+                }),
+            });
+
+            if (response.ok) {
+                setMfaCountdown(60);
+                toast({
+                    title: '이메일 인증번호 전송',
+                    description: `${targetEmail}로 인증번호가 전송되었습니다.`,
+                });
+            } else {
+                const errorData = await response.json();
+                toast({
+                    title: t('errorTitle'),
+                    description: errorData.error || '이메일 전송에 실패했습니다.',
+                    variant: 'destructive',
+                });
+            }
+        } catch (error) {
+            console.error('Email OTP send error:', error);
+            toast({
+                title: t('errorTitle'),
+                description: '이메일 전송 중 오류가 발생했습니다.',
+                variant: 'destructive',
+            });
+        } finally {
+            setIsSmsLoading(false);
+        }
+    };
+
     // MFA 토큰 검증 및 최종 로그인
     const handleMfaSubmit = async (e: React.FormEvent) => {
         e.preventDefault();
@@ -283,11 +331,12 @@ export function LoginForm() {
         setIsMfaLoading(true);
 
         try {
-            // NextAuth의 credentials-mfa 프로바이더로 최종 인증
+            // NextAuth의 credentials-mfa 프로바이더로 최종 인증 (mfaType 포함)
             const result = await signIn('credentials-mfa', {
                 userId: mfaUserId,
                 smsToken: mfaToken,
                 tempAuthKey: tempAuthKey,
+                mfaType: mfaType, // 'sms' 또는 'email'
                 redirect: false,
             });
 
@@ -364,25 +413,33 @@ export function LoginForm() {
             const authResult = await performFirstAuth(username, password, 'email');
 
             if (authResult.success) {
+                const userMfaType = authResult.mfaType || 'sms';
+                
                 toast({
                     title: t('firstAuthComplete'),
-                    description: t('proceedingSmsAuth'),
+                    description: userMfaType === 'email' ? '이메일 인증을 진행합니다.' : t('proceedingSmsAuth'),
                 });
 
                 // MFA 화면으로 전환
                 setTempAuthKey(authResult.tempAuthKey);
                 setMfaUserId(authResult.userId);
                 setMfaUserEmail(authResult.email);
+                setMfaUserName(authResult.userName || '');
+                setMfaType(userMfaType);
                 setShowMfaForm(true);
 
-                // 자동으로 SMS 전송 (userId 직접 전달)
+                // MFA 타입에 따라 자동으로 OTP 전송
                 setTimeout(() => {
-                    handleSendSms(authResult.userId);
+                    if (userMfaType === 'email') {
+                        handleSendEmail(authResult.userId, authResult.email, authResult.userName);
+                    } else {
+                        handleSendSms(authResult.userId);
+                    }
                 }, 500);
 
                 toast({
-                    title: t('smsAuthRequired'),
-                    description: t('sendingCodeToPhone'),
+                    title: userMfaType === 'email' ? '이메일 인증 필요' : t('smsAuthRequired'),
+                    description: userMfaType === 'email' ? '이메일로 인증번호를 전송하고 있습니다.' : t('sendingCodeToPhone'),
                 });
             }
         } catch (error: unknown) {
@@ -526,6 +583,8 @@ export function LoginForm() {
         setTempAuthKey('');
         setMfaUserId(null);
         setMfaUserEmail('');
+        setMfaUserName('');
+        setMfaType('sms'); // 기본값으로 초기화
         setMfaCountdown(0);
         setSelectedOtpUser(null);
         setShowUserSelectionDialog(false);
@@ -582,17 +641,23 @@ export function LoginForm() {
                                     ) : (
                                         <>
                                             <div className="flex items-center justify-center w-12 h-12 rounded-full bg-blue-100 mb-4">
-                                                🔐
+                                                {mfaType === 'email' ? '📧' : '🔐'}
                                             </div>
-                                            <h1 className="text-2xl font-bold">{t('smsVerification')}</h1>
+                                            <h1 className="text-2xl font-bold">
+                                                {mfaType === 'email' ? '이메일 인증' : t('smsVerification')}
+                                            </h1>
                                             <p className="text-sm text-muted-foreground mt-2">
                                                 {selectedOtpUser
                                                     ? t('firstAuthCompleteForSgips', { name: selectedOtpUser.name, email: mfaUserEmail })
-                                                    : t('firstAuthCompleteFor', { email: mfaUserEmail })
+                                                    : mfaType === 'email'
+                                                        ? `${mfaUserEmail}로 인증번호가 전송되었습니다.`
+                                                        : t('firstAuthCompleteFor', { email: mfaUserEmail })
                                                 }
                                             </p>
                                             <p className="text-xs text-muted-foreground mt-1">
-                                                {t('enterSixDigitCodeInstructions')}
+                                                {mfaType === 'email' 
+                                                    ? '이메일에서 받은 6자리 인증번호를 입력해주세요.' 
+                                                    : t('enterSixDigitCodeInstructions')}
                                             </p>
                                         </>
                                     )}
@@ -751,16 +816,24 @@ export function LoginForm() {
                                             </Button>
                                         </div>
 
-                                        {/* SMS 재전송 섹션 */}
+                                        {/* OTP 재전송 섹션 (SMS/Email) */}
                                         <div className="bg-gray-50 p-4 rounded-lg">
                                             <h3 className="text-sm font-medium text-gray-900 mb-2">
                                                 {t('resendCode')}
                                             </h3>
                                             <p className="text-xs text-gray-600 mb-3">
-                                                {t('didNotReceiveCode')}
+                                                {mfaType === 'email' 
+                                                    ? '이메일을 받지 못하셨나요?' 
+                                                    : t('didNotReceiveCode')}
                                             </p>
                                             <Button
-                                                onClick={() => handleSendSms()}
+                                                onClick={() => {
+                                                    if (mfaType === 'email') {
+                                                        handleSendEmail();
+                                                    } else {
+                                                        handleSendSms();
+                                                    }
+                                                }}
                                                 disabled={isSmsLoading || mfaCountdown > 0}
                                                 variant="outline"
                                                 size="sm"
@@ -772,7 +845,7 @@ export function LoginForm() {
                                                 ) : mfaCountdown > 0 ? (
                                                     t('resendAvailable', { seconds: mfaCountdown })
                                                 ) : (
-                                                    t('resendCode')
+                                                    mfaType === 'email' ? '인증번호 재전송' : t('resendCode')
                                                 )}
                                             </Button>
                                         </div>
diff --git a/config/menuConfig.ts b/config/menuConfig.ts
index 4ac2bdc1..5b5319e7 100644
--- a/config/menuConfig.ts
+++ b/config/menuConfig.ts
@@ -27,38 +27,38 @@ export const domainBrandingKeys = {
 // 메인 네비게이션 (전체 시스템)
 export const mainNav: MenuSection[] = [
   {
-    titleKey: "menu.master_data.title",
+    titleKey: 'menu.master_data.title',
     useGrouping: true,
     items: [
       {
-        titleKey: "menu.master_data.bid_projects",
-        href: "/evcp/bid-projects",
-        descriptionKey: "menu.master_data.bid_projects_desc",
-        groupKey: "groups.basic_info"
+        titleKey: 'menu.master_data.bid_projects',
+        href: '/evcp/bid-projects',
+        descriptionKey: 'menu.master_data.bid_projects_desc',
+        groupKey: 'groups.basic_info',
       },
       {
-        titleKey: "menu.master_data.projects",
-        href: "/evcp/projects",
-        descriptionKey: "menu.master_data.projects_desc",
-        groupKey: "groups.basic_info"
+        titleKey: 'menu.master_data.projects',
+        href: '/evcp/projects',
+        descriptionKey: 'menu.master_data.projects_desc',
+        groupKey: 'groups.basic_info',
       },
       {
-        titleKey: "menu.master_data.package_numbers",
-        href: "/evcp/items",
-        descriptionKey: "menu.master_data.package_numbers_desc",
-        groupKey: "groups.basic_info"
+        titleKey: 'menu.master_data.package_numbers',
+        href: '/evcp/items',
+        descriptionKey: 'menu.master_data.package_numbers_desc',
+        groupKey: 'groups.basic_info',
       },
       {
-        titleKey: "menu.master_data.material_master",
-        href: "/evcp/material-groups",
-        descriptionKey: "menu.master_data.material_master_desc",
-        groupKey: "groups.basic_info"
+        titleKey: 'menu.master_data.material_master',
+        href: '/evcp/material-groups',
+        descriptionKey: 'menu.master_data.material_master_desc',
+        groupKey: 'groups.basic_info',
       },
       {
-        titleKey: "menu.master_data.object_class",
-        href: "/evcp/equip-class",
-        descriptionKey: "menu.master_data.object_class_desc",
-        groupKey: "groups.design_info"
+        titleKey: 'menu.master_data.object_class',
+        href: '/evcp/equip-class',
+        descriptionKey: 'menu.master_data.object_class_desc',
+        groupKey: 'groups.design_info',
       },
       // {
       //   titleKey: "menu.master_data.sub_class",
@@ -67,165 +67,165 @@ export const mainNav: MenuSection[] = [
       //   groupKey: "groups.design_info"
       // },
       {
-        titleKey: "menu.master_data.tag_types",
-        href: "/evcp/tag-numbering",
-        descriptionKey: "menu.master_data.tag_types_desc",
-        groupKey: "groups.design_info"
+        titleKey: 'menu.master_data.tag_types',
+        href: '/evcp/tag-numbering',
+        descriptionKey: 'menu.master_data.tag_types_desc',
+        groupKey: 'groups.design_info',
       },
       {
-        titleKey: "menu.master_data.form_register",
-        href: "/evcp/form-list",
-        descriptionKey: "menu.master_data.form_register_desc",
-        groupKey: "groups.design_info"
+        titleKey: 'menu.master_data.form_register',
+        href: '/evcp/form-list',
+        descriptionKey: 'menu.master_data.form_register_desc',
+        groupKey: 'groups.design_info',
       },
       {
-        titleKey: "menu.master_data.document_numbering_rule",
-        href: "/evcp/docu-list-rule",
-        descriptionKey: "menu.master_data.document_numbering_rule_desc",
-        groupKey: "groups.design_info"
+        titleKey: 'menu.master_data.document_numbering_rule',
+        href: '/evcp/docu-list-rule',
+        descriptionKey: 'menu.master_data.document_numbering_rule_desc',
+        groupKey: 'groups.design_info',
       },
       {
-        titleKey: "menu.master_data.incoterms",
-        href: "/evcp/incoterms",
-        descriptionKey: "menu.master_data.incoterms_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.incoterms',
+        href: '/evcp/incoterms',
+        descriptionKey: 'menu.master_data.incoterms_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.payment_conditions",
-        href: "/evcp/payment-conditions",
-        descriptionKey: "menu.master_data.payment_conditions_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.payment_conditions',
+        href: '/evcp/payment-conditions',
+        descriptionKey: 'menu.master_data.payment_conditions_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.vendor_types",
-        href: "/evcp/vendor-type",
-        descriptionKey: "menu.master_data.vendor_types_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.vendor_types',
+        href: '/evcp/vendor-type',
+        descriptionKey: 'menu.master_data.vendor_types_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.basic_contract_template",
-        href: "/evcp/basic-contract-template",
-        descriptionKey: "menu.master_data.basic_contract_template_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.basic_contract_template',
+        href: '/evcp/basic-contract-template',
+        descriptionKey: 'menu.master_data.basic_contract_template_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.gtc",
-        href: "/evcp/gtc",
+        titleKey: 'menu.master_data.gtc',
+        href: '/evcp/gtc',
         // descriptionKey: "menu.master_data.basic_contract_template_desc",
-        groupKey: "groups.procurement_info"
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.pq_criteria",
-        href: "/evcp/pq-criteria",
-        descriptionKey: "menu.master_data.pq_criteria_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.pq_criteria',
+        href: '/evcp/pq-criteria',
+        descriptionKey: 'menu.master_data.pq_criteria_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.project_gtc",
-        href: "/evcp/project-gtc",
-        descriptionKey: "menu.master_data.project_gtc_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.project_gtc',
+        href: '/evcp/project-gtc',
+        descriptionKey: 'menu.master_data.project_gtc_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.evaluation_target",
-        href: "/evcp/evaluation-target-list",
-        descriptionKey: "menu.master_data.evaluation_target_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.evaluation_target',
+        href: '/evcp/evaluation-target-list',
+        descriptionKey: 'menu.master_data.evaluation_target_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.evaluation_checklist",
-        href: "/evcp/evaluation-check-list",
-        descriptionKey: "menu.master_data.evaluation_checklist_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.evaluation_checklist',
+        href: '/evcp/evaluation-check-list',
+        descriptionKey: 'menu.master_data.evaluation_checklist_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.vendor_checklist",
-        href: "/evcp/vendor-check-list",
-        descriptionKey: "menu.master_data.vendor_checklist_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.vendor_checklist',
+        href: '/evcp/vendor-check-list',
+        descriptionKey: 'menu.master_data.vendor_checklist_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.esg_checklist",
-        href: "/evcp/esg-check-list",
-        descriptionKey: "menu.master_data.esg_checklist_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.esg_checklist',
+        href: '/evcp/esg-check-list',
+        descriptionKey: 'menu.master_data.esg_checklist_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.compliance_survey",
-        href: "/evcp/compliance",
-        descriptionKey: "menu.master_data.compliance_survey_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.compliance_survey',
+        href: '/evcp/compliance',
+        descriptionKey: 'menu.master_data.compliance_survey_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.general_contract_template",
-        href: "/evcp/general-contract-template",
-        descriptionKey: "menu.master_data.general_contract_template_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.general_contract_template',
+        href: '/evcp/general-contract-template',
+        descriptionKey: 'menu.master_data.general_contract_template_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.buyer_signature",
-        href: "/evcp/buyer-signature",
-        descriptionKey: "menu.master_data.buyer_signaturee_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.buyer_signature',
+        href: '/evcp/buyer-signature',
+        descriptionKey: 'menu.master_data.buyer_signaturee_desc',
+        groupKey: 'groups.procurement_info',
       },
       {
-        titleKey: "menu.master_data.procurement_items",
-        href: "/evcp/p-items",
-        descriptionKey: "menu.master_data.procurement_items_desc",
-        groupKey: "groups.procurement_info"
+        titleKey: 'menu.master_data.procurement_items',
+        href: '/evcp/p-items',
+        descriptionKey: 'menu.master_data.procurement_items_desc',
+        groupKey: 'groups.procurement_info',
       },
     ],
   },
   {
-    titleKey: "menu.vendor_management.title",
+    titleKey: 'menu.vendor_management.title',
     useGrouping: true,
     items: [
       {
-        titleKey: "menu.vendor_management.candidates",
-        href: "/evcp/vendor-candidates",
-        descriptionKey: "menu.vendor_management.candidates_desc",
+        titleKey: 'menu.vendor_management.candidates',
+        href: '/evcp/vendor-candidates',
+        descriptionKey: 'menu.vendor_management.candidates_desc',
       },
       {
-        titleKey: "menu.vendor_management.vendors",
-        href: "/evcp/vendors",
-        descriptionKey: "menu.vendor_management.vendors_desc",
+        titleKey: 'menu.vendor_management.vendors',
+        href: '/evcp/vendors',
+        descriptionKey: 'menu.vendor_management.vendors_desc',
       },
       {
-        titleKey: "menu.vendor_management.investigation",
-        href: "/evcp/vendor-investigation",
-        descriptionKey: "menu.vendor_management.investigation_desc",
+        titleKey: 'menu.vendor_management.investigation',
+        href: '/evcp/vendor-investigation',
+        descriptionKey: 'menu.vendor_management.investigation_desc',
       },
       {
-        titleKey: "menu.vendor_management.evaluation",
-        href: "/evcp/evaluation",
-        descriptionKey: "menu.vendor_management.evaluation_desc",
+        titleKey: 'menu.vendor_management.evaluation',
+        href: '/evcp/evaluation',
+        descriptionKey: 'menu.vendor_management.evaluation_desc',
       },
       {
-        titleKey: "menu.vendor_management.evaluation_input",
-        href: "/evcp/evaluation-input",
-        descriptionKey: "menu.vendor_management.evaluation_input_desc",
+        titleKey: 'menu.vendor_management.evaluation_input',
+        href: '/evcp/evaluation-input',
+        descriptionKey: 'menu.vendor_management.evaluation_input_desc',
       },
       {
-        titleKey: "menu.vendor_management.pq_status",
-        href: "/evcp/pq_new",
-        descriptionKey: "menu.vendor_management.pq_status_desc",
+        titleKey: 'menu.vendor_management.pq_status',
+        href: '/evcp/pq_new',
+        descriptionKey: 'menu.vendor_management.pq_status_desc',
       },
       {
-        titleKey: "menu.vendor_management.basic_contract",
-        href: "/evcp/basic-contract",
-        descriptionKey: "menu.vendor_management.basic_contract_desc",
+        titleKey: 'menu.vendor_management.basic_contract',
+        href: '/evcp/basic-contract',
+        descriptionKey: 'menu.vendor_management.basic_contract_desc',
       },
       // 벤더풀 관리
       {
-        titleKey: "menu.vendor_management.vendor_pool",
-        href: "/evcp/vendor-pool",
-        descriptionKey: "menu.vendor_management.vendor_pool_desc",
+        titleKey: 'menu.vendor_management.vendor_pool',
+        href: '/evcp/vendor-pool',
+        descriptionKey: 'menu.vendor_management.vendor_pool_desc',
       },
       // avl 관리
       {
-        titleKey: "menu.vendor_management.avl_management",
-        href: "/evcp/avl",
-        descriptionKey: "menu.vendor_management.avl_management_desc",
+        titleKey: 'menu.vendor_management.avl_management',
+        href: '/evcp/avl',
+        descriptionKey: 'menu.vendor_management.avl_management_desc',
       },
       // 기존 project avl
       // {
@@ -234,94 +234,93 @@ export const mainNav: MenuSection[] = [
       //   descriptionKey: "menu.vendor_management.project_avl_desc",
       // },
       {
-        titleKey: "menu.vendor_management.legalReview",
-        href: "/evcp/legal-review",
+        titleKey: 'menu.vendor_management.legalReview',
+        href: '/evcp/legal-review',
         // descriptionKey: "menu.vendor_management.legalReview_desc",
-        groupKey: "groups.legal"
-
+        groupKey: 'groups.legal',
       },
       {
-        titleKey: "menu.vendor_management.legalResponse",
-        href: "/evcp/legal-response",
+        titleKey: 'menu.vendor_management.legalResponse',
+        href: '/evcp/legal-response',
         // descriptionKey: "menu.vendor_management.legalResponse_desc",
-        groupKey: "groups.legal"
-
+        groupKey: 'groups.legal',
       },
       {
-        titleKey: "menu.vendor_management.risk_by_agency",
-        href: "/evcp/risk-management",
-        descriptionKey: "menu.vendor_management.risk_by_agency_desc",
-        groupKey: "groups.risk_management"
+        titleKey: 'menu.vendor_management.risk_by_agency',
+        href: '/evcp/risk-management',
+        descriptionKey: 'menu.vendor_management.risk_by_agency_desc',
+        groupKey: 'groups.risk_management',
       },
       {
-        titleKey: "menu.vendor_management.vendor_regular_registrations",
-        href: "/evcp/vendor-regular-registrations",
-        descriptionKey: "menu.vendor_management.vendor_regular_registrations_desc",
+        titleKey: 'menu.vendor_management.vendor_regular_registrations',
+        href: '/evcp/vendor-regular-registrations',
+        descriptionKey:
+          'menu.vendor_management.vendor_regular_registrations_desc',
       },
       {
-        titleKey: "menu.vendor_management.vendor_consent",
-        href: "/evcp/consent",
-        descriptionKey: "menu.vendor_management.vendor_consent_desc",
+        titleKey: 'menu.vendor_management.vendor_consent',
+        href: '/evcp/consent',
+        descriptionKey: 'menu.vendor_management.vendor_consent_desc',
       },
     ],
   },
   {
-    titleKey: "menu.tech_sales.title",
+    titleKey: 'menu.tech_sales.title',
     useGrouping: true,
     items: [
       {
-        titleKey: "menu.tech_sales.items",
-        href: "/evcp/items-tech",
-        descriptionKey: "menu.tech_sales.items_desc",
-        groupKey: "groups.common"
+        titleKey: 'menu.tech_sales.items',
+        href: '/evcp/items-tech',
+        descriptionKey: 'menu.tech_sales.items_desc',
+        groupKey: 'groups.common',
       },
       {
-        titleKey: "menu.tech_sales.contact_items",
-        href: "/evcp/tech-contact-possible-items",
-        descriptionKey: "menu.tech_sales.contact_items_desc",
-        groupKey: "groups.common"
+        titleKey: 'menu.tech_sales.contact_items',
+        href: '/evcp/tech-contact-possible-items',
+        descriptionKey: 'menu.tech_sales.contact_items_desc',
+        groupKey: 'groups.common',
       },
       {
-        titleKey: "menu.tech_sales.vendors",
-        href: "/evcp/tech-vendors",
-        descriptionKey: "menu.tech_sales.vendors_desc",
-        groupKey: "groups.common"
+        titleKey: 'menu.tech_sales.vendors',
+        href: '/evcp/tech-vendors',
+        descriptionKey: 'menu.tech_sales.vendors_desc',
+        groupKey: 'groups.common',
       },
       {
-        titleKey: "menu.tech_sales.result_transmission",
-        href: "/evcp/tech-project-avl",
-        descriptionKey: "menu.tech_sales.result_transmission_desc",
-        groupKey: "groups.common"
+        titleKey: 'menu.tech_sales.result_transmission',
+        href: '/evcp/tech-project-avl',
+        descriptionKey: 'menu.tech_sales.result_transmission_desc',
+        groupKey: 'groups.common',
       },
       {
-        titleKey: "menu.tech_sales.budgetary_ship",
-        href: "/evcp/budgetary-tech-sales-ship",
-        descriptionKey: "menu.tech_sales.budgetary_ship_desc",
-        groupKey: "groups.rfq_management"
+        titleKey: 'menu.tech_sales.budgetary_ship',
+        href: '/evcp/budgetary-tech-sales-ship',
+        descriptionKey: 'menu.tech_sales.budgetary_ship_desc',
+        groupKey: 'groups.rfq_management',
       },
       {
-        titleKey: "menu.tech_sales.budgetary_top",
-        href: "/evcp/budgetary-tech-sales-top",
-        descriptionKey: "menu.tech_sales.budgetary_top_desc",
-        groupKey: "groups.rfq_management"
+        titleKey: 'menu.tech_sales.budgetary_top',
+        href: '/evcp/budgetary-tech-sales-top',
+        descriptionKey: 'menu.tech_sales.budgetary_top_desc',
+        groupKey: 'groups.rfq_management',
       },
       {
-        titleKey: "menu.tech_sales.budgetary_hull",
-        href: "/evcp/budgetary-tech-sales-hull",
-        descriptionKey: "menu.tech_sales.budgetary_hull_desc",
-        groupKey: "groups.rfq_management"
+        titleKey: 'menu.tech_sales.budgetary_hull',
+        href: '/evcp/budgetary-tech-sales-hull',
+        descriptionKey: 'menu.tech_sales.budgetary_hull_desc',
+        groupKey: 'groups.rfq_management',
       },
-    ]
+    ],
   },
   {
-    titleKey: "menu.procurement.title",
+    titleKey: 'menu.procurement.title',
     useGrouping: true,
     items: [
       {
-        titleKey: "menu.procurement.budget_rfq",
-        href: "/evcp/rfq-last",
+        titleKey: 'menu.procurement.budget_rfq',
+        href: '/evcp/rfq-last',
         // descriptionKey: "menu.procurement.budget_rfq_desc",
-        groupKey: "groups.quote_bid_management"
+        groupKey: 'groups.quote_bid_management',
       },
 
       // {
@@ -331,10 +330,10 @@ export const mainNav: MenuSection[] = [
       //   groupKey: "groups.quote_bid_management"
       // },
       {
-        titleKey: "menu.procurement.bid_management",
-        href: "/evcp/bid",
-        descriptionKey: "menu.procurement.bid_management_desc",
-        groupKey: "groups.quote_bid_management"
+        titleKey: 'menu.procurement.bid_management',
+        href: '/evcp/bid',
+        descriptionKey: 'menu.procurement.bid_management_desc',
+        groupKey: 'groups.quote_bid_management',
       },
       // {
       //   titleKey: "menu.procurement.tbe_ship",
@@ -349,10 +348,10 @@ export const mainNav: MenuSection[] = [
       //   groupKey: "groups.evaluation_management"
       // },
       {
-        titleKey: "menu.procurement.po_issuance",
-        href: "/evcp/po",
-        descriptionKey: "menu.procurement.po_issuance_desc",
-        groupKey: "groups.order_management"
+        titleKey: 'menu.procurement.po_issuance',
+        href: '/evcp/po',
+        descriptionKey: 'menu.procurement.po_issuance_desc',
+        groupKey: 'groups.order_management',
       },
       // {
       //   titleKey: "menu.procurement.po_amendment",
@@ -361,124 +360,124 @@ export const mainNav: MenuSection[] = [
       //   groupKey: "groups.order_management"
       // },
       {
-        titleKey: "menu.procurement.pcr",
-        href: "/evcp/pcr",
-        descriptionKey: "menu.procurement.pcr_desc",
-        groupKey: "groups.order_management"
+        titleKey: 'menu.procurement.pcr',
+        href: '/evcp/pcr',
+        descriptionKey: 'menu.procurement.pcr_desc',
+        groupKey: 'groups.order_management',
       },
       {
-        titleKey: "menu.procurement.general_contract",
-        href: "/evcp/general-contracts",
-        descriptionKey: "menu.procurement.general_contract_desc",
-        groupKey: "groups.order_management"
+        titleKey: 'menu.procurement.general_contract',
+        href: '/evcp/general-contracts',
+        descriptionKey: 'menu.procurement.general_contract_desc',
+        groupKey: 'groups.order_management',
       },
     ],
   },
   {
-    titleKey: "menu.engineering_management.title",
+    titleKey: 'menu.engineering_management.title',
     useGrouping: true,
     items: [
       {
-        titleKey: "menu.engineering_management.tbe",
-        href: "/evcp/tbe-last",
-        descriptionKey: "menu.engineering_management.tbe_desc",
-        groupKey: "groups.engineering_in_procurement"
+        titleKey: 'menu.engineering_management.tbe',
+        href: '/evcp/tbe-last',
+        descriptionKey: 'menu.engineering_management.tbe_desc',
+        groupKey: 'groups.engineering_in_procurement',
       },
       {
-        titleKey: "menu.engineering_management.itb",
-        href: "/evcp/itb-create",
-        descriptionKey: "menu.engineering_management.itb_desc",
-        groupKey: "groups.engineering_in_procurement"
+        titleKey: 'menu.engineering_management.itb',
+        href: '/evcp/itb-create',
+        descriptionKey: 'menu.engineering_management.itb_desc',
+        groupKey: 'groups.engineering_in_procurement',
       },
       {
-        titleKey: "menu.engineering_management.document_list_ship",
-        href: "/evcp/document-list-ship",
-        descriptionKey: "menu.engineering_management.document_list_ship_desc",
-        groupKey: "groups.engineering_management"
+        titleKey: 'menu.engineering_management.document_list_ship',
+        href: '/evcp/document-list-ship',
+        descriptionKey: 'menu.engineering_management.document_list_ship_desc',
+        groupKey: 'groups.engineering_management',
       },
       {
-        titleKey: "menu.engineering_management.document_list_only",
-        href: "/evcp/document-list-only",
-        descriptionKey: "menu.engineering_management.document_list_only_desc",
-        groupKey: "groups.engineering_management"
+        titleKey: 'menu.engineering_management.document_list_only',
+        href: '/evcp/document-list-only',
+        descriptionKey: 'menu.engineering_management.document_list_only_desc',
+        groupKey: 'groups.engineering_management',
       },
       {
-        titleKey: "menu.engineering_management.vendor_data",
-        href: "/evcp/vendor-data",
-        descriptionKey: "menu.engineering_management.vendor_data_desc",
-        groupKey: "groups.engineering_management"
+        titleKey: 'menu.engineering_management.vendor_data',
+        href: '/evcp/vendor-data',
+        descriptionKey: 'menu.engineering_management.vendor_data_desc',
+        groupKey: 'groups.engineering_management',
       },
       {
-        titleKey: "menu.engineering_management.vendor_progress",
-        href: "/evcp/edp-progress",
-        descriptionKey: "menu.engineering_management.vendor_progress_desc",
-        groupKey: "groups.engineering_management"
+        titleKey: 'menu.engineering_management.vendor_progress',
+        href: '/evcp/edp-progress',
+        descriptionKey: 'menu.engineering_management.vendor_progress_desc',
+        groupKey: 'groups.engineering_management',
       },
     ],
   },
   {
-    titleKey: "menu.information_system.title",
+    titleKey: 'menu.information_system.title',
     useGrouping: true,
     items: [
       {
-        titleKey: "menu.information_system.information",
-        href: "/evcp/information",
-        groupKey: "groups.menu"
+        titleKey: 'menu.information_system.information',
+        href: '/evcp/information',
+        groupKey: 'groups.menu',
       },
       {
-        titleKey: "menu.information_system.notice",
-        href: "/evcp/notice",
-        groupKey: "groups.menu"
+        titleKey: 'menu.information_system.notice',
+        href: '/evcp/notice',
+        groupKey: 'groups.menu',
       },
       {
-        titleKey: "menu.information_system.menu_list",
-        href: "/evcp/menu-list",
-        groupKey: "groups.menu"
+        titleKey: 'menu.information_system.menu_list',
+        href: '/evcp/menu-list',
+        groupKey: 'groups.menu',
       },
       {
-        titleKey: "menu.information_system.menu_access",
-        href: "/evcp/menu-access",
-        groupKey: "groups.menu"
+        titleKey: 'menu.information_system.menu_access',
+        href: '/evcp/menu-access',
+        groupKey: 'groups.menu',
       },
       {
-        titleKey: "menu.information_system.menu_access_dept",
-        href: "/evcp/menu-access-dept",
-        groupKey: "groups.menu"
+        titleKey: 'menu.information_system.menu_access_dept',
+        href: '/evcp/menu-access-dept',
+        groupKey: 'groups.menu',
       },
       {
-        titleKey: "menu.information_system.integration_list",
-        href: "/evcp/integration",
-        groupKey: "groups.interface"
+        titleKey: 'menu.information_system.integration_list',
+        href: '/evcp/integration',
+        groupKey: 'groups.interface',
       },
       {
-        titleKey: "menu.information_system.integration_log",
-        href: "/evcp/integration-log",
-        groupKey: "groups.interface"
+        titleKey: 'menu.information_system.integration_log',
+        href: '/evcp/integration-log',
+        groupKey: 'groups.interface',
       },
       {
-        titleKey: "menu.information_system.approval_template",
-        href: "/evcp/approval/template",
-        groupKey: "groups.approval"
+        titleKey: 'menu.information_system.approval_template',
+        href: '/evcp/approval/template',
+        groupKey: 'groups.approval',
       },
       {
-        titleKey: "menu.information_system.approval_log",
-        href: "/evcp/approval/log",
-        groupKey: "groups.approval"
+        titleKey: 'menu.information_system.approval_log',
+        href: '/evcp/approval/log',
+        groupKey: 'groups.approval',
       },
       {
-        titleKey: "menu.information_system.approval_line",
-        href: "/evcp/approval/line",
-        groupKey: "groups.approval"
+        titleKey: 'menu.information_system.approval_line',
+        href: '/evcp/approval/line',
+        groupKey: 'groups.approval',
       },
       {
-        titleKey: "menu.information_system.approval_after",
-        href: "/evcp/approval/after",
-        groupKey: "groups.approval"
+        titleKey: 'menu.information_system.approval_after',
+        href: '/evcp/approval/after',
+        groupKey: 'groups.approval',
       },
       {
-        titleKey: "menu.information_system.email_template",
-        href: "/evcp/email-template",
-        groupKey: "groups.email"
+        titleKey: 'menu.information_system.email_template',
+        href: '/evcp/email-template',
+        groupKey: 'groups.email',
       },
       // {
       //   titleKey: "menu.information_system.email_receiver",
@@ -486,23 +485,27 @@ export const mainNav: MenuSection[] = [
       //   groupKey: "groups.email"
       // },
       {
-        titleKey: "menu.information_system.email_log",
-        href: "/evcp/email-log",
-        groupKey: "groups.email"
+        titleKey: 'menu.information_system.email_log',
+        href: '/evcp/email-log',
+        groupKey: 'groups.email',
+      },
+      {
+        titleKey: 'menu.information_system.email_whitelist',
+        href: '/evcp/email-whitelist',
+        groupKey: 'groups.email',
       },
       {
-        titleKey: "menu.information_system.login_history",
-        href: "/evcp/login-history",
-        groupKey: "groups.access_history"
+        titleKey: 'menu.information_system.login_history',
+        href: '/evcp/login-history',
+        groupKey: 'groups.access_history',
       },
       {
-        titleKey: "menu.information_system.page_visits",
-        href: "/evcp/page-visits",
-        groupKey: "groups.access_history"
+        titleKey: 'menu.information_system.page_visits',
+        href: '/evcp/page-visits',
+        groupKey: 'groups.access_history',
       },
     ],
   },
-
 ];
 
 // 구매 관리 전용 네비게이션
diff --git a/db/schema/emailWhitelist.ts b/db/schema/emailWhitelist.ts
new file mode 100644
index 00000000..485246ee
--- /dev/null
+++ b/db/schema/emailWhitelist.ts
@@ -0,0 +1,27 @@
+/**
+ * 이메일 화이트리스트 관리
+ *
+ * 도메인(domain) 또는 개별 이메일(email)
+ * - domain: 도메인 전체 화이트리스트용 (예: company.com)
+ * - email: 개별 이메일 화이트리스트용 (예: user@company.com)
+ * 설명(description)
+ * 생성일(createdAt)
+ * 생성자(createdBy)
+ * 수정일(updatedAt)
+ * 수정자(updatedBy)
+ *
+ */
+
+import { pgTable, text, integer, serial, varchar, timestamp } from 'drizzle-orm/pg-core';
+import { users } from './users';
+
+export const emailWhitelist = pgTable("email_whitelist", {
+  id: serial("id").primaryKey(),
+  domain: varchar("domain", { length: 255 }), // 도메인 전체용 (nullable)
+  email: varchar("email", { length: 255 }), // 개별 이메일용 (nullable)
+  description: text("description"),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  createdBy: integer("created_by").references(() => users.id),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+  updatedBy: integer("updated_by").references(() => users.id),
+});
diff --git a/db/schema/index.ts b/db/schema/index.ts
index 384c6e9c..0e3daf80 100644
--- a/db/schema/index.ts
+++ b/db/schema/index.ts
@@ -81,4 +81,5 @@ export * from './S_ERP/s_erp';
 export * from './avl/avl';
 export * from './avl/vendor-pool';
 // === Email Logs 스키마 ===
-export * from './emailLogs';
\ No newline at end of file
+export * from './emailLogs';
+export * from './emailWhitelist';
\ No newline at end of file
diff --git a/i18n/locales/en/menu.json b/i18n/locales/en/menu.json
index b0ddeacd..93cc538f 100644
--- a/i18n/locales/en/menu.json
+++ b/i18n/locales/en/menu.json
@@ -195,6 +195,7 @@
         "email_template": "Email Template Management",
         "email_receiver": "Email Recipient Management",
         "email_log": "Email Transmission History Inquiry",
+        "email_whitelist": "Send Email OTP Whitelist Management",
         "login_history": "Login/Logout History Inquiry",
         "page_visits": "Page Access History Inquiry"
         
diff --git a/i18n/locales/ko/menu.json b/i18n/locales/ko/menu.json
index 467123f2..fb3c4e7a 100644
--- a/i18n/locales/ko/menu.json
+++ b/i18n/locales/ko/menu.json
@@ -196,6 +196,7 @@
       "email_template": "이메일 서식 관리",
       "email_receiver": "이메일 수신인 관리",
       "email_log": "이메일 발신 이력 조회",
+      "email_whitelist": "이메일 OTP 화이트리스트 관리",
       "login_history": "로그인/아웃 이력 조회",
       "page_visits": "페이지 접속 이력 조회"
     },
diff --git a/lib/email-whitelist/service.ts b/lib/email-whitelist/service.ts
new file mode 100644
index 00000000..d7e968b0
--- /dev/null
+++ b/lib/email-whitelist/service.ts
@@ -0,0 +1,577 @@
+'use server';
+
+/* IMPORT */
+import { and, asc, count, desc, eq, ilike, or, sql, type SQL, type InferSelectModel, inArray } from 'drizzle-orm';
+import { authOptions } from '@/app/api/auth/[...nextauth]/route';
+import db from '@/db/db';
+import { getServerSession } from 'next-auth';
+import { type Filter } from '@/types/table';
+import {
+  emailWhitelist,
+} from '@/db/schema/emailWhitelist';
+import { users } from '@/db/schema/users';
+import { revalidatePath } from 'next/cache';
+
+// ----------------------------------------------------------------------------------------------------
+
+/* TYPES */
+export type EmailWhitelist = InferSelectModel<typeof emailWhitelist> & {
+  createdByName?: string;
+  updatedByName?: string;
+  type?: 'domain' | 'email'; // 표시용 타입
+  displayValue?: string; // 표시할 값 (domain 또는 email)
+}
+
+// ===========================================
+// Helper Functions
+// ===========================================
+
+/**
+ * 이메일 유효성 검증
+ */
+function validateEmail(email: string): { isValid: boolean; error?: string } {
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+  if (!emailRegex.test(email)) {
+    return { isValid: false, error: '올바른 이메일 형식이 아닙니다.' };
+  }
+
+  // 길이 제한
+  if (email.length > 255) {
+    return { isValid: false, error: '이메일은 255자를 초과할 수 없습니다.' };
+  }
+
+  return { isValid: true };
+}
+
+/**
+ * 도메인 유효성 검증
+ */
+function validateDomain(domain: string): { isValid: boolean; error?: string } {
+  // 도메인 검증: 최소 하나의 .이 있어야 하고, TLD가 있어야 함
+  // 예: company.com, sub.company.com, company.co.kr
+  const domainRegex = /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$/;
+
+  if (!domainRegex.test(domain)) {
+    return { isValid: false, error: '올바른 도메인 형식이 아닙니다. 최소 1개의 TLD가 필요합니다.' };
+  }
+
+  // 길이 제한
+  if (domain.length > 255) {
+    return { isValid: false, error: '도메인은 255자를 초과할 수 없습니다.' };
+  }
+
+  return { isValid: true };
+}
+
+/**
+ * 입력값이 이메일인지 도메인인지 판별
+ */
+function determineType(value: string): 'email' | 'domain' {
+  return value.includes('@') ? 'email' : 'domain';
+}
+
+/**
+ * 화이트리스트 항목 중복 검증
+ */
+async function checkWhitelistExists(value: string, type: 'email' | 'domain', excludeId?: number): Promise<boolean> {
+  let whereCondition;
+
+  if (type === 'email') {
+    whereCondition = eq(emailWhitelist.email, value);
+  } else {
+    whereCondition = eq(emailWhitelist.domain, value);
+  }
+
+  const existing = await db
+    .select({ id: emailWhitelist.id })
+    .from(emailWhitelist)
+    .where(whereCondition)
+    .limit(1);
+
+  if (existing.length === 0) return false;
+  if (excludeId && existing[0].id === excludeId) return false;
+
+  return true;
+}
+
+// ===========================================
+// CRUD Operations
+// ===========================================
+
+/**
+ * 이메일 화이트리스트 목록 조회
+ */
+export async function getEmailWhitelistList({
+  page = 1,
+  perPage = 10,
+  search,
+  sort = 'createdAt.desc',
+  filters,
+}: {
+  page?: number;
+  perPage?: number;
+  search?: string;
+  sort?: string;
+  filters?: Filter<EmailWhitelist>[];
+} = {}) {
+  try {
+    const session = await getServerSession(authOptions);
+    if (!session?.user?.id) {
+      throw new Error('인증이 필요합니다.');
+    }
+
+    const offset = (page - 1) * perPage;
+
+    // 정렬 처리
+    let orderBy: SQL<unknown>;
+    const [sortField, sortOrder] = sort.split('.');
+
+    // 계산된 필드에 대한 정렬 매핑
+    const sortFieldMapping: Record<string, string> = {
+      'displayValue': 'domain', // displayValue는 domain 우선으로 정렬
+      'createdByName': 'createdAt', // 이름 정렬 대신 생성일로 정렬
+      'updatedByName': 'updatedAt', // 이름 정렬 대신 수정일로 정렬
+    };
+
+    const actualSortField = sortFieldMapping[sortField] || sortField;
+
+    if (actualSortField === 'domain') {
+      orderBy = sortOrder === 'desc' ? desc(emailWhitelist.domain) : asc(emailWhitelist.domain);
+    } else if (actualSortField === 'email') {
+      orderBy = sortOrder === 'desc' ? desc(emailWhitelist.email) : asc(emailWhitelist.email);
+    } else if (actualSortField === 'description') {
+      orderBy = sortOrder === 'desc' ? desc(emailWhitelist.description) : asc(emailWhitelist.description);
+    } else if (actualSortField === 'createdAt') {
+      orderBy = sortOrder === 'desc' ? desc(emailWhitelist.createdAt) : asc(emailWhitelist.createdAt);
+    } else if (actualSortField === 'updatedAt') {
+      orderBy = sortOrder === 'desc' ? desc(emailWhitelist.updatedAt) : asc(emailWhitelist.updatedAt);
+    } else {
+      orderBy = desc(emailWhitelist.createdAt);
+    }
+
+    // 필터 조건들
+    const filterConditions: SQL<unknown>[] = [];
+
+    // 검색 필터
+    if (search) {
+      const searchCondition = or(
+        ilike(emailWhitelist.domain, `%${search}%`),
+        ilike(emailWhitelist.email, `%${search}%`),
+        ilike(emailWhitelist.description, `%${search}%`)
+      ) as SQL<unknown>;
+      filterConditions.push(searchCondition);
+    }
+
+    // 고급 필터
+    if (filters && filters.length > 0) {
+      for (const filter of filters) {
+        const { id, value, operator = 'iLike' } = filter;
+
+        // string[] 타입은 지원하지 않음 (select 필터용)
+        if (!value || typeof value !== 'string') continue;
+
+        let condition: SQL<unknown> | undefined;
+
+        switch (id) {
+          case 'displayValue':
+            // displayValue는 domain이나 email 중 하나를 포함하므로 둘 다 검색
+            if (operator === 'iLike') {
+              condition = or(
+                ilike(emailWhitelist.domain, `%${value}%`),
+                ilike(emailWhitelist.email, `%${value}%`)
+              );
+            } else if (operator === 'eq') {
+              condition = or(
+                eq(emailWhitelist.domain, value),
+                eq(emailWhitelist.email, value)
+              );
+            }
+            break;
+          case 'domain':
+            if (operator === 'iLike') {
+              condition = ilike(emailWhitelist.domain, `%${value}%`);
+            } else if (operator === 'eq') {
+              condition = eq(emailWhitelist.domain, value);
+            }
+            break;
+          case 'email':
+            if (operator === 'iLike') {
+              condition = ilike(emailWhitelist.email, `%${value}%`);
+            } else if (operator === 'eq') {
+              condition = eq(emailWhitelist.email, value);
+            }
+            break;
+          case 'description':
+            if (operator === 'iLike') {
+              condition = ilike(emailWhitelist.description, `%${value}%`);
+            } else if (operator === 'eq') {
+              condition = eq(emailWhitelist.description, value);
+            }
+            break;
+          case 'createdAt':
+            if (operator === 'gte' && value) {
+              condition = sql`${emailWhitelist.createdAt} >= ${value}`;
+            } else if (operator === 'lte' && value) {
+              condition = sql`${emailWhitelist.createdAt} <= ${value}`;
+            }
+            break;
+          case 'updatedAt':
+            if (operator === 'gte' && value) {
+              condition = sql`${emailWhitelist.updatedAt} >= ${value}`;
+            } else if (operator === 'lte' && value) {
+              condition = sql`${emailWhitelist.updatedAt} <= ${value}`;
+            }
+            break;
+        }
+
+        if (condition) {
+          filterConditions.push(condition);
+        }
+      }
+    }
+
+    // 데이터 조회 (기본 데이터)
+    const query = db
+      .select()
+      .from(emailWhitelist)
+
+    if (filterConditions.length > 0) {
+      query.where(and(...filterConditions))
+    }
+
+    const rawData = await query
+      .orderBy(orderBy)
+      .limit(perPage)
+      .offset(offset);
+
+    // 사용자 ID들 수집
+    const userIds = new Set<number>();
+    rawData.forEach(item => {
+      if (item.createdBy) userIds.add(item.createdBy);
+      if (item.updatedBy) userIds.add(item.updatedBy);
+    });
+
+    // 사용자 정보 조회
+    const userMap = new Map<number, string>();
+    if (userIds.size > 0) {
+      const userData = await db
+        .select({ id: users.id, name: users.name })
+        .from(users)
+        .where(inArray(users.id, Array.from(userIds)));
+
+      userData.forEach(user => {
+        userMap.set(user.id, user.name);
+      });
+    }
+
+    // 데이터에 사용자 이름과 타입 정보 추가
+    const data: EmailWhitelist[] = rawData.map(item => {
+      const displayValue = item.email || item.domain || '';
+      const type = displayValue.includes('@') ? 'email' : 'domain';
+
+      return {
+        ...item,
+        createdByName: item.createdBy ? userMap.get(item.createdBy) : undefined,
+        updatedByName: item.updatedBy ? userMap.get(item.updatedBy) : undefined,
+        type,
+        displayValue,
+      };
+    });
+
+    // 전체 개수 조회
+    const countQuery = db
+      .select({ count: count() })
+      .from(emailWhitelist)
+
+    if (filterConditions.length > 0) {
+      countQuery.where(and(...filterConditions))
+    }
+
+    const totalResult = await countQuery;
+
+    const total = totalResult[0].count;
+    const pageCount = Math.ceil(total / perPage);
+
+    return {
+      data,
+      pageCount,
+      total,
+    };
+  } catch (error) {
+    throw new Error(error instanceof Error ? error.message : '목록 조회에 실패했습니다.');
+  }
+}
+
+/**
+ * 이메일 화이트리스트 생성
+ */
+export async function createEmailWhitelistAction(data: {
+  value: string; // 이메일 주소 또는 도메인
+  description?: string;
+}) {
+  try {
+    const session = await getServerSession(authOptions);
+    if (!session?.user?.id) {
+      return {
+        success: false,
+        error: '인증이 필요합니다.'
+      };
+    }
+
+    const type = determineType(data.value);
+
+    // 유효성 검증
+    let validation;
+    if (type === 'email') {
+      validation = validateEmail(data.value);
+    } else {
+      validation = validateDomain(data.value);
+    }
+
+    if (!validation.isValid) {
+      return {
+        success: false,
+        error: validation.error
+      };
+    }
+
+    // 중복 검증
+    const exists = await checkWhitelistExists(data.value.toLowerCase(), type);
+    if (exists) {
+      return {
+        success: false,
+        error: type === 'email' ? '이미 등록된 이메일입니다.' : '이미 등록된 도메인입니다.'
+      };
+    }
+
+    // 생성
+    const insertData: {
+      description?: string;
+      createdBy: number;
+      updatedBy: number;
+      domain?: string | null;
+      email?: string | null;
+    } = {
+      description: data.description,
+      createdBy: Number(session.user.id),
+      updatedBy: Number(session.user.id),
+      domain: null,
+      email: null,
+    };
+
+    if (type === 'email') {
+      insertData.email = data.value.toLowerCase();
+    } else {
+      insertData.domain = data.value.toLowerCase();
+    }
+
+    const [result] = await db
+      .insert(emailWhitelist)
+      .values(insertData)
+      .returning();
+
+    revalidatePath('/evcp/system/whitelist');
+
+    return {
+      success: true,
+      data: result
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : '생성에 실패했습니다.'
+    };
+  }
+}
+
+/**
+ * 이메일 화이트리스트 수정
+ */
+export async function updateEmailWhitelistAction(data: {
+  id: number;
+  value: string; // 이메일 주소 또는 도메인
+  description?: string;
+}) {
+  try {
+    const session = await getServerSession(authOptions);
+    if (!session?.user?.id) {
+      return {
+        success: false,
+        error: '인증이 필요합니다.'
+      };
+    }
+
+    const type = determineType(data.value);
+
+    // 유효성 검증
+    let validation;
+    if (type === 'email') {
+      validation = validateEmail(data.value);
+    } else {
+      validation = validateDomain(data.value);
+    }
+
+    if (!validation.isValid) {
+      return {
+        success: false,
+        error: validation.error
+      };
+    }
+
+    // 중복 검증
+    const exists = await checkWhitelistExists(data.value.toLowerCase(), type, data.id);
+    if (exists) {
+      return {
+        success: false,
+        error: type === 'email' ? '이미 등록된 이메일입니다.' : '이미 등록된 도메인입니다.'
+      };
+    }
+
+    // 수정
+    const updateData: {
+      description?: string;
+      updatedBy: number;
+      updatedAt: ReturnType<typeof sql>;
+      domain: string | null;
+      email: string | null;
+    } = {
+      description: data.description,
+      updatedBy: Number(session.user.id),
+      updatedAt: sql`NOW()`,
+      domain: null,
+      email: null,
+    };
+
+    if (type === 'email') {
+      updateData.email = data.value.toLowerCase();
+    } else {
+      updateData.domain = data.value.toLowerCase();
+    }
+
+    const [result] = await db
+      .update(emailWhitelist)
+      .set(updateData)
+      .where(eq(emailWhitelist.id, data.id))
+      .returning();
+
+    if (!result) {
+      return {
+        success: false,
+        error: '수정할 데이터를 찾을 수 없습니다.'
+      };
+    }
+
+    revalidatePath('/evcp/system/whitelist');
+
+    return {
+      success: true,
+      data: result
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : '수정에 실패했습니다.'
+    };
+  }
+}
+
+/**
+ * 이메일 화이트리스트 삭제
+ */
+export async function deleteEmailWhitelistAction(ids: number[]) {
+  try {
+    const session = await getServerSession(authOptions);
+    if (!session?.user?.id) {
+      return {
+        success: false,
+        error: '인증이 필요합니다.'
+      };
+    }
+
+    // 삭제
+    await db
+      .delete(emailWhitelist)
+      .where(inArray(emailWhitelist.id, ids));
+
+    revalidatePath('/evcp/system/whitelist');
+
+    return {
+      success: true
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : '삭제에 실패했습니다.'
+    };
+  }
+}
+
+/**
+ * 단일 이메일 화이트리스트 조회
+ */
+export async function getEmailWhitelistById(id: number) {
+  try {
+    const session = await getServerSession(authOptions);
+    if (!session?.user?.id) {
+      throw new Error('인증이 필요합니다.');
+    }
+
+    const [result] = await db
+      .select()
+      .from(emailWhitelist)
+      .where(eq(emailWhitelist.id, id))
+      .limit(1);
+
+    if (!result) {
+      throw new Error('데이터를 찾을 수 없습니다.');
+    }
+
+    return result;
+  } catch (error) {
+    throw new Error(error instanceof Error ? error.message : '조회에 실패했습니다.');
+  }
+}
+
+/**
+ * 이메일 주소가 화이트리스트에 등록되어 있는지 확인
+ * @param email - 확인할 이메일 주소
+ * @returns 화이트리스트에 등록되어 있으면 true, 아니면 false
+ */
+export async function isEmailWhitelisted(email: string): Promise<boolean> {
+  try {
+    if (!email) return false;
+
+    const normalizedEmail = email.toLowerCase().trim();
+    
+    // 이메일에서 도메인 추출
+    const emailParts = normalizedEmail.split('@');
+    if (emailParts.length !== 2) return false;
+    
+    const domain = emailParts[1];
+
+    // 1. 개별 이메일이 화이트리스트에 있는지 확인
+    const exactEmailMatch = await db
+      .select({ id: emailWhitelist.id })
+      .from(emailWhitelist)
+      .where(eq(emailWhitelist.email, normalizedEmail))
+      .limit(1);
+
+    if (exactEmailMatch.length > 0) {
+      return true;
+    }
+
+    // 2. 도메인이 화이트리스트에 있는지 확인
+    const domainMatch = await db
+      .select({ id: emailWhitelist.id })
+      .from(emailWhitelist)
+      .where(eq(emailWhitelist.domain, domain))
+      .limit(1);
+
+    return domainMatch.length > 0;
+  } catch (error) {
+    console.error('화이트리스트 확인 중 오류:', error);
+    // 오류 발생 시 안전하게 false 반환 (기본 SMS 인증 사용)
+    return false;
+  }
+}
diff --git a/lib/email-whitelist/table/create-whitelist-dialog.tsx b/lib/email-whitelist/table/create-whitelist-dialog.tsx
new file mode 100644
index 00000000..d82ac168
--- /dev/null
+++ b/lib/email-whitelist/table/create-whitelist-dialog.tsx
@@ -0,0 +1,179 @@
+'use client'
+
+import * as React from "react"
+import { zodResolver } from "@hookform/resolvers/zod"
+import { Loader } from "lucide-react"
+import { useForm } from "react-hook-form"
+import { toast } from "sonner"
+import { z } from "zod"
+import { useSession } from "next-auth/react"
+
+import { Button } from "@/components/ui/button"
+import {
+    Dialog,
+    DialogContent,
+    DialogDescription,
+    DialogFooter,
+    DialogHeader,
+    DialogTitle,
+} from "@/components/ui/dialog"
+import {
+    Form,
+    FormControl,
+    FormDescription,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage,
+} from "@/components/ui/form"
+import { Input } from "@/components/ui/input"
+import { Textarea } from "@/components/ui/textarea"
+
+import { createEmailWhitelistAction } from "../service"
+
+// Validation Schema
+const createWhitelistSchema = z.object({
+    value: z.string()
+        .min(1, "값은 필수입니다")
+        .max(255, "값은 255자를 초과할 수 없습니다")
+        .refine((value) => {
+            // 이메일 형식 또는 도메인 형식 중 하나여야 함
+            const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+            // 도메인 검증: 최소 하나의 .이 있어야 하고, TLD가 있어야 함
+            // 예: company.com, sub.company.com, company.co.kr
+            const domainRegex = /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$/;
+
+            return emailRegex.test(value) || domainRegex.test(value);
+        }, "올바른 이메일 주소 또는 도메인 형식이 아닙니다 (도메인은 최소 1개의 TLD가 필요합니다)"),
+    description: z.string().max(500, "설명은 500자 이하여야 합니다").optional(),
+})
+
+type CreateWhitelistSchema = z.infer<typeof createWhitelistSchema>
+
+interface CreateWhitelistDialogProps
+    extends Omit<React.ComponentPropsWithRef<typeof Dialog>, 'children'> {
+    open?: boolean
+    onOpenChange?: (open: boolean) => void
+}
+
+export function CreateWhitelistDialog({ ...props }: CreateWhitelistDialogProps) {
+    const [isCreatePending, startCreateTransition] = React.useTransition()
+    const { data: session } = useSession();
+
+    const form = useForm<CreateWhitelistSchema>({
+        resolver: zodResolver(createWhitelistSchema),
+        defaultValues: {
+            value: "",
+            description: "",
+        },
+    })
+
+    // 입력값 소문자 변환
+    React.useEffect(() => {
+        const watchedValue = form.watch("value")
+        if (watchedValue && watchedValue !== watchedValue.toLowerCase()) {
+            form.setValue("value", watchedValue.toLowerCase())
+        }
+    }, [form])
+
+    function onSubmit(input: CreateWhitelistSchema) {
+        startCreateTransition(async () => {
+            if (!session?.user?.id) {
+                toast.error("로그인이 필요합니다")
+                return
+            }
+
+            const { error } = await createEmailWhitelistAction({
+                value: input.value,
+                description: input.description,
+            })
+
+            if (error) {
+                toast.error(error)
+                return
+            }
+
+            form.reset()
+            props.onOpenChange?.(false)
+            toast.success("화이트리스트 도메인이 추가되었습니다")
+        })
+    }
+
+    return (
+        <Dialog {...props}>
+            <DialogContent className="sm:max-w-[425px]">
+                <DialogHeader>
+                    <DialogTitle>화이트리스트 추가</DialogTitle>
+                    <DialogDescription>
+                        SMS 인증을 우회할 이메일 주소 또는 도메인을 추가합니다. 등록된 이메일이나 도메인의 주소로 로그인 시 SMS 인증을 건너뜁니다.
+                    </DialogDescription>
+                </DialogHeader>
+                <Form {...form}>
+                    <form
+                        onSubmit={form.handleSubmit(onSubmit)}
+                        className="space-y-4"
+                    >
+                        <FormField
+                            control={form.control}
+                            name="value"
+                            render={({ field }) => (
+                                <FormItem>
+                                    <FormLabel>이메일 주소 또는 도메인</FormLabel>
+                                    <FormControl>
+                                        <Input
+                                            placeholder="예: user@company.com 또는 company.com"
+                                            {...field}
+                                        />
+                                    </FormControl>
+                                    <FormDescription>
+                                        이메일 주소나 도메인을 입력하세요. @가 포함되면 개별 이메일로, 그렇지 않으면 도메인 전체로 등록됩니다. 도메인은 최소 1개의 TLD가 필요합니다.
+                                    </FormDescription>
+                                    <FormMessage />
+                                </FormItem>
+                            )}
+                        />
+
+                        <FormField
+                            control={form.control}
+                            name="description"
+                            render={({ field }) => (
+                                <FormItem>
+                                    <FormLabel>설명 (선택사항)</FormLabel>
+                                    <FormControl>
+                                        <Textarea
+                                            placeholder="도메인에 대한 설명을 입력하세요"
+                                            className="min-h-[80px]"
+                                            {...field}
+                                        />
+                                    </FormControl>
+                                    <FormMessage />
+                                </FormItem>
+                            )}
+                        />
+
+                        <DialogFooter>
+                            <Button
+                                type="button"
+                                variant="outline"
+                                onClick={() => props.onOpenChange?.(false)}
+                                disabled={isCreatePending}
+                            >
+                                취소
+                            </Button>
+                            <Button disabled={isCreatePending}>
+                                {isCreatePending && (
+                                    <Loader
+                                        className="mr-2 size-4 animate-spin"
+                                        aria-hidden="true"
+                                    />
+                                )}
+                                추가
+                            </Button>
+                        </DialogFooter>
+                    </form>
+                </Form>
+            </DialogContent>
+        </Dialog>
+    )
+}
diff --git a/lib/email-whitelist/table/delete-whitelist-dialog.tsx b/lib/email-whitelist/table/delete-whitelist-dialog.tsx
new file mode 100644
index 00000000..c01e675b
--- /dev/null
+++ b/lib/email-whitelist/table/delete-whitelist-dialog.tsx
@@ -0,0 +1,137 @@
+// delete-whitelist-dialog.tsx
+"use client"
+
+import * as React from "react"
+import { Loader, Trash } from "lucide-react"
+import { toast } from "sonner"
+
+import { Button } from "@/components/ui/button"
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+} from "@/components/ui/dialog"
+import { type EmailWhitelist } from "../service"
+
+import { deleteEmailWhitelistAction } from "../service"
+
+interface DeleteWhitelistDialogProps
+  extends React.ComponentPropsWithRef<typeof Dialog> {
+  whitelists: EmailWhitelist[]
+  showTrigger?: boolean
+  onSuccess?: () => void
+}
+
+export function DeleteWhitelistDialog({
+  whitelists,
+  showTrigger = true,
+  onSuccess,
+  ...props
+}: DeleteWhitelistDialogProps) {
+  const [isDeletePending, startDeleteTransition] = React.useTransition()
+
+  const isMultiple = whitelists.length > 1
+  const whitelistInfo = isMultiple ? `${whitelists.length}개 도메인` : whitelists[0]?.domain
+
+  function onDelete() {
+    startDeleteTransition(async () => {
+      const ids = whitelists.map(w => w.id)
+      const { error } = await deleteEmailWhitelistAction(ids)
+
+      if (error) {
+        toast.error(error)
+        return
+      }
+
+      props.onOpenChange?.(false)
+      onSuccess?.()
+      toast.success(
+        isMultiple
+          ? `${whitelists.length}개 도메인이 삭제되었습니다`
+          : "도메인이 삭제되었습니다"
+      )
+    })
+  }
+
+  return (
+    <Dialog {...props}>
+      {showTrigger && (
+        <DialogTrigger asChild>
+          <Button
+            variant="outline"
+            size="sm"
+            className="text-destructive hover:text-destructive"
+          >
+            <Trash className="mr-2 size-4" aria-hidden="true" />
+            삭제
+          </Button>
+        </DialogTrigger>
+      )}
+      <DialogContent>
+        <DialogHeader>
+          <DialogTitle>화이트리스트 도메인 삭제 확인</DialogTitle>
+          <DialogDescription>
+            정말로 <strong>{whitelistInfo}</strong>을(를) 삭제하시겠습니까?
+            {!isMultiple && (
+              <>
+                <br />
+                이 작업은 되돌릴 수 없습니다.
+              </>
+            )}
+          </DialogDescription>
+        </DialogHeader>
+
+        {/* 삭제될 도메인 목록 표시 */}
+        {whitelists.length > 0 && (
+          <div className="rounded-lg bg-muted p-3 max-h-40 overflow-y-auto">
+            <h4 className="text-sm font-medium mb-2">삭제될 항목</h4>
+            <div className="space-y-1">
+              {whitelists.map((whitelist) => {
+                const displayValue = whitelist.email || whitelist.domain || '';
+                const isEmail = displayValue.includes('@');
+
+                return (
+                  <div key={whitelist.id} className="text-xs text-muted-foreground">
+                    <div className="font-medium font-mono">
+                      {isEmail ? displayValue : `@${displayValue}`}
+                    </div>
+                    {whitelist.description && (
+                      <div className="text-xs">{whitelist.description}</div>
+                    )}
+                  </div>
+                );
+              })}
+            </div>
+          </div>
+        )}
+
+        <DialogFooter>
+          <Button
+            variant="outline"
+            onClick={() => props.onOpenChange?.(false)}
+            disabled={isDeletePending}
+          >
+            취소
+          </Button>
+          <Button
+            variant="destructive"
+            onClick={onDelete}
+            disabled={isDeletePending}
+          >
+            {isDeletePending && (
+              <Loader
+                className="mr-2 size-4 animate-spin"
+                aria-hidden="true"
+              />
+            )}
+            {isMultiple ? `${whitelists.length}개 삭제` : "삭제"}
+          </Button>
+        </DialogFooter>
+      </DialogContent>
+    </Dialog>
+  )
+}
diff --git a/lib/email-whitelist/table/update-whitelist-dialog.tsx b/lib/email-whitelist/table/update-whitelist-dialog.tsx
new file mode 100644
index 00000000..2a798e30
--- /dev/null
+++ b/lib/email-whitelist/table/update-whitelist-dialog.tsx
@@ -0,0 +1,193 @@
+'use client'
+
+import * as React from "react"
+import { zodResolver } from "@hookform/resolvers/zod"
+import { Loader } from "lucide-react"
+import { useForm } from "react-hook-form"
+import { toast } from "sonner"
+import { z } from "zod"
+import { useSession } from "next-auth/react"
+
+import { Button } from "@/components/ui/button"
+import {
+    Dialog,
+    DialogContent,
+    DialogDescription,
+    DialogFooter,
+    DialogHeader,
+    DialogTitle,
+} from "@/components/ui/dialog"
+import {
+    Form,
+    FormControl,
+    FormDescription,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage,
+} from "@/components/ui/form"
+import { Input } from "@/components/ui/input"
+import { Textarea } from "@/components/ui/textarea"
+
+import { updateEmailWhitelistAction, type EmailWhitelist } from "../service"
+
+// Validation Schema
+const updateWhitelistSchema = z.object({
+    value: z.string()
+        .min(1, "값은 필수입니다")
+        .max(255, "값은 255자를 초과할 수 없습니다")
+        .refine((value) => {
+            // 이메일 형식 또는 도메인 형식 중 하나여야 함
+            const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+            // 도메인 검증: 최소 하나의 .이 있어야 하고, TLD가 있어야 함
+            // 예: company.com, sub.company.com, company.co.kr
+            const domainRegex = /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$/;
+
+            return emailRegex.test(value) || domainRegex.test(value);
+        }, "올바른 이메일 주소 또는 도메인 형식이 아닙니다 (도메인은 최소 1개의 TLD가 필요합니다)"),
+    description: z.string().max(500, "설명은 500자 이하여야 합니다").optional(),
+})
+
+type UpdateWhitelistSchema = z.infer<typeof updateWhitelistSchema>
+
+interface UpdateWhitelistDialogProps
+    extends React.ComponentPropsWithRef<typeof Dialog> {
+    whitelist?: EmailWhitelist | null
+}
+
+export function UpdateWhitelistDialog({ whitelist, ...props }: UpdateWhitelistDialogProps) {
+    const [isUpdatePending, startUpdateTransition] = React.useTransition()
+    const { data: session } = useSession();
+
+    const form = useForm<UpdateWhitelistSchema>({
+        resolver: zodResolver(updateWhitelistSchema),
+        defaultValues: {
+            value: "",
+            description: "",
+        },
+    })
+
+    // 화이트리스트 데이터가 변경되면 폼 초기화
+    React.useEffect(() => {
+        if (whitelist) {
+            form.reset({
+                value: whitelist.displayValue || "",
+                description: whitelist.description || "",
+            })
+        }
+    }, [whitelist, form])
+
+    // 입력값 소문자 변환
+    React.useEffect(() => {
+        const watchedValue = form.watch("value")
+        if (watchedValue && watchedValue !== watchedValue.toLowerCase()) {
+            form.setValue("value", watchedValue.toLowerCase())
+        }
+    }, [form])
+
+    function onSubmit(input: UpdateWhitelistSchema) {
+        startUpdateTransition(async () => {
+            if (!session?.user?.id) {
+                toast.error("로그인이 필요합니다")
+                return
+            }
+
+            if (!whitelist) {
+                toast.error("수정할 데이터를 찾을 수 없습니다")
+                return
+            }
+
+            const { error } = await updateEmailWhitelistAction({
+                id: whitelist.id,
+                value: input.value,
+                description: input.description,
+            })
+
+            if (error) {
+                toast.error(error)
+                return
+            }
+
+            props.onOpenChange?.(false)
+            toast.success("화이트리스트 도메인이 수정되었습니다")
+        })
+    }
+
+    return (
+        <Dialog {...props}>
+            <DialogContent className="sm:max-w-[425px]">
+                <DialogHeader>
+                    <DialogTitle>화이트리스트 수정</DialogTitle>
+                    <DialogDescription>
+                        화이트리스트 정보를 수정합니다.
+                    </DialogDescription>
+                </DialogHeader>
+                <Form {...form}>
+                    <form
+                        onSubmit={form.handleSubmit(onSubmit)}
+                        className="space-y-4"
+                    >
+                        <FormField
+                            control={form.control}
+                            name="value"
+                            render={({ field }) => (
+                                <FormItem>
+                                    <FormLabel>이메일 주소 또는 도메인</FormLabel>
+                                    <FormControl>
+                                        <Input
+                                            placeholder="예: user@company.com 또는 company.com"
+                                            {...field}
+                                        />
+                                    </FormControl>
+                                    <FormDescription>
+                                        이메일 주소나 도메인을 입력하세요. @가 포함되면 개별 이메일로, 그렇지 않으면 도메인 전체로 등록됩니다. 도메인은 최소 1개의 TLD가 필요합니다.
+                                    </FormDescription>
+                                    <FormMessage />
+                                </FormItem>
+                            )}
+                        />
+
+                        <FormField
+                            control={form.control}
+                            name="description"
+                            render={({ field }) => (
+                                <FormItem>
+                                    <FormLabel>설명 (선택사항)</FormLabel>
+                                    <FormControl>
+                                        <Textarea
+                                            placeholder="도메인에 대한 설명을 입력하세요"
+                                            className="min-h-[80px]"
+                                            {...field}
+                                        />
+                                    </FormControl>
+                                    <FormMessage />
+                                </FormItem>
+                            )}
+                        />
+
+                        <DialogFooter>
+                            <Button
+                                type="button"
+                                variant="outline"
+                                onClick={() => props.onOpenChange?.(false)}
+                                disabled={isUpdatePending}
+                            >
+                                취소
+                            </Button>
+                            <Button disabled={isUpdatePending}>
+                                {isUpdatePending && (
+                                    <Loader
+                                        className="mr-2 size-4 animate-spin"
+                                        aria-hidden="true"
+                                    />
+                                )}
+                                수정
+                            </Button>
+                        </DialogFooter>
+                    </form>
+                </Form>
+            </DialogContent>
+        </Dialog>
+    )
+}
diff --git a/lib/email-whitelist/table/whitelist-table-columns.tsx b/lib/email-whitelist/table/whitelist-table-columns.tsx
new file mode 100644
index 00000000..2533d863
--- /dev/null
+++ b/lib/email-whitelist/table/whitelist-table-columns.tsx
@@ -0,0 +1,208 @@
+'use client';
+
+/* IMPORT */
+import { Badge } from '@/components/ui/badge';
+import { Button } from '@/components/ui/button';
+import { Checkbox } from '@/components/ui/checkbox';
+import { MoreHorizontal, Trash, Pencil } from 'lucide-react';
+import { DataTableColumnHeaderSimple } from '@/components/data-table/data-table-column-simple-header';
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuSeparator,
+  DropdownMenuTrigger,
+} from '@/components/ui/dropdown-menu';
+import { formatDate } from '@/lib/utils';
+import { type ColumnDef } from '@tanstack/react-table';
+import { type Dispatch, type SetStateAction } from 'react';
+import { type DataTableRowAction } from '@/types/table';
+import { type EmailWhitelist } from '../service';
+
+// ----------------------------------------------------------------------------------------------------
+
+/* TYPES */
+interface GetColumnsProps {
+  setRowAction: Dispatch<SetStateAction<DataTableRowAction<EmailWhitelist> | null>>;
+}
+
+// ----------------------------------------------------------------------------------------------------
+
+/* FUNCTION FOR GETTING COLUMNS SETTING */
+export function getColumns({ setRowAction }: GetColumnsProps): ColumnDef<EmailWhitelist>[] {
+  return [
+    // [1] Checkbox Column
+    {
+      id: 'select',
+      header: ({ table }) => (
+        <Checkbox
+          checked={
+            table.getIsAllPageRowsSelected() ||
+            (table.getIsSomePageRowsSelected() && 'indeterminate')
+          }
+          onCheckedChange={(value) => table.toggleAllPageRowsSelected(!!value)}
+          aria-label="Select all"
+          className="translate-y-0.5"
+        />
+      ),
+      cell: ({ row }) => (
+        <Checkbox
+          checked={row.getIsSelected()}
+          onCheckedChange={(value) => row.toggleSelected(!!value)}
+          aria-label="Select row"
+          className="translate-y-0.5"
+        />
+      ),
+      enableSorting: false,
+      enableHiding: false,
+    },
+
+    // [2] ID Column
+    {
+      accessorKey: 'id',
+      header: ({ column }) => (
+        <DataTableColumnHeaderSimple column={column} title="ID" />
+      ),
+      cell: ({ row }) => <div>{row.getValue('id')}</div>,
+      enableSorting: false,
+      enableHiding: false,
+      size: 80,
+    },
+
+    // [3] Email/Domain Column
+    {
+      accessorKey: 'displayValue',
+      header: ({ column }) => (
+        <DataTableColumnHeaderSimple column={column} title="이메일/도메인" />
+      ),
+      cell: ({ row }) => {
+        const displayValue = row.getValue('displayValue') as string;
+        const isEmail = displayValue.includes('@');
+
+        return (
+          <div className="flex space-x-2">
+            <Badge variant={isEmail ? 'default' : 'outline'} className="font-mono">
+              {isEmail ? displayValue : `@${displayValue}`}
+            </Badge>
+          </div>
+        );
+      },
+      enableSorting: false,
+      size: 220,
+    },
+
+    // [4] Description Column
+    {
+      accessorKey: 'description',
+      header: ({ column }) => (
+        <DataTableColumnHeaderSimple column={column} title="설명" />
+      ),
+      cell: ({ row }) => {
+        const description = row.getValue('description') as string;
+        return (
+          <div className="truncate" title={description || ''}>
+            {description || '-'}
+          </div>
+        );
+      },
+      enableSorting: false,
+      size: 200,
+    },
+
+    // [5] Created At Column
+    {
+      accessorKey: 'createdAt',
+      header: ({ column }) => (
+        <DataTableColumnHeaderSimple column={column} title="생성일" />
+      ),
+      cell: ({ row }) => {
+        const date = row.getValue('createdAt') as Date;
+        return <div>{formatDate(date, "KR")}</div>;
+      },
+      enableSorting: false,
+      size: 120,
+    },
+
+    // [6] Created By Column
+    {
+      accessorKey: 'createdByName',
+      header: ({ column }) => (
+        <DataTableColumnHeaderSimple column={column} title="생성자" />
+      ),
+      cell: ({ row }) => {
+        const name = row.getValue('createdByName') as string;
+        return <div>{name || '-'}</div>;
+      },
+      enableSorting: false,
+      size: 100,
+    },
+
+    // [7] Updated At Column
+    {
+      accessorKey: 'updatedAt',
+      header: ({ column }) => (
+        <DataTableColumnHeaderSimple column={column} title="수정일" />
+      ),
+      cell: ({ row }) => {
+        const date = row.getValue('updatedAt') as Date;
+        return <div>{formatDate(date, "KR")}</div>;
+      },
+      enableSorting: false,
+      size: 120,
+    },
+
+    // [8] Updated By Column
+    {
+      accessorKey: 'updatedByName',
+      header: ({ column }) => (
+        <DataTableColumnHeaderSimple column={column} title="수정자" />
+      ),
+      cell: ({ row }) => {
+        const name = row.getValue('updatedByName') as string;
+        return <div>{name || '-'}</div>;
+      },
+      enableSorting: false,
+      size: 100,
+    },
+
+    // [9] Actions Column
+    {
+      id: 'actions',
+      cell: ({ row }) => (
+        <DropdownMenu>
+          <DropdownMenuTrigger asChild>
+            <Button
+              aria-label="Open menu"
+              variant="ghost"
+              className="flex size-6 p-0 data-[state=open]:bg-muted"
+            >
+              <MoreHorizontal className="size-4" />
+            </Button>
+          </DropdownMenuTrigger>
+          <DropdownMenuContent align="end" className="w-[160px]">
+            <DropdownMenuItem
+              onSelect={() => setRowAction({ row, type: 'update' })}
+            >
+              <Pencil className="mr-2 size-4" />
+              수정
+            </DropdownMenuItem>
+            <DropdownMenuSeparator />
+            <DropdownMenuItem
+              onSelect={() => setRowAction({ row, type: 'delete' })}
+              className="text-destructive"
+            >
+              <Trash className="mr-2 size-4" />
+              삭제
+            </DropdownMenuItem>
+          </DropdownMenuContent>
+        </DropdownMenu>
+      ),
+      enableSorting: false,
+      enableHiding: false,
+      enableResizing: false,
+      size: 80,
+      minSize: 80,
+      maxSize: 80,
+    },
+  ];
+}
diff --git a/lib/email-whitelist/table/whitelist-table.tsx b/lib/email-whitelist/table/whitelist-table.tsx
new file mode 100644
index 00000000..5d623669
--- /dev/null
+++ b/lib/email-whitelist/table/whitelist-table.tsx
@@ -0,0 +1,130 @@
+"use client"
+
+import * as React from "react"
+import type {
+  DataTableAdvancedFilterField,
+  DataTableFilterField,
+  DataTableRowAction,
+} from "@/types/table"
+
+import { useDataTable } from "@/hooks/use-data-table"
+import { DataTable } from "@/components/data-table/data-table"
+import { DataTableAdvancedToolbar } from "@/components/data-table/data-table-advanced-toolbar"
+
+import { getColumns } from "./whitelist-table-columns"
+import { type EmailWhitelist } from "../service"
+import { getEmailWhitelistList } from "../service"
+import { UpdateWhitelistDialog } from "./update-whitelist-dialog"
+import { CreateWhitelistDialog } from "./create-whitelist-dialog"
+import { DeleteWhitelistDialog } from "./delete-whitelist-dialog"
+
+interface WhitelistTableProps {
+  promises: Promise<
+    [
+      Awaited<ReturnType<typeof getEmailWhitelistList>>,
+    ]
+  >
+}
+
+export function WhitelistTable({ promises }: WhitelistTableProps) {
+  const [{ data, pageCount }] = React.use(promises)
+
+  const [rowAction, setRowAction] =
+    React.useState<DataTableRowAction<EmailWhitelist> | null>(null)
+
+  const [showCreateDialog, setShowCreateDialog] = React.useState(false)
+
+  const columns = React.useMemo(
+    () => getColumns({ setRowAction }),
+    [setRowAction]
+  )
+
+  /**
+   * 기본 필터 필드 (드롭다운 형태)
+   */
+  const filterFields: DataTableFilterField<EmailWhitelist>[] = []
+
+  /**
+   * 고급 필터 필드 (검색, 날짜 등)
+   */
+  const advancedFilterFields: DataTableAdvancedFilterField<EmailWhitelist>[] = [
+    {
+      id: "displayValue",
+      label: "이메일/도메인",
+      type: "text",
+    },
+    {
+      id: "description",
+      label: "설명",
+      type: "text",
+    },
+    {
+      id: "createdAt",
+      label: "생성일",
+      type: "date",
+    },
+    {
+      id: "updatedAt",
+      label: "수정일",
+      type: "date",
+    },
+  ]
+
+  const { table } = useDataTable({
+    data,
+    columns,
+    pageCount,
+    filterFields,
+    enableAdvancedFilter: true,
+    initialState: {
+      sorting: [{ id: "createdAt", desc: true }],
+      columnPinning: { right: ["actions"] },
+    },
+    getRowId: (originalRow) => String(originalRow.id),
+    shallow: false,
+    clearOnDefault: true,
+  })
+
+  return (
+    <>
+      <DataTable table={table}>
+        <DataTableAdvancedToolbar
+          table={table}
+          filterFields={advancedFilterFields}
+          shallow={false}
+        >
+          <CreateWhitelistDialog
+            open={showCreateDialog}
+            onOpenChange={setShowCreateDialog}
+          />
+          <button
+            type="button"
+            className="inline-flex items-center justify-center rounded-md bg-primary px-4 py-2 text-sm font-medium text-primary-foreground shadow transition-colors hover:bg-primary/90 focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:pointer-events-none disabled:opacity-50"
+            onClick={() => setShowCreateDialog(true)}
+          >
+            이메일/도메인 추가
+          </button>
+        </DataTableAdvancedToolbar>
+      </DataTable>
+
+      {/* 도메인 수정 Dialog */}
+      <UpdateWhitelistDialog
+        open={rowAction?.type === "update"}
+        onOpenChange={() => setRowAction(null)}
+        whitelist={rowAction?.type === "update" ? rowAction.row.original : null}
+      />
+
+      {/* 도메인 삭제 Dialog */}
+      <DeleteWhitelistDialog
+        open={rowAction?.type === "delete"}
+        onOpenChange={() => setRowAction(null)}
+        whitelists={rowAction?.type === "delete" ? [rowAction.row.original] : []}
+        showTrigger={false}
+        onSuccess={() => {
+          setRowAction(null)
+          // 테이블 새로고침은 server action에서 자동으로 처리됨
+        }}
+      />
+    </>
+  )
+}
diff --git a/lib/users/auth/passwordUtil.ts b/lib/users/auth/passwordUtil.ts
index 0ff9e309..046e7d90 100644
--- a/lib/users/auth/passwordUtil.ts
+++ b/lib/users/auth/passwordUtil.ts
@@ -684,6 +684,152 @@ export async function verifySmsToken(
   }
 }
 
+// Email OTP 생성 및 전송
+export async function generateAndSendEmailToken(
+  userId: number,
+  email: string,
+  userName: string
+): Promise<{ success: boolean; error?: string }> {
+  try {
+    // 1. 보안 설정 가져오기
+    const settings = await db.select().from(securitySettings).limit(1);
+    const expiryMinutes = settings[0]?.smsTokenExpiryMinutes || 10; // Email OTP도 동일한 만료 시간 사용
+    
+    // 2. 일일 Email OTP 한도 체크 (30회)
+    const maxEmailPerDay = 30;
+    
+    const today = new Date();
+    today.setHours(0, 0, 0, 0);
+    
+    const todayCount = await db
+      .select({ count: count() })
+      .from(mfaTokens)
+      .where(
+        and(
+          eq(mfaTokens.userId, userId),
+          eq(mfaTokens.type, 'email'),
+          gte(mfaTokens.createdAt, today)
+        )
+      );
+    
+    if (todayCount[0]?.count >= maxEmailPerDay) {
+      return { success: false, error: '일일 이메일 인증 한도를 초과했습니다' };
+    }
+    
+    // 3. 이전 Email OTP 토큰 비활성화
+    await db
+      .update(mfaTokens)
+      .set({ isActive: false })
+      .where(
+        and(
+          eq(mfaTokens.userId, userId),
+          eq(mfaTokens.type, 'email'),
+          eq(mfaTokens.isActive, true)
+        )
+      );
+    
+    // 4. 새 토큰 생성 (6자리 숫자)
+    const token = Math.random().toString().slice(2, 8).padStart(6, '0');
+    const expiresAt = new Date();
+    expiresAt.setMinutes(expiresAt.getMinutes() + expiryMinutes);
+    
+    // 5. DB에 토큰 저장
+    await db.insert(mfaTokens).values({
+      userId,
+      token,
+      type: 'email',
+      expiresAt,
+      isActive: true,
+      attempts: 0,
+    });
+    
+    // 6. 이메일 전송
+    const { sendEmail } = await import('@/lib/mail/sendEmail');
+    
+    await sendEmail({
+      to: email,
+      template: 'otp',
+      context: {
+        name: userName,
+        otp: token,
+        verificationUrl: '', // Email OTP는 URL 없이 코드만 입력
+        location: '',
+        language: 'ko',
+      },
+    });
+    
+    console.log(`Email OTP sent to user ${userId} (${email})`);
+    return { success: true };
+    
+  } catch (error) {
+    console.error('Email OTP generation/sending error:', error);
+    return { success: false, error: '이메일 인증번호 전송 중 오류가 발생했습니다' };
+  }
+}
+
+// Email OTP 검증
+export async function verifyEmailToken(
+  userId: number,
+  token: string
+): Promise<{ success: boolean; error?: string }> {
+  try {
+
+    const mfaToken = await db
+      .select()
+      .from(mfaTokens)
+      .where(
+        and(
+          eq(mfaTokens.userId, userId),
+          eq(mfaTokens.token, token),
+          eq(mfaTokens.type, 'email'),
+          eq(mfaTokens.isActive, true)
+        )
+      )
+      .limit(1);
+    
+    if (!mfaToken[0]) {
+      return { success: false, error: '잘못된 인증번호입니다' };
+    }
+    
+    // 만료 체크
+    if (mfaToken[0].expiresAt < new Date()) {
+      await db
+        .update(mfaTokens)
+        .set({ isActive: false })
+        .where(eq(mfaTokens.id, mfaToken[0].id));
+      
+      return { success: false, error: '인증번호가 만료되었습니다' };
+    }
+    
+    // 시도 횟수 증가
+    const newAttempts = mfaToken[0].attempts + 1;
+    if (newAttempts > 3) {
+      await db
+        .update(mfaTokens)
+        .set({ isActive: false })
+        .where(eq(mfaTokens.id, mfaToken[0].id));
+      
+      return { success: false, error: '시도 횟수를 초과했습니다' };
+    }
+    
+    // 토큰 사용 처리
+    await db
+      .update(mfaTokens)
+      .set({
+        usedAt: new Date(),
+        isActive: false,
+        attempts: newAttempts,
+      })
+      .where(eq(mfaTokens.id, mfaToken[0].id));
+    
+    return { success: true };
+    
+  } catch (error) {
+    console.error('Email token verification error:', error);
+    return { success: false, error: '인증 중 오류가 발생했습니다' };
+  }
+}
+
 // 패스워드 강제 변경 필요 체크
 export async function checkPasswordChangeRequired(userId: number): Promise<boolean> {
   const user = await db
diff --git a/lib/users/session/helper.ts b/lib/users/session/helper.ts
index 03bfd7bc..4c511340 100644
--- a/lib/users/session/helper.ts
+++ b/lib/users/session/helper.ts
@@ -1,5 +1,6 @@
 import { authenticateWithSGips, verifyExternalCredentials } from "../auth/verifyCredentails";
 import { SessionRepository } from "./repository";
+import { isEmailWhitelisted } from "@/lib/email-whitelist/service";
 
 // lib/session/helpers.ts - NextAuth 헬퍼 함수들 개선
 export const authHelpers = {
@@ -35,6 +36,16 @@ export const authHelpers = {
           return { success: false, error: 'INVALID_CREDENTIALS' }
         }
 
+        // 화이트리스트 체크하여 MFA 타입 결정
+        const isWhitelisted = await isEmailWhitelisted(authResult.user.email);
+        const mfaType = isWhitelisted ? 'email' : 'sms';
+
+        console.log('Whitelist check:', {
+          email: authResult.user.email,
+          isWhitelisted,
+          mfaType
+        });
+
         // DB에 임시 인증 세션 생성
         const expiresAt = new Date(Date.now() + (10 * 60 * 1000)) // 10분 후 만료
         const tempAuthKey = await SessionRepository.createTempAuthSession({
@@ -49,6 +60,7 @@ export const authHelpers = {
           userId: authResult.user.id,
           email: authResult.user.email,
           authMethod: provider,
+          mfaType,
           expiresAt
         })
 
@@ -56,7 +68,9 @@ export const authHelpers = {
           success: true,
           tempAuthKey,
           userId: authResult.user.id,
-          email: authResult.user.email
+          email: authResult.user.email,
+          mfaType, // 'email' 또는 'sms'
+          userName: authResult.user.name, // Email OTP 전송 시 필요
         }
       } catch (error) {
         console.error('First auth error:', error)
-- 
cgit v1.2.3