From a070f833d132e6370311c0bbdad03beb51d595df Mon Sep 17 00:00:00 2001 From: joonhoekim <26rote@gmail.com> Date: Wed, 15 Oct 2025 21:38:21 +0900 Subject: (김준회) 이메일 화이트리스트 (SMS 우회) 기능 추가 및 기존 로그인 과정 통합 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../evcp/(evcp)/(system)/email-whitelist/page.tsx | 82 ++++++++++++++++++++++ app/api/auth/[...nextauth]/route.ts | 25 +++++-- app/api/auth/first-auth/route.ts | 8 ++- app/api/auth/send-email-otp/route.ts | 74 +++++++++++++++++++ 4 files changed, 180 insertions(+), 9 deletions(-) create mode 100644 app/[lng]/evcp/(evcp)/(system)/email-whitelist/page.tsx create mode 100644 app/api/auth/send-email-otp/route.ts (limited to 'app') diff --git a/app/[lng]/evcp/(evcp)/(system)/email-whitelist/page.tsx b/app/[lng]/evcp/(evcp)/(system)/email-whitelist/page.tsx new file mode 100644 index 00000000..95abd556 --- /dev/null +++ b/app/[lng]/evcp/(evcp)/(system)/email-whitelist/page.tsx @@ -0,0 +1,82 @@ +/** + * 이메일 화이트리스트 + * + * 이메일 도메인의 화이트리스트를 통해, SMS 인증을 우회할 도메인을 관리 + * + * db schema : db/schema/emailWhitelist.ts + * + * 구현방향: 이메일 화이트리스트 조회 + dialog 기반의 생성/삭제 + * + */ + +import * as React from "react" +import { type Metadata } from "next" +import { getEmailWhitelistList } from "@/lib/email-whitelist/service" +import { type SearchParams } from "@/types/table" +import { WhitelistTable } from "@/lib/email-whitelist/table/whitelist-table" +import { Shell } from "@/components/shell" +import { Skeleton } from "@/components/ui/skeleton" +import { DataTableSkeleton } from "@/components/data-table/data-table-skeleton" + +// export const metadata: Metadata = { +// title: "이메일 화이트리스트 관리", +// description: "SMS 인증 대신 이메일로 인증번호를 받을 도메인 및 개별 이메일을 관리", +// } + +interface WhitelistPageProps { + searchParams: SearchParams +} + +export default async function WhitelistPage(props: WhitelistPageProps) { + + const searchParams = await props.searchParams + + // 기본 검색 파라미터 처리 + const search = { + page: searchParams.page ? parseInt(searchParams.page as string) : 1, + perPage: searchParams.perPage ? parseInt(searchParams.perPage as string) : 10, + search: searchParams.search as string || "", + sort: searchParams.sort as string || "createdAt.desc", + filters: searchParams.filters ? JSON.parse(searchParams.filters as string) : undefined, + } + + const promises = Promise.all([ + getEmailWhitelistList(search), + ]) + + return ( + + +
+
+
+
+

+ 이메일 화이트리스트 관리 +

+
+

+ SMS 인증 대신 이메일로 인증번호를 받을 도메인 및 개별 이메일을 관리합니다. +

+
+
+
+ + }> + + + } + > + + + + ) +} \ No newline at end of file diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts index 5896fb90..3b0f8c61 100644 --- a/app/api/auth/[...nextauth]/route.ts +++ b/app/api/auth/[...nextauth]/route.ts @@ -11,7 +11,7 @@ import { getUserByEmail, getUserById } from '@/lib/users/repository' import { authenticateWithSGips, verifyExternalCredentials } from '@/lib/users/auth/verifyCredentails' import { verifyOtpTemp } from '@/lib/users/verifyOtp' import { getSecuritySettings } from '@/lib/password-policy/service' -import { verifySmsToken } from '@/lib/users/auth/passwordUtil' +import { verifySmsToken, verifyEmailToken } from '@/lib/users/auth/passwordUtil' import { SessionRepository } from '@/lib/users/session/repository' import { getUserRoles } from '@/lib/users/service' @@ -161,14 +161,15 @@ export const authOptions: NextAuthOptions = { }, }), - // ✅ MFA 완료 후 최종 인증 - roles 정보 추가 + // ✅ MFA 완료 후 최종 인증 - roles 정보 추가 (SMS/Email OTP 지원) CredentialsProvider({ id: 'credentials-mfa', name: 'MFA Verification', credentials: { userId: { label: 'User ID', type: 'text' }, - smsToken: { label: 'SMS Token', type: 'text' }, + smsToken: { label: 'SMS Token', type: 'text' }, // SMS 또는 Email OTP 토큰 tempAuthKey: { label: 'Temp Auth Key', type: 'text' }, + mfaType: { label: 'MFA Type', type: 'text' }, // 'sms' 또는 'email' }, async authorize(credentials, req) { if (!credentials?.userId || !credentials?.smsToken || !credentials?.tempAuthKey) { @@ -191,10 +192,20 @@ export const authOptions: NextAuthOptions = { return null } - // SMS 토큰 검증 - const smsVerificationResult = await verifySmsToken(user.id, credentials.smsToken) - if (!smsVerificationResult || !smsVerificationResult.success) { - console.error('SMS token verification failed') + // MFA 타입에 따라 SMS 또는 Email OTP 검증 + const mfaType = credentials.mfaType || 'sms'; // 기본값은 SMS + let verificationResult; + + if (mfaType === 'email') { + verificationResult = await verifyEmailToken(user.id, credentials.smsToken) + console.log(`Email OTP verification for user ${user.email}:`, verificationResult.success) + } else { + verificationResult = await verifySmsToken(user.id, credentials.smsToken) + console.log(`SMS OTP verification for user ${user.email}:`, verificationResult.success) + } + + if (!verificationResult || !verificationResult.success) { + console.error(`${mfaType.toUpperCase()} token verification failed`) return null } diff --git a/app/api/auth/first-auth/route.ts b/app/api/auth/first-auth/route.ts index 6952b472..93daf316 100644 --- a/app/api/auth/first-auth/route.ts +++ b/app/api/auth/first-auth/route.ts @@ -17,6 +17,8 @@ interface FirstAuthResponse { tempAuthKey?: string userId?: number email?: string + mfaType?: 'sms' | 'email' // MFA 타입 추가 + userName?: string // Email OTP 전송 시 필요 otpUsers?: Array<{ id: string name: string @@ -134,12 +136,14 @@ export async function POST(request: NextRequest): Promise