구조 통합

2026-02-02 16:22:23 +09:00
parent a54c2ab138
commit 39296ca522
17 changed files with 531 additions and 89 deletions
--- a/backend/internal/handler/auth_handler.go
+++ b/backend/internal/handler/auth_handler.go
@@ -3970,6 +3970,72 @@ func (h *AuthHandler) UpdateMe(c *fiber.Ctx) error {
 	})
 }

+// ChangeMyPassword - 로그인 상태에서 현재 비밀번호를 확인한 뒤 변경합니다.
+func (h *AuthHandler) ChangeMyPassword(c *fiber.Ctx) error {
+	var req domain.PasswordChangeRequest
+	if err := c.BodyParser(&req); err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid request body"})
+	}
+
+	currentPassword := strings.TrimSpace(req.CurrentPassword)
+	newPassword := strings.TrimSpace(req.NewPassword)
+	if currentPassword == "" || newPassword == "" {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Current password and new password are required"})
+	}
+
+	policy := h.resolvePasswordPolicy()
+	if err := validatePasswordWithPolicy(policy, newPassword); err != nil {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	loginID := ""
+	token := h.getBearerToken(c)
+	if token != "" && looksLikeJWT(token) && h.DescopeClient != nil {
+		authorized, userToken, err := h.DescopeClient.Auth.ValidateSessionWithToken(c.Context(), token)
+		if err == nil && authorized {
+			resolved, err := h.resolveDescopeLoginID(c.Context(), userToken)
+			if err != nil {
+				return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Failed to resolve login ID"})
+			}
+			loginID = resolved
+		}
+	}
+
+	if loginID == "" && token != "" {
+		if resolved, err := h.resolveKratosLoginID(token); err == nil {
+			loginID = resolved
+		}
+	}
+
+	if loginID == "" {
+		cookie := c.Get("Cookie")
+		if cookie == "" {
+			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Missing authorization token"})
+		}
+		_, traits, err := h.getKratosIdentityWithCookie(cookie)
+		if err != nil {
+			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Invalid session"})
+		}
+		loginID = pickLoginIDFromTraits(traits)
+		if loginID == "" {
+			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Login ID not found"})
+		}
+		if !strings.Contains(loginID, "@") {
+			loginID = normalizePhoneForLoginID(loginID)
+		}
+	}
+
+	if _, err := h.IdpProvider.SignIn(loginID, currentPassword); err != nil {
+		return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Current password is invalid"})
+	}
+
+	if err := h.IdpProvider.UpdateUserPassword(loginID, newPassword, nil); err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": "Failed to update password"})
+	}
+
+	return c.JSON(fiber.Map{"message": "Password updated"})
+}
+
 // SendUpdateCode - Sends OTP for phone number change
 func (h *AuthHandler) SendUpdateCode(c *fiber.Ctx) error {
 	token := h.getBearerToken(c)