feat(orders): 계좌이체 주문 생성 API + 접수/입금확인 메일

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-11 08:36:22 +09:00
parent 692fb504d9
commit 1d5e7254ed
2 changed files with 176 additions and 0 deletions
--- a/app/api/orders/route.ts
+++ b/app/api/orders/route.ts
@@ -0,0 +1,105 @@
+import { NextResponse } from 'next/server';
+import { cookies } from 'next/headers';
+import { createServerClient as createSSRClient } from '@supabase/ssr';
+import { createAdminClient } from '@/lib/supabase/admin';
+import { getProductById } from '@/lib/supabase/product-files';
+import { sanitizeStr } from '@/lib/security';
+import { sendOrderReceivedEmails } from '@/lib/order-emails';
+
+export const runtime = 'nodejs';
+
+export async function POST(request: Request) {
+  // 1) 인증 확인 (SSR 쿠키 클라이언트)
+  const cookieStore = await cookies();
+  const supabase = createSSRClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    {
+      cookies: {
+        getAll: () => cookieStore.getAll(),
+        setAll: () => {},
+      },
+    },
+  );
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) {
+    return NextResponse.json({ error: '로그인이 필요합니다' }, { status: 401 });
+  }
+
+  // 2) body 검증
+  let body: unknown;
+  try {
+    body = await request.json();
+  } catch {
+    return NextResponse.json({ error: '잘못된 요청입니다' }, { status: 400 });
+  }
+
+  const rawProductId = (body as Record<string, unknown>).productId;
+  const rawDepositorName = (body as Record<string, unknown>).depositorName;
+
+  const productId = sanitizeStr(rawProductId, 64);
+  const depositorName = sanitizeStr(rawDepositorName, 40);
+
+  if (!productId || !depositorName) {
+    return NextResponse.json({ error: 'productId와 depositorName이 필요합니다' }, { status: 400 });
+  }
+
+  // 3) 상품 조회 및 활성 상태 확인
+  const admin = createAdminClient();
+  const product = await getProductById(admin, productId);
+
+  if (!product || !product.is_active) {
+    return NextResponse.json({ error: '판매 중인 상품이 아닙니다' }, { status: 404 });
+  }
+
+  // 4) 중복 pending 방지
+  const { data: existing } = await admin
+    .from('orders')
+    .select('id')
+    .eq('user_id', user.id)
+    .eq('product_id', productId)
+    .eq('status', 'pending')
+    .maybeSingle();
+
+  if (existing) {
+    return NextResponse.json({ orderId: existing.id, reused: true });
+  }
+
+  // 5) 주문 생성 (가격은 DB 소스)
+  const { data: order, error: insertError } = await admin
+    .from('orders')
+    .insert({
+      user_id: user.id,
+      product_id: productId,
+      amount: product.price,
+      status: 'pending',
+      metadata: {
+        method: 'bank_transfer',
+        depositor_name: depositorName,
+      },
+    })
+    .select('id')
+    .single();
+
+  if (insertError || !order) {
+    console.error('[Orders] insert error:', insertError);
+    return NextResponse.json({ error: '주문 생성에 실패했습니다' }, { status: 500 });
+  }
+
+  const orderId = order.id as string;
+
+  // 6) 메일 발송 (실패해도 주문 유효)
+  try {
+    await sendOrderReceivedEmails({
+      orderId,
+      product,
+      customerEmail: user.email ?? '',
+      depositorName,
+    });
+  } catch (mailError) {
+    console.error('[Orders] email send error:', mailError);
+  }
+
+  // 7) 응답
+  return NextResponse.json({ orderId });
+}