@gencow/core 0.1.0

package/src/__tests__/ws-integration.test.ts

@@ -0,0 +1,304 @@
+/**
+ * packages/core/src/__tests__/ws-integration.test.ts
+ *
+ * 실제 WebSocket 통합 테스트 — Bun WebSocket 서버 + 클라이언트
+ *
+ * mock이 아닌 실제 TCP 소켓을 통한 전달을 검증합니다.
+ * 서버와 클라이언트가 동일 머신이므로 루프백(lo0) 네트워크를 거칩니다.
+ *
+ * 시나리오:
+ *   1. 단일 구독자 emit 실시간 수신
+ *   2. 다수 구독자 동시 수신
+ *   3. debounce 동작 (실제 타이머 + TCP)
+ *   4. client disconnect 후 자동 정리
+ *   5. 부하: 50 concurrent 구독자 × 20 mutations
+ *
+ * Run: bun test packages/core/src/__tests__/ws-integration.test.ts
+ */
+
+import { describe, it, expect, afterAll } from "bun:test";
+import {
+    buildRealtimeCtx,
+    handleWsMessage,
+    registerClient,
+    deregisterClient,
+    subscribe,
+} from "../reactive";
+
+// ─── 최소 WebSocket 서버 (Bun native) ────────────────────────────────────────
+//
+// Hono 없이 Bun.serve()로 직접 WS 서버 구성.
+// 실제 subscribe / handleWsMessage / buildRealtimeCtx를 그대로 사용한다.
+
+function startServer(port: number) {
+    const server = Bun.serve({
+        port,
+        fetch(req: Request, server: any) {
+            if (req.headers.get("upgrade") === "websocket") {
+                const upgraded = server.upgrade(req);
+                if (!upgraded) return new Response("WS upgrade failed", { status: 500 });
+                return undefined;
+            }
+            return new Response("OK");
+        },
+        websocket: {
+            open(ws: any) {
+                registerClient(ws);
+            },
+            message(ws: any, data: string | Buffer) {
+                handleWsMessage(ws, typeof data === "string" ? data : data.toString());
+            },
+            close(ws: any) {
+                deregisterClient(ws);
+            },
+        },
+    });
+    return server;
+}
+
+// ─── Helper: 클라이언트 연결 + 메시지 수집 ───────────────────────────────────
+
+function connectClient(port: number): Promise<{
+    ws: WebSocket;
+    messages: any[];
+    waitForMessage: (filter?: (msg: any) => boolean, timeoutMs?: number) => Promise<any>;
+    close: () => void;
+}> {
+    return new Promise((resolve, reject) => {
+        const ws = new WebSocket(`ws://localhost:${port}`);
+        const messages: any[] = [];
+        const listeners: Array<{ filter: (msg: any) => boolean; resolve: (msg: any) => void; reject: (e: any) => void; timer: any }> = [];
+
+        ws.onmessage = (e: MessageEvent) => {
+            const msg = JSON.parse(e.data);
+            messages.push(msg);
+            for (const l of listeners) {
+                if (l.filter(msg)) {
+                    clearTimeout(l.timer);
+                    l.resolve(msg);
+                }
+            }
+        };
+
+        ws.onopen = () => resolve({
+            ws,
+            messages,
+            waitForMessage: (filter = () => true, timeoutMs = 2000) =>
+                new Promise((res, rej) => {
+                    // 이미 수신된 메시지 중 일치하는 것이 있으면 즉시 반환
+                    const found = messages.find(filter);
+                    if (found) return res(found);
+                    const timer = setTimeout(() => rej(new Error(`waitForMessage timeout (${timeoutMs}ms)`)), timeoutMs);
+                    listeners.push({ filter, resolve: res, reject: rej, timer });
+                }),
+            close: () => ws.close(),
+        });
+
+        ws.onerror = reject;
+    });
+}
+
+// ─── 서버 인스턴스 (테스트 파일 당 하나) ─────────────────────────────────────
+
+const PORT = 57890; // 충돌 방지용 높은 포트
+const server = startServer(PORT);
+
+afterAll(() => {
+    // force=true: 열려 있는 WebSocket 연결을 즉시 닫고 서버를 종료한다.
+    server.stop(true);
+});
+
+// ─── 1. 단일 구독자 실시간 수신 ──────────────────────────────────────────────
+
+describe("[WS Integration] 단일 구독자 emit 수신", () => {
+    it("subscribe 후 emit하면 query:updated 메시지를 실시간으로 수신한다", async () => {
+        const client = await connectClient(PORT);
+
+        // subscribe 메시지 전송
+        client.ws.send(JSON.stringify({ type: "subscribe", query: "ws.tasks.list" }));
+        await client.waitForMessage(m => m.type === "subscribed");
+
+        // 서버 사이드에서 emit
+        const freshData = [{ id: 1, title: "Real WebSocket Task" }];
+        buildRealtimeCtx().emit("ws.tasks.list", freshData);
+
+        // query:updated 수신 대기
+        const msg = await client.waitForMessage(m => m.type === "query:updated", 500);
+
+        expect(msg.query).toBe("ws.tasks.list");
+        expect(msg.data).toEqual(freshData);
+
+        client.close();
+    });
+
+    it("subscribe 전에는 query:updated를 수신하지 않는다", async () => {
+        const client = await connectClient(PORT);
+
+        // subscribe 없이 emit
+        buildRealtimeCtx().emit("ws.unsubscribed", [{ id: 99 }]);
+        await new Promise(r => setTimeout(r, 200));
+
+        const unrelated = client.messages.filter(m => m.query === "ws.unsubscribed");
+        expect(unrelated).toHaveLength(0);
+
+        client.close();
+    });
+});
+
+// ─── 2. 다수 구독자 동시 수신 ────────────────────────────────────────────────
+
+describe("[WS Integration] 다수 구독자 동시 수신", () => {
+    it("10명 구독자 모두 동일 query:updated를 수신한다", async () => {
+        const N = 10;
+        const queryKey = "ws.multi.tasks";
+        const clients = await Promise.all(
+            Array.from({ length: N }, () => connectClient(PORT))
+        );
+
+        // 모두 같은 query 구독
+        for (const c of clients) {
+            c.ws.send(JSON.stringify({ type: "subscribe", query: queryKey }));
+        }
+        await Promise.all(clients.map(c => c.waitForMessage(m => m.type === "subscribed")));
+
+        // emit
+        const payload = [{ id: 1 }, { id: 2 }, { id: 3 }];
+        buildRealtimeCtx().emit(queryKey, payload);
+
+        // 모두 수신 대기
+        const results = await Promise.all(
+            clients.map(c => c.waitForMessage(m => m.type === "query:updated", 500))
+        );
+
+        expect(results).toHaveLength(N);
+        for (const msg of results) {
+            expect(msg.query).toBe(queryKey);
+            expect(msg.data).toEqual(payload);
+        }
+
+        clients.forEach(c => c.close());
+    });
+
+    it("50명 구독자 부하 테스트 — 모두 수신, P99 latency 측정", async () => {
+        const N = 50;
+        const queryKey = "ws.load.tasks";
+
+        const clients = await Promise.all(
+            Array.from({ length: N }, () => connectClient(PORT))
+        );
+        for (const c of clients) {
+            c.ws.send(JSON.stringify({ type: "subscribe", query: queryKey }));
+        }
+        await Promise.all(clients.map(c => c.waitForMessage(m => m.type === "subscribed")));
+
+        const emitTime = performance.now();
+        buildRealtimeCtx().emit(queryKey, [{ id: 1, title: "load test" }]);
+
+        const receivePromises = clients.map(async c => {
+            const msg = await c.waitForMessage(m => m.type === "query:updated", 1000);
+            return performance.now() - emitTime;
+        });
+
+        const latencies = await Promise.all(receivePromises);
+        latencies.sort((a, b) => a - b);
+
+        const p50 = latencies[Math.floor(N * 0.5)];
+        const p99 = latencies[Math.floor(N * 0.99)];
+
+        console.log(`[WS/50 clients] P50=${p50.toFixed(1)}ms P99=${p99.toFixed(1)}ms (debounce=50ms incl.)`);
+
+        expect(latencies).toHaveLength(N); // 50/50 수신
+        expect(p99).toBeLessThan(500);     // 디바운스 포함 P99 < 500ms
+
+        clients.forEach(c => c.close());
+    });
+});
+
+// ─── 3. 실제 debounce 동작 검증 ──────────────────────────────────────────────
+
+describe("[WS Integration] debounce 동작 (실제 타이머)", () => {
+    it("40ms 내 5번 rapid emit → 단 1회 query:updated 수신", async () => {
+        const client = await connectClient(PORT);
+        client.ws.send(JSON.stringify({ type: "subscribe", query: "ws.debounce" }));
+        await client.waitForMessage(m => m.type === "subscribed");
+
+        const rt = buildRealtimeCtx();
+        for (let i = 0; i < 5; i++) {
+            rt.emit("ws.debounce", [{ id: i }]);
+            await new Promise(r => setTimeout(r, 8)); // 8ms 간격 → 40ms < 50ms
+        }
+
+        // debounce(50ms) + 마진
+        await new Promise(r => setTimeout(r, 150));
+
+        const updates = client.messages.filter(m => m.type === "query:updated" && m.query === "ws.debounce");
+        console.log(`[WS/debounce] 5 emits → ${updates.length} messages received`);
+
+        expect(updates).toHaveLength(1);                        // 1번만 전달
+        expect(updates[0].data).toEqual([{ id: 4 }]);          // 마지막 데이터
+
+        client.close();
+    });
+});
+
+// ─── 4. 클라이언트 연결 해제 후 자동 정리 ────────────────────────────────────
+
+describe("[WS Integration] disconnect 후 정리", () => {
+    it("disconnected 클라이언트는 다음 emit에서 에러 없이 제거된다", async () => {
+        const stableClient = await connectClient(PORT);
+        const disconnectClient = await connectClient(PORT);
+
+        const queryKey = "ws.cleanup.test";
+        stableClient.ws.send(JSON.stringify({ type: "subscribe", query: queryKey }));
+        disconnectClient.ws.send(JSON.stringify({ type: "subscribe", query: queryKey }));
+
+        await Promise.all([
+            stableClient.waitForMessage(m => m.type === "subscribed"),
+            disconnectClient.waitForMessage(m => m.type === "subscribed"),
+        ]);
+
+        // 한 클라이언트 강제 종료
+        disconnectClient.close();
+        await new Promise(r => setTimeout(r, 100)); // 서버가 close 처리할 시간
+
+        // emit 후 stable client는 정상 수신
+        buildRealtimeCtx().emit(queryKey, [{ id: 1 }]);
+        const msg = await stableClient.waitForMessage(m => m.type === "query:updated", 500);
+
+        expect(msg.query).toBe(queryKey);
+        stableClient.close();
+    });
+});
+
+// ─── 5. 부하: 다수 mutation 연속 실행 ────────────────────────────────────────
+
+describe("[WS Integration] 연속 mutations 부하", () => {
+    it("20 mutations × 각각 query:updated → 구독자가 모두 수신한다", async () => {
+        const N_MUTATIONS = 20;
+        const queryKey = "ws.mutations.load";
+        const client = await connectClient(PORT);
+
+        client.ws.send(JSON.stringify({ type: "subscribe", query: queryKey }));
+        await client.waitForMessage(m => m.type === "subscribed");
+
+        // 20번 mutation 실행 (각자 별도 buildRealtimeCtx — 서로 독립적 debounce)
+        const promises: Promise<any>[] = [];
+        for (let i = 0; i < N_MUTATIONS; i++) {
+            const rt = buildRealtimeCtx();
+            rt.emit(queryKey, [{ id: i, title: `Mutation ${i}` }]);
+            // 각 emit을 60ms 간격으로 — 각자 debounce가 완료된 후 다음 emit
+            if (i < N_MUTATIONS - 1) await new Promise(r => setTimeout(r, 60));
+        }
+
+        // 마지막 debounce 완료 대기
+        await new Promise(r => setTimeout(r, 200));
+
+        const updates = client.messages.filter(m => m.type === "query:updated" && m.query === queryKey);
+        console.log(`[WS/mutations] ${N_MUTATIONS} mutations → ${updates.length} updates received`);
+
+        // 각 mutation이 별도 buildRealtimeCtx → 각자 debounce → N번 전달
+        expect(updates.length).toBe(N_MUTATIONS);
+
+        client.close();
+    }, 30000); // 20 × 60ms = 1200ms + margin
+});

package/src/__tests__/ws-scale.test.ts

@@ -0,0 +1,232 @@
+/**
+ * packages/core/src/__tests__/ws-scale.test.ts
+ *
+ * 실제 TCP WebSocket 대규모 동시 연결 부하 테스트.
+ *
+ * Bun.serve()로 서버를 띄우고, 실제 WebSocket 클라이언트를 N개 연결하여
+ * emit 후 모든 클라이언트가 query:updated를 수신하는 시간을 측정.
+ *
+ * Mock이 아닌 실제 TCP 소켓 — 커널 레벨 I/O 포함.
+ *
+ * ⚠️ 5,000+ 연결 시 OS listen backlog 제한에 걸릴 수 있어
+ *    500개 단위로 batch connect + retry 적용.
+ *
+ * Run: bun test packages/core/src/__tests__/ws-scale.test.ts --timeout 120000
+ */
+
+import { describe, it, expect, afterAll } from "bun:test";
+import {
+    buildRealtimeCtx,
+    handleWsMessage,
+    registerClient,
+    deregisterClient,
+} from "../reactive";
+
+// ─── WebSocket 서버 ──────────────────────────────────────────────────────────
+
+const PORT = 57891;
+
+const server = Bun.serve({
+    port: PORT,
+    fetch(req: Request, server: any) {
+        if (req.headers.get("upgrade") === "websocket") {
+            server.upgrade(req);
+            return undefined;
+        }
+        return new Response("OK");
+    },
+    websocket: {
+        open(ws: any) { registerClient(ws); },
+        message(ws: any, data: string | Buffer) {
+            handleWsMessage(ws, typeof data === "string" ? data : data.toString());
+        },
+        close(ws: any) { deregisterClient(ws); },
+    },
+});
+
+afterAll(() => server.stop(true));
+
+// ─── 헬퍼 ────────────────────────────────────────────────────────────────────
+
+interface ScaleClient {
+    ws: WebSocket;
+    receivedAt: number | null;
+}
+
+const wait = (ms: number) => new Promise(r => setTimeout(r, ms));
+
+/**
+ * 단일 WebSocket 연결 + subscribe + ready 대기.
+ * 연결 실패 시 retry (최대 3회, 100ms 간격).
+ */
+function connectOne(queryKey: string, maxRetries = 3): Promise<ScaleClient> {
+    return new Promise(async (resolveOuter) => {
+        const entry: ScaleClient = { ws: null as any, receivedAt: null };
+
+        for (let attempt = 0; attempt <= maxRetries; attempt++) {
+            try {
+                await new Promise<void>((resolve, reject) => {
+                    const ws = new WebSocket(`ws://localhost:${PORT}`);
+                    let settled = false;
+
+                    const timeout = setTimeout(() => {
+                        if (!settled) { settled = true; ws.close(); reject(new Error("timeout")); }
+                    }, 5000);
+
+                    ws.onopen = () => {
+                        ws.send(JSON.stringify({ type: "subscribe", query: queryKey }));
+                    };
+
+                    ws.onmessage = (e: MessageEvent) => {
+                        const msg = JSON.parse(e.data);
+                        if (msg.type === "subscribed" && !settled) {
+                            settled = true;
+                            clearTimeout(timeout);
+                            entry.ws = ws;
+                            // 이후 query:updated 수신 시 기록
+                            ws.onmessage = (e2: MessageEvent) => {
+                                const m = JSON.parse(e2.data);
+                                if (m.type === "query:updated" && m.query === queryKey) {
+                                    entry.receivedAt = performance.now();
+                                }
+                            };
+                            resolve();
+                        }
+                    };
+
+                    ws.onerror = (e) => {
+                        if (!settled) { settled = true; clearTimeout(timeout); reject(e); }
+                    };
+                });
+                resolveOuter(entry);
+                return;
+            } catch {
+                if (attempt < maxRetries) await wait(100 * (attempt + 1));
+            }
+        }
+        // 모든 retry 실패 시에도 반환 (receivedAt=null으로 실패 추적)
+        resolveOuter(entry);
+    });
+}
+
+/**
+ * N개 연결을 BATCH_SIZE 단위로 나눠 순차적으로 연결.
+ * OS listen backlog 포화를 방지.
+ */
+async function connectBatch(n: number, queryKey: string, batchSize = 500): Promise<ScaleClient[]> {
+    const all: ScaleClient[] = [];
+    for (let i = 0; i < n; i += batchSize) {
+        const chunk = Math.min(batchSize, n - i);
+        const batch = await Promise.all(
+            Array.from({ length: chunk }, () => connectOne(queryKey))
+        );
+        all.push(...batch);
+        // 배치 사이 짧은 대기 — 서버가 accept queue를 비울 시간
+        if (i + batchSize < n) await wait(50);
+    }
+    return all;
+}
+
+function disconnectAll(clients: ScaleClient[]) {
+    for (const c of clients) {
+        try { c.ws?.close(); } catch { }
+    }
+}
+
+function percentile(sorted: number[], p: number): number {
+    if (sorted.length === 0) return 0;
+    const idx = Math.ceil((p / 100) * sorted.length) - 1;
+    return sorted[Math.max(0, idx)];
+}
+
+// ─── 공통 테스트 로직 ────────────────────────────────────────────────────────
+
+async function runScaleTest(n: number, label: string, waitMs: number) {
+    const key = `scale.${n}.${Date.now()}`;
+
+    const t0 = performance.now();
+    const clients = await connectBatch(n, key);
+    const connectTime = performance.now() - t0;
+    const connected = clients.filter(c => c.ws !== null).length;
+
+    const emitTime = performance.now();
+    buildRealtimeCtx().emit(key, [{ id: 1, title: "Scale Test" }]);
+    await wait(waitMs);
+
+    const latencies = clients
+        .filter(c => c.receivedAt !== null)
+        .map(c => c.receivedAt! - emitTime)
+        .sort((a, b) => a - b);
+
+    const rate = (latencies.length / n) * 100;
+    const p50 = percentile(latencies, 50);
+    const p99 = percentile(latencies, 99);
+    const max = latencies[latencies.length - 1] ?? 0;
+
+    console.log(`[${label}]  connect=${connectTime.toFixed(0)}ms (${connected}/${n})  deliver: ${latencies.length}/${n} (${rate.toFixed(1)}%)  P50=${p50.toFixed(1)}ms  P99=${p99.toFixed(1)}ms  Max=${max.toFixed(1)}ms`);
+
+    disconnectAll(clients);
+    await wait(200);
+
+    return { n, connectMs: connectTime, connected, delivered: latencies.length, rate, p50, p99, max };
+}
+
+// ─── 테스트 ──────────────────────────────────────────────────────────────────
+
+describe("[WS Scale] 실제 TCP WebSocket 대규모 동시 연결", () => {
+    const results: Awaited<ReturnType<typeof runScaleTest>>[] = [];
+
+    it("100 동시 연결 — baseline", async () => {
+        const r = await runScaleTest(100, "WS/100  ", 200);
+        results.push(r);
+        expect(r.rate).toBe(100);
+    });
+
+    it("500 동시 연결", async () => {
+        const r = await runScaleTest(500, "WS/500  ", 300);
+        results.push(r);
+        expect(r.rate).toBe(100);
+    });
+
+    it("1,000 동시 연결", async () => {
+        const r = await runScaleTest(1_000, "WS/1k   ", 500);
+        results.push(r);
+        expect(r.rate).toBe(100);
+    });
+
+    it("2,000 동시 연결", async () => {
+        const r = await runScaleTest(2_000, "WS/2k   ", 1000);
+        results.push(r);
+        expect(r.rate).toBe(100);
+    });
+
+    it("5,000 동시 연결", async () => {
+        const r = await runScaleTest(5_000, "WS/5k   ", 2000);
+        results.push(r);
+        expect(r.rate).toBe(100);
+    });
+
+    it("10,000 동시 연결", async () => {
+        const r = await runScaleTest(10_000, "WS/10k  ", 3000);
+        results.push(r);
+        expect(r.rate).toBe(100);
+    });
+
+    it("결과 요약 테이블 출력", () => {
+        console.log("\n┌──────────┬────────────┬──────────┬──────────┬──────────┬──────────┐");
+        console.log("│ 구독자   │ 연결 시간  │ 수신률   │   P50    │   P99    │   Max    │");
+        console.log("├──────────┼────────────┼──────────┼──────────┼──────────┼──────────┤");
+        for (const r of results) {
+            const n = String(r.n).padStart(7);
+            const conn = `${r.connectMs.toFixed(0)}ms`.padStart(8);
+            const rate = `${r.rate.toFixed(1)}%`.padStart(6);
+            const p50 = `${r.p50.toFixed(1)}ms`.padStart(7);
+            const p99 = `${r.p99.toFixed(1)}ms`.padStart(7);
+            const max = `${r.max.toFixed(1)}ms`.padStart(7);
+            console.log(`│ ${n}  │ ${conn}   │ ${rate}   │ ${p50}  │ ${p99}  │ ${max}  │`);
+        }
+        console.log("└──────────┴────────────┴──────────┴──────────┴──────────┴──────────┘\n");
+
+        expect(results.length).toBeGreaterThanOrEqual(6);
+    });
+});

package/src/auth.ts

@@ -0,0 +1,155 @@
+import type { Context, Next } from "hono";
+import { HTTPException } from "hono/http-exception";
+import { sign, verify } from "hono/utils/jwt/jwt";
+
+// ─── Types ──────────────────────────────────────────────
+
+interface User {
+    id: string;
+    email: string;
+    name?: string;
+}
+
+interface AuthContext {
+    /** Get current user or null — Convex의 ctx.auth.getUserIdentity() */
+    getUserIdentity(): User | null;
+    /** Get current user or throw 401 — 편의 메서드 */
+    requireAuth(): User;
+}
+
+interface AuthConfig {
+    jwtSecret: string;
+}
+
+// ─── In-memory user store (POC용, 프로덕션에서는 Drizzle 테이블 사용) ──
+
+const users = new Map<string, User & { passwordHash: string; createdAt: string }>();
+
+// ─── Simple password hashing (POC용) ────────────────────
+
+async function hashPassword(password: string): Promise<string> {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(password);
+    const hash = await crypto.subtle.digest("SHA-256", data);
+    return Array.from(new Uint8Array(hash))
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+
+// ─── Auth middleware — Convex ctx.auth 패턴 재현 ─────────
+
+/**
+ * Auth middleware that injects `c.get('auth')` into context
+ *
+ * @example
+ * app.use('*', authMiddleware({ jwtSecret: 'secret' }));
+ *
+ * // In query/mutation:
+ * const user = c.get('auth').requireAuth();
+ */
+export function authMiddleware(config: AuthConfig) {
+    return async (c: Context, next: Next) => {
+        let currentUser: User | null = null;
+
+        // Extract JWT from Authorization header
+        const authHeader = c.req.header("Authorization");
+        if (authHeader?.startsWith("Bearer ")) {
+            const token = authHeader.slice(7);
+            try {
+                const payload = (await verify(token, config.jwtSecret, "HS256")) as any;
+                currentUser = {
+                    id: payload.sub as string,
+                    email: payload.email as string,
+                    name: payload.name as string | undefined,
+                };
+            } catch {
+                // Invalid token — continue as unauthenticated
+            }
+        }
+
+        const authContext: AuthContext = {
+            getUserIdentity: () => currentUser,
+            requireAuth: () => {
+                if (!currentUser) {
+                    throw new HTTPException(401, { message: "Authentication required" });
+                }
+                return currentUser;
+            },
+        };
+
+        c.set("auth", authContext);
+        await next();
+    };
+}
+
+// ─── Auth routes — 회원가입/로그인/프로필 ────────────────
+
+export function authRoutes(config: AuthConfig) {
+    return {
+        /** POST /auth/signup — 회원가입 */
+        async signup(c: Context) {
+            const { email, password, name } = await c.req.json();
+
+            if (!email || !password) {
+                return c.json({ error: "Email and password required" }, 400);
+            }
+
+            if (users.has(email)) {
+                return c.json({ error: "User already exists" }, 409);
+            }
+
+            const id = crypto.randomUUID();
+            const passwordHash = await hashPassword(password);
+            users.set(email, { id, email, name, passwordHash, createdAt: new Date().toISOString() });
+
+            const token = await sign(
+                { sub: id, email, name, exp: Math.floor(Date.now() / 1000) + 86400 },
+                config.jwtSecret
+            );
+
+            return c.json({ token, user: { id, email, name } });
+        },
+
+        /** POST /auth/login — 로그인 */
+        async login(c: Context) {
+            const { email, password } = await c.req.json();
+
+            const user = users.get(email);
+            if (!user) {
+                return c.json({ error: "Invalid credentials" }, 401);
+            }
+
+            const hash = await hashPassword(password);
+            if (hash !== user.passwordHash) {
+                return c.json({ error: "Invalid credentials" }, 401);
+            }
+
+            const token = await sign(
+                {
+                    sub: user.id,
+                    email: user.email,
+                    name: user.name,
+                    exp: Math.floor(Date.now() / 1000) + 86400,
+                },
+                config.jwtSecret
+            );
+
+            return c.json({
+                token,
+                user: { id: user.id, email: user.email, name: user.name },
+            });
+        },
+
+        /** GET /auth/me — 현재 유저 정보 */
+        async me(c: Context) {
+            const auth: AuthContext = c.get("auth");
+            const user = auth.requireAuth();
+            return c.json(user);
+        },
+    };
+}
+
+/** Get all registered users (for admin dashboard) */
+export function getUsers(): (User & { createdAt: string })[] {
+    return Array.from(users.values()).map(({ passwordHash, ...user }) => user);
+}