實作註冊、登入功能

lib/utils/jwt.ts

@@ -0,0 +1,40 @@
+import jwt from 'jsonwebtoken'
+
+const JWT_SECRET = process.env.JWT_SECRET || 'hr_assessment_super_secret_key_2024_secure_random_string'
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '7d'
+
+export interface JWTPayload {
+  userId: string
+  email: string
+  role: string
+  name: string
+}
+
+// 生成 JWT Token
+export function generateToken(payload: JWTPayload): string {
+  return jwt.sign(payload, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN })
+}
+
+// 驗證 JWT Token
+export function verifyToken(token: string): JWTPayload | null {
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET) as JWTPayload
+    return decoded
+  } catch (error) {
+    console.error('JWT 驗證失敗:', error)
+    return null
+  }
+}
+
+// 從 Authorization header 中提取 token
+export function extractTokenFromHeader(authHeader: string | null): string | null {
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    return null
+  }
+  return authHeader.substring(7)
+}
+
+// 生成刷新 token
+export function generateRefreshToken(payload: JWTPayload): string {
+  return jwt.sign(payload, JWT_SECRET, { expiresIn: '30d' })
+}

lib/utils/password.ts

@@ -0,0 +1,23 @@
+import bcrypt from 'bcryptjs'
+
+const SALT_ROUNDS = 12
+
+// 雜湊密碼
+export async function hashPassword(password: string): Promise<string> {
+  return await bcrypt.hash(password, SALT_ROUNDS)
+}
+
+// 驗證密碼
+export async function verifyPassword(password: string, hashedPassword: string): Promise<boolean> {
+  return await bcrypt.compare(password, hashedPassword)
+}
+
+// 同步雜湊密碼（用於種子數據）
+export function hashPasswordSync(password: string): string {
+  return bcrypt.hashSync(password, SALT_ROUNDS)
+}
+
+// 同步驗證密碼
+export function verifyPasswordSync(password: string, hashedPassword: string): boolean {
+  return bcrypt.compareSync(password, hashedPassword)
+}