From 0de9d5bb486163d817881279b26065702d232d37 Mon Sep 17 00:00:00 2001 From: Hyungi Ahn Date: Wed, 1 Apr 2026 15:44:02 +0900 Subject: [PATCH] =?UTF-8?q?feat(sso):=20=EC=9D=B8=EC=95=B1=20=EB=B8=8C?= =?UTF-8?q?=EB=9D=BC=EC=9A=B0=EC=A0=80=20SSO=20=ED=86=A0=ED=81=B0=20?= =?UTF-8?q?=EB=A6=B4=EB=A0=88=EC=9D=B4=20=E2=80=94=20=EC=B9=B4=ED=86=A1=20?= =?UTF-8?q?WebView=20=EC=BF=A0=ED=82=A4=20=EB=AF=B8=EA=B3=B5=EC=9C=A0=20?= =?UTF-8?q?=ED=95=B4=EA=B2=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 카카오톡 인앱 WebView는 서브도메인 간 쿠키를 공유하지 않아 tkds에서 로그인 후 tkfb로 리다이렉트 시 인증이 풀리는 문제. - sso-relay.js: URL hash의 _sso= 토큰을 로컬 쿠키+localStorage로 설정 - gateway dashboard: 로그인 후 redirect URL에 #_sso= 추가 - 전 서비스 HTML: core JS 직전에 sso-relay.js 로드 (81개 파일) Co-Authored-By: Claude Opus 4.6 (1M context) --- gateway/html/dashboard.html | 6 ++- shared/frontend/sso-relay.js | 39 +++++++++++++++++++ system1-factory/web/index.html | 1 + system1-factory/web/js/sso-relay.js | 39 +++++++++++++++++++ .../web/pages/admin/attendance-report.html | 1 + .../web/pages/admin/equipment-detail.html | 1 + .../web/pages/admin/equipments.html | 1 + .../web/pages/admin/purchase-analysis.html | 1 + .../web/pages/admin/repair-management.html | 1 + .../web/pages/attendance/annual-overview.html | 1 + .../web/pages/attendance/checkin.html | 1 + .../web/pages/attendance/daily.html | 1 + .../pages/attendance/monthly-comparison.html | 1 + .../web/pages/attendance/monthly.html | 1 + .../pages/attendance/my-monthly-confirm.html | 1 + .../pages/attendance/my-vacation-info.html | 1 + .../pages/attendance/vacation-allocation.html | 1 + .../pages/attendance/vacation-approval.html | 1 + .../web/pages/attendance/vacation-input.html | 1 + .../pages/attendance/vacation-management.html | 1 + .../pages/attendance/vacation-request.html | 1 + .../web/pages/attendance/work-status.html | 1 + system1-factory/web/pages/dashboard-new.html | 1 + system1-factory/web/pages/dashboard.html | 1 + .../web/pages/inspection/daily-patrol.html | 1 + .../web/pages/inspection/zone-detail.html | 1 + system1-factory/web/pages/profile/info.html | 1 + .../web/pages/profile/password.html | 1 + .../web/pages/purchase/request-mobile.html | 1 + .../web/pages/purchase/request.html | 1 + system1-factory/web/pages/work/analysis.html | 3 +- .../web/pages/work/daily-status.html | 1 + .../web/pages/work/meeting-detail.html | 1 + system1-factory/web/pages/work/meetings.html | 1 + .../web/pages/work/proxy-input.html | 1 + .../web/pages/work/report-create-mobile.html | 1 + .../web/pages/work/report-create.html | 1 + system1-factory/web/pages/work/schedule.html | 1 + .../web/pages/work/tbm-create.html | 1 + .../web/pages/work/tbm-mobile.html | 1 + system1-factory/web/pages/work/tbm.html | 1 + system2-report/web/js/sso-relay.js | 39 +++++++++++++++++++ .../web/pages/safety/chat-report.html | 1 + .../web/pages/safety/issue-detail.html | 1 + .../web/pages/safety/issue-report.html | 1 + .../web/pages/safety/report-status.html | 1 + system3-nonconformance/web/ai-assistant.html | 1 + system3-nonconformance/web/issue-view.html | 1 + .../web/issues-archive.html | 1 + .../web/issues-dashboard.html | 1 + system3-nonconformance/web/issues-inbox.html | 1 + .../web/issues-management.html | 1 + system3-nonconformance/web/m/dashboard.html | 1 + system3-nonconformance/web/m/inbox.html | 1 + system3-nonconformance/web/m/management.html | 1 + system3-nonconformance/web/reports-daily.html | 1 + .../web/reports-monthly.html | 1 + .../web/reports-weekly.html | 1 + system3-nonconformance/web/reports.html | 1 + .../web/static/js/sso-relay.js | 39 +++++++++++++++++++ tkpurchase/web/accounts.html | 1 + tkpurchase/web/daylabor.html | 1 + tkpurchase/web/index.html | 1 + tkpurchase/web/partner-history.html | 1 + tkpurchase/web/partner-portal.html | 1 + tkpurchase/web/partner.html | 1 + tkpurchase/web/schedule.html | 1 + tkpurchase/web/static/js/sso-relay.js | 39 +++++++++++++++++++ tkpurchase/web/workreport-summary.html | 1 + tkpurchase/web/workreport.html | 1 + tksafety/web/checklist.html | 1 + tksafety/web/education.html | 1 + tksafety/web/entry-dashboard.html | 1 + tksafety/web/index.html | 1 + tksafety/web/risk-assess.html | 1 + tksafety/web/risk-projects.html | 1 + tksafety/web/static/js/sso-relay.js | 39 +++++++++++++++++++ tksafety/web/training.html | 1 + tksafety/web/visit-management.html | 1 + tksafety/web/visit-request.html | 1 + tksupport/web/company-holidays.html | 1 + tksupport/web/index.html | 1 + tksupport/web/static/js/sso-relay.js | 39 +++++++++++++++++++ tksupport/web/vacation-admin.html | 1 + tksupport/web/vacation-approval.html | 1 + tksupport/web/vacation-dashboard.html | 1 + tksupport/web/vacation-request.html | 1 + tksupport/web/vacation-status.html | 1 + user-management/web/index.html | 1 + user-management/web/static/js/sso-relay.js | 39 +++++++++++++++++++ 90 files changed, 398 insertions(+), 3 deletions(-) create mode 100644 shared/frontend/sso-relay.js create mode 100644 system1-factory/web/js/sso-relay.js create mode 100644 system2-report/web/js/sso-relay.js create mode 100644 system3-nonconformance/web/static/js/sso-relay.js create mode 100644 tkpurchase/web/static/js/sso-relay.js create mode 100644 tksafety/web/static/js/sso-relay.js create mode 100644 tksupport/web/static/js/sso-relay.js create mode 100644 user-management/web/static/js/sso-relay.js diff --git a/gateway/html/dashboard.html b/gateway/html/dashboard.html index 056f828..ea0f02a 100644 --- a/gateway/html/dashboard.html +++ b/gateway/html/dashboard.html @@ -781,7 +781,8 @@ var redirect = new URLSearchParams(location.search).get('redirect'); if (redirect && isSafeRedirect(redirect)) { - window.location.href = redirect; + var sep = redirect.indexOf('#') === -1 ? '#' : '&'; + window.location.href = redirect + sep + '_sso=' + encodeURIComponent(data.access_token); } else { window.location.href = '/dashboard'; } @@ -840,7 +841,8 @@ // Already logged in + redirect param var redirect = params.get('redirect'); if (redirect && isSafeRedirect(redirect)) { - window.location.href = redirect; + var sep = redirect.indexOf('#') === -1 ? '#' : '&'; + window.location.href = redirect + sep + '_sso=' + encodeURIComponent(token); return; } diff --git a/shared/frontend/sso-relay.js b/shared/frontend/sso-relay.js new file mode 100644 index 0000000..820bdb1 --- /dev/null +++ b/shared/frontend/sso-relay.js @@ -0,0 +1,39 @@ +/** + * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응 + * + * Canonical source: shared/frontend/sso-relay.js + * 전 서비스 동일 코드 — 수정 시 아래 파일 ���체 갱신 필요: + * system1-factory/web/js/sso-relay.js + * system2-report/web/js/sso-relay.js + * system3-nonconformance/web/static/js/sso-relay.js + * user-management/web/static/js/sso-relay.js + * tkpurchase/web/static/js/sso-relay.js + * tksafety/web/static/js/sso-relay.js + * tksupport/web/static/js/sso-relay.js + * + * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거. + * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=을 붙여 전달. + */ +(function() { + var hash = location.hash; + if (!hash || hash.indexOf('_sso=') === -1) return; + + var match = hash.match(/[#&]_sso=([^&]*)/); + if (!match) return; + + var token = decodeURIComponent(match[1]); + if (!token) return; + + // 로컬(1st-party) 쿠키 설정 + var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800'; + if (location.hostname.indexOf('technicalkorea.net') !== -1) { + cookie += '; domain=.technicalkorea.net; secure; samesite=lax'; + } + document.cookie = cookie; + + // localStorage 폴백 + try { localStorage.setItem('sso_token', token); } catch (e) {} + + // URL에서 hash 제거 + history.replaceState(null, '', location.pathname + location.search); +})(); diff --git a/system1-factory/web/index.html b/system1-factory/web/index.html index 9a4421d..44a390e 100644 --- a/system1-factory/web/index.html +++ b/system1-factory/web/index.html @@ -10,6 +10,7 @@ if('serviceWorker' in navigator){navigator.serviceWorker.getRegistrations().then(function(r){r.forEach(function(reg){reg.unregister()});})} if('caches' in window){caches.keys().then(function(k){k.forEach(function(key){caches.delete(key)})})} + diff --git a/system1-factory/web/pages/admin/equipment-detail.html b/system1-factory/web/pages/admin/equipment-detail.html index c943064..f6f8b13 100644 --- a/system1-factory/web/pages/admin/equipment-detail.html +++ b/system1-factory/web/pages/admin/equipment-detail.html @@ -314,6 +314,7 @@ + diff --git a/system1-factory/web/pages/admin/equipments.html b/system1-factory/web/pages/admin/equipments.html index a27223a..d0736e0 100644 --- a/system1-factory/web/pages/admin/equipments.html +++ b/system1-factory/web/pages/admin/equipments.html @@ -190,6 +190,7 @@ + diff --git a/system1-factory/web/pages/admin/purchase-analysis.html b/system1-factory/web/pages/admin/purchase-analysis.html index 3f4d8a4..a79ca02 100644 --- a/system1-factory/web/pages/admin/purchase-analysis.html +++ b/system1-factory/web/pages/admin/purchase-analysis.html @@ -135,6 +135,7 @@ + diff --git a/system1-factory/web/pages/admin/repair-management.html b/system1-factory/web/pages/admin/repair-management.html index 1ab55a7..f61291e 100644 --- a/system1-factory/web/pages/admin/repair-management.html +++ b/system1-factory/web/pages/admin/repair-management.html @@ -507,6 +507,7 @@ + diff --git a/system1-factory/web/pages/attendance/checkin.html b/system1-factory/web/pages/attendance/checkin.html index 0732227..5dfb423 100644 --- a/system1-factory/web/pages/attendance/checkin.html +++ b/system1-factory/web/pages/attendance/checkin.html @@ -234,6 +234,7 @@ + diff --git a/system1-factory/web/pages/attendance/daily.html b/system1-factory/web/pages/attendance/daily.html index feebbde..4103749 100644 --- a/system1-factory/web/pages/attendance/daily.html +++ b/system1-factory/web/pages/attendance/daily.html @@ -70,6 +70,7 @@ + diff --git a/system1-factory/web/pages/attendance/monthly-comparison.html b/system1-factory/web/pages/attendance/monthly-comparison.html index 3e0789c..b457822 100644 --- a/system1-factory/web/pages/attendance/monthly-comparison.html +++ b/system1-factory/web/pages/attendance/monthly-comparison.html @@ -162,6 +162,7 @@
+ diff --git a/system1-factory/web/pages/attendance/monthly.html b/system1-factory/web/pages/attendance/monthly.html index 1518c20..a6b394e 100644 --- a/system1-factory/web/pages/attendance/monthly.html +++ b/system1-factory/web/pages/attendance/monthly.html @@ -489,6 +489,7 @@ + diff --git a/system1-factory/web/pages/attendance/my-monthly-confirm.html b/system1-factory/web/pages/attendance/my-monthly-confirm.html index e9c690c..a42408f 100644 --- a/system1-factory/web/pages/attendance/my-monthly-confirm.html +++ b/system1-factory/web/pages/attendance/my-monthly-confirm.html @@ -104,6 +104,7 @@
+ diff --git a/system1-factory/web/pages/attendance/my-vacation-info.html b/system1-factory/web/pages/attendance/my-vacation-info.html index 0d8b570..d636a34 100644 --- a/system1-factory/web/pages/attendance/my-vacation-info.html +++ b/system1-factory/web/pages/attendance/my-vacation-info.html @@ -267,6 +267,7 @@ + diff --git a/system1-factory/web/pages/attendance/vacation-allocation.html b/system1-factory/web/pages/attendance/vacation-allocation.html index 75e6225..49965c8 100644 --- a/system1-factory/web/pages/attendance/vacation-allocation.html +++ b/system1-factory/web/pages/attendance/vacation-allocation.html @@ -353,6 +353,7 @@ + diff --git a/system1-factory/web/pages/attendance/vacation-approval.html b/system1-factory/web/pages/attendance/vacation-approval.html index 45890ab..496952a 100644 --- a/system1-factory/web/pages/attendance/vacation-approval.html +++ b/system1-factory/web/pages/attendance/vacation-approval.html @@ -130,6 +130,7 @@ + diff --git a/system1-factory/web/pages/attendance/vacation-input.html b/system1-factory/web/pages/attendance/vacation-input.html index 0ddc45a..b910a51 100644 --- a/system1-factory/web/pages/attendance/vacation-input.html +++ b/system1-factory/web/pages/attendance/vacation-input.html @@ -123,6 +123,7 @@ + diff --git a/system1-factory/web/pages/attendance/vacation-management.html b/system1-factory/web/pages/attendance/vacation-management.html index 9c417f9..de707fb 100644 --- a/system1-factory/web/pages/attendance/vacation-management.html +++ b/system1-factory/web/pages/attendance/vacation-management.html @@ -215,6 +215,7 @@ + diff --git a/system1-factory/web/pages/attendance/vacation-request.html b/system1-factory/web/pages/attendance/vacation-request.html index 91fe46e..e4ecb1c 100644 --- a/system1-factory/web/pages/attendance/vacation-request.html +++ b/system1-factory/web/pages/attendance/vacation-request.html @@ -117,6 +117,7 @@ + diff --git a/system1-factory/web/pages/attendance/work-status.html b/system1-factory/web/pages/attendance/work-status.html index 57c3a50..35a99d8 100644 --- a/system1-factory/web/pages/attendance/work-status.html +++ b/system1-factory/web/pages/attendance/work-status.html @@ -286,6 +286,7 @@ + diff --git a/system1-factory/web/pages/dashboard-new.html b/system1-factory/web/pages/dashboard-new.html index c3d8133..c37d57b 100644 --- a/system1-factory/web/pages/dashboard-new.html +++ b/system1-factory/web/pages/dashboard-new.html @@ -47,6 +47,7 @@ + diff --git a/system1-factory/web/pages/dashboard.html b/system1-factory/web/pages/dashboard.html index c966878..954afbc 100644 --- a/system1-factory/web/pages/dashboard.html +++ b/system1-factory/web/pages/dashboard.html @@ -324,6 +324,7 @@ + diff --git a/system1-factory/web/pages/inspection/daily-patrol.html b/system1-factory/web/pages/inspection/daily-patrol.html index 69aad0e..ba7bb50 100644 --- a/system1-factory/web/pages/inspection/daily-patrol.html +++ b/system1-factory/web/pages/inspection/daily-patrol.html @@ -209,6 +209,7 @@ }, 50); })(); + diff --git a/system1-factory/web/pages/inspection/zone-detail.html b/system1-factory/web/pages/inspection/zone-detail.html index a22c728..23cf471 100644 --- a/system1-factory/web/pages/inspection/zone-detail.html +++ b/system1-factory/web/pages/inspection/zone-detail.html @@ -304,6 +304,7 @@ }, 50); })(); + diff --git a/system1-factory/web/pages/profile/info.html b/system1-factory/web/pages/profile/info.html index a10175e..6a5e117 100644 --- a/system1-factory/web/pages/profile/info.html +++ b/system1-factory/web/pages/profile/info.html @@ -320,6 +320,7 @@ + diff --git a/system1-factory/web/pages/profile/password.html b/system1-factory/web/pages/profile/password.html index b8e2a7b..173b40c 100644 --- a/system1-factory/web/pages/profile/password.html +++ b/system1-factory/web/pages/profile/password.html @@ -390,6 +390,7 @@ + diff --git a/system1-factory/web/pages/purchase/request-mobile.html b/system1-factory/web/pages/purchase/request-mobile.html index a145c13..5c1fb6a 100644 --- a/system1-factory/web/pages/purchase/request-mobile.html +++ b/system1-factory/web/pages/purchase/request-mobile.html @@ -97,6 +97,7 @@
+ diff --git a/system1-factory/web/pages/purchase/request.html b/system1-factory/web/pages/purchase/request.html index 8eee40e..903af7e 100644 --- a/system1-factory/web/pages/purchase/request.html +++ b/system1-factory/web/pages/purchase/request.html @@ -312,6 +312,7 @@ + diff --git a/system1-factory/web/pages/work/analysis.html b/system1-factory/web/pages/work/analysis.html index 85e44dc..282d4cf 100644 --- a/system1-factory/web/pages/work/analysis.html +++ b/system1-factory/web/pages/work/analysis.html @@ -277,6 +277,7 @@ + @@ -2871,4 +2872,4 @@ - \ No newline at end of file + diff --git a/system1-factory/web/pages/work/daily-status.html b/system1-factory/web/pages/work/daily-status.html index d652637..a3b4610 100644 --- a/system1-factory/web/pages/work/daily-status.html +++ b/system1-factory/web/pages/work/daily-status.html @@ -163,6 +163,7 @@ + diff --git a/system1-factory/web/pages/work/meeting-detail.html b/system1-factory/web/pages/work/meeting-detail.html index cf464d4..9de24c5 100644 --- a/system1-factory/web/pages/work/meeting-detail.html +++ b/system1-factory/web/pages/work/meeting-detail.html @@ -193,6 +193,7 @@ + diff --git a/system1-factory/web/pages/work/meetings.html b/system1-factory/web/pages/work/meetings.html index 68a9567..92e6dae 100644 --- a/system1-factory/web/pages/work/meetings.html +++ b/system1-factory/web/pages/work/meetings.html @@ -80,6 +80,7 @@ + diff --git a/system1-factory/web/pages/work/proxy-input.html b/system1-factory/web/pages/work/proxy-input.html index ca43b84..4004c6f 100644 --- a/system1-factory/web/pages/work/proxy-input.html +++ b/system1-factory/web/pages/work/proxy-input.html @@ -114,6 +114,7 @@ + diff --git a/system1-factory/web/pages/work/report-create-mobile.html b/system1-factory/web/pages/work/report-create-mobile.html index 2f7f94f..afa8194 100644 --- a/system1-factory/web/pages/work/report-create-mobile.html +++ b/system1-factory/web/pages/work/report-create-mobile.html @@ -190,6 +190,7 @@ + diff --git a/system1-factory/web/pages/work/report-create.html b/system1-factory/web/pages/work/report-create.html index 70f1afd..e155630 100644 --- a/system1-factory/web/pages/work/report-create.html +++ b/system1-factory/web/pages/work/report-create.html @@ -149,6 +149,7 @@ + diff --git a/system1-factory/web/pages/work/schedule.html b/system1-factory/web/pages/work/schedule.html index c087027..45034fe 100644 --- a/system1-factory/web/pages/work/schedule.html +++ b/system1-factory/web/pages/work/schedule.html @@ -347,6 +347,7 @@ + diff --git a/system1-factory/web/pages/work/tbm-mobile.html b/system1-factory/web/pages/work/tbm-mobile.html index ad831dd..f063b49 100644 --- a/system1-factory/web/pages/work/tbm-mobile.html +++ b/system1-factory/web/pages/work/tbm-mobile.html @@ -264,6 +264,7 @@ + diff --git a/system1-factory/web/pages/work/tbm.html b/system1-factory/web/pages/work/tbm.html index 7074352..e932138 100644 --- a/system1-factory/web/pages/work/tbm.html +++ b/system1-factory/web/pages/work/tbm.html @@ -573,6 +573,7 @@
+ diff --git a/system2-report/web/js/sso-relay.js b/system2-report/web/js/sso-relay.js new file mode 100644 index 0000000..820bdb1 --- /dev/null +++ b/system2-report/web/js/sso-relay.js @@ -0,0 +1,39 @@ +/** + * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응 + * + * Canonical source: shared/frontend/sso-relay.js + * 전 서비스 동일 코드 — 수정 시 아래 파일 ���체 갱신 필요: + * system1-factory/web/js/sso-relay.js + * system2-report/web/js/sso-relay.js + * system3-nonconformance/web/static/js/sso-relay.js + * user-management/web/static/js/sso-relay.js + * tkpurchase/web/static/js/sso-relay.js + * tksafety/web/static/js/sso-relay.js + * tksupport/web/static/js/sso-relay.js + * + * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거. + * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=을 붙여 전달. + */ +(function() { + var hash = location.hash; + if (!hash || hash.indexOf('_sso=') === -1) return; + + var match = hash.match(/[#&]_sso=([^&]*)/); + if (!match) return; + + var token = decodeURIComponent(match[1]); + if (!token) return; + + // 로컬(1st-party) 쿠키 설정 + var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800'; + if (location.hostname.indexOf('technicalkorea.net') !== -1) { + cookie += '; domain=.technicalkorea.net; secure; samesite=lax'; + } + document.cookie = cookie; + + // localStorage 폴백 + try { localStorage.setItem('sso_token', token); } catch (e) {} + + // URL에서 hash 제거 + history.replaceState(null, '', location.pathname + location.search); +})(); diff --git a/system2-report/web/pages/safety/chat-report.html b/system2-report/web/pages/safety/chat-report.html index a142f90..22bc402 100644 --- a/system2-report/web/pages/safety/chat-report.html +++ b/system2-report/web/pages/safety/chat-report.html @@ -6,6 +6,7 @@ AI 신고 도우미 | (주)테크니컬코리아 + diff --git a/system2-report/web/pages/safety/issue-detail.html b/system2-report/web/pages/safety/issue-detail.html index c75debf..8df50f8 100644 --- a/system2-report/web/pages/safety/issue-detail.html +++ b/system2-report/web/pages/safety/issue-detail.html @@ -8,6 +8,7 @@ + diff --git a/system2-report/web/pages/safety/issue-report.html b/system2-report/web/pages/safety/issue-report.html index 84519d1..01d68c4 100644 --- a/system2-report/web/pages/safety/issue-report.html +++ b/system2-report/web/pages/safety/issue-report.html @@ -5,6 +5,7 @@ 신고 등록 | (주)테크니컬코리아 +