feat(sso): 인앱 브라우저 SSO 토큰 릴레이 — 카톡 WebView 쿠키 미공유 해결

카카오톡 인앱 WebView는 서브도메인 간 쿠키를 공유하지 않아 tkds에서 로그인 후 tkfb로 리다이렉트 시 인증이 풀리는 문제. - sso-relay.js: URL hash의 _sso= 토큰을 로컬 쿠키+localStorage로 설정 - gateway dashboard: 로그인 후 redirect URL에 #_sso=<token> 추가 - 전 서비스 HTML: core JS 직전에 sso-relay.js 로드 (81개 파일) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 15:44:02 +09:00
parent de6d918d42
commit 0de9d5bb48
90 changed files with 398 additions and 3 deletions
--- a/tksafety/web/checklist.html
+++ b/tksafety/web/checklist.html
@@ -164,6 +164,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-checklist.js?v=2026031401"></script>
    <script>initChecklistPage();</script>
--- a/tksafety/web/education.html
+++ b/tksafety/web/education.html
@@ -190,6 +190,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-education.js?v=2026031401"></script>
    <script>initEducationPage();</script>
--- a/tksafety/web/entry-dashboard.html
+++ b/tksafety/web/entry-dashboard.html
@@ -106,6 +106,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-entry-dashboard.js?v=2026031401"></script>
    <script>initEntryDashboard();</script>
--- a/tksafety/web/index.html
+++ b/tksafety/web/index.html
@@ -277,6 +277,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-visit.js?v=2026031401"></script>
    <script>initVisitPage();</script>
--- a/tksafety/web/risk-assess.html
+++ b/tksafety/web/risk-assess.html
@@ -210,6 +210,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-risk.js?v=2026031501"></script>
    <script>initRiskAssessPage();</script>
--- a/tksafety/web/risk-projects.html
+++ b/tksafety/web/risk-projects.html
@@ -166,6 +166,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-risk.js?v=2026031501"></script>
    <script>
--- a/tksafety/web/static/js/sso-relay.js
+++ b/tksafety/web/static/js/sso-relay.js
@@ -0,0 +1,39 @@
+/**
+ * SSO Token Relay — 인앱 브라우저(카카오톡 등) 서브도메인 쿠키 미공유 대응
+ *
+ * Canonical source: shared/frontend/sso-relay.js
+ * 전 서비스 동일 코드 — 수정 시 아래 파일 <20><><EFBFBD>체 갱신 필요:
+ *   system1-factory/web/js/sso-relay.js
+ *   system2-report/web/js/sso-relay.js
+ *   system3-nonconformance/web/static/js/sso-relay.js
+ *   user-management/web/static/js/sso-relay.js
+ *   tkpurchase/web/static/js/sso-relay.js
+ *   tksafety/web/static/js/sso-relay.js
+ *   tksupport/web/static/js/sso-relay.js
+ *
+ * 동작: URL hash에 _sso= 파라미터가 있으면 토큰을 로컬 쿠키+localStorage에 설정하고 hash를 제거.
+ * gateway/dashboard.html에서 로그인 성공 후 redirect URL에 #_sso=<token>을 붙여 전달.
+ */
+(function() {
+  var hash = location.hash;
+  if (!hash || hash.indexOf('_sso=') === -1) return;
+
+  var match = hash.match(/[#&]_sso=([^&]*)/);
+  if (!match) return;
+
+  var token = decodeURIComponent(match[1]);
+  if (!token) return;
+
+  // 로컬(1st-party) 쿠키 설정
+  var cookie = 'sso_token=' + encodeURIComponent(token) + '; path=/; max-age=604800';
+  if (location.hostname.indexOf('technicalkorea.net') !== -1) {
+    cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
+  }
+  document.cookie = cookie;
+
+  // localStorage 폴백
+  try { localStorage.setItem('sso_token', token); } catch (e) {}
+
+  // URL에서 hash 제거
+  history.replaceState(null, '', location.pathname + location.search);
+})();
--- a/tksafety/web/training.html
+++ b/tksafety/web/training.html
@@ -214,6 +214,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-training.js"></script>
    <script>initTrainingPage();</script>
--- a/tksafety/web/visit-management.html
+++ b/tksafety/web/visit-management.html
@@ -184,6 +184,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-visit-management.js?v=2026031401"></script>
    <script>initVisitManagementPage();</script>
--- a/tksafety/web/visit-request.html
+++ b/tksafety/web/visit-request.html
@@ -148,6 +148,7 @@
        </div>
    </div>

+    <script src="/static/js/sso-relay.js?v=20260401"></script>
    <script src="/static/js/tksafety-core.js?v=2026040101"></script>
    <script src="/static/js/tksafety-visit-request.js?v=2026031401"></script>
    <script>initVisitRequestPage();</script>