refactor: System2/3, User Management SSO 인증 통합

- System2 신고: SSO JWT 인증 전환, API base 정리
- System3 부적합: SSO 인증 매니저 통합, 권한 체계 정비
- User Management: SSO 토큰 기반 사용자 관리 API 연동

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

user-management/api/controllers/userController.js

@@ -92,7 +92,7 @@ async function resetPassword(req, res, next) {
   try {
     const userId = parseInt(req.params.id);
     const { new_password } = req.body;
-    const password = new_password || '000000';
+    const password = new_password || process.env.DEFAULT_PASSWORD || 'changeme!1';
 
     const user = await userModel.update(userId, { password });
     if (!user) {

user-management/api/index.js

@@ -21,8 +21,20 @@ const vacationRoutes = require('./routes/vacationRoutes');
 const app = express();
 const PORT = process.env.PORT || 3000;
 
+const allowedOrigins = [
+  'https://tkfb.technicalkorea.net',
+  'https://tkreport.technicalkorea.net',
+  'https://tkqc.technicalkorea.net',
+  'https://tkuser.technicalkorea.net',
+];
+if (process.env.NODE_ENV === 'development') {
+  allowedOrigins.push('http://localhost:30080', 'http://localhost:30180', 'http://localhost:30280');
+}
 app.use(cors({
-  origin: true,
+  origin: function(origin, cb) {
+    if (!origin || allowedOrigins.includes(origin) || /^http:\/\/192\.168\.\d+\.\d+(:\d+)?$/.test(origin)) return cb(null, true);
+    cb(new Error('CORS blocked: ' + origin));
+  },
   credentials: true
 }));
 app.use(express.json());