hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: SSO 쿠키 인증 통합 + 서브도메인 라우팅 아키텍처

Browse Source 
- Path-based 라우팅을 서브도메인 기반으로 전환
  (tkfb/tkreport/tkqc.technicalkorea.net)
- 3개 시스템 프론트엔드에 SSO 쿠키 인증 통합
  (domain=.technicalkorea.net, localStorage 폴백)
- Gateway: 포털+로그인+System1 프록시, 쿠키 SSO 설정
- System 1: 토큰키 통일, nginx.conf 생성, 신고페이지 리다이렉트
- System 2: api-base.js/app-init.js 생성, getSSOToken() 통합
- System 3: TokenManager 쿠키 지원, 중앙 로그인 리다이렉트
- docker-compose.yml에 cloudflared 서비스 추가
- DEPLOY-GUIDE.md 배포 가이드 작성

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
2026-02-09 18:41:44 +09:00
parent 550633b89d
commit 6495b8af32
114 changed files with 1729 additions and 4335 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
system3-nonconformance/api/routers/auth.py
View File

@@ -21,13 +21,33 @@ async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = De
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
token_data = verify_token(token, credentials_exception)
user = db.query(User).filter(User.username == token_data.username).first()
if user is None:
raise credentials_exception
if not user.is_active:
raise HTTPException(status_code=400, detail="Inactive user")
return user
payload = verify_token(token, credentials_exception)
username = payload.get("sub")
# 로컬 DB에서 사용자 조회
user = db.query(User).filter(User.username == username).first()
if user is not None:
if not user.is_active:
raise HTTPException(status_code=400, detail="Inactive user")
return user
# DB에 없는 SSO 사용자: JWT payload로 임시 User 객체 생성
sso_role = payload.get("role", "user")
role_map = {
"Admin": UserRole.admin,
"System Admin": UserRole.admin,
}
mapped_role = role_map.get(sso_role, UserRole.user)
sso_user = User(
id=0,
username=username,
hashed_password="",
full_name=payload.get("name", username),
role=mapped_role,
is_active=True,
)
return sso_user
async def get_current_admin(current_user: User = Depends(get_current_user)):
if current_user.role != UserRole.admin:

9
system3-nonconformance/api/services/auth_service.py
View File

@@ -7,7 +7,7 @@ import os
import bcrypt as bcrypt_lib
from database.models import User, UserRole
from database.schemas import TokenData
from database.schemas import TokenData # kept for compatibility
# 환경 변수 - SSO 공유 시크릿 사용 (docker-compose에서 SECRET_KEY=SSO_JWT_SECRET)
SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-here")
@@ -56,16 +56,13 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
return encoded_jwt
def verify_token(token: str, credentials_exception):
"""JWT 토큰 검증 - SSO 토큰 페이로드 구조 지원"""
"""JWT 토큰 검증 - SSO 토큰 전체 페이로드 반환"""
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
# SSO 토큰: "sub" 필드에 username
# 기존 M-Project 토큰: "sub" 필드에 username
username: str = payload.get("sub")
if username is None:
raise credentials_exception
token_data = TokenData(username=username)
return token_data
return payload
except JWTError:
raise credentials_exception

10
system3-nonconformance/web/admin.html
View File

@@ -393,7 +393,7 @@
// API 로드 후 초기화 함수
async function initializeAdmin() {
const token = localStorage.getItem('access_token');
const token = TokenManager.getToken();
if (!token) {
window.location.href = '/index.html';
return;
@@ -423,8 +423,8 @@
} catch (error) {
console.error('인증 실패:', error);
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = '/index.html';
return;
}
@@ -729,7 +729,7 @@
try {
const response = await fetch(`/api/users/${userId}/page-permissions`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -860,7 +860,7 @@
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
},
body: JSON.stringify({
user_id: parseInt(selectedUserId),

12
system3-nonconformance/web/daily-work.html
View File

@@ -274,7 +274,7 @@
// API 로드 후 초기화 함수
async function initializeDailyWork() {
const token = localStorage.getItem('access_token');
const token = TokenManager.getToken();
if (!token) {
window.location.href = '/index.html';
return;
@@ -304,8 +304,8 @@
} catch (error) {
console.error('인증 실패:', error);
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = '/index.html';
return;
}
@@ -342,7 +342,7 @@
const apiUrl = window.API_BASE_URL || 'http://localhost:16080/api';
const response = await fetch(`${apiUrl}/projects/`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -652,8 +652,8 @@
// 로그아웃
function logout() {
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = '/index.html';
}
</script>

43
system3-nonconformance/web/index.html
View File

@@ -621,18 +621,32 @@
});
}
// 쿠키 헬퍼
function _ckGet(name) {
var m = document.cookie.match(new RegExp('(?:^|; )' + name + '=([^;]*)'));
return m ? decodeURIComponent(m[1]) : null;
}
function _ckRemove(name) {
var c = name + '=; path=/; max-age=0';
if (window.location.hostname.includes('technicalkorea.net')) c += '; domain=.technicalkorea.net';
document.cookie = c;
}
function _centralLoginUrl() {
var h = window.location.hostname;
if (h.includes('technicalkorea.net')) return window.location.protocol + '//tkfb.technicalkorea.net/login?redirect=' + encodeURIComponent(window.location.href);
return window.location.protocol + '//' + h + ':30000/login?redirect=' + encodeURIComponent(window.location.href);
}
// 수동 초기화 함수 (initializeApp 함수가 로드되지 않을 때 사용)
async function manualInitialize() {
console.log('🔧 수동 초기화 시작');
// 토큰이 있으면 사용자 정보 가져오기
const token = localStorage.getItem('access_token');
// SSO 쿠키 우선, localStorage 폴백
const token = _ckGet('sso_token') || localStorage.getItem('sso_token') || localStorage.getItem('access_token');
if (token) {
try {
// 토큰으로 사용자 정보 가져오기 (API 호출)
const user = await AuthAPI.getCurrentUser();
currentUser = user;
// localStorage에도 백업 저장
localStorage.setItem('currentUser', JSON.stringify(user));
@@ -670,8 +684,10 @@
} catch (error) {
console.error('수동 초기화 실패:', error);
// 토큰이 유효하지 않으면 로그아웃
_ckRemove('sso_token'); _ckRemove('sso_user'); _ckRemove('sso_refresh_token');
localStorage.removeItem('access_token');
localStorage.removeItem('sso_token');
localStorage.removeItem('sso_user');
localStorage.removeItem('currentUser');
}
}
@@ -721,17 +737,14 @@
handleUrlHash();
} else {
console.log('❌ 인증되지 않은 사용자 - 로그인 화면 표시');
// 로그인이 필요한 경우 로그인 화면 표시
document.getElementById('loginScreen').classList.remove('hidden');
document.getElementById('mainScreen').classList.add('hidden');
// 인증되지 않은 사용자 → 중앙 로그인으로
window.location.href = _centralLoginUrl();
return;
}
} catch (error) {
console.error('앱 초기화 실패:', error);
// 에러 발생 시 로그인 화면 표시
document.getElementById('loginScreen').classList.remove('hidden');
document.getElementById('mainScreen').classList.add('hidden');
console.error('앱 초기화 실패:', error);
window.location.href = _centralLoginUrl();
}
}

10
system3-nonconformance/web/issue-view.html
View File

@@ -243,7 +243,7 @@
// API 로드 후 초기화 함수
async function initializeIssueView() {
const token = localStorage.getItem('access_token');
const token = TokenManager.getToken();
if (!token) {
window.location.href = '/index.html';
return;
@@ -276,8 +276,8 @@
} catch (error) {
console.error('인증 실패:', error);
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = '/index.html';
return;
}
@@ -948,8 +948,8 @@
// 로그아웃 함수
function logout() {
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = 'index.html';
}

10
system3-nonconformance/web/issues-archive.html
View File

@@ -249,7 +249,7 @@
// API 로드 후 초기화 함수
async function initializeArchive() {
const token = localStorage.getItem('access_token');
const token = TokenManager.getToken();
if (!token) {
window.location.href = '/index.html';
return;
@@ -278,8 +278,8 @@
} catch (error) {
console.error('인증 실패:', error);
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = '/index.html';
}
}
@@ -290,7 +290,7 @@
const apiUrl = window.API_BASE_URL || 'http://localhost:16080/api';
const response = await fetch(`${apiUrl}/projects/`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -316,7 +316,7 @@
const response = await fetch(endpoint, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});

52
system3-nonconformance/web/issues-dashboard.html
View File

@@ -326,7 +326,7 @@
const apiUrl = window.API_BASE_URL || 'http://localhost:16080/api';
const response = await fetch(`${apiUrl}/projects/`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -346,7 +346,7 @@
try {
const response = await fetch('/api/issues/admin/all', {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -1238,7 +1238,7 @@
const response = await fetch(`/api/issues/${selectedRejectionIssueId}/reject-completion`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -1313,7 +1313,7 @@
try {
const issueResponse = await fetch(`/api/issues/${issueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1355,7 +1355,7 @@
try {
const issueResponse = await fetch(`/api/issues/${selectedCommentIssueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1386,7 +1386,7 @@
const response = await fetch(`/api/issues/${selectedCommentIssueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -1450,7 +1450,7 @@
try {
const issueResponse = await fetch(`/api/issues/${selectedReplyIssueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1505,7 +1505,7 @@
const response = await fetch(`/api/issues/${selectedReplyIssueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -1544,7 +1544,7 @@
// 현재 이슈 정보 가져오기
const issueResponse = await fetch(`/api/issues/${issueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1606,7 +1606,7 @@
try {
const issueResponse = await fetch(`/api/issues/${selectedEditIssueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1645,7 +1645,7 @@
const response = await fetch(`/api/issues/${selectedEditIssueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -1676,7 +1676,7 @@
try {
const issueResponse = await fetch(`/api/issues/${issueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1699,7 +1699,7 @@
const response = await fetch(`/api/issues/${issueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -1737,7 +1737,7 @@
try {
const issueResponse = await fetch(`/api/issues/${issueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1787,7 +1787,7 @@
try {
const issueResponse = await fetch(`/api/issues/${selectedEditCommentIssueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1817,7 +1817,7 @@
const response = await fetch(`/api/issues/${selectedEditCommentIssueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ solution: updatedSolution })
@@ -1851,7 +1851,7 @@
try {
const issueResponse = await fetch(`/api/issues/${issueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1891,7 +1891,7 @@
const response = await fetch(`/api/issues/${issueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ solution: updatedSolution })
@@ -1929,7 +1929,7 @@
try {
const issueResponse = await fetch(`/api/issues/${issueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1985,7 +1985,7 @@
try {
const issueResponse = await fetch(`/api/issues/${selectedEditReplyIssueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -2020,7 +2020,7 @@
const response = await fetch(`/api/issues/${selectedEditReplyIssueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ solution: updatedSolution })
@@ -2055,7 +2055,7 @@
try {
const issueResponse = await fetch(`/api/issues/${issueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -2092,7 +2092,7 @@
const response = await fetch(`/api/issues/${issueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ solution: updatedSolution })
@@ -2134,7 +2134,7 @@
// 현재 이슈 정보 가져오기
const issueResponse = await fetch(`/api/issues/${selectedOpinionIssueId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -2164,7 +2164,7 @@
const response = await fetch(`/api/issues/${selectedOpinionIssueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -2238,7 +2238,7 @@
const response = await fetch(`/api/issues/${selectedCompletionIssueId}/completion-request`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({

20
system3-nonconformance/web/issues-inbox.html
View File

@@ -581,7 +581,7 @@
async function initializeInbox() {
console.log('🚀 수신함 초기화 시작');
const token = localStorage.getItem('access_token');
const token = TokenManager.getToken();
console.log('토큰 존재:', !!token);
if (!token) {
@@ -639,8 +639,8 @@
// 401 Unauthorized 에러인 경우만 로그아웃 처리
if (error.message && (error.message.includes('401') || error.message.includes('Unauthorized') || error.message.includes('Not authenticated'))) {
console.log('🔐 인증 토큰 만료 - 로그아웃 처리');
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = '/index.html';
} else {
// 다른 에러는 사용자에게 알리고 계속 진행
@@ -671,7 +671,7 @@
const apiUrl = window.API_BASE_URL || 'http://localhost:16080/api';
const response = await fetch(`${apiUrl}/projects/`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -718,7 +718,7 @@
const response = await fetch(url, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -905,7 +905,7 @@
try {
const processedResponse = await fetch('/api/inbox/statistics', {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -1038,7 +1038,7 @@
try {
const response = await fetch(`/api/inbox/management-issues${projectId ? `?project_id=${projectId}` : ''}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -1140,7 +1140,7 @@
const response = await fetch(`/api/inbox/${currentIssueId}/dispose`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(requestBody)
@@ -1237,7 +1237,7 @@
const response = await fetch(`/api/inbox/${currentIssueId}/review`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -1388,7 +1388,7 @@
const response = await fetch(`/api/inbox/${currentIssueId}/status`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(requestBody)

36
system3-nonconformance/web/issues-management.html
View File

@@ -434,7 +434,7 @@
// API 로드 후 초기화 함수
async function initializeManagement() {
const token = localStorage.getItem('access_token');
const token = TokenManager.getToken();
if (!token) {
window.location.href = '/index.html';
return;
@@ -463,8 +463,8 @@
} catch (error) {
console.error('인증 실패:', error);
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = '/index.html';
}
}
@@ -475,7 +475,7 @@
const apiUrl = window.API_BASE_URL || 'http://localhost:16080/api';
const response = await fetch(`${apiUrl}/projects/`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -496,7 +496,7 @@
const response = await fetch(endpoint, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -1286,7 +1286,7 @@
const response = await fetch(`/api/issues/${currentIssueId}`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -1318,7 +1318,7 @@
const response = await fetch(`/api/inbox/${issueId}/status`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -1366,7 +1366,7 @@
const response = await fetch(`/api/issues/${issueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(updates)
@@ -1608,7 +1608,7 @@
const response = await fetch(`/api/issues/${currentModalIssueId}/management`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(updates)
@@ -1757,7 +1757,7 @@
try {
const response = await fetch(`/api/management/${issueId}/additional-info`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -1796,7 +1796,7 @@
const response = await fetch(`/api/management/${selectedIssueId}/additional-info`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(formData)
@@ -1877,7 +1877,7 @@
const response = await fetch(`/api/management/${issueId}`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -2257,7 +2257,7 @@
const response = await fetch(`/api/management/${issueId}`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(requestBody)
@@ -2351,7 +2351,7 @@
const response = await fetch(`/api/issues/${issueId}/reset-completion`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -2375,7 +2375,7 @@
const response = await fetch(`/api/issues/${issueId}/reject-completion`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
@@ -2585,7 +2585,7 @@
const saveResponse = await fetch(`/api/management/${issueId}`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(requestBody)
@@ -2615,7 +2615,7 @@
const response = await fetch(`/api/issues/${issueId}/final-completion`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});
@@ -2677,7 +2677,7 @@
const response = await fetch(`/api/issues/${issueId}`, {
method: 'DELETE',
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`,
'Authorization': `Bearer ${TokenManager.getToken()}`,
'Content-Type': 'application/json'
}
});

6
system3-nonconformance/web/project-management.html
View File

@@ -276,7 +276,7 @@
async function initAuth() {
console.log('인증 초기화 시작');
const token = localStorage.getItem('access_token');
const token = TokenManager.getToken();
console.log('토큰 존재:', !!token);
if (!token) {
@@ -295,8 +295,8 @@
return true;
} catch (error) {
console.error('인증 실패:', error);
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
TokenManager.removeToken();
TokenManager.removeUser();
alert('로그인이 필요합니다.');
window.location.href = 'index.html';
return false;

6
system3-nonconformance/web/reports-daily.html
View File

@@ -238,7 +238,7 @@
const response = await fetch(`${apiUrl}/projects/`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -305,7 +305,7 @@
const apiUrl = window.API_BASE_URL || 'http://localhost:16080/api';
const response = await fetch(`${apiUrl}/reports/daily-preview?project_id=${selectedProjectId}`, {
headers: {
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
}
});
@@ -432,7 +432,7 @@
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${localStorage.getItem('access_token')}`
'Authorization': `Bearer ${TokenManager.getToken()}`
},
body: JSON.stringify({
project_id: parseInt(selectedProjectId)

107
system3-nonconformance/web/static/js/api.js
View File

@@ -1,43 +1,80 @@
// API 기본 설정 (Cloudflare 터널 + 로컬 환경 지원)
// SSO 쿠키 헬퍼
function _cookieGet(name) {
const match = document.cookie.match(new RegExp('(?:^|; )' + name + '=([^;]*)'));
return match ? decodeURIComponent(match[1]) : null;
}
function _cookieRemove(name) {
let cookie = name + '=; path=/; max-age=0';
if (window.location.hostname.includes('technicalkorea.net')) {
cookie += '; domain=.technicalkorea.net';
}
document.cookie = cookie;
}
// 중앙 로그인 URL
function _getLoginUrl() {
const hostname = window.location.hostname;
if (hostname.includes('technicalkorea.net')) {
return window.location.protocol + '//tkfb.technicalkorea.net/login?redirect=' + encodeURIComponent(window.location.href);
}
return window.location.protocol + '//' + hostname + ':30000/login?redirect=' + encodeURIComponent(window.location.href);
}
// API 기본 설정 (통합 환경 지원)
const API_BASE_URL = (() => {
const hostname = window.location.hostname;
const protocol = window.location.protocol;
const port = window.location.port;
console.log('🔧 API URL 생성 - hostname:', hostname, 'protocol:', protocol, 'port:', port);
// 로컬 환경 (포트 있음)
// 프로덕션 (technicalkorea.net) - 같은 도메인 /api
if (hostname.includes('technicalkorea.net')) {
return protocol + '//' + hostname + '/api';
}
// 통합 개발 환경 (포트 30280)
if (port === '30280' || port === '30000') {
return protocol + '//' + hostname + ':30200/api';
}
// 기존 TKQC 로컬 환경 (포트 16080)
if (port === '16080') {
const url = `${protocol}//${hostname}:${port}/api`;
console.log('🏠 로컬 환경 URL:', url);
return url;
return protocol + '//' + hostname + ':16080/api';
}
// Cloudflare 터널 환경 (m.hyungi.net) - 강제 HTTPS
if (hostname === 'm.hyungi.net') {
const url = `https://m-api.hyungi.net/api`;
console.log('☁️ Cloudflare 환경 URL:', url);
return url;
}
// 기타 환경
const url = '/api';
console.log('🌐 기타 환경 URL:', url);
return url;
return '/api';
})();
// 토큰 관리
// 토큰 관리 (SSO 쿠키 + localStorage 이중 지원)
const TokenManager = {
getToken: () => localStorage.getItem('access_token'),
getToken: () => {
// SSO 쿠키 우선 (sso_token), localStorage 폴백 (access_token)
return _cookieGet('sso_token') || localStorage.getItem('sso_token') || localStorage.getItem('access_token');
},
setToken: (token) => localStorage.setItem('access_token', token),
removeToken: () => localStorage.removeItem('access_token'),
removeToken: () => {
_cookieRemove('sso_token');
_cookieRemove('sso_user');
_cookieRemove('sso_refresh_token');
localStorage.removeItem('access_token');
localStorage.removeItem('sso_token');
localStorage.removeItem('sso_user');
},
getUser: () => {
const userStr = localStorage.getItem('current_user');
// SSO 쿠키 우선, localStorage 폴백
const ssoUser = _cookieGet('sso_user') || localStorage.getItem('sso_user');
if (ssoUser) {
try { return JSON.parse(ssoUser); } catch(e) {}
}
const userStr = localStorage.getItem('currentUser') || localStorage.getItem('current_user');
return userStr ? JSON.parse(userStr) : null;
},
setUser: (user) => localStorage.setItem('current_user', JSON.stringify(user)),
removeUser: () => localStorage.removeItem('current_user')
removeUser: () => {
localStorage.removeItem('current_user');
localStorage.removeItem('currentUser');
}
};
// API 요청 헬퍼
@@ -64,10 +101,10 @@ async function apiRequest(endpoint, options = {}) {
const response = await fetch(`${API_BASE_URL}${endpoint}`, config);
if (response.status === 401) {
// 인증 실패 시 로그인 페이지로
// 인증 실패 시 중앙 로그인 페이지로
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = '/index.html';
window.location.href = _getLoginUrl();
return;
}
@@ -129,7 +166,7 @@ const AuthAPI = {
logout: () => {
TokenManager.removeToken();
TokenManager.removeUser();
window.location.href = '/index.html';
window.location.href = _getLoginUrl();
},
getMe: () => apiRequest('/auth/me'),
@@ -287,7 +324,7 @@ const ReportsAPI = {
function checkAuth() {
const user = TokenManager.getUser();
if (!user) {
window.location.href = '/index.html';
window.location.href = _getLoginUrl();
return null;
}
return user;
@@ -297,27 +334,27 @@ function checkAdminAuth() {
const user = checkAuth();
if (user && user.role !== 'admin') {
alert('관리자 권한이 필요합니다.');
window.location.href = '/index.html';
window.location.href = _getLoginUrl();
return null;
}
return user;
}
// 페이지 접근 권한 체크 함수 (새로 추가)
// 페이지 접근 권한 체크 함수
function checkPageAccess(pageName) {
const user = checkAuth();
if (!user) return null;
// admin은 모든 페이지 접근 가능
if (user.role === 'admin') return user;
// 페이지별 권한 체크는 pagePermissionManager에서 처리
if (window.pagePermissionManager && !window.pagePermissionManager.canAccessPage(pageName)) {
alert('이 페이지에 접근할 권한이 없습니다.');
window.location.href = '/index.html';
window.location.href = _getLoginUrl();
return null;
}
return user;
}

33
system3-nonconformance/web/static/js/app.js
View File

@@ -46,12 +46,17 @@ class App {
* 인증 확인
*/
async checkAuth() {
const token = localStorage.getItem('access_token');
// SSO 쿠키 우선, localStorage 폴백
const token = this._cookieGet('sso_token') || localStorage.getItem('sso_token') || localStorage.getItem('access_token');
if (!token) {
throw new Error('토큰 없음');
}
// 임시로 localStorage에서 사용자 정보 가져오기
// SSO 쿠키에서 사용자 정보 시도
const ssoUser = this._cookieGet('sso_user') || localStorage.getItem('sso_user');
if (ssoUser) {
try { this.currentUser = JSON.parse(ssoUser); return; } catch(e) {}
}
const storedUser = localStorage.getItem('currentUser');
if (storedUser) {
this.currentUser = JSON.parse(storedUser);
@@ -60,6 +65,11 @@ class App {
}
}
_cookieGet(name) {
const match = document.cookie.match(new RegExp('(?:^|; )' + name + '=([^;]*)'));
return match ? decodeURIComponent(match[1]) : null;
}
/**
* API 스크립트 동적 로드
*/
@@ -360,16 +370,27 @@ class App {
* 로그아웃
*/
logout() {
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
if (window.authManager) {
window.authManager.clearAuth();
} else {
localStorage.removeItem('access_token');
localStorage.removeItem('sso_token');
localStorage.removeItem('sso_user');
localStorage.removeItem('currentUser');
}
this.redirectToLogin();
}
/**
* 로그인 페이지로 리다이렉트
* 중앙 로그인 페이지로 리다이렉트
*/
redirectToLogin() {
window.location.href = '/index.html';
const hostname = window.location.hostname;
if (hostname.includes('technicalkorea.net')) {
window.location.href = window.location.protocol + '//tkfb.technicalkorea.net/login?redirect=' + encodeURIComponent(window.location.href);
} else {
window.location.href = window.location.protocol + '//' + hostname + ':30000/login?redirect=' + encodeURIComponent(window.location.href);
}
}
/**

17
system3-nonconformance/web/static/js/components/common-header.js
View File

@@ -657,9 +657,20 @@ class CommonHeader {
*/
static logout() {
if (confirm('로그아웃 하시겠습니까?')) {
localStorage.removeItem('access_token');
localStorage.removeItem('currentUser');
window.location.href = '/index.html';
if (window.authManager) {
window.authManager.logout();
} else {
localStorage.removeItem('access_token');
localStorage.removeItem('sso_token');
localStorage.removeItem('sso_user');
localStorage.removeItem('currentUser');
var hostname = window.location.hostname;
if (hostname.includes('technicalkorea.net')) {
window.location.href = window.location.protocol + '//tkfb.technicalkorea.net/login';
} else {
window.location.href = window.location.protocol + '//' + hostname + ':30000/login';
}
}
}
}

141
system3-nonconformance/web/static/js/core/auth-manager.js
View File

@@ -35,28 +35,70 @@ class AuthManager {
}
/**
* localStorage에서 사용자 정보 복원
* 쿠키에서 값 읽기
*/
_cookieGet(name) {
const match = document.cookie.match(new RegExp('(?:^|; )' + name + '=([^;]*)'));
return match ? decodeURIComponent(match[1]) : null;
}
/**
* 쿠키 삭제
*/
_cookieRemove(name) {
let cookie = name + '=; path=/; max-age=0';
if (window.location.hostname.includes('technicalkorea.net')) {
cookie += '; domain=.technicalkorea.net';
}
document.cookie = cookie;
}
/**
* SSO 토큰 가져오기 (쿠키 우선, localStorage 폴백)
*/
_getToken() {
return this._cookieGet('sso_token') || localStorage.getItem('sso_token') || localStorage.getItem('access_token');
}
/**
* SSO 사용자 정보 가져오기 (쿠키 우선, localStorage 폴백)
*/
_getUser() {
const ssoUser = this._cookieGet('sso_user') || localStorage.getItem('sso_user');
if (ssoUser) {
try { return JSON.parse(ssoUser); } catch(e) {}
}
const userStr = localStorage.getItem('currentUser');
return userStr ? JSON.parse(userStr) : null;
}
/**
* 중앙 로그인 URL
*/
_getLoginUrl() {
const hostname = window.location.hostname;
if (hostname.includes('technicalkorea.net')) {
return window.location.protocol + '//tkfb.technicalkorea.net/login?redirect=' + encodeURIComponent(window.location.href);
}
return window.location.protocol + '//' + hostname + ':30000/login?redirect=' + encodeURIComponent(window.location.href);
}
/**
* 저장소에서 사용자 정보 복원 (SSO 쿠키 + localStorage)
*/
restoreUserFromStorage() {
const token = localStorage.getItem('access_token');
const userStr = localStorage.getItem('currentUser');
console.log('🔍 localStorage 확인:');
console.log('- 토큰 존재:', !!token);
console.log('- 사용자 정보 존재:', !!userStr);
if (token && userStr) {
const token = this._getToken();
const user = this._getUser();
if (token && user) {
try {
this.currentUser = JSON.parse(userStr);
this.currentUser = user;
this.isAuthenticated = true;
this.lastAuthCheck = Date.now();
console.log('✅ 저장된 사용자 정보 복원:', this.currentUser.username);
} catch (error) {
console.error('사용자 정보 복원 실패:', error);
console.error('사용자 정보 복원 실패:', error);
this.clearAuth();
}
} else {
console.log('❌ 토큰 또는 사용자 정보 없음 - 로그인 필요');
}
}
@@ -75,25 +117,17 @@ class AuthManager {
* 인증 상태 확인 (필요시에만 API 호출)
*/
async checkAuth() {
console.log('🔍 AuthManager.checkAuth() 호출됨');
console.log('- 현재 인증 상태:', this.isAuthenticated);
console.log('- 현재 사용자:', this.currentUser?.username || 'null');
const token = localStorage.getItem('access_token');
const token = this._getToken();
if (!token) {
console.log('❌ 토큰 없음 - 인증 실패');
this.clearAuth();
return null;
}
// 최근에 체크했으면 캐시된 정보 사용
if (this.isAuthenticated && !this.shouldCheckAuth()) {
console.log('✅ 캐시된 인증 정보 사용:', this.currentUser.username);
return this.currentUser;
}
// API 호출이 필요한 경우
console.log('🔄 API 호출 필요 - refreshAuth 실행');
return await this.refreshAuth();
}
@@ -101,30 +135,23 @@ class AuthManager {
* 강제로 인증 정보 새로고침 (API 호출)
*/
async refreshAuth() {
console.log('🔄 인증 정보 새로고침 (API 호출)');
try {
// API가 로드될 때까지 대기
await this.waitForAPI();
const user = await AuthAPI.getCurrentUser();
this.currentUser = user;
this.isAuthenticated = true;
this.lastAuthCheck = Date.now();
// localStorage 업데이트
localStorage.setItem('currentUser', JSON.stringify(user));
console.log('✅ 인증 정보 새로고침 완료:', user.username);
// 리스너들에게 알림
this.notifyListeners('auth-success', user);
return user;
} catch (error) {
console.error('인증 실패:', error);
console.error('인증 실패:', error);
this.clearAuth();
this.notifyListeners('auth-failed', error);
throw error;
@@ -152,15 +179,21 @@ class AuthManager {
* 인증 정보 클리어
*/
clearAuth() {
console.log('🧹 인증 정보 클리어');
this.currentUser = null;
this.isAuthenticated = false;
this.lastAuthCheck = null;
// SSO 쿠키 삭제
this._cookieRemove('sso_token');
this._cookieRemove('sso_user');
this._cookieRemove('sso_refresh_token');
// localStorage 삭제
localStorage.removeItem('access_token');
localStorage.removeItem('sso_token');
localStorage.removeItem('sso_user');
localStorage.removeItem('currentUser');
this.notifyListeners('auth-cleared');
}
@@ -168,28 +201,23 @@ class AuthManager {
* 로그인 처리
*/
async login(username, password) {
console.log('🔑 로그인 시도:', username);
try {
await this.waitForAPI();
const data = await AuthAPI.login(username, password);
this.currentUser = data.user;
this.isAuthenticated = true;
this.lastAuthCheck = Date.now();
// localStorage 저장
localStorage.setItem('access_token', data.access_token);
localStorage.setItem('currentUser', JSON.stringify(data.user));
console.log('✅ 로그인 성공:', data.user.username);
this.notifyListeners('login-success', data.user);
return data;
} catch (error) {
console.error('로그인 실패:', error);
console.error('로그인 실패:', error);
this.clearAuth();
throw error;
}
@@ -199,25 +227,18 @@ class AuthManager {
* 로그아웃 처리
*/
logout() {
console.log('🚪 로그아웃');
this.clearAuth();
this.notifyListeners('logout');
// 로그인 페이지로 이동
window.location.href = '/index.html';
window.location.href = this._getLoginUrl();
}
/**
* 토큰 만료 체크 타이머 설정
*/
setupTokenExpiryCheck() {
// 30분마다 토큰 유효성 체크
setInterval(() => {
if (this.isAuthenticated) {
console.log('⏰ 정기 토큰 유효성 체크');
this.refreshAuth().catch(() => {
console.log('🔄 토큰 만료 - 로그아웃 처리');
this.logout();
});
}