hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: shared requirePage 미들웨어 추가 + tksupport 교체

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
2026-03-30 07:25:23 +09:00
parent 02e39f1102
commit 66676ac923
2 changed files with 64 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
shared/middleware/pagePermission.js Normal file
View File

@@ -0,0 +1,61 @@
/**
* 페이지 권한 미들웨어 (shared)
* admin/system 역할은 자동 통과, 일반 사용자는 개인/부서 권한 체크
*
* 사용법:
* const { createRequirePage } = require('../../shared/middleware/pagePermission');
* const requirePage = createRequirePage(() => getPool());
* router.get('/some', requirePage('page_name'), controller.handler);
*/
function createRequirePage(getPool) {
return function requirePage(pageName) {
return async (req, res, next) => {
const userId = req.user.user_id || req.user.id;
const role = (req.user.role || '').toLowerCase();
// admin/system 자동 통과
if (role === 'admin' || role === 'system') return next();
try {
const db = typeof getPool === 'function' ? getPool() : getPool;
// 1. 개인 권한 체크
const [rows] = await db.query(
'SELECT can_access FROM user_page_permissions WHERE user_id = ? AND page_name = ?',
[userId, pageName]
);
if (rows.length > 0) {
return rows[0].can_access
? next()
: res.status(403).json({ success: false, error: '접근 권한이 없습니다' });
}
// 2. 부서 권한 체크
const [userRows] = await db.query(
'SELECT department_id FROM sso_users WHERE user_id = ?',
[userId]
);
if (userRows.length > 0 && userRows[0].department_id) {
const [deptRows] = await db.query(
'SELECT can_access FROM department_page_permissions WHERE department_id = ? AND page_name = ?',
[userRows[0].department_id, pageName]
);
if (deptRows.length > 0) {
return deptRows[0].can_access
? next()
: res.status(403).json({ success: false, error: '접근 권한이 없습니다' });
}
}
// 3. 권한 레코드 없음 → 거부
return res.status(403).json({ success: false, error: '접근 권한이 없습니다' });
} catch (err) {
console.error('Permission check error:', err);
return res.status(500).json({ success: false, error: '권한 확인 실패' });
}
};
};
}
module.exports = { createRequirePage };

35
tksupport/api/middleware/auth.js
View File

@@ -42,38 +42,9 @@ function requireAdmin(req, res, next) {
}
}
function requirePage(pageName) {
return async (req, res, next) => {
const userId = req.user.user_id || req.user.id;
const role = (req.user.role || '').toLowerCase();
if (role === 'admin' || role === 'system') return next();
try {
const db = getPool();
const [rows] = await db.query(
'SELECT can_access FROM user_page_permissions WHERE user_id = ? AND page_name = ?',
[userId, pageName]
);
if (rows.length > 0) {
return rows[0].can_access ? next() : res.status(403).json({ success: false, error: '접근 권한이 없습니다' });
}
const [userRows] = await db.query('SELECT department_id FROM sso_users WHERE user_id = ?', [userId]);
if (userRows.length > 0 && userRows[0].department_id) {
const [deptRows] = await db.query(
'SELECT can_access FROM department_page_permissions WHERE department_id = ? AND page_name = ?',
[userRows[0].department_id, pageName]
);
if (deptRows.length > 0) {
return deptRows[0].can_access ? next() : res.status(403).json({ success: false, error: '접근 권한이 없습니다' });
}
}
return res.status(403).json({ success: false, error: '접근 권한이 없습니다' });
} catch (err) {
console.error('Permission check error:', err);
return res.status(500).json({ success: false, error: '권한 확인 실패' });
}
};
}
// requirePage: shared 미들웨어 사용
const { createRequirePage } = require('../../../shared/middleware/pagePermission');
const requirePage = createRequirePage(() => getPool());
function requireSupportTeam(req, res, next) {
const token = extractToken(req);