refactor(gateway): gateway↔system1 분리 — gateway=문짝, system1-web=독립

gateway에서 system1 프록시 제거, 대시보드+로그인+공유JS만 담당. system1-web에 /auth/, /ai-api/ 프록시 이관. tkds-web 제거(gateway 흡수). notification-bell URL tkfb→tkds, system3 로그인 URL tkds/dashboard로 변경. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 19:19:45 +09:00
parent a66656b1c3
commit 7161351607
19 changed files with 186 additions and 627 deletions
--- a/system1-factory/api/config/cors.js
+++ b/system1-factory/api/config/cors.js
@@ -13,12 +13,14 @@ const logger = require('../utils/logger');
 * 허용된 Origin 목록
 */
 const allowedOrigins = [
-  'https://tkfb.technicalkorea.net',      // Gateway (프로덕션)
+  'https://tkfb.technicalkorea.net',      // System 1 (공장관리)
+  'https://tkds.technicalkorea.net',      // Gateway/Dashboard
  'https://tkreport.technicalkorea.net',   // System 2
  'https://tkqc.technicalkorea.net',       // System 3
  'https://tkuser.technicalkorea.net',     // User Management
  'https://tkpurchase.technicalkorea.net', // Purchase Management
  'https://tksafety.technicalkorea.net',   // Safety Management
+  'https://tksupport.technicalkorea.net',  // Support Management
  'http://localhost:20000',   // 웹 UI (로컬)
  'http://localhost:30080',   // 웹 UI (Docker)
  'http://localhost:3005',    // API 서버
--- a/system1-factory/web/nginx.conf
+++ b/system1-factory/web/nginx.conf
@@ -46,6 +46,46 @@ server {
        proxy_set_header X-Forwarded-Proto $scheme;
    }

+    # SSO Auth 프록시 (gateway에서 이관)
+    location /auth/ {
+        proxy_pass http://sso-auth:3000/api/auth/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # AI Service 프록시 (gateway에서 이관)
+    location /ai-api/ {
+        resolver 8.8.8.8 valid=300s ipv6=off;
+        set $ai_upstream https://ai.hyungi.net;
+        rewrite ^/ai-api/(.*) /api/ai/$1 break;
+        proxy_pass $ai_upstream;
+        proxy_http_version 1.1;
+        proxy_set_header Host ai.hyungi.net;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_ssl_server_name on;
+        proxy_read_timeout 180s;
+        proxy_send_timeout 180s;
+    }
+
+    # 레거시 /login, /dashboard → gateway(tkds) 리다이렉트
+    location = /login {
+        return 302 $scheme://tkds.technicalkorea.net/dashboard$is_args$args;
+    }
+    location = /dashboard {
+        return 301 $scheme://tkds.technicalkorea.net/dashboard;
+    }
+
+    # Health check
+    location /health {
+        access_log off;
+        return 200 '{"status":"ok","service":"system1-web"}';
+        add_header Content-Type application/json;
+    }
+
    # Static files (new Tailwind UI)
    location /static/ {
        expires 1h;
--- a/system1-factory/web/static/js/tkfb-core.js
+++ b/system1-factory/web/static/js/tkfb-core.js
@@ -288,6 +288,6 @@ async function initAuth() {
 /* ===== 알림 벨 ===== */
 function _loadNotificationBell() {
    const s = document.createElement('script');
-    s.src = (location.hostname.includes('technicalkorea.net') ? 'https://tkfb.technicalkorea.net' : location.protocol + '//' + location.hostname + ':30000') + '/shared/notification-bell.js?v=2';
+    s.src = (location.hostname.includes('technicalkorea.net') ? 'https://tkds.technicalkorea.net' : location.protocol + '//' + location.hostname + ':30000') + '/shared/notification-bell.js?v=3';
    document.head.appendChild(s);
 }