feat: tkuser 통합 관리 서비스 + 전체 시스템 SSO 쿠키 인증 통합

- tkuser 서비스 신규 추가 (API + Web) - 사용자/권한/프로젝트/부서/작업자/작업장/설비/작업/휴가 통합 관리 - 작업장 탭: 공장→작업장 드릴다운 네비게이션 + 구역지도 클릭 연동 - 작업 탭: 공정(work_types)→작업(tasks) 계층 관리 - 휴가 탭: 유형 관리 + 연차 배정(근로기준법 자동계산) - 전 시스템 SSO 쿠키 인증으로 통합 (.technicalkorea.net 공유) - System 2: 작업 이슈 리포트 기능 강화 - System 3: tkuser API 연동, 페이지 권한 체계 적용 - docker-compose에 tkuser-api, tkuser-web 서비스 추가 - ARCHITECTURE.md, DEPLOYMENT.md 문서 작성 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 13:45:52 +09:00
parent 6495b8af32
commit 733bb0cb35
96 changed files with 9721 additions and 825 deletions
--- a/user-management/api/models/userModel.js
+++ b/user-management/api/models/userModel.js
@@ -0,0 +1,158 @@
+/**
+ * User Model
+ *
+ * sso_users 테이블 CRUD 및 비밀번호 관리
+ * sso-auth-service/models/userModel.js 기반
+ */
+
+const mysql = require('mysql2/promise');
+const bcrypt = require('bcrypt');
+const crypto = require('crypto');
+
+let pool;
+
+function getPool() {
+  if (!pool) {
+    pool = mysql.createPool({
+      host: process.env.DB_HOST || 'mariadb',
+      port: parseInt(process.env.DB_PORT) || 3306,
+      user: process.env.DB_USER || 'hyungi_user',
+      password: process.env.DB_PASSWORD,
+      database: process.env.DB_NAME || 'hyungi',
+      waitForConnections: true,
+      connectionLimit: 10,
+      queueLimit: 0
+    });
+  }
+  return pool;
+}
+
+/**
+ * pbkdf2_sha256 해시 검증 (passlib 호환)
+ */
+function verifyPbkdf2(password, storedHash) {
+  try {
+    const parts = storedHash.split('$');
+    if (parts.length < 5) return false;
+
+    const rounds = parseInt(parts[2]);
+    const salt = parts[3].replace(/\./g, '+');
+    const hash = parts[4].replace(/\./g, '+');
+
+    const padded = (s) => s + '='.repeat((4 - s.length % 4) % 4);
+
+    const saltBuffer = Buffer.from(padded(salt), 'base64');
+    const expectedHash = Buffer.from(padded(hash), 'base64');
+
+    const derivedKey = crypto.pbkdf2Sync(password, saltBuffer, rounds, expectedHash.length, 'sha256');
+    return crypto.timingSafeEqual(derivedKey, expectedHash);
+  } catch (err) {
+    console.error('pbkdf2 verify error:', err.message);
+    return false;
+  }
+}
+
+/**
+ * 비밀번호 검증 (bcrypt 또는 pbkdf2_sha256 자동 감지)
+ */
+async function verifyPassword(password, storedHash) {
+  if (!password || !storedHash) return false;
+
+  if (storedHash.startsWith('$pbkdf2-sha256$')) {
+    return verifyPbkdf2(password, storedHash);
+  }
+
+  if (storedHash.startsWith('$2b$') || storedHash.startsWith('$2a$')) {
+    return bcrypt.compare(password, storedHash);
+  }
+
+  return false;
+}
+
+/**
+ * bcrypt로 비밀번호 해시 생성
+ */
+async function hashPassword(password) {
+  return bcrypt.hash(password, 10);
+}
+
+async function findByUsername(username) {
+  const db = getPool();
+  const [rows] = await db.query(
+    'SELECT * FROM sso_users WHERE username = ? AND is_active = TRUE',
+    [username]
+  );
+  return rows[0] || null;
+}
+
+async function findById(userId) {
+  const db = getPool();
+  const [rows] = await db.query(
+    'SELECT * FROM sso_users WHERE user_id = ?',
+    [userId]
+  );
+  return rows[0] || null;
+}
+
+async function findAll() {
+  const db = getPool();
+  const [rows] = await db.query(
+    'SELECT user_id, username, name, department, role, system1_access, system2_access, system3_access, is_active, last_login, created_at FROM sso_users ORDER BY user_id'
+  );
+  return rows;
+}
+
+async function create({ username, password, name, department, role }) {
+  const db = getPool();
+  const password_hash = await hashPassword(password);
+  const [result] = await db.query(
+    `INSERT INTO sso_users (username, password_hash, name, department, role)
+     VALUES (?, ?, ?, ?, ?)`,
+    [username, password_hash, name || null, department || null, role || 'user']
+  );
+  return findById(result.insertId);
+}
+
+async function update(userId, data) {
+  const db = getPool();
+  const fields = [];
+  const values = [];
+
+  if (data.name !== undefined) { fields.push('name = ?'); values.push(data.name); }
+  if (data.department !== undefined) { fields.push('department = ?'); values.push(data.department); }
+  if (data.role !== undefined) { fields.push('role = ?'); values.push(data.role); }
+  if (data.system1_access !== undefined) { fields.push('system1_access = ?'); values.push(data.system1_access); }
+  if (data.system2_access !== undefined) { fields.push('system2_access = ?'); values.push(data.system2_access); }
+  if (data.system3_access !== undefined) { fields.push('system3_access = ?'); values.push(data.system3_access); }
+  if (data.is_active !== undefined) { fields.push('is_active = ?'); values.push(data.is_active); }
+  if (data.password) {
+    fields.push('password_hash = ?');
+    values.push(await hashPassword(data.password));
+  }
+
+  if (fields.length === 0) return findById(userId);
+
+  values.push(userId);
+  await db.query(
+    `UPDATE sso_users SET ${fields.join(', ')} WHERE user_id = ?`,
+    values
+  );
+  return findById(userId);
+}
+
+async function deleteUser(userId) {
+  const db = getPool();
+  await db.query('UPDATE sso_users SET is_active = FALSE WHERE user_id = ?', [userId]);
+}
+
+module.exports = {
+  verifyPassword,
+  hashPassword,
+  findByUsername,
+  findById,
+  findAll,
+  create,
+  update,
+  deleteUser,
+  getPool
+};