feat: 실시간 알림 시스템 (Web Push + 알림 벨 + 서비스간 알림 연동)

- Phase 1: 모든 서비스 헤더에 알림 벨 UI 추가 (notification-bell.js) - Phase 2: VAPID Web Push 구독/전송 (push-sw.js, pushSubscription API) - Phase 3: 내부 알림 API + notifyHelper로 서비스간 알림 연동 - tksafety: 출입 승인/반려, 안전교육 완료, 방문자 체크인 - tkpurchase: 일용공 신청, 작업보고서 제출 - system2-report: 신고 접수/확인/처리완료 - Phase 4: 30일 이상 알림 자동 정리 cron, Redis 캐싱 - CORS에 tkuser/tkpurchase/tksafety 서브도메인 추가 - HTML cache busting 버전 갱신 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 15:01:44 +09:00
parent 1ad82fd52c
commit 7fd646e9ba
102 changed files with 1446 additions and 94 deletions
--- a/system1-factory/api/config/cors.js
+++ b/system1-factory/api/config/cors.js
@@ -13,9 +13,12 @@ const logger = require('../utils/logger');
 * 허용된 Origin 목록
 */
 const allowedOrigins = [
-  'https://tkfb.technicalkorea.net',    // Gateway (프로덕션)
-  'https://tkreport.technicalkorea.net', // System 2
-  'https://tkqc.technicalkorea.net',     // System 3
+  'https://tkfb.technicalkorea.net',      // Gateway (프로덕션)
+  'https://tkreport.technicalkorea.net',   // System 2
+  'https://tkqc.technicalkorea.net',       // System 3
+  'https://tkuser.technicalkorea.net',     // User Management
+  'https://tkpurchase.technicalkorea.net', // Purchase Management
+  'https://tksafety.technicalkorea.net',   // Safety Management
  'http://localhost:20000',   // 웹 UI (로컬)
  'http://localhost:30080',   // 웹 UI (Docker)
  'http://localhost:3005',    // API 서버
@@ -77,7 +80,7 @@ const corsOptions = {
  /**
   * 허용된 헤더
   */
-  allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],
+  allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With', 'X-Internal-Service-Key'],

  /**
   * 노출할 헤더
--- a/system1-factory/api/config/routes.js
+++ b/system1-factory/api/config/routes.js
@@ -51,6 +51,7 @@ function setupRoutes(app) {
  const departmentRoutes = require('../routes/departmentRoutes');
  const patrolRoutes = require('../routes/patrolRoutes');
  const notificationRoutes = require('../routes/notificationRoutes');
+  const pushSubscriptionRoutes = require('../routes/pushSubscriptionRoutes');

  // Rate Limiters 설정
  const rateLimit = require('express-rate-limit');
@@ -105,7 +106,9 @@ function setupRoutes(app) {
    '/api/setup/migrate-existing-data',
    '/api/setup/check-data-status',
    '/api/monthly-status/calendar',
-    '/api/monthly-status/daily-details'
+    '/api/monthly-status/daily-details',
+    '/api/push/vapid-public-key',
+    '/api/notifications/internal'
  ];

  // 인증 미들웨어 - 공개 경로를 제외한 모든 API (rate limiter보다 먼저 실행)
@@ -157,6 +160,7 @@ function setupRoutes(app) {
  app.use('/api/departments', departmentRoutes); // 부서 관리
  app.use('/api/patrol', patrolRoutes); // 일일순회점검 시스템
  app.use('/api/notifications', notificationRoutes); // 알림 시스템
+  app.use('/api/push', pushSubscriptionRoutes); // Push 구독
  app.use('/api', uploadBgRoutes);

  // Swagger API 문서
--- a/system1-factory/api/controllers/notificationController.js
+++ b/system1-factory/api/controllers/notificationController.js
@@ -159,6 +159,44 @@ const notificationController = {
        message: '알림 생성 중 오류가 발생했습니다.'
      });
    }
+  },
+
+  // 내부 서비스용 알림 생성 (X-Internal-Service-Key 인증)
+  async createInternal(req, res) {
+    try {
+      const serviceKey = req.headers['x-internal-service-key'];
+      if (!serviceKey || serviceKey !== process.env.INTERNAL_SERVICE_KEY) {
+        return res.status(403).json({ success: false, message: '권한이 없습니다.' });
+      }
+
+      const { type, title, message, link_url, reference_type, reference_id, created_by } = req.body;
+
+      if (!title) {
+        return res.status(400).json({ success: false, message: '알림 제목은 필수입니다.' });
+      }
+
+      const results = await notificationModel.createTypedNotification({
+        type: type || 'system',
+        title,
+        message,
+        link_url,
+        reference_type,
+        reference_id,
+        created_by
+      });
+
+      res.json({
+        success: true,
+        message: '알림이 생성되었습니다.',
+        data: { notification_ids: Array.isArray(results) ? results : [results] }
+      });
+    } catch (error) {
+      console.error('내부 알림 생성 오류:', error);
+      res.status(500).json({
+        success: false,
+        message: '알림 생성 중 오류가 발생했습니다.'
+      });
+    }
  }
 };

--- a/system1-factory/api/controllers/pushSubscriptionController.js
+++ b/system1-factory/api/controllers/pushSubscriptionController.js
@@ -0,0 +1,49 @@
+// controllers/pushSubscriptionController.js
+const pushSubscriptionModel = require('../models/pushSubscriptionModel');
+
+const pushSubscriptionController = {
+  // VAPID 공개키 반환 (인증 불필요)
+  async getVapidPublicKey(req, res) {
+    const vapidPublicKey = process.env.VAPID_PUBLIC_KEY;
+    if (!vapidPublicKey) {
+      return res.status(500).json({ success: false, message: 'VAPID 키가 설정되지 않았습니다.' });
+    }
+    res.json({ success: true, data: { vapidPublicKey } });
+  },
+
+  // Push 구독 저장
+  async subscribe(req, res) {
+    try {
+      const userId = req.user?.id;
+      const { subscription } = req.body;
+
+      if (!subscription || !subscription.endpoint || !subscription.keys) {
+        return res.status(400).json({ success: false, message: '유효한 구독 정보가 필요합니다.' });
+      }
+
+      await pushSubscriptionModel.subscribe(userId, subscription);
+      res.json({ success: true, message: 'Push 구독이 등록되었습니다.' });
+    } catch (error) {
+      console.error('Push 구독 오류:', error);
+      res.status(500).json({ success: false, message: 'Push 구독 중 오류가 발생했습니다.' });
+    }
+  },
+
+  // Push 구독 해제
+  async unsubscribe(req, res) {
+    try {
+      const { endpoint } = req.body;
+      if (!endpoint) {
+        return res.status(400).json({ success: false, message: 'endpoint가 필요합니다.' });
+      }
+
+      await pushSubscriptionModel.unsubscribe(endpoint);
+      res.json({ success: true, message: 'Push 구독이 해제되었습니다.' });
+    } catch (error) {
+      console.error('Push 구독 해제 오류:', error);
+      res.status(500).json({ success: false, message: 'Push 구독 해제 중 오류가 발생했습니다.' });
+    }
+  }
+};
+
+module.exports = pushSubscriptionController;
--- a/system1-factory/api/db/migrations/20260313001000_create_push_subscriptions.sql
+++ b/system1-factory/api/db/migrations/20260313001000_create_push_subscriptions.sql
@@ -0,0 +1,13 @@
+-- Push 구독 테이블 생성
+-- 실행: docker exec -i tk-mariadb mysql -uhyungi_user -p'hyung-ddfdf3-D341@' hyungi < db/migrations/20260313001000_create_push_subscriptions.sql
+
+CREATE TABLE IF NOT EXISTS push_subscriptions (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  user_id INT NOT NULL,
+  endpoint VARCHAR(1000) NOT NULL,
+  p256dh VARCHAR(500) NOT NULL,
+  auth VARCHAR(500) NOT NULL,
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  UNIQUE KEY uk_endpoint (endpoint(500)),
+  INDEX idx_push_user (user_id)
+);
--- a/system1-factory/api/index.js
+++ b/system1-factory/api/index.js
@@ -120,4 +120,21 @@ process.on('uncaughtException', (error) => {
  }
 })();

+// 오래된 알림 정리 cron (매일 03:00 KST)
+(function scheduleNotificationCleanup() {
+  const notificationModel = require('./models/notificationModel');
+  function runCleanup() {
+    const now = new Date();
+    const kstHour = (now.getUTCHours() + 9) % 24;
+    if (kstHour === 3 && now.getMinutes() < 1) {
+      notificationModel.deleteOld(30).then(count => {
+        if (count > 0) logger.info(`오래된 알림 ${count}건 정리 완료`);
+      }).catch(err => {
+        logger.error('알림 정리 실패:', { error: err.message });
+      });
+    }
+  }
+  setInterval(runCleanup, 60000); // 1분마다 확인
+})();
+
 module.exports = app;
--- a/system1-factory/api/models/notificationModel.js
+++ b/system1-factory/api/models/notificationModel.js
@@ -1,6 +1,60 @@
 // models/notificationModel.js
 const { getDb } = require('../dbPool');

+// Web Push (lazy init)
+let webpush = null;
+let vapidConfigured = false;
+
+function getWebPush() {
+  if (!webpush) {
+    try {
+      webpush = require('web-push');
+      if (process.env.VAPID_PUBLIC_KEY && process.env.VAPID_PRIVATE_KEY) {
+        webpush.setVapidDetails(
+          process.env.VAPID_SUBJECT || 'mailto:admin@technicalkorea.net',
+          process.env.VAPID_PUBLIC_KEY,
+          process.env.VAPID_PRIVATE_KEY
+        );
+        vapidConfigured = true;
+      }
+    } catch (e) {
+      console.warn('[notifications] web-push 모듈 로드 실패:', e.message);
+    }
+  }
+  return vapidConfigured ? webpush : null;
+}
+
+// Push 전송 헬퍼 — 알림 생성 후 호출
+async function sendPushToUsers(userIds, payload) {
+  const wp = getWebPush();
+  if (!wp) return;
+
+  try {
+    const pushModel = require('./pushSubscriptionModel');
+    const subscriptions = userIds && userIds.length > 0
+      ? await pushModel.getByUserIds(userIds)
+      : await pushModel.getAll(); // broadcast
+
+    const payloadStr = JSON.stringify(payload);
+
+    for (const sub of subscriptions) {
+      try {
+        await wp.sendNotification({
+          endpoint: sub.endpoint,
+          keys: { p256dh: sub.p256dh, auth: sub.auth }
+        }, payloadStr);
+      } catch (err) {
+        // 만료 구독 (410 Gone, 404 Not Found) 자동 정리
+        if (err.statusCode === 410 || err.statusCode === 404) {
+          await pushModel.deleteByEndpoint(sub.endpoint).catch(() => {});
+        }
+      }
+    }
+  } catch (e) {
+    console.error('[notifications] Push 전송 오류:', e.message);
+  }
+}
+
 // 순환 참조를 피하기 위해 함수 내에서 require
 async function getRecipientIds(notificationType) {
  const db = await getDb();
@@ -24,6 +78,9 @@ const notificationModel = {
      [user_id || null, type || 'system', title, message || null, link_url || null, reference_type || null, reference_id || null, created_by || null]
    );

+    // Redis 캐시 무효화
+    this._invalidateCache(user_id);
+
    return result.insertId;
  },

@@ -66,10 +123,13 @@ const notificationModel = {
  // 알림 읽음 처리
  async markAsRead(notificationId) {
    const db = await getDb();
+    // 읽음 처리 전 user_id 조회 (캐시 무효화용)
+    const [[row]] = await db.query('SELECT user_id FROM notifications WHERE notification_id = ?', [notificationId]);
    const [result] = await db.query(
      `UPDATE notifications SET is_read = 1, read_at = NOW() WHERE notification_id = ?`,
      [notificationId]
    );
+    if (row) this._invalidateCache(row.user_id);
    return result.affectedRows > 0;
  },

@@ -81,6 +141,7 @@ const notificationModel = {
       WHERE is_read = 0 AND (user_id IS NULL OR user_id = ?)`,
      [userId || 0]
    );
+    this._invalidateCache(userId);
    return result.affectedRows;
  },

@@ -104,17 +165,39 @@ const notificationModel = {
    return result.affectedRows;
  },

-  // 읽지 않은 알림 개수
+  // 읽지 않은 알림 개수 (캐싱)
  async getUnreadCount(userId = null) {
+    const cacheKey = `notif:unread:${userId || 0}`;
+    try {
+      const cache = require('../utils/cache');
+      const cached = await cache.get(cacheKey);
+      if (cached !== null && cached !== undefined) return cached;
+    } catch (e) { /* 무시 */ }
+
    const db = await getDb();
    const [[{ count }]] = await db.query(
      `SELECT COUNT(*) as count FROM notifications
       WHERE is_read = 0 AND (user_id IS NULL OR user_id = ?)`,
      [userId || 0]
    );
+
+    try {
+      const cache = require('../utils/cache');
+      await cache.set(cacheKey, count, 30); // TTL 30초
+    } catch (e) { /* 무시 */ }
+
    return count;
  },

+  // 캐시 무효화
+  _invalidateCache(userId) {
+    try {
+      const cache = require('../utils/cache');
+      cache.del(`notif:unread:${userId || 0}`).catch(() => {});
+      if (userId) cache.del('notif:unread:0').catch(() => {});
+    } catch (e) { /* 무시 */ }
+  },
+
  // 수리 신청 알림 생성 헬퍼 (지정된 수신자에게 전송)
  async createRepairNotification(repairData) {
    const { equipment_id, equipment_name, repair_type, request_id, created_by } = repairData;
@@ -124,7 +207,7 @@ const notificationModel = {

    if (recipientIds.length === 0) {
      // 수신자가 지정되지 않은 경우 전체 알림 (user_id = null)
-      return await this.create({
+      const id = await this.create({
        type: 'repair',
        title: `수리 신청: ${equipment_name || '설비'}`,
        message: `${repair_type} 수리가 신청되었습니다.`,
@@ -133,6 +216,13 @@ const notificationModel = {
        reference_id: request_id,
        created_by
      });
+      // Push (broadcast)
+      sendPushToUsers([], {
+        title: `수리 신청: ${equipment_name || '설비'}`,
+        body: `${repair_type} 수리가 신청되었습니다.`,
+        url: `/pages/admin/repair-management.html`
+      });
+      return id;
    }

    // 지정된 수신자 각각에게 알림 생성
@@ -151,6 +241,13 @@ const notificationModel = {
      results.push(notificationId);
    }

+    // Push 전송
+    sendPushToUsers(recipientIds, {
+      title: `수리 신청: ${equipment_name || '설비'}`,
+      body: `${repair_type} 수리가 신청되었습니다.`,
+      url: `/pages/admin/repair-management.html`
+    });
+
    return results;
  },

@@ -163,7 +260,7 @@ const notificationModel = {

    if (recipientIds.length === 0) {
      // 수신자가 지정되지 않은 경우 전체 알림
-      return await this.create({
+      const id = await this.create({
        type,
        title,
        message,
@@ -172,6 +269,9 @@ const notificationModel = {
        reference_id,
        created_by
      });
+      // Push (broadcast)
+      sendPushToUsers([], { title, body: message || '', url: link_url || '/' });
+      return id;
    }

    // 지정된 수신자 각각에게 알림 생성
@@ -190,6 +290,9 @@ const notificationModel = {
      results.push(notificationId);
    }

+    // Push 전송
+    sendPushToUsers(recipientIds, { title, body: message || '', url: link_url || '/' });
+
    return results;
  }
 };
--- a/system1-factory/api/models/pushSubscriptionModel.js
+++ b/system1-factory/api/models/pushSubscriptionModel.js
@@ -0,0 +1,52 @@
+// models/pushSubscriptionModel.js
+const { getDb } = require('../dbPool');
+
+const pushSubscriptionModel = {
+  async subscribe(userId, subscription) {
+    const db = await getDb();
+    const { endpoint, keys } = subscription;
+    await db.query(
+      `INSERT INTO push_subscriptions (user_id, endpoint, p256dh, auth)
+       VALUES (?, ?, ?, ?)
+       ON DUPLICATE KEY UPDATE user_id = VALUES(user_id), p256dh = VALUES(p256dh), auth = VALUES(auth)`,
+      [userId, endpoint, keys.p256dh, keys.auth]
+    );
+  },
+
+  async unsubscribe(endpoint) {
+    const db = await getDb();
+    await db.query('DELETE FROM push_subscriptions WHERE endpoint = ?', [endpoint]);
+  },
+
+  async getByUserId(userId) {
+    const db = await getDb();
+    const [rows] = await db.query(
+      'SELECT * FROM push_subscriptions WHERE user_id = ?',
+      [userId]
+    );
+    return rows;
+  },
+
+  async getByUserIds(userIds) {
+    if (!userIds || userIds.length === 0) return [];
+    const db = await getDb();
+    const [rows] = await db.query(
+      'SELECT * FROM push_subscriptions WHERE user_id IN (?)',
+      [userIds]
+    );
+    return rows;
+  },
+
+  async getAll() {
+    const db = await getDb();
+    const [rows] = await db.query('SELECT * FROM push_subscriptions');
+    return rows;
+  },
+
+  async deleteByEndpoint(endpoint) {
+    const db = await getDb();
+    await db.query('DELETE FROM push_subscriptions WHERE endpoint = ?', [endpoint]);
+  }
+};
+
+module.exports = pushSubscriptionModel;
--- a/system1-factory/api/package.json
+++ b/system1-factory/api/package.json
@@ -39,7 +39,8 @@
    "qrcode": "^1.5.4",
    "redis": "^5.9.0",
    "swagger-jsdoc": "^6.2.8",
-    "swagger-ui-express": "^5.0.1"
+    "swagger-ui-express": "^5.0.1",
+    "web-push": "^3.6.7"
  },
  "devDependencies": {
    "@types/jest": "^29.5.12",
--- a/system1-factory/api/routes/notificationRoutes.js
+++ b/system1-factory/api/routes/notificationRoutes.js
@@ -4,7 +4,10 @@ const router = express.Router();
 const notificationController = require('../controllers/notificationController');
 const { requireAuth, requireMinLevel } = require('../middlewares/auth');

-// 모든 알림 라우트는 인증 필요
+// 내부 서비스용 알림 생성 (X-Internal-Service-Key 인증, JWT 불필요)
+router.post('/internal', notificationController.createInternal);
+
+// 이하 모든 라우트는 JWT 인증 필요
 router.use(requireAuth);

 // 읽지 않은 알림 조회 (본인 알림만)
--- a/system1-factory/api/routes/pushSubscriptionRoutes.js
+++ b/system1-factory/api/routes/pushSubscriptionRoutes.js
@@ -0,0 +1,14 @@
+// routes/pushSubscriptionRoutes.js
+const express = require('express');
+const router = express.Router();
+const pushController = require('../controllers/pushSubscriptionController');
+const { requireAuth } = require('../middlewares/auth');
+
+// VAPID 공개키 (인증 불필요)
+router.get('/vapid-public-key', pushController.getVapidPublicKey);
+
+// 구독/해제 (인증 필요)
+router.post('/subscribe', requireAuth, pushController.subscribe);
+router.delete('/unsubscribe', requireAuth, pushController.unsubscribe);
+
+module.exports = router;