security: 보안 강제 시스템 구축 + 하드코딩 비밀번호 제거

보안 감사 결과 CRITICAL 2건, HIGH 5건 발견 → 수정 완료 + 자동화 구축. [보안 수정] - issue-view.js: 하드코딩 비밀번호 → crypto.getRandomValues() 랜덤 생성 - pushSubscriptionController.js: ntfy 비밀번호 → process.env.NTFY_SUB_PASSWORD - DEPLOY-GUIDE.md/PROGRESS.md/migration SQL: 평문 비밀번호 → placeholder - docker-compose.yml/.env.example: NTFY_SUB_PASSWORD 환경변수 추가 [보안 강제 시스템 - 신규] - scripts/security-scan.sh: 8개 규칙 (CRITICAL 2, HIGH 4, MEDIUM 2) 3모드(staged/all/diff), severity, .securityignore, MEDIUM 임계값 - .githooks/pre-commit: 로컬 빠른 피드백 - .githooks/pre-receive-server.sh: Gitea 서버 최종 차단 bypass 거버넌스([SECURITY-BYPASS: 사유] + 사용자 제한 + 로그) - SECURITY-CHECKLIST.md: 10개 카테고리 자동/수동 구분 - docs/SECURITY-GUIDE.md: 운영자 가이드 (워크플로우, bypass, FAQ) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 09:44:21 +09:00
parent bbffa47a9d
commit ba9ef32808
257 changed files with 786 additions and 18 deletions
--- a/system1-factory/web/pages/attendance/vacation-request.html
+++ b/system1-factory/web/pages/attendance/vacation-request.html
@@ -1,285 +0,0 @@
-<!DOCTYPE html>
-<html lang="ko">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>휴가 신청 - TK 공장관리</title>
-    <script src="https://cdn.tailwindcss.com"></script>
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
-    <link rel="stylesheet" href="/static/css/tkfb.css?v=2026040103">
-</head>
-<body class="bg-gray-50">
-    <header class="bg-orange-700 text-white sticky top-0 z-50">
-        <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
-            <div class="flex justify-between items-center h-14">
-                <div class="flex items-center gap-3">
-                    <button id="mobileMenuBtn" class="lg:hidden text-orange-200 hover:text-white"><i class="fas fa-bars text-xl"></i></button>
-                    <i class="fas fa-industry text-xl text-orange-200"></i>
-                    <h1 class="text-lg font-semibold">TK 공장관리</h1>
-                </div>
-                <div class="flex items-center gap-4">
-                    <span id="headerUserName" class="text-sm hidden sm:block">-</span>
-                    <div id="headerUserAvatar" class="w-8 h-8 bg-orange-600 rounded-full flex items-center justify-center text-sm font-bold">-</div>
-                    <button onclick="doLogout()" class="text-orange-200 hover:text-white" title="로그아웃"><i class="fas fa-sign-out-alt"></i></button>
-                </div>
-            </div>
-        </div>
-    </header>
-    <div id="mobileOverlay" class="hidden fixed inset-0 bg-black/50 z-30 lg:hidden"></div>
-    <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-4 fade-in">
-        <div class="flex gap-6">
-            <nav id="sideNav" class="hidden lg:flex flex-col gap-1 w-52 flex-shrink-0 pt-2 fixed lg:static z-40 bg-white lg:bg-transparent p-4 lg:p-0 rounded-lg lg:rounded-none shadow-lg lg:shadow-none top-14 left-0 bottom-0 overflow-y-auto"></nav>
-            <div class="flex-1 min-w-0">
-
-      <div class="page-header">
-        <div class="page-title-section">
-          <h1 class="page-title">휴가 신청</h1>
-          <p class="page-description">휴가를 신청하고 신청 내역을 확인합니다</p>
-        </div>
-      </div>
-
-      <!-- 휴가 잔여 현황 -->
-      <div class="content-section">
-        <div class="card">
-          <div class="card-header">
-            <h2 class="card-title">휴가 잔여 현황</h2>
-          </div>
-          <div class="card-body">
-            <div id="vacationBalance" style="display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1rem;">
-              <!-- 휴가 잔여 정보가 여기에 표시됩니다 -->
-            </div>
-          </div>
-        </div>
-      </div>
-
-      <!-- 휴가 신청 -->
-      <div class="content-section">
-        <div class="card">
-          <div class="card-header">
-            <h2 class="card-title">휴가 신청</h2>
-          </div>
-          <div class="card-body">
-            <form id="vacationRequestForm" onsubmit="submitVacationRequest(event)">
-              <div style="display: grid; grid-template-columns: repeat(2, 1fr); gap: 1rem;">
-                <div class="form-group">
-                  <label for="vacationType">휴가 유형 *</label>
-                  <select id="vacationType" class="form-control" required>
-                    <option value="">선택하세요</option>
-                  </select>
-                </div>
-
-                <div class="form-group">
-                  <label for="daysUsed">사용 일수 *</label>
-                  <input type="number" id="daysUsed" class="form-control" min="0.5" step="0.5" value="1.0" required>
-                </div>
-
-                <div class="form-group">
-                  <label for="startDate">시작일 *</label>
-                  <input type="date" id="startDate" class="form-control" required>
-                </div>
-
-                <div class="form-group">
-                  <label for="endDate">종료일 *</label>
-                  <input type="date" id="endDate" class="form-control" required>
-                </div>
-
-                <div class="form-group" style="grid-column: 1 / -1;">
-                  <label for="reason">사유</label>
-                  <textarea id="reason" class="form-control" rows="3" placeholder="휴가 사유를 입력하세요 (선택)"></textarea>
-                </div>
-              </div>
-
-              <div style="text-align: center; margin-top: 2rem;">
-                <button type="submit" class="btn btn-primary" style="padding: 1rem 3rem;">
-                  신청하기
-                </button>
-              </div>
-            </form>
-          </div>
-        </div>
-      </div>
-
-      <!-- 내 신청 내역 -->
-      <div class="content-section">
-        <div class="card">
-          <div class="card-header">
-            <h2 class="card-title">내 신청 내역</h2>
-          </div>
-          <div class="card-body">
-            <div id="myRequestsList" class="data-table-container">
-              <!-- 내 신청 내역이 여기에 동적으로 렌더링됩니다 -->
-            </div>
-          </div>
-        </div>
-      </div>
-
-            </div>
-        </div>
-    </div>
-
-  <script src="/js/sso-relay.js?v=20260401"></script>
-  <script src="/static/js/tkfb-core.js?v=2026040105"></script>
-  <script src="/js/api-base.js?v=2026031401"></script>
-  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
-  <script src="/js/vacation-common.js"></script>
-  <script>
-    // axios 기본 설정
-    (function() {
-      const checkApiConfig = setInterval(() => {
-        if (window.API_BASE_URL) {
-          clearInterval(checkApiConfig);
-          axios.defaults.baseURL = window.API_BASE_URL;
-          const token = localStorage.getItem('sso_token');
-          if (token) {
-            axios.defaults.headers.common['Authorization'] = `Bearer ${token}`;
-          }
-
-          axios.interceptors.request.use(
-            config => {
-              const token = localStorage.getItem('sso_token');
-              if (token) {
-                config.headers.Authorization = `Bearer ${token}`;
-              }
-              return config;
-            },
-            error => Promise.reject(error)
-          );
-
-          axios.interceptors.response.use(
-            response => response,
-            error => {
-              if (error.response?.status === 401) {
-                alert('세션이 만료되었습니다. 다시 로그인해주세요.');
-                window.location.href = '/pages/login.html';
-              }
-              return Promise.reject(error);
-            }
-          );
-        }
-      }, 50);
-    })();
-  </script>
-  <script>
-    // 페이지 로드 시 초기화
-    document.addEventListener('DOMContentLoaded', async () => {
-      await waitForAxiosConfig();
-      initializePage();
-    });
-
-    async function initializePage() {
-      try {
-        const currentUser = getCurrentUser();
-
-        if (!currentUser || !currentUser.user_id) {
-          alert('작업자 정보가 없습니다. 관리자에게 문의하세요.');
-          return;
-        }
-
-        await loadVacationTypes();
-        await loadVacationBalance();
-        await loadMyRequests();
-
-        // 휴가 업데이트 이벤트 리스너
-        window.addEventListener('vacation-updated', () => {
-          loadVacationBalance();
-          loadMyRequests();
-        });
-      } catch (error) {
-        console.error('초기화 오류:', error);
-        alert('페이지 초기화 중 오류가 발생했습니다.');
-      }
-    }
-
-    async function loadVacationBalance() {
-      const currentUser = getCurrentUser();
-
-      try {
-        const response = await axios.get(`/attendance/vacation-balance/${currentUser.user_id}`);
-        if (response.data.success) {
-          renderVacationBalance(response.data.data);
-        }
-      } catch (error) {
-        console.error('휴가 잔여 조회 오류:', error);
-        document.getElementById('vacationBalance').innerHTML = `
-          <p class="text-muted">휴가 잔여 정보를 불러올 수 없습니다.</p>
-        `;
-      }
-    }
-
-    function renderVacationBalance(balance) {
-      const container = document.getElementById('vacationBalance');
-
-      if (!balance || Object.keys(balance).length === 0) {
-        container.innerHTML = '<p class="text-muted">휴가 잔여 정보가 없습니다.</p>';
-        return;
-      }
-
-      const balanceHTML = Object.keys(balance).map(key => {
-        const info = balance[key];
-        return `
-          <div style="padding: 1.5rem; background-color: #f9fafb; border-radius: 0.5rem; border: 1px solid #e5e7eb;">
-            <div style="font-size: 0.875rem; color: #6b7280; margin-bottom: 0.5rem;">${key}</div>
-            <div style="font-size: 1.5rem; font-weight: 700; color: #111827;">
-              ${info.remaining || 0}일
-            </div>
-            <div style="font-size: 0.75rem; color: #9ca3af; margin-top: 0.25rem;">
-              사용: ${info.used || 0}일 / 전체: ${info.total || 0}일
-            </div>
-          </div>
-        `;
-      }).join('');
-
-      container.innerHTML = balanceHTML;
-    }
-
-    async function submitVacationRequest(event) {
-      event.preventDefault();
-
-      const currentUser = getCurrentUser();
-      const data = {
-        user_id: currentUser.user_id,
-        vacation_type_id: parseInt(document.getElementById('vacationType').value),
-        start_date: document.getElementById('startDate').value,
-        end_date: document.getElementById('endDate').value,
-        days_used: parseFloat(document.getElementById('daysUsed').value),
-        reason: document.getElementById('reason').value || null
-      };
-
-      try {
-        const response = await axios.post('/vacation-requests', data);
-        if (response.data.success) {
-          alert('휴가 신청이 완료되었습니다.');
-          document.getElementById('vacationRequestForm').reset();
-          window.dispatchEvent(new Event('vacation-updated'));
-        }
-      } catch (error) {
-        console.error('휴가 신청 오류:', error);
-        alert(error.response?.data?.message || '휴가 신청 중 오류가 발생했습니다.');
-      }
-    }
-
-    async function loadMyRequests() {
-      const currentUser = getCurrentUser();
-
-      try {
-        const response = await axios.get('/vacation-requests');
-        if (response.data.success) {
-          // 내 신청만 필터링
-          const myRequests = response.data.data.filter(req =>
-            req.requested_by === currentUser.user_id || req.user_id === currentUser.user_id
-          );
-          renderVacationRequests(myRequests, 'myRequestsList', true, 'delete');
-        }
-      } catch (error) {
-        console.error('내 신청 내역 로드 오류:', error);
-        document.getElementById('myRequestsList').innerHTML = `
-          <div class="empty-state">
-            <p>신청 내역이 없습니다.</p>
-          </div>
-        `;
-      }
-    }
-  </script>
-  <script>initAuth();</script>
-</body>
-</html>