security: 보안 강제 시스템 구축 + 하드코딩 비밀번호 제거

보안 감사 결과 CRITICAL 2건, HIGH 5건 발견 → 수정 완료 + 자동화 구축. [보안 수정] - issue-view.js: 하드코딩 비밀번호 → crypto.getRandomValues() 랜덤 생성 - pushSubscriptionController.js: ntfy 비밀번호 → process.env.NTFY_SUB_PASSWORD - DEPLOY-GUIDE.md/PROGRESS.md/migration SQL: 평문 비밀번호 → placeholder - docker-compose.yml/.env.example: NTFY_SUB_PASSWORD 환경변수 추가 [보안 강제 시스템 - 신규] - scripts/security-scan.sh: 8개 규칙 (CRITICAL 2, HIGH 4, MEDIUM 2) 3모드(staged/all/diff), severity, .securityignore, MEDIUM 임계값 - .githooks/pre-commit: 로컬 빠른 피드백 - .githooks/pre-receive-server.sh: Gitea 서버 최종 차단 bypass 거버넌스([SECURITY-BYPASS: 사유] + 사용자 제한 + 로그) - SECURITY-CHECKLIST.md: 10개 카테고리 자동/수동 구분 - docs/SECURITY-GUIDE.md: 운영자 가이드 (워크플로우, bypass, FAQ) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 09:44:21 +09:00
parent bbffa47a9d
commit ba9ef32808
257 changed files with 786 additions and 18 deletions
--- a/system1-factory/web/public/css/daily-status.css
+++ b/system1-factory/web/public/css/daily-status.css
@@ -0,0 +1,292 @@
+/* daily-status.css — 일별 입력 현황 대시보드 */
+
+/* Header */
+.ds-header {
+    background: linear-gradient(135deg, #2563eb 0%, #1d4ed8 100%);
+    color: white;
+    padding: 16px 16px 12px;
+    border-radius: 0 0 16px 16px;
+    margin: -16px -16px 0;
+    position: sticky;
+    top: 56px;
+    z-index: 20;
+}
+.ds-header h1 { font-size: 1.125rem; font-weight: 700; }
+
+/* Date Navigation */
+.ds-date-nav {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 12px;
+    padding: 12px 0;
+    background: white;
+    border-radius: 12px;
+    margin: 12px 0;
+    box-shadow: 0 1px 3px rgba(0,0,0,0.06);
+}
+.ds-date-btn {
+    width: 36px; height: 36px;
+    border-radius: 50%;
+    display: flex; align-items: center; justify-content: center;
+    color: #6b7280;
+    background: #f3f4f6;
+    border: none; cursor: pointer;
+    transition: all 0.15s;
+}
+.ds-date-btn:hover { background: #e5e7eb; color: #374151; }
+.ds-date-btn:disabled { opacity: 0.3; cursor: not-allowed; }
+.ds-date-display {
+    display: flex; flex-direction: column; align-items: center;
+    cursor: pointer; user-select: none;
+}
+.ds-date-display #dateText { font-size: 1rem; font-weight: 700; color: #1f2937; }
+.ds-day-label { font-size: 0.75rem; color: #6b7280; }
+
+/* Summary Cards */
+.ds-summary {
+    display: grid;
+    grid-template-columns: repeat(3, 1fr);
+    gap: 8px;
+    margin-bottom: 12px;
+}
+.ds-card {
+    background: white;
+    border-radius: 12px;
+    padding: 12px 8px;
+    text-align: center;
+    box-shadow: 0 1px 3px rgba(0,0,0,0.06);
+    cursor: pointer;
+    transition: transform 0.15s, box-shadow 0.15s;
+    border-top: 3px solid transparent;
+}
+.ds-card:active { transform: scale(0.97); }
+.ds-card-total { border-top-color: #3b82f6; }
+.ds-card-done { border-top-color: #16a34a; }
+.ds-card-missing { border-top-color: #dc2626; }
+.ds-card-num { font-size: 1.5rem; font-weight: 800; color: #1f2937; line-height: 1; }
+.ds-card-label { font-size: 0.7rem; color: #6b7280; margin-top: 4px; }
+.ds-card-pct { font-size: 0.7rem; font-weight: 600; color: #9ca3af; margin-top: 2px; }
+.ds-card-done .ds-card-pct { color: #16a34a; }
+.ds-card-missing .ds-card-pct { color: #dc2626; }
+
+/* Filter Tabs */
+.ds-tabs {
+    display: flex;
+    gap: 4px;
+    padding: 4px;
+    background: #f3f4f6;
+    border-radius: 10px;
+    margin-bottom: 12px;
+}
+.ds-tab {
+    flex: 1;
+    padding: 8px 4px;
+    font-size: 0.75rem;
+    font-weight: 600;
+    color: #6b7280;
+    background: transparent;
+    border: none;
+    border-radius: 8px;
+    cursor: pointer;
+    transition: all 0.15s;
+    text-align: center;
+}
+.ds-tab.active { background: white; color: #2563eb; box-shadow: 0 1px 3px rgba(0,0,0,0.08); }
+.ds-tab-badge {
+    display: inline-flex;
+    align-items: center; justify-content: center;
+    min-width: 18px; height: 18px;
+    font-size: 0.65rem; font-weight: 700;
+    background: #e5e7eb; color: #6b7280;
+    border-radius: 9px;
+    padding: 0 5px;
+    margin-left: 2px;
+}
+.ds-tab.active .ds-tab-badge { background: #dbeafe; color: #2563eb; }
+
+/* Worker List */
+.ds-list { padding-bottom: 140px; }
+.ds-worker-row {
+    display: flex;
+    align-items: center;
+    gap: 10px;
+    padding: 12px;
+    background: white;
+    border-radius: 10px;
+    margin-bottom: 6px;
+    box-shadow: 0 1px 2px rgba(0,0,0,0.04);
+    cursor: pointer;
+    transition: background 0.15s;
+}
+.ds-worker-row:active { background: #f9fafb; }
+
+.ds-status-dot {
+    width: 10px; height: 10px;
+    border-radius: 50%;
+    flex-shrink: 0;
+}
+.ds-status-dot.complete { background: #16a34a; }
+.ds-status-dot.tbm_only, .ds-status-dot.report_only { background: #f59e0b; }
+.ds-status-dot.both_missing { background: #dc2626; }
+
+.ds-worker-info { flex: 1; min-width: 0; }
+.ds-worker-name { font-size: 0.875rem; font-weight: 600; color: #1f2937; }
+.ds-worker-dept { font-size: 0.7rem; color: #9ca3af; }
+.ds-worker-status { text-align: right; flex-shrink: 0; }
+.ds-worker-status span {
+    display: inline-block;
+    font-size: 0.65rem;
+    padding: 2px 6px;
+    border-radius: 4px;
+    margin-left: 2px;
+}
+.ds-badge-ok { background: #dcfce7; color: #16a34a; }
+.ds-badge-no { background: #fef2f2; color: #dc2626; }
+.ds-badge-proxy { background: #ede9fe; color: #7c3aed; font-size: 0.6rem; }
+
+/* Skeleton */
+.ds-skeleton {
+    height: 56px;
+    background: linear-gradient(90deg, #f3f4f6 25%, #e5e7eb 50%, #f3f4f6 75%);
+    background-size: 200% 100%;
+    animation: ds-shimmer 1.5s infinite;
+    border-radius: 10px;
+    margin-bottom: 6px;
+}
+@keyframes ds-shimmer { 0% { background-position: 200% 0; } 100% { background-position: -200% 0; } }
+
+/* Empty / No Permission */
+.ds-empty, .ds-no-perm {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: 8px;
+    padding: 48px 16px;
+    color: #9ca3af;
+    font-size: 0.875rem;
+}
+.ds-link { color: #2563eb; font-size: 0.8rem; text-decoration: underline; }
+
+/* Bottom Action */
+.ds-bottom-action {
+    position: fixed;
+    bottom: calc(68px + env(safe-area-inset-bottom, 0px));
+    left: 0; right: 0;
+    padding: 10px 16px;
+    background: white;
+    border-top: 1px solid #e5e7eb;
+    z-index: 30;
+    max-width: 480px;
+    margin: 0 auto;
+}
+.ds-proxy-btn {
+    width: 100%;
+    padding: 12px;
+    background: #2563eb;
+    color: white;
+    font-size: 0.875rem;
+    font-weight: 700;
+    border: none;
+    border-radius: 10px;
+    cursor: pointer;
+    transition: background 0.15s;
+}
+.ds-proxy-btn:hover { background: #1d4ed8; }
+.ds-proxy-btn:disabled { background: #d1d5db; cursor: not-allowed; }
+
+/* Bottom Sheet */
+.ds-sheet-overlay {
+    position: fixed; inset: 0;
+    background: rgba(0,0,0,0.4);
+    z-index: 40;
+}
+.ds-sheet {
+    position: fixed;
+    bottom: 0; left: 0; right: 0;
+    background: white;
+    border-radius: 16px 16px 0 0;
+    max-height: 70vh;
+    overflow-y: auto;
+    z-index: 41;
+    padding: 0 16px 24px;
+    transform: translateY(100%);
+    transition: transform 0.3s ease;
+    max-width: 480px;
+    margin: 0 auto;
+}
+.ds-sheet.open { transform: translateY(0); }
+.ds-sheet-handle {
+    width: 40px; height: 4px;
+    background: #d1d5db;
+    border-radius: 2px;
+    margin: 10px auto 12px;
+    cursor: pointer;
+}
+.ds-sheet-header {
+    display: flex; align-items: baseline; gap: 8px;
+    padding-bottom: 12px;
+    border-bottom: 1px solid #f3f4f6;
+    margin-bottom: 12px;
+}
+.ds-sheet-header span:first-child { font-size: 1rem; font-weight: 700; color: #1f2937; }
+.ds-sheet-sub { font-size: 0.75rem; color: #9ca3af; }
+.ds-sheet-body { min-height: 80px; }
+.ds-sheet-loading { text-align: center; padding: 24px; color: #9ca3af; font-size: 0.875rem; }
+
+.ds-sheet-section { margin-bottom: 12px; }
+.ds-sheet-section-title {
+    font-size: 0.75rem; font-weight: 700; color: #6b7280;
+    margin-bottom: 6px;
+    display: flex; align-items: center; gap: 6px;
+}
+.ds-sheet-card {
+    background: #f9fafb;
+    border-radius: 8px;
+    padding: 10px;
+    font-size: 0.8rem;
+    color: #374151;
+}
+.ds-sheet-card.empty { color: #9ca3af; text-align: center; }
+
+.ds-sheet-actions {
+    padding-top: 12px;
+    border-top: 1px solid #f3f4f6;
+}
+.ds-sheet-btn {
+    width: 100%;
+    padding: 10px;
+    background: #2563eb;
+    color: white;
+    font-size: 0.8rem;
+    font-weight: 600;
+    border: none;
+    border-radius: 8px;
+    cursor: pointer;
+}
+
+/* Bottom Nav (reuse tbm-mobile pattern) */
+.m-bottom-nav {
+    position: fixed; bottom: 0; left: 0; right: 0;
+    display: flex; justify-content: space-around;
+    background: white;
+    border-top: 1px solid #e5e7eb;
+    padding: 8px 0 calc(8px + env(safe-area-inset-bottom, 0px));
+    z-index: 35;
+    max-width: 480px;
+    margin: 0 auto;
+}
+.m-nav-item {
+    display: flex; flex-direction: column; align-items: center;
+    gap: 2px; color: #9ca3af;
+    text-decoration: none;
+    font-size: 0.65rem;
+    padding: 4px 8px;
+}
+.m-nav-item svg { width: 22px; height: 22px; }
+.m-nav-item.active { color: #2563eb; }
+.m-nav-label { font-weight: 500; }
+
+@media (max-width: 480px) {
+    body { max-width: 480px; margin: 0 auto; }
+}