hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): SSO 데드쿠키 제거 + open redirect 방어 + system2 수정

Browse Source 
- SSO auth: 서버측 httpOnly 쿠키 제거 (클라이언트 domain cookie로 대체)
- SSO auth: extractToken()에서 미작동 req.cookies 코드 제거
- Gateway login.html: redirect 파라미터 open redirect 취약점 방어
- System 2: 인라인 requireAuth → middlewares/auth.js 사용
- System 2: 404/에러 핸들러 등록 순서 수정 (Express 모범사례)
- .gitignore: *.bak* 패턴 추가

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
2026-02-25 08:22:53 +09:00
parent 93edf9529a
commit faf365e0c6
4 changed files with 17 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
system2-report/api/index.js
View File

@@ -45,31 +45,8 @@ app.get('/api/health', (req, res) => {
res.json({ status: 'ok', service: 'system2-report', timestamp: new Date().toISOString() });
});
// JWT Auth middleware (SSO 공유 시크릿)
const jwt = require('jsonwebtoken');
const requireAuth = (req, res, next) => {
try {
const authHeader = req.headers['authorization'];
if (!authHeader) {
throw new AuthenticationError('Authorization 헤더가 필요합니다');
}
const token = authHeader.split(' ')[1];
if (!token) {
throw new AuthenticationError('Bearer 토큰이 필요합니다');
}
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = decoded;
next();
} catch (err) {
if (err.name === 'JsonWebTokenError' || err.name === 'TokenExpiredError') {
return res.status(401).json({ success: false, error: '유효하지 않은 토큰입니다' });
}
if (err instanceof AuthenticationError) {
return res.status(401).json({ success: false, error: err.message });
}
next(err);
}
};
// JWT Auth middleware (middlewares/auth.js 사용)
const { requireAuth } = require('./middlewares/auth');
// Routes
const workIssueRoutes = require('./routes/workIssueRoutes');
@@ -77,6 +54,11 @@ const workIssueRoutes = require('./routes/workIssueRoutes');
// 인증이 필요한 API
app.use('/api/work-issues', requireAuth, workIssueRoutes);
// 404 (에러 핸들러보다 먼저 등록)
app.use((req, res) => {
res.status(404).json({ success: false, error: 'Not Found', path: req.originalUrl });
});
// Error handler
app.use((err, req, res, next) => {
const statusCode = err.statusCode || 500;
@@ -87,11 +69,6 @@ app.use((err, req, res, next) => {
});
});
// 404
app.use((req, res) => {
res.status(404).json({ success: false, error: 'Not Found', path: req.originalUrl });
});
app.listen(PORT, () => {
console.log(`System 2 (신고) API running on port ${PORT}`);
});