hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9cbf4c98a52de5ddfafa366ec8a3f5de3b96d56b
tk-factory-services/gateway/html/shared/nav-header.js
Hyungi Ahn 12367dd3a1 fix(security): 전체 서비스 보안 점검 — XSS·인가·토큰·헤더·에러마스킹 일괄 수정 
Phase 1 CRITICAL XSS:
- marked.parse() → DOMPurify.sanitize() (system3 ai-assistant, issues-management)
- toast innerHTML에 escapeHtml 적용 (system1 api-base, system3 common-header)
- onclick 핸들러 → data 속성 + addEventListener (system2 issue-detail)

Phase 2 HIGH 인가:
- getUserBalance 본인확인 추가 (tksupport vacationController)

Phase 3 HIGH 토큰+CSP:
- localStorage 토큰 저장 제거 — 쿠키 전용 (7개 서비스)
- unsafe-eval CSP 제거 (system1 security.js)

Phase 4 MEDIUM:
- nginx 보안 헤더 추가 (8개 서비스)
- 500 에러 메시지 마스킹 (5개 API)
- path traversal 방지 (system3 file_service.py)
- cookie fallback 데드코드 제거 (4개 auth.js)
- /login/form rate limiting 추가 (sso-auth)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 19:50:00 +09:00

100 lines
3.0 KiB
JavaScript
Raw Blame History

/**
* 공유 네비게이션 헤더 + SSO 쿠키 유틸리티
*
* 각 시스템 페이지에서 import하여 SSO 인증 유틸 제공
* <script src="/shared/nav-header.js"></script>
*/
(function() {
// 쿠키 헬퍼
function cookieGet(name) {
var match = document.cookie.match(new RegExp('(?:^|; )' + name + '=([^;]*)'));
return match ? decodeURIComponent(match[1]) : null;
}
function cookieSet(name, value, days) {
var cookie = name + '=' + encodeURIComponent(value) + '; path=/';
if (days) cookie += '; max-age=' + (days * 86400);
if (window.location.hostname.includes('technicalkorea.net')) {
cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
}
document.cookie = cookie;
}
function cookieRemove(name) {
var cookie = name + '=; path=/; max-age=0';
if (window.location.hostname.includes('technicalkorea.net')) {
cookie += '; domain=.technicalkorea.net; secure; samesite=lax';
}
document.cookie = cookie;
}
/**
* SSO 인증 유틸리티 (쿠키 + localStorage 이중 지원)
*/
window.SSOAuth = {
getToken: function() {
return cookieGet('sso_token');
},
getUser: function() {
var raw = cookieGet('sso_user');
try { return JSON.parse(raw); } catch(e) { return null; }
},
isLoggedIn: function() {
var token = this.getToken();
return !!token && token !== 'undefined' && token !== 'null';
},
logout: function() {
cookieRemove('sso_token');
cookieRemove('sso_user');
cookieRemove('sso_refresh_token');
['sso_token','sso_user','sso_refresh_token','token','user','access_token','currentUser','current_user','userInfo','userPageAccess'].forEach(function(k) {
localStorage.removeItem(k);
});
window.location.href = this.getLoginUrl(window.location.href) + '&logout=1';
},
/**
* 중앙 로그인 URL 반환
*/
getLoginUrl: function(redirect) {
var hostname = window.location.hostname;
var loginUrl;
if (hostname.includes('technicalkorea.net')) {
loginUrl = window.location.protocol + '//tkds.technicalkorea.net/dashboard';
} else {
// 개발 환경: tkds 포트 (30780)
loginUrl = window.location.protocol + '//' + hostname + ':30780/dashboard';
}
if (redirect) {
loginUrl += '?redirect=' + encodeURIComponent(redirect);
}
return loginUrl;
},
/**
* 토큰을 Authorization 헤더에 포함한 fetch wrapper
*/
fetch: function(url, options) {
options = options || {};
options.headers = options.headers || {};
var token = this.getToken();
if (token) {
options.headers['Authorization'] = 'Bearer ' + token;
}
return fetch(url, options);
},
/**
* 로그인 안 되어있으면 중앙 로그인 페이지로 리다이렉트
*/
requireLogin: function() {
if (!this.isLoggedIn()) {
window.location.href = this.getLoginUrl(window.location.href);
}
}
};
})();
Reference in New Issue View Git Blame Copy Permalink