fix: Synology SSO Implicit Grant 방식으로 변경

- response_type: code → token - redirect_uri: /api/... → /auth/... (프론트엔드 페이지) - 프론트엔드 callback 페이지 추가 (hash fragment 파싱) - verify API 추가 (access_token 검증)
2026-01-11 23:31:56 +09:00
parent f0c905711f
commit 69b28746ff
6 changed files with 138 additions and 4 deletions
--- a/server/api/auth/synology/verify.post.ts
+++ b/server/api/auth/synology/verify.post.ts
@@ -0,0 +1,90 @@
+/**
+ * Synology SSO Access Token 검증 및 로그인 처리
+ * POST /api/auth/synology/verify
+ */
+import { sql } from '~/server/utils/db'
+
+export default defineEventHandler(async (event) => {
+  const body = await readBody(event)
+  const { accessToken } = body
+  
+  if (!accessToken) {
+    throw createError({
+      statusCode: 400,
+      message: 'Access token이 없습니다.'
+    })
+  }
+  
+  const config = useRuntimeConfig()
+  
+  try {
+    // Synology SSO Server에서 사용자 정보 조회
+    const userInfoUrl = `${config.synologyServerUrl}/webman/sso/SSOAccessToken.cgi?action=exchange&access_token=${accessToken}&app_id=${config.synologyClientId}`
+    
+    const userInfoResponse = await $fetch<any>(userInfoUrl)
+    
+    if (!userInfoResponse.success) {
+      throw createError({
+        statusCode: 401,
+        message: userInfoResponse.error?.msg || 'Synology 토큰 검증에 실패했습니다.'
+      })
+    }
+    
+    const synologyUsername = userInfoResponse.data?.user_name || userInfoResponse.data?.user_id
+    
+    if (!synologyUsername) {
+      throw createError({
+        statusCode: 401,
+        message: 'Synology 사용자 정보를 가져올 수 없습니다.'
+      })
+    }
+    
+    // DB에서 synology_username으로 사용자 조회
+    const users = await sql`
+      SELECT employee_id, employee_name, employee_email, employee_role, company_id
+      FROM employees
+      WHERE synology_username = ${synologyUsername}
+        AND employee_status = 'active'
+      LIMIT 1
+    `
+    
+    if (users.length === 0) {
+      throw createError({
+        statusCode: 404,
+        message: `Synology 계정 "${synologyUsername}"과 연결된 사용자를 찾을 수 없습니다. 관리자에게 문의하세요.`
+      })
+    }
+    
+    const user = users[0]
+    
+    // 세션 생성
+    const session = await useAuthSession(event)
+    await session.update({
+      userId: user.employee_id,
+      userName: user.employee_name,
+      userEmail: user.employee_email,
+      userRole: user.employee_role,
+      companyId: user.company_id,
+      loginType: 'synology'
+    })
+    
+    return {
+      success: true,
+      user: {
+        id: user.employee_id,
+        name: user.employee_name,
+        email: user.employee_email,
+        role: user.employee_role
+      }
+    }
+  } catch (error: any) {
+    if (error.statusCode) {
+      throw error
+    }
+    console.error('Synology SSO verify error:', error)
+    throw createError({
+      statusCode: 500,
+      message: 'Synology 로그인 처리 중 오류가 발생했습니다.'
+    })
+  }
+})