kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

접속이력 OIDC 접속 로그 누락 수정

Browse Source
This commit is contained in:
김용연
2026-04-07 10:32:36 +09:00
parent 0c1b512a9a
commit 763c04398e
1 changed files with 73 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
backend/internal/handler/auth_handler.go
View File

@@ -4246,11 +4246,10 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
continue
}
consent, ok := consentMap[clientID]
if !ok {
continue
}
if !consent.ConsentAt.IsZero() && log.Timestamp.Before(consent.ConsentAt) {
continue
if ok {
if !consent.ConsentAt.IsZero() && log.Timestamp.Before(consent.ConsentAt) {
continue
}
}
oathkeeperLogs = append(oathkeeperLogs, log)
if len(oathkeeperLogs) >= fetchLimit {
@@ -4299,36 +4298,75 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
return info, true
}
clientCache := make(map[string]loginClientInfo)
resolveClientByID := func(cid string) (loginClientInfo, bool) {
cid = strings.TrimSpace(cid)
if cid == "" || h.Hydra == nil {
return loginClientInfo{}, false
}
if cached, ok := clientCache[cid]; ok {
return cached, cached.ClientID != ""
}
client, err := h.Hydra.GetClient(c.Context(), cid)
if err != nil || client == nil {
clientCache[cid] = loginClientInfo{}
return loginClientInfo{}, false
}
name := strings.TrimSpace(client.ClientName)
if name == "" {
name = cid
}
info := loginClientInfo{
ClientID: cid,
Name: name,
}
clientCache[cid] = info
return info, true
}
items := make([]authTimelineItem, 0, len(authLogs)+len(oathkeeperLogs))
for i := range authLogs {
log := authLogs[i]
appName := "Baron 로그인"
clientID := ""
path := strings.ToLower(extractAuditPath(log))
if strings.Contains(path, "/api/v1/auth/oidc/login/accept") {
appName = "OIDC 로그인"
// 우선 audit details의 client 정보를 사용하고, 없으면 Hydra 조회로 보강
if details, err := utils.ParseAuditDetails(log.Details); err == nil && details != nil {
if name, ok := details["client_name"].(string); ok && strings.TrimSpace(name) != "" {
appName = strings.TrimSpace(name)
}
if cid, ok := details["client_id"].(string); ok && strings.TrimSpace(cid) != "" {
clientID = strings.TrimSpace(cid)
if appName == "OIDC 로그인" {
appName = clientID
}
}
isOidcAccept := strings.Contains(path, "/api/v1/auth/oidc/login/accept")
isPasswordLogin := strings.Contains(path, "/api/v1/auth/password/login")
// 우선 audit details의 client 정보를 사용
if details, err := utils.ParseAuditDetails(log.Details); err == nil && details != nil {
if cid, ok := details["client_id"].(string); ok && strings.TrimSpace(cid) != "" {
clientID = strings.TrimSpace(cid)
}
if appName == "OIDC 로그인" {
loginChallenge := extractLoginChallengeFromAuditDetails(log.Details)
if loginChallenge != "" {
if info, ok := resolveLoginClient(loginChallenge); ok {
appName = info.Name
clientID = info.ClientID
}
if name, ok := details["client_name"].(string); ok && strings.TrimSpace(name) != "" {
appName = strings.TrimSpace(name)
}
}
// 기본값이거나 클라이언트 ID인 경우 Hydra 조회로 보강
if appName == "Baron 로그인" || appName == "" {
if isOidcAccept {
appName = "OIDC 로그인"
}
if clientID != "" {
appName = clientID
if info, ok := resolveClientByID(clientID); ok {
appName = info.Name
}
}
}
if (isOidcAccept || isPasswordLogin) && (appName == "OIDC 로그인" || appName == "Baron 로그인" || appName == clientID) {
loginChallenge := extractLoginChallengeFromAuditDetails(log.Details)
if loginChallenge != "" {
if info, ok := resolveLoginClient(loginChallenge); ok {
appName = info.Name
clientID = info.ClientID
}
}
}
item := authTimelineItem{
EventID: log.EventID,
Timestamp: log.Timestamp,
@@ -4353,11 +4391,17 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
if clientID == "" {
continue
}
consent := consentMap[clientID]
appName := consent.Name
if appName == "" {
appName = clientID
appName := clientID
if consent, ok := consentMap[clientID]; ok {
appName = consent.Name
}
if appName == "" || appName == clientID {
if info, ok := resolveClientByID(clientID); ok {
appName = info.Name
}
}
details := map[string]any{
"path": log.Path,
"client_id": clientID,