adminfront 조직 통계오류 보정. Kratos Projection용 통계테이블 구조 추가

2026-05-11 13:01:55 +09:00
parent 9a64a16cb9
commit 843b4100ad
36 changed files with 2022 additions and 169 deletions
--- a/scripts/auth_config.sh
+++ b/scripts/auth_config.sh
@@ -20,8 +20,10 @@ HYDRA_ADMIN_URL="${HYDRA_ADMIN_URL:-http://hydra:4445}"
 KRATOS_UI_URL="${KRATOS_UI_URL:-http://localhost:5000}"
 ADMINFRONT_URL="${ADMINFRONT_URL:-https://sadmin.hmac.kr}"
 DEVFRONT_URL="${DEVFRONT_URL:-https://sdev.hmac.kr}"
+ORGFRONT_URL="${ORGFRONT_URL:-https://sorg.hmac.kr}"
 ADMINFRONT_CALLBACK_URLS="${ADMINFRONT_CALLBACK_URLS:-${ADMINFRONT_URL%/}/auth/callback}"
 DEVFRONT_CALLBACK_URLS="${DEVFRONT_CALLBACK_URLS:-${DEVFRONT_URL%/}/auth/callback}"
+ORGFRONT_CALLBACK_URLS="${ORGFRONT_CALLBACK_URLS:-${ORGFRONT_URL%/}/auth/callback}"
 KRATOS_ALLOWED_RETURN_URLS_EXTRA="${KRATOS_ALLOWED_RETURN_URLS_EXTRA:-}"

 declare -a WARNINGS=()
@@ -185,6 +187,7 @@ to_json_array() {
 collect_values() {
  declare -ga ADMIN_CALLBACKS=()
  declare -ga DEV_CALLBACKS=()
+  declare -ga ORG_CALLBACKS=()
  declare -ga EXTRA_ALLOWED_RETURNS=()

  while IFS= read -r item; do
@@ -195,6 +198,10 @@ collect_values() {
    DEV_CALLBACKS+=("$item")
  done < <(csv_to_lines "$DEVFRONT_CALLBACK_URLS")

+  while IFS= read -r item; do
+    ORG_CALLBACKS+=("$item")
+  done < <(csv_to_lines "$ORGFRONT_CALLBACK_URLS")
+
  while IFS= read -r item; do
    EXTRA_ALLOWED_RETURNS+=("$item")
  done < <(list_to_lines "$KRATOS_ALLOWED_RETURN_URLS_EXTRA")
@@ -309,6 +316,9 @@ build_allowed_return_urls() {
  for url in "${DEV_CALLBACKS[@]}"; do
    add_allowed_url "$url"
  done
+  for url in "${ORG_CALLBACKS[@]}"; do
+    add_allowed_url "$url"
+  done
  for url in "${EXTRA_ALLOWED_RETURNS[@]}"; do
    add_allowed_url "$url"
  done
@@ -320,9 +330,10 @@ build_allowed_return_urls() {

 write_output() {
  mkdir -p "$OUTPUT_DIR"
-  local admin_csv dev_csv returns_json
+  local admin_csv dev_csv org_csv returns_json
  admin_csv="$(join_csv ADMIN_CALLBACKS)"
  dev_csv="$(join_csv DEV_CALLBACKS)"
+  org_csv="$(join_csv ORG_CALLBACKS)"
  returns_json="$(to_json_array KRATOS_ALLOWED_RETURN_URLS)"

  cat >"$OUTPUT_FILE" <<EOF
@@ -330,6 +341,7 @@ write_output() {
 # Do not edit manually.
 ADMINFRONT_CALLBACK_URLS=$admin_csv
 DEVFRONT_CALLBACK_URLS=$dev_csv
+ORGFRONT_CALLBACK_URLS=$org_csv
 KRATOS_ALLOWED_RETURN_URLS_JSON=$returns_json
 OIDC_HYDRA_URL_MATCH_MODE=$OIDC_HYDRA_URL_MATCH_MODE
 EOF
@@ -342,6 +354,8 @@ validate_compose_wiring() {
    || fail "compose.ory.yaml is not wired to ADMINFRONT_CALLBACK_URLS"
  grep -Eq 'DEVFRONT_CALLBACK_URLS' "$ROOT_DIR/compose.ory.yaml" \
    || fail "compose.ory.yaml is not wired to DEVFRONT_CALLBACK_URLS"
+  grep -Eq 'ORGFRONT_CALLBACK_URLS' "$ROOT_DIR/compose.ory.yaml" \
+    || fail "compose.ory.yaml is not wired to ORGFRONT_CALLBACK_URLS"
 }

 verify_runtime_hydra_clients() {
@@ -355,13 +369,16 @@ verify_runtime_hydra_clients() {
    return
  fi

-  local admin_info dev_info
+  local admin_info dev_info org_info
  if ! admin_info="$(docker exec ory_hydra hydra get oauth2-client --endpoint "$HYDRA_ADMIN_URL" adminfront 2>/dev/null)"; then
    fail "failed to read hydra client 'adminfront' from running container"
  fi
  if ! dev_info="$(docker exec ory_hydra hydra get oauth2-client --endpoint "$HYDRA_ADMIN_URL" devfront 2>/dev/null)"; then
    fail "failed to read hydra client 'devfront' from running container"
  fi
+  if ! org_info="$(docker exec ory_hydra hydra get oauth2-client --endpoint "$HYDRA_ADMIN_URL" orgfront 2>/dev/null)"; then
+    fail "failed to read hydra client 'orgfront' from running container"
+  fi

  for callback in "${ADMIN_CALLBACKS[@]}"; do
    if ! grep -Fq "$callback" <<<"$admin_info"; then
@@ -373,6 +390,11 @@ verify_runtime_hydra_clients() {
      fail "devfront hydra client does not include callback: $callback"
    fi
  done
+  for callback in "${ORG_CALLBACKS[@]}"; do
+    if ! grep -Fq "$callback" <<<"$org_info"; then
+      fail "orgfront hydra client does not include callback: $callback"
+    fi
+  done
 }

 run_validation() {
@@ -385,8 +407,10 @@ run_validation() {
  validate_dotenv_line_safety "KRATOS_UI_URL"
  validate_dotenv_line_safety "ADMINFRONT_URL"
  validate_dotenv_line_safety "DEVFRONT_URL"
+  validate_dotenv_line_safety "ORGFRONT_URL"
  validate_dotenv_line_safety "ADMINFRONT_CALLBACK_URLS"
  validate_dotenv_line_safety "DEVFRONT_CALLBACK_URLS"
+  validate_dotenv_line_safety "ORGFRONT_CALLBACK_URLS"

  if [[ -n "$ADMINFRONT_URL" ]]; then
    validate_urls "ADMINFRONT_URL" "$ADMINFRONT_URL"
@@ -394,10 +418,14 @@ run_validation() {
  if [[ -n "$DEVFRONT_URL" ]]; then
    validate_urls "DEVFRONT_URL" "$DEVFRONT_URL"
  fi
+  if [[ -n "$ORGFRONT_URL" ]]; then
+    validate_urls "ORGFRONT_URL" "$ORGFRONT_URL"
+  fi

  collect_values
  validate_callback_group "ADMINFRONT_CALLBACK_URLS" "/auth/callback" "${ADMIN_CALLBACKS[@]}"
  validate_callback_group "DEVFRONT_CALLBACK_URLS" "/auth/callback" "${DEV_CALLBACKS[@]}"
+  validate_callback_group "ORGFRONT_CALLBACK_URLS" "/auth/callback" "${ORG_CALLBACKS[@]}"
  validate_gateway_mapping
  build_allowed_return_urls
 }
@@ -407,6 +435,7 @@ print_summary() {
  echo "[auth-config] hydra_url_match_mode: $OIDC_HYDRA_URL_MATCH_MODE"
  echo "[auth-config] admin_callbacks: $(join_csv ADMIN_CALLBACKS)"
  echo "[auth-config] dev_callbacks: $(join_csv DEV_CALLBACKS)"
+  echo "[auth-config] org_callbacks: $(join_csv ORG_CALLBACKS)"
  echo "[auth-config] kratos_allowed_return_urls_count: ${#KRATOS_ALLOWED_RETURN_URLS[@]}"

  if [[ ${#WARNINGS[@]} -gt 0 ]]; then
--- a/scripts/test_frontend_runtime_mode.sh
+++ b/scripts/test_frontend_runtime_mode.sh
@@ -14,7 +14,8 @@ assert_mode() {

 for script in \
  "./adminfront/scripts/runtime-mode.sh" \
-  "./devfront/scripts/runtime-mode.sh"
+  "./devfront/scripts/runtime-mode.sh" \
+  "./orgfront/scripts/runtime-mode.sh"
 do
  assert_mode "$script" "production" "production"
  assert_mode "$script" "prod" "production"