kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

조직도 M2M조회 추가, 자동로그인 보완

Browse Source
This commit is contained in:
admin-bot
2026-05-13 13:44:30 +09:00
parent 72288f1d39
commit 8c2b2f71ef
29 changed files with 2985 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

531
backend/docs/openapi.yaml
View File

@@ -23,6 +23,10 @@ tags:
description: 세션 관리(계획)
- name: Admin
description: 관리자 기능/테넌트
- name: Public
description: 인증 없이 외부에 노출되는 공개 API
- name: Integrations
description: API Key 기반 외부 연동 API
- name: Dev
description: RP/Consent 관리
- name: Audit
@@ -31,6 +35,46 @@ tags:
description: 외부 게이트웨이 연동
paths:
/.well-known/baron-rp-manifest:
get:
tags: [Public]
summary: RP IAM Manifest HTML
description: 외부 RP가 Baron SSO/IAM 연동 정책을 사람이 읽을 수 있는 HTML로 확인합니다.
responses:
"200":
description: HTML
content:
text/html:
schema:
type: string
/.well-known/baron-rp-manifest.json:
get:
tags: [Public]
summary: RP IAM Manifest JSON
description: 외부 RP가 Baron SSO/IAM 연동 정책을 machine-readable JSON으로 조회합니다.
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/RPManifestResponse"
/.well-known/baron-rp-manifest.schema.json:
get:
tags: [Public]
summary: RP IAM Manifest JSON Schema
description: RP IAM Manifest JSON의 JSON Schema를 조회합니다.
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
additionalProperties: true
/health:
get:
tags: [System]
@@ -79,6 +123,108 @@ paths:
schema:
type: string
/api/v1/public/orgchart:
get:
tags: [Public]
summary: 공유 링크 조직도 조회
description: 공유 링크 token으로 공개 가능한 조직도 데이터를 조회합니다.
parameters:
- in: query
name: token
required: true
schema:
type: string
description: 조직도 공유 링크 token
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/PublicOrgChartResponse"
"401":
description: Unauthorized
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
/api/v1/tenants/registration:
post:
tags: [Public]
summary: 테넌트 등록 요청
description: 외부에서 테넌트 등록을 요청하고 승인 대기 상태로 생성합니다.
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/TenantRegistrationRequest"
responses:
"202":
description: Accepted
content:
application/json:
schema:
$ref: "#/components/schemas/TenantRegistrationResponse"
"400":
description: Bad Request
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
/api/v1/integrations/org-context:
get:
tags: [Integrations]
summary: 조직 Context 조회
description: |
외부 연동앱이 계정 세션 없이 API Key로 Baron SSO 조직 subtree를 조회합니다.
`tenantSlug`가 없으면 `hanmac-family` 전체 subtree를 반환하며, slug 기반 지정만 계약으로 지원합니다.
security:
- BaronApiKeyId: []
BaronApiKeySecret: []
parameters:
- in: query
name: tenantSlug
required: false
schema:
type: string
default: hanmac-family
description: 조회할 subtree root tenant slug
- in: query
name: includeUsers
required: false
schema:
type: boolean
default: true
description: false이면 users와 directUserIds를 비워 반환합니다.
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/OrgContextResponse"
"401":
description: Unauthorized
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
"403":
description: Forbidden
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
"404":
description: Tenant slug not found
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
/api/v1/auth/password/login:
post:
tags: [Auth]
@@ -614,6 +760,40 @@ paths:
schema:
$ref: "#/components/schemas/TenantResponse"
/api/v1/admin/tenants/export:
get:
tags: [Admin]
summary: 테넌트 CSV 내보내기
description: |
super admin 전용 CSV export입니다. `parentId`를 지정하면 해당 tenant의 모든 descendant를 leaf까지 포함해 내보냅니다.
parameters:
- in: query
name: includeIds
required: false
schema:
type: boolean
default: false
description: true이면 tenant_id와 parent_tenant_id 컬럼을 포함합니다.
- in: query
name: parentId
required: false
schema:
type: string
description: 하위 subtree를 내보낼 parent tenant ID
responses:
"200":
description: CSV
content:
text/csv:
schema:
type: string
"401":
description: Unauthorized
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
/api/v1/admin/tenants/{id}:
get:
tags: [Admin]
@@ -666,6 +846,82 @@ paths:
"204":
description: No Content
/api/v1/admin/api-keys:
get:
tags: [Admin]
summary: API Key 목록
description: super admin 전용 API Key 관리 화면에서 사용합니다.
parameters:
- in: query
name: limit
required: false
schema:
type: integer
default: 50
- in: query
name: offset
required: false
schema:
type: integer
default: 0
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/ApiKeyListResponse"
"401":
description: Unauthorized
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
post:
tags: [Admin]
summary: API Key 생성
description: super admin만 API Key를 생성할 수 있으며, clientSecret은 생성 응답에서 한 번만 반환됩니다.
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/ApiKeyCreateRequest"
responses:
"201":
description: Created
content:
application/json:
schema:
$ref: "#/components/schemas/ApiKeyCreateResponse"
"400":
description: Bad Request
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
/api/v1/admin/api-keys/{id}:
delete:
tags: [Admin]
summary: API Key 삭제
description: super admin 전용 API Key 삭제입니다.
parameters:
- in: path
name: id
required: true
schema:
type: string
responses:
"204":
description: No Content
"401":
description: Unauthorized
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
/api/v1/dev/clients:
get:
tags: [Dev]
@@ -843,6 +1099,22 @@ paths:
description: OK
components:
securitySchemes:
BaronApiKeyId:
type: apiKey
in: header
name: X-Baron-Key-ID
description: |
API Key client ID입니다. Swagger UI 우측 상단 `Authorize`에서 `X-Baron-Key-ID` 값으로 입력하면
API Key 인증이 필요한 요청의 header에 자동으로 포함됩니다.
BaronApiKeySecret:
type: apiKey
in: header
name: X-Baron-Key-Secret
description: |
API Key client secret입니다. Swagger UI 우측 상단 `Authorize`에서 `X-Baron-Key-Secret` 값으로 입력하면
API Key 인증이 필요한 요청의 header에 자동으로 포함됩니다.
schemas:
ErrorResponse:
type: object
@@ -871,6 +1143,210 @@ components:
checks:
type: object
RPManifestResponse:
type: object
additionalProperties: true
properties:
version:
type: string
example: "2026-05-11"
issuer:
type: string
example: https://sso.hmac.kr
oidc:
type: object
additionalProperties: true
iam:
type: object
additionalProperties: true
identity_contract:
type: object
additionalProperties: true
trusted_headers:
type: object
additionalProperties: true
PublicOrgChartUser:
type: object
properties:
id:
type: string
name:
type: string
position:
type: string
jobTitle:
type: string
companyCode:
type: string
status:
type: string
PublicOrgChartResponse:
type: object
properties:
tenants:
type: array
items:
$ref: "#/components/schemas/TenantResponse"
users:
type: array
items:
$ref: "#/components/schemas/PublicOrgChartUser"
sharedWith:
type: string
TenantRegistrationRequest:
type: object
required: [name, domain, adminEmail]
properties:
name:
type: string
slug:
type: string
description:
type: string
domain:
type: string
adminEmail:
type: string
format: email
TenantRegistrationResponse:
type: object
properties:
message:
type: string
tenant:
$ref: "#/components/schemas/TenantResponse"
OrgContextScope:
type: object
properties:
tenantId:
type: string
example: 01970f08-91da-7286-bd19-882fb98d1f2c
tenantSlug:
type: string
example: hanmac-family
OrgContextTenant:
type: object
properties:
id:
type: string
example: 01970f08-91da-7286-bd19-882fb98d1f2c
type:
type: string
example: COMPANY_GROUP
name:
type: string
example: 한맥가족
slug:
type: string
example: hanmac-family
parentId:
type: string
nullable: true
status:
type: string
example: active
description:
type: string
domains:
type: array
items:
type: string
memberCount:
type: integer
visibility:
type: string
example: public
orgUnitType:
type: string
createdAt:
type: string
format: date-time
updatedAt:
type: string
format: date-time
OrgContextTreeNode:
allOf:
- $ref: "#/components/schemas/OrgContextTenant"
- type: object
properties:
directUserIds:
type: array
items:
type: string
children:
type: array
items:
$ref: "#/components/schemas/OrgContextTreeNode"
OrgContextUser:
type: object
properties:
id:
type: string
email:
type: string
format: email
name:
type: string
role:
type: string
status:
type: string
tenantIds:
type: array
items:
type: string
tenantSlugs:
type: array
items:
type: string
department:
type: string
grade:
type: string
position:
type: string
jobTitle:
type: string
metadata:
type: object
additionalProperties: true
createdAt:
type: string
format: date-time
updatedAt:
type: string
format: date-time
OrgContextResponse:
type: object
properties:
schemaVersion:
type: string
example: baron.org-context.v1
issuedAt:
type: string
format: date-time
scope:
$ref: "#/components/schemas/OrgContextScope"
tree:
$ref: "#/components/schemas/OrgContextTreeNode"
tenants:
type: array
items:
$ref: "#/components/schemas/OrgContextTenant"
users:
type: array
items:
$ref: "#/components/schemas/OrgContextUser"
PasswordLoginRequest:
type: object
required: [loginId, password]
@@ -1268,6 +1744,61 @@ components:
status:
type: string
ApiKeySummary:
type: object
properties:
id:
type: string
name:
type: string
client_id:
type: string
scopes:
type: array
items:
type: string
example: [org-context:read]
status:
type: string
example: active
lastUsedAt:
type: string
nullable: true
createdAt:
type: string
format: date-time
ApiKeyListResponse:
type: object
properties:
items:
type: array
items:
$ref: "#/components/schemas/ApiKeySummary"
total:
type: integer
ApiKeyCreateRequest:
type: object
required: [name]
properties:
name:
type: string
scopes:
type: array
items:
type: string
example: [org-context:read]
ApiKeyCreateResponse:
type: object
properties:
apiKey:
$ref: "#/components/schemas/ApiKeySummary"
clientSecret:
type: string
description: 생성 시점에 한 번만 반환되는 plain secret
ClientSummary:
type: object
properties: