only JWT 발급

2026-01-09 14:24:35 +09:00
parent 4813ec2f6d
commit b5aed4fedc
15 changed files with 564 additions and 470 deletions
--- a/frontend/lib/core/services/audit_service.dart
+++ b/frontend/lib/core/services/audit_service.dart
@@ -3,7 +3,7 @@ import 'package:http/http.dart' as http;
 import 'package:flutter_dotenv/flutter_dotenv.dart';

 class AuditService {
-  static final String _baseUrl = dotenv.env['BACKEND_URL'] ?? 'http://localhost:3000';
+  static const String _baseUrl = 'https://ssologin.hmac.kr';

  static Future<void> logEvent({
    required String userId,
--- a/frontend/lib/core/services/auth_proxy_service.dart
+++ b/frontend/lib/core/services/auth_proxy_service.dart
@@ -3,18 +3,25 @@ import 'package:http/http.dart' as http;
 import 'package:flutter_dotenv/flutter_dotenv.dart';

 class AuthProxyService {
-  static final String _baseUrl = dotenv.env['BACKEND_URL'] ?? 'http://localhost:3000';
+  // HARDCODED URL
+  static const String _baseUrl = 'https://ssologin.hmac.kr';

-  static Future<Map<String, dynamic>> initEnchantedLink(String loginId) async {
+  static Future<Map<String, dynamic>> initEnchantedLink(String loginId, {String? method}) async {
    final url = Uri.parse('$_baseUrl/api/v1/auth/enchanted-link/init');
+    final frontendUrl = dotenv.env['FRONTEND_URL'] ?? 'http://ssologin.hmac.kr';
+    
+    final body = {
+      'loginId': loginId,
+      'uri': frontendUrl,
+    };
+    if (method != null) {
+      body['method'] = method;
+    }
    
    final response = await http.post(
      url,
      headers: {'Content-Type': 'application/json'},
-      body: jsonEncode({
-        'loginId': loginId,
-        'uri': 'http://localhost:5000', // Use 5000 as it's definitely allowed
-      }),
+      body: jsonEncode(body),
    );

    if (response.statusCode == 200) {
--- a/frontend/lib/core/services/web_auth_integration_web.dart
+++ b/frontend/lib/core/services/web_auth_integration_web.dart
@@ -1,34 +1,24 @@
 import 'dart:html' as html;
+import 'dart:async';

 void implSendLoginSuccess(String token) {
  final message = {'type': 'LOGIN_SUCCESS', 'token': token};
-  bool sent = false;
  
-  // 1. Try postMessage
  if (html.window.opener != null) {
    try {
      html.window.opener!.postMessage(message, '*');
-      sent = true;
      print("Sent login success message to opener");
    } catch (e) {
      print("Failed to postMessage: $e");
    }
    
-    // 2. Fallback: Redirect opener directly (Force refresh with token)
-    try {
-       // Only redirect if it's localhost:8000 to be safe, or just do it.
-       // This will cause the parent window to reload, which is fine for login.
-       html.window.opener!.location.href = "http://localhost:8000?token=$token";
-       sent = true;
-    } catch (e) {
-       print("Failed to redirect opener: $e");
-    }
-  }
-  
-  if (!sent) {
-     print("No opener found. Redirecting current window to target.");
-     // Fallback: Redirect THIS window to localhost:8000 with token
-     html.window.location.href = "http://localhost:8000?token=$token";
+    // Close the popup after a short delay to ensure message sending
+    Timer(const Duration(milliseconds: 500), () {
+      html.window.close();
+    });
+  } else {
+     // Should not happen given isPopup check, but as fallback:
+     print("No opener found during popup flow.");
  }
 }