kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

audit 로그 개선. kratos 코드발급 링크로 전송까지 진행 완료 #104

Browse Source
This commit is contained in:
Lectom C Han
2026-01-29 01:20:19 +09:00
parent ff17259117
commit b88de7ec91
46 changed files with 2843 additions and 585 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docker/ory/kratos/courier-http.jsonnet Normal file
View File

@@ -0,0 +1,8 @@
// Kratos courier HTTP payload을 backend로 전달하는 템플릿입니다.
function(ctx)
local data = if std.objectHas(ctx, "template_data") && ctx.template_data != null then ctx.template_data else {};
{
recipient: ctx.recipient,
template_type: ctx.template_type,
template_data: data,
}

17
docker/ory/kratos/courier-templates/login_code/valid/email.body.gotmpl Normal file
View File

@@ -0,0 +1,17 @@
<!DOCTYPE html>
<html lang="ko">
<body style="font-family: sans-serif; line-height: 1.6;">
<h2>Baron SSO 로그인</h2>
<p>아래 버튼을 클릭하면 로그인이 완료됩니다.</p>
<!-- 운영 링크: https://app.brsw.kr/verify?loginId={{ .To }}&code={{ .LoginCode }} -->
<p>
<a href="http://localhost:5000/verify?loginId={{ .To }}&code={{ .LoginCode }}"
style="display: inline-block; padding: 10px 16px; background: #1a1f2c; color: #fff; text-decoration: none; border-radius: 6px;">
로그인 완료하기
</a>
</p>
<p>또는 아래 로그인 코드를 입력해도 됩니다.</p>
<p style="font-size: 18px; font-weight: bold;">{{ .LoginCode }}</p>
<p style="color: #666; font-size: 12px;">요청하지 않았다면 이 메일을 무시해 주세요.</p>
</body>
</html>

10
docker/ory/kratos/courier-templates/login_code/valid/email.body.plaintext.gotmpl Normal file
View File

@@ -0,0 +1,10 @@
Baron SSO 로그인
# 운영 링크: https://app.brsw.kr/verify?loginId={{ .To }}&code={{ .LoginCode }}
아래 링크를 클릭하면 로그인이 완료됩니다.
http://localhost:5000/verify?loginId={{ .To }}&code={{ .LoginCode }}
로그인 코드: {{ .LoginCode }}
요청하지 않았다면 이 메일을 무시해 주세요.

1
docker/ory/kratos/courier-templates/login_code/valid/email.subject.gotmpl Normal file
View File

@@ -0,0 +1 @@
Baron SSO 로그인 링크

4
docker/ory/kratos/courier-templates/login_code/valid/sms.body.gotmpl Normal file
View File

@@ -0,0 +1,4 @@
[Baron SSO] 로그인 링크
# 운영 링크: https://app.brsw.kr/verify?loginId={{ .To }}&code={{ .LoginCode }}
http://localhost:5000/verify?loginId={{ .To }}&code={{ .LoginCode }}
코드: {{ .LoginCode }}

75
docker/ory/kratos/identity.schema.json
View File

@@ -16,6 +16,10 @@
"credentials": {
"password": {
"identifier": true
},
"code": {
"identifier": true,
"via": "email"
}
},
"recovery": {
@@ -27,17 +31,68 @@
}
},
"name": {
"type": "object",
"properties": {
"first": {
"type": "string",
"title": "First Name"
},
"last": {
"type": "string",
"title": "Last Name"
"type": "string",
"title": "Name"
},
"phone_number": {
"type": "string",
"title": "Phone Number",
"minLength": 7,
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
},
"code": {
"identifier": true,
"via": "sms"
}
}
}
},
"department": {
"type": "string",
"title": "Department"
},
"affiliationType": {
"type": "string",
"title": "Affiliation Type"
},
"companyCode": {
"type": "string",
"title": "Company Code"
},
"displayname": {
"type": "string",
"title": "Display Name"
},
"completeForm": {
"type": "boolean",
"title": "Complete Form"
},
"team": {
"type": "string",
"title": "Team"
},
"taxCode": {
"type": "string",
"title": "Tax Code"
},
"familyCompany": {
"type": "string",
"title": "Family Company"
},
"familyUniqueKey": {
"type": "string",
"title": "Family Unique Key"
},
"personal": {
"type": "boolean",
"title": "Personal"
},
"grade": {
"type": "string",
"title": "Grade"
}
},
"required": [
@@ -46,4 +101,4 @@
"additionalProperties": false
}
}
}
}

10
docker/ory/kratos/kratos.yml
View File

@@ -23,6 +23,7 @@ selfservice:
enabled: true
code:
enabled: true
passwordless_enabled: true
flows:
error:
@@ -72,5 +73,14 @@ identity:
url: file:///etc/config/kratos/identity.schema.json
courier:
template_override_path: /etc/config/kratos/courier-templates
delivery_strategy: http
http:
request_config:
url: http://baron_backend:3000/api/v1/auth/webhooks/kratos-courier
method: POST
body: file:///etc/config/kratos/courier-http.jsonnet
headers:
Content-Type: application/json
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true

10
docker/ory/oathkeeper/rules.prod.json
View File

@@ -3,7 +3,7 @@
"id": "public-health",
"description": "공개 헬스체크 (PROD 도메인)",
"match": {
"url": "https://auth.brsw.kr/health",
"url": "https://app.brsw.kr/health",
"methods": ["GET"]
},
"upstream": {
@@ -21,7 +21,7 @@
"id": "public-preflight",
"description": "CORS preflight (PROD 도메인)",
"match": {
"url": "https://auth.brsw.kr/api/v1/<.*>",
"url": "https://app.brsw.kr/api/v1/<.*>",
"methods": ["OPTIONS"]
},
"upstream": {
@@ -39,7 +39,7 @@
"id": "public-auth",
"description": "인증/회원가입 등 공개 엔드포인트 (PROD 도메인)",
"match": {
"url": "https://auth.brsw.kr/api/v1/auth/<.*>",
"url": "https://app.brsw.kr/api/v1/auth/<.*>",
"methods": ["GET", "POST", "OPTIONS"]
},
"upstream": {
@@ -57,7 +57,7 @@
"id": "backend-command",
"description": "Command 요청은 Backend로 전달 (Audit 강제)",
"match": {
"url": "https://auth.brsw.kr/api/v1/<.*>",
"url": "https://app.brsw.kr/api/v1/<.*>",
"methods": ["POST", "PUT", "PATCH", "DELETE"]
},
"upstream": {
@@ -75,7 +75,7 @@
"id": "backend-query",
"description": "Backend Query (admin/dev 포함)",
"match": {
"url": "https://auth.brsw.kr/api/v1/<.*>",
"url": "https://app.brsw.kr/api/v1/<.*>",
"methods": ["GET"]
},
"upstream": {