import { useMutation, useQuery } from "@tanstack/react-query"; import type { AxiosError } from "axios"; import { Filter, Plus, Search, ShieldHalf, X } from "lucide-react"; import { useEffect, useMemo, useState } from "react"; import { useAuth } from "react-oidc-context"; import { Link, useNavigate } from "react-router-dom"; import { PageHeader } from "../../../../common/core/components/page"; import { SortableTableHead, sortableTableHeadBaseClassName, sortableTableHeaderClassName, } from "../../../../common/core/components/sort"; import { type SortConfig, type SortResolverMap, sortItems, toggleSort, } from "../../../../common/core/utils"; import { SearchFilterBar } from "../../../../common/ui/search-filter-bar"; import { commonTableShellClass, commonTableViewportClass, } from "../../../../common/ui/table"; import { ForbiddenMessage } from "../../components/common/ForbiddenMessage"; import { Badge } from "../../components/ui/badge"; import { Button } from "../../components/ui/button"; import { Card, CardContent, CardDescription, CardHeader, CardTitle, } from "../../components/ui/card"; import { Input } from "../../components/ui/input"; import { Label } from "../../components/ui/label"; import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow, } from "../../components/ui/table"; import { Textarea } from "../../components/ui/textarea"; import { type ClientSummary, fetchClients, fetchDeveloperRequestStatus, fetchDevUser, fetchMyTenants, requestDeveloperAccess, } from "../../lib/devApi"; import { t } from "../../lib/i18n"; import { resolveProfileRole } from "../../lib/role"; import { cn } from "../../lib/utils"; import { fetchMe } from "../auth/authApi"; import { resolveClientCreateAccess } from "./clientCreateAccess"; import { ClientLogo } from "./components/ClientLogo"; type ClientSortKey = "application" | "id" | "type" | "status" | "createdAt"; const clientListPreviewCount = 5; type ClientCreatorInfo = { name?: string; email?: string; }; function isClientTenantLimited(client: ClientSummary) { const metadata = client.metadata ?? {}; if (metadata.tenant_access_restricted === true) { return true; } if (!Array.isArray(metadata.allowed_tenants)) { return false; } return metadata.allowed_tenants.some( (tenantId) => typeof tenantId === "string" && tenantId.trim() !== "", ); } function isHeadlessLoginClient(client: ClientSummary) { return client.metadata?.headless_login_enabled === true; } function clientCreatorID(client: ClientSummary) { return ( client.creatorId?.trim() || (typeof client.metadata?.user_id === "string" ? client.metadata.user_id.trim() : "") ); } function ClientsPage() { const navigate = useNavigate(); const auth = useAuth(); const hasAccessToken = Boolean(auth.user?.access_token); const userProfile = auth.user?.profile as Record | undefined; const role = resolveProfileRole(userProfile); const tenantId = userProfile?.tenant_id as string | undefined; const companyCode = userProfile?.companyCode as string | undefined; const { data, isLoading: isLoadingClients, error: clientError, } = useQuery({ queryKey: ["clients"], queryFn: fetchClients, enabled: hasAccessToken, }); const { data: me, isLoading: isLoadingMe } = useQuery({ queryKey: ["userMe"], queryFn: fetchMe, enabled: hasAccessToken, }); const profileRole = me?.role?.trim() || role; const { data: requestStatus, isLoading: isLoadingRequest, refetch: refetchRequest, } = useQuery({ queryKey: ["developer-request", tenantId], queryFn: () => fetchDeveloperRequestStatus(tenantId), enabled: hasAccessToken && profileRole === "user", }); const { data: tenants } = useQuery({ queryKey: ["myTenants"], queryFn: fetchMyTenants, enabled: hasAccessToken, }); const createAccessState = resolveClientCreateAccess({ role: profileRole, accessStatus: requestStatus, }); const canCreateClient = createAccessState === "can_create"; const isClientCreatePending = createAccessState === "pending"; const canRequestClientCreateAccess = createAccessState === "request_required" && !isLoadingRequest; const [searchQuery, setSearchQuery] = useState(""); const [typeFilter, setTypeFilter] = useState("all"); const [statusFilter, setStatusFilter] = useState("all"); const [isAdvancedFilterOpen, setIsAdvancedFilterOpen] = useState(false); const [isRequestModalOpen, setIsRequestModalOpen] = useState(false); const [isClientListExpanded, setIsClientListExpanded] = useState(false); const [sortConfig, setSortConfig] = useState | null>({ key: "createdAt", direction: "desc", }); const clients = data?.items || []; const creatorIds = useMemo( () => Array.from( new Set( clients .map((client) => clientCreatorID(client)) .filter((creatorId) => creatorId !== ""), ), ).sort(), [clients], ); const { data: clientCreators = {} } = useQuery({ queryKey: ["client-creators", creatorIds], queryFn: async () => { const entries = await Promise.all( creatorIds.map(async (creatorId) => { try { const user = await fetchDevUser(creatorId); return [ creatorId, { name: user.name, email: user.email, }, ] as const; } catch { return [creatorId, null] as const; } }), ); return entries.reduce>( (acc, [creatorId, user]) => { if (user) { acc[creatorId] = user; } return acc; }, {}, ); }, enabled: hasAccessToken && creatorIds.length > 0, }); const clientSortResolvers = useMemo< SortResolverMap >( () => ({ application: (client) => client.name || client.id, id: (client) => client.id, type: (client) => isHeadlessLoginClient(client) ? "private-headless" : client.type, status: (client) => client.status, createdAt: (client) => client.createdAt ? new Date(client.createdAt) : null, }), [], ); const filteredClients = useMemo(() => { const nextClients = clients.filter((client) => { const matchesSearch = !searchQuery || client.name?.toLowerCase().includes(searchQuery.toLowerCase()) || client.id.toLowerCase().includes(searchQuery.toLowerCase()); const matchesType = typeFilter === "all" || (typeFilter === "headless" ? isHeadlessLoginClient(client) : client.type === typeFilter && !isHeadlessLoginClient(client)); const matchesStatus = statusFilter === "all" || client.status === statusFilter; return matchesSearch && matchesType && matchesStatus; }); return sortItems(nextClients, sortConfig, clientSortResolvers); }, [ clientSortResolvers, clients, searchQuery, sortConfig, statusFilter, typeFilter, ]); const hasFilterResult = filteredClients.length > 0; const isFilteredOut = clients.length > 0 && !hasFilterResult; const visibleClients = useMemo(() => { if (isClientListExpanded) { return filteredClients; } return filteredClients.slice(0, clientListPreviewCount); }, [filteredClients, isClientListExpanded]); const canToggleClientList = filteredClients.length > clientListPreviewCount; const currentTenant = tenants?.find( (tenant) => tenant.id === tenantId || tenant.slug === companyCode, ); const organizationName = currentTenant?.name || companyCode || ""; const profileName = me?.name || (userProfile?.name as string) || ""; const profileEmail = me?.email || (userProfile?.email as string) || ""; const profilePhone = me?.phone || (userProfile?.phone as string | undefined) || (userProfile?.phone_number as string | undefined) || ""; const profileRoleLabel = t(`ui.admin.role.${profileRole}`, profileRole); const isLoading = isLoadingClients || isLoadingRequest || (hasAccessToken && !profileRole && isLoadingMe); const requestSort = (key: ClientSortKey) => { setSortConfig((current) => toggleSort(current, key)); }; if (auth.isLoading || !hasAccessToken || isLoading) { return (
{t("msg.dev.clients.loading", "Loading clients...")}
); } if (clientError) { const axiosError = clientError as AxiosError<{ error?: string }>; if (axiosError.response?.status === 403) { return ; } const errMsg = axiosError.response?.data?.error ?? (clientError as Error).message; return (
{t("msg.dev.clients.load_error", "Error loading clients: {{error}}", { error: errMsg, })}
); } return (
} title={t("ui.dev.clients.registry.subtitle", "연동 앱")} description={t( "msg.dev.clients.registry.description", "OIDC 클라이언트, 인증 방식, 리다이렉트 URI, 비밀키 재발행을 감사 로그와 함께 관리합니다.", )} actions={ canCreateClient ? ( ) : isClientCreatePending ? (

{t( "msg.dev.clients.create_pending_detail", "개발자 권한 신청을 검토 중입니다. 승인되면 연동 앱을 추가할 수 있습니다.", )}

) : canRequestClientCreateAccess ? (

{t( "msg.dev.clients.create_requires_request", "연동 앱을 생성할 권한이 없습니다.\n개발자 권한 신청을 요청한 뒤 승인 받아주세요.", ).replaceAll("\\n", "\n")}

) : (

{t( "msg.dev.clients.create_forbidden_detail", "연동 앱을 생성할 권한이 없습니다. 관리자에게 개발자 권한 또는 적절한 RP 권한 부여를 요청해 주세요.", )}

) } />
{t("ui.dev.clients.list.title", "클라이언트 목록")} {t( "msg.dev.clients.showing", "총 {{shown}}개의 애플리케이션이 등록되어 있습니다.", { shown: clients.length }, )}
setSearchQuery(e.target.value)} />
} actions={ } advancedOpen={isAdvancedFilterOpen} advanced={
{t("ui.dev.clients.filter.type_label", "Type:")}
{t("ui.dev.clients.consents.status_label", "Status:")}
} />
{t("ui.dev.clients.table.creator", "생성자")} {t("ui.dev.clients.table.actions", "액션")} {!hasFilterResult && (

{isFilteredOut ? t( "msg.dev.clients.empty_filtered", "조건에 맞는 연동 앱이 없습니다.", ) : canCreateClient ? t( "msg.dev.clients.empty_can_create", "아직 등록된 연동 앱이 없습니다.", ) : isClientCreatePending ? t( "msg.dev.clients.empty_pending", "개발자 권한 신청을 검토 중입니다.", ) : t( "msg.dev.clients.empty", "조회 가능한 RP가 없습니다.", )}

{isFilteredOut ? t( "msg.dev.clients.empty_filtered_detail", "검색어나 필터 조건을 변경해 보세요.", ) : canCreateClient ? t( "msg.dev.clients.empty_can_create_detail", "연동 앱 추가 버튼으로 새 RP를 생성하면 이 목록에 표시됩니다.", ) : isClientCreatePending ? t( "msg.dev.clients.empty_pending_detail", "super admin이 승인하면 연동 앱을 추가할 수 있습니다.", ) : t( "msg.dev.clients.empty_detail", "RP 관계가 부여되면 이 목록에 해당 RP가 표시됩니다.", )}

{!isFilteredOut && canCreateClient && ( )} {!isFilteredOut && canRequestClientCreateAccess && ( )}
)} {visibleClients.map((client) => (

{client.name || t("ui.dev.clients.untitled", "Untitled")}

{isClientTenantLimited(client) && (

)}
{client.id}
{isHeadlessLoginClient(client) ? t( "ui.dev.clients.type.private_headless", "Server side App (Headless Login)", ) : client.type === "private" ? t( "ui.dev.clients.type.private", "Server side App", ) : t("ui.dev.clients.type.pkce", "PKCE")}
{client.status === "active" ? t("ui.common.status.active", "Active") : t("ui.common.status.inactive", "Inactive")} {(() => { const creatorId = clientCreatorID(client); const creator = creatorId ? clientCreators[creatorId] : undefined; const name = creator?.name?.trim(); const email = creator?.email?.trim(); if (!creatorId) { return ( - ); } return (

{name || creatorId}

{email || creatorId}

); })()} {client.createdAt ? new Date(client.createdAt).toLocaleDateString() : "-"}
))}
{canToggleClientList ? (
) : null} setIsRequestModalOpen(false)} onSuccess={() => { refetchRequest(); setIsRequestModalOpen(false); }} tenantId={tenantId || ""} initialName={profileName} initialOrg={organizationName} initialEmail={profileEmail} initialPhone={profilePhone} initialRole={profileRoleLabel} /> ); } interface RequestAccessModalProps { isOpen: boolean; onClose: () => void; onSuccess: () => void; tenantId: string; initialName: string; initialOrg: string; initialEmail: string; initialPhone: string; initialRole: string; } function RequestAccessModal({ isOpen, onClose, onSuccess, tenantId, initialName, initialOrg, initialEmail, initialPhone, initialRole, }: RequestAccessModalProps) { const [name, setName] = useState(initialName); const [organization, setOrganization] = useState(initialOrg); const [reason, setReason] = useState(""); useEffect(() => { if (!isOpen) return; setName(initialName); setOrganization(initialOrg); }, [initialName, initialOrg, isOpen]); const mutation = useMutation({ mutationFn: requestDeveloperAccess, onSuccess: () => { onSuccess(); }, }); const handleSubmit = (e: React.FormEvent) => { e.preventDefault(); mutation.mutate({ name, organization, reason, tenantId, accessPages: ["all"], }); }; if (!isOpen) return null; return (

{t("ui.dev.request.modal.title", "개발자 등록 신청")}

{t( "msg.dev.request.modal.desc", "신청 사유를 입력해 주세요. 관리자 확인 후 승인됩니다.", )}