const passport = require('passport'); const LocalStrategy = require('passport-local').Strategy; const axios = require('axios'); const os = require('os'); const crypto = require('crypto'); const pool = require('../db/pool.js'); module.exports = ()=>{ passport.use(new LocalStrategy({ usernameField:`user_id`, passwordField:`user_pw`, passReqToCallback:true, },async (req, user_id, user_pw, done)=>{ let user_ip = req.body.user_ip; let server_ip = getServerIP(); let service = req.body.service; let client = await pool.connect(); try{ // 1. 로컬 DB에서 먼저 사용자 존재 및 패스워드 일치 확인 (test_user 등 우회 및 로컬 계정 지원) const localQuery = `SELECT * FROM ver4.tb_user WHERE user_id ILIKE $1 AND (is_resigned = FALSE OR is_resigned IS NULL)`; const localRes = await client.query(localQuery, [user_id]); if (localRes.rows.length > 0) { const user = localRes.rows[0]; const inputHash = crypto.createHash('sha256').update(user_pw).digest('hex'); // 평문 비밀번호(예: '1234') 또는 어드민 등록 시 SHA256으로 해싱된 비밀번호 검증 if (user.user_pw === user_pw || user.user_pw === inputHash) { console.log(`🚥 [localStrategy] Local DB authentication succeeded for: ${user_id}`); const formattedUser = { user_id: user.user_id, user_nm: user.user_nm, group: user.group, company: user.company || '한맥기술', dept: user.dept || '개발본부', position: user.position || '부장', permission: (user.group === 'super' || user.group === 'dev' || user.group === 'USER_GROUP_super') ? 1535 : null, bookmark: user.bookmark || '' }; return done(null, formattedUser); } } // 2. 로컬 DB 검사 실패 시 기존 인트라넷 로그인 API로 위임 let res = await axios.post(`http://gsim.hanmaceng.co.kr:5151/login`,{user_id:user_id, user_pw:user_pw, user_ip:user_ip, server_ip:server_ip, service:service}); // let res = await axios.post(`https://pm-auth.hmac.kr/login`,{user_id:user_id, user_pw:user_pw, user_ip:user_ip, server_ip:server_ip, service:service}); if(res.data.result){ // let checkString = `select user_id from ver4.tb_user where user_id = $1`; let checkString = `select user_id from ver4.tb_user where user_id ilike $1`; let checkRow = await client.query(checkString, [user_id]); if(user_id != `TADMIN`){ let insertString = `insert into ver4.tb_user (user_id, user_nm, company, dept, position, "group") values ($1, $2, $3,$4, $5, $6) on conflict (user_id) do update set user_nm = EXCLUDED.user_nm, company = EXCLUDED.company, dept = EXCLUDED.dept, position = EXCLUDED.position, "group" = EXCLUDED."group" RETURNING *`; // let insertString = `insert into ver4.tb_user (user_id, user_nm, company, dept, position, "group") values ($1, $2, $3, $4, $5, $6)`; await client.query(insertString, [res.data.user.user_id, res.data.user.user_nm, res.data.user.company == '바론' ? '바론컨설턴트' : res.data.user.company, res.data.user.dept, res.data.user.position, res.data.user.group]); } done(null,res.data.user); }else{ done(null, false, { message: '❓로그인 정보를 확인하세요.'}) } }catch(err){ console.error(err); done(err); }finally{ client.release(); } })) } function getServerIP() { const networkInterfaces = os.networkInterfaces(); let ipAddress = ''; for (const interfaceName in networkInterfaces) { for (const net of networkInterfaces[interfaceName]) { if (net.family === 'IPv4' && !net.internal) { ipAddress = net.address; break; } } if (ipAddress) break; } return ipAddress; };