diff options
| -rw-r--r-- | lib/users/auth/verifyCredentails.ts | 60 |
1 files changed, 53 insertions, 7 deletions
diff --git a/lib/users/auth/verifyCredentails.ts b/lib/users/auth/verifyCredentails.ts index 42e6dac3..a0772343 100644 --- a/lib/users/auth/verifyCredentails.ts +++ b/lib/users/auth/verifyCredentails.ts @@ -2,6 +2,7 @@ 'use server' import bcrypt from 'bcryptjs'; +import crypto from 'crypto'; import { eq, and, desc, gte, count } from 'drizzle-orm'; import db from '@/db/db'; import { @@ -426,6 +427,36 @@ export async function completeMfaAuthentication( +// RSA 암호화 함수 +function encryptPasswordWithRSA(password: string): string { + try { + // 환경변수에서 RSA 키 가져오기 + const rsaKey = process.env.S_GIPS_RSA_KEY; + if (!rsaKey) { + throw new Error('RSA 키가 설정되지 않았습니다.'); + } + + // PEM 형태로 키 복원 (BEGIN/END 헤더 추가) + const publicKey = `-----BEGIN PUBLIC KEY-----\n${rsaKey}\n-----END PUBLIC KEY-----`; + + // RSA 공개키로 암호화 (Java와 동일한 OAEP 패딩 사용) + const encryptedBuffer = crypto.publicEncrypt( + { + key: publicKey, + padding: crypto.constants.RSA_PKCS1_OAEP_PADDING, + oaepHash: 'sha256', + }, + Buffer.from(password, 'utf8') + ); + + // Base64로 인코딩하여 반환 + return encryptedBuffer.toString('base64'); + } catch (error) { + console.error('RSA 암호화 오류:', error); + throw new Error('비밀번호 암호화에 실패했습니다.'); + } +} + // 서버 액션: 벤더 정보 조회 export async function getVendorByCode(vendorCode: string) { try { @@ -462,17 +493,32 @@ export async function verifySGipsCredentials( const sgipsUrl = process.env.S_GIPS_URL || "http://qa.shi-api.com/evcp/Common/verifySgipsUser" + // password를 RSA로 암호화 + const encryptedPassword = encryptPasswordWithRSA(password); + + // URL에 query parameter 추가 + const params = new URLSearchParams({ + username, + password: encryptedPassword, + }); + const requestUrl = `${sgipsUrl}?${params}`; + // 1. S-Gips API 호출로 인증 확인 - const response = await fetch(sgipsUrl, { - method: 'POST', + console.log('S-Gips API 요청:', { + url: requestUrl, + method: 'GET', + headers: { + 'Content-Type': 'application/json', + 'Authorization': `Bearer ${process.env.S_GIPS_TOKEN}`, + }, + }); + + const response = await fetch(requestUrl, { + method: 'GET', headers: { 'Content-Type': 'application/json', - 'Authorization': `${process.env.S_GIPS_TOKEN}`, + 'Authorization': `Bearer ${process.env.S_GIPS_TOKEN}`, }, - body: JSON.stringify({ - username, - password, - }), }); if (!response.ok) { |