열기 링크에 사용자 식별값 전달

- /go 리다이렉트 엔드포인트 추가: 로그인 시 email, 비로그인 시 IP를 쿼리에 부착 - ncue.net 및 하위 도메인 링크에만 적용(안전한 allowlist) - script.js 및 index.html 폴백에서 열기 버튼을 /go 경유로 변경 Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-08 11:55:20 +09:00
parent d0a6b066b0
commit a72dcb154a
3 changed files with 103 additions and 3 deletions
--- a/script.js
+++ b/script.js
@@ -98,6 +98,25 @@
    return ACCESS_ANON_IDS.has(id);
  }

+  function buildOpenUrl(rawUrl) {
+    const url = String(rawUrl || "").trim();
+    if (!url) return "";
+    let host = "";
+    try {
+      host = new URL(url).hostname.toLowerCase();
+    } catch {
+      return url;
+    }
+    const isNcue = host === "ncue.net" || host.endsWith(".ncue.net");
+    if (!isNcue) return url;
+
+    const email = getUserEmail();
+    const qs = new URLSearchParams();
+    qs.set("u", url);
+    if (email) qs.set("e", email);
+    return `/go?${qs.toString()}`;
+  }
+
  const auth = {
    client: null,
    user: null,
@@ -308,8 +327,9 @@
    const accessDisabledAttr = accessible ? "" : " disabled aria-disabled=\"true\"";
    const accessDisabledTitle = accessible ? "" : " title=\"이 링크는 현재 권한으로 접근할 수 없습니다.\"";

+    const openHref = escapeHtml(buildOpenUrl(link.url));
    const openHtml = accessible
-      ? `<a class="btn mini" href="${url}" target="_blank" rel="noopener noreferrer" data-act="open">열기</a>`
+      ? `<a class="btn mini" href="${openHref}" target="_blank" rel="noopener noreferrer" data-act="open">열기</a>`
      : `<button class="btn mini" type="button"${accessDisabledAttr}${accessDisabledTitle}>열기</button>`;

    const copyDisabledAttr = accessible ? "" : " disabled aria-disabled=\"true\"";