diff --git a/.env b/.env index 602ef09..f74825f 100644 --- a/.env +++ b/.env @@ -3,7 +3,7 @@ DB_PORT=3306 DB_USER=itam DB_PASS=itam1234 DB_NAME=itam -CLIENT_ID=836cd2e1-995a-4027-bcb5-5dd9c94c2b84 +CLIENT_ID=c89acfda-789b-45fb-bab6-7ebfa4c6a9b4 ISSUER=https://sso.hmac.kr/oidc REDIRECT_URI=http://172.16.9.44:8080/callback JWKS_URI=http://172.16.9.44:8080/.well-known/jwks.json diff --git a/.gitea/workflows/itam_production_deploy.yml b/.gitea/workflows/itam_production_deploy.yml index aa1fb15..07b6682 100644 --- a/.gitea/workflows/itam_production_deploy.yml +++ b/.gitea/workflows/itam_production_deploy.yml @@ -83,8 +83,8 @@ jobs: LOG_LEVEL=${EFFECTIVE_LOG_LEVEL} CLIENT_ID=${CLIENT_ID} ISSUER=${ISSUER} - PROD_REDIRECT_URI=${PROD_REDIRECT_URI:-http://172.16.10.175:9090/callback} - PROD_JWKS_URI=${PROD_JWKS_URI:-http://172.16.10.175:9090/.well-known/jwks.json} + PROD_REDIRECT_URI=${PROD_REDIRECT_URI:-https://dachs.hmac.kr/callback} + PROD_JWKS_URI=${PROD_JWKS_URI:-https://dachs.hmac.kr/.well-known/jwks.json} EOF - name: Deploy to production host diff --git a/docker-compose.prod.yaml b/docker-compose.prod.yaml index 5c02585..cdf33d1 100644 --- a/docker-compose.prod.yaml +++ b/docker-compose.prod.yaml @@ -14,8 +14,8 @@ services: NODE_ENV: production PORT: 3000 KEYS_PATH: /app/uploads/keys.json - REDIRECT_URI: ${PROD_REDIRECT_URI:-http://172.16.10.175:9090/callback} - JWKS_URI: ${PROD_JWKS_URI:-http://172.16.10.175:9090/.well-known/jwks.json} + REDIRECT_URI: ${PROD_REDIRECT_URI:-https://dachs.hmac.kr/callback} + JWKS_URI: ${PROD_JWKS_URI:-https://dachs.hmac.kr/.well-known/jwks.json} volumes: - ./uploads:/app/uploads - ./map_config.json:/app/map_config.json:ro diff --git a/server.js b/server.js index 42f2040..092d051 100644 --- a/server.js +++ b/server.js @@ -21,6 +21,7 @@ const { const SESSION_SECRET_VALUE = SESSION_SECRET || 'itam-headless-session-secret'; const DEFAULT_SCOPES = ['openid', 'profile', 'email']; const DEFAULT_ERROR_PATH = ERROR_LOCALE_PATH || '/ko/error'; +const USE_SECURE_COOKIES = Boolean(REDIRECT_URI && REDIRECT_URI.startsWith('https://')); const dbConfig = { host: process.env.DB_HOST, @@ -38,6 +39,9 @@ const getDbConnectionSummary = () => ({ }); const app = express(); +if (USE_SECURE_COOKIES) { + app.set('trust proxy', 1); +} app.use(cors()); app.use(express.json({ limit: '50mb' })); app.use(session({ @@ -47,7 +51,7 @@ app.use(session({ cookie: { httpOnly: true, sameSite: 'lax', - secure: false, + secure: USE_SECURE_COOKIES, maxAge: 1000 * 60 * 60 * 8 } }));