From b2e6e377ad738deb84d92961da4315d137e09ee9 Mon Sep 17 00:00:00 2001 From: SDI Date: Wed, 1 Jul 2026 11:54:41 +0900 Subject: [PATCH] =?UTF-8?q?BARON-SSO=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20?= =?UTF-8?q?=EC=8A=A4=ED=85=8C=EC=9D=B4=EC=A7=95>=EC=8B=A4=EC=84=9C?= =?UTF-8?q?=EB=B2=84=20=EA=B5=90=EC=B2=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 2 +- .gitea/workflows/itam_production_deploy.yml | 4 ++-- docker-compose.prod.yaml | 4 ++-- server.js | 6 +++++- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.env b/.env index 602ef09..f74825f 100644 --- a/.env +++ b/.env @@ -3,7 +3,7 @@ DB_PORT=3306 DB_USER=itam DB_PASS=itam1234 DB_NAME=itam -CLIENT_ID=836cd2e1-995a-4027-bcb5-5dd9c94c2b84 +CLIENT_ID=c89acfda-789b-45fb-bab6-7ebfa4c6a9b4 ISSUER=https://sso.hmac.kr/oidc REDIRECT_URI=http://172.16.9.44:8080/callback JWKS_URI=http://172.16.9.44:8080/.well-known/jwks.json diff --git a/.gitea/workflows/itam_production_deploy.yml b/.gitea/workflows/itam_production_deploy.yml index aa1fb15..07b6682 100644 --- a/.gitea/workflows/itam_production_deploy.yml +++ b/.gitea/workflows/itam_production_deploy.yml @@ -83,8 +83,8 @@ jobs: LOG_LEVEL=${EFFECTIVE_LOG_LEVEL} CLIENT_ID=${CLIENT_ID} ISSUER=${ISSUER} - PROD_REDIRECT_URI=${PROD_REDIRECT_URI:-http://172.16.10.175:9090/callback} - PROD_JWKS_URI=${PROD_JWKS_URI:-http://172.16.10.175:9090/.well-known/jwks.json} + PROD_REDIRECT_URI=${PROD_REDIRECT_URI:-https://dachs.hmac.kr/callback} + PROD_JWKS_URI=${PROD_JWKS_URI:-https://dachs.hmac.kr/.well-known/jwks.json} EOF - name: Deploy to production host diff --git a/docker-compose.prod.yaml b/docker-compose.prod.yaml index 5c02585..cdf33d1 100644 --- a/docker-compose.prod.yaml +++ b/docker-compose.prod.yaml @@ -14,8 +14,8 @@ services: NODE_ENV: production PORT: 3000 KEYS_PATH: /app/uploads/keys.json - REDIRECT_URI: ${PROD_REDIRECT_URI:-http://172.16.10.175:9090/callback} - JWKS_URI: ${PROD_JWKS_URI:-http://172.16.10.175:9090/.well-known/jwks.json} + REDIRECT_URI: ${PROD_REDIRECT_URI:-https://dachs.hmac.kr/callback} + JWKS_URI: ${PROD_JWKS_URI:-https://dachs.hmac.kr/.well-known/jwks.json} volumes: - ./uploads:/app/uploads - ./map_config.json:/app/map_config.json:ro diff --git a/server.js b/server.js index 42f2040..092d051 100644 --- a/server.js +++ b/server.js @@ -21,6 +21,7 @@ const { const SESSION_SECRET_VALUE = SESSION_SECRET || 'itam-headless-session-secret'; const DEFAULT_SCOPES = ['openid', 'profile', 'email']; const DEFAULT_ERROR_PATH = ERROR_LOCALE_PATH || '/ko/error'; +const USE_SECURE_COOKIES = Boolean(REDIRECT_URI && REDIRECT_URI.startsWith('https://')); const dbConfig = { host: process.env.DB_HOST, @@ -38,6 +39,9 @@ const getDbConnectionSummary = () => ({ }); const app = express(); +if (USE_SECURE_COOKIES) { + app.set('trust proxy', 1); +} app.use(cors()); app.use(express.json({ limit: '50mb' })); app.use(session({ @@ -47,7 +51,7 @@ app.use(session({ cookie: { httpOnly: true, sameSite: 'lax', - secure: false, + secure: USE_SECURE_COOKIES, maxAge: 1000 * 60 * 60 * 8 } }));