BARON-SSO 로그인 스테이징>실서버 교체

This commit is contained in:
2026-07-01 11:54:41 +09:00
parent 05b09ccc5a
commit b2e6e377ad
4 changed files with 10 additions and 6 deletions

2
.env
View File

@@ -3,7 +3,7 @@ DB_PORT=3306
DB_USER=itam DB_USER=itam
DB_PASS=itam1234 DB_PASS=itam1234
DB_NAME=itam DB_NAME=itam
CLIENT_ID=836cd2e1-995a-4027-bcb5-5dd9c94c2b84 CLIENT_ID=c89acfda-789b-45fb-bab6-7ebfa4c6a9b4
ISSUER=https://sso.hmac.kr/oidc ISSUER=https://sso.hmac.kr/oidc
REDIRECT_URI=http://172.16.9.44:8080/callback REDIRECT_URI=http://172.16.9.44:8080/callback
JWKS_URI=http://172.16.9.44:8080/.well-known/jwks.json JWKS_URI=http://172.16.9.44:8080/.well-known/jwks.json

View File

@@ -83,8 +83,8 @@ jobs:
LOG_LEVEL=${EFFECTIVE_LOG_LEVEL} LOG_LEVEL=${EFFECTIVE_LOG_LEVEL}
CLIENT_ID=${CLIENT_ID} CLIENT_ID=${CLIENT_ID}
ISSUER=${ISSUER} ISSUER=${ISSUER}
PROD_REDIRECT_URI=${PROD_REDIRECT_URI:-http://172.16.10.175:9090/callback} PROD_REDIRECT_URI=${PROD_REDIRECT_URI:-https://dachs.hmac.kr/callback}
PROD_JWKS_URI=${PROD_JWKS_URI:-http://172.16.10.175:9090/.well-known/jwks.json} PROD_JWKS_URI=${PROD_JWKS_URI:-https://dachs.hmac.kr/.well-known/jwks.json}
EOF EOF
- name: Deploy to production host - name: Deploy to production host

View File

@@ -14,8 +14,8 @@ services:
NODE_ENV: production NODE_ENV: production
PORT: 3000 PORT: 3000
KEYS_PATH: /app/uploads/keys.json KEYS_PATH: /app/uploads/keys.json
REDIRECT_URI: ${PROD_REDIRECT_URI:-http://172.16.10.175:9090/callback} REDIRECT_URI: ${PROD_REDIRECT_URI:-https://dachs.hmac.kr/callback}
JWKS_URI: ${PROD_JWKS_URI:-http://172.16.10.175:9090/.well-known/jwks.json} JWKS_URI: ${PROD_JWKS_URI:-https://dachs.hmac.kr/.well-known/jwks.json}
volumes: volumes:
- ./uploads:/app/uploads - ./uploads:/app/uploads
- ./map_config.json:/app/map_config.json:ro - ./map_config.json:/app/map_config.json:ro

View File

@@ -21,6 +21,7 @@ const {
const SESSION_SECRET_VALUE = SESSION_SECRET || 'itam-headless-session-secret'; const SESSION_SECRET_VALUE = SESSION_SECRET || 'itam-headless-session-secret';
const DEFAULT_SCOPES = ['openid', 'profile', 'email']; const DEFAULT_SCOPES = ['openid', 'profile', 'email'];
const DEFAULT_ERROR_PATH = ERROR_LOCALE_PATH || '/ko/error'; const DEFAULT_ERROR_PATH = ERROR_LOCALE_PATH || '/ko/error';
const USE_SECURE_COOKIES = Boolean(REDIRECT_URI && REDIRECT_URI.startsWith('https://'));
const dbConfig = { const dbConfig = {
host: process.env.DB_HOST, host: process.env.DB_HOST,
@@ -38,6 +39,9 @@ const getDbConnectionSummary = () => ({
}); });
const app = express(); const app = express();
if (USE_SECURE_COOKIES) {
app.set('trust proxy', 1);
}
app.use(cors()); app.use(cors());
app.use(express.json({ limit: '50mb' })); app.use(express.json({ limit: '50mb' }));
app.use(session({ app.use(session({
@@ -47,7 +51,7 @@ app.use(session({
cookie: { cookie: {
httpOnly: true, httpOnly: true,
sameSite: 'lax', sameSite: 'lax',
secure: false, secure: USE_SECURE_COOKIES,
maxAge: 1000 * 60 * 60 * 8 maxAge: 1000 * 60 * 60 * 8
} }
})); }));