BARON-SSO 로그인 스테이징>실서버 교체
This commit is contained in:
2
.env
2
.env
@@ -3,7 +3,7 @@ DB_PORT=3306
|
|||||||
DB_USER=itam
|
DB_USER=itam
|
||||||
DB_PASS=itam1234
|
DB_PASS=itam1234
|
||||||
DB_NAME=itam
|
DB_NAME=itam
|
||||||
CLIENT_ID=836cd2e1-995a-4027-bcb5-5dd9c94c2b84
|
CLIENT_ID=c89acfda-789b-45fb-bab6-7ebfa4c6a9b4
|
||||||
ISSUER=https://sso.hmac.kr/oidc
|
ISSUER=https://sso.hmac.kr/oidc
|
||||||
REDIRECT_URI=http://172.16.9.44:8080/callback
|
REDIRECT_URI=http://172.16.9.44:8080/callback
|
||||||
JWKS_URI=http://172.16.9.44:8080/.well-known/jwks.json
|
JWKS_URI=http://172.16.9.44:8080/.well-known/jwks.json
|
||||||
|
|||||||
@@ -83,8 +83,8 @@ jobs:
|
|||||||
LOG_LEVEL=${EFFECTIVE_LOG_LEVEL}
|
LOG_LEVEL=${EFFECTIVE_LOG_LEVEL}
|
||||||
CLIENT_ID=${CLIENT_ID}
|
CLIENT_ID=${CLIENT_ID}
|
||||||
ISSUER=${ISSUER}
|
ISSUER=${ISSUER}
|
||||||
PROD_REDIRECT_URI=${PROD_REDIRECT_URI:-http://172.16.10.175:9090/callback}
|
PROD_REDIRECT_URI=${PROD_REDIRECT_URI:-https://dachs.hmac.kr/callback}
|
||||||
PROD_JWKS_URI=${PROD_JWKS_URI:-http://172.16.10.175:9090/.well-known/jwks.json}
|
PROD_JWKS_URI=${PROD_JWKS_URI:-https://dachs.hmac.kr/.well-known/jwks.json}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
- name: Deploy to production host
|
- name: Deploy to production host
|
||||||
|
|||||||
@@ -14,8 +14,8 @@ services:
|
|||||||
NODE_ENV: production
|
NODE_ENV: production
|
||||||
PORT: 3000
|
PORT: 3000
|
||||||
KEYS_PATH: /app/uploads/keys.json
|
KEYS_PATH: /app/uploads/keys.json
|
||||||
REDIRECT_URI: ${PROD_REDIRECT_URI:-http://172.16.10.175:9090/callback}
|
REDIRECT_URI: ${PROD_REDIRECT_URI:-https://dachs.hmac.kr/callback}
|
||||||
JWKS_URI: ${PROD_JWKS_URI:-http://172.16.10.175:9090/.well-known/jwks.json}
|
JWKS_URI: ${PROD_JWKS_URI:-https://dachs.hmac.kr/.well-known/jwks.json}
|
||||||
volumes:
|
volumes:
|
||||||
- ./uploads:/app/uploads
|
- ./uploads:/app/uploads
|
||||||
- ./map_config.json:/app/map_config.json:ro
|
- ./map_config.json:/app/map_config.json:ro
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ const {
|
|||||||
const SESSION_SECRET_VALUE = SESSION_SECRET || 'itam-headless-session-secret';
|
const SESSION_SECRET_VALUE = SESSION_SECRET || 'itam-headless-session-secret';
|
||||||
const DEFAULT_SCOPES = ['openid', 'profile', 'email'];
|
const DEFAULT_SCOPES = ['openid', 'profile', 'email'];
|
||||||
const DEFAULT_ERROR_PATH = ERROR_LOCALE_PATH || '/ko/error';
|
const DEFAULT_ERROR_PATH = ERROR_LOCALE_PATH || '/ko/error';
|
||||||
|
const USE_SECURE_COOKIES = Boolean(REDIRECT_URI && REDIRECT_URI.startsWith('https://'));
|
||||||
|
|
||||||
const dbConfig = {
|
const dbConfig = {
|
||||||
host: process.env.DB_HOST,
|
host: process.env.DB_HOST,
|
||||||
@@ -38,6 +39,9 @@ const getDbConnectionSummary = () => ({
|
|||||||
});
|
});
|
||||||
|
|
||||||
const app = express();
|
const app = express();
|
||||||
|
if (USE_SECURE_COOKIES) {
|
||||||
|
app.set('trust proxy', 1);
|
||||||
|
}
|
||||||
app.use(cors());
|
app.use(cors());
|
||||||
app.use(express.json({ limit: '50mb' }));
|
app.use(express.json({ limit: '50mb' }));
|
||||||
app.use(session({
|
app.use(session({
|
||||||
@@ -47,7 +51,7 @@ app.use(session({
|
|||||||
cookie: {
|
cookie: {
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
sameSite: 'lax',
|
sameSite: 'lax',
|
||||||
secure: false,
|
secure: USE_SECURE_COOKIES,
|
||||||
maxAge: 1000 * 60 * 60 * 8
|
maxAge: 1000 * 60 * 60 * 8
|
||||||
}
|
}
|
||||||
}));
|
}));
|
||||||
|
|||||||
Reference in New Issue
Block a user