diff --git a/.env.sample b/.env.sample
index 75ed757..d4f61d7 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1 +1,2 @@
-JWT_SECRET=your_jwt_secret_key_here
\ No newline at end of file
+JWT_SECRET=your_jwt_secret_key_here
+SSO_URL=sso_url_here
\ No newline at end of file
diff --git a/sso-demo/public/js/sso.js b/sso-demo/public/js/sso.js
index 55788ab..00851f9 100644
--- a/sso-demo/public/js/sso.js
+++ b/sso-demo/public/js/sso.js
@@ -4,7 +4,7 @@ document.addEventListener('DOMContentLoaded', () => {
if (ssoLoginButton) {
ssoLoginButton.addEventListener('click', () => {
// Open the SSO provider's login page in a popup
- const ssoUrl = 'https://sso.hmac.kr/'; // Real SSO provider URL
+
const popupWidth = 500;
const popupHeight = 600;
const left = (screen.width / 2) - (popupWidth / 2);
@@ -19,8 +19,9 @@ document.addEventListener('DOMContentLoaded', () => {
// Listen for a message from the popup
window.addEventListener('message', (event) => {
// IMPORTANT: Verify the origin of the message for security
- if (event.origin !== 'https://sso.hmac.kr') {
- console.warn('Received message from untrusted origin:', event.origin);
+ const ssoOrigin = new URL(ssoUrl).origin;
+ if (event.origin !== ssoOrigin) {
+ console.warn(`Received message from untrusted origin: ${event.origin}, expected: ${ssoOrigin}`);
return;
}
diff --git a/sso-demo/routes/index.js b/sso-demo/routes/index.js
index d46bfd6..ed9c424 100644
--- a/sso-demo/routes/index.js
+++ b/sso-demo/routes/index.js
@@ -4,7 +4,10 @@ const router = express.Router();
// GET home page
router.get('/', (req, res, next) => {
// The ssoHandler middleware has already attached the user to res.locals
- res.render('index', { user: res.locals.user });
+ res.render('index', {
+ user: res.locals.user,
+ ssoUrl: process.env.SSO_URL // Pass SSO_URL to the template
+ });
});
// GET logout
diff --git a/sso-demo/views/index.ejs b/sso-demo/views/index.ejs
index cfe3906..6ac1b8b 100644
--- a/sso-demo/views/index.ejs
+++ b/sso-demo/views/index.ejs
@@ -69,6 +69,10 @@
+