From 3f403e53ce26704ce7b5b500cf8e0ae30e6ea082 Mon Sep 17 00:00:00 2001
From: kyy <b24053@hanmaceng.co.kr>
Date: Fri, 16 Jan 2026 14:01:01 +0900
Subject: [PATCH] =?UTF-8?q?sso=20url=20=ED=95=98=EB=93=9C=EC=BD=94?=
 =?UTF-8?q?=EB=94=A9=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .env.sample               | 3 ++-
 sso-demo/public/js/sso.js | 7 ++++---
 sso-demo/routes/index.js  | 5 ++++-
 sso-demo/views/index.ejs  | 4 ++++
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/.env.sample b/.env.sample
index 75ed757..d4f61d7 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1 +1,2 @@
-JWT_SECRET=your_jwt_secret_key_here
\ No newline at end of file
+JWT_SECRET=your_jwt_secret_key_here
+SSO_URL=sso_url_here
\ No newline at end of file
diff --git a/sso-demo/public/js/sso.js b/sso-demo/public/js/sso.js
index 55788ab..00851f9 100644
--- a/sso-demo/public/js/sso.js
+++ b/sso-demo/public/js/sso.js
@@ -4,7 +4,7 @@ document.addEventListener('DOMContentLoaded', () => {
     if (ssoLoginButton) {
         ssoLoginButton.addEventListener('click', () => {
             // Open the SSO provider's login page in a popup
-            const ssoUrl = 'https://sso.hmac.kr/'; // Real SSO provider URL
+            
             const popupWidth = 500;
             const popupHeight = 600;
             const left = (screen.width / 2) - (popupWidth / 2);
@@ -19,8 +19,9 @@ document.addEventListener('DOMContentLoaded', () => {
             // Listen for a message from the popup
             window.addEventListener('message', (event) => {
                 // IMPORTANT: Verify the origin of the message for security
-                if (event.origin !== 'https://sso.hmac.kr') {
-                    console.warn('Received message from untrusted origin:', event.origin);
+                const ssoOrigin = new URL(ssoUrl).origin;
+                if (event.origin !== ssoOrigin) {
+                    console.warn(`Received message from untrusted origin: ${event.origin}, expected: ${ssoOrigin}`);
                     return;
                 }
 
diff --git a/sso-demo/routes/index.js b/sso-demo/routes/index.js
index d46bfd6..ed9c424 100644
--- a/sso-demo/routes/index.js
+++ b/sso-demo/routes/index.js
@@ -4,7 +4,10 @@ const router = express.Router();
 // GET home page
 router.get('/', (req, res, next) => {
     // The ssoHandler middleware has already attached the user to res.locals
-    res.render('index', { user: res.locals.user });
+    res.render('index', { 
+        user: res.locals.user,
+        ssoUrl: process.env.SSO_URL // Pass SSO_URL to the template
+    });
 });
 
 // GET logout
diff --git a/sso-demo/views/index.ejs b/sso-demo/views/index.ejs
index cfe3906..6ac1b8b 100644
--- a/sso-demo/views/index.ejs
+++ b/sso-demo/views/index.ejs
@@ -69,6 +69,10 @@
         </main>
     </div>
 
+    <script>
+        // Pass the SSO URL from the server (via the template) to the client-side JS
+        const ssoUrl = '<%= ssoUrl %>';
+    </script>
     <script src="/js/sso.js"></script>
 </body>
 </html>