sso url 하드코딩 수정

.env.sample

@@ -1 +1,2 @@
 JWT_SECRET=your_jwt_secret_key_here
+SSO_URL=sso_url_here

sso-demo/public/js/sso.js

@@ -4,7 +4,7 @@ document.addEventListener('DOMContentLoaded', () => {
     if (ssoLoginButton) {
         ssoLoginButton.addEventListener('click', () => {
             // Open the SSO provider's login page in a popup
-            const ssoUrl = 'https://sso.hmac.kr/'; // Real SSO provider URL
+            
             const popupWidth = 500;
             const popupHeight = 600;
             const left = (screen.width / 2) - (popupWidth / 2);
@@ -19,8 +19,9 @@ document.addEventListener('DOMContentLoaded', () => {
             // Listen for a message from the popup
             window.addEventListener('message', (event) => {
                 // IMPORTANT: Verify the origin of the message for security
-                if (event.origin !== 'https://sso.hmac.kr') {
+                const ssoOrigin = new URL(ssoUrl).origin;
-                    console.warn('Received message from untrusted origin:', event.origin);
+                if (event.origin !== ssoOrigin) {
+                    console.warn(`Received message from untrusted origin: ${event.origin}, expected: ${ssoOrigin}`);
                     return;
                 }
 

sso-demo/routes/index.js

@@ -4,7 +4,10 @@ const router = express.Router();
 // GET home page
 router.get('/', (req, res, next) => {
     // The ssoHandler middleware has already attached the user to res.locals
-    res.render('index', { user: res.locals.user });
+    res.render('index', { 
+        user: res.locals.user,
+        ssoUrl: process.env.SSO_URL // Pass SSO_URL to the template
+    });
 });
 
 // GET logout

sso-demo/views/index.ejs

@@ -69,6 +69,10 @@
         </main>
     </div>
 
+    <script>
+        // Pass the SSO URL from the server (via the template) to the client-side JS
+        const ssoUrl = '<%= ssoUrl %>';
+    </script>
     <script src="/js/sso.js"></script>
 </body>
 </html>