From c3a7d3b5ac23133564279ab6688f8e787c3d684e Mon Sep 17 00:00:00 2001
From: KaichiManabe <154493010+KaichiManabe@users.noreply.github.com>
Date: Thu, 3 Oct 2024 09:03:53 +0900
Subject: [PATCH] =?UTF-8?q?=E3=83=95=E3=83=AD=E3=83=B3=E3=83=88=E3=82=A8?=
 =?UTF-8?q?=E3=83=B3=E3=83=89=E3=81=A7=E5=88=B6=E9=99=90=E3=81=A7=E3=81=8D?=
 =?UTF-8?q?=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 web/src/routes/login.tsx | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/web/src/routes/login.tsx b/web/src/routes/login.tsx
index b588d3f2..25d8cbf4 100644
--- a/web/src/routes/login.tsx
+++ b/web/src/routes/login.tsx
@@ -13,12 +13,26 @@ const provider = new GoogleAuthProvider();
 
 async function signInWithGoogle() {
   try {
+    provider.setCustomParameters({
+      hd: "g.ecc.u-tokyo.ac.jp",
+    });
     const result = await signInWithPopup(auth, provider);
     const credential = GoogleAuthProvider.credentialFromResult(result);
-    if (credential) {
-      const user = result.user;
-      return user.uid;
+
+    if (!credential) {
+      throw new Error("Failed to retrieve Google credentials.");
     }
+
+    const user = result.user;
+    const email = user.email;
+
+    if (!email || !email.endsWith("@g.ecc.u-tokyo.ac.jp")) {
+      throw new Error(
+        "Unauthorized domain. Access is restricted to g.ecc.u-tokyo.ac.jp domain.",
+      );
+    }
+
+    return user.uid;
   } catch (error) {
     console.error(error);
   }