[Bug]: Self-hosted login fails on production

[itrass]

Contact Details

No response

What happened?

Steps to reproduce:

1. Install Shelf.nu (npm install ; npm run build ; npm run start)
2. Go to Shelf URL and enter credentials
3. Shelf encounters an unexpected error.
4. Start dev server
5. Go to Shelf URL and log in (works perfectly)
6. Start production
7. Go to Shelf URL and Stay connected
8. Logout fails and returns to /asset

What is the expected behaviour?

Log into Shelf without using dev server

Version

Self-hosted

What browsers are you seeing the problem on?

Firefox, Chrome, Safari, Microsoft Edge

Relevant log output

No response

[carlosvirreira]

Thank you for your report @itrass - we take a look at it at our earliest convenience.

[DonKoko]

hey @itrass . I cannot re-create that issue on my local device, even with production build. We need some more info.

1. Can you show me how your .env file looks you are using for production? No need to see the values, i just want to make sure you are not missing something important
2. Which node version are you?
3. Can you please provide a repository where we can re-produce this error?

[itrass]

I'm using node v20.12.2 ; npm v10.5.0.

There is my .env :

# Most of the connection information can be found within the Supabase dashboard. Navigate to your project > Project Settings > Database. 
# There you will be able to find the values you need to use below
# You can either copy the connection string and insert your password or use the connection parameters to build the string yourself
DATABASE_URL="postgres://postgres.-------@aws-0-eu-central-1.pooler.supabase.com:6543/postgres?pgbouncer=true"

# Direct URL is used by prisma to run migrations and pg-boss connection.
# More info here: https://www.prisma.io/docs/orm/prisma-client/setup-and-configuration/databases-connections#external-connection-poolers
# and here: https://www.prisma.io/docs/orm/reference/prisma-schema-reference#fields
DIRECT_URL="postgres://postgres.-------@aws-0-eu-central-1.pooler.supabase.com:5432/postgres"

SESSION_SECRET="*******"
SUPABASE_ANON_PUBLIC="*******"
SUPABASE_SERVICE_ROLE="*******"
SUPABASE_URL="https://-------.supabase.co"
SERVER_URL="http://matos.benoitsz.fr"
APP_NAME="Shelf"

# Set this to false to disable requirement of subscription for premium features. This will make premium features available for all users
ENABLE_PREMIUM_FEATURES="false"

# The Stripe keys are needed only if you want to enable premium features
# If you want to completely deactivate the premium features, you can adjust the ENV variable above or adjust it in the shelf.config.ts file
STRIPE_SECRET_KEY="stripe-secret-key"
STRIPE_PUBLIC_KEY="stripe-public-key"
STRIPE_WEBHOOK_ENDPOINT_SECRET="stripe-endpoint-secret"

SMTP_PWD="*******"
SMTP_HOST="smtp.ionos.fr"
SMTP_USER="----@----"
SMTP_FROM="matos.benoitsz.com" <matos@benoitsz.com>

# Set this to false to disable sending onboarding emails
SEND_ONBOARDING_EMAIL="false"

MAPTILER_TOKEN="*******"
MICROSOFT_CLARITY_ID="microsoft-clarity-id"

INVITE_TOKEN_SECRET="*******"
GEOCODE_API_KEY="*******"

# Used for Sentry error logging
SENTRY_ORG="sentry-org"
SENTRY_PROJECT="sentry-project"
SENTRY_DSN="sentry-dsn"

[DonKoko]

@itrass I dont see anything wrong here. Do you see some error in the terminal?

Also can you test something. Go to assets._index and comment the meta function. Then run the build again and see if you it works. I am trying to figure out what breaks it because its hard to understand from this error.

@rphlmr could you please take a quick look. Do you have any idea what might be happening?

[rphlmr]

@itrass I dont see anything wrong here. Do you see some error in the terminal?

Also can you test something. Go to assets._index and comment the meta function. Then run the build again and see if you it works. I am trying to figure out what breaks it because its hard to understand from this error.

@rphlmr could you please take a quick look. Do you have any idea what might be happening?

Warning on __authSession (written in french) says that the app does not run on https. If it is deployed/run (using the start command) with NODE_ENV=production, the session cookie will fail (secure mode is only on https).

@DonKoko Try to start on local with NODE_ENV set to production?

[DonKoko]

@rphlmr yeah I build and do npm run start which runs it with NODE_ENV=production and I dont get this error. I can login. I am not sure but maybe its OS related?

Another thing I am noticing is that your SERVER_URL is different than the url you are using to access the site, so it could be that supabase doesnt like that. But that's a reach as we can see the issue is actually related to SSL and the cookie.

@itrass I think you should try installing an SSL on your server to fix the issue.

[itrass]

My bad I hadn't tried with https yet. Everything works perfectly with a secure domain.

It seems that the production mode does not work locally so.

[rphlmr]

@DonKoko Yes, but did you try to hit https://xxx?

@itrass To enable https on local (dev or prod mod), add this in your vite.config.ts:

server: {
    port: 3000,
    https: {
      key: "./server/dev/key.pem",
      cert: "./server/dev/cert.pem",
    }
}

(https://github.com/rphlmr/remix-hono-vite/blob/8c5938deca9adfe22de87cb87fc6983d3ffe6e4f/vite.config.ts)

To generate key.pem and cert.pem, follow the Remix doc until the server code example.

Overall: 👉 Install mkcert 👉 Create a local Certificate Authority:

mkcert -install

Depending on your shell, export this env:

export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem"

👉 Create a TLS key and certificate:

mkcert -key-file key.pem -cert-file cert.pem localhost

Move these files in /server/dev or where you want (but update the vite config to point to this location).

These devs certs can be committed, there is no real secret here.

[DonKoko]

Thanks @rphlmr . I also recommend mkcert, works amazing. @itrass thanks for confirming.